Enable expire date checking for a CMS key's CA certificate and its root certificate.

This commit is contained in:
Karl-Heinz Zimmer 2002-11-03 22:12:27 +00:00
parent 2bd51ebdab
commit 443657e12f

View File

@ -594,6 +594,24 @@ bool signatureCertificateExpiryNearWarning( void )
}
int getAttrExpireFormKey( GpgmeKey* rKey)
{
int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
time_t expire_time = gpgme_key_get_ulong_attr(
*rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
if ( 0 != expire_time ) {
time_t cur_time = time (NULL);
if( cur_time > expire_time ) {
daysLeft = days_from_seconds(cur_time - expire_time);
daysLeft *= -1;
}
else
daysLeft = days_from_seconds(expire_time - cur_time);
}
return daysLeft;
}
int signatureCertificateDaysLeftToExpiry( const char* certificate )
{
GpgmeCtx ctx;
@ -609,17 +627,7 @@ int signatureCertificateDaysLeftToExpiry( const char* certificate )
err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr(
rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
if ( 0 != expire_time ) {
time_t cur_time = time (NULL);
if( cur_time > expire_time ) {
daysLeft = days_from_seconds(cur_time - expire_time);
daysLeft *= -1;
}
else
daysLeft = days_from_seconds(expire_time - cur_time);
}
daysLeft = getAttrExpireFormKey( &rKey );
gpgme_key_release( rKey );
}
}
@ -653,18 +661,14 @@ bool caCertificateExpiryNearWarning( void )
return config.cACertificateExpiryNearWarning;
}
int caCertificateDaysLeftToExpiry( const char* certificate )
int caFirstLastChainCertDaysLeftToExpiry( bool bStopAtFirst,
const char* certificate )
{
/* PENDING(g10)
Please return the number of days that are left until the
CA certificate for the certificate specified in the parameter
certificate expires.
*/
/*
GpgmeCtx ctx;
GpgmeError err;
GpgmeKey rKey;
time_t daysLeft = 0;
const char *sChainID;
int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
gpgme_new( &ctx );
gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
@ -674,27 +678,43 @@ int caCertificateDaysLeftToExpiry( const char* certificate )
err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr(
rKey,
??????????????????????? GPGME_ATTR_EXPIRE, ???????????????????????
NULL, 0 );
time_t cur_time = time (NULL);
daysLeft = days_from_seconds(expire_time - cur_time);
// we found the key, now lets look for the CA key
while((sChainID =
gpgme_key_get_string_attr(rKey, GPGME_ATTR_CHAINID, NULL, 0))){
// start new key list run
err = gpgme_op_keylist_start(ctx, sChainID, 0);
gpgme_key_release (rKey);
rKey = NULL;
if (!err)
err = gpgme_op_keylist_next (ctx, &rKey);
if (err){
fprintf( stderr, "Error finding issuer key: %s\n",
gpgme_strerror (err) );
break;
}else{
// stop this key list run
gpgme_op_keylist_end(ctx);
daysLeft = getAttrExpireFormKey( &rKey );
if( bStopAtFirst )
break; // the first key was found, let us stop here
}
}
gpgme_key_release( rKey );
}
}
gpgme_release( ctx );
// fprintf( stderr, "gpgmeplug caCertificateDaysLeftToExpiry returned %d\n", daysLeft );
return daysLeft;
*/
return 10; /* dummy that triggers a warning in the MUA */
}
int caCertificateDaysLeftToExpiry( const char* certificate )
{
// retrieve the expire time of the FIRST certificate in this chain
// (not counting the original certificate)
return caFirstLastChainCertDaysLeftToExpiry( true, certificate );
}
void setCACertificateExpiryNearInterval( int interval )
{
config.cACertificateExpiryNearInterval = interval;
@ -717,44 +737,8 @@ bool rootCertificateExpiryNearWarning( void )
int rootCertificateDaysLeftToExpiry( const char* certificate )
{
/* PENDING(g10)
Please return the number of days that are left until the
root certificate for the certificate specified in the parameter
certificate expires.
*/
/*
GpgmeCtx ctx;
GpgmeError err;
GpgmeKey rKey;
time_t daysLeft = 0;
gpgme_new( &ctx );
gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
err = gpgme_op_keylist_start( ctx, certificate, 0 );
if ( GPGME_No_Error == err ) {
err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr(
rKey,
??????????????????????? GPGME_ATTR_EXPIRE, ???????????????????????
NULL, 0 );
time_t cur_time = time (NULL);
daysLeft = days_from_seconds(expire_time - cur_time);
gpgme_key_release( rKey );
}
}
gpgme_release( ctx );
// fprintf( stderr, "gpgmeplug rootCertificateDaysLeftToExpiry returned %d\n", daysLeft );
return daysLeft;
*/
return 10; /* dummy that triggers a warning in the MUA */
// retrieve the expire time of the LAST certificate in this chain
return caFirstLastChainCertDaysLeftToExpiry( false, certificate );
}