diff options
author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-03-15 19:18:35 +0100 |
---|---|---|
committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-03-15 19:20:03 +0100 |
commit | db39b779c984a758e13adc16837893509f3b364f (patch) | |
tree | 394be794f296d1243f8ede01291050d01ad11ab7 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp | |
parent | 809cd6e495f35c88be656538f5de47bbbc6a824a (diff) | |
download | open-keychain-db39b779c984a758e13adc16837893509f3b364f.tar.gz open-keychain-db39b779c984a758e13adc16837893509f3b364f.tar.bz2 open-keychain-db39b779c984a758e13adc16837893509f3b364f.zip |
fix expiry of master keys
fixes #1141
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java index 303070333..8104c5249 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java @@ -126,26 +126,27 @@ public class CanonicalizedPublicKey extends UncachedPublicKey { // the getValidSeconds method is unreliable for master keys. we need to iterate all // user ids, then use the most recent certification from a non-revoked user id if (isMasterKey()) { - Date latestCreation = null; seconds = 0; + long masterKeyId = getKeyId(); + + Date latestCreation = null; for (byte[] rawUserId : getUnorderedRawUserIds()) { Iterator<WrappedSignature> sigs = getSignaturesForRawId(rawUserId); + while (sigs.hasNext()) { + WrappedSignature sig = sigs.next(); + if (sig.getKeyId() != masterKeyId) { + continue; + } + if (sig.isRevocation()) { + continue; + } + + if (latestCreation == null || latestCreation.before(sig.getCreationTime())) { + latestCreation = sig.getCreationTime(); + seconds = sig.getKeyExpirySeconds(); + } - // there is always a certification, so this call is safe - WrappedSignature sig = sigs.next(); - - // we know a user id has at most two sigs: one certification, one revocation. - // if the sig is a revocation, or there is another sig (which is a revocation), - // the data in this uid is not relevant - if (sig.isRevocation() || sigs.hasNext()) { - continue; - } - - // this is our revocation, UNLESS there is a newer certificate! - if (latestCreation == null || latestCreation.before(sig.getCreationTime())) { - latestCreation = sig.getCreationTime(); - seconds = sig.getKeyExpirySeconds(); } } } else { |