Handle<std::string> ASN1_TIME_toString(ASN1_TIME* time){ if (time == NULL) THROW_EXCEPTION(0, Common, NULL, ERROR_PARAMETER_NULL, 1); LOGGER_OPENSSL(ASN1_TIME_to_generalizedtime); ASN1_GENERALIZEDTIME *gtime = ASN1_TIME_to_generalizedtime(time, NULL); Handle<Bio> out = new Bio(BIO_TYPE_MEM, ""); LOGGER_OPENSSL(ASN1_GENERALIZEDTIME_print); ASN1_GENERALIZEDTIME_print(out->internal(), gtime); LOGGER_OPENSSL(ASN1_GENERALIZEDTIME_free); ASN1_GENERALIZEDTIME_free(gtime); return out->read(); }
int64_t mono_btls_util_asn1_time_to_ticks (ASN1_TIME *time) { ASN1_GENERALIZEDTIME *gtime; struct tm tm; int64_t epoch; int ret; memset (&tm, 0, sizeof (tm)); gtime = ASN1_TIME_to_generalizedtime (time, NULL); ret = asn1_generalizedtime_to_tm (&tm, gtime); ASN1_GENERALIZEDTIME_free (gtime); epoch = btls_timegm64 (&tm); return epoch; }
char *EstEID_ASN1_TIME_toString(ASN1_TIME *time) { // ASN1_GENERALIZEDTIME.data format: yyyyMMddHHmmssZ ASN1_GENERALIZEDTIME *gt = ASN1_TIME_to_generalizedtime(time, NULL); char *data = (char *)gt->data; // result format dd.MM.yyyy HH:mm:ss // todo maybe: ASN1_GENERALIZEDTIME is in GMT -> should we adjust it? char *result = (char *)malloc(20); strncpy(result, data + 6, 2); strncpy(result + 3, data + 4, 2); strncpy(result + 6, data, 4); strncpy(result + 11, data + 8, 2); strncpy(result + 14, data + 10, 2); strncpy(result + 17, data + 12, 2); result[2] = result[5] = '.'; result[10] = ' '; result[13] = result[16] = ':'; result[19] = 0; ASN1_GENERALIZEDTIME_free(gt); return result; }
static int _checkExpiration(T C, X509_STORE_CTX *ctx, X509 *certificate) { if (C->minimumValidDays) { // If we have warn-X-days-before-expire condition, check the certificate validity (already expired certificates are catched in preverify => we don't need to handle them here). int deltadays = 0; #ifdef HAVE_ASN1_TIME_DIFF int deltaseconds; if (! ASN1_TIME_diff(&deltadays, &deltaseconds, NULL, X509_get_notAfter(certificate))) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field)"); return 0; } #else ASN1_GENERALIZEDTIME *t = ASN1_TIME_to_generalizedtime(X509_get_notAfter(certificate), NULL); if (! t) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field)"); return 0; } TRY { deltadays = (double)(Time_toTimestamp((const char *)t->data) - Time_now()) / 86400.; } ELSE { X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD); snprintf(C->error, sizeof(C->error), "invalid time format (in certificate's notAfter field) -- %s", t->data); } FINALLY { ASN1_STRING_free(t); } END_TRY; #endif if (deltadays < C->minimumValidDays) { X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); snprintf(C->error, sizeof(C->error), "certificate expire in %d days matches check limit [valid > %d days]", deltadays, C->minimumValidDays); return 0; } }
static int test_table(struct testdata *tbl, int idx) { int error = 0; ASN1_TIME atime; ASN1_TIME *ptime; struct testdata *td = &tbl[idx]; int day, sec; atime.data = (unsigned char*)td->data; atime.length = strlen((char*)atime.data); atime.type = td->type; atime.flags = 0; if (!TEST_int_eq(ASN1_TIME_check(&atime), td->check_result)) { TEST_info("ASN1_TIME_check(%s) unexpected result", atime.data); error = 1; } if (td->check_result == 0) return 1; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, td->t), 0)) { TEST_info("ASN1_TIME_cmp_time_t(%s vs %ld) compare failed", atime.data, (long)td->t); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, &atime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to self failed", atime.data); error = 1; } if (!TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(%s) to self not equal", atime.data); error = 1; } if (!TEST_true(ASN1_TIME_diff(&day, &sec, >ime, &atime))) { TEST_info("ASN1_TIME_diff(%s) to baseline failed", atime.data); error = 1; } else if (!((td->cmp_result == 0 && TEST_true((day == 0 && sec == 0))) || (td->cmp_result == -1 && TEST_true((day < 0 || sec < 0))) || (td->cmp_result == 1 && TEST_true((day > 0 || sec > 0))))) { TEST_info("ASN1_TIME_diff(%s) to baseline bad comparison", atime.data); error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(&atime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) to baseline bad comparison", atime.data); error = 1; } ptime = ASN1_TIME_set(NULL, td->t); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_set(%ld) failed", (long)td->t); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_set(%ld) compare failed (%s->%s)", (long)td->t, td->data, ptime->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set(%ld) unexpected type", (long)td->t); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string_gmt(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_normalize(ptime), td->check_result)) { TEST_info("ASN1_TIME_normalize(%s) failed", td->data); local_error = error = 1; } if (!TEST_int_eq(ptime->type, td->expected_type)) { TEST_info("ASN1_TIME_set_string_gmt(%s) unexpected type", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string_gmt() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string_gnt() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string_gmt() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } ptime = ASN1_TIME_new(); if (!TEST_ptr(ptime)) { TEST_info("ASN1_TIME_new() failed"); error = 1; } else { int local_error = 0; if (!TEST_int_eq(ASN1_TIME_set_string(ptime, td->data), td->check_result)) { TEST_info("ASN1_TIME_set_string(%s) failed", td->data); local_error = error = 1; } day = sec = 0; if (!TEST_true(ASN1_TIME_diff(&day, &sec, ptime, &atime)) || !TEST_int_eq(day, 0) || !TEST_int_eq(sec, 0)) { TEST_info("ASN1_TIME_diff(day=%d, sec=%d, %s) after ASN1_TIME_set_string() failed", day, sec, td->data); local_error = error = 1; } if (!TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, gtime_t), td->cmp_result)) { TEST_info("ASN1_TIME_cmp_time_t(%s) after ASN1_TIME_set_string() to baseline bad comparison", td->data); local_error = error = 1; } if (local_error) TEST_info("ASN1_TIME_set_string() = %*s", ptime->length, ptime->data); ASN1_TIME_free(ptime); } if (td->type == V_ASN1_UTCTIME) { ptime = ASN1_TIME_to_generalizedtime(&atime, NULL); if (td->convert_result == 1 && !TEST_ptr(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) failed", atime.data); error = 1; } else if (td->convert_result == 0 && !TEST_ptr_null(ptime)) { TEST_info("ASN1_TIME_to_generalizedtime(%s) should have failed", atime.data); error = 1; } if (ptime != NULL && !TEST_int_eq(ASN1_TIME_cmp_time_t(ptime, td->t), 0)) { TEST_info("ASN1_TIME_to_generalizedtime(%s->%s) bad result", atime.data, ptime->data); error = 1; } ASN1_TIME_free(ptime); } /* else cannot simply convert GENERALIZEDTIME to UTCTIME */ if (error) TEST_error("atime=%s", atime.data); return !error; }
OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd) { OCSP_SINGLERESP *single = NULL; OCSP_CERTSTATUS *cs; OCSP_REVOKEDINFO *ri; if(!rsp->tbsResponseData->responses && !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) goto err; if (!(single = OCSP_SINGLERESP_new())) goto err; if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) goto err; if (nextupd && !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) goto err; OCSP_CERTID_free(single->certId); if(!(single->certId = OCSP_CERTID_dup(cid))) goto err; cs = single->certStatus; switch(cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: if (!revtime) { OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME); goto err; } if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) goto err; if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { if (!(ri->revocationReason = ASN1_ENUMERATED_new())) goto err; if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) goto err; } break; case V_OCSP_CERTSTATUS_GOOD: cs->value.good = ASN1_NULL_new(); break; case V_OCSP_CERTSTATUS_UNKNOWN: cs->value.unknown = ASN1_NULL_new(); break; default: goto err; } if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) goto err; return single; err: OCSP_SINGLERESP_free(single); return NULL; }