mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-27 11:12:15 -05:00
split up and mark unsafe expiry-related methods
This commit is contained in:
parent
e5bb7a35b5
commit
55dd6526a6
@ -231,7 +231,7 @@ public class PgpKeyOperationTest {
|
|||||||
ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120)));
|
ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120)));
|
||||||
|
|
||||||
Assert.assertNull("key ring should not expire",
|
Assert.assertNull("key ring should not expire",
|
||||||
ring.getPublicKey().getExpiryTime());
|
ring.getPublicKey().getUnsafeExpiryTimeForTesting());
|
||||||
|
|
||||||
Assert.assertEquals("first (master) key can certify",
|
Assert.assertEquals("first (master) key can certify",
|
||||||
KeyFlags.CERTIFY_OTHER, (long) subkeys.get(0).getKeyUsage());
|
KeyFlags.CERTIFY_OTHER, (long) subkeys.get(0).getKeyUsage());
|
||||||
@ -342,9 +342,9 @@ public class PgpKeyOperationTest {
|
|||||||
|
|
||||||
Assert.assertNotNull("new key is not null", newKey);
|
Assert.assertNotNull("new key is not null", newKey);
|
||||||
Assert.assertNotNull("added key must have an expiry date",
|
Assert.assertNotNull("added key must have an expiry date",
|
||||||
newKey.getExpiryTime());
|
newKey.getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("added key must have expected expiry date",
|
Assert.assertEquals("added key must have expected expiry date",
|
||||||
expiry, newKey.getExpiryTime().getTime()/1000);
|
expiry, newKey.getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
Assert.assertEquals("added key must have expected flags",
|
Assert.assertEquals("added key must have expected flags",
|
||||||
flags, (long) newKey.getKeyUsage());
|
flags, (long) newKey.getKeyUsage());
|
||||||
Assert.assertEquals("added key must have expected bitsize",
|
Assert.assertEquals("added key must have expected bitsize",
|
||||||
@ -403,9 +403,9 @@ public class PgpKeyOperationTest {
|
|||||||
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
||||||
|
|
||||||
Assert.assertNotNull("modified key must have an expiry date",
|
Assert.assertNotNull("modified key must have an expiry date",
|
||||||
modified.getPublicKey(keyId).getExpiryTime());
|
modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("modified key must have expected expiry date",
|
Assert.assertEquals("modified key must have expected expiry date",
|
||||||
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
|
expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
Assert.assertEquals("modified key must have same flags as before",
|
Assert.assertEquals("modified key must have same flags as before",
|
||||||
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
||||||
}
|
}
|
||||||
@ -417,9 +417,9 @@ public class PgpKeyOperationTest {
|
|||||||
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
||||||
|
|
||||||
Assert.assertNotNull("modified key must have an expiry date",
|
Assert.assertNotNull("modified key must have an expiry date",
|
||||||
modified.getPublicKey(keyId).getExpiryTime());
|
modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("modified key must have expected expiry date",
|
Assert.assertEquals("modified key must have expected expiry date",
|
||||||
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
|
expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
Assert.assertEquals("modified key must have same flags as before",
|
Assert.assertEquals("modified key must have same flags as before",
|
||||||
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
||||||
}
|
}
|
||||||
@ -443,9 +443,9 @@ public class PgpKeyOperationTest {
|
|||||||
Assert.assertEquals("modified key must have expected flags",
|
Assert.assertEquals("modified key must have expected flags",
|
||||||
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
||||||
Assert.assertNotNull("key must retain its expiry",
|
Assert.assertNotNull("key must retain its expiry",
|
||||||
modified.getPublicKey(keyId).getExpiryTime());
|
modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("key expiry must be unchanged",
|
Assert.assertEquals("key expiry must be unchanged",
|
||||||
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
|
expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
}
|
}
|
||||||
|
|
||||||
{ // expiry of 0 should be "no expiry"
|
{ // expiry of 0 should be "no expiry"
|
||||||
@ -463,7 +463,7 @@ public class PgpKeyOperationTest {
|
|||||||
Assert.assertEquals("signature must have been created by master key",
|
Assert.assertEquals("signature must have been created by master key",
|
||||||
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
||||||
|
|
||||||
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime());
|
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ // a past expiry should fail
|
{ // a past expiry should fail
|
||||||
@ -517,9 +517,9 @@ public class PgpKeyOperationTest {
|
|||||||
PacketTags.SIGNATURE, onlyB.get(1).tag);
|
PacketTags.SIGNATURE, onlyB.get(1).tag);
|
||||||
|
|
||||||
Assert.assertNotNull("modified key must have an expiry date",
|
Assert.assertNotNull("modified key must have an expiry date",
|
||||||
modified.getPublicKey().getExpiryTime());
|
modified.getPublicKey().getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("modified key must have expected expiry date",
|
Assert.assertEquals("modified key must have expected expiry date",
|
||||||
expiry, modified.getPublicKey().getExpiryTime().getTime() / 1000);
|
expiry, modified.getPublicKey().getUnsafeExpiryTimeForTesting().getTime() / 1000);
|
||||||
Assert.assertEquals("modified key must have same flags as before",
|
Assert.assertEquals("modified key must have same flags as before",
|
||||||
ring.getPublicKey().getKeyUsage(), modified.getPublicKey().getKeyUsage());
|
ring.getPublicKey().getKeyUsage(), modified.getPublicKey().getKeyUsage());
|
||||||
}
|
}
|
||||||
@ -531,9 +531,9 @@ public class PgpKeyOperationTest {
|
|||||||
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
||||||
|
|
||||||
Assert.assertNotNull("modified key must have an expiry date",
|
Assert.assertNotNull("modified key must have an expiry date",
|
||||||
modified.getPublicKey(keyId).getExpiryTime());
|
modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("modified key must have expected expiry date",
|
Assert.assertEquals("modified key must have expected expiry date",
|
||||||
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
|
expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
Assert.assertEquals("modified key must have same flags as before",
|
Assert.assertEquals("modified key must have same flags as before",
|
||||||
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
|
||||||
}
|
}
|
||||||
@ -547,9 +547,9 @@ public class PgpKeyOperationTest {
|
|||||||
Assert.assertEquals("modified key must have expected flags",
|
Assert.assertEquals("modified key must have expected flags",
|
||||||
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
||||||
Assert.assertNotNull("key must retain its expiry",
|
Assert.assertNotNull("key must retain its expiry",
|
||||||
modified.getPublicKey(keyId).getExpiryTime());
|
modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
Assert.assertEquals("key expiry must be unchanged",
|
Assert.assertEquals("key expiry must be unchanged",
|
||||||
expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
|
expiry, modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting().getTime()/1000);
|
||||||
}
|
}
|
||||||
|
|
||||||
{ // expiry of 0 should be "no expiry"
|
{ // expiry of 0 should be "no expiry"
|
||||||
@ -557,7 +557,7 @@ public class PgpKeyOperationTest {
|
|||||||
parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, 0L));
|
parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, 0L));
|
||||||
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
|
||||||
|
|
||||||
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getExpiryTime());
|
Assert.assertNull("key must not expire anymore", modified.getPublicKey(keyId).getUnsafeExpiryTimeForTesting());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ // if we revoke everything, nothing is left to properly sign...
|
{ // if we revoke everything, nothing is left to properly sign...
|
||||||
@ -609,7 +609,7 @@ public class PgpKeyOperationTest {
|
|||||||
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
||||||
|
|
||||||
Assert.assertTrue("subkey must actually be revoked",
|
Assert.assertTrue("subkey must actually be revoked",
|
||||||
modified.getPublicKey().isRevoked());
|
modified.getPublicKey().isMaybeRevoked());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -653,7 +653,7 @@ public class PgpKeyOperationTest {
|
|||||||
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
||||||
|
|
||||||
Assert.assertTrue("subkey must actually be revoked",
|
Assert.assertTrue("subkey must actually be revoked",
|
||||||
modified.getPublicKey(keyId).isRevoked());
|
modified.getPublicKey(keyId).isMaybeRevoked());
|
||||||
}
|
}
|
||||||
|
|
||||||
{ // re-add second subkey
|
{ // re-add second subkey
|
||||||
@ -691,7 +691,7 @@ public class PgpKeyOperationTest {
|
|||||||
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
|
||||||
|
|
||||||
Assert.assertFalse("subkey must no longer be revoked",
|
Assert.assertFalse("subkey must no longer be revoked",
|
||||||
modified.getPublicKey(keyId).isRevoked());
|
modified.getPublicKey(keyId).isMaybeRevoked());
|
||||||
Assert.assertEquals("subkey must have the same usage flags as before",
|
Assert.assertEquals("subkey must have the same usage flags as before",
|
||||||
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
flags, (long) modified.getPublicKey(keyId).getKeyUsage());
|
||||||
|
|
||||||
|
@ -294,8 +294,8 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
|
|||||||
mKeyId = key.getKeyId();
|
mKeyId = key.getKeyId();
|
||||||
mKeyIdHex = KeyFormattingUtils.convertKeyIdToHex(mKeyId);
|
mKeyIdHex = KeyFormattingUtils.convertKeyIdToHex(mKeyId);
|
||||||
|
|
||||||
mRevoked = key.isRevoked();
|
mRevoked = key.isMaybeRevoked();
|
||||||
mExpired = key.isExpired();
|
mExpired = key.isMaybeExpired();
|
||||||
mFingerprintHex = KeyFormattingUtils.convertFingerprintToHex(key.getFingerprint());
|
mFingerprintHex = KeyFormattingUtils.convertFingerprintToHex(key.getFingerprint());
|
||||||
mBitStrength = key.getBitStrength();
|
mBitStrength = key.getBitStrength();
|
||||||
mCurveOid = key.getCurveOid();
|
mCurveOid = key.getCurveOid();
|
||||||
|
@ -104,8 +104,8 @@ public class OpenPgpSignatureResultBuilder {
|
|||||||
setUserIds(signingRing.getUnorderedUserIds());
|
setUserIds(signingRing.getUnorderedUserIds());
|
||||||
|
|
||||||
// either master key is expired/revoked or this specific subkey is expired/revoked
|
// either master key is expired/revoked or this specific subkey is expired/revoked
|
||||||
setKeyExpired(signingRing.isExpired() || signingKey.isExpired());
|
setKeyExpired(signingRing.isExpired() || signingKey.isMaybeExpired());
|
||||||
setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked());
|
setKeyRevoked(signingRing.isRevoked() || signingKey.isMaybeRevoked());
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenPgpSignatureResult build() {
|
public OpenPgpSignatureResult build() {
|
||||||
|
@ -50,7 +50,7 @@ public class UncachedPublicKey {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** The revocation signature is NOT checked here, so this may be false! */
|
/** The revocation signature is NOT checked here, so this may be false! */
|
||||||
public boolean isRevoked() {
|
public boolean isMaybeRevoked() {
|
||||||
return mPublicKey.getSignaturesOfType(isMasterKey()
|
return mPublicKey.getSignaturesOfType(isMasterKey()
|
||||||
? PGPSignature.KEY_REVOCATION
|
? PGPSignature.KEY_REVOCATION
|
||||||
: PGPSignature.SUBKEY_REVOCATION).hasNext();
|
: PGPSignature.SUBKEY_REVOCATION).hasNext();
|
||||||
@ -60,7 +60,8 @@ public class UncachedPublicKey {
|
|||||||
return mPublicKey.getCreationTime();
|
return mPublicKey.getCreationTime();
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isExpired() {
|
/** The revocation signature is NOT checked here, so this may be false! */
|
||||||
|
public boolean isMaybeExpired() {
|
||||||
Date creationDate = mPublicKey.getCreationTime();
|
Date creationDate = mPublicKey.getCreationTime();
|
||||||
Date expiryDate = mPublicKey.getValidSeconds() > 0
|
Date expiryDate = mPublicKey.getValidSeconds() > 0
|
||||||
? new Date(creationDate.getTime() + mPublicKey.getValidSeconds() * 1000) : null;
|
? new Date(creationDate.getTime() + mPublicKey.getValidSeconds() * 1000) : null;
|
||||||
@ -340,4 +341,24 @@ public class UncachedPublicKey {
|
|||||||
return mCacheUsage;
|
return mCacheUsage;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// this method relies on UNSAFE assumptions about the keyring, and should ONLY be used for
|
||||||
|
// TEST CASES!!
|
||||||
|
Date getUnsafeExpiryTimeForTesting () {
|
||||||
|
long valid = mPublicKey.getValidSeconds();
|
||||||
|
|
||||||
|
if (valid > Integer.MAX_VALUE) {
|
||||||
|
Log.e(Constants.TAG, "error, expiry time too large");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
if (valid == 0) {
|
||||||
|
// no expiry
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
Date creationDate = getCreationTime();
|
||||||
|
Calendar calendar = GregorianCalendar.getInstance();
|
||||||
|
calendar.setTime(creationDate);
|
||||||
|
calendar.add(Calendar.SECOND, (int) valid);
|
||||||
|
|
||||||
|
return calendar.getTime();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user