aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-12-01 13:28:16 +0000
committerlloyd <[email protected]>2009-12-01 13:28:16 +0000
commitfe0276ee115bb367810ac2e06833fed297eb1715 (patch)
tree2adf34a771c5dc460f559deb33afd29501fea802 /src/cert/x509
parent4aec044fc21526e1c9185b384f7e984b7f8622c7 (diff)
Remove system_time(), replace entirely with std::chrono.
Only remaining use of time.h/ctime is to convert from a time point to a calendar value, which still requires C's gmtime. Hide it entirely in time.cpp and return a calendar_point struct instead of a std::tm.
Diffstat (limited to 'src/cert/x509')
-rw-r--r--src/cert/x509/crl_ent.cpp3
-rw-r--r--src/cert/x509/x509_ca.cpp6
-rw-r--r--src/cert/x509/x509opt.cpp6
-rw-r--r--src/cert/x509/x509stor.cpp24
-rw-r--r--src/cert/x509/x509stor.h2
5 files changed, 22 insertions, 19 deletions
diff --git a/src/cert/x509/crl_ent.cpp b/src/cert/x509/crl_ent.cpp
index 42a742ebb..e7ce1a57a 100644
--- a/src/cert/x509/crl_ent.cpp
+++ b/src/cert/x509/crl_ent.cpp
@@ -11,7 +11,6 @@
#include <botan/ber_dec.h>
#include <botan/bigint.h>
#include <botan/oids.h>
-#include <botan/time.h>
namespace Botan {
@@ -31,7 +30,7 @@ CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) :
throw_on_unknown_critical(false)
{
serial = cert.serial_number();
- time = X509_Time(system_time());
+ time = X509_Time(std::chrono::system_clock::now());
reason = why;
}
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 80e808177..59a5bbaf8 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -14,7 +14,6 @@
#include <botan/lookup.h>
#include <botan/look_pk.h>
#include <botan/oids.h>
-#include <botan/time.h>
#include <memory>
#include <set>
@@ -197,7 +196,8 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
next_update = timespec_to_u32bit("7d");
// Totally stupid: ties encoding logic to the return of std::time!!
- const u64bit current_time = system_time();
+ auto current_time = std::chrono::system_clock::now();
+ auto expire_time = current_time + std::chrono::seconds(next_update);
Extensions extensions;
extensions.add(
@@ -210,7 +210,7 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
.encode(ca_sig_algo)
.encode(cert.issuer_dn())
.encode(X509_Time(current_time))
- .encode(X509_Time(current_time + next_update))
+ .encode(X509_Time(expire_time))
.encode_if(revoked.size() > 0,
DER_Encoder()
.start_cons(SEQUENCE)
diff --git a/src/cert/x509/x509opt.cpp b/src/cert/x509/x509opt.cpp
index c6421d9ca..a2547e30a 100644
--- a/src/cert/x509/x509opt.cpp
+++ b/src/cert/x509/x509opt.cpp
@@ -78,16 +78,16 @@ void X509_Cert_Options::sanity_check() const
* Initialize the certificate options
*/
X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts,
- u32bit expiration_time_in_seconds)
+ u32bit expiration_time)
{
is_CA = false;
path_limit = 0;
constraints = NO_CONSTRAINTS;
- const u32bit now = system_time();
+ auto now = std::chrono::system_clock::now();
start = X509_Time(now);
- end = X509_Time(now + expiration_time_in_seconds);
+ end = X509_Time(now + std::chrono::seconds(expiration_time));
if(initial_opts == "")
return;
diff --git a/src/cert/x509/x509stor.cpp b/src/cert/x509/x509stor.cpp
index 323890f2d..336d155d3 100644
--- a/src/cert/x509/x509stor.cpp
+++ b/src/cert/x509/x509stor.cpp
@@ -22,13 +22,14 @@ namespace {
* Do a validity check
*/
s32bit validity_check(const X509_Time& start, const X509_Time& end,
- u64bit current_time, u32bit slack)
+ const std::chrono::system_clock::time_point& now,
+ u32bit slack)
{
const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1;
- if(start.cmp(current_time + slack) > 0)
+ if(start.cmp(now + std::chrono::seconds(slack)) > 0)
return NOT_YET_VALID;
- if(end.cmp(current_time - slack) < 0)
+ if(end.cmp(now - std::chrono::seconds(slack)) < 0)
return EXPIRED;
return VALID_TIME;
}
@@ -212,10 +213,11 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert,
if(chaining_result != VERIFIED)
return chaining_result;
- const u64bit current_time = system_time();
+ auto current_time = std::chrono::system_clock::now();
s32bit time_check = validity_check(cert.start_time(), cert.end_time(),
current_time, time_slack);
+
if(time_check < 0) return CERT_NOT_YET_VALID;
else if(time_check > 0) return CERT_HAS_EXPIRED;
@@ -563,8 +565,10 @@ void X509_Store::add_trusted_certs(DataSource& source)
*/
X509_Code X509_Store::add_crl(const X509_CRL& crl)
{
+ auto current_time = std::chrono::system_clock::now();
+
s32bit time_check = validity_check(crl.this_update(), crl.next_update(),
- system_time(), time_slack);
+ current_time, time_slack);
if(time_check < 0) return CRL_NOT_YET_VALID;
else if(time_check > 0) return CRL_HAS_EXPIRED;
@@ -641,8 +645,8 @@ X509_Store::Cert_Info::Cert_Info(const X509_Certificate& c,
bool t) : cert(c), trusted(t)
{
checked = false;
+ last_checked = std::chrono::system_clock::time_point::min();
result = UNKNOWN_X509_ERROR;
- last_checked = 0;
}
/*
@@ -660,9 +664,9 @@ X509_Code X509_Store::Cert_Info::verify_result() const
*/
void X509_Store::Cert_Info::set_result(X509_Code code) const
{
- result = code;
- last_checked = system_time();
checked = true;
+ last_checked = std::chrono::system_clock::now();
+ result = code;
}
/*
@@ -683,9 +687,9 @@ bool X509_Store::Cert_Info::is_verified(u32bit timeout) const
if(result != VERIFIED && result != CERT_NOT_YET_VALID)
return true;
- const u64bit current_time = system_time();
+ auto now = std::chrono::system_clock::now();
- if(current_time > last_checked + timeout)
+ if(now > last_checked + std::chrono::seconds(timeout))
checked = false;
return checked;
diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h
index 958b6da0f..e55e36e7e 100644
--- a/src/cert/x509/x509stor.h
+++ b/src/cert/x509/x509stor.h
@@ -116,7 +116,7 @@ class BOTAN_DLL X509_Store
private:
mutable bool checked;
mutable X509_Code result;
- mutable u64bit last_checked;
+ mutable std::chrono::system_clock::time_point last_checked;
};
u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const;