suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check creation time in expiration checks

Browse Source
This commit is contained in:
KAYLukas 2018-02-22 00:41:12 +01:00
parent 56ad9a00e0
commit a5b30468ef
3 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/key.js
View File

@ -452,11 +452,15 @@ Key.prototype.verifyPrimaryKey = async function(date=new Date()) {
await this.revocationSignature.verify(this.primaryKey, { key: this.primaryKey }))) { await this.revocationSignature.verify(this.primaryKey, { key: this.primaryKey }))) {
return enums.keyStatus.revoked; return enums.keyStatus.revoked;
} }
const creationTime = this.primaryKey.created.getTime();
const currentTime = util.normalizeDate(date);
// check V3 expiration time // check V3 expiration time
if (date !== null && this.primaryKey.version === 3 && this.primaryKey.expirationTimeV3 !== 0 && if (date !== null && this.primaryKey.version === 3) {
util.normalizeDate(date) > (this.primaryKey.created.getTime() + this.primaryKey.expirationTimeV3*24*3600*1000)) { const expirationTimeV3 = creationTime + (this.primaryKey.expirationTimeV3*24*3600*1000 || Infinity);
if (!(creationTime <= currentTime && currentTime < expirationTimeV3)) {
return enums.keyStatus.expired; return enums.keyStatus.expired;
} }
}
// check for at least one self signature. Self signature of user ID not mandatory // check for at least one self signature. Self signature of user ID not mandatory
// See {@link https://tools.ietf.org/html/rfc4880#section-11.1} // See {@link https://tools.ietf.org/html/rfc4880#section-11.1}
if (!this.users.some(user => user.userId && user.selfCertifications)) { if (!this.users.some(user => user.userId && user.selfCertifications)) {
@ -469,10 +473,12 @@ Key.prototype.verifyPrimaryKey = async function(date=new Date()) {
return enums.keyStatus.invalid; return enums.keyStatus.invalid;
} }
// check V4 expiration time // check V4 expiration time
if (date !== null && this.primaryKey.version === 4 && primaryUser.selfCertificate.keyNeverExpires === false && if (date !== null && this.primaryKey.version === 4) {
util.normalizeDate(date) > (this.primaryKey.created.getTime() + primaryUser.selfCertificate.keyExpirationTime*1000)) { const expirationTime = primaryUser.selfCertificate.keyNeverExpires === false ? creationTime + primaryUser.selfCertificate.keyExpirationTime*1000 : Infinity;
if (!(creationTime <= currentTime && currentTime < expirationTime)) {
return enums.keyStatus.expired; return enums.keyStatus.expired;
} }
}
return enums.keyStatus.valid; return enums.keyStatus.valid;
}; };
@ -1001,11 +1007,15 @@ SubKey.prototype.verify = async function(primaryKey, date=new Date()) {
await this.revocationSignature.verify(primaryKey, { key: primaryKey, bind: this.subKey }))) { await this.revocationSignature.verify(primaryKey, { key: primaryKey, bind: this.subKey }))) {
return enums.keyStatus.revoked; return enums.keyStatus.revoked;
} }
const creationTime = this.subKey.created.getTime();
const currentTime = util.normalizeDate(date);
// check V3 expiration time // check V3 expiration time
if (date !== null && this.subKey.version === 3 && this.subKey.expirationTimeV3 !== 0 && if (currentTime !== null && this.subKey.version === 3) {
util.normalizeDate(date) > (this.subKey.created.getTime() + this.subKey.expirationTimeV3*24*3600*1000)) { const expirationTime = creationTime + (this.subKey.expirationTimeV3*24*3600*1000 || Infinity);
if (!(creationTime <= currentTime && currentTime < expirationTime)) {
return enums.keyStatus.expired; return enums.keyStatus.expired;
} }
}
// check subkey binding signatures (at least one valid binding sig needed) // check subkey binding signatures (at least one valid binding sig needed)
// TODO replace when Promise.some or Promise.any are implemented // TODO replace when Promise.some or Promise.any are implemented
const results = [enums.keyStatus.invalid].concat(await Promise.all(this.bindingSignatures.map(async function(bindingSignature) { const results = [enums.keyStatus.invalid].concat(await Promise.all(this.bindingSignatures.map(async function(bindingSignature) {
@ -1019,9 +1029,9 @@ SubKey.prototype.verify = async function(primaryKey, date=new Date()) {
return enums.keyStatus.invalid; // last invalid binding signature return enums.keyStatus.invalid; // last invalid binding signature
} }
// check V4 expiration time // check V4 expiration time
if (that.subKey.version === 4) { if (that.subKey.version === 4 && currentTime !== null) {
if (date !== null && bindingSignature.keyNeverExpires === false && const expirationTime = bindingSignature.keyNeverExpires === false ? (creationTime + bindingSignature.keyExpirationTime*1000) : Infinity;
util.normalizeDate(date) > (that.subKey.created.getTime() + bindingSignature.keyExpirationTime*1000)) { if (!(creationTime <= currentTime && currentTime < expirationTime)) {
return enums.keyStatus.expired; // last V4 expired binding signature return enums.keyStatus.expired; // last V4 expired binding signature
} }
} }

4
src/packet/signature.js
View File

@ -666,8 +666,8 @@ Signature.prototype.verify = async function (key, data) {
* @return {Boolean} true if expired * @return {Boolean} true if expired
*/ */
Signature.prototype.isExpired = function (date=new Date()) { Signature.prototype.isExpired = function (date=new Date()) {
if (!this.signatureNeverExpires && date !== null) { if (date !== null) {
const expirationTime = this.created.getTime() + this.signatureExpirationTime*1000; const expirationTime = !this.signatureNeverExpires ? this.created.getTime() + this.signatureExpirationTime*1000 : Infinity;
const normDate = util.normalizeDate(date); const normDate = util.normalizeDate(date);
return !(this.created <= normDate && normDate < expirationTime); return !(this.created <= normDate && normDate < expirationTime);
} }