Merge pull request #673 from openpgpjs/exp_time

Calculate expiration time of already expired keys
2018-03-17 09:05:10 -07:00 · 2018-03-17 09:05:10 -07:00 · 66f9faaa63
commit 66f9faaa63
parent 4eab6e68e9 75cd4e5e6f
3 changed files with 76 additions and 26 deletions
--- a/src/key.js
+++ b/src/key.js
@ -437,11 +437,17 @@ Key.prototype.getExpirationTime = async function() {
    return getExpirationTime(this.primaryKey);
  }
  if (this.primaryKey.version === 4) {
-    const primaryUser = await this.getPrimaryUser();
-    if (!primaryUser) {
-      return null;
+    const validUsers = await this.getValidUsers(null, true);
+    let highest = null;
+    for (let i = 0; i < validUsers.length; i++) {
+      const selfCert = validUsers[i].selfCertification;
+      const current = Math.min(+getExpirationTime(this.primaryKey, selfCert), +selfCert.getExpirationTime());
+      if (current === Infinity) {
+        return Infinity;
+      }
+      highest = current > highest ? current : highest;
    }
-    return getExpirationTime(this.primaryKey, primaryUser.selfCertification);
+    return util.normalizeDate(highest);
  }
 };

@ -450,13 +456,35 @@ Key.prototype.getExpirationTime = async function() {
 * - if multiple primary users exist, returns the one with the latest self signature
 * - otherwise, returns the user with the latest self signature
 * @param  {Date} date use the given date for verification instead of the current time
- * @returns {Promise<{user: Array<module:key.User>,
- *                    selfCertification: Array<module:packet.Signature>}>} The primary user and the self signature
+ * @returns {Promise<{user: module:key.User,
+ *                    selfCertification: module:packet.Signature}>} The primary user and the self signature
 * @async
 */
 Key.prototype.getPrimaryUser = async function(date=new Date()) {
+  let validUsers = await this.getValidUsers(date);
+  if (!validUsers.length) {
+    return null;
+  }
+  // sort by primary user flag and signature creation time
+  validUsers = validUsers.sort(function(a, b) {
+    const A = a.selfCertification;
+    const B = b.selfCertification;
+    return (A.isPrimaryUserID - B.isPrimaryUserID) || (A.created - B.created);
+  });
+  return validUsers.pop();
+};
+
+/**
+ * Returns an array containing all valid users for a key
+ * @param  {Date} date use the given date for verification instead of the current time
+ * @param  {bool} include users with expired certifications
+ * @returns {Promise<Array<{user: module:key.User,
+ *                    selfCertification: module:packet.Signature}>>} The valid user array
+ * @async
+ */
+Key.prototype.getValidUsers = async function(date=new Date(), allowExpired=false) {
  const { primaryKey } = this;
-  let primaryUsers = [];
+  const validUsers = [];
  let lastCreated = null;
  let lastPrimaryUserID = null;
  // TODO replace when Promise.forEach is implemented
@ -482,23 +510,16 @@ Key.prototype.getPrimaryUser = async function(date=new Date()) {
      if (cert.revoked || await user.isRevoked(primaryKey, cert, null, date)) {
        continue;
      }
-      if (cert.isExpired(date)) {
+      if (!allowExpired && cert.isExpired(date)) {
        continue;
      }
      lastPrimaryUserID = cert.isPrimaryUserID;
      lastCreated = cert.created;
-      primaryUsers.push({ index: i, user: user, selfCertification: cert });
+      validUsers.push({ index: i, user: user, selfCertification: cert });
    }
  }
-  // sort by primary user flag and signature creation time
-  primaryUsers = primaryUsers.sort(function(a, b) {
-    const A = a.selfCertification;
-    const B = b.selfCertification;
-    return (A.isPrimaryUserID - B.isPrimaryUserID) || (A.created - B.created);
-  });
-  return primaryUsers.pop();
+  return validUsers;
 };
-
 /**
 * Update key with new components from specified key with same key ID:
 * users, subkeys, certificates are merged into the destination key,
@ -961,17 +982,15 @@ SubKey.prototype.verify = async function(primaryKey, date=new Date()) {
 * @returns {Date}
 */
 SubKey.prototype.getExpirationTime = function() {
-  let highest;
+  let highest = null;
  for (let i = 0; i < this.bindingSignatures.length; i++) {
-    const current = getExpirationTime(this.subKey, this.bindingSignatures[i]);
-    if (current === null) {
-      return null;
-    }
-    if (!highest || current > highest) {
-      highest = current;
+    const current = Math.min(+getExpirationTime(this.subKey, this.bindingSignatures[i]), +this.bindingSignatures[i].getExpirationTime());
+    if (current === Infinity) {
+      return Infinity;
    }
+    highest = current > highest ? current : highest;
  }
-  return highest;
+  return util.normalizeDate(highest);
 };

 /**
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@ -673,12 +673,20 @@ Signature.prototype.verify = async function (key, data) {
 Signature.prototype.isExpired = function (date=new Date()) {
  const normDate = util.normalizeDate(date);
  if (normDate !== null) {
-    const expirationTime = !this.signatureNeverExpires ? this.created.getTime() + this.signatureExpirationTime*1000 : Infinity;
+    const expirationTime = this.getExpirationTime();
    return !(this.created <= normDate && normDate < expirationTime);
  }
  return false;
 };

+/**
+ * Returns the expiration time of the signature or Infinity if signature does not expire
+ * @returns {Date} expiration time
+ */
+Signature.prototype.getExpirationTime = function () {
+  return !this.signatureNeverExpires ? new Date(this.created.getTime() + this.signatureExpirationTime*1000) : Infinity;
+};
+
 /**
 * Fix custom types after cloning
 */
--- a/test/general/key.js
+++ b/test/general/key.js
@ -721,6 +721,21 @@ describe('Key', function() {
    '=6XMW',
    '-----END PGP PUBLIC KEY BLOCK-----'].join('\n');

+    const expiredKey =
+    `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+    xcA4BAAAAAEBAgCgONc0J8rfO6cJw5YTP38x1ze2tAYIO7EcmRCNYwMkXngb
+    0Qdzg34Q5RW0rNiR56VB6KElPUhePRPVklLFiIvHABEBAAEAAf9qabYMzsz/
+    /LeRVZSsTgTljmJTdzd2ambUbpi+vt8MXJsbaWh71vjoLMWSXajaKSPDjVU5
+    waFNt9kLqwGGGLqpAQD5ZdMH2XzTq6GU9Ka69iZs6Pbnzwdz59Vc3i8hXlUj
+    zQEApHargCTsrtvSrm+hK/pN51/BHAy9lxCAw9f2etx+AeMA/RGrijkFZtYt
+    jeWdv/usXL3mgHvEcJv63N5zcEvDX5X4W1bND3Rlc3QxIDxhQGIuY29tPsJ7
+    BBABCAAvBQIAAAABBQMAAAU5BgsJBwgDAgkQzcF99nGrkAkEFQgKAgMWAgEC
+    GQECGwMCHgEAABAlAfwPehmLZs+gOhOTTaSslqQ50bl/REjmv42Nyr1ZBlQS
+    DECl1Qu4QyeXin29uEXWiekMpNlZVsEuc8icCw6ABhIZ
+    =/7PI
+    -----END PGP PRIVATE KEY BLOCK-----`;
+
  it('Parsing armored text with two keys', function(done) {
    const pubKeys = openpgp.key.readArmored(twoKeys);
    expect(pubKeys).to.exist;
@ -823,6 +838,14 @@ describe('Key', function() {
    expect(expirationTime.toISOString()).to.be.equal('2018-11-26T10:58:29.000Z');
  });

+  it('Method getExpirationTime expired V4 Key', async function() {
+    const pubKey = openpgp.key.readArmored(expiredKey).keys[0];
+    expect(pubKey).to.exist;
+    expect(pubKey).to.be.an.instanceof(openpgp.key.Key);
+    const expirationTime = await pubKey.getExpirationTime();
+    expect(expirationTime.toISOString()).to.be.equal('1970-01-01T00:22:18.000Z');
+  });
+
  it('Method getExpirationTime V4 SubKey', async function() {
    const pubKey = openpgp.key.readArmored(twoKeys).keys[1];
    expect(pubKey).to.exist;