Line data    Source code

       1              : /*
       2              :  *
       3              :  *    Copyright (c) 2021 Project CHIP Authors
       4              :  *
       5              :  *    Licensed under the Apache License, Version 2.0 (the "License");
       6              :  *    you may not use this file except in compliance with the License.
       7              :  *    You may obtain a copy of the License at
       8              :  *
       9              :  *        http://www.apache.org/licenses/LICENSE-2.0
      10              :  *
      11              :  *    Unless required by applicable law or agreed to in writing, software
      12              :  *    distributed under the License is distributed on an "AS IS" BASIS,
      13              :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      14              :  *    See the License for the specific language governing permissions and
      15              :  *    limitations under the License.
      16              :  */
      17              : #pragma once
      18              : 
      19              : #include <credentials/CertificateValidityPolicy.h>
      20              : 
      21              : namespace chip {
      22              : namespace Credentials {
      23              : 
      24              : class LastKnownGoodTimeCertificateValidityPolicyExample : public CertificateValidityPolicy
      25              : {
      26              : public:
      27            2 :     ~LastKnownGoodTimeCertificateValidityPolicyExample() {}
      28              : 
      29              :     /**
      30              :      * @brief
      31              :      *
      32              :      * This certificate validity policy will validate NotBefore / NotAfter if
      33              :      * current time is known and also validates NotAfter if only Last Known
      34              :      * Good Time is known.
      35              :      *
      36              :      * This provides an example for enforcing certificate expiration on nodes
      37              :      * where no current time source is available.
      38              :      *
      39              :      * @param cert CHIP Certificate for which we are evaluating validity
      40              :      * @param depth the depth of the certificate in the chain, where the leaf is at depth 0
      41              :      * @return CHIP_NO_ERROR if CHIPCert should accept the certificate; an appropriate CHIP_ERROR if it should be rejected
      42              :      */
      43           42 :     CHIP_ERROR ApplyCertificateValidityPolicy(const ChipCertificateData * cert, uint8_t depth,
      44              :                                               CertificateValidityResult result) override
      45              :     {
      46           42 :         switch (result)
      47              :         {
      48           33 :         case CertificateValidityResult::kValid:
      49              :         case CertificateValidityResult::kNotExpiredAtLastKnownGoodTime:
      50              :         case CertificateValidityResult::kTimeUnknown:
      51           33 :             return CHIP_NO_ERROR;
      52            3 :         case CertificateValidityResult::kNotYetValid:
      53            3 :             return CHIP_ERROR_CERT_NOT_VALID_YET;
      54            6 :         case CertificateValidityResult::kExpired:
      55              :         case CertificateValidityResult::kExpiredAtLastKnownGoodTime:
      56            6 :             return CHIP_ERROR_CERT_EXPIRED;
      57            0 :         default:
      58            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
      59              :         }
      60              :     }
      61              : };
      62              : 
      63              : } // namespace Credentials
      64              : } // namespace chip