// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "revocation_util.h"

#include "encode_values.h"
#include "parse_values.h"

BSSL_NAMESPACE_BEGIN

namespace {

constexpr int64_t kMinValidTime = -62167219200;  // 0000-01-01 00:00:00 UTC
constexpr int64_t kMaxValidTime = 253402300799;  // 9999-12-31 23:59:59 UTC

}  // namespace

bool CheckRevocationDateValid(const der::GeneralizedTime &this_update,
                              const der::GeneralizedTime *next_update,
                              int64_t verify_time_epoch_seconds,
                              std::optional<int64_t> max_age_seconds) {
  if (verify_time_epoch_seconds > kMaxValidTime ||
      verify_time_epoch_seconds < kMinValidTime ||
      (max_age_seconds.has_value() &&
       (max_age_seconds.value() > kMaxValidTime ||
        max_age_seconds.value() < 0))) {
    return false;
  }
  der::GeneralizedTime verify_time;
  if (!der::EncodePosixTimeAsGeneralizedTime(verify_time_epoch_seconds,
                                             &verify_time)) {
    return false;
  }

  if (this_update > verify_time) {
    return false;  // Response is not yet valid.
  }

  if (next_update && (*next_update <= verify_time)) {
    return false;  // Response is no longer valid.
  }

  if (max_age_seconds.has_value()) {
    der::GeneralizedTime earliest_this_update;
    if (!der::EncodePosixTimeAsGeneralizedTime(
            verify_time_epoch_seconds - max_age_seconds.value(),
            &earliest_this_update)) {
      return false;
    }
    if (this_update < earliest_this_update) {
      return false;  // Response is too old.
    }
  }

  return true;
}

BSSL_NAMESPACE_END