Browse Source

Test for expiry one week before it happens

doc_update_sequoia
Edouard Tisserant 6 years ago
parent
commit
ce79f22bda
7 changed files with 40 additions and 5 deletions
  1. +1
    -1
      src/cryptotech.h
  2. +4
    -1
      src/keymanagement.c
  3. +2
    -1
      src/pEpEngine.c
  4. +2
    -0
      src/pEpEngine.h
  5. +28
    -2
      src/pgp_gpg.c
  6. +1
    -0
      src/pgp_gpg.h
  7. +2
    -0
      src/pgp_netpgp.c

+ 1
- 1
src/cryptotech.h View File

@ -61,7 +61,7 @@ typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
const char *reason);
typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
bool *expired);
const time_t when, bool *expired);
typedef PEP_STATUS (*key_revoked_t)(PEP_SESSION session, const char *fpr,
bool *revoked);


+ 4
- 1
src/keymanagement.c View File

@ -412,7 +412,10 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
else
{
bool expired;
status = key_expired(session, identity->fpr, &expired);
status = key_expired(session, identity->fpr,
time(NULL) + (7*24*3600), // In a week
&expired);
assert(status == PEP_STATUS_OK);
if (status != PEP_STATUS_OK) {
return status;


+ 2
- 1
src/pEpEngine.c View File

@ -1205,6 +1205,7 @@ DYNAMIC_API PEP_STATUS revoke_key(
DYNAMIC_API PEP_STATUS key_expired(
PEP_SESSION session,
const char *fpr,
const time_t when,
bool *expired
)
{
@ -1216,7 +1217,7 @@ DYNAMIC_API PEP_STATUS key_expired(
return PEP_ILLEGAL_VALUE;
return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
expired);
when, expired);
}
DYNAMIC_API PEP_STATUS key_revoked(


+ 2
- 0
src/pEpEngine.h View File

@ -706,11 +706,13 @@ DYNAMIC_API PEP_STATUS revoke_key(
// parameters:
// session (in) session handle
// fpr (in) ID of key to check as UTF-8 string
// when (in) UTC time of when should expiry be considered
// expired (out) flag if key expired
DYNAMIC_API PEP_STATUS key_expired(
PEP_SESSION session,
const char *fpr,
const time_t when,
bool *expired
);


+ 28
- 2
src/pgp_gpg.c View File

@ -1783,6 +1783,7 @@ PEP_STATUS pgp_revoke_key(
PEP_STATUS pgp_key_expired(
PEP_SESSION session,
const char *fpr,
const time_t when,
bool *expired
)
{
@ -1799,9 +1800,34 @@ PEP_STATUS pgp_key_expired(
if (status != PEP_STATUS_OK)
return status;
if (key && key->subkeys)
if ((key && key->expired) ||
(key && key->subkeys && key->subkeys->expired))
{
// Already marked expired
*expired = 1;
}
else if (key)
{
*expired = key->subkeys->expired;
// Detect if will be expired
// i.e. Check that keys capabilities will
// not be expired at given time.
gpgme_subkey_t _sk;
bool crt_available = false;
bool sgn_available = false;
bool enc_available = false;
for (_sk = key->subkeys; _sk; _sk = _sk->next) {
if (_sk->expires > when) // not expired at that date ?
{
if (_sk->can_certify) crt_available = true;
if (_sk->can_sign) sgn_available = true;
if (_sk->can_encrypt) enc_available = true;
// Authenticate is not used here.
}
}
if(!(crt_available && sgn_available && enc_available))
{
*expired = 1;
}
}
else
{


+ 1
- 0
src/pgp_gpg.h View File

@ -61,6 +61,7 @@ PEP_STATUS pgp_revoke_key(
PEP_STATUS pgp_key_expired(
PEP_SESSION session,
const char *fpr,
const time_t when,
bool *expired
);


+ 2
- 0
src/pgp_netpgp.c View File

@ -1597,6 +1597,7 @@ unlock_netpgp:
PEP_STATUS pgp_key_expired(
PEP_SESSION session,
const char *fprstr,
const time_t when,
bool *expired
)
{
@ -1610,6 +1611,7 @@ PEP_STATUS pgp_key_expired(
if (!session || !fprstr || !expired)
return PEP_UNKNOWN_ERROR;
// TODO : take "when" in account
*expired = false;


Loading…
Cancel
Save