Bug 1603813 - Key expiration is relative. r=PatrickBrunschwig
authorKai Engert <kaie@kuix.de>
Sun, 16 Feb 2020 23:15:52 +0100
changeset 37379 e80f11af397574ab1816d0f6982530164d855ce6
parent 37378 826a884758f8571d980c02a2d5b6004fc54e412e
child 37380 7a6415f8b8cdcf494368f2b87de8bf549ef915c3
push id2566
push userclokep@gmail.com
push dateMon, 09 Mar 2020 19:20:31 +0000
treeherdercomm-beta@a352facfa0a4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersPatrickBrunschwig
bugs1603813
Bug 1603813 - Key expiration is relative. r=PatrickBrunschwig Differential Revision: https://phabricator.services.mozilla.com/D63032
mail/extensions/openpgp/content/modules/rnp.jsm
mail/extensions/openpgp/content/ui/enigmailMsgComposeOverlay.js
--- a/mail/extensions/openpgp/content/modules/rnp.jsm
+++ b/mail/extensions/openpgp/content/modules/rnp.jsm
@@ -631,17 +631,17 @@ var RNP = {
       } else {
         // remove 0x
         id = id.substring(2);
       }
 
       let type = null;
       if (id.length == 16) {
         type = "keyid";
-      } else if (id.length == 40) {
+      } else if (id.length == 40 || id.length == 32) {
         type = "fingerprint";
       } else {
         throw "key/fingerprint identifier of unexpected length: " + id;
       }
 
       key = new RNPLib.rnp_key_handle_t;
       if (RNPLib.rnp_locate_key(RNPLib.ffi, type, id, key.address())) {
         throw "rnp_locate_key failed, " + type + ", " + id;
@@ -684,35 +684,50 @@ var RNP = {
       }
       let expiration = new ctypes.uint32_t;
       if (RNPLib.rnp_key_get_expiration(sub_handle, expiration.address())) {
         throw "rnp_key_get_expiration failed";
       }
       let skip = false;
       if (expiration.value != 0) {
         let now_seconds = Math.floor(Date.now()/1000);
-        if (expiration.value > now_seconds) {
+        let creation = new ctypes.uint32_t;
+        if (RNPLib.rnp_key_get_creation(sub_handle, creation.address())) {
+          throw "rnp_key_get_expiration failed";
+        }
+        let expiration_seconds = creation.value + expiration.value;
+        console.debug("now: " + now_seconds + " vs. subkey creation+expiration in seconds: " + expiration_seconds);
+        if (now_seconds > expiration_seconds) {
+          console.debug("skipping expired subkey");
           skip = true;
         }
       }
       if (!skip) {
         let key_revoked = new ctypes.bool;
         if (RNPLib.rnp_key_is_revoked(sub_handle, key_revoked.address())) {
+          console.debug("skipping revoked subkey");
           skip = true;
         }
       }
       if (!skip) {
         if (!this.isKeyUsableFor(sub_handle, usage)) {
+          console.debug("skipping subkey not usable for request");
           skip = true;
         }
       }
       if (skip) {
         RNPLib.rnp_key_handle_destroy(sub_handle);
       } else {
         found_handle = sub_handle;
+
+        let fingerprint = new ctypes.char.ptr;
+        if (RNPLib.rnp_key_get_fprint(found_handle, fingerprint.address())) {
+          throw "rnp_key_get_fprint failed";
+        }
+        console.debug("found suitable subkey, fingerprint: " + fingerprint.readString());
         break;
       }
     }
 
     return found_handle;
   },
 
   addSuitableEncryptKey(key, op) {
--- a/mail/extensions/openpgp/content/ui/enigmailMsgComposeOverlay.js
+++ b/mail/extensions/openpgp/content/ui/enigmailMsgComposeOverlay.js
@@ -143,16 +143,17 @@ Enigmail.msg = {
     /*
     let numCerts = EnigmailFuncs.getNumOfX509Certs();
     this.addrOnChangeTimeout = Math.max((numCerts - 250) * 2, 250);
     EnigmailLog.DEBUG(`enigmailMsgComposeOverlay.js: composeStartup: numCerts=${numCerts}; setting timeout to ${this.addrOnChangeTimeout}\n`);
     */
 
     Enigmail.msg.msgComposeReset(false); // false => not closing => call setIdentityDefaults()
 
+    // TODO this migration code needs to move to a better place, possibly configure.jsm
     {
       // Use a new pref identityEnigmailPrefsMigrated, default false.
       // Only if we're doing this for the first time for an identity,
       // try to read old prefs and if found, store as new prefs,
       // then set identityEnigmailPrefsMigrated=true
 
       if (Enigmail.msg.wasEnigmailAddOnInstalled() &&
           Enigmail.msg.wasEnigmailEnabledForIdentity() &&