split up and mark unsafe expiry-related methods

This commit is contained in:
Vincent Breitmoser 2015-02-26 18:53:42 +01:00
parent e5bb7a35b5
commit 55dd6526a6
4 changed files with 47 additions and 26 deletions

View File

@ -231,7 +231,7 @@ public class PgpKeyOperationTest {
ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120))); ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120)));
Assert.assertNull("key ring should not expire", Assert.assertNull("key ring should not expire",
ring.getPublicKey().getExpiryTime()); ring.getPublicKey().getUnsafeExpiryTimeForTesting());
Assert.assertEquals("first (master) key can certify", Assert.assertEquals("first (master) key can certify",
KeyFlags.CERTIFY_OTHER, (long) subkeys.get(0).getKeyUsage()); KeyFlags.CERTIFY_OTHER, (long) subkeys.get(0).getKeyUsage());
@ -342,9 +342,9 @@ public class PgpKeyOperationTest {
Assert.assertNotNull("new key is not null", newKey); Assert.assertNotNull("new key is not null", newKey);
Assert.assertNotNull("added key must have an expiry date", Assert.assertNotNull("added key must have an expiry date",
newKey.getExpiryTime()); newKey.getUnsafeExpiryTimeForTesting());
Assert.assertEquals("added key must have expected expiry date", Assert.assertEquals("added key must have expected expiry date",
expiry, newKey.getExpiryTime().getTime()/1000); expiry, newKey.getUnsafeExpiryTimeForTesting().getTime()/1000);
Assert.assertEquals("added key must have expected flags", Assert.assertEquals("added key must have expected flags",
flags, (long) newKey.getKeyUsage()); flags, (long) newKey.getKeyUsage());
Assert.assertEquals("added key must have expected bitsize", Assert.assertEquals("added key must have expected bitsize",
@ -403,9 +403,9 @@ public class PgpKeyOperationTest {
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID()); ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertNotNull("modified key must have an expiry date", Assert.assertNotNull("modified key must have an expiry date",
modified.getPublicKey(keyId).getExpiryTime()); modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
Assert.assertEquals("modified key must have expected expiry date", Assert.assertEquals("modified key must have expected expiry date",
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000); expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
Assert.assertEquals("modified key must have same flags as before", Assert.assertEquals("modified key must have same flags as before",
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage()); ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
} }
@ -417,9 +417,9 @@ public class PgpKeyOperationTest {
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB); modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
Assert.assertNotNull("modified key must have an expiry date", Assert.assertNotNull("modified key must have an expiry date",
modified.getPublicKey(keyId).getExpiryTime()); modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
Assert.assertEquals("modified key must have expected expiry date", Assert.assertEquals("modified key must have expected expiry date",
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000); expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
Assert.assertEquals("modified key must have same flags as before", Assert.assertEquals("modified key must have same flags as before",
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage()); ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
} }
@ -443,9 +443,9 @@ public class PgpKeyOperationTest {
Assert.assertEquals("modified key must have expected flags", Assert.assertEquals("modified key must have expected flags",
flags, (long) modified.getPublicKey(keyId).getKeyUsage()); flags, (long) modified.getPublicKey(keyId).getKeyUsage());
Assert.assertNotNull("key must retain its expiry", Assert.assertNotNull("key must retain its expiry",
modified.getPublicKey(keyId).getExpiryTime()); modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
Assert.assertEquals("key expiry must be unchanged", Assert.assertEquals("key expiry must be unchanged",
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000); expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
} }
{ // expiry of 0 should be "no expiry" { // expiry of 0 should be "no expiry"
@ -463,7 +463,7 @@ public class PgpKeyOperationTest {
Assert.assertEquals("signature must have been created by master key", Assert.assertEquals("signature must have been created by master key",
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID()); ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime()); Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
} }
{ // a past expiry should fail { // a past expiry should fail
@ -517,9 +517,9 @@ public class PgpKeyOperationTest {
PacketTags.SIGNATURE, onlyB.get(1).tag); PacketTags.SIGNATURE, onlyB.get(1).tag);
Assert.assertNotNull("modified key must have an expiry date", Assert.assertNotNull("modified key must have an expiry date",
modified.getPublicKey().getExpiryTime()); modified.getPublicKey().getUnsafeExpiryTimeForTesting());
Assert.assertEquals("modified key must have expected expiry date", Assert.assertEquals("modified key must have expected expiry date",
expiry, modified.getPublicKey().getExpiryTime().getTime() / 1000); expiry, modified.getPublicKey().getUnsafeExpiryTimeForTesting().getTime() / 1000);
Assert.assertEquals("modified key must have same flags as before", Assert.assertEquals("modified key must have same flags as before",
ring.getPublicKey().getKeyUsage(), modified.getPublicKey().getKeyUsage()); ring.getPublicKey().getKeyUsage(), modified.getPublicKey().getKeyUsage());
} }
@ -531,9 +531,9 @@ public class PgpKeyOperationTest {
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB); modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
Assert.assertNotNull("modified key must have an expiry date", Assert.assertNotNull("modified key must have an expiry date",
modified.getPublicKey(keyId).getExpiryTime()); modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
Assert.assertEquals("modified key must have expected expiry date", Assert.assertEquals("modified key must have expected expiry date",
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000); expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
Assert.assertEquals("modified key must have same flags as before", Assert.assertEquals("modified key must have same flags as before",
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage()); ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
} }
@ -547,9 +547,9 @@ public class PgpKeyOperationTest {
Assert.assertEquals("modified key must have expected flags", Assert.assertEquals("modified key must have expected flags",
flags, (long) modified.getPublicKey(keyId).getKeyUsage()); flags, (long) modified.getPublicKey(keyId).getKeyUsage());
Assert.assertNotNull("key must retain its expiry", Assert.assertNotNull("key must retain its expiry",
modified.getPublicKey(keyId).getExpiryTime()); modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
Assert.assertEquals("key expiry must be unchanged", Assert.assertEquals("key expiry must be unchanged",
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000); expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
} }
{ // expiry of 0 should be "no expiry" { // expiry of 0 should be "no expiry"
@ -557,7 +557,7 @@ public class PgpKeyOperationTest {
parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, 0L)); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, 0L));
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB); modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime()); Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
} }
{ // if we revoke everything, nothing is left to properly sign... { // if we revoke everything, nothing is left to properly sign...
@ -609,7 +609,7 @@ public class PgpKeyOperationTest {
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID()); ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertTrue("subkey must actually be revoked", Assert.assertTrue("subkey must actually be revoked",
modified.getPublicKey().isRevoked()); modified.getPublicKey().isMaybeRevoked());
} }
@ -653,7 +653,7 @@ public class PgpKeyOperationTest {
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID()); ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertTrue("subkey must actually be revoked", Assert.assertTrue("subkey must actually be revoked",
modified.getPublicKey(keyId).isRevoked()); modified.getPublicKey(keyId).isMaybeRevoked());
} }
{ // re-add second subkey { // re-add second subkey
@ -691,7 +691,7 @@ public class PgpKeyOperationTest {
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID()); ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
Assert.assertFalse("subkey must no longer be revoked", Assert.assertFalse("subkey must no longer be revoked",
modified.getPublicKey(keyId).isRevoked()); modified.getPublicKey(keyId).isMaybeRevoked());
Assert.assertEquals("subkey must have the same usage flags as before", Assert.assertEquals("subkey must have the same usage flags as before",
flags, (long) modified.getPublicKey(keyId).getKeyUsage()); flags, (long) modified.getPublicKey(keyId).getKeyUsage());

View File

@ -294,8 +294,8 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
mKeyId = key.getKeyId(); mKeyId = key.getKeyId();
mKeyIdHex = KeyFormattingUtils.convertKeyIdToHex(mKeyId); mKeyIdHex = KeyFormattingUtils.convertKeyIdToHex(mKeyId);
mRevoked = key.isRevoked(); mRevoked = key.isMaybeRevoked();
mExpired = key.isExpired(); mExpired = key.isMaybeExpired();
mFingerprintHex = KeyFormattingUtils.convertFingerprintToHex(key.getFingerprint()); mFingerprintHex = KeyFormattingUtils.convertFingerprintToHex(key.getFingerprint());
mBitStrength = key.getBitStrength(); mBitStrength = key.getBitStrength();
mCurveOid = key.getCurveOid(); mCurveOid = key.getCurveOid();

View File

@ -104,8 +104,8 @@ public class OpenPgpSignatureResultBuilder {
setUserIds(signingRing.getUnorderedUserIds()); setUserIds(signingRing.getUnorderedUserIds());
// either master key is expired/revoked or this specific subkey is expired/revoked // either master key is expired/revoked or this specific subkey is expired/revoked
setKeyExpired(signingRing.isExpired() || signingKey.isExpired()); setKeyExpired(signingRing.isExpired() || signingKey.isMaybeExpired());
setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked()); setKeyRevoked(signingRing.isRevoked() || signingKey.isMaybeRevoked());
} }
public OpenPgpSignatureResult build() { public OpenPgpSignatureResult build() {

View File

@ -50,7 +50,7 @@ public class UncachedPublicKey {
} }
/** The revocation signature is NOT checked here, so this may be false! */ /** The revocation signature is NOT checked here, so this may be false! */
public boolean isRevoked() { public boolean isMaybeRevoked() {
return mPublicKey.getSignaturesOfType(isMasterKey() return mPublicKey.getSignaturesOfType(isMasterKey()
? PGPSignature.KEY_REVOCATION ? PGPSignature.KEY_REVOCATION
: PGPSignature.SUBKEY_REVOCATION).hasNext(); : PGPSignature.SUBKEY_REVOCATION).hasNext();
@ -60,7 +60,8 @@ public class UncachedPublicKey {
return mPublicKey.getCreationTime(); return mPublicKey.getCreationTime();
} }
public boolean isExpired() { /** The revocation signature is NOT checked here, so this may be false! */
public boolean isMaybeExpired() {
Date creationDate = mPublicKey.getCreationTime(); Date creationDate = mPublicKey.getCreationTime();
Date expiryDate = mPublicKey.getValidSeconds() > 0 Date expiryDate = mPublicKey.getValidSeconds() > 0
? new Date(creationDate.getTime() + mPublicKey.getValidSeconds() * 1000) : null; ? new Date(creationDate.getTime() + mPublicKey.getValidSeconds() * 1000) : null;
@ -340,4 +341,24 @@ public class UncachedPublicKey {
return mCacheUsage; return mCacheUsage;
} }
// this method relies on UNSAFE assumptions about the keyring, and should ONLY be used for
// TEST CASES!!
Date getUnsafeExpiryTimeForTesting () {
long valid = mPublicKey.getValidSeconds();
if (valid > Integer.MAX_VALUE) {
Log.e(Constants.TAG, "error, expiry time too large");
return null;
}
if (valid == 0) {
// no expiry
return null;
}
Date creationDate = getCreationTime();
Calendar calendar = GregorianCalendar.getInstance();
calendar.setTime(creationDate);
calendar.add(Calendar.SECOND, (int) valid);
return calendar.getTime();
}
} }