Latest valid retrieval fix

Signed-off-by: ioanbogdan <[email protected]>

include/x509_wrapper.hpp

@@ -106,9 +106,14 @@ class X509Wrapper {
     /// @return
     std::string get_export_string() const;
 
-    /// @brief If the certificate is within the validity date
+    /// @brief If the certificate is within the validity date. Can return false in 2 cases,
+    /// if it is expired (current date > valid_to) or if (current data < valid_in), that is
+    /// we are not in force yet
     bool is_valid() const;
 
+    /// @brief If the certificate has expired
+    bool is_expired() const;
+
 public:
     X509Wrapper& operator=(X509Wrapper&& other) = default;
 

lib/x509_wrapper.cpp

@@ -103,7 +103,7 @@ void X509Wrapper::update_validity() {
     ASN1_TIME* notAfter = X509_get_notAfter(get());
 
     int day, sec;
-    ASN1_TIME_diff(&day, &sec, notBefore, nullptr);
+    ASN1_TIME_diff(&day, &sec, nullptr, notBefore);
     valid_in = std::chrono::duration_cast<std::chrono::seconds>(ossl_days_to_seconds(day)).count() +
                sec; // Convert days to seconds
     ASN1_TIME_diff(&day, &sec, nullptr, notAfter);
@@ -125,7 +125,12 @@ int X509Wrapper::get_valid_to() const {
 }
 
 bool X509Wrapper::is_valid() const {
-    return (get_valid_in() >= 0);
+    // The valid_in must be in the past and the valid_to must be in the future
+    return (get_valid_in() <= 0) && (get_valid_to() >= 0);
+}
+
+bool X509Wrapper::is_expired() const {
+    return (get_valid_to() >= 0);
 }
 
 std::optional<std::filesystem::path> X509Wrapper::get_file() const {