1 // Copyright 2019 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BSSL_PKI_REVOCATION_UTIL_H_ 6 #define BSSL_PKI_REVOCATION_UTIL_H_ 7 8 #include <cstdint> 9 #include <optional> 10 11 #include <openssl/base.h> 12 13 namespace bssl { 14 15 namespace der { 16 struct GeneralizedTime; 17 } 18 19 // Returns true if a revocation status with |this_update| field and potentially 20 // a |next_update| field, is valid at POSIX time |verify_time_epoch_seconds| and 21 // not older than |max_age_seconds| seconds, if specified. Expressed 22 // differently, returns true if |this_update <= verify_time < next_update|, and 23 // |this_update >= verify_time - max_age|. 24 [[nodiscard]] OPENSSL_EXPORT bool CheckRevocationDateValid( 25 const der::GeneralizedTime &this_update, 26 const der::GeneralizedTime *next_update, int64_t verify_time_epoch_seconds, 27 std::optional<int64_t> max_age_seconds); 28 29 } // namespace bssl 30 31 #endif // BSSL_PKI_REVOCATION_UTIL_H_ 32