Properly resolve earliest expiration date when primary user-id + direct-key sig have expiraiton

Rename getPossiblyExpiredPrimaryUserId() method
2021-12-23 17:10:44 +01:00 · 2021-12-23 17:10:44 +01:00 · 31b7d18183
parent ad5399e083
commit 31b7d18183
2 changed files with 28 additions and 9 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
@ -644,22 +644,41 @@ public class KeyRingInfo {
     */
    public @Nullable Date getPrimaryKeyExpirationDate() {
        PGPSignature directKeySig = getLatestDirectKeySelfSignature();
+        Date directKeyExpirationDate = null;
        if (directKeySig != null) {
-            Date directKeyExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(directKeySig, getPublicKey());
-            if (directKeyExpirationDate != null) {
-                return directKeyExpirationDate;
+            directKeyExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(directKeySig, getPublicKey());
+        }
+
+        PGPSignature primaryUserIdCertification = null;
+        Date userIdExpirationDate = null;
+        String possiblyExpiredPrimaryUserId = getPossiblyExpiredPrimaryUserId();
+        if (possiblyExpiredPrimaryUserId != null) {
+            primaryUserIdCertification = getLatestUserIdCertification(possiblyExpiredPrimaryUserId);
+            if (primaryUserIdCertification != null) {
+                userIdExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(primaryUserIdCertification, getPublicKey());
            }
        }

-        PGPSignature primaryUserIdCertification = getLatestUserIdCertification(getPossiblyExpiredUserId());
-        if (primaryUserIdCertification != null) {
-            return SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(primaryUserIdCertification, getPublicKey());
+        if (directKeySig == null && primaryUserIdCertification == null) {
+            throw new NoSuchElementException("No direct-key signature and no user-id signature found.");
        }

-        throw new NoSuchElementException("No suitable signatures found on the key.");
+        if (directKeyExpirationDate != null && userIdExpirationDate == null) {
+            return directKeyExpirationDate;
+        }
+
+        if (directKeyExpirationDate == null) {
+            return userIdExpirationDate;
+        }
+
+        if (directKeyExpirationDate.before(userIdExpirationDate)) {
+            return directKeyExpirationDate;
+        }
+
+        return userIdExpirationDate;
    }

-    public String getPossiblyExpiredUserId() {
+    public String getPossiblyExpiredPrimaryUserId() {
        String validPrimaryUserId = getPrimaryUserId();
        if (validPrimaryUserId != null) {
            return validPrimaryUserId;
--- a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java
@ -515,7 +515,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
        }

        // reissue primary user-id sig
-        String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing).getPossiblyExpiredUserId();
+        String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing).getPossiblyExpiredPrimaryUserId();
        if (primaryUserId != null) {
            PGPSignature prevUserIdSig = getPreviousUserIdSignatures(primaryUserId);
            PGPSignature userIdSig = reissuePrimaryUserIdSig(expiration, secretKeyRingProtector, primaryUserId, prevUserIdSig);