static int __pmCertificateTimestamp(SECItem *vtime, char *buffer, size_t size) { PRExplodedTime exploded; SECStatus secsts; int64 itime; switch (vtime->type) { case siUTCTime: secsts = DER_UTCTimeToTime(&itime, vtime); break; case siGeneralizedTime: secsts = DER_GeneralizedTimeToTime(&itime, vtime); break; default: return -EINVAL; } if (secsts != SECSuccess) return __pmSecureSocketsError(PR_GetError()); /* Convert to local time */ PR_ExplodeTime(itime, PR_GMTParameters, &exploded); if (!PR_FormatTime(buffer, size, "%a %b %d %H:%M:%S %Y", &exploded)) return __pmSecureSocketsError(PR_GetError()); return 0; }
int main() { SECItem badTime; PRTime prtime; SECStatus rv; int error; PRBool failed = PR_FALSE; /* A UTCTime string with an embedded null. */ badTime.type = siBuffer; badTime.data = (unsigned char *)"091219000000Z\0junkjunkjunkjunkjunkjunk"; badTime.len = 38; rv = DER_UTCTimeToTime(&prtime, &badTime); if (rv == SECSuccess) { fprintf(stderr, "DER_UTCTimeToTime should have failed but " "succeeded\n"); failed = PR_TRUE; } else { error = PORT_GetError(); if (error != SEC_ERROR_INVALID_TIME) { fprintf(stderr, "DER_UTCTimeToTime failed with error %d, " "expected error %d\n", error, SEC_ERROR_INVALID_TIME); failed = PR_TRUE; } } /* A UTCTime string with junk after a valid date/time. */ badTime.type = siBuffer; badTime.data = (unsigned char *)"091219000000Zjunk"; badTime.len = 17; rv = DER_UTCTimeToTime(&prtime, &badTime); if (rv == SECSuccess) { fprintf(stderr, "DER_UTCTimeToTime should have failed but " "succeeded\n"); failed = PR_TRUE; } else { error = PORT_GetError(); if (error != SEC_ERROR_INVALID_TIME) { fprintf(stderr, "DER_UTCTimeToTime failed with error %d, " "expected error %d\n", error, SEC_ERROR_INVALID_TIME); failed = PR_TRUE; } } /* A GeneralizedTime string with an embedded null. */ badTime.type = siBuffer; badTime.data = (unsigned char *)"20091219000000Z\0junkjunkjunkjunkjunkjunk"; badTime.len = 40; rv = DER_GeneralizedTimeToTime(&prtime, &badTime); if (rv == SECSuccess) { fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but " "succeeded\n"); failed = PR_TRUE; } else { error = PORT_GetError(); if (error != SEC_ERROR_INVALID_TIME) { fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, " "expected error %d\n", error, SEC_ERROR_INVALID_TIME); failed = PR_TRUE; } } /* A GeneralizedTime string with junk after a valid date/time. */ badTime.type = siBuffer; badTime.data = (unsigned char *)"20091219000000Zjunk"; badTime.len = 19; rv = DER_GeneralizedTimeToTime(&prtime, &badTime); if (rv == SECSuccess) { fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but " "succeeded\n"); failed = PR_TRUE; } else { error = PORT_GetError(); if (error != SEC_ERROR_INVALID_TIME) { fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, " "expected error %d\n", error, SEC_ERROR_INVALID_TIME); failed = PR_TRUE; } } if (failed) { fprintf(stderr, "FAIL\n"); return 1; } printf("PASS\n"); return 0; }
SECStatus certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr, SECItem *emailProfile, SECItem *profileTime) { PRTime oldtime; PRTime newtime; SECStatus rv = SECFailure; PRBool saveit; SECItem oldprof, oldproftime; SECItem *oldProfile = NULL; SECItem *oldProfileTime = NULL; PK11SlotInfo *slot = NULL; NSSCertificate *c; NSSCryptoContext *cc; nssSMIMEProfile *stanProfile = NULL; PRBool freeOldProfile = PR_FALSE; c = STAN_GetNSSCertificate(cert); if (!c) return SECFailure; cc = c->object.cryptoContext; if (cc != NULL) { stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c); if (stanProfile) { PORT_Assert(stanProfile->profileData); SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData); oldProfile = &oldprof; SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime); oldProfileTime = &oldproftime; } } else { oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr, &cert->derSubject, &oldProfileTime); freeOldProfile = PR_TRUE; } saveit = PR_FALSE; /* both profileTime and emailProfile have to exist or not exist */ if (emailProfile == NULL) { profileTime = NULL; } else if (profileTime == NULL) { emailProfile = NULL; } if (oldProfileTime == NULL) { saveit = PR_TRUE; } else { /* there was already a profile for this email addr */ if (profileTime) { /* we have an old and new profile - save whichever is more recent*/ if (oldProfileTime->len == 0) { /* always replace if old entry doesn't have a time */ oldtime = LL_MININT; } else { rv = DER_UTCTimeToTime(&oldtime, oldProfileTime); if (rv != SECSuccess) { goto loser; } } rv = DER_UTCTimeToTime(&newtime, profileTime); if (rv != SECSuccess) { goto loser; } if (LL_CMP(newtime, >, oldtime)) { /* this is a newer profile, save it and cert */ saveit = PR_TRUE; } } else { saveit = PR_TRUE; } }