Commit 37836546 authored by Ivar Derksen's avatar Ivar Derksen Committed by Sietse Ringers

Let ValidateKeys take into account DeprecatedSince tag

parent 04112b93
......@@ -1450,7 +1450,7 @@ func (conf *Configuration) validateTranslations(file string, o interface{}) {
func (conf *Configuration) ValidateKeys() error {
const expiryBoundary = int64(time.Hour/time.Second) * 24 * 31 // 1 month, TODO make configurable
for issuerid := range conf.Issuers {
for issuerid, issuer := range conf.Issuers {
if err := conf.parseKeysFolder(issuerid); err != nil {
return err
}
......@@ -1465,13 +1465,17 @@ func (conf *Configuration) ValidateKeys() error {
if err != nil {
return err
}
now := time.Now().Unix()
if latest == nil || latest.ExpiryDate < now {
conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no nonexpired public keys", issuerid.String()))
}
if latest != nil && latest.ExpiryDate > now && latest.ExpiryDate < now+expiryBoundary {
conf.Warnings = append(conf.Warnings, fmt.Sprintf("Latest public key of issuer %s expires soon (at %s)",
issuerid.String(), time.Unix(latest.ExpiryDate, 0).String()))
// Check expiry date public keys only if issuer is not deprecated
now := time.Now()
if issuer.DeprecatedSince.IsZero() || issuer.DeprecatedSince.After(Timestamp(now)) {
if latest == nil || latest.ExpiryDate < now.Unix() {
conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no nonexpired public keys", issuerid.String()))
}
if latest != nil && latest.ExpiryDate > now.Unix() && latest.ExpiryDate < now.Unix()+expiryBoundary {
conf.Warnings = append(conf.Warnings, fmt.Sprintf("Latest public key of issuer %s expires soon (at %s)",
issuerid.String(), time.Unix(latest.ExpiryDate, 0).String()))
}
}
// Check private keys if any
......
......@@ -653,6 +653,11 @@ func (t Timestamp) After(u Timestamp) bool {
return time.Time(t).After(time.Time(u))
}
// To check whether Timestamp is uninitialized
func (t Timestamp) IsZero() bool {
return time.Time(t).IsZero()
}
func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
return e.EncodeElement(t.String(), start)
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment