Let ValidateKeys take into account DeprecatedSince tag

37836546 · Ivar Derksen · Sietse Ringers · 04112b93 · 37836546 · 37836546
Commit 37836546 authored Oct 24, 2019 by Ivar Derksen Committed by Sietse Ringers Oct 24, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 8 deletions

irmaconfig.go irmaconfig.go +12 -8

requests.go requests.go +5 -0

No files found.
--- a/irmaconfig.go
+++ b/irmaconfig.go
@@ -1450,7 +1450,7 @@ func (conf *Configuration) validateTranslations(file string, o interface{}) {
 func (conf *Configuration) ValidateKeys() error {
 	const expiryBoundary = int64(time.Hour/time.Second) * 24 * 31 // 1 month, TODO make configurable

-	for issuerid := range conf.Issuers {
+	for issuerid, issuer := range conf.Issuers {
 		if err := conf.parseKeysFolder(issuerid); err != nil {
 			return err
 		}
@@ -1465,13 +1465,17 @@ func (conf *Configuration) ValidateKeys() error {
 		if err != nil {
 			return err
 		}
-		now := time.Now().Unix()
-		if latest == nil || latest.ExpiryDate < now {
-			conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no nonexpired public keys", issuerid.String()))
-		}
-		if latest != nil && latest.ExpiryDate > now && latest.ExpiryDate < now+expiryBoundary {
-			conf.Warnings = append(conf.Warnings, fmt.Sprintf("Latest public key of issuer %s expires soon (at %s)",
-				issuerid.String(), time.Unix(latest.ExpiryDate, 0).String()))
+
+		// Check expiry date public keys only if issuer is not deprecated
+		now := time.Now()
+		if issuer.DeprecatedSince.IsZero() || issuer.DeprecatedSince.After(Timestamp(now)) {
+			if latest == nil || latest.ExpiryDate < now.Unix() {
+				conf.Warnings = append(conf.Warnings, fmt.Sprintf("Issuer %s has no nonexpired public keys", issuerid.String()))
+			}
+			if latest != nil && latest.ExpiryDate > now.Unix() && latest.ExpiryDate < now.Unix()+expiryBoundary {
+				conf.Warnings = append(conf.Warnings, fmt.Sprintf("Latest public key of issuer %s expires soon (at %s)",
+					issuerid.String(), time.Unix(latest.ExpiryDate, 0).String()))
+			}
 		}

 		// Check private keys if any

--- a/requests.go
+++ b/requests.go
@@ -653,6 +653,11 @@ func (t Timestamp) After(u Timestamp) bool {
 	return time.Time(t).After(time.Time(u))
 }

+// To check whether Timestamp is uninitialized
+func (t Timestamp) IsZero() bool {
+	return time.Time(t).IsZero()
+}
+
 func (t *Timestamp) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
 	return e.EncodeElement(t.String(), start)
 }