gpg: Print a warning if the subkey expiration may not be what you want.

* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.

g10/keyedit.c

@@ -59,6 +59,7 @@ static void show_key_with_all_names (estream_t fp,
 				     int with_subkeys, int with_prefs,
                                      int nowarn);
 static void show_key_and_fingerprint (KBNODE keyblock);
+static void subkey_expire_warning (kbnode_t keyblock);
 static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name);
 static void menu_deluid (KBNODE pub_keyblock);
 static int menu_delsig (KBNODE pub_keyblock);
@@ -1463,6 +1464,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
   char *answer = NULL;
   int redisplay = 1;
   int modified = 0;
+  int run_subkey_warnings = 0;
   int toggle;
   int have_commands = !!commands;
 
@@ -1530,6 +1532,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	  tty_printf ("\n");
 	  redisplay = 0;
 	}
+
+      if (run_subkey_warnings)
+        {
+          run_subkey_warnings = 0;
+          if (!count_selected_keys (keyblock))
+            subkey_expire_warning (keyblock);
+        }
+
       do
 	{
 	  xfree (answer);
@@ -2030,6 +2040,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
 	  if (menu_expire (keyblock))
 	    {
 	      merge_keys_and_selfsig (keyblock);
+              run_subkey_warnings = 1;
 	      modified = 1;
 	      redisplay = 1;
 	    }
@@ -3156,6 +3167,58 @@ no_primary_warning (KBNODE keyblock)
 }
 
 
+/* Print a warning if the latest encryption subkey expires soon.  This
+   function is called after the expire data of the primary key has
+   been changed.  */
+static void
+subkey_expire_warning (kbnode_t keyblock)
+{
+  u32 curtime = make_timestamp ();
+  kbnode_t node;
+  PKT_public_key *pk;
+  /* u32 mainexpire = 0; */
+  u32 subexpire = 0;
+  u32 latest_date = 0;
+
+  for (node = keyblock; node; node = node->next)
+    {
+      /* if (node->pkt->pkttype == PKT_PUBLIC_KEY) */
+      /*   { */
+      /*     pk = node->pkt->pkt.public_key; */
+      /*     mainexpire = pk->expiredate; */
+      /*   } */
+
+      if (node->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+        continue;
+      pk = node->pkt->pkt.public_key;
+
+      if (!pk->flags.valid)
+        continue;
+      if (pk->flags.revoked)
+        continue;
+      if (pk->timestamp > curtime)
+        continue; /* Ignore future keys.  */
+      if (!(pk->pubkey_usage & PUBKEY_USAGE_ENC))
+        continue; /* Not an encryption key.  */
+
+      if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
+        {
+          latest_date = pk->timestamp;
+          subexpire = pk->expiredate;
+        }
+    }
+
+  if (!subexpire)
+    return;  /* No valid subkey with an expiration time.  */
+
+  if (curtime + (10*86400) > subexpire)
+    {
+      log_info (_("WARNING: Your encryption subkey expires soon.\n"));
+      log_info (_("You may want to change its expiration date too.\n"));
+    }
+}
+
+
 /*
  * Ask for a new user id, add the self-signature and update the keyblock.
  * Return true if there is a new user id