Add x509_time_future()
This commit is contained in:
parent
29dcc0b93c
commit
6304f786e0
6 changed files with 150 additions and 40 deletions
|
@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
|
|||
|
||||
/**
|
||||
* \brief Check a given x509_time against the system time and check
|
||||
* if it is valid.
|
||||
* if it is not expired.
|
||||
*
|
||||
* \param time x509_time to check
|
||||
*
|
||||
* \return Return 0 if the x509_time is still valid,
|
||||
* or 1 otherwise.
|
||||
* \return 0 if the x509_time is still valid,
|
||||
* 1 otherwise.
|
||||
*/
|
||||
int x509_time_expired( const x509_time *time );
|
||||
|
||||
/**
|
||||
* \brief Check a given x509_time against the system time and check
|
||||
* if it is not from the future.
|
||||
*
|
||||
* \param time x509_time to check
|
||||
*
|
||||
* \return 0 if the x509_time is already valid,
|
||||
* 1 otherwise.
|
||||
*/
|
||||
int x509_time_future( const x509_time *time );
|
||||
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
*
|
||||
|
|
104
library/x509.c
104
library/x509.c
|
@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
|
|||
* Return 0 if the x509_time is still valid, or 1 otherwise.
|
||||
*/
|
||||
#if defined(POLARSSL_HAVE_TIME)
|
||||
int x509_time_expired( const x509_time *to )
|
||||
{
|
||||
int year, mon, day;
|
||||
int hour, min, sec;
|
||||
|
||||
static void x509_get_current_time( x509_time *now )
|
||||
{
|
||||
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
||||
SYSTEMTIME st;
|
||||
|
||||
GetLocalTime(&st);
|
||||
|
||||
year = st.wYear;
|
||||
mon = st.wMonth;
|
||||
day = st.wDay;
|
||||
hour = st.wHour;
|
||||
min = st.wMinute;
|
||||
sec = st.wSecond;
|
||||
now->year = st.wYear;
|
||||
now->mon = st.wMonth;
|
||||
now->day = st.wDay;
|
||||
now->hour = st.wHour;
|
||||
now->min = st.wMinute;
|
||||
now->sec = st.wSecond;
|
||||
#else
|
||||
struct tm *lt;
|
||||
time_t tt;
|
||||
|
@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
|
|||
tt = time( NULL );
|
||||
lt = localtime( &tt );
|
||||
|
||||
year = lt->tm_year + 1900;
|
||||
mon = lt->tm_mon + 1;
|
||||
day = lt->tm_mday;
|
||||
hour = lt->tm_hour;
|
||||
min = lt->tm_min;
|
||||
sec = lt->tm_sec;
|
||||
now->year = lt->tm_year + 1900;
|
||||
now->mon = lt->tm_mon + 1;
|
||||
now->day = lt->tm_mday;
|
||||
now->hour = lt->tm_hour;
|
||||
now->min = lt->tm_min;
|
||||
now->sec = lt->tm_sec;
|
||||
#endif
|
||||
}
|
||||
|
||||
if( year > to->year )
|
||||
/*
|
||||
* Return 0 if before <= after, 1 otherwise
|
||||
*/
|
||||
static int x509_check_time( const x509_time *before, const x509_time *after )
|
||||
{
|
||||
if( before->year > after->year )
|
||||
return( 1 );
|
||||
|
||||
if( year == to->year &&
|
||||
mon > to->mon )
|
||||
if( before->year == after->year &&
|
||||
before->mon > after->mon )
|
||||
return( 1 );
|
||||
|
||||
if( year == to->year &&
|
||||
mon == to->mon &&
|
||||
day > to->day )
|
||||
if( before->year == after->year &&
|
||||
before->mon == after->mon &&
|
||||
before->day > after->day )
|
||||
return( 1 );
|
||||
|
||||
if( year == to->year &&
|
||||
mon == to->mon &&
|
||||
day == to->day &&
|
||||
hour > to->hour )
|
||||
if( before->year == after->year &&
|
||||
before->mon == after->mon &&
|
||||
before->day == after->day &&
|
||||
before->hour > after->hour )
|
||||
return( 1 );
|
||||
|
||||
if( year == to->year &&
|
||||
mon == to->mon &&
|
||||
day == to->day &&
|
||||
hour == to->hour &&
|
||||
min > to->min )
|
||||
if( before->year == after->year &&
|
||||
before->mon == after->mon &&
|
||||
before->day == after->day &&
|
||||
before->hour == after->hour &&
|
||||
before->min > after->min )
|
||||
return( 1 );
|
||||
|
||||
if( year == to->year &&
|
||||
mon == to->mon &&
|
||||
day == to->day &&
|
||||
hour == to->hour &&
|
||||
min == to->min &&
|
||||
sec > to->sec )
|
||||
if( before->year == after->year &&
|
||||
before->mon == after->mon &&
|
||||
before->day == after->day &&
|
||||
before->hour == after->hour &&
|
||||
before->min == after->min &&
|
||||
before->sec > after->sec )
|
||||
return( 1 );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int x509_time_expired( const x509_time *to )
|
||||
{
|
||||
x509_time now;
|
||||
|
||||
x509_get_current_time( &now );
|
||||
|
||||
return( x509_check_time( &now, to ) );
|
||||
}
|
||||
|
||||
int x509_time_future( const x509_time *from )
|
||||
{
|
||||
x509_time now;
|
||||
|
||||
x509_get_current_time( &now );
|
||||
|
||||
return( x509_check_time( from, &now ) );
|
||||
}
|
||||
|
||||
#else /* POLARSSL_HAVE_TIME */
|
||||
|
||||
int x509_time_expired( const x509_time *to )
|
||||
{
|
||||
((void) to);
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int x509_time_future( const x509_time *from )
|
||||
{
|
||||
((void) from);
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_HAVE_TIME */
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
|
11
tests/data_files/crl-future.pem
Normal file
11
tests/data_files/crl-future.pem
Normal file
|
@ -0,0 +1,11 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
|
||||
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
|
||||
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
|
||||
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
|
||||
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
|
||||
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
|
||||
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
|
||||
+cE+lWxhCQ==
|
||||
-----END X509 CRL-----
|
14
tests/data_files/server5-future.crt
Normal file
14
tests/data_files/server5-future.crt
Normal file
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
|
||||
MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
|
||||
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
|
||||
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
|
||||
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
|
||||
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
|
||||
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
|
||||
CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
|
||||
TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
|
||||
uqgLb4na3i94x9urgbZZYfVK
|
||||
-----END CERTIFICATE-----
|
|
@ -170,6 +170,30 @@ X509 Time Expired #6
|
|||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
|
||||
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
|
||||
|
||||
X509 Time Future #1
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/server5.crt":"valid_from":0
|
||||
|
||||
X509 Time Future #2
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/server5.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #3
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/server5-future.crt":"valid_from":1
|
||||
|
||||
X509 Time Future #4
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/server5-future.crt":"valid_to":1
|
||||
|
||||
X509 Time Future #5
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/test-ca2.crt":"valid_from":0
|
||||
|
||||
X509 Time Future #6
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
|
||||
x509_time_future:"data_files/test-ca2.crt":"valid_to":1
|
||||
|
||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
|
||||
|
|
|
@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
|
||||
void x509_time_future( char *crt_file, char *entity, int result )
|
||||
{
|
||||
x509_crt crt;
|
||||
|
||||
x509_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
|
||||
if( strcmp( entity, "valid_from" ) == 0 )
|
||||
TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
|
||||
else if( strcmp( entity, "valid_to" ) == 0 )
|
||||
TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
|
||||
else
|
||||
TEST_ASSERT( "Unknown entity" == 0 );
|
||||
|
||||
x509_crt_free( &crt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
|
||||
void x509parse_crt( char *crt_data, char *result_str, int result )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue