/**
* gnutls_x509_crt_set_private_key_usage_period:
* @crt: a certificate of type #gnutls_x509_crt_t
* @activation: The activation time
* @expiration: The expiration time
*
* This function will set the private key usage period extension (2.5.29.16).
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_crt_set_private_key_usage_period(gnutls_x509_crt_t crt,
time_t activation,
time_t expiration)
{
int result;
gnutls_datum_t der_data;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
if (crt == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.PrivateKeyUsagePeriod", &c2);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = _gnutls_x509_set_time(c2, "notBefore", activation, 1);
if (result < 0) {
gnutls_assert();
goto cleanup;
}
result = _gnutls_x509_set_time(c2, "notAfter", expiration, 1);
if (result < 0) {
gnutls_assert();
goto cleanup;
}
result = _gnutls_x509_der_encode(c2, "", &der_data, 0);
if (result < 0) {
gnutls_assert();
goto cleanup;
}
result = _gnutls_x509_crt_set_extension(crt, "2.5.29.16",
&der_data, 0);
_gnutls_free_datum(&der_data);
crt->use_extensions = 1;
cleanup:
asn1_delete_structure(&c2);
return result;
}
/**
* gnutls_x509_crl_set_next_update:
* @crl: should contain a gnutls_x509_crl_t type
* @exp_time: The actual time
*
* This function will set the time this CRL will be updated.
* This is an optional value to be set on a CRL and this call
* can be omitted when generating a CRL.
*
* Prior to GnuTLS 3.5.7, setting a nextUpdate field was required
* in order to generate a CRL.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time)
{
if (crl == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_set_time(crl->crl, "tbsCertList.nextUpdate",
exp_time, 0);
}
/**
* gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time
* @crl: should contain a gnutls_x509_crl_t structure
* @act_time: The actual time
*
* This function will set the time this CRL was issued.
*
* Returns 0 on success, or a negative value in case of an error.
*
**/
int
gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
{
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time);
}
/**
* gnutls_x509_crt_set_expiration_time:
* @cert: a certificate of type #gnutls_x509_crt_t
* @exp_time: The actual time
*
* This function will set the time this Certificate will expire.
* Setting an expiration time to (time_t)-1 or to %GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION
* will set to the no well-defined expiration date value.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert,
time_t exp_time)
{
if (cert == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_set_time(cert->cert,
"tbsCertificate.validity.notAfter",
exp_time, 0);
}
/**
* gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
* @crl: should contain a gnutls_x509_crl_t structure
* @serial: The revoked certificate's serial number
* @serial_size: Holds the size of the serial field.
* @revocation_time: The time this certificate was revoked
*
* This function will set a revoked certificate's serial number to the CRL.
*
* Returns 0 on success, or a negative value in case of an error.
*
**/
int
gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
const void *serial, size_t serial_size,
time_t revocation_time)
{
int ret;
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
ret =
asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
ret =
asn1_write_value (crl->crl,
"tbsCertList.revokedCertificates.?LAST.userCertificate",
serial, serial_size);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
ret =
_gnutls_x509_set_time (crl->crl,
"tbsCertList.revokedCertificates.?LAST.revocationDate",
revocation_time);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
asn1_write_value (crl->crl,
"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
NULL, 0);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
return 0;
}
/**
* gnutls_x509_crt_set_activation_time:
* @cert: a certificate of type #gnutls_x509_crt_t
* @act_time: The actual time
*
* This function will set the time this Certificate was or will be
* activated.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert,
time_t act_time)
{
if (cert == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return _gnutls_x509_set_time(cert->cert,
"tbsCertificate.validity.notBefore",
act_time, 0);
}
