GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable expire date checking for a CMS key's CA certificate and its root certificate.

Browse Source
This commit is contained in:
Karl-Heinz Zimmer 2002-11-03 22:12:27 +00:00
parent 2bd51ebdab
commit 443657e12f
1 changed files with 55 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
gpgmeplug/gpgmeplug.c
View File

@ -594,6 +594,24 @@ bool signatureCertificateExpiryNearWarning( void )
} }
int getAttrExpireFormKey( GpgmeKey* rKey)
{
int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
time_t expire_time = gpgme_key_get_ulong_attr(
*rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
if ( 0 != expire_time ) {
time_t cur_time = time (NULL);
if( cur_time > expire_time ) {
daysLeft = days_from_seconds(cur_time - expire_time);
daysLeft *= -1;
}
else
daysLeft = days_from_seconds(expire_time - cur_time);
}
return daysLeft;
}
int signatureCertificateDaysLeftToExpiry( const char* certificate ) int signatureCertificateDaysLeftToExpiry( const char* certificate )
{ {
GpgmeCtx ctx; GpgmeCtx ctx;
@ -609,17 +627,7 @@ int signatureCertificateDaysLeftToExpiry( const char* certificate )
err = gpgme_op_keylist_next( ctx, &rKey ); err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx ); gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) { if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr( daysLeft = getAttrExpireFormKey( &rKey );
rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
if ( 0 != expire_time ) {
time_t cur_time = time (NULL);
if( cur_time > expire_time ) {
daysLeft = days_from_seconds(cur_time - expire_time);
daysLeft *= -1;
}
else
daysLeft = days_from_seconds(expire_time - cur_time);
}
gpgme_key_release( rKey ); gpgme_key_release( rKey );
} }
} }
@ -653,18 +661,14 @@ bool caCertificateExpiryNearWarning( void )
return config.cACertificateExpiryNearWarning; return config.cACertificateExpiryNearWarning;
} }
int caCertificateDaysLeftToExpiry( const char* certificate ) int caFirstLastChainCertDaysLeftToExpiry( bool bStopAtFirst,
const char* certificate )
{ {
/* PENDING(g10)
Please return the number of days that are left until the
CA certificate for the certificate specified in the parameter
certificate expires.
*/
/*
GpgmeCtx ctx; GpgmeCtx ctx;
GpgmeError err; GpgmeError err;
GpgmeKey rKey; GpgmeKey rKey;
time_t daysLeft = 0; const char *sChainID;
int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
gpgme_new( &ctx ); gpgme_new( &ctx );
gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL ); gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
@ -674,27 +678,43 @@ int caCertificateDaysLeftToExpiry( const char* certificate )
err = gpgme_op_keylist_next( ctx, &rKey ); err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx ); gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) { if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr( // we found the key, now lets look for the CA key
rKey, while((sChainID =
gpgme_key_get_string_attr(rKey, GPGME_ATTR_CHAINID, NULL, 0))){
??????????????????????? GPGME_ATTR_EXPIRE, ??????????????????????? // start new key list run
err = gpgme_op_keylist_start(ctx, sChainID, 0);
NULL, 0 ); gpgme_key_release (rKey);
time_t cur_time = time (NULL); rKey = NULL;
daysLeft = days_from_seconds(expire_time - cur_time); if (!err)
err = gpgme_op_keylist_next (ctx, &rKey);
if (err){
fprintf( stderr, "Error finding issuer key: %s\n",
gpgme_strerror (err) );
break;
}else{
// stop this key list run
gpgme_op_keylist_end(ctx);
daysLeft = getAttrExpireFormKey( &rKey );
if( bStopAtFirst )
break; // the first key was found, let us stop here
}
}
gpgme_key_release( rKey ); gpgme_key_release( rKey );
} }
} }
gpgme_release( ctx ); gpgme_release( ctx );
// fprintf( stderr, "gpgmeplug caCertificateDaysLeftToExpiry returned %d\n", daysLeft );
return daysLeft; return daysLeft;
*/
return 10; /* dummy that triggers a warning in the MUA */
} }
int caCertificateDaysLeftToExpiry( const char* certificate )
{
// retrieve the expire time of the FIRST certificate in this chain
// (not counting the original certificate)
return caFirstLastChainCertDaysLeftToExpiry( true, certificate );
}
void setCACertificateExpiryNearInterval( int interval ) void setCACertificateExpiryNearInterval( int interval )
{ {
config.cACertificateExpiryNearInterval = interval; config.cACertificateExpiryNearInterval = interval;
@ -717,44 +737,8 @@ bool rootCertificateExpiryNearWarning( void )
int rootCertificateDaysLeftToExpiry( const char* certificate ) int rootCertificateDaysLeftToExpiry( const char* certificate )
{ {
/* PENDING(g10) // retrieve the expire time of the LAST certificate in this chain
Please return the number of days that are left until the return caFirstLastChainCertDaysLeftToExpiry( false, certificate );
root certificate for the certificate specified in the parameter
certificate expires.
*/
/*
GpgmeCtx ctx;
GpgmeError err;
GpgmeKey rKey;
time_t daysLeft = 0;
gpgme_new( &ctx );
gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
err = gpgme_op_keylist_start( ctx, certificate, 0 );
if ( GPGME_No_Error == err ) {
err = gpgme_op_keylist_next( ctx, &rKey );
gpgme_op_keylist_end( ctx );
if ( GPGME_No_Error == err ) {
time_t expire_time = gpgme_key_get_ulong_attr(
rKey,
??????????????????????? GPGME_ATTR_EXPIRE, ???????????????????????
NULL, 0 );
time_t cur_time = time (NULL);
daysLeft = days_from_seconds(expire_time - cur_time);
gpgme_key_release( rKey );
}
}
gpgme_release( ctx );
// fprintf( stderr, "gpgmeplug rootCertificateDaysLeftToExpiry returned %d\n", daysLeft );
return daysLeft;
*/
return 10; /* dummy that triggers a warning in the MUA */
} }