From 9a5809be580c1a12864d751a710f6783363d3de7 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Sun, 1 Dec 2019 23:13:25 +0100
Subject: Check that KDM validity periods are safely within the validity
 periods of the signing certificate chain.

This does cause problems when you try to create a KDM for a certificate
you just made (due to the fact that certificates always have a start-valid
time of "now") but hopefully this can be fixed up in another commit.
---
 src/exceptions.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src/exceptions.cc')

diff --git a/src/exceptions.cc b/src/exceptions.cc
index 0b8978dc..19422090 100644
--- a/src/exceptions.cc
+++ b/src/exceptions.cc
@@ -138,3 +138,14 @@ EmptyAssetPathError::EmptyAssetPathError (string id)
 {
 
 }
+
+BadKDMDateError::BadKDMDateError (bool starts_too_early)
+	: runtime_error (
+		starts_too_early ?
+		"KDM validity period starts before or close to the start of the signing certificate validity period" :
+		"KDM validity ends after or close to the end of the signing certificate's validity period"
+		)
+	, _starts_too_early (starts_too_early)
+{
+
+}
-- 
cgit v1.2.3