OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 | 6 |
7 #include "base/sha1.h" | 7 #include "base/sha1.h" |
8 #include "crypto/sha2.h" | 8 #include "crypto/sha2.h" |
9 #include "net/cert/internal/parse_ocsp.h" | 9 #include "net/cert/internal/parse_ocsp.h" |
10 | 10 |
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
522 } | 522 } |
523 } | 523 } |
524 } | 524 } |
525 | 525 |
526 if (!found) | 526 if (!found) |
527 out->status = OCSPCertStatus::Status::UNKNOWN; | 527 out->status = OCSPCertStatus::Status::UNKNOWN; |
528 | 528 |
529 return found; | 529 return found; |
530 } | 530 } |
531 | 531 |
| 532 bool CheckOCSPDateValid(const OCSPSingleResponse& response, |
| 533 const base::Time& verify_time, |
| 534 const base::TimeDelta& max_age) { |
| 535 if (response.has_next_update && |
| 536 (response.next_update <= response.this_update)) { |
| 537 return false; |
| 538 } |
| 539 |
| 540 // Place |verify_time| in the bounds. |
| 541 der::GeneralizedTime verify_time_der = der::ConvertBaseUTCTime(verify_time); |
| 542 if (response.this_update > verify_time_der) { |
| 543 return false; |
| 544 } |
| 545 if (response.has_next_update && (response.next_update <= verify_time_der)) { |
| 546 return false; |
| 547 } |
| 548 |
| 549 // Enforce |max_age|. |
| 550 der::GeneralizedTime lower_bound = |
| 551 der::ConvertBaseUTCTime(verify_time - max_age); |
| 552 if (response.this_update < lower_bound) { |
| 553 return false; |
| 554 } |
| 555 return true; |
| 556 } |
| 557 |
532 } // namespace net | 558 } // namespace net |
OLD | NEW |