split up and mark unsafe expiry-related methods

OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java

@@ -231,7 +231,7 @@ public class PgpKeyOperationTest {
                 ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120)));
 
         Assert.assertNull("key ring should not expire",
-                ring.getPublicKey().getExpiryTime());
+                ring.getPublicKey().getUnsafeExpiryTimeForTesting());
 
         Assert.assertEquals("first (master) key can certify",
                 KeyFlags.CERTIFY_OTHER, (long) subkeys.get(0).getKeyUsage());
@@ -342,9 +342,9 @@ public class PgpKeyOperationTest {
 
         Assert.assertNotNull("new key is not null", newKey);
         Assert.assertNotNull("added key must have an expiry date",
-                newKey.getExpiryTime());
+                newKey.getUnsafeExpiryTimeForTesting());
         Assert.assertEquals("added key must have expected expiry date",
-                expiry, newKey.getExpiryTime().getTime()/1000);
+                expiry, newKey.getUnsafeExpiryTimeForTesting().getTime()/1000);
         Assert.assertEquals("added key must have expected flags",
                 flags, (long) newKey.getKeyUsage());
         Assert.assertEquals("added key must have expected bitsize",
@@ -403,9 +403,9 @@ public class PgpKeyOperationTest {
                     ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
 
             Assert.assertNotNull("modified key must have an expiry date",
-                    modified.getPublicKey(keyId).getExpiryTime());
+                    modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("modified key must have expected expiry date",
-                    expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+                    expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
             Assert.assertEquals("modified key must have same flags as before",
                     ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
         }
@@ -417,9 +417,9 @@ public class PgpKeyOperationTest {
             modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
 
             Assert.assertNotNull("modified key must have an expiry date",
-                    modified.getPublicKey(keyId).getExpiryTime());
+                    modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("modified key must have expected expiry date",
-                    expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+                    expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
             Assert.assertEquals("modified key must have same flags as before",
                     ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
         }
@@ -443,9 +443,9 @@ public class PgpKeyOperationTest {
             Assert.assertEquals("modified key must have expected flags",
                     flags, (long) modified.getPublicKey(keyId).getKeyUsage());
             Assert.assertNotNull("key must retain its expiry",
-                    modified.getPublicKey(keyId).getExpiryTime());
+                    modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("key expiry must be unchanged",
-                    expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+                    expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
         }
 
         { // expiry of 0 should be "no expiry"
@@ -463,7 +463,7 @@ public class PgpKeyOperationTest {
             Assert.assertEquals("signature must have been created by master key",
                     ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
 
-            Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime());
+            Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
         }
 
         { // a past expiry should fail
@@ -517,9 +517,9 @@ public class PgpKeyOperationTest {
                     PacketTags.SIGNATURE, onlyB.get(1).tag);
 
             Assert.assertNotNull("modified key must have an expiry date",
-                    modified.getPublicKey().getExpiryTime());
+                    modified.getPublicKey().getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("modified key must have expected expiry date",
-                    expiry, modified.getPublicKey().getExpiryTime().getTime() / 1000);
+                    expiry, modified.getPublicKey().getUnsafeExpiryTimeForTesting().getTime() / 1000);
             Assert.assertEquals("modified key must have same flags as before",
                     ring.getPublicKey().getKeyUsage(), modified.getPublicKey().getKeyUsage());
         }
@@ -531,9 +531,9 @@ public class PgpKeyOperationTest {
             modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
 
             Assert.assertNotNull("modified key must have an expiry date",
-                    modified.getPublicKey(keyId).getExpiryTime());
+                    modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("modified key must have expected expiry date",
-                    expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+                    expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
             Assert.assertEquals("modified key must have same flags as before",
                     ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
         }
@@ -547,9 +547,9 @@ public class PgpKeyOperationTest {
             Assert.assertEquals("modified key must have expected flags",
                     flags, (long) modified.getPublicKey(keyId).getKeyUsage());
             Assert.assertNotNull("key must retain its expiry",
-                    modified.getPublicKey(keyId).getExpiryTime());
+                    modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
             Assert.assertEquals("key expiry must be unchanged",
-                    expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+                    expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
         }
 
         { // expiry of 0 should be "no expiry"
@@ -557,7 +557,7 @@ public class PgpKeyOperationTest {
             parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, 0L));
             modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
 
-            Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime());
+            Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
         }
 
         { // if we revoke everything, nothing is left to properly sign...
@@ -609,7 +609,7 @@ public class PgpKeyOperationTest {
                 ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
 
         Assert.assertTrue("subkey must actually be revoked",
-                modified.getPublicKey().isRevoked());
+                modified.getPublicKey().isMaybeRevoked());
 
     }
 
@@ -653,7 +653,7 @@ public class PgpKeyOperationTest {
                     ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
 
             Assert.assertTrue("subkey must actually be revoked",
-                    modified.getPublicKey(keyId).isRevoked());
+                    modified.getPublicKey(keyId).isMaybeRevoked());
         }
 
         { // re-add second subkey
@@ -691,7 +691,7 @@ public class PgpKeyOperationTest {
                     ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
 
             Assert.assertFalse("subkey must no longer be revoked",
-                    modified.getPublicKey(keyId).isRevoked());
+                    modified.getPublicKey(keyId).isMaybeRevoked());
             Assert.assertEquals("subkey must have the same usage flags as before",
                     flags, (long) modified.getPublicKey(keyId).getKeyUsage());
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java

@@ -294,8 +294,8 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
         mKeyId = key.getKeyId();
         mKeyIdHex = KeyFormattingUtils.convertKeyIdToHex(mKeyId);
 
-        mRevoked = key.isRevoked();
+        mRevoked = key.isMaybeRevoked();
-        mExpired = key.isExpired();
+        mExpired = key.isMaybeExpired();
         mFingerprintHex = KeyFormattingUtils.convertFingerprintToHex(key.getFingerprint());
         mBitStrength = key.getBitStrength();
         mCurveOid = key.getCurveOid();

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java

@@ -104,8 +104,8 @@ public class OpenPgpSignatureResultBuilder {
         setUserIds(signingRing.getUnorderedUserIds());
 
         // either master key is expired/revoked or this specific subkey is expired/revoked
-        setKeyExpired(signingRing.isExpired() || signingKey.isExpired());
+        setKeyExpired(signingRing.isExpired() || signingKey.isMaybeExpired());
-        setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked());
+        setKeyRevoked(signingRing.isRevoked() || signingKey.isMaybeRevoked());
     }
 
     public OpenPgpSignatureResult build() {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java

@@ -50,7 +50,7 @@ public class UncachedPublicKey {
     }
 
     /** The revocation signature is NOT checked here, so this may be false! */
-    public boolean isRevoked() {
+    public boolean isMaybeRevoked() {
         return mPublicKey.getSignaturesOfType(isMasterKey()
                 ? PGPSignature.KEY_REVOCATION
                 : PGPSignature.SUBKEY_REVOCATION).hasNext();
@@ -60,7 +60,8 @@ public class UncachedPublicKey {
         return mPublicKey.getCreationTime();
     }
 
-    public boolean isExpired() {
+    /** The revocation signature is NOT checked here, so this may be false! */
+    public boolean isMaybeExpired() {
         Date creationDate = mPublicKey.getCreationTime();
         Date expiryDate = mPublicKey.getValidSeconds() > 0
                 ? new Date(creationDate.getTime() + mPublicKey.getValidSeconds() * 1000) : null;
@@ -340,4 +341,24 @@ public class UncachedPublicKey {
         return mCacheUsage;
     }
 
+    // this method relies on UNSAFE assumptions about the keyring, and should ONLY be used for
+    // TEST CASES!!
+    Date getUnsafeExpiryTimeForTesting () {
+        long valid = mPublicKey.getValidSeconds();
+
+        if (valid > Integer.MAX_VALUE) {
+            Log.e(Constants.TAG, "error, expiry time too large");
+            return null;
+        }
+        if (valid == 0) {
+            // no expiry
+            return null;
+        }
+        Date creationDate = getCreationTime();
+        Calendar calendar = GregorianCalendar.getInstance();
+        calendar.setTime(creationDate);
+        calendar.add(Calendar.SECOND, (int) valid);
+
+        return calendar.getTime();
+    }
 }