mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-08-13 15:53:53 -04:00
ignore revoked user ids for primary key expiry
This commit is contained in:
Vincent Breitmoser
parent
ad8209bd94
commit
d7888d4666
@ -79,9 +79,8 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
|
||||
|
||||
public boolean isExpired() {
|
||||
// Is the master key expired?
|
||||
Date creationDate = getRing().getPublicKey().getCreationTime();
|
||||
Date expiryDate = getRing().getPublicKey().getValidSeconds() > 0
|
||||
? new Date(creationDate.getTime() + getRing().getPublicKey().getValidSeconds() * 1000) : null;
|
||||
Date creationDate = getPublicKey().getCreationTime();
|
||||
Date expiryDate = getPublicKey().getExpiryTime();
|
||||
|
||||
Date now = new Date();
|
||||
return creationDate.after(now) || (expiryDate != null && expiryDate.before(now));
|
||||
|
||||
@ -20,8 +20,16 @@ package org.sufficientlysecure.keychain.pgp;
|
||||
|
||||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
import java.util.GregorianCalendar;
|
||||
import java.util.Iterator;
|
||||
|
||||
/** Wrapper for a PGPPublicKey.
|
||||
*
|
||||
@ -100,6 +108,72 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
|
||||
return false;
|
||||
}
|
||||
|
||||
public boolean isRevoked() {
|
||||
return mPublicKey.getSignaturesOfType(isMasterKey()
|
||||
? PGPSignature.KEY_REVOCATION
|
||||
: PGPSignature.SUBKEY_REVOCATION).hasNext();
|
||||
}
|
||||
|
||||
public boolean isExpired () {
|
||||
Date expiry = getExpiryTime();
|
||||
return expiry != null && expiry.before(new Date());
|
||||
}
|
||||
|
||||
public long getValidSeconds() {
|
||||
|
||||
long seconds;
|
||||
|
||||
// the getValidSeconds method is unreliable for master keys. we need to iterate all
|
||||
// user ids, then use the most recent certification from a non-revoked user id
|
||||
if (isMasterKey()) {
|
||||
Date latestCreation = null;
|
||||
seconds = 0;
|
||||
|
||||
for (byte[] rawUserId : getUnorderedRawUserIds()) {
|
||||
Iterator<WrappedSignature> sigs = getSignaturesForRawId(rawUserId);
|
||||
|
||||
// there is always a certification, so this call is safe
|
||||
WrappedSignature sig = sigs.next();
|
||||
|
||||
// we know a user id has at most two sigs: one certification, one revocation.
|
||||
// if the sig is a revocation, or there is another sig (which is a revocation),
|
||||
// the data in this uid is not relevant
|
||||
if (sig.isRevocation() || sigs.hasNext()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// this is our revocation, UNLESS there is a newer certificate!
|
||||
if (latestCreation == null || latestCreation.before(sig.getCreationTime())) {
|
||||
latestCreation = sig.getCreationTime();
|
||||
seconds = sig.getKeyExpirySeconds();
|
||||
}
|
||||
}
|
||||
} else {
|
||||
seconds = mPublicKey.getValidSeconds();
|
||||
}
|
||||
|
||||
return seconds;
|
||||
}
|
||||
|
||||
public Date getExpiryTime() {
|
||||
long seconds = getValidSeconds();
|
||||
|
||||
if (seconds > Integer.MAX_VALUE) {
|
||||
Log.e(Constants.TAG, "error, expiry time too large");
|
||||
return null;
|
||||
}
|
||||
if (seconds == 0) {
|
||||
// no expiry
|
||||
return null;
|
||||
}
|
||||
Date creationDate = getCreationTime();
|
||||
Calendar calendar = GregorianCalendar.getInstance();
|
||||
calendar.setTime(creationDate);
|
||||
calendar.add(Calendar.SECOND, (int) seconds);
|
||||
|
||||
return calendar.getTime();
|
||||
}
|
||||
|
||||
/** Same method as superclass, but we make it public. */
|
||||
public Integer getKeyUsage() {
|
||||
return super.getKeyUsage();
|
||||
|
||||
@ -439,8 +439,8 @@ public class PgpKeyOperation {
|
||||
// since this is the master key, this contains at least CERTIFY_OTHER
|
||||
PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
|
||||
int masterKeyFlags = readKeyFlags(masterPublicKey) | KeyFlags.CERTIFY_OTHER;
|
||||
long masterKeyExpiry = masterPublicKey.getValidSeconds() == 0L ? 0L :
|
||||
masterPublicKey.getCreationTime().getTime() / 1000 + masterPublicKey.getValidSeconds();
|
||||
Date expiryTime = wsKR.getPublicKey().getExpiryTime();
|
||||
long masterKeyExpiry = expiryTime != null ? expiryTime.getTime() / 1000 : 0L;
|
||||
|
||||
return internal(sKR, masterSecretKey, masterKeyFlags, masterKeyExpiry, saveParcel, passphrase, log);
|
||||
|
||||
|
||||
@ -60,24 +60,6 @@ public class UncachedPublicKey {
|
||||
return mPublicKey.getCreationTime();
|
||||
}
|
||||
|
||||
public Date getExpiryTime() {
|
||||
long seconds = mPublicKey.getValidSeconds();
|
||||
if (seconds > Integer.MAX_VALUE) {
|
||||
Log.e(Constants.TAG, "error, expiry time too large");
|
||||
return null;
|
||||
}
|
||||
if (seconds == 0) {
|
||||
// no expiry
|
||||
return null;
|
||||
}
|
||||
Date creationDate = getCreationTime();
|
||||
Calendar calendar = GregorianCalendar.getInstance();
|
||||
calendar.setTime(creationDate);
|
||||
calendar.add(Calendar.SECOND, (int) seconds);
|
||||
|
||||
return calendar.getTime();
|
||||
}
|
||||
|
||||
public boolean isExpired() {
|
||||
Date creationDate = mPublicKey.getCreationTime();
|
||||
Date expiryDate = mPublicKey.getValidSeconds() > 0
|
||||
|
||||
@ -78,6 +78,10 @@ public class WrappedSignature {
|
||||
return mSig.getCreationTime();
|
||||
}
|
||||
|
||||
public long getKeyExpirySeconds() {
|
||||
return mSig.getHashedSubPackets().getKeyExpirationTime();
|
||||
}
|
||||
|
||||
public ArrayList<WrappedSignature> getEmbeddedSignatures() {
|
||||
ArrayList<WrappedSignature> sigs = new ArrayList<>();
|
||||
if (!mSig.hasSubpackets()) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user