From df01073eda4c398669d668931d90fa957f660d5f Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 16 Nov 2013 16:31:25 +0100
Subject: Added activation_date and expiration_date options to certtool
 template file.

---
 src/Makefile.am       | 18 ++++++-----
 src/certtool-args.def |  5 +++
 src/certtool-cfg.c    | 86 ++++++++++++++++++++++++++++++++++++++++++++++-----
 src/certtool-cfg.h    |  3 +-
 src/certtool.c        | 51 +++++++++++++-----------------
 5 files changed, 117 insertions(+), 46 deletions(-)

(limited to 'src')

diff --git a/src/Makefile.am b/src/Makefile.am
index 2a7576ccf2..c68418031f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -35,6 +35,7 @@ EXTRA_DIST = args-std.def
 AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
 AM_CPPFLAGS = \
 	-I$(srcdir)/../gl			\
+	-I$(srcdir)/gl				\
 	-I$(builddir)/../gl			\
 	-I$(builddir)/../lib/includes		\
 	-I$(srcdir)/../lib/includes		\
@@ -148,8 +149,8 @@ noinst_LTLIBRARIES += libcmd-certtool.la
 libcmd_certtool_la_CFLAGS =
 libcmd_certtool_la_SOURCES = certtool-args.c certtool-args.def certtool-args.h	\
 	certtool-cfg.h certtool-cfg.c
-libcmd_certtool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la gl/libgnu_gpl.a
-libcmd_certtool_la_LIBADD += $(LTLIBINTL)
+libcmd_certtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la 
+libcmd_certtool_la_LIBADD += $(LIBOPTS) $(LTLIBINTL)
 libcmd_certtool_la_LIBADD += $(LTLIBREADLINE)
 libcmd_certtool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
 
@@ -164,10 +165,11 @@ noinst_LTLIBRARIES += libcmd-danetool.la
 libcmd_danetool_la_CFLAGS =
 libcmd_danetool_la_SOURCES = danetool-args.c danetool-args.def danetool-args.h \
 	certtool-cfg.h certtool-cfg.c
-libcmd_danetool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la
+libcmd_danetool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la 
+libcmd_danetool_la_LIBADD += $(LIBOPTS)
 libcmd_danetool_la_LIBADD += $(LTLIBINTL)
 libcmd_danetool_la_LIBADD += $(LTLIBREADLINE)
-libcmd_danetool_la_LIBADD += $(INET_PTON_LIB)
+libcmd_danetool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
 
 # p11 tool
 if ENABLE_PKCS11
@@ -182,8 +184,8 @@ noinst_LTLIBRARIES += libcmd-p11tool.la
 libcmd_p11tool_la_CFLAGS =
 libcmd_p11tool_la_SOURCES = p11tool-args.def p11tool-args.c p11tool-args.h \
 	certtool-cfg.h certtool-cfg.c
-libcmd_p11tool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la
-libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB)
+libcmd_p11tool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la 
+libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
 
 endif # ENABLE_PKCS11
 
@@ -198,8 +200,8 @@ noinst_LTLIBRARIES += libcmd-tpmtool.la
 libcmd_tpmtool_la_CFLAGS =
 libcmd_tpmtool_la_SOURCES = tpmtool-args.def tpmtool-args.c tpmtool-args.h \
 	certtool-cfg.h certtool-cfg.c
-libcmd_tpmtool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la
-libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB)
+libcmd_tpmtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la 
+libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
 
 endif # ENABLE_TROUSERS
 
diff --git a/src/certtool-args.def b/src/certtool-args.def
index bd512a51b5..f50f63544d 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -582,6 +582,11 @@ serial = 007
 # Use -1 if there is no expiration date.
 expiration_days = 700
 
+# Alternatively you may set concrete dates. Acceptable dates are dates
+# read by getdate().
+#activation_date = "2004-02-29 16:21:42"
+#expiration_date = "2025-02-29 16:24:41"
+
 # X.509 v3 extensions
 
 # A dnsname in case of a WWW server.
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 747c4b7986..81be6db89e 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2004-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
  *
  * This file is part of GnuTLS.
  *
@@ -30,7 +31,9 @@
 #include <limits.h>
 #include <inttypes.h>
 #include <time.h>
+#include <parse-datetime.h>
 #include <autoopts/options.h>
+#include <intprops.h>
 
 /* for inet_pton */
 #include <sys/types.h>
@@ -74,6 +77,8 @@ typedef struct _cfg_ctx {
 	char *crl_dist_points;
 	char *password;
 	char *pkcs12_key_name;
+	char *expiration_date;
+	char *activation_date;
 	int serial;
 	int expiration_days;
 	int ca;
@@ -238,6 +243,14 @@ int template_parse(const char *template)
 	if (val != NULL && val->valType == OPARG_TYPE_STRING)
 		cfg.country = strdup(val->v.strVal);
 
+	val = optionGetValue(pov, "expiration_date");
+	if (val != NULL && val->valType == OPARG_TYPE_STRING)
+		cfg.expiration_date = strdup(val->v.strVal);
+
+	val = optionGetValue(pov, "activation_date");
+	if (val != NULL && val->valType == OPARG_TYPE_STRING)
+		cfg.activation_date = strdup(val->v.strVal);
+
 	for (i = 0; i < MAX_POLICIES; i++) {
 		snprintf(tmpstr, sizeof(tmpstr), "policy%d", i + 1);
 		val = optionGetValue(pov, tmpstr);
@@ -837,23 +850,82 @@ int get_serial(void)
 	}
 }
 
-int get_days(void)
+static
+time_t get_date(const char* date)
+{
+	time_t t;
+	struct timespec r;
+	
+	if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
+	        fprintf(stderr, "Cannot parse date: %s\n", date);
+	        exit(1);
+        }
+        
+        return r.tv_sec;
+}
+
+time_t get_activation_date()
 {
-	int days;
 
+	if (batch && cfg.activation_date != NULL) {
+       		return get_date(cfg.activation_date);
+	}
+	
+	return time(NULL);
+}
+
+static
+time_t days_to_secs(int days)
+{
+time_t secs = days;
+time_t now = time(NULL);
+
+       	if (secs != (time_t)-1) {
+      	        if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+       	                secs = -1;
+	        } else {
+    	                secs *= 24*60*60;
+      	        }
+        }
+                                
+        if (secs != (time_t)-1) {
+                if (INT_ADD_OVERFLOW(secs, now)) {
+                        secs = -1;
+                } else {
+                        secs += now;
+                }
+        }
+        
+        return secs;
+}
+
+time_t get_expiration_date()
+{
 	if (batch) {
-		if (cfg.expiration_days == 0 || cfg.expiration_days < -2)
-			return 365;
-		else
-			return cfg.expiration_days;
+		if (cfg.expiration_date == NULL) {
+		        time_t secs, now;
+		        
+		        now = time(NULL);
+
+        		if (cfg.expiration_days == 0 || cfg.expiration_days < -2)
+        		        secs = days_to_secs(365);
+                        else {
+                                secs = days_to_secs(cfg.expiration_days);
+                        }
+
+			return secs;
+		} else
+			return get_date(cfg.expiration_date);
 	} else {
+		int days;
+
 		do {
 			days =
 			    read_int
 			    ("The certificate will expire in (days): ");
 		}
 		while (days == 0);
-		return days;
+		return days_to_secs(days);
 	}
 }
 
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 7617900002..98275de283 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -51,7 +51,8 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt);
 void get_oid_crt_set(gnutls_x509_crt_t crt);
 void get_key_purpose_set(int type, void *crt);
 int get_serial(void);
-int get_days(void);
+time_t get_expiration_date(void);
+time_t get_activation_date(void);
 int get_ca_status(void);
 int get_crl_number(void);
 int get_path_len(void);
diff --git a/src/certtool.c b/src/certtool.c
index 83a25491b3..e7c0c26d01 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -38,7 +38,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#include <intprops.h>
 
 /* Gnulib portability files. */
 #include <read-file.h>
@@ -231,8 +230,8 @@ generate_certificate(gnutls_privkey_t * ret_key,
 	size_t size;
 	int ret;
 	int client;
-	int days, result, ca_status = 0, is_ike = 0, path_len;
-	time_t secs, now;
+	int result, ca_status = 0, is_ike = 0, path_len;
+	time_t secs;
 	int vers;
 	unsigned int usage = 0, server;
 	gnutls_x509_crq_t crq;	/* request */
@@ -329,28 +328,16 @@ generate_certificate(gnutls_privkey_t * ret_key,
 	if (!batch)
 		fprintf(stderr, "\n\nActivation/Expiration time.\n");
 
-	now = time(NULL);
+	secs = get_activation_date();
 
-	gnutls_x509_crt_set_activation_time(crt, now);
-
-	days = get_days();
-	secs = days;
-
-	if (secs != (time_t)-1) {
-	        if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
-	                secs = -1;
-	        } else {
-	                secs *= 24*60*60;
-	        }
-        }
+	result = gnutls_x509_crt_set_activation_time(crt, secs);
+	if (result < 0) {
+		fprintf(stderr, "set_activation: %s",
+			gnutls_strerror(result));
+		exit(1);
+	}
 
-	if (secs != (time_t)-1) {
-	        if (INT_ADD_OVERFLOW(secs, now)) {
-	                secs = -1;
-	        } else {
-	                secs += now;
-	        }
-        }
+	secs = get_expiration_date();
 
 	result = gnutls_x509_crt_set_expiration_time(crt, secs);
 	if (result < 0) {
@@ -942,8 +929,7 @@ static void update_signed_certificate(common_info_st * cinfo)
 	int result;
 	gnutls_privkey_t ca_key;
 	gnutls_x509_crt_t ca_crt;
-	int days;
-	time_t tim = time(NULL);
+	time_t tim;
 
 	fprintf(stderr, "Generating a signed certificate...\n");
 
@@ -952,15 +938,20 @@ static void update_signed_certificate(common_info_st * cinfo)
 	crt = load_cert(1, cinfo);
 
 	fprintf(stderr, "Activation/Expiration time.\n");
-	gnutls_x509_crt_set_activation_time(crt, tim);
+	tim = get_activation_date();
+
+	result = gnutls_x509_crt_set_activation_time(crt, tim);
+	if (result < 0) {
+		fprintf(stderr, "set_activation: %s",
+			gnutls_strerror(result));
+		exit(1);
+	}
 
-	days = get_days();
+	tim = get_expiration_date();
 
 	result =
 	    gnutls_x509_crt_set_expiration_time(crt,
-						tim +
-						((time_t) days) * 24 * 60 *
-						60);
+						tim);
 	if (result < 0) {
 		fprintf(stderr, "set_expiration: %s",
 			gnutls_strerror(result));
-- 
cgit v1.2.1