|
Packit Service |
30b792 |
/* gpgme.js - Javascript integration for gpgme
|
|
Packit Service |
30b792 |
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* This file is part of GPGME.
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* GPGME is free software; you can redistribute it and/or modify it
|
|
Packit Service |
30b792 |
* under the terms of the GNU Lesser General Public License as
|
|
Packit Service |
30b792 |
* published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
30b792 |
* the License, or (at your option) any later version.
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* GPGME is distributed in the hope that it will be useful, but
|
|
Packit Service |
30b792 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
30b792 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
30b792 |
* Lesser General Public License for more details.
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit Service |
30b792 |
* License along with this program; if not, see <https://www.gnu.org/licenses/>.
|
|
Packit Service |
30b792 |
* SPDX-License-Identifier: LGPL-2.1+
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* Author(s):
|
|
Packit Service |
30b792 |
* Maximilian Krambach <mkrambach@intevation.de>
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
import { gpgme_error } from './Errors';
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Validates an object containing a signature, as sent by the nativeMessaging
|
|
Packit Service |
30b792 |
* interface
|
|
Packit Service |
30b792 |
* @param {Object} sigObject Object as returned by gpgme-json. The definition
|
|
Packit Service |
30b792 |
* of the expected values are to be found in {@link expKeys}, {@link expSum},
|
|
Packit Service |
30b792 |
* {@link expNote}.
|
|
Packit Service |
30b792 |
* @returns {GPGME_Signature|GPGME_Error} Signature Object
|
|
Packit Service |
30b792 |
* @private
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
export function createSignature (sigObject){
|
|
Packit Service |
30b792 |
if (
|
|
Packit Service |
30b792 |
typeof (sigObject) !=='object' ||
|
|
Packit Service |
30b792 |
!sigObject.hasOwnProperty('summary') ||
|
|
Packit Service |
30b792 |
!sigObject.hasOwnProperty('fingerprint') ||
|
|
Packit Service |
30b792 |
!sigObject.hasOwnProperty('timestamp')
|
|
Packit Service |
30b792 |
// TODO check if timestamp is mandatory in specification
|
|
Packit Service |
30b792 |
){
|
|
Packit Service |
30b792 |
return gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
let keys = Object.keys(sigObject);
|
|
Packit Service |
30b792 |
for (let i=0; i< keys.length; i++){
|
|
Packit Service |
30b792 |
// eslint-disable-next-line no-use-before-define
|
|
Packit Service |
30b792 |
if ( typeof (sigObject[keys[i]]) !== expKeys[keys[i]] ){
|
|
Packit Service |
30b792 |
return gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
let sumkeys = Object.keys(sigObject.summary);
|
|
Packit Service |
30b792 |
for (let i=0; i< sumkeys.length; i++){
|
|
Packit Service |
30b792 |
// eslint-disable-next-line no-use-before-define
|
|
Packit Service |
30b792 |
if ( typeof (sigObject.summary[sumkeys[i]]) !== expSum[sumkeys[i]] ){
|
|
Packit Service |
30b792 |
return gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
if (sigObject.hasOwnProperty('notations')){
|
|
Packit Service |
30b792 |
if (!Array.isArray(sigObject.notations)){
|
|
Packit Service |
30b792 |
return gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
for (let i=0; i < sigObject.notations.length; i++){
|
|
Packit Service |
30b792 |
let notation = sigObject.notations[i];
|
|
Packit Service |
30b792 |
let notekeys = Object.keys(notation);
|
|
Packit Service |
30b792 |
for (let j=0; j < notekeys.length; j++){
|
|
Packit Service |
30b792 |
// eslint-disable-next-line no-use-before-define
|
|
Packit Service |
30b792 |
if ( typeof (notation[notekeys[j]]) !== expNote[notekeys[j]] ){
|
|
Packit Service |
30b792 |
return gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
return new GPGME_Signature(sigObject);
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Representing the details of a signature. The full details as given by
|
|
Packit Service |
30b792 |
* gpgme-json can be read from the _rawSigObject.
|
|
Packit Service |
30b792 |
*
|
|
Packit Service |
30b792 |
* Note to reviewers: This class should be read only except via
|
|
Packit Service |
30b792 |
* {@link createSignature}
|
|
Packit Service |
30b792 |
* @protected
|
|
Packit Service |
30b792 |
* @class
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
class GPGME_Signature {
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
constructor (sigObject){
|
|
Packit Service |
30b792 |
this._rawSigObject = sigObject;
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* @returns {String} the fingerprint of this signature
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
get fingerprint (){
|
|
Packit Service |
30b792 |
if (!this._rawSigObject.fingerprint){
|
|
Packit Service |
30b792 |
throw gpgme_error('SIG_WRONG');
|
|
Packit Service |
30b792 |
} else {
|
|
Packit Service |
30b792 |
return this._rawSigObject.fingerprint;
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* The expiration of this Signature as Javascript date, or null if
|
|
Packit Service |
30b792 |
* signature does not expire
|
|
Packit Service |
30b792 |
* @returns {Date | null}
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
get expiration (){
|
|
Packit Service |
30b792 |
if (!this._rawSigObject.exp_timestamp){
|
|
Packit Service |
30b792 |
return null;
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
return new Date(this._rawSigObject.exp_timestamp* 1000);
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* The creation date of this Signature in Javascript Date
|
|
Packit Service |
30b792 |
* @returns {Date}
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
get timestamp (){
|
|
Packit Service |
30b792 |
return new Date(this._rawSigObject.timestamp * 1000);
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* The overall validity of the key. If false, errorDetails may contain
|
|
Packit Service |
30b792 |
* additional information.
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
get valid () {
|
|
Packit Service |
30b792 |
if (this._rawSigObject.summary.valid === true){
|
|
Packit Service |
30b792 |
return true;
|
|
Packit Service |
30b792 |
} else {
|
|
Packit Service |
30b792 |
return false;
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Object with boolean properties giving more information on non-valid
|
|
Packit Service |
30b792 |
* signatures. Refer to the [gpgme docs]{@link https://www.gnupg.org/documentation/manuals/gpgme/Verify.html}
|
|
Packit Service |
30b792 |
* for details on the values.
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
get errorDetails (){
|
|
Packit Service |
30b792 |
let properties = ['revoked', 'key-expired', 'sig-expired',
|
|
Packit Service |
30b792 |
'key-missing', 'crl-missing', 'crl-too-old', 'bad-policy',
|
|
Packit Service |
30b792 |
'sys-error'];
|
|
Packit Service |
30b792 |
let result = {};
|
|
Packit Service |
30b792 |
for (let i=0; i< properties.length; i++){
|
|
Packit Service |
30b792 |
if ( this._rawSigObject.summary.hasOwnProperty(properties[i]) ){
|
|
Packit Service |
30b792 |
result[properties[i]] = this._rawSigObject.summary[properties[i]];
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
return result;
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
}
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Expected keys and their value's type for the signature Object
|
|
Packit Service |
30b792 |
* @private
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
const expKeys = {
|
|
Packit Service |
30b792 |
'wrong_key_usage': 'boolean',
|
|
Packit Service |
30b792 |
'chain_model': 'boolean',
|
|
Packit Service |
30b792 |
'summary': 'object',
|
|
Packit Service |
30b792 |
'is_de_vs': 'boolean',
|
|
Packit Service |
30b792 |
'status_string':'string',
|
|
Packit Service |
30b792 |
'fingerprint':'string',
|
|
Packit Service |
30b792 |
'validity_string': 'string',
|
|
Packit Service |
30b792 |
'pubkey_algo_name':'string',
|
|
Packit Service |
30b792 |
'hash_algo_name':'string',
|
|
Packit Service |
30b792 |
'pka_address':'string',
|
|
Packit Service |
30b792 |
'status_code':'number',
|
|
Packit Service |
30b792 |
'timestamp':'number',
|
|
Packit Service |
30b792 |
'exp_timestamp':'number',
|
|
Packit Service |
30b792 |
'pka_trust':'number',
|
|
Packit Service |
30b792 |
'validity':'number',
|
|
Packit Service |
30b792 |
'validity_reason':'number',
|
|
Packit Service |
30b792 |
'notations': 'object'
|
|
Packit Service |
30b792 |
};
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Keys and their value's type for the summary
|
|
Packit Service |
30b792 |
* @private
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
const expSum = {
|
|
Packit Service |
30b792 |
'valid': 'boolean',
|
|
Packit Service |
30b792 |
'green': 'boolean',
|
|
Packit Service |
30b792 |
'red': 'boolean',
|
|
Packit Service |
30b792 |
'revoked': 'boolean',
|
|
Packit Service |
30b792 |
'key-expired': 'boolean',
|
|
Packit Service |
30b792 |
'sig-expired': 'boolean',
|
|
Packit Service |
30b792 |
'key-missing': 'boolean',
|
|
Packit Service |
30b792 |
'crl-missing': 'boolean',
|
|
Packit Service |
30b792 |
'crl-too-old': 'boolean',
|
|
Packit Service |
30b792 |
'bad-policy': 'boolean',
|
|
Packit Service |
30b792 |
'sys-error': 'boolean',
|
|
Packit Service |
30b792 |
'sigsum': 'object'
|
|
Packit Service |
30b792 |
};
|
|
Packit Service |
30b792 |
|
|
Packit Service |
30b792 |
/**
|
|
Packit Service |
30b792 |
* Keys and their value's type for notations objects
|
|
Packit Service |
30b792 |
* @private
|
|
Packit Service |
30b792 |
*/
|
|
Packit Service |
30b792 |
const expNote = {
|
|
Packit Service |
30b792 |
'human_readable': 'boolean',
|
|
Packit Service |
30b792 |
'critical':'boolean',
|
|
Packit Service |
30b792 |
'name': 'string',
|
|
Packit Service |
30b792 |
'value': 'string',
|
|
Packit Service |
30b792 |
'flags': 'number'
|
|
Packit Service |
30b792 |
};
|