blob: 997f12d67c11cba8b82d15a024242f6d296ee546 [file] [log] [blame]
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "revocation_util.h"
#include "encode_values.h"
#include "parse_values.h"
BSSL_NAMESPACE_BEGIN
namespace {
constexpr int64_t kMinValidTime = -62167219200; // 0000-01-01 00:00:00 UTC
constexpr int64_t kMaxValidTime = 253402300799; // 9999-12-31 23:59:59 UTC
} // namespace
bool CheckRevocationDateValid(const der::GeneralizedTime &this_update,
const der::GeneralizedTime *next_update,
int64_t verify_time_epoch_seconds,
std::optional<int64_t> max_age_seconds) {
if (verify_time_epoch_seconds > kMaxValidTime ||
verify_time_epoch_seconds < kMinValidTime ||
(max_age_seconds.has_value() &&
(max_age_seconds.value() > kMaxValidTime ||
max_age_seconds.value() < 0))) {
return false;
}
der::GeneralizedTime verify_time;
if (!der::EncodePosixTimeAsGeneralizedTime(verify_time_epoch_seconds,
&verify_time)) {
return false;
}
if (this_update > verify_time) {
return false; // Response is not yet valid.
}
if (next_update && (*next_update <= verify_time)) {
return false; // Response is no longer valid.
}
if (max_age_seconds.has_value()) {
der::GeneralizedTime earliest_this_update;
if (!der::EncodePosixTimeAsGeneralizedTime(
verify_time_epoch_seconds - max_age_seconds.value(),
&earliest_this_update)) {
return false;
}
if (this_update < earliest_this_update) {
return false; // Response is too old.
}
}
return true;
}
BSSL_NAMESPACE_END