Consider non-expired signatures from expired keys to still be valid
This commit is contained in:
Daniel Huigens
parent
ff86b00315
commit
92230d2055
|
|
@ -617,7 +617,7 @@ async function createVerificationObject(signature, literalDataList, keys, date=n
|
||||||
let keyPacket = null;
|
let keyPacket = null;
|
||||||
await Promise.all(keys.map(async function(key) {
|
await Promise.all(keys.map(async function(key) {
|
||||||
// Look for the unique key that matches issuerKeyId of signature
|
// Look for the unique key that matches issuerKeyId of signature
|
||||||
const result = await key.getSigningKey(signature.issuerKeyId, date);
|
const result = await key.getSigningKey(signature.issuerKeyId, null);
|
||||||
if (result) {
|
if (result) {
|
||||||
keyPacket = result.keyPacket;
|
keyPacket = result.keyPacket;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -793,10 +793,9 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message:message }).then(function(verified) {
|
return openpgp.verify({ publicKeys:[pubKey], message:message }).then(function(verified) {
|
||||||
expect(verified).to.exist;
|
expect(verified).to.exist;
|
||||||
expect(verified.signatures).to.have.length(1);
|
expect(verified.signatures).to.have.length(1);
|
||||||
expect(verified.signatures[0].valid).to.not.be.true;
|
expect(verified.signatures[0].valid).to.be.true;
|
||||||
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Verify test with expired verification public key and disable expiration checks using null date', async function() {
|
it('Verify test with expired verification public key and disable expiration checks using null date', async function() {
|
||||||
|
|
@ -808,31 +807,6 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
expect(verified.signatures[0].valid).to.be.true;
|
expect(verified.signatures[0].valid).to.be.true;
|
||||||
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
it('Verify test with expired verification public key', async function() {
|
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_expired)).keys[0];
|
|
||||||
const message = await openpgp.message.readArmored(msg_sig_expired);
|
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message:message }).then(function(verified) {
|
|
||||||
expect(verified).to.exist;
|
|
||||||
expect(verified.signatures).to.have.length(1);
|
|
||||||
expect(verified.signatures[0].valid).to.not.be.true;
|
|
||||||
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
|
||||||
});
|
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
it('Verify test with expired verification public key and disable expiration checks using null date', async function() {
|
|
||||||
const pubKey = (await openpgp.key.readArmored(pub_expired)).keys[0];
|
|
||||||
const message = await openpgp.message.readArmored(msg_sig_expired);
|
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message:message, date: null }).then(function(verified) {
|
|
||||||
expect(verified).to.exist;
|
|
||||||
expect(verified.signatures).to.have.length(1);
|
|
||||||
expect(verified.signatures[0].valid).to.be.true;
|
|
||||||
expect(verified.signatures[0].signature.packets.length).to.equal(1);
|
|
||||||
});
|
|
||||||
|
|
||||||
});
|
});
|
||||||
|
|
||||||
// TODO add test with multiple revocation signatures
|
// TODO add test with multiple revocation signatures
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user