diff options
Diffstat (limited to 'chromium/net/cert/pki/revocation_util.cc')
-rw-r--r-- | chromium/net/cert/pki/revocation_util.cc | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/chromium/net/cert/pki/revocation_util.cc b/chromium/net/cert/pki/revocation_util.cc new file mode 100644 index 00000000000..17a75b03c8e --- /dev/null +++ b/chromium/net/cert/pki/revocation_util.cc @@ -0,0 +1,38 @@ +// Copyright 2019 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/cert/pki/revocation_util.h" + +#include "base/time/time.h" +#include "net/der/encode_values.h" +#include "net/der/parse_values.h" + +namespace net { + +bool CheckRevocationDateValid(const der::GeneralizedTime& this_update, + const der::GeneralizedTime* next_update, + const base::Time& verify_time, + const base::TimeDelta& max_age) { + der::GeneralizedTime verify_time_der; + if (!der::EncodeTimeAsGeneralizedTime(verify_time, &verify_time_der)) + return false; + + if (this_update > verify_time_der) + return false; // Response is not yet valid. + + if (next_update && (*next_update <= verify_time_der)) + return false; // Response is no longer valid. + + der::GeneralizedTime earliest_this_update; + if (!der::EncodeTimeAsGeneralizedTime(verify_time - max_age, + &earliest_this_update)) { + return false; + } + if (this_update < earliest_this_update) + return false; // Response is too old. + + return true; +} + +} // namespace net |