本文整理汇总了C++中TrustDomain::CheckValidityIsAcceptable方法的典型用法代码示例。如果您正苦于以下问题:C++ TrustDomain::CheckValidityIsAcceptable方法的具体用法?C++ TrustDomain::CheckValidityIsAcceptable怎么用?C++ TrustDomain::CheckValidityIsAcceptable使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类TrustDomain的用法示例。
在下文中一共展示了TrustDomain::CheckValidityIsAcceptable方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: spki
//.........这里部分代码省略.........
case TrustLevel::TrustAnchor:
// We don't even bother checking signatureAlgorithm or signature for
// syntactic validity for trust anchors, because we don't use those
// fields for anything, and because the trust anchor might be signed
// with a signature algorithm we don't actually support.
break;
case TrustLevel::ActivelyDistrusted:
return Result::ERROR_UNTRUSTED_CERT;
}
// Check the SPKI early, because it is one of the most selective properties
// of the certificate due to SHA-1 deprecation and the deprecation of
// certificates with keys weaker than RSA 2048.
Reader spki(cert.GetSubjectPublicKeyInfo());
rv = der::Nested(spki, der::SEQUENCE, [&](Reader& r) {
return CheckSubjectPublicKeyInfo(r, trustDomain, endEntityOrCA);
});
if (rv != Success) {
return rv;
}
rv = der::End(spki);
if (rv != Success) {
return rv;
}
// 4.2.1.1. Authority Key Identifier is ignored (see bug 965136).
// 4.2.1.2. Subject Key Identifier is ignored (see bug 965136).
// 4.2.1.3. Key Usage
rv = CheckKeyUsage(endEntityOrCA, cert.GetKeyUsage(),
requiredKeyUsageIfPresent);
if (rv != Success) {
return rv;
}
// 4.2.1.4. Certificate Policies
rv = CheckCertificatePolicies(endEntityOrCA, cert.GetCertificatePolicies(),
cert.GetInhibitAnyPolicy(), trustLevel,
requiredPolicy);
if (rv != Success) {
return rv;
}
// 4.2.1.5. Policy Mappings are not supported; see the documentation about
// policy enforcement in pkix.h.
// 4.2.1.6. Subject Alternative Name dealt with during name constraint
// checking and during name verification (CERT_VerifyCertName).
// 4.2.1.7. Issuer Alternative Name is not something that needs checking.
// 4.2.1.8. Subject Directory Attributes is not something that needs
// checking.
// 4.2.1.9. Basic Constraints.
rv = CheckBasicConstraints(endEntityOrCA, cert.GetBasicConstraints(),
cert.GetVersion(), trustLevel, subCACount);
if (rv != Success) {
return rv;
}
// 4.2.1.10. Name Constraints is dealt with in during path building.
// 4.2.1.11. Policy Constraints are implicitly supported; see the
// documentation about policy enforcement in pkix.h.
// 4.2.1.12. Extended Key Usage
rv = CheckExtendedKeyUsage(endEntityOrCA, cert.GetExtKeyUsage(),
requiredEKUIfPresent);
if (rv != Success) {
return rv;
}
// 4.2.1.13. CRL Distribution Points is not supported, though the
// TrustDomain's CheckRevocation method may parse it and process it
// on its own.
// 4.2.1.14. Inhibit anyPolicy is implicitly supported; see the documentation
// about policy enforcement in pkix.h.
// IMPORTANT: This check must come after the other checks in order for error
// ranking to work correctly.
Time notBefore(Time::uninitialized);
Time notAfter(Time::uninitialized);
rv = CheckValidity(cert.GetValidity(), time, ¬Before, ¬After);
if (rv != Success) {
return rv;
}
rv = trustDomain.CheckValidityIsAcceptable(notBefore, notAfter, endEntityOrCA,
requiredEKUIfPresent);
if (rv != Success) {
return rv;
}
return Success;
}