diff --git a/src/key.js b/src/key.js index 93dbb556..49418e60 100644 --- a/src/key.js +++ b/src/key.js @@ -437,18 +437,17 @@ Key.prototype.getExpirationTime = async function() { return getExpirationTime(this.primaryKey); } if (this.primaryKey.version === 4) { - let validUsers = await this.getValidUsers(new Date(), true); - if (!validUsers.length) { - return null; + const validUsers = await this.getValidUsers(null, true); + let highest = null; + for (let i = 0; i < validUsers.length; i++) { + const selfCert = validUsers[i].selfCertification; + const current = Math.min(+getExpirationTime(this.primaryKey, selfCert), +selfCert.getExpirationTime()); + if (current === Infinity) { + return Infinity; + } + highest = current > highest ? current : highest; } - validUsers = validUsers.sort(function(a, b) { - const A = a.selfCertification; - const B = b.selfCertification; - const expTimeA = !A.signatureNeverExpires ? A.created.getTime() + A.signatureExpirationTime*1000 : Infinity; - const expTimeB = !B.signatureNeverExpires ? B.created.getTime() + B.signatureExpirationTime*1000 : Infinity; - return expTimeA - expTimeB; - }); - return getExpirationTime(this.primaryKey, validUsers.pop().selfCertification); + return util.normalizeDate(highest); } }; @@ -478,7 +477,7 @@ Key.prototype.getPrimaryUser = async function(date=new Date()) { /** * Returns an array containing all valid users for a key * @param {Date} date use the given date for verification instead of the current time - * @param {bool} whether to allow expired self certifications + * @param {bool} include users with expired certifications * @returns {Promise>} The valid user array * @async @@ -983,17 +982,15 @@ SubKey.prototype.verify = async function(primaryKey, date=new Date()) { * @returns {Date} */ SubKey.prototype.getExpirationTime = function() { - let highest; + let highest = null; for (let i = 0; i < this.bindingSignatures.length; i++) { - const current = getExpirationTime(this.subKey, this.bindingSignatures[i]); + const current = Math.min(+getExpirationTime(this.subKey, this.bindingSignatures[i]), +this.bindingSignatures[i].getExpirationTime()); if (current === Infinity) { return Infinity; } - if (!highest || current > highest) { - highest = current; - } + highest = current > highest ? current : highest; } - return highest; + return util.normalizeDate(highest); }; /** @@ -1359,13 +1356,14 @@ function isDataExpired(keyPacket, signature, date=new Date()) { const normDate = util.normalizeDate(date); if (normDate !== null) { const expirationTime = getExpirationTime(keyPacket, signature); - return !(keyPacket.created <= normDate && normDate < expirationTime); + return !(keyPacket.created <= normDate && normDate < expirationTime) || + (signature && signature.isExpired(date)); } return false; } function getExpirationTime(keyPacket, signature) { - let expirationTime = Infinity; + let expirationTime; // check V3 expiration time if (keyPacket.version === 3 && keyPacket.expirationTimeV3 !== 0) { expirationTime = keyPacket.created.getTime() + keyPacket.expirationTimeV3*24*3600*1000; @@ -1374,10 +1372,7 @@ function getExpirationTime(keyPacket, signature) { if (keyPacket.version === 4 && signature.keyNeverExpires === false) { expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime*1000; } - if (keyPacket.version === 4 && signature.signatureNeverExpires === false) { - expirationTime = Math.min(expirationTime, keyPacket.created.getTime() + signature.signatureExpirationTime*1000); - } - return expirationTime !== Infinity ? new Date(expirationTime) : Infinity; + return expirationTime ? new Date(expirationTime) : Infinity; } /** diff --git a/src/packet/signature.js b/src/packet/signature.js index 0b7acbcd..7131770a 100644 --- a/src/packet/signature.js +++ b/src/packet/signature.js @@ -673,12 +673,20 @@ Signature.prototype.verify = async function (key, data) { Signature.prototype.isExpired = function (date=new Date()) { const normDate = util.normalizeDate(date); if (normDate !== null) { - const expirationTime = !this.signatureNeverExpires ? this.created.getTime() + this.signatureExpirationTime*1000 : Infinity; + const expirationTime = this.getExpirationTime(); return !(this.created <= normDate && normDate < expirationTime); } return false; }; +/** + * Returns the expiration time of the signature or Infinity if signature does not expire + * @returns {Date} expiration time + */ +Signature.prototype.getExpirationTime = function () { + return !this.signatureNeverExpires ? new Date(this.created.getTime() + this.signatureExpirationTime*1000) : Infinity; +}; + /** * Fix custom types after cloning */ diff --git a/test/general/key.js b/test/general/key.js index 71282267..1349b65e 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -721,6 +721,21 @@ describe('Key', function() { '=6XMW', '-----END PGP PUBLIC KEY BLOCK-----'].join('\n'); + const expiredKey = + `-----BEGIN PGP PRIVATE KEY BLOCK----- + + xcA4BAAAAAEBAgCgONc0J8rfO6cJw5YTP38x1ze2tAYIO7EcmRCNYwMkXngb + 0Qdzg34Q5RW0rNiR56VB6KElPUhePRPVklLFiIvHABEBAAEAAf9qabYMzsz/ + /LeRVZSsTgTljmJTdzd2ambUbpi+vt8MXJsbaWh71vjoLMWSXajaKSPDjVU5 + waFNt9kLqwGGGLqpAQD5ZdMH2XzTq6GU9Ka69iZs6Pbnzwdz59Vc3i8hXlUj + zQEApHargCTsrtvSrm+hK/pN51/BHAy9lxCAw9f2etx+AeMA/RGrijkFZtYt + jeWdv/usXL3mgHvEcJv63N5zcEvDX5X4W1bND3Rlc3QxIDxhQGIuY29tPsJ7 + BBABCAAvBQIAAAABBQMAAAU5BgsJBwgDAgkQzcF99nGrkAkEFQgKAgMWAgEC + GQECGwMCHgEAABAlAfwPehmLZs+gOhOTTaSslqQ50bl/REjmv42Nyr1ZBlQS + DECl1Qu4QyeXin29uEXWiekMpNlZVsEuc8icCw6ABhIZ + =/7PI + -----END PGP PRIVATE KEY BLOCK-----`; + it('Parsing armored text with two keys', function(done) { const pubKeys = openpgp.key.readArmored(twoKeys); expect(pubKeys).to.exist; @@ -823,6 +838,14 @@ describe('Key', function() { expect(expirationTime.toISOString()).to.be.equal('2018-11-26T10:58:29.000Z'); }); + it('Method getExpirationTime expired V4 Key', async function() { + const pubKey = openpgp.key.readArmored(expiredKey).keys[0]; + expect(pubKey).to.exist; + expect(pubKey).to.be.an.instanceof(openpgp.key.Key); + const expirationTime = await pubKey.getExpirationTime(); + expect(expirationTime.toISOString()).to.be.equal('1970-01-01T00:22:18.000Z'); + }); + it('Method getExpirationTime V4 SubKey', async function() { const pubKey = openpgp.key.readArmored(twoKeys).keys[1]; expect(pubKey).to.exist;