1 // Copyright 2019 The Chromium Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef BSSL_PKI_REVOCATION_UTIL_H_ 16 #define BSSL_PKI_REVOCATION_UTIL_H_ 17 18 #include <cstdint> 19 #include <optional> 20 21 #include <openssl/base.h> 22 23 BSSL_NAMESPACE_BEGIN 24 25 namespace der { 26 struct GeneralizedTime; 27 } 28 29 // Returns true if a revocation status with |this_update| field and potentially 30 // a |next_update| field, is valid at POSIX time |verify_time_epoch_seconds| and 31 // not older than |max_age_seconds| seconds, if specified. Expressed 32 // differently, returns true if |this_update <= verify_time < next_update|, and 33 // |this_update >= verify_time - max_age|. 34 [[nodiscard]] OPENSSL_EXPORT bool CheckRevocationDateValid( 35 const der::GeneralizedTime &this_update, 36 const der::GeneralizedTime *next_update, int64_t verify_time_epoch_seconds, 37 std::optional<int64_t> max_age_seconds); 38 39 BSSL_NAMESPACE_END 40 41 #endif // BSSL_PKI_REVOCATION_UTIL_H_ 42