Previously we validated Certitifcate.endOfValidity by using current time, but that's not really right approach because we might validate old file signed with old certificate which now is expired but wasn't expired when that file was created.
So this PR implements validating Certitifcate.endOfValidity time against newest (biggest) time we encounter present in file. This way we can see if file doesn't contain any data signed with old/expired certificate. For example signed file where any time is after certificate's endOfValidity will fail validation.
Previously we validated
Certitifcate.endOfValidity
by using current time, but that's not really right approach because we might validate old file signed with old certificate which now is expired but wasn't expired when that file was created.So this PR implements validating
Certitifcate.endOfValidity
time against newest (biggest) time we encounter present in file. This way we can see if file doesn't contain any data signed with old/expired certificate. For example signed file where any time is after certificate'sendOfValidity
will fail validation.