crypto: add isValid field to the X509Certificate API

Added the `isValid` field, which checks the certificate's validity based on the current time.

doc/api/crypto.md

@@ -2855,6 +2855,12 @@ added: v15.6.0
 
 Returns the PEM-encoded certificate.
 
+### `x509.isValid`
+
+* Type: {boolean}
+
+Returns `true` if the certificate is valid based on the current time.
+
 ### `x509.validFrom`
 
 <!-- YAML

lib/internal/crypto/x509.js

@@ -133,6 +133,7 @@ class X509Certificate {
       subjectAltName: this.subjectAltName,
       issuer: this.issuer,
       infoAccess: this.infoAccess,
+      isValid: this.isValid,
       validFrom: this.validFrom,
       validTo: this.validTo,
       fingerprint: this.fingerprint,
@@ -202,6 +203,15 @@ class X509Certificate {
     return value;
   }
 
+  get isValid() {
+    let value = this[kInternalState].get('isValid');
+    if (value === undefined) {
+      value = this[kHandle].isValid();
+      this[kInternalState].set('isValid', value);
+    }
+    return value;
+  }
+
   get validFrom() {
     let value = this[kInternalState].get('validFrom');
     if (value === undefined) {

src/crypto/crypto_common.cc

@@ -564,6 +564,18 @@ MaybeLocal<Value> GetFingerprintDigest(
   return Undefined(env->isolate());
 }
 
+MaybeLocal<Value> GetIsValid(
+  Environment* env,
+  X509* cert) {
+  const ASN1_TIME* not_before = X509_get0_notBefore(cert);
+  const ASN1_TIME* not_after = X509_get0_notAfter(cert);
+
+  int is_valid = X509_cmp_timeframe(NULL, not_before, not_after);
+
+  return Boolean::New(env->isolate(), is_valid == 0 ? true : false);
+}
+
+
 MaybeLocal<Value> GetValidTo(
     Environment* env,
     X509* cert,

src/crypto/crypto_common.h

@@ -103,6 +103,11 @@ v8::MaybeLocal<v8::Object> X509ToObject(
     Environment* env,
     X509* cert);
 
+v8::MaybeLocal<v8::Value> GetIsValid(
+  Environment* env,
+  X509* cert
+);
+
 v8::MaybeLocal<v8::Value> GetValidTo(
     Environment* env,
     X509* cert,

src/crypto/crypto_x509.cc

@@ -77,6 +77,7 @@ Local<FunctionTemplate> X509Certificate::GetConstructorTemplate(
     SetProtoMethod(isolate, tmpl, "subjectAltName", SubjectAltName);
     SetProtoMethod(isolate, tmpl, "infoAccess", InfoAccess);
     SetProtoMethod(isolate, tmpl, "issuer", Issuer);
+    SetProtoMethod(isolate, tmpl, "isValid", IsValid);
     SetProtoMethod(isolate, tmpl, "validTo", ValidTo);
     SetProtoMethod(isolate, tmpl, "validFrom", ValidFrom);
     SetProtoMethod(isolate, tmpl, "fingerprint", Fingerprint<EVP_sha1>);
@@ -249,6 +250,10 @@ static void ReturnProperty(const FunctionCallbackInfo<Value>& args) {
   if (Property(env, cert->get()).ToLocal(&ret)) args.GetReturnValue().Set(ret);
 }
 
+void X509Certificate::IsValid(const FunctionCallbackInfo<Value>& args) {
+  ReturnProperty<GetIsValid>(args);
+}
+
 void X509Certificate::KeyUsage(const FunctionCallbackInfo<Value>& args) {
   ReturnProperty<GetKeyUsage>(args);
 }

src/crypto/crypto_x509.h

@@ -77,6 +77,7 @@ class X509Certificate : public BaseObject {
   static void SubjectAltName(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void Issuer(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void InfoAccess(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void IsValid(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void ValidFrom(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void ValidTo(const v8::FunctionCallbackInfo<v8::Value>& args);
   static void KeyUsage(const v8::FunctionCallbackInfo<v8::Value>& args);

test/parallel/test-crypto-x509.js

@@ -94,6 +94,7 @@ const der = Buffer.from(
   assert.strictEqual(x509.subjectAltName, undefined);
   assert.strictEqual(x509.issuer, issuerCheck);
   assert.strictEqual(x509.infoAccess, infoAccessCheck);
+  assert.strictEqual(x509.isValid, true);
   assert.strictEqual(x509.validFrom, 'Sep  3 21:40:37 2022 GMT');
   assert.strictEqual(x509.validTo, 'Jun 17 21:40:37 2296 GMT');
   assert.strictEqual(