From 39c7374d70678dd97d1db2b76a4baada11567128 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Wed, 18 Apr 2018 14:15:34 +0200
Subject: [PATCH] Only consider most recent user self certification

---
 src/key.js | 42 ++++++++++++++++++++----------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/src/key.js b/src/key.js
index 6734cf2c..90d2c759 100644
--- a/src/key.js
+++ b/src/key.js
@@ -528,29 +528,27 @@ Key.prototype.getValidUsers = async function(date=new Date(), allowExpired=false
       return;
     }
     const dataToVerify = { userid: user.userId , key: primaryKey };
-    for (let j = 0; j < user.selfCertifications.length; j++) {
-      const cert = user.selfCertifications[j];
-      // skip if certificate is not the most recent
-      if ((cert.isPrimaryUserID && cert.isPrimaryUserID < lastPrimaryUserID) ||
-          (!lastPrimaryUserID && cert.created < lastCreated)) {
-        continue;
-      }
-      // skip if certificates is invalid, revoked, or expired
-      // eslint-disable-next-line no-await-in-loop
-      if (!(cert.verified || await cert.verify(primaryKey, dataToVerify))) {
-        continue;
-      }
-      // eslint-disable-next-line no-await-in-loop
-      if (cert.revoked || await user.isRevoked(primaryKey, cert, null, date)) {
-        continue;
-      }
-      if (!allowExpired && cert.isExpired(date)) {
-        continue;
-      }
-      lastPrimaryUserID = cert.isPrimaryUserID;
-      lastCreated = cert.created;
-      validUsers.push({ index: i, user: user, selfCertification: cert });
+    const cert = getLatestSignature(user.selfCertifications);
+    // skip if certificate is not the most recent
+    if ((cert.isPrimaryUserID && cert.isPrimaryUserID < lastPrimaryUserID) ||
+        (!lastPrimaryUserID && cert.created < lastCreated)) {
+      continue;
     }
+    // skip if certificates is invalid, revoked, or expired
+    // eslint-disable-next-line no-await-in-loop
+    if (!(cert.verified || await cert.verify(primaryKey, dataToVerify))) {
+      continue;
+    }
+    // eslint-disable-next-line no-await-in-loop
+    if (cert.revoked || await user.isRevoked(primaryKey, cert, null, date)) {
+      continue;
+    }
+    if (!allowExpired && cert.isExpired(date)) {
+      continue;
+    }
+    lastPrimaryUserID = cert.isPrimaryUserID;
+    lastCreated = cert.created;
+    validUsers.push({ index: i, user: user, selfCertification: cert });
   }
   return validUsers;
 };