# File ../../auditor/lib/kasp_auditor/partial_auditor.rb, line 847
    def do_basic_rrsig_checks(line)
      # @TODO@  Can we check the length of the RRSIG signature here?

      time_now = Time.now.to_i
      split = line.split
      key_tag = split[10]
      @keys_used.push(key_tag) if !@keys_used.include?key_tag
      sig_inception = RR::RRSIG.get_time(split[9])

      check_policy_changes

      # See if any of the configuration has changed for signature lifetimes
      if (@policy_has_changed)
        if (!@inception_offset_has_changed)
          #  If not inception_offset which changed, then simply ignore RRSIGs which were
          #   created earlier than the policy change timestamp (including inception_offset here!)
          if (sig_inception < (@policy_change_timestamp - @config.signatures.inception_offset))
            log(LOG_WARNING, "Skipping signature lifetime check for  #{split[0].chop}, #{split[4]} : policy has changed since #{sig_inception} (at #{@policy_change_timestamp})\n")
            return
          end
        else
          #   If InceptionOffset has changed, then all bets are probably off. In this case,
          #      ignore all signature which were created less than a day before the policy changed.
          if (sig_inception < (@policy_change_timestamp - (3600 * 24)))
            log(LOG_WARNING, "Skipping signature lifetime check for  #{split[0].chop}, #{split[4]} : policy has changed since #{sig_inception} (at #{@policy_change_timestamp})\n")
            return
          end
        end
      end

      if (sig_inception > (time_now + @config.signatures.inception_offset))
        log(LOG_ERR, "Inception error for #{split[0].chop}, #{split[4]} : Signature inception is #{sig_inception}, time now is #{time_now}, inception offset is #{@config.signatures.inception_offset}, difference = #{time_now - sig_inception}")
      else
        #                      print "OK : Signature inception is #{sig.inception}, time now is #{time_now}, inception offset is #{@config.signatures.inception_offset}, difference = #{time_now - sig.inception}\n"
      end

      sig_expiration = RR::RRSIG.get_time(split[8])
      #  d) expiration date in future by at least interval specified by config
      refresh = @config.signatures.refresh
      resign = @config.signatures.resign
      # We want to check that there is at least the refresh period left before
      # the signature expires.
      # @TODO@ Probably want to have a WARN level and an ERROR level
      # Expired signatures are caught by the verify_rrset() call above
      if ((time_now <= sig_expiration) && time_now > (sig_expiration - refresh + resign))
        log(LOG_ERR, "Signature expiration (#{sig_expiration}) for #{split[0]}, #{split[4]} should be later than (the refresh period (#{refresh}) - the resign period (#{resign})) from now (#{time_now})")
      else
        #            print "OK : Signature expiration is #{sig.expiration}, time now is #{time_now}, signature validity is #{validity}, difference = #{sig.expiration - time_now}\n"
      end
      # Check signature lifetime :
      # inceptionoffset + validity - jitter ≤ (exception - inception) ≤ inceptionoffset + validity +jitter
      validity = @config.signatures.validity.default
      if (split[4]=~/^NSEC/) && (split[4] != "NSEC3PARAM")
        validity = @config.signatures.validity.denial
      end

      min_lifetime = @config.signatures.inception_offset + validity - @config.signatures.jitter
      max_lifetime = @config.signatures.inception_offset + validity + @config.signatures.jitter
      actual_lifetime = sig_expiration - sig_inception
      if (min_lifetime > actual_lifetime)
        log(LOG_ERR, "Signature lifetime too short - should be at least #{min_lifetime} but was #{actual_lifetime}")
      end
      if (max_lifetime < actual_lifetime)
        log(LOG_ERR, "Signature lifetime too long - should be at most #{max_lifetime} but was #{actual_lifetime}")
      end

    end