From: Martin Willi <martin@revosec.ch>
Date: Thu, 27 Mar 2014 13:46:41 +0000 (+0100)
Subject: pki: Add a certificate lifetime calculation helper function
X-Git-Tag: 5.1.3rc1~24^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06d3b6e9c98ed5064a3063db7a85cf38df28adf1;p=thirdparty%2Fstrongswan.git

pki: Add a certificate lifetime calculation helper function
---

diff --git a/src/pki/pki.c b/src/pki/pki.c
index eb614dd7f8..ae4ef1cb0b 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -13,9 +13,11 @@
  * for more details.
  */
 
+#define _GNU_SOURCE
 #include "command.h"
 #include "pki.h"
 
+#include <time.h>
 #include <unistd.h>
 
 #include <utils/debug.h>
@@ -101,6 +103,56 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type)
 	return FALSE;
 }
 
+/**
+ * See header
+ */
+bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
+						time_t *nb, time_t *na)
+{
+	struct tm tm;
+	time_t now;
+	char *end;
+
+	if (!format)
+	{
+		format = "%d.%m.%y %T";
+	}
+
+	now = time(NULL);
+
+	localtime_r(&now, &tm);
+	if (nbstr)
+	{
+		end = strptime(nbstr, format, &tm);
+		if (end == NULL || *end != '\0')
+		{
+			return FALSE;
+		}
+	}
+	*nb = mktime(&tm);
+
+	localtime_r(&now, &tm);
+	if (nastr)
+	{
+		end = strptime(nastr, format, &tm);
+		if (end == NULL || *end != '\0')
+		{
+			return FALSE;
+		}
+	}
+	*na = mktime(&tm);
+
+	if (!nbstr && nastr)
+	{
+		*nb = *na - span;
+	}
+	else if (!nastr)
+	{
+		*na = *nb + span;
+	}
+	return TRUE;
+}
+
 /**
  * Callback credential set pki uses
  */
@@ -188,4 +240,3 @@ int main(int argc, char *argv[])
 	atexit(remove_callback);
 	return command_dispatch(argc, argv);
 }
-
diff --git a/src/pki/pki.h b/src/pki/pki.h
index 09c50c6c2f..616fac44a4 100644
--- a/src/pki/pki.h
+++ b/src/pki/pki.h
@@ -33,4 +33,21 @@
  */
 bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type);
 
+/**
+ * Calculate start/end lifetime for certificates.
+ *
+ * If both nbstr and nastr are given, span is ignored. Otherwise missing
+ * arguments are calculated, or assumed to be now.
+ *
+ * @param format	strptime() format, NULL for default: %d.%m.%y %T
+ * @param nbstr		string describing notBefore datetime, or NULL
+ * @param nastr		string describing notAfter datetime, or NULL
+ * @param span		lifetime span, from notBefore to notAfter
+ * @param nb		calculated notBefore time
+ * @param na		calculated notAfter time
+ * @return			TRUE of nb/na calculated successfully
+ */
+bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
+						time_t *nb, time_t *na);
+
 #endif /** PKI_H_ @}*/