openpgp: Use absolute expiration time in cert.

  - The certificate is a mid-level interface, and should therefore use
    the more user-friendly way of specifying expiration.

  - Fixes #429.
parent d7b10e95
Pipeline #116994485 passed with stage
in 3 minutes and 35 seconds
......@@ -921,18 +921,15 @@ pgp_status_t pgp_cert_alive(pgp_error_t *errp, pgp_cert_t cert,
pgp_policy_t policy, time_t when);
/*/
/// Changes the Cert's expiration.
///
/// Expiry is when the key should expire in seconds relative to the
/// key's creation (not the current time).
/// Sets the key to expire at the given time.
///
/// This function consumes `cert` and returns a new `Cert`.
/*/
pgp_cert_t pgp_cert_set_validity_period(pgp_error_t *errp,
pgp_cert_t pgp_cert_set_expiration_time(pgp_error_t *errp,
pgp_cert_t cert,
pgp_policy_t policy,
pgp_signer_t signer,
uint32_t expiry);
time_t expiry);
/*/
/// Returns whether the Cert includes any secret key material.
......
......@@ -339,26 +339,23 @@ fn pgp_cert_alive(errp: Option<&mut *mut crate::error::Error>,
ffi_try_status!(cert.ref_raw().alive(policy, maybe_time(when)))
}
/// Changes the Cert's expiration.
///
/// Expiry is when the key should expire in seconds relative to the
/// key's creation (not the current time).
/// Sets the key to expire at the given time.
///
/// This function consumes `cert` and returns a new `Cert`.
#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
fn pgp_cert_set_validity_period(errp: Option<&mut *mut crate::error::Error>,
fn pgp_cert_set_expiration_time(errp: Option<&mut *mut crate::error::Error>,
cert: *mut Cert,
policy: *const Policy,
primary_signer: *mut Box<dyn crypto::Signer>,
expiry: u32)
expiry: time_t)
-> Maybe<Cert>
{
let policy = &**policy.ref_raw();
let cert = cert.move_from_raw();
let signer = ffi_param_ref_mut!(primary_signer);
cert.set_validity_period(policy, signer.as_mut(),
Some(std::time::Duration::new(expiry as u64, 0)))
cert.set_expiration_time(policy, signer.as_mut(),
maybe_time(expiry))
.move_into_raw(errp)
}
......
......@@ -659,20 +659,31 @@ impl Cert {
self.merge_packets(sigs)
}
/// Sets the key to expire in delta.
///
/// Note: the time is relative to the primary key's creation time,
/// not the current time!
/// Sets the key to expire at the given time.
///
/// A policy is needed, because the expiration is updated by adding
/// a self-signature to the primary user id.
pub fn set_validity_period(self, policy: &dyn Policy,
pub fn set_expiration_time(self, policy: &dyn Policy,
primary_signer: &mut dyn Signer,
expiration: Option<time::Duration>)
expiration: Option<time::SystemTime>)
-> Result<Cert>
{
let expiration =
if let Some(e) = expiration.map(crate::types::normalize_systemtime)
{
let ct = self.primary_key().creation_time();
match e.duration_since(ct) {
Ok(v) => Some(v),
Err(_) => return Err(Error::InvalidArgument(
format!("Expiration time {:?} predates creation time \
{:?}", e, ct)).into()),
}
} else {
None
};
self.set_validity_period_as_of(policy, primary_signer, expiration,
time::SystemTime::now())
time::SystemTime::now())
}
/// Returns the amalgamated primary userid at `t`, if any.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment