3 files changed, 49 insertions, 3 deletions

diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp
index 75ebeb04..5036a9b9 100644
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -38,6 +38,7 @@
 
 #include "qgpgmesignkeyjob.h"
 
+#include <QDate>
 #include <QString>
 
 #include "dataprovider.h"
@@ -46,6 +47,8 @@
 #include "data.h"
 #include "gpgsignkeyeditinteractor.h"
 
+#include "qgpgme_debug.h"
+
 #include <cassert>
 
 using namespace QGpgME;
@@ -74,6 +77,7 @@ public:
     bool m_dupeOk = false;
     QString m_remark;
     TrustSignatureProperties m_trustSignature;
+    QDate m_expiration;
 };
 
 QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
@@ -88,7 +92,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
 static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
                                               unsigned int checkLevel, const Key &signer, unsigned int opts,
                                               bool dupeOk, const QString &remark,
-                                              const TrustSignatureProperties &trustSignature)
+                                              const TrustSignatureProperties &trustSignature,
+                                              const QDate &expirationDate)
 {
     QGpgME::QByteArrayDataProvider dp;
     Data data(&dp);
@@ -114,10 +119,32 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
         skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
     }
 
-    if (!signer.isNull())
+    if (!signer.isNull()) {
         if (const Error err = ctx->addSigningKey(signer)) {
             return std::make_tuple(err, QString(), Error());
         }
+    }
+
+    if (expirationDate.isValid()) {
+        // on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally
+        // for the expiration date clip it at 2106-02-06
+        static const QDate maxAllowedDate{2106, 2, 6};
+        const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate;
+        if (clippedExpirationDate != expirationDate) {
+            qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
+        }
+        // use the "days from now" format to specify the expiration date of the certification;
+        // this format is the most appropriate regardless of the local timezone
+        const auto daysFromNow = QDate::currentDate().daysTo(clippedExpirationDate);
+        if (daysFromNow > 0) {
+            const auto certExpire = std::to_string(daysFromNow) + "d";
+            ctx->setFlag("cert-expire", certExpire.c_str());
+        }
+    } else {
+        // explicitly set "cert-expire" to "0" (no expiration) to override default-cert-expire set in gpg.conf
+        ctx->setFlag("cert-expire", "0");
+    }
+
     const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data);
     Error ae;
     const QString log = _detail::audit_log_as_html(ctx, ae);
@@ -143,7 +170,7 @@ Error QGpgMESignKeyJob::start(const Key &key)
         break;
     }
     run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
-                  opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
+                  opts, d->m_dupeOk, d->m_remark, d->m_trustSignature, d->m_expiration));
     d->m_started = true;
     return Error();
 }
@@ -197,4 +224,10 @@ void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsig
     d->m_trustSignature = {trust, depth, scope};
 }
 
+void QGpgMESignKeyJob::setExpirationDate(const QDate &expiration)
+{
+    assert(!d->m_started);
+    d->m_expiration = expiration;
+}
+
 #include "qgpgmesignkeyjob.moc"
diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h
index 5332d543..2ea9e94c 100644
--- a/lang/qt/src/qgpgmesignkeyjob.h
+++ b/lang/qt/src/qgpgmesignkeyjob.h
@@ -87,6 +87,8 @@ public:
     /* from SignKeyJob */
     void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
 
+    void setExpirationDate(const QDate &expiration) override;
+
 private:
     class Private;
     std::unique_ptr<Private> d;
diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h
index 6214bfde..666af92a 100644
--- a/lang/qt/src/signkeyjob.h
+++ b/lang/qt/src/signkeyjob.h
@@ -46,6 +46,7 @@ class Key;
 enum class TrustSignatureTrust : char;
 }
 
+class QDate;
 class QString;
 
 namespace QGpgME
@@ -144,6 +145,16 @@ public:
      **/
     virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
 
+    /**
+     * Sets the expiration date of the key signature to @a expiration. By default,
+     * key signatures do not expire.
+     *
+     * Note: Expiration dates after 2106-02-06 will be set to 2106-02-06.
+     *
+     * Not pure virtual for ABI compatibility.
+     **/
+    virtual void setExpirationDate(const QDate &expiration) { Q_UNUSED(expiration); }
+
 Q_SIGNALS:
     void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
 };