diff options
Diffstat (limited to 'src/cert/x509store')
| -rw-r--r-- | src/cert/x509store/x509stor.cpp | 36 | ||||
| -rw-r--r-- | src/cert/x509store/x509stor.h | 20 |
2 files changed, 33 insertions, 23 deletions
diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index 3fe1adf62..a635b3930 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -9,8 +9,8 @@ #include <botan/parsing.h> #include <botan/pubkey.h> #include <botan/oids.h> -#include <botan/time.h> #include <algorithm> +#include <chrono> #include <memory> namespace Botan { @@ -21,13 +21,14 @@ namespace { * Do a validity check */ s32bit validity_check(const X509_Time& start, const X509_Time& end, - u64bit current_time, u32bit slack) + const std::chrono::system_clock::time_point& now, + std::chrono::seconds slack) { const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1; - if(start.cmp(current_time + slack) > 0) + if(start.cmp(now + slack) > 0) return NOT_YET_VALID; - if(end.cmp(current_time - slack) < 0) + if(end.cmp(now - slack) < 0) return EXPIRED; return VALID_TIME; } @@ -168,7 +169,8 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const /* * X509_Store Constructor */ -X509_Store::X509_Store(u32bit slack, u32bit cache_timeout) +X509_Store::X509_Store(std::chrono::seconds slack, + std::chrono::seconds cache_timeout) { revoked_info_valid = true; @@ -211,10 +213,11 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, if(chaining_result != VERIFIED) return chaining_result; - const u64bit current_time = system_time(); + auto current_time = std::chrono::system_clock::now(); s32bit time_check = validity_check(cert.start_time(), cert.end_time(), current_time, time_slack); + if(time_check < 0) return CERT_NOT_YET_VALID; else if(time_check > 0) return CERT_HAS_EXPIRED; @@ -373,7 +376,7 @@ X509_Code X509_Store::check_sig(const Cert_Info& cert_info, */ X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key) { - std::auto_ptr<Public_Key> pub_key(key); + std::unique_ptr<Public_Key> pub_key(key); try { std::vector<std::string> sig_info = @@ -528,8 +531,10 @@ void X509_Store::add_trusted_certs(DataSource& source) */ X509_Code X509_Store::add_crl(const X509_CRL& crl) { + auto current_time = std::chrono::system_clock::now(); + s32bit time_check = validity_check(crl.this_update(), crl.next_update(), - system_time(), time_slack); + current_time, time_slack); if(time_check < 0) return CRL_NOT_YET_VALID; else if(time_check > 0) return CRL_HAS_EXPIRED; @@ -568,8 +573,7 @@ X509_Code X509_Store::add_crl(const X509_CRL& crl) revoked_info.serial = revoked_certs[j].serial_number(); revoked_info.auth_key_id = crl.authority_key_id(); - std::vector<CRL_Data>::iterator p = - std::find(revoked.begin(), revoked.end(), revoked_info); + auto p = std::find(revoked.begin(), revoked.end(), revoked_info); if(revoked_certs[j].reason_code() == REMOVE_FROM_CRL) { @@ -607,8 +611,8 @@ X509_Store::Cert_Info::Cert_Info(const X509_Certificate& c, bool t) : cert(c), trusted(t) { checked = false; + last_checked = std::chrono::system_clock::time_point::min(); result = UNKNOWN_X509_ERROR; - last_checked = 0; } /* @@ -626,9 +630,9 @@ X509_Code X509_Store::Cert_Info::verify_result() const */ void X509_Store::Cert_Info::set_result(X509_Code code) const { - result = code; - last_checked = system_time(); checked = true; + last_checked = std::chrono::system_clock::now(); + result = code; } /* @@ -642,16 +646,16 @@ bool X509_Store::Cert_Info::is_trusted() const /* * Check if this certificate has been verified */ -bool X509_Store::Cert_Info::is_verified(u32bit timeout) const +bool X509_Store::Cert_Info::is_verified(std::chrono::seconds timeout) const { if(!checked) return false; if(result != VERIFIED && result != CERT_NOT_YET_VALID) return true; - const u64bit current_time = system_time(); + auto now = std::chrono::system_clock::now(); - if(current_time > last_checked + timeout) + if(now > last_checked + timeout) checked = false; return checked; diff --git a/src/cert/x509store/x509stor.h b/src/cert/x509store/x509stor.h index b4b50022c..532db6190 100644 --- a/src/cert/x509store/x509stor.h +++ b/src/cert/x509store/x509stor.h @@ -11,6 +11,7 @@ #include <botan/x509cert.h> #include <botan/x509_crl.h> #include <botan/certstor.h> +#include <functional> namespace Botan { @@ -70,14 +71,18 @@ class BOTAN_DLL X509_Store void add_new_certstore(Certificate_Store*); - X509_Store(u32bit time_slack = 24*60*60, - u32bit cache_results = 30*60); + X509_Store& operator=(const X509_Store&) = delete; + + /** + * @param slack the slack in checking validity times against current clock + * @param cache how long to cache validation results before rechecking + */ + X509_Store(std::chrono::seconds slack = std::chrono::seconds(24*60*60), + std::chrono::seconds cache = std::chrono::seconds(30*60)); X509_Store(const X509_Store&); ~X509_Store(); private: - X509_Store& operator=(const X509_Store&) { return (*this); } - class BOTAN_DLL CRL_Data { public: @@ -91,7 +96,7 @@ class BOTAN_DLL X509_Store class BOTAN_DLL Cert_Info { public: - bool is_verified(u32bit timeout) const; + bool is_verified(std::chrono::seconds cache_timeout) const; bool is_trusted() const; X509_Code verify_result() const; void set_result(X509_Code) const; @@ -102,7 +107,7 @@ class BOTAN_DLL X509_Store private: mutable bool checked; mutable X509_Code result; - mutable u64bit last_checked; + mutable std::chrono::system_clock::time_point last_checked; }; static X509_Code check_sig(const X509_Object&, Public_Key*); @@ -122,7 +127,8 @@ class BOTAN_DLL X509_Store std::vector<Cert_Info> certs; std::vector<CRL_Data> revoked; std::vector<Certificate_Store*> stores; - u32bit time_slack, validation_cache_timeout; + + std::chrono::seconds time_slack, validation_cache_timeout; mutable bool revoked_info_valid; }; |