Test for expiry one week before it happens
authorEdouard Tisserant
Wed, 01 Jun 2016 02:12:57 +0200
changeset 701331a6b3aaeab
parent 700 5d543921a9c6
child 702 3d4c85291dea
Test for expiry one week before it happens
src/cryptotech.h
src/keymanagement.c
src/pEpEngine.c
src/pEpEngine.h
src/pgp_gpg.c
src/pgp_gpg.h
src/pgp_netpgp.c
     1.1 --- a/src/cryptotech.h	Mon May 30 20:11:41 2016 +0200
     1.2 +++ b/src/cryptotech.h	Wed Jun 01 02:12:57 2016 +0200
     1.3 @@ -61,7 +61,7 @@
     1.4          const char *reason);
     1.5  
     1.6  typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
     1.7 -        bool *expired);
     1.8 +        const time_t when, bool *expired);
     1.9  
    1.10  typedef PEP_STATUS (*key_revoked_t)(PEP_SESSION session, const char *fpr,
    1.11                                      bool *revoked);
     2.1 --- a/src/keymanagement.c	Mon May 30 20:11:41 2016 +0200
     2.2 +++ b/src/keymanagement.c	Wed Jun 01 02:12:57 2016 +0200
     2.3 @@ -412,7 +412,10 @@
     2.4      else
     2.5      {
     2.6          bool expired;
     2.7 -        status = key_expired(session, identity->fpr, &expired);
     2.8 +        status = key_expired(session, identity->fpr, 
     2.9 +                             time(NULL) + (7*24*3600), // In a week
    2.10 +                             &expired);
    2.11 +
    2.12          assert(status == PEP_STATUS_OK);
    2.13          if (status != PEP_STATUS_OK) {
    2.14              return status;
     3.1 --- a/src/pEpEngine.c	Mon May 30 20:11:41 2016 +0200
     3.2 +++ b/src/pEpEngine.c	Wed Jun 01 02:12:57 2016 +0200
     3.3 @@ -1205,6 +1205,7 @@
     3.4  DYNAMIC_API PEP_STATUS key_expired(
     3.5          PEP_SESSION session,
     3.6          const char *fpr,
     3.7 +        const time_t when,
     3.8          bool *expired
     3.9      )
    3.10  {
    3.11 @@ -1216,7 +1217,7 @@
    3.12          return PEP_ILLEGAL_VALUE;
    3.13  
    3.14      return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
    3.15 -            expired);
    3.16 +            when, expired);
    3.17  }
    3.18  
    3.19  DYNAMIC_API PEP_STATUS key_revoked(
     4.1 --- a/src/pEpEngine.h	Mon May 30 20:11:41 2016 +0200
     4.2 +++ b/src/pEpEngine.h	Wed Jun 01 02:12:57 2016 +0200
     4.3 @@ -706,11 +706,13 @@
     4.4  //  parameters:
     4.5  //      session (in)            session handle
     4.6  //      fpr (in)                ID of key to check as UTF-8 string
     4.7 +//      when (in)               UTC time of when should expiry be considered
     4.8  //      expired (out)           flag if key expired
     4.9  
    4.10  DYNAMIC_API PEP_STATUS key_expired(
    4.11          PEP_SESSION session,
    4.12          const char *fpr,
    4.13 +        const time_t when,
    4.14          bool *expired
    4.15      );
    4.16  
     5.1 --- a/src/pgp_gpg.c	Mon May 30 20:11:41 2016 +0200
     5.2 +++ b/src/pgp_gpg.c	Wed Jun 01 02:12:57 2016 +0200
     5.3 @@ -1783,6 +1783,7 @@
     5.4  PEP_STATUS pgp_key_expired(
     5.5          PEP_SESSION session,
     5.6          const char *fpr,
     5.7 +        const time_t when,
     5.8          bool *expired
     5.9      )
    5.10  {
    5.11 @@ -1799,9 +1800,34 @@
    5.12      if (status != PEP_STATUS_OK)
    5.13          return status;
    5.14  
    5.15 -    if (key && key->subkeys)
    5.16 +    if ((key && key->expired) ||
    5.17 +        (key && key->subkeys && key->subkeys->expired))
    5.18      {
    5.19 -        *expired = key->subkeys->expired;
    5.20 +        // Already marked expired
    5.21 +        *expired = 1;
    5.22 +    }
    5.23 +    else if (key)
    5.24 +    {
    5.25 +        // Detect if will be expired
    5.26 +        // i.e. Check that keys capabilities will
    5.27 +        // not be expired at given time.
    5.28 +        gpgme_subkey_t _sk;
    5.29 +        bool crt_available = false;
    5.30 +        bool sgn_available = false;
    5.31 +        bool enc_available = false;
    5.32 +        for (_sk = key->subkeys; _sk; _sk = _sk->next) {
    5.33 +            if (_sk->expires > when) // not expired at that date ?
    5.34 +            {
    5.35 +                if (_sk->can_certify) crt_available = true;
    5.36 +                if (_sk->can_sign) sgn_available = true;
    5.37 +                if (_sk->can_encrypt) enc_available = true;
    5.38 +                // Authenticate is not used here.
    5.39 +            }
    5.40 +        }
    5.41 +        if(!(crt_available && sgn_available && enc_available))
    5.42 +        {
    5.43 +            *expired = 1;
    5.44 +        }
    5.45      }
    5.46      else
    5.47      {
     6.1 --- a/src/pgp_gpg.h	Mon May 30 20:11:41 2016 +0200
     6.2 +++ b/src/pgp_gpg.h	Wed Jun 01 02:12:57 2016 +0200
     6.3 @@ -61,6 +61,7 @@
     6.4  PEP_STATUS pgp_key_expired(
     6.5          PEP_SESSION session,
     6.6          const char *fpr,
     6.7 +        const time_t when,
     6.8          bool *expired
     6.9      );
    6.10  
     7.1 --- a/src/pgp_netpgp.c	Mon May 30 20:11:41 2016 +0200
     7.2 +++ b/src/pgp_netpgp.c	Wed Jun 01 02:12:57 2016 +0200
     7.3 @@ -1597,6 +1597,7 @@
     7.4  PEP_STATUS pgp_key_expired(
     7.5          PEP_SESSION session,
     7.6          const char *fprstr,
     7.7 +        const time_t when,
     7.8          bool *expired
     7.9      )
    7.10  {
    7.11 @@ -1610,6 +1611,7 @@
    7.12      if (!session || !fprstr || !expired)
    7.13          return PEP_UNKNOWN_ERROR;
    7.14  
    7.15 +    // TODO : take "when" in account 
    7.16  
    7.17      *expired = false;
    7.18