Add Certificate::not_{before,after}v1.6.20v1.6.xadd-validity

2 files changed, 49 insertions, 0 deletions

diff --git a/src/certificate.cc b/src/certificate.cc
index a83d800d..77eb623d 100644
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -441,3 +441,50 @@ dcp::operator<< (ostream& s, Certificate const & c)
 	s << c.certificate();
 	return s;
 }
+
+
+static
+struct tm
+convert_time (ASN1_TIME const * time)
+{
+	struct tm t;
+	char const * s = (char const *) time->data;
+
+	if (time->type == V_ASN1_UTCTIME) {
+		sscanf(s, "%2d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+		if (t.tm_year < 70) {
+			t.tm_year += 100;
+		}
+	} else if (time->type == V_ASN1_GENERALIZEDTIME) {
+		sscanf(s, "%4d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+		t.tm_year -= 1900;
+	}
+
+	t.tm_mon--;
+
+	return t;
+}
+
+
+struct tm
+Certificate::not_before () const
+{
+	DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+	return convert_time(X509_get0_notBefore(_certificate));
+#else
+	return convert_time(X509_get_notBefore(_certificate));
+#endif
+}
+
+
+struct tm
+Certificate::not_after () const
+{
+	DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+	return convert_time(X509_get0_notAfter(_certificate));
+#else
+	return convert_time(X509_get_notAfter(_certificate));
+#endif
+}
diff --git a/src/certificate.h b/src/certificate.h
index 0d333f1e..4be673cc 100644
--- a/src/certificate.h
+++ b/src/certificate.h
@@ -81,6 +81,8 @@ public:
 	std::string subject_common_name () const;
 	std::string subject_organization_name () const;
 	std::string subject_organizational_unit_name () const;
+	struct tm not_before () const;
+	struct tm not_after () const;
 
 	X509* x509 () const {
 		return _certificate;