AEgypten bugfix #1220: make sure that (a) negative numbers of days-left-to-expire-of-certificate are reported correctly by using an int instead of a time_t and (b) return the special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE to indicate that no expire date is stored in this certificate

2 files changed, 64 insertions, 32 deletions

diff --git a/gpgmeplug/cryptplug.h b/gpgmeplug/cryptplug.h
index 3c522789..e1a613d5 100644
--- a/gpgmeplug/cryptplug.h
+++ b/gpgmeplug/cryptplug.h
@@ -297,6 +297,8 @@ enum {
 typedef unsigned long SigStatusFlags;
 
 
+#define CRYPTPLUG_CERT_DOES_NEVER_EXPIRE 365000
+
 
 
 
@@ -621,12 +623,18 @@ void setSignatureCertificateExpiryNearWarning( bool );
 */
 bool signatureCertificateExpiryNearWarning( void );
 
-    /*! \ingroup groupConfigSign
-      \brief Returns the number of days that are left until the
-      specified certificate expires. 
-      \param certificate the certificate to check
-    */
-    int signatureCertificateDaysLeftToExpiry( const char* certificate );
+/*! \ingroup groupConfigSign
+   \brief Returns the number of days that are left until the
+   specified certificate expires.
+   
+   Negative values show how many days ago the certificate DID expire,
+   a zero value means the certificate expires today,
+   special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
+   no expire date stored in this certificate.
+   
+   \param certificate the certificate to check
+*/
+int signatureCertificateDaysLeftToExpiry( const char* certificate );
 
 /*! \ingroup groupConfigSign
    \brief Specifies the number of days which a signature certificate must
@@ -654,12 +662,18 @@ void setCACertificateExpiryNearWarning( bool );
 */
 bool caCertificateExpiryNearWarning( void );
 
-    /*! \ingroup groupConfigSign
-      \brief Returns the number of days that are left until the
-      CA certificate of the specified certificate expires. 
-      \param certificate the certificate to check
-    */
-    int caCertificateDaysLeftToExpiry( const char* certificate );
+/*! \ingroup groupConfigSign
+  \brief Returns the number of days that are left until the
+  CA certificate of the specified certificate expires. 
+   
+   Negative values show how many days ago the certificate DID expire,
+   a zero value means the certificate expires today,
+   special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
+   no expire date stored in this certificate.
+   
+  \param certificate the certificate to check
+*/
+int caCertificateDaysLeftToExpiry( const char* certificate );
 
 /*! \ingroup groupConfigSign
    \brief Specifies the number of days which a CA certificate must
@@ -687,12 +701,18 @@ void setRootCertificateExpiryNearWarning( bool );
 */
 bool rootCertificateExpiryNearWarning( void );
 
-    /*! \ingroup groupConfigSign
-      \brief Returns the number of days that are left until the
-      root certificate of the specified certificate expires. 
-      \param certificate the certificate to check
-    */
-    int rootCertificateDaysLeftToExpiry( const char* certificate );
+/*! \ingroup groupConfigSign
+   \brief Returns the number of days that are left until the
+   root certificate of the specified certificate expires. 
+   
+   Negative values show how many days ago the certificate DID expire,
+   a zero value means the certificate expires today,
+   special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
+   no expire date stored in this certificate.
+   
+   \param certificate the certificate to check
+*/
+int rootCertificateDaysLeftToExpiry( const char* certificate );
 
 /*! \ingroup groupConfigSign
    \brief Specifies the number of days which a root certificate must
@@ -863,6 +883,11 @@ bool receiverCertificateExpiryNearWarning( void );
 /*! \ingroup groupConfigCrypt
   \brief Returns the number of days until the specified receiver
   certificate expires.
+   
+   Negative values show how many days ago the certificate DID expire,
+   a zero value means the certificate expires today,
+   special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
+   no expire date stored in this certificate.
 */
 int receiverCertificateDaysLeftToExpiry( const char* certificate );
 
@@ -911,6 +936,11 @@ int certificateInChainExpiryNearWarningInterval( void );
 /*! \ingroup groupConfigCrypt
   \brief Returns the number of days until the first certificate in
   the chain of the receiver certificate expires.
+   
+   Negative values show how many days ago the certificate DID expire,
+   a zero value means the certificate expires today,
+   special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
+   no expire date stored in this certificate.
 */
 int certificateInChainDaysLeftToExpiry( const char* certificate );
 
diff --git a/gpgmeplug/gpgmeplug.c b/gpgmeplug/gpgmeplug.c
index 404189d6..fe456ff6 100644
--- a/gpgmeplug/gpgmeplug.c
+++ b/gpgmeplug/gpgmeplug.c
@@ -545,7 +545,7 @@ int signatureCertificateDaysLeftToExpiry( const char* certificate )
   GpgmeCtx ctx;
   GpgmeError err;
   GpgmeKey rKey;
-  time_t daysLeft = 0;
+  int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
 
   gpgme_new( &ctx );
   gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
@@ -556,9 +556,14 @@ int signatureCertificateDaysLeftToExpiry( const char* certificate )
     gpgme_op_keylist_end( ctx );
     if ( GPGME_No_Error == err ) {
       time_t expire_time = gpgme_key_get_ulong_attr(
-                             rKey,GPGME_ATTR_EXPIRE, NULL, 0 );
+                             rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
       time_t cur_time = time (NULL);
-      daysLeft = days_from_seconds(expire_time - cur_time);
+      if( cur_time > expire_time ) {
+        daysLeft = days_from_seconds(cur_time - expire_time);
+        daysLeft *= -1;
+      }
+      else
+        daysLeft = days_from_seconds(expire_time - cur_time);
       gpgme_key_release( rKey );
     }
   }
@@ -830,7 +835,7 @@ int receiverCertificateDaysLeftToExpiry( const char* certificate )
   GpgmeCtx ctx;
   GpgmeError err;
   GpgmeKey rKey;
-  time_t daysLeft = 0;
+  int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
 
   gpgme_new( &ctx );
   gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
@@ -843,7 +848,12 @@ int receiverCertificateDaysLeftToExpiry( const char* certificate )
       time_t expire_time = gpgme_key_get_ulong_attr(
                              rKey,GPGME_ATTR_EXPIRE, NULL, 0 );
       time_t cur_time = time (NULL);
-      daysLeft = days_from_seconds(expire_time - cur_time);
+      if( cur_time > expire_time ) {
+        daysLeft = days_from_seconds(cur_time - expire_time);
+        daysLeft *= -1;
+      }
+      else
+        daysLeft = days_from_seconds(expire_time - cur_time);
       gpgme_key_release( rKey );
     }
   }
@@ -854,14 +864,6 @@ int receiverCertificateDaysLeftToExpiry( const char* certificate )
   */
 
   return daysLeft;
-    
-    
-    
-    /* PENDING(g10)
-       Please return the number of days that are left until the
-       certificate specified in the parameter certificate expires.
-    */
-  return 10; /* dummy that triggers a warning in the MUA */
 }
 
 
@@ -2362,7 +2364,7 @@ importCertificateFromMem( const char* data, size_t length , char** additional_in
   }
   if( count < 1 ) {
     /* we didn't import anything?!? */
-    fprintf( stderr,  "gpgme_op_import_ext did not import any certificate\n", err );    
+    fprintf( stderr,  "gpgme_op_import_ext did not import any certificate\n" );    
     gpgme_data_release( keydata );    
     gpgme_release( ctx );
     return -1; /* FIXME */