Bug 1067565 - Built-in pins expire decades later. r=keeler a=lmandel
authorCamilo Viecco <cviecco@mozilla.com>
Tue, 16 Sep 2014 15:20:31 -0700
changeset 217584 e20869e87e232ced4b325d20371e61f9cc1bbe28
parent 217583 fe591acbe83b8a4464edd27b532cbb52a8bc3f0c
child 217585 6ef049f8285ba545fd92d3bf14cf39d612bd93c3
push id6862
push usercviecco@mozilla.com
push dateTue, 16 Sep 2014 22:21:20 +0000
treeherdermozilla-aurora@e20869e87e23 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, lmandel
bugs1067565
milestone34.0a2
Bug 1067565 - Built-in pins expire decades later. r=keeler a=lmandel
security/manager/boot/src/PublicKeyPinningService.cpp
security/pkix/include/pkix/Time.h
security/pkix/lib/pkixtime.cpp
--- a/security/manager/boot/src/PublicKeyPinningService.cpp
+++ b/security/manager/boot/src/PublicKeyPinningService.cpp
@@ -291,16 +291,17 @@ bool
 PublicKeyPinningService::ChainHasValidPins(const CERTCertList* certList,
                                            const char* hostname,
                                            mozilla::pkix::Time time,
                                            bool enforceTestMode)
 {
   if (!certList) {
     return false;
   }
-  if (time > TimeFromElapsedSecondsAD(kPreloadPKPinsExpirationTime)) {
+  if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
+                                    PR_USEC_PER_SEC)) {
     return true;
   }
   if (!hostname || hostname[0] == 0) {
     return CheckChainAgainstAllNames(certList, enforceTestMode);
   }
   return CheckPinsForHostname(certList, hostname, enforceTestMode);
 }
--- a/security/pkix/include/pkix/Time.h
+++ b/security/pkix/include/pkix/Time.h
@@ -113,11 +113,14 @@ private:
 
 inline Time TimeFromElapsedSecondsAD(uint64_t elapsedSecondsAD)
 {
   return Time(elapsedSecondsAD);
 }
 
 Time Now();
 
+// Note the epoch is the unix epoch (ie 00:00:00 UTC, 1 January 1970)
+Time TimeFromEpochInSeconds(uint64_t secondsSinceEpoch);
+
 } } // namespace mozilla::pkix
 
 #endif // mozilla_pkix__Time_h
--- a/security/pkix/lib/pkixtime.cpp
+++ b/security/pkix/lib/pkixtime.cpp
@@ -54,9 +54,17 @@ Now()
   timeval tv;
   (void) gettimeofday(&tv, nullptr);
   seconds = (DaysBeforeYear(1970) * Time::ONE_DAY_IN_SECONDS) + tv.tv_sec;
 #endif
 
   return TimeFromElapsedSecondsAD(seconds);
 }
 
+Time
+TimeFromEpochInSeconds(uint64_t secondsSinceEpoch)
+{
+  uint64_t seconds = (DaysBeforeYear(1970) * Time::ONE_DAY_IN_SECONDS) +
+                     secondsSinceEpoch;
+  return TimeFromElapsedSecondsAD(seconds);
+}
+
 } } // namespace mozilla::pkix