From a65edcdb2ffb7399daf5359f0f57bf791c23b7d8 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 19 Jan 2015 18:31:27 +0100
Subject: only respect most recent signature for key flags

---
 .../keychain/pgp/CanonicalizedPublicKey.java       |  8 ++--
 .../keychain/pgp/UncachedPublicKey.java            | 46 ++++++++++++++++++----
 2 files changed, 42 insertions(+), 12 deletions(-)

(limited to 'OpenKeychain/src/main')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
index 3539a4ceb..b026d9257 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
@@ -53,7 +53,7 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
 
     public boolean canSign() {
         // if key flags subpacket is available, honor it!
-        if (getKeyUsage() != null) {
+        if (getKeyUsage() != 0) {
             return (getKeyUsage() & KeyFlags.SIGN_DATA) != 0;
         }
 
@@ -66,7 +66,7 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
 
     public boolean canCertify() {
         // if key flags subpacket is available, honor it!
-        if (getKeyUsage() != null) {
+        if (getKeyUsage() != 0) {
             return (getKeyUsage() & KeyFlags.CERTIFY_OTHER) != 0;
         }
 
@@ -79,7 +79,7 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
 
     public boolean canEncrypt() {
         // if key flags subpacket is available, honor it!
-        if (getKeyUsage() != null) {
+        if (getKeyUsage() != 0) {
             return (getKeyUsage() & (KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE)) != 0;
         }
 
@@ -93,7 +93,7 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
 
     public boolean canAuthenticate() {
         // if key flags subpacket is available, honor it!
-        if (getKeyUsage() != null) {
+        if (getKeyUsage() != 0) {
             return (getKeyUsage() & KeyFlags.AUTHENTICATION) != 0;
         }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
index 9e3528515..1efc25076 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
@@ -305,26 +305,56 @@ public class UncachedPublicKey {
      *
      * Note that this method has package visiblity because it is used in test
      * cases. Certificates of UncachedPublicKey instances can NOT be assumed to
-     * be verified, so the result of this method should not be used in other
-     * places!
+     * be verified or even by the correct key, so the result of this method
+     * should never be used in other places!
      */
     @SuppressWarnings("unchecked")
     Integer getKeyUsage() {
         if (mCacheUsage == null) {
+            PGPSignature mostRecentSig = null;
             for (PGPSignature sig : new IterableIterator<PGPSignature>(mPublicKey.getSignatures())) {
                 if (mPublicKey.isMasterKey() && sig.getKeyID() != mPublicKey.getKeyID()) {
                     continue;
                 }
 
-                PGPSignatureSubpacketVector hashed = sig.getHashedSubPackets();
+                switch (sig.getSignatureType()) {
+                    case PGPSignature.DEFAULT_CERTIFICATION:
+                    case PGPSignature.POSITIVE_CERTIFICATION:
+                    case PGPSignature.CASUAL_CERTIFICATION:
+                    case PGPSignature.NO_CERTIFICATION:
+                    case PGPSignature.SUBKEY_BINDING:
+                        break;
+                    // if this is not one of the above types, don't care
+                    default:
+                        continue;
+                }
+
+                // If we have no sig yet, take the first we can get
+                if (mostRecentSig == null) {
+                    mostRecentSig = sig;
+                    continue;
+                }
+
+                // If the new sig is less recent, skip it
+                if (mostRecentSig.getCreationTime().after(sig.getCreationTime())) {
+                    continue;
+                }
+
+                // Otherwise, note it down as the new "most recent" one
+                mostRecentSig = sig;
+            }
+
+            // Initialize to 0 as cached but empty value, if there is no sig (can't happen
+            // for canonicalized keyring), or there is no KEY_FLAGS packet in the sig
+            mCacheUsage = 0;
+            if (mostRecentSig != null) {
+                // If a mostRecentSig has been found, (cache and) return its flags
+                PGPSignatureSubpacketVector hashed = mostRecentSig.getHashedSubPackets();
                 if (hashed != null && hashed.getSubpacket(SignatureSubpacketTags.KEY_FLAGS) != null) {
-                    // init if at least one key flag subpacket has been found
-                    if (mCacheUsage == null) {
-                        mCacheUsage = 0;
-                    }
-                    mCacheUsage |= hashed.getKeyFlags();
+                    mCacheUsage = hashed.getKeyFlags();
                 }
             }
+
         }
         return mCacheUsage;
     }
-- 
cgit v1.2.3