From: Karl-Heinz Zimmer Date: Sun, 3 Nov 2002 22:12:27 +0000 (+0000) Subject: Enable expire date checking for a CMS key's CA certificate and its root certificate. X-Git-Tag: gpgme-1.2.0@1385~777 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=5d21ec6f30e662fbd682c8d37275ba97b25575d4;p=gpgme.git Enable expire date checking for a CMS key's CA certificate and its root certificate. --- diff --git a/branches/gpgme-0-3-branch/gpgmeplug/gpgmeplug.c b/branches/gpgme-0-3-branch/gpgmeplug/gpgmeplug.c index fc7d587..4b4fc64 100644 --- a/branches/gpgme-0-3-branch/gpgmeplug/gpgmeplug.c +++ b/branches/gpgme-0-3-branch/gpgmeplug/gpgmeplug.c @@ -594,6 +594,24 @@ bool signatureCertificateExpiryNearWarning( void ) } +int getAttrExpireFormKey( GpgmeKey* rKey) +{ + int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE; + time_t expire_time = gpgme_key_get_ulong_attr( + *rKey, GPGME_ATTR_EXPIRE, NULL, 0 ); + if ( 0 != expire_time ) { + time_t cur_time = time (NULL); + if( cur_time > expire_time ) { + daysLeft = days_from_seconds(cur_time - expire_time); + daysLeft *= -1; + } + else + daysLeft = days_from_seconds(expire_time - cur_time); + } + return daysLeft; +} + + int signatureCertificateDaysLeftToExpiry( const char* certificate ) { GpgmeCtx ctx; @@ -609,17 +627,7 @@ int signatureCertificateDaysLeftToExpiry( const char* certificate ) err = gpgme_op_keylist_next( ctx, &rKey ); gpgme_op_keylist_end( ctx ); if ( GPGME_No_Error == err ) { - time_t expire_time = gpgme_key_get_ulong_attr( - rKey, GPGME_ATTR_EXPIRE, NULL, 0 ); - if ( 0 != expire_time ) { - time_t cur_time = time (NULL); - if( cur_time > expire_time ) { - daysLeft = days_from_seconds(cur_time - expire_time); - daysLeft *= -1; - } - else - daysLeft = days_from_seconds(expire_time - cur_time); - } + daysLeft = getAttrExpireFormKey( &rKey ); gpgme_key_release( rKey ); } } @@ -653,18 +661,14 @@ bool caCertificateExpiryNearWarning( void ) return config.cACertificateExpiryNearWarning; } -int caCertificateDaysLeftToExpiry( const char* certificate ) +int caFirstLastChainCertDaysLeftToExpiry( bool bStopAtFirst, + const char* certificate ) { - /* PENDING(g10) - Please return the number of days that are left until the - CA certificate for the certificate specified in the parameter - certificate expires. - */ - /* GpgmeCtx ctx; GpgmeError err; GpgmeKey rKey; - time_t daysLeft = 0; + const char *sChainID; + int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE; gpgme_new( &ctx ); gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL ); @@ -674,27 +678,43 @@ int caCertificateDaysLeftToExpiry( const char* certificate ) err = gpgme_op_keylist_next( ctx, &rKey ); gpgme_op_keylist_end( ctx ); if ( GPGME_No_Error == err ) { - time_t expire_time = gpgme_key_get_ulong_attr( - rKey, - -??????????????????????? GPGME_ATTR_EXPIRE, ??????????????????????? - - NULL, 0 ); - time_t cur_time = time (NULL); - daysLeft = days_from_seconds(expire_time - cur_time); + // we found the key, now lets look for the CA key + while((sChainID = + gpgme_key_get_string_attr(rKey, GPGME_ATTR_CHAINID, NULL, 0))){ + // start new key list run + err = gpgme_op_keylist_start(ctx, sChainID, 0); + gpgme_key_release (rKey); + rKey = NULL; + if (!err) + err = gpgme_op_keylist_next (ctx, &rKey); + if (err){ + fprintf( stderr, "Error finding issuer key: %s\n", + gpgme_strerror (err) ); + break; + }else{ + // stop this key list run + gpgme_op_keylist_end(ctx); + daysLeft = getAttrExpireFormKey( &rKey ); + if( bStopAtFirst ) + break; // the first key was found, let us stop here + } + } gpgme_key_release( rKey ); } } gpgme_release( ctx ); - - - // fprintf( stderr, "gpgmeplug caCertificateDaysLeftToExpiry returned %d\n", daysLeft ); + return daysLeft; - */ - - return 10; /* dummy that triggers a warning in the MUA */ } +int caCertificateDaysLeftToExpiry( const char* certificate ) +{ + // retrieve the expire time of the FIRST certificate in this chain + // (not counting the original certificate) + return caFirstLastChainCertDaysLeftToExpiry( true, certificate ); +} + + void setCACertificateExpiryNearInterval( int interval ) { config.cACertificateExpiryNearInterval = interval; @@ -717,44 +737,8 @@ bool rootCertificateExpiryNearWarning( void ) int rootCertificateDaysLeftToExpiry( const char* certificate ) { - /* PENDING(g10) - Please return the number of days that are left until the - root certificate for the certificate specified in the parameter - certificate expires. - */ - /* - GpgmeCtx ctx; - GpgmeError err; - GpgmeKey rKey; - time_t daysLeft = 0; - - gpgme_new( &ctx ); - gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL ); - - err = gpgme_op_keylist_start( ctx, certificate, 0 ); - if ( GPGME_No_Error == err ) { - err = gpgme_op_keylist_next( ctx, &rKey ); - gpgme_op_keylist_end( ctx ); - if ( GPGME_No_Error == err ) { - time_t expire_time = gpgme_key_get_ulong_attr( - rKey, - -??????????????????????? GPGME_ATTR_EXPIRE, ??????????????????????? - - NULL, 0 ); - time_t cur_time = time (NULL); - daysLeft = days_from_seconds(expire_time - cur_time); - gpgme_key_release( rKey ); - } - } - gpgme_release( ctx ); - - - // fprintf( stderr, "gpgmeplug rootCertificateDaysLeftToExpiry returned %d\n", daysLeft ); - return daysLeft; - */ - - return 10; /* dummy that triggers a warning in the MUA */ + // retrieve the expire time of the LAST certificate in this chain + return caFirstLastChainCertDaysLeftToExpiry( false, certificate ); }