diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java index 76046aef..efff9115 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java @@ -644,22 +644,41 @@ public class KeyRingInfo { */ public @Nullable Date getPrimaryKeyExpirationDate() { PGPSignature directKeySig = getLatestDirectKeySelfSignature(); + Date directKeyExpirationDate = null; if (directKeySig != null) { - Date directKeyExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(directKeySig, getPublicKey()); - if (directKeyExpirationDate != null) { - return directKeyExpirationDate; + directKeyExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(directKeySig, getPublicKey()); + } + + PGPSignature primaryUserIdCertification = null; + Date userIdExpirationDate = null; + String possiblyExpiredPrimaryUserId = getPossiblyExpiredPrimaryUserId(); + if (possiblyExpiredPrimaryUserId != null) { + primaryUserIdCertification = getLatestUserIdCertification(possiblyExpiredPrimaryUserId); + if (primaryUserIdCertification != null) { + userIdExpirationDate = SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(primaryUserIdCertification, getPublicKey()); } } - PGPSignature primaryUserIdCertification = getLatestUserIdCertification(getPossiblyExpiredUserId()); - if (primaryUserIdCertification != null) { - return SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(primaryUserIdCertification, getPublicKey()); + if (directKeySig == null && primaryUserIdCertification == null) { + throw new NoSuchElementException("No direct-key signature and no user-id signature found."); } - throw new NoSuchElementException("No suitable signatures found on the key."); + if (directKeyExpirationDate != null && userIdExpirationDate == null) { + return directKeyExpirationDate; + } + + if (directKeyExpirationDate == null) { + return userIdExpirationDate; + } + + if (directKeyExpirationDate.before(userIdExpirationDate)) { + return directKeyExpirationDate; + } + + return userIdExpirationDate; } - public String getPossiblyExpiredUserId() { + public String getPossiblyExpiredPrimaryUserId() { String validPrimaryUserId = getPrimaryUserId(); if (validPrimaryUserId != null) { return validPrimaryUserId; diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java index eab2d8c5..9c88e6c5 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java @@ -515,7 +515,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface { } // reissue primary user-id sig - String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing).getPossiblyExpiredUserId(); + String primaryUserId = PGPainless.inspectKeyRing(secretKeyRing).getPossiblyExpiredPrimaryUserId(); if (primaryUserId != null) { PGPSignature prevUserIdSig = getPreviousUserIdSignatures(primaryUserId); PGPSignature userIdSig = reissuePrimaryUserIdSig(expiration, secretKeyRingProtector, primaryUserId, prevUserIdSig);