static int
__pmCertificateTimestamp(SECItem *vtime, char *buffer, size_t size)
{
PRExplodedTime exploded;
SECStatus secsts;
int64 itime;
switch (vtime->type) {
case siUTCTime:
secsts = DER_UTCTimeToTime(&itime, vtime);
break;
case siGeneralizedTime:
secsts = DER_GeneralizedTimeToTime(&itime, vtime);
break;
default:
return -EINVAL;
}
if (secsts != SECSuccess)
return __pmSecureSocketsError(PR_GetError());
/* Convert to local time */
PR_ExplodeTime(itime, PR_GMTParameters, &exploded);
if (!PR_FormatTime(buffer, size, "%a %b %d %H:%M:%S %Y", &exploded))
return __pmSecureSocketsError(PR_GetError());
return 0;
}
int
main()
{
SECItem badTime;
PRTime prtime;
SECStatus rv;
int error;
PRBool failed = PR_FALSE;
/* A UTCTime string with an embedded null. */
badTime.type = siBuffer;
badTime.data = (unsigned char *)"091219000000Z\0junkjunkjunkjunkjunkjunk";
badTime.len = 38;
rv = DER_UTCTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_UTCTimeToTime should have failed but "
"succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
"expected error %d\n",
error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
/* A UTCTime string with junk after a valid date/time. */
badTime.type = siBuffer;
badTime.data = (unsigned char *)"091219000000Zjunk";
badTime.len = 17;
rv = DER_UTCTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_UTCTimeToTime should have failed but "
"succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
"expected error %d\n",
error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
/* A GeneralizedTime string with an embedded null. */
badTime.type = siBuffer;
badTime.data = (unsigned char *)"20091219000000Z\0junkjunkjunkjunkjunkjunk";
badTime.len = 40;
rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
"succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
"expected error %d\n",
error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
/* A GeneralizedTime string with junk after a valid date/time. */
badTime.type = siBuffer;
badTime.data = (unsigned char *)"20091219000000Zjunk";
badTime.len = 19;
rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
if (rv == SECSuccess) {
fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
"succeeded\n");
failed = PR_TRUE;
} else {
error = PORT_GetError();
if (error != SEC_ERROR_INVALID_TIME) {
fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
"expected error %d\n",
error, SEC_ERROR_INVALID_TIME);
failed = PR_TRUE;
}
}
if (failed) {
fprintf(stderr, "FAIL\n");
return 1;
}
printf("PASS\n");
return 0;
}
SECStatus
certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
SECItem *emailProfile, SECItem *profileTime)
{
PRTime oldtime;
PRTime newtime;
SECStatus rv = SECFailure;
PRBool saveit;
SECItem oldprof, oldproftime;
SECItem *oldProfile = NULL;
SECItem *oldProfileTime = NULL;
PK11SlotInfo *slot = NULL;
NSSCertificate *c;
NSSCryptoContext *cc;
nssSMIMEProfile *stanProfile = NULL;
PRBool freeOldProfile = PR_FALSE;
c = STAN_GetNSSCertificate(cert);
if (!c)
return SECFailure;
cc = c->object.cryptoContext;
if (cc != NULL) {
stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
if (stanProfile) {
PORT_Assert(stanProfile->profileData);
SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData);
oldProfile = &oldprof;
SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
oldProfileTime = &oldproftime;
}
} else {
oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
&cert->derSubject, &oldProfileTime);
freeOldProfile = PR_TRUE;
}
saveit = PR_FALSE;
/* both profileTime and emailProfile have to exist or not exist */
if (emailProfile == NULL) {
profileTime = NULL;
} else if (profileTime == NULL) {
emailProfile = NULL;
}
if (oldProfileTime == NULL) {
saveit = PR_TRUE;
} else {
/* there was already a profile for this email addr */
if (profileTime) {
/* we have an old and new profile - save whichever is more recent*/
if (oldProfileTime->len == 0) {
/* always replace if old entry doesn't have a time */
oldtime = LL_MININT;
} else {
rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
if (rv != SECSuccess) {
goto loser;
}
}
rv = DER_UTCTimeToTime(&newtime, profileTime);
if (rv != SECSuccess) {
goto loser;
}
if (LL_CMP(newtime, >, oldtime)) {
/* this is a newer profile, save it and cert */
saveit = PR_TRUE;
}
} else {
saveit = PR_TRUE;
}
}
