Test for expiry one week before it happens

src/cryptotech.h

@@ -61,7 +61,7 @@ typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
         const char *reason);
 
 typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
-        bool *expired);
+        const time_t when, bool *expired);
 
 typedef PEP_STATUS (*key_revoked_t)(PEP_SESSION session, const char *fpr,
                                     bool *revoked);

src/keymanagement.c

@@ -412,7 +412,10 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
     else
     {
         bool expired;
-        status = key_expired(session, identity->fpr, &expired);
+        status = key_expired(session, identity->fpr, 
+                             time(NULL) + (7*24*3600), // In a week
+                             &expired);
+
         assert(status == PEP_STATUS_OK);
         if (status != PEP_STATUS_OK) {
             return status;

src/pEpEngine.c

@@ -1205,6 +1205,7 @@ DYNAMIC_API PEP_STATUS revoke_key(
 DYNAMIC_API PEP_STATUS key_expired(
         PEP_SESSION session,
         const char *fpr,
+        const time_t when,
         bool *expired
     )
 {
@@ -1216,7 +1217,7 @@ DYNAMIC_API PEP_STATUS key_expired(
         return PEP_ILLEGAL_VALUE;
 
     return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
-            expired);
+            when, expired);
 }
 
 DYNAMIC_API PEP_STATUS key_revoked(

src/pEpEngine.h

@@ -706,11 +706,13 @@ DYNAMIC_API PEP_STATUS revoke_key(
 //  parameters:
 //      session (in)            session handle
 //      fpr (in)                ID of key to check as UTF-8 string
+//      when (in)               UTC time of when should expiry be considered
 //      expired (out)           flag if key expired
 
 DYNAMIC_API PEP_STATUS key_expired(
         PEP_SESSION session,
         const char *fpr,
+        const time_t when,
         bool *expired
     );
 

src/pgp_gpg.c

@@ -1783,6 +1783,7 @@ PEP_STATUS pgp_revoke_key(
 PEP_STATUS pgp_key_expired(
         PEP_SESSION session,
         const char *fpr,
+        const time_t when,
         bool *expired
     )
 {
@@ -1799,9 +1800,34 @@ PEP_STATUS pgp_key_expired(
     if (status != PEP_STATUS_OK)
         return status;
 
-    if (key && key->subkeys)
+    if ((key && key->expired) ||
+        (key && key->subkeys && key->subkeys->expired))
+    {
+        // Already marked expired
+        *expired = 1;
+    }
+    else if (key)
     {
-        *expired = key->subkeys->expired;
+        // Detect if will be expired
+        // i.e. Check that keys capabilities will
+        // not be expired at given time.
+        gpgme_subkey_t _sk;
+        bool crt_available = false;
+        bool sgn_available = false;
+        bool enc_available = false;
+        for (_sk = key->subkeys; _sk; _sk = _sk->next) {
+            if (_sk->expires > when) // not expired at that date ?
+            {
+                if (_sk->can_certify) crt_available = true;
+                if (_sk->can_sign) sgn_available = true;
+                if (_sk->can_encrypt) enc_available = true;
+                // Authenticate is not used here.
+            }
+        }
+        if(!(crt_available && sgn_available && enc_available))
+        {
+            *expired = 1;
+        }
     }
     else
     {

src/pgp_gpg.h

@@ -61,6 +61,7 @@ PEP_STATUS pgp_revoke_key(
 PEP_STATUS pgp_key_expired(
         PEP_SESSION session,
         const char *fpr,
+        const time_t when,
         bool *expired
     );
 

src/pgp_netpgp.c

@@ -1597,6 +1597,7 @@ unlock_netpgp:
 PEP_STATUS pgp_key_expired(
         PEP_SESSION session,
         const char *fprstr,
+        const time_t when,
         bool *expired
     )
 {
@@ -1610,6 +1611,7 @@ PEP_STATUS pgp_key_expired(
     if (!session || !fprstr || !expired)
         return PEP_UNKNOWN_ERROR;
 
+    // TODO : take "when" in account 
 
     *expired = false;