Add expire date to label

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

.github/workflows/build.yml

@@ -14,12 +14,13 @@ jobs:
     container: ubuntu:${{ matrix.container }}
     strategy:
       matrix:
-        container: ['22.04', '24.04', '24.10', '25.04']
+        container: ['22.04', '24.04', '25.04']
         arch: ['amd64', 'arm64']
     env:
       DEBIAN_FRONTEND: noninteractive
       DEBFULLNAME: github-actions
       DEBEMAIL: [email protected]
+      JAVA_HOME: /usr/lib/jvm/java-17-openjdk-${{ matrix.arch }}
     steps:
     - name: Install dependencies
       run: apt update -qq && apt install --no-install-recommends -y lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-17-jdk-headless libpython3-dev python3-setuptools libboost-test-dev
@@ -32,7 +33,7 @@ jobs:
         dch --distribution $(lsb_release -cs) -v ${VERSIONEX} "Release ${VERSIONEX}."
     - name: Build packages
       run: |
-        JAVA_HOME=/usr/lib/jvm/java-17-openjdk-${{ matrix.arch }} dpkg-buildpackage -us -uc
+        dpkg-buildpackage -us -uc
         mv ../libcdoc*.* .
     - name: Lintian
       run: lintian *.deb;
@@ -125,7 +126,7 @@ jobs:
     runs-on: ${{ matrix.image }}
     strategy:
       matrix:
-        image: [windows-2022]
+        image: [windows-2025]
         platform: [x64, arm64]
     env:
       CXXFLAGS: '/D_DISABLE_CONSTEXPR_MUTEX_CONSTRUCTOR' # https://github.com/actions/runner-images/issues/10004
@@ -144,10 +145,7 @@ jobs:
       env:
         VCPKG_INSTALLED_DIR: ${{ github.workspace }}/build/vcpkg_installed
     - name: Install dependencies
-      run: |
-        choco install doxygen.install -y > $null
-        Invoke-WebRequest -UserAgent "Wget" "https://sourceforge.net/projects/swig/files/swigwin/swigwin-4.3.0/swigwin-4.3.0.zip/download" -OutFile swig.zip
-        tar xf swig.zip
+      run: winget install --accept-package-agreements --accept-source-agreements doxygen swig
     - uses: actions/setup-java@v4
       with:
         distribution: 'temurin'
@@ -156,7 +154,6 @@ jobs:
       run: |
         cmake -A ${{ matrix.platform }} -S . -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo `
           "-DCMAKE_TOOLCHAIN_FILE=${{ env.VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake" `
-          "-DSWIG_EXECUTABLE=${{ github.workspace }}/swigwin-4.3.0/swig.exe" `
           -DVCPKG_TARGET_TRIPLET=${{ env.VCPKG_DEFAULT_TRIPLET }} `
           -DVCPKG_MANIFEST_FEATURES=tests `
           -DCMAKE_INSTALL_LIBDIR=bin

cdoc/Certificate.cpp

@@ -74,6 +74,21 @@ Certificate::getSerialNumber() const
 	return getName(cert, NID_serialNumber);
 }
 
+time_t
+Certificate::getNotAfter() const
+{
+    if(!cert)
+        return 0;
+    tm tm{};
+    if(ASN1_TIME_to_tm(X509_get0_notAfter(cert.get()), &tm) != 1)
+        return 0;
+#ifdef _WIN32
+    return _mkgmtime(&tm);
+#else
+    return timegm(&tm);
+#endif
+}
+
 
 
 std::vector<std::string>
@@ -85,8 +100,8 @@ Certificate::policies() const
     if(!cert)
         return list;
 
-    auto p = static_cast<CERTIFICATEPOLICIES *>(X509_get_ext_d2i(cert.get(), NID_certificate_policies, nullptr, nullptr));
-    auto cp = std::unique_ptr<CERTIFICATEPOLICIES,decltype(&CERTIFICATEPOLICIES_free)>(p,CERTIFICATEPOLICIES_free);
+    auto cp = make_unique_cast<CERTIFICATEPOLICIES_free>(X509_get_ext_d2i(
+        cert.get(), NID_certificate_policies, nullptr, nullptr));
     if(!cp)
         return list;
 

cdoc/Certificate.h

@@ -50,6 +50,7 @@ class Certificate {
 
 	std::vector<uint8_t> getPublicKey() const;
     Algorithm getAlgorithm() const;
+    time_t getNotAfter() const;
 
     std::vector<uint8_t> getDigest();
 };

cdoc/Io.h

@@ -26,7 +26,7 @@
 
 namespace libcdoc {
 
-class DataSource;
+struct DataSource;
 
 /**
  * @brief The DataConsumer class

cdoc/Recipient.cpp

@@ -104,7 +104,7 @@ Recipient
 Recipient::makeEIDServer(std::vector<uint8_t> cert, std::string server_id)
 {
     Certificate x509(cert);
-    auto label = BuildLabelEID(cert);
+    auto label = BuildLabelEID(cert, time(nullptr) + 60 * 60 * 24 * 31 * 6); // 6 months
     return makeServer(std::move(label),
         x509.getPublicKey(), x509.getAlgorithm() == Certificate::Algorithm::RSA ? RSA : ECC, std::move(server_id));
 }
@@ -143,7 +143,7 @@ static constexpr std::string_view type_strs[] = {
 };
 
 std::string
-Recipient::buildLabel(std::vector<std::pair<std::string_view, std::string_view>> components)
+Recipient::buildLabel(const std::vector<std::pair<std::string_view, std::string_view>> &components, time_t exp)
 {
     std::ostringstream ofs;
     ofs << LABELPREFIX;
@@ -155,11 +155,14 @@ Recipient::buildLabel(std::vector<std::pair<std::string_view, std::string_view>>
             first = false;
         }
     }
+    if(exp > 0) {
+        ofs << "&server_exp=" << exp;
+    }
     return ofs.str();
 }
 
 std::string
-Recipient::BuildLabelEID(int version, EIDType type, std::string_view cn, std::string_view serial_number, std::string_view last_name, std::string_view first_name)
+Recipient::BuildLabelEID(int version, EIDType type, std::string_view cn, std::string_view serial_number, std::string_view last_name, std::string_view first_name, time_t exp)
 {
     // In case of cards issued to an organization the first name (and last name) are missing. We ommit these parts.
     if (first_name.empty()) {
@@ -168,7 +171,7 @@ Recipient::BuildLabelEID(int version, EIDType type, std::string_view cn, std::st
             {"type", type_strs[type]},
             {"cn", cn},
             {"serial_number", serial_number}
-        });
+        }, exp);
     } else {
         return buildLabel({
             {"v", std::to_string(version)},
@@ -177,15 +180,15 @@ Recipient::BuildLabelEID(int version, EIDType type, std::string_view cn, std::st
             {"serial_number", serial_number},
             {"last_name", last_name},
             {"first_name", first_name}
-        });
+        }, exp);
     }
 }
 
 std::string
-Recipient::BuildLabelEID(const std::vector<uint8_t>& cert)
+Recipient::BuildLabelEID(const std::vector<uint8_t>& cert, time_t exp)
 {
     Certificate x509(cert);
-    return BuildLabelEID(CDoc2::KEYLABELVERSION, getEIDType(x509.policies()), x509.getCommonName(), x509.getSerialNumber(), x509.getSurname(), x509.getGivenName());
+    return BuildLabelEID(CDoc2::KEYLABELVERSION, getEIDType(x509.policies()), x509.getCommonName(), x509.getSerialNumber(), x509.getSurname(), x509.getGivenName(), exp ? exp : x509.getNotAfter());
 }
 
 std::string

cdoc/Recipient.h

@@ -231,9 +231,10 @@ struct CDOC_EXPORT Recipient {
     /**
      * @brief build machine-readable CDoc2 label
      * @param components a list of string pairs
+     * @param exp a expire date to added to label (if 0, no expire date is added)
      * @return a composed label
      */
-    static std::string buildLabel(std::vector<std::pair<std::string_view, std::string_view>> components);
+    static std::string buildLabel(const std::vector<std::pair<std::string_view, std::string_view>> &components, time_t exp = 0);
     /**
      * @brief build machine-readable CDoc2 label for EID recipient
      * @param version the label version
@@ -242,16 +243,18 @@ struct CDOC_EXPORT Recipient {
      * @param serial_number the serial number
      * @param last_name the last name
      * @param first_name the first name
+     * @param exp a expire date to added to label (if 0, no expire date is added)
      * @return a composed label
      */
-    static std::string BuildLabelEID(int version, EIDType type, std::string_view cn, std::string_view serial_number, std::string_view last_name, std::string_view first_name);
+    static std::string BuildLabelEID(int version, EIDType type, std::string_view cn, std::string_view serial_number, std::string_view last_name, std::string_view first_name, time_t exp = 0);
     /**
      * @brief build machine-readable CDoc2 label for EID recipient filling info from certificate
      * @see BuildLabelEID
      * @param cert the certificate value (der-encoded)
+     * @param exp a expire date to added to label (if 0, expire date is taken from certificate)
      * @return a composed label
      */
-    static std::string BuildLabelEID(const std::vector<uint8_t> &cert);
+    static std::string BuildLabelEID(const std::vector<uint8_t> &cert, time_t exp = 0);
     /**
      * @brief build machine-readable CDoc2 label for certificate-based recipient
      * @param version the label version

cdoc/utils/memory.h

@@ -38,6 +38,11 @@ struct free_argument<R (*)(T *)>
 {
     using type = T;
 };
+template<class T, class R>
+struct free_argument<R (&)(T *)>
+{
+    using type = T;
+};
 
 template <class T>
 using unique_free_t = std::unique_ptr<T, void(*)(T*)>;