[PKI library] Expose the ReadTime function from parse_certificate as ReadUTCOrGeneralizedTime

The "Time" ASN.1 structure from RFC 5280 is used in CRL processing as well. Rename the function to ReadUTCOrGeneralizedTime since ReadTime seems a little too ambiguous for a public function name. Bug: 749276 Change-Id: Ia8703cf8c937c96680a6dad3e7650e23fb239470 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1628392 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#664530}

[PKI library] Expose the ReadTime function from parse_certificate as ReadUTCOrGeneralizedTime
The "Time" ASN.1 structure from RFC 5280 is used in CRL processing as well. Rename the function to ReadUTCOrGeneralizedTime since ReadTime seems a little too ambiguous for a public function name. Bug: 749276 Change-Id: Ia8703cf8c937c96680a6dad3e7650e23fb239470 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1628392 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#664530}
9957e588 · Matt Mueller · Commit Bot · b9f70685 · 9957e588 · 9957e588
Commit 9957e588 authored May 29, 2019 by Matt Mueller Committed by Commit Bot May 29, 2019
Show whitespace changes
Inline Side-by-side

Showing with 36 additions and 29 deletions

net/cert/internal/parse_certificate.cc net/cert/internal/parse_certificate.cc +19 -29

net/cert/internal/parse_certificate.h net/cert/internal/parse_certificate.h +17 -0

No files found.
--- a/net/cert/internal/parse_certificate.cc
+++ b/net/cert/internal/parse_certificate.cc
@@ -124,33 +124,6 @@ WARN_UNUSED_RESULT bool ParseVersion(const der::Input& in,
  return !parser.HasMore();
 }

-// Consumes a "Time" value (as defined by RFC 5280) from |parser|. On success
-// writes the result to |*out| and returns true. On failure no guarantees are
-// made about the state of |parser|.
-//
-// From RFC 5280:
-//
-//     Time ::= CHOICE {
-//          utcTime        UTCTime,
-//          generalTime    GeneralizedTime }
-WARN_UNUSED_RESULT bool ReadTime(der::Parser* parser,
-                                 der::GeneralizedTime* out) {
-  der::Input value;
-  der::Tag tag;
-
-  if (!parser->ReadTagAndValue(&tag, &value))
-    return false;
-
-  if (tag == der::kUtcTime)
-    return der::ParseUTCTime(value, out);
-
-  if (tag == der::kGeneralizedTime)
-    return der::ParseGeneralizedTime(value, out);
-
-  // Unrecognized tag.
-  return false;
-}
-
 // Parses a DER-encoded "Validity" as specified by RFC 5280. Returns true on
 // success and sets the results in |not_before| and |not_after|:
 //
@@ -170,11 +143,11 @@ bool ParseValidity(const der::Input& validity_tlv,
    return false;

  //          notBefore      Time,
-  if (!ReadTime(&validity_parser, not_before))
+  if (!ReadUTCOrGeneralizedTime(&validity_parser, not_before))
    return false;

  //          notAfter       Time }
-  if (!ReadTime(&validity_parser, not_after))
+  if (!ReadUTCOrGeneralizedTime(&validity_parser, not_after))
    return false;

  // By definition the input was a single Validity sequence, so there shouldn't
@@ -353,6 +326,23 @@ bool VerifySerialNumber(const der::Input& value,
  return true;
 }

+bool ReadUTCOrGeneralizedTime(der::Parser* parser, der::GeneralizedTime* out) {
+  der::Input value;
+  der::Tag tag;
+
+  if (!parser->ReadTagAndValue(&tag, &value))
+    return false;
+
+  if (tag == der::kUtcTime)
+    return der::ParseUTCTime(value, out);
+
+  if (tag == der::kGeneralizedTime)
+    return der::ParseGeneralizedTime(value, out);
+
+  // Unrecognized tag.
+  return false;
+}
+
 bool ParseCertificate(const der::Input& certificate_tlv,
                      der::Input* out_tbs_certificate_tlv,
                      der::Input* out_signature_algorithm_tlv,

--- a/net/cert/internal/parse_certificate.h
+++ b/net/cert/internal/parse_certificate.h
@@ -18,6 +18,10 @@

 namespace net {

+namespace der {
+class Parser;
+}
+
 class CertErrors;
 struct ParsedTbsCertificate;

@@ -54,6 +58,19 @@ NET_EXPORT bool VerifySerialNumber(const der::Input& value,
                                   bool warnings_only,
                                   CertErrors* errors) WARN_UNUSED_RESULT;

+// Consumes a "Time" value (as defined by RFC 5280) from |parser|. On success
+// writes the result to |*out| and returns true. On failure no guarantees are
+// made about the state of |parser|.
+//
+// From RFC 5280:
+//
+//     Time ::= CHOICE {
+//          utcTime        UTCTime,
+//          generalTime    GeneralizedTime }
+NET_EXPORT bool ReadUTCOrGeneralizedTime(der::Parser* parser,
+                                         der::GeneralizedTime* out)
+    WARN_UNUSED_RESULT;
+
 struct NET_EXPORT ParseCertificateOptions {
  // If set to true, then parsing will skip checks on the certificate's serial
  // number. The only requirement will be that the serial number is an INTEGER,