From 787965981a1d39baf64e75974993b9fbbaf99b43 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Mon, 10 Dec 2018 15:20:24 +0100
Subject: [PATCH] Check whether message signatures are expired when verifying
 them

---
 src/message.js | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/message.js b/src/message.js
index edc1b48d..7a6b4b5f 100644
--- a/src/message.js
+++ b/src/message.js
@@ -623,17 +623,28 @@ async function createVerificationObject(signature, literalDataList, keys, date=n
     }
   }));
 
+  const signaturePacket = signature.correspondingSig || signature;
   const verifiedSig = {
     keyid: signature.issuerKeyId,
-    verified: keyPacket ? signature.verify(keyPacket, signature.signatureType, literalDataList[0]) : Promise.resolve(null)
+    verified: (async () => {
+      if (!keyPacket) {
+        return null;
+      }
+      const verified = await signature.verify(keyPacket, signature.signatureType, literalDataList[0]);
+      const sig = await signaturePacket;
+      if (sig.isExpired(date)) {
+        return false;
+      }
+      return verified;
+    })(),
+    signature: (async () => {
+      const sig = await signaturePacket;
+      const packetlist = new packet.List();
+      packetlist.push(sig);
+      return new Signature(packetlist);
+    })()
   };
 
-  verifiedSig.signature = Promise.resolve(signature.correspondingSig || signature).then(signature => {
-    const packetlist = new packet.List();
-    packetlist.push(signature);
-    return new Signature(packetlist);
-  });
-
   // Mark potential promise rejections as "handled". This is needed because in
   // some cases, we reject them before the user has a reasonable chance to
   // handle them (e.g. `await readToEnd(result.data); await result.verified` and