Adding upstream version 86.0.1.upstream/86.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
commit: 2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree: b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/manager/ssl/X509CertValidity.cpp
parent: Initial commit. (diff)
download: firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.tar.xz
firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.zip
1 files changed, 146 insertions, 0 deletions
diff --git a/security/manager/ssl/X509CertValidity.cpp b/security/manager/ssl/X509CertValidity.cpp
new file mode 100644
index 0000000000..8c09326bb6
--- /dev/null
+++ b/security/manager/ssl/X509CertValidity.cpp
@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "X509CertValidity.h"
+
+#include "mozilla/Assertions.h"
+#include "mozpkix/pkixder.h"
+#include "mozpkix/pkixutil.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsReadableUtils.h"
+#include "seccomon.h"
+#include "secder.h"
+
+NS_IMPL_ISUPPORTS(X509CertValidity, nsIX509CertValidity)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::der;
+
+X509CertValidity::X509CertValidity(Input certDER)
+    : mNotBefore(0), mNotAfter(0), mTimesInitialized(false) {
+  // We're not building a verified certificate chain, so the EndEntityOrCA
+  // parameter doesn't matter.
+  BackCert cert(certDER, EndEntityOrCA::MustBeEndEntity, nullptr);
+  pkix::Result rv = cert.Init();
+  if (rv != Success) {
+    return;
+  }
+  // Validity ::= SEQUENCE {
+  //    notBefore      Time,
+  //    notAfter       Time  }
+  //
+  // Time ::= CHOICE {
+  //    utcTime        UTCTime,
+  //    generalTime    GeneralizedTime }
+  //
+  // NB: BackCert::GetValidity returns the value of the Validity of the
+  // certificate (i.e. notBefore and notAfter, without the enclosing SEQUENCE
+  // and length)
+  Reader reader(cert.GetValidity());
+  uint8_t expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
+  Input notBefore;
+  pkix::Result result = ExpectTagAndGetValue(reader, expectedTag, notBefore);
+  if (result != Success) {
+    return;
+  }
+  SECItemType notBeforeType =
+      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
+  SECItem notBeforeItem = {
+      notBeforeType, const_cast<unsigned char*>(notBefore.UnsafeGetData()),
+      notBefore.GetLength()};
+  SECStatus srv = DER_DecodeTimeChoice(&mNotBefore, &notBeforeItem);
+  if (srv != SECSuccess) {
+    return;
+  }
+  expectedTag = reader.Peek(UTCTime) ? UTCTime : GENERALIZED_TIME;
+  Input notAfter;
+  result = ExpectTagAndGetValue(reader, expectedTag, notAfter);
+  if (result != Success) {
+    return;
+  }
+  SECItemType notAfterType =
+      expectedTag == UTCTime ? siUTCTime : siGeneralizedTime;
+  SECItem notAfterItem = {notAfterType,
+                          const_cast<unsigned char*>(notAfter.UnsafeGetData()),
+                          notAfter.GetLength()};
+  srv = DER_DecodeTimeChoice(&mNotAfter, &notAfterItem);
+  if (srv != SECSuccess) {
+    return;
+  }
+
+  mTimesInitialized = true;
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotBefore(PRTime* aNotBefore) {
+  NS_ENSURE_ARG(aNotBefore);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotBefore = mNotBefore;
+  return NS_OK;
+}
+
+nsresult X509CertValidity::FormatTime(
+    const PRTime& aTimeDate, PRTimeParamFn aParamFn,
+    const nsTimeFormatSelector aTimeFormatSelector,
+    nsAString& aFormattedTimeDate) {
+  if (!mTimesInitialized) return NS_ERROR_FAILURE;
+
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(const_cast<PRTime&>(aTimeDate), aParamFn, &explodedTime);
+  return mozilla::DateTimeFormat::FormatPRExplodedTime(
+      kDateFormatLong, aTimeFormatSelector, &explodedTime, aFormattedTimeDate);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotBeforeLocalTime(nsAString& aNotBeforeLocalTime) {
+  return FormatTime(mNotBefore, PR_LocalTimeParameters, kTimeFormatLong,
+                    aNotBeforeLocalTime);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotBeforeLocalDay(nsAString& aNotBeforeLocalDay) {
+  return FormatTime(mNotBefore, PR_LocalTimeParameters, kTimeFormatNone,
+                    aNotBeforeLocalDay);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotBeforeGMT(nsAString& aNotBeforeGMT) {
+  return FormatTime(mNotBefore, PR_GMTParameters, kTimeFormatLong,
+                    aNotBeforeGMT);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotAfter(PRTime* aNotAfter) {
+  NS_ENSURE_ARG(aNotAfter);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotAfter = mNotAfter;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotAfterLocalTime(nsAString& aNotAfterLocaltime) {
+  return FormatTime(mNotAfter, PR_LocalTimeParameters, kTimeFormatLong,
+                    aNotAfterLocaltime);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotAfterLocalDay(nsAString& aNotAfterLocalDay) {
+  return FormatTime(mNotAfter, PR_LocalTimeParameters, kTimeFormatNone,
+                    aNotAfterLocalDay);
+}
+
+NS_IMETHODIMP
+X509CertValidity::GetNotAfterGMT(nsAString& aNotAfterGMT) {
+  return FormatTime(mNotAfter, PR_GMTParameters, kTimeFormatLong, aNotAfterGMT);
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
commit	2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree	b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/manager/ssl/X509CertValidity.cpp
parent	Initial commit. (diff)
download	firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.tar.xz firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.zip