RTDECL(int) RTAsn1Time_Compare(PCRTASN1TIME pLeft, PCRTASN1TIME pRight)
{
Assert(pLeft && (!RTAsn1Time_IsPresent(pLeft) || pLeft->Asn1Core.pOps == &g_RTAsn1Time_Vtable));
Assert(pRight && (!RTAsn1Time_IsPresent(pRight) || pRight->Asn1Core.pOps == &g_RTAsn1Time_Vtable));
int iDiff;
if (RTAsn1Time_IsPresent(pLeft))
{
if (RTAsn1Time_IsPresent(pRight))
{
RTTIMESPEC TsLeft;
AssertReturn(RTTimeImplode(&TsLeft, &pLeft->Time), -1);
RTTIMESPEC TsRight;
AssertReturn(RTTimeImplode(&TsRight, &pRight->Time), 1);
iDiff = RTTimeSpecCompare(&TsLeft, &TsRight);
}
else
iDiff = -1;
}
else
iDiff = 0 - (int)RTAsn1Time_IsPresent(pRight);
return iDiff;
}
/**
* Attempts to convert an ISO date string to a time structure.
*
* We're a little forgiving with zero padding, unspecified parts, and leading
* and trailing spaces.
*
* @retval pTime on success,
* @retval NULL on failure.
* @param pTime The time spec.
* @param pszString The ISO date string to convert.
*/
RTDECL(PRTTIMESPEC) RTTimeSpecFromString(PRTTIMESPEC pTime, const char *pszString)
{
RTTIME Time;
if (RTTimeFromString(&Time, pszString))
return RTTimeImplode(pTime, &Time);
return NULL;
}
RTDECL(int) RTAsn1Time_CompareWithTimeSpec(PCRTASN1TIME pLeft, PCRTTIMESPEC pTsRight)
{
int iDiff = RTAsn1Time_IsPresent(pLeft) ? 0 : -1;
if (!iDiff)
{
RTTIMESPEC TsLeft;
AssertReturn(RTTimeImplode(&TsLeft, &pLeft->Time), -1);
iDiff = RTTimeSpecCompare(&TsLeft, pTsRight);
}
return iDiff;
}
int main()
{
RTTIMESPEC Now;
RTTIMESPEC Ts1;
RTTIMESPEC Ts2;
RTTIME T1;
RTTIME T2;
#ifdef RTTIME_INCL_TIMEVAL
struct timeval Tv1;
struct timeval Tv2;
struct timespec Tsp1;
struct timespec Tsp2;
#endif
RTTEST hTest;
int rc = RTTestInitAndCreate("tstRTTimeSpec", &hTest);
if (rc)
return rc;
/*
* Simple test with current time.
*/
RTTestSub(hTest, "Current time (UTC)");
CHECK_NZ(RTTimeNow(&Now));
CHECK_NZ(RTTimeExplode(&T1, &Now));
RTTestIPrintf(RTTESTLVL_ALWAYS, " %RI64 ns - %s\n", RTTimeSpecGetNano(&Now), ToString(&T1));
CHECK_NZ(RTTimeImplode(&Ts1, &T1));
if (!RTTimeSpecIsEqual(&Ts1, &Now))
RTTestIFailed("%RI64 != %RI64\n", RTTimeSpecGetNano(&Ts1), RTTimeSpecGetNano(&Now));
/*
* Simple test with current local time.
*/
RTTestSub(hTest, "Current time (local)");
CHECK_NZ(RTTimeLocalNow(&Now));
CHECK_NZ(RTTimeExplode(&T1, &Now));
RTTestIPrintf(RTTESTLVL_ALWAYS, " %RI64 ns - %s\n", RTTimeSpecGetNano(&Now), ToString(&T1));
CHECK_NZ(RTTimeImplode(&Ts1, &T1));
if (!RTTimeSpecIsEqual(&Ts1, &Now))
RTTestIFailed("%RI64 != %RI64\n", RTTimeSpecGetNano(&Ts1), RTTimeSpecGetNano(&Now));
/*
* Some simple tests with fixed dates (just checking for smoke).
*/
RTTestSub(hTest, "Smoke");
TEST_NS(INT64_C(0));
CHECK_TIME(&T1, 1970,01,01, 00,00,00, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
TEST_NS(INT64_C(86400000000000));
CHECK_TIME(&T1, 1970,01,02, 00,00,00, 0, 2, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
TEST_NS(INT64_C(1));
CHECK_TIME(&T1, 1970,01,01, 00,00,00, 1, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
TEST_NS(INT64_C(-1));
CHECK_TIME(&T1, 1969,12,31, 23,59,59,999999999, 365, 2, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
/*
* Test the limits.
*/
RTTestSub(hTest, "Extremes");
TEST_NS(INT64_MAX);
TEST_NS(INT64_MIN);
TEST_SEC(1095379198);
CHECK_TIME(&T1, 2004, 9,16, 23,59,58, 0, 260, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
TEST_SEC(1095379199);
CHECK_TIME(&T1, 2004, 9,16, 23,59,59, 0, 260, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
TEST_SEC(1095379200);
CHECK_TIME(&T1, 2004, 9,17, 00,00,00, 0, 261, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
TEST_SEC(1095379201);
CHECK_TIME(&T1, 2004, 9,17, 00,00,01, 0, 261, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
/*
* Test normalization (UTC).
*/
RTTestSub(hTest, "Normalization (UTC)");
/* simple */
CHECK_NZ(RTTimeNow(&Now));
CHECK_NZ(RTTimeExplode(&T1, &Now));
T2 = T1;
CHECK_NZ(RTTimeNormalize(&T1));
if (memcmp(&T1, &T2, sizeof(T1)))
RTTestIFailed("simple normalization failed\n");
CHECK_NZ(RTTimeImplode(&Ts1, &T1));
CHECK_NZ(RTTimeSpecIsEqual(&Ts1, &Now));
/* a few partial dates. */
memset(&T1, 0, sizeof(T1));
SET_TIME( &T1, 1970,01,01, 00,00,00, 0, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1970,01,01, 00,00,00, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1970,00,00, 00,00,00, 1, 1, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1970,01,01, 00,00,00, 1, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 2007,12,06, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2007,12,06, 02,15,23, 1, 340, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1968,01,30, 00,19,24, 5, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1968,01,30, 00,19,24, 5, 30, 1, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
SET_TIME( &T1, 1969,01,31, 00, 9, 2, 7, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,01,31, 00, 9, 2, 7, 31, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,03,31, 00, 9, 2, 7, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,03,31, 00, 9, 2, 7, 90, 0, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,12,31, 00,00,00, 9, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,31, 00,00,00, 9, 365, 2, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,12,30, 00,00,00, 30, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,30, 00,00,00, 30, 364, 1, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,00,00, 00,00,00, 30, 363, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,29, 00,00,00, 30, 363, 0, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,00,00, 00,00,00, 30, 362, 6, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,28, 00,00,00, 30, 362, 6, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,12,27, 00,00,00, 30, 0, 5, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,27, 00,00,00, 30, 361, 5, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,00,00, 00,00,00, 30, 360, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,26, 00,00,00, 30, 360, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,12,25, 00,00,00, 12, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,25, 00,00,00, 12, 359, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 1969,12,24, 00,00,00, 16, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1969,12,24, 00,00,00, 16, 358, 2, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
/* outside the year table range */
SET_TIME( &T1, 1200,01,30, 00,00,00, 2, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1200,01,30, 00,00,00, 2, 30, 6, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
SET_TIME( &T1, 2555,11,29, 00,00,00, 2, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2555,11,29, 00,00,00, 2, 333, 5, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 2555,00,00, 00,00,00, 3, 333, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2555,11,29, 00,00,00, 3, 333, 5, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
/* time overflow */
SET_TIME( &T1, 1969,12,30, 255,255,255, UINT32_MAX, 364, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 1970,01, 9, 19,19,19,294967295, 9, 4, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
/* date overflow */
SET_TIME( &T1, 2007,11,36, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2007,12,06, 02,15,23, 1, 340, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 2007,10,67, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2007,12,06, 02,15,23, 1, 340, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 2007,10,98, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2008,01,06, 02,15,23, 1, 6, 6, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
SET_TIME( &T1, 2006,24,06, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2007,12,06, 02,15,23, 1, 340, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
SET_TIME( &T1, 2003,60,37, 02,15,23, 1, 0, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2008,01,06, 02,15,23, 1, 6, 6, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
SET_TIME( &T1, 2003,00,00, 02,15,23, 1,1801, 0, 0, 0);
CHECK_NZ(RTTimeNormalize(&T1));
CHECK_TIME(&T1, 2007,12,06, 02,15,23, 1, 340, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
/*
* Conversions.
*/
#define CHECK_NSEC(Ts1, T2) \
do { \
RTTIMESPEC TsTmp; \
RTTESTI_CHECK_MSG( RTTimeSpecGetNano(&(Ts1)) == RTTimeSpecGetNano(RTTimeImplode(&TsTmp, &(T2))), \
("line %d: %RI64, %RI64\n", __LINE__, \
RTTimeSpecGetNano(&(Ts1)), RTTimeSpecGetNano(RTTimeImplode(&TsTmp, &(T2)))) ); \
} while (0)
RTTestSub(hTest, "Conversions, positive");
SET_TIME(&T1, 1980,01,01, 00,00,00, 0, 1, 1, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
RTTESTI_CHECK(RTTimeSpecSetDosSeconds(&Ts2, 0) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetDosSeconds(&Ts2) == 0);
CHECK_NSEC(Ts2, T1);
SET_TIME(&T1, 1980,01,01, 00,00,00, 0, 1, 1, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_LEAP_YEAR);
RTTESTI_CHECK(RTTimeSpecSetNtTime(&Ts2, INT64_C(119600064000000000)) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetNtTime(&Ts2) == INT64_C(119600064000000000));
CHECK_NSEC(Ts2, T1);
SET_TIME(&T1, 1970,01,01, 00,00,01, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
RTTESTI_CHECK(RTTimeSpecSetSeconds(&Ts2, 1) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetSeconds(&Ts2) == 1);
CHECK_NSEC(Ts2, T1);
SET_TIME(&T1, 1970,01,01, 00,00,01, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
RTTESTI_CHECK(RTTimeSpecSetMilli(&Ts2, 1000) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetMilli(&Ts2) == 1000);
CHECK_NSEC(Ts2, T1);
SET_TIME(&T1, 1970,01,01, 00,00,01, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
RTTESTI_CHECK(RTTimeSpecSetMicro(&Ts2, 1000000) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetMicro(&Ts2) == 1000000);
CHECK_NSEC(Ts2, T1);
SET_TIME(&T1, 1970,01,01, 00,00,01, 0, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
RTTESTI_CHECK(RTTimeSpecSetNano(&Ts2, 1000000000) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetNano(&Ts2) == 1000000000);
CHECK_NSEC(Ts2, T1);
#ifdef RTTIME_INCL_TIMEVAL
SET_TIME(&T1, 1970,01,01, 00,00,01, 5000, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
Tv1.tv_sec = 1;
Tv1.tv_usec = 5;
RTTESTI_CHECK(RTTimeSpecSetTimeval(&Ts2, &Tv1) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetMicro(&Ts2) == 1000005);
CHECK_NSEC(Ts2, T1);
RTTESTI_CHECK(RTTimeSpecGetTimeval(&Ts2, &Tv2) == &Tv2);
RTTESTI_CHECK(Tv1.tv_sec == Tv2.tv_sec); RTTESTI_CHECK(Tv1.tv_usec == Tv2.tv_usec);
#endif
#ifdef RTTIME_INCL_TIMESPEC
SET_TIME(&T1, 1970,01,01, 00,00,01, 5, 1, 3, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
Tsp1.tv_sec = 1;
Tsp1.tv_nsec = 5;
RTTESTI_CHECK(RTTimeSpecSetTimespec(&Ts2, &Tsp1) == &Ts2);
RTTESTI_CHECK(RTTimeSpecGetNano(&Ts2) == 1000000005);
CHECK_NSEC(Ts2, T1);
RTTESTI_CHECK(RTTimeSpecGetTimespec(&Ts2, &Tsp2) == &Tsp2);
RTTESTI_CHECK(Tsp1.tv_sec == Tsp2.tv_sec); RTTESTI_CHECK(Tsp1.tv_nsec == Tsp2.tv_nsec);
#endif
RTTestSub(hTest, "Conversions, negative");
#ifdef RTTIME_INCL_TIMEVAL
SET_TIME(&T1, 1969,12,31, 23,59,58,999995000, 365, 2, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
Tv1.tv_sec = -2;
Tv1.tv_usec = 999995;
RTTESTI_CHECK(RTTimeSpecSetTimeval(&Ts2, &Tv1) == &Ts2);
RTTESTI_CHECK_MSG(RTTimeSpecGetMicro(&Ts2) == -1000005, ("%RI64\n", RTTimeSpecGetMicro(&Ts2)));
CHECK_NSEC(Ts2, T1);
RTTESTI_CHECK(RTTimeSpecGetTimeval(&Ts2, &Tv2) == &Tv2);
RTTESTI_CHECK(Tv1.tv_sec == Tv2.tv_sec); RTTESTI_CHECK(Tv1.tv_usec == Tv2.tv_usec);
#endif
#ifdef RTTIME_INCL_TIMESPEC
SET_TIME(&T1, 1969,12,31, 23,59,58,999999995, 365, 2, 0, RTTIME_FLAGS_TYPE_UTC | RTTIME_FLAGS_COMMON_YEAR);
Tsp1.tv_sec = -2;
Tsp1.tv_nsec = 999999995;
RTTESTI_CHECK(RTTimeSpecSetTimespec(&Ts2, &Tsp1) == &Ts2);
RTTESTI_CHECK_MSG(RTTimeSpecGetNano(&Ts2) == -1000000005, ("%RI64\n", RTTimeSpecGetMicro(&Ts2)));
CHECK_NSEC(Ts2, T1);
RTTESTI_CHECK(RTTimeSpecGetTimespec(&Ts2, &Tsp2) == &Tsp2);
RTTESTI_CHECK(Tsp1.tv_sec == Tsp2.tv_sec); RTTESTI_CHECK(Tsp1.tv_nsec == Tsp2.tv_nsec);
#endif
/*
* Summary
*/
return RTTestSummaryAndDestroy(hTest);
}
RTDECL(int) RTCrPkcs7VerifySignedData(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags,
RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts,
PCRTTIMESPEC pValidationTime, PFNRTCRPKCS7VERIFYCERTCALLBACK pfnVerifyCert, void *pvUser,
PRTERRINFO pErrInfo)
{
/*
* Check the input.
*/
if (pfnVerifyCert)
AssertPtrReturn(pfnVerifyCert, VERR_INVALID_POINTER);
else
pfnVerifyCert = RTCrPkcs7VerifyCertCallbackDefault;
if (!RTCrPkcs7ContentInfo_IsSignedData(pContentInfo))
return RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_NOT_SIGNED_DATA, "Not PKCS #7 SignedData.");
PCRTCRPKCS7SIGNEDDATA pSignedData = pContentInfo->u.pSignedData;
int rc = RTCrPkcs7SignedData_CheckSanity(pSignedData, 0, pErrInfo, "");
if (RT_FAILURE(rc))
return rc;
/*
* Hash the content info.
*/
/* Exactly what the content is, for some stupid reason unnecessarily
complicated. Figure it out here as we'll need it for the OpenSSL code
path as well. */
void const *pvContent = pSignedData->ContentInfo.Content.Asn1Core.uData.pv;
uint32_t cbContent = pSignedData->ContentInfo.Content.Asn1Core.cb;
if (pSignedData->ContentInfo.Content.pEncapsulated)
{
pvContent = pSignedData->ContentInfo.Content.pEncapsulated->uData.pv;
cbContent = pSignedData->ContentInfo.Content.pEncapsulated->cb;
}
/* Check that there aren't too many or too few hash algorithms for our
implementation and purposes. */
RTCRDIGEST ahDigests[2];
uint32_t const cDigests = pSignedData->DigestAlgorithms.cItems;
if (!cDigests) /** @todo we might have to support this... */
return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS, "No digest algorithms");
if (cDigests > RT_ELEMENTS(ahDigests))
return RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_TOO_MANY_DIGEST_ALGORITHMS,
"Too many digest algorithm: cAlgorithms=%u", cDigests);
/* Create the message digest calculators. */
rc = VERR_CR_PKCS7_NO_DIGEST_ALGORITHMS;
uint32_t i;
for (i = 0; i < cDigests; i++)
{
rc = RTCrDigestCreateByObjId(&ahDigests[i], &pSignedData->DigestAlgorithms.paItems[i].Algorithm);
if (RT_FAILURE(rc))
{
rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CREATE_ERROR, "Error creating digest for '%s': %Rrc",
pSignedData->DigestAlgorithms.paItems[i].Algorithm.szObjId, rc);
break;
}
}
if (RT_SUCCESS(rc))
{
/* Hash the content. */
for (i = 0; i < cDigests && RT_SUCCESS(rc); i++)
{
rc = RTCrDigestUpdate(ahDigests[i], pvContent, cbContent);
if (RT_SUCCESS(rc))
rc = RTCrDigestFinal(ahDigests[i], NULL, 0);
}
if (RT_SUCCESS(rc))
{
/*
* Validate the signed infos.
*/
uint32_t fPrimaryVccFlags = !(fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING)
? RTCRPKCS7VCC_F_SIGNED_DATA : RTCRPKCS7VCC_F_TIMESTAMP;
rc = VERR_CR_PKCS7_NO_SIGNER_INFOS;
for (i = 0; i < pSignedData->SignerInfos.cItems; i++)
{
PCRTCRPKCS7SIGNERINFO pSignerInfo = &pSignedData->SignerInfos.paItems[i];
RTCRDIGEST hThisDigest = NIL_RTCRDIGEST; /* (gcc maybe incredible stupid.) */
rc = rtCrPkcs7VerifyFindDigest(&hThisDigest, pSignedData, pSignerInfo, ahDigests, pErrInfo);
if (RT_FAILURE(rc))
break;
/*
* See if we can find a trusted signing time.
* (Note that while it would make sense splitting up this function,
* we need to carry a lot of arguments around, so better not.)
*/
bool fDone = false;
PCRTCRPKCS7SIGNERINFO pSigningTimeSigner = NULL;
PCRTASN1TIME pSignedTime;
while ( !fDone
&& (pSignedTime = RTCrPkcs7SignerInfo_GetSigningTime(pSignerInfo, &pSigningTimeSigner)) != NULL)
{
RTTIMESPEC ThisValidationTime;
if (RT_LIKELY(RTTimeImplode(&ThisValidationTime, &pSignedTime->Time)))
{
if (pSigningTimeSigner == pSignerInfo)
{
if (fFlags & RTCRPKCS7VERIFY_SD_F_COUNTER_SIGNATURE_SIGNING_TIME_ONLY)
continue;
rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags,
hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
pfnVerifyCert, fPrimaryVccFlags | RTCRPKCS7VCC_F_TIMESTAMP,
pvUser, pErrInfo);
}
else
{
rc = VINF_SUCCESS;
if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_SIGNING_TIME_UNVERIFIED))
rc = rtCrPkcs7VerifyCounterSignerInfo(pSigningTimeSigner, pSignerInfo, pSignedData, fFlags,
hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
pfnVerifyCert, RTCRPKCS7VCC_F_TIMESTAMP, pvUser, pErrInfo);
if (RT_SUCCESS(rc))
rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts,
hTrustedCerts, &ThisValidationTime,
pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
}
fDone = RT_SUCCESS(rc)
|| (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_SIGNING_TIME_IF_PRESENT);
}
else
{
rc = RTErrInfoSet(pErrInfo, VERR_INTERNAL_ERROR_3, "RTTimeImplode failed");
fDone = true;
}
}
/*
* If not luck, check for microsoft timestamp counter signatures.
*/
if (!fDone && !(fFlags & RTCRPKCS7VERIFY_SD_F_IGNORE_MS_TIMESTAMP))
{
PCRTCRPKCS7CONTENTINFO pSignedTimestamp = NULL;
pSignedTime = RTCrPkcs7SignerInfo_GetMsTimestamp(pSignerInfo, &pSignedTimestamp);
if (pSignedTime)
{
RTTIMESPEC ThisValidationTime;
if (RT_LIKELY(RTTimeImplode(&ThisValidationTime, &pSignedTime->Time)))
{
rc = VINF_SUCCESS;
if (!(fFlags & RTCRPKCS7VERIFY_SD_F_USE_MS_TIMESTAMP_UNVERIFIED))
rc = RTCrPkcs7VerifySignedData(pSignedTimestamp,
fFlags | RTCRPKCS7VERIFY_SD_F_IGNORE_MS_TIMESTAMP
| RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING,
hAdditionalCerts, hTrustedCerts, &ThisValidationTime,
pfnVerifyCert, pvUser, pErrInfo);
if (RT_SUCCESS(rc))
rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts,
hTrustedCerts, &ThisValidationTime,
pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
fDone = RT_SUCCESS(rc)
|| (fFlags & RTCRPKCS7VERIFY_SD_F_ALWAYS_USE_MS_TIMESTAMP_IF_PRESENT);
}
else
{
rc = RTErrInfoSet(pErrInfo, VERR_INTERNAL_ERROR_3, "RTTimeImplode failed");
fDone = true;
}
}
}
/*
* No valid signing time found, use the one specified instead.
*/
if (!fDone)
rc = rtCrPkcs7VerifySignerInfo(pSignerInfo, pSignedData, hThisDigest, fFlags, hAdditionalCerts, hTrustedCerts,
pValidationTime, pfnVerifyCert, fPrimaryVccFlags, pvUser, pErrInfo);
RTCrDigestRelease(hThisDigest);
if (RT_FAILURE(rc))
break;
}
}
else
rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_DIGEST_CALC_ERROR,
"Hashing content failed unexpectedly (i=%u): %Rrc", i, rc);
/* Clean up digests. */
i = cDigests;
}
while (i-- > 0)
{
int rc2 = RTCrDigestRelease(ahDigests[i]);
AssertRC(rc2);
}
#ifdef IPRT_WITH_OPENSSL
/*
* Verify using OpenSSL and combine the results (should be identical).
*/
/** @todo figure out how to verify MS timstamp signatures using OpenSSL. */
if (fFlags & RTCRPKCS7VERIFY_SD_F_USAGE_TIMESTAMPING)
return rc;
int rcOssl = rtCrPkcs7VerifySignedDataUsingOpenSsl(pContentInfo, fFlags, hAdditionalCerts, hTrustedCerts,
pvContent, cbContent, RT_SUCCESS(rc) ? pErrInfo : NULL);
if (RT_SUCCESS(rcOssl) && RT_SUCCESS(rc))
return rc;
// AssertMsg(RT_FAILURE_NP(rcOssl) && RT_FAILURE_NP(rc), ("%Rrc, %Rrc\n", rcOssl, rc));
if (RT_FAILURE(rc))
return rc;
return rcOssl;
#else
return rc;
#endif
}
