Line data    Source code

       1              : /*
       2              :  *
       3              :  *    Copyright (c) 2021 Project CHIP Authors
       4              :  *
       5              :  *    Licensed under the Apache License, Version 2.0 (the "License");
       6              :  *    you may not use this file except in compliance with the License.
       7              :  *    You may obtain a copy of the License at
       8              :  *
       9              :  *        http://www.apache.org/licenses/LICENSE-2.0
      10              :  *
      11              :  *    Unless required by applicable law or agreed to in writing, software
      12              :  *    distributed under the License is distributed on an "AS IS" BASIS,
      13              :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      14              :  *    See the License for the specific language governing permissions and
      15              :  *    limitations under the License.
      16              :  */
      17              : #pragma once
      18              : 
      19              : #include <credentials/CertificateValidityPolicy.h>
      20              : 
      21              : namespace chip {
      22              : namespace Credentials {
      23              : 
      24              : class StrictCertificateValidityPolicyExample : public CertificateValidityPolicy
      25              : {
      26              : public:
      27            2 :     ~StrictCertificateValidityPolicyExample() {}
      28              : 
      29              :     /**
      30              :      * @brief
      31              :      *
      32              :      * This certificate validity policy is strict in that it rejects all
      33              :      * certificates if any of wall clock time or last known good time show
      34              :      * them to be invalid.  This policy also rejects certificates if time
      35              :      * is unknown.
      36              :      *
      37              :      * @param cert CHIP Certificate for which we are evaluating validity
      38              :      * @param depth the depth of the certificate in the chain, where the leaf is at depth 0
      39              :      * @return CHIP_NO_ERROR if CHIPCert should accept the certificate; an appropriate CHIP_ERROR if it should be rejected
      40              :      */
      41           44 :     CHIP_ERROR ApplyCertificateValidityPolicy(const ChipCertificateData * cert, uint8_t depth,
      42              :                                               CertificateValidityResult result) override
      43              :     {
      44           44 :         switch (result)
      45              :         {
      46           33 :         case CertificateValidityResult::kValid:
      47              :         case CertificateValidityResult::kNotExpiredAtLastKnownGoodTime:
      48           33 :             return CHIP_NO_ERROR;
      49            3 :         case CertificateValidityResult::kNotYetValid:
      50            3 :             return CHIP_ERROR_CERT_NOT_VALID_YET;
      51            8 :         case CertificateValidityResult::kExpiredAtLastKnownGoodTime:
      52              :         case CertificateValidityResult::kTimeUnknown:
      53              :         case CertificateValidityResult::kExpired:
      54            8 :             return CHIP_ERROR_CERT_EXPIRED;
      55            0 :         default:
      56            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
      57              :         }
      58              :     }
      59              : };
      60              : 
      61              : } // namespace Credentials
      62              : } // namespace chip