some fixes, add expired key test

2025-03-30 15:08:32 +00:00 · 2018-03-17 05:00:45 -07:00 · 2018-03-17 05:00:45 -07:00 · 75cd4e5e6f
commit 75cd4e5e6f
parent c0ceffe998
3 changed files with 51 additions and 25 deletions
--- a/src/key.js
+++ b/src/key.js
@ -437,18 +437,17 @@ Key.prototype.getExpirationTime = async function() {
    return getExpirationTime(this.primaryKey);
  }
  if (this.primaryKey.version === 4) {
-    let validUsers = await this.getValidUsers(new Date(), true);
-    if (!validUsers.length) {
-      return null;
+    const validUsers = await this.getValidUsers(null, true);
+    let highest = null;
+    for (let i = 0; i < validUsers.length; i++) {
+      const selfCert = validUsers[i].selfCertification;
+      const current = Math.min(+getExpirationTime(this.primaryKey, selfCert), +selfCert.getExpirationTime());
+      if (current === Infinity) {
+        return Infinity;
+      }
+      highest = current > highest ? current : highest;
    }
-    validUsers = validUsers.sort(function(a, b) {
-      const A = a.selfCertification;
-      const B = b.selfCertification;
-      const expTimeA = !A.signatureNeverExpires ? A.created.getTime() + A.signatureExpirationTime*1000 : Infinity;
-      const expTimeB = !B.signatureNeverExpires ? B.created.getTime() + B.signatureExpirationTime*1000 : Infinity;
-      return expTimeA - expTimeB;
-    });
-    return getExpirationTime(this.primaryKey, validUsers.pop().selfCertification);
+    return util.normalizeDate(highest);
  }
 };

@ -478,7 +477,7 @@ Key.prototype.getPrimaryUser = async function(date=new Date()) {
 /**
 * Returns an array containing all valid users for a key
 * @param  {Date} date use the given date for verification instead of the current time
- * @param  {bool} whether to allow expired self certifications
+ * @param  {bool} include users with expired certifications
 * @returns {Promise<Array<{user: module:key.User,
 *                    selfCertification: module:packet.Signature}>>} The valid user array
 * @async
@ -983,17 +982,15 @@ SubKey.prototype.verify = async function(primaryKey, date=new Date()) {
 * @returns {Date}
 */
 SubKey.prototype.getExpirationTime = function() {
-  let highest;
+  let highest = null;
  for (let i = 0; i < this.bindingSignatures.length; i++) {
-    const current = getExpirationTime(this.subKey, this.bindingSignatures[i]);
+    const current = Math.min(+getExpirationTime(this.subKey, this.bindingSignatures[i]), +this.bindingSignatures[i].getExpirationTime());
    if (current === Infinity) {
      return Infinity;
    }
-    if (!highest || current > highest) {
-      highest = current;
-    }
+    highest = current > highest ? current : highest;
  }
-  return highest;
+  return util.normalizeDate(highest);
 };

 /**
@ -1359,13 +1356,14 @@ function isDataExpired(keyPacket, signature, date=new Date()) {
  const normDate = util.normalizeDate(date);
  if (normDate !== null) {
    const expirationTime = getExpirationTime(keyPacket, signature);
-    return !(keyPacket.created <= normDate && normDate < expirationTime);
+    return !(keyPacket.created <= normDate && normDate < expirationTime) ||
+      (signature && signature.isExpired(date));
  }
  return false;
 }

 function getExpirationTime(keyPacket, signature) {
-  let expirationTime = Infinity;
+  let expirationTime;
  // check V3 expiration time
  if (keyPacket.version === 3 && keyPacket.expirationTimeV3 !== 0) {
    expirationTime = keyPacket.created.getTime() + keyPacket.expirationTimeV3*24*3600*1000;
@ -1374,10 +1372,7 @@ function getExpirationTime(keyPacket, signature) {
  if (keyPacket.version === 4 && signature.keyNeverExpires === false) {
    expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime*1000;
  }
-  if (keyPacket.version === 4 && signature.signatureNeverExpires === false) {
-    expirationTime = Math.min(expirationTime, keyPacket.created.getTime() + signature.signatureExpirationTime*1000);
-  }
-  return expirationTime !== Infinity ? new Date(expirationTime) : Infinity;
+  return expirationTime ? new Date(expirationTime) : Infinity;
 }

 /**
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@ -673,12 +673,20 @@ Signature.prototype.verify = async function (key, data) {
 Signature.prototype.isExpired = function (date=new Date()) {
  const normDate = util.normalizeDate(date);
  if (normDate !== null) {
-    const expirationTime = !this.signatureNeverExpires ? this.created.getTime() + this.signatureExpirationTime*1000 : Infinity;
+    const expirationTime = this.getExpirationTime();
    return !(this.created <= normDate && normDate < expirationTime);
  }
  return false;
 };

+/**
+ * Returns the expiration time of the signature or Infinity if signature does not expire
+ * @returns {Date} expiration time
+ */
+Signature.prototype.getExpirationTime = function () {
+  return !this.signatureNeverExpires ? new Date(this.created.getTime() + this.signatureExpirationTime*1000) : Infinity;
+};
+
 /**
 * Fix custom types after cloning
 */
--- a/test/general/key.js
+++ b/test/general/key.js
@ -721,6 +721,21 @@ describe('Key', function() {
    '=6XMW',
    '-----END PGP PUBLIC KEY BLOCK-----'].join('\n');

+    const expiredKey =
+    `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+    xcA4BAAAAAEBAgCgONc0J8rfO6cJw5YTP38x1ze2tAYIO7EcmRCNYwMkXngb
+    0Qdzg34Q5RW0rNiR56VB6KElPUhePRPVklLFiIvHABEBAAEAAf9qabYMzsz/
+    /LeRVZSsTgTljmJTdzd2ambUbpi+vt8MXJsbaWh71vjoLMWSXajaKSPDjVU5
+    waFNt9kLqwGGGLqpAQD5ZdMH2XzTq6GU9Ka69iZs6Pbnzwdz59Vc3i8hXlUj
+    zQEApHargCTsrtvSrm+hK/pN51/BHAy9lxCAw9f2etx+AeMA/RGrijkFZtYt
+    jeWdv/usXL3mgHvEcJv63N5zcEvDX5X4W1bND3Rlc3QxIDxhQGIuY29tPsJ7
+    BBABCAAvBQIAAAABBQMAAAU5BgsJBwgDAgkQzcF99nGrkAkEFQgKAgMWAgEC
+    GQECGwMCHgEAABAlAfwPehmLZs+gOhOTTaSslqQ50bl/REjmv42Nyr1ZBlQS
+    DECl1Qu4QyeXin29uEXWiekMpNlZVsEuc8icCw6ABhIZ
+    =/7PI
+    -----END PGP PRIVATE KEY BLOCK-----`;
+
  it('Parsing armored text with two keys', function(done) {
    const pubKeys = openpgp.key.readArmored(twoKeys);
    expect(pubKeys).to.exist;
@ -823,6 +838,14 @@ describe('Key', function() {
    expect(expirationTime.toISOString()).to.be.equal('2018-11-26T10:58:29.000Z');
  });

+  it('Method getExpirationTime expired V4 Key', async function() {
+    const pubKey = openpgp.key.readArmored(expiredKey).keys[0];
+    expect(pubKey).to.exist;
+    expect(pubKey).to.be.an.instanceof(openpgp.key.Key);
+    const expirationTime = await pubKey.getExpirationTime();
+    expect(expirationTime.toISOString()).to.be.equal('1970-01-01T00:22:18.000Z');
+  });
+
  it('Method getExpirationTime V4 SubKey', async function() {
    const pubKey = openpgp.key.readArmored(twoKeys).keys[1];
    expect(pubKey).to.exist;