From c36d730c66a4b2fda71a24b2c0de97e8260ca30a Mon Sep 17 00:00:00 2001 From: ioanbogdan Date: Mon, 23 Oct 2023 11:14:43 +0300 Subject: [PATCH] Latest valid retrieval fix Signed-off-by: ioanbogdan --- include/x509_wrapper.hpp | 7 ++++++- lib/x509_wrapper.cpp | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/include/x509_wrapper.hpp b/include/x509_wrapper.hpp index 915247d..b6437b7 100644 --- a/include/x509_wrapper.hpp +++ b/include/x509_wrapper.hpp @@ -106,9 +106,14 @@ class X509Wrapper { /// @return std::string get_export_string() const; - /// @brief If the certificate is within the validity date + /// @brief If the certificate is within the validity date. Can return false in 2 cases, + /// if it is expired (current date > valid_to) or if (current data < valid_in), that is + /// we are not in force yet bool is_valid() const; + /// @brief If the certificate has expired + bool is_expired() const; + public: X509Wrapper& operator=(X509Wrapper&& other) = default; diff --git a/lib/x509_wrapper.cpp b/lib/x509_wrapper.cpp index fcde47e..9831d95 100644 --- a/lib/x509_wrapper.cpp +++ b/lib/x509_wrapper.cpp @@ -103,7 +103,7 @@ void X509Wrapper::update_validity() { ASN1_TIME* notAfter = X509_get_notAfter(get()); int day, sec; - ASN1_TIME_diff(&day, &sec, notBefore, nullptr); + ASN1_TIME_diff(&day, &sec, nullptr, notBefore); valid_in = std::chrono::duration_cast(ossl_days_to_seconds(day)).count() + sec; // Convert days to seconds ASN1_TIME_diff(&day, &sec, nullptr, notAfter); @@ -125,7 +125,12 @@ int X509Wrapper::get_valid_to() const { } bool X509Wrapper::is_valid() const { - return (get_valid_in() >= 0); + // The valid_in must be in the past and the valid_to must be in the future + return (get_valid_in() <= 0) && (get_valid_to() >= 0); +} + +bool X509Wrapper::is_expired() const { + return (get_valid_to() >= 0); } std::optional X509Wrapper::get_file() const {