diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-12-28 20:57:03 +0100 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-12-28 20:57:03 +0100 |
commit | a86abe04cdea48dd0c736e5b4d3e42463452c6a0 (patch) | |
tree | c11d404896eddfb08e48b57147bf71cb5d56cbb2 /OpenKeychain/src/main/java | |
parent | 7dbf0abf7bbf4a469b97d92f4890f815a5e0c593 (diff) | |
download | open-keychain-a86abe04cdea48dd0c736e5b4d3e42463452c6a0.tar.gz open-keychain-a86abe04cdea48dd0c736e5b4d3e42463452c6a0.tar.bz2 open-keychain-a86abe04cdea48dd0c736e5b4d3e42463452c6a0.zip |
Allow for creation date to be in the future up to one day to account for diverging clocks on different systems for fresh keys
Diffstat (limited to 'OpenKeychain/src/main/java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java index d05ce3d5c..b343c779a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java @@ -49,11 +49,13 @@ import java.io.InputStream; import java.io.OutputStream; import java.util.ArrayList; import java.util.Arrays; +import java.util.Calendar; import java.util.Comparator; import java.util.Date; import java.util.HashSet; import java.util.Iterator; import java.util.Set; +import java.util.TimeZone; import java.util.TreeSet; /** Wrapper around PGPKeyRing class, to be constructed from bytes. @@ -276,7 +278,10 @@ public class UncachedKeyRing { return null; } - final Date now = new Date(); + Calendar nowCal = Calendar.getInstance(TimeZone.getTimeZone("UTC")); + // allow for diverging clocks up to one day when checking creation time + nowCal.add(Calendar.DAY_OF_YEAR, 1); + final Date nowPlusOneDay = nowCal.getTime(); int redundantCerts = 0, badCerts = 0; @@ -321,7 +326,7 @@ public class UncachedKeyRing { continue; } - if (cert.getCreationTime().after(now)) { + if (cert.getCreationTime().after(nowPlusOneDay)) { // Creation date in the future? No way! log.add(LogType.MSG_KC_REVOKE_BAD_TIME, indent); modified = PGPPublicKey.removeCertification(modified, zert); @@ -410,7 +415,7 @@ public class UncachedKeyRing { continue; } - if (cert.getCreationTime().after(now)) { + if (cert.getCreationTime().after(nowPlusOneDay)) { // Creation date in the future? No way! log.add(LogType.MSG_KC_UID_BAD_TIME, indent); modified = PGPPublicKey.removeCertification(modified, rawUserId, zert); @@ -592,7 +597,7 @@ public class UncachedKeyRing { continue; } - if (cert.getCreationTime().after(now)) { + if (cert.getCreationTime().after(nowPlusOneDay)) { // Creation date in the future? No way! log.add(LogType.MSG_KC_SUB_BAD_TIME, indent); badCerts += 1; |