2018-04-18 14:38:06 +00:00
|
|
|
/* gpgme.js - Javascript integration for gpgme
|
|
|
|
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
|
|
|
|
*
|
|
|
|
* This file is part of GPGME.
|
|
|
|
*
|
|
|
|
* GPGME is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU Lesser General Public License as
|
|
|
|
* published by the Free Software Foundation; either version 2.1 of
|
|
|
|
* the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* GPGME is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
* SPDX-License-Identifier: LGPL-2.1+
|
2018-06-06 11:05:53 +00:00
|
|
|
*
|
|
|
|
* Author(s):
|
|
|
|
* Maximilian Krambach <mkrambach@intevation.de>
|
2018-04-18 14:38:06 +00:00
|
|
|
*/
|
2018-04-10 09:33:14 +00:00
|
|
|
|
2018-06-06 11:05:53 +00:00
|
|
|
|
|
|
|
import {GPGME_Message, createMessage} from './Message';
|
|
|
|
import {toKeyIdArray} from './Helpers';
|
|
|
|
import { gpgme_error } from './Errors';
|
|
|
|
import { GPGME_Keyring } from './Keyring';
|
2018-06-14 10:15:51 +00:00
|
|
|
import { createSignature } from './Signature';
|
2018-04-18 14:38:06 +00:00
|
|
|
|
2018-07-10 12:32:26 +00:00
|
|
|
/**
|
|
|
|
* @typedef {Object} decrypt_result
|
|
|
|
* @property {String} data The decrypted data
|
|
|
|
* @property {Boolean} base64 indicating whether data is base64 encoded.
|
|
|
|
* @property {Boolean} is_mime (optional) the data claims to be a MIME
|
|
|
|
* object.
|
|
|
|
* @property {String} file_name (optional) the original file name
|
|
|
|
* @property {signatureDetails} signatures Verification details for
|
|
|
|
* signatures
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @typedef {Object} signatureDetails
|
|
|
|
* @property {Boolean} all_valid Summary if all signatures are fully valid
|
|
|
|
* @property {Number} count Number of signatures found
|
|
|
|
* @property {Number} failures Number of invalid signatures
|
|
|
|
* @property {Array<GPGME_Signature>} signatures.good All valid signatures
|
|
|
|
* @property {Array<GPGME_Signature>} signatures.bad All invalid signatures
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @typedef {Object} encrypt_result The result of an encrypt operation
|
|
|
|
* @property {String} data The encrypted message
|
|
|
|
* @property {Boolean} base64 Indicating whether data is base64 encoded.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @typedef { GPGME_Key | String | Object } inputKeys
|
|
|
|
* Accepts different identifiers of a gnupg Key that can be parsed by
|
|
|
|
* {@link toKeyIdArray}. Expected inputs are: One or an array of
|
|
|
|
* GPGME_Keys; one or an array of fingerprint strings; one or an array of
|
|
|
|
* openpgpjs Key objects.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @typedef {Object} signResult The result of a signing operation
|
|
|
|
* @property {String} data The resulting data. Includes the signature in
|
|
|
|
* clearsign mode
|
|
|
|
* @property {String} signature The detached signature (if in detached mode)
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** @typedef {Object} verifyResult The result of a verification
|
|
|
|
* @property {Boolean} data: The verified data
|
|
|
|
* @property {Boolean} is_mime (optional) the data claims to be a MIME
|
|
|
|
* object.
|
|
|
|
* @property {String} file_name (optional) the original file name
|
|
|
|
* @property {signatureDetails} signatures Verification details for
|
|
|
|
* signatures
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The main entry point for gpgme.js.
|
|
|
|
* @class
|
|
|
|
*/
|
2018-04-18 14:38:06 +00:00
|
|
|
export class GpgME {
|
2018-07-10 12:32:26 +00:00
|
|
|
|
2018-06-11 13:10:43 +00:00
|
|
|
constructor(){
|
2018-04-23 15:18:46 +00:00
|
|
|
}
|
|
|
|
|
2018-06-06 11:05:53 +00:00
|
|
|
set Keyring(keyring){
|
2018-05-23 10:56:23 +00:00
|
|
|
if (keyring && keyring instanceof GPGME_Keyring){
|
|
|
|
this._Keyring = keyring;
|
2018-04-23 15:18:46 +00:00
|
|
|
}
|
2018-04-10 09:33:14 +00:00
|
|
|
}
|
|
|
|
|
2018-07-10 12:32:26 +00:00
|
|
|
/**
|
|
|
|
* Accesses the {@link GPGME_Keyring}.
|
|
|
|
*/
|
2018-04-24 16:44:30 +00:00
|
|
|
get Keyring(){
|
2018-05-28 14:52:50 +00:00
|
|
|
if (!this._Keyring){
|
|
|
|
this._Keyring = new GPGME_Keyring;
|
|
|
|
}
|
2018-04-25 13:59:36 +00:00
|
|
|
return this._Keyring;
|
2018-04-24 16:44:30 +00:00
|
|
|
}
|
2018-04-23 15:18:46 +00:00
|
|
|
|
2018-04-18 14:38:06 +00:00
|
|
|
/**
|
2018-07-10 12:32:26 +00:00
|
|
|
* Encrypt (and optionally sign) data
|
2018-06-06 11:05:53 +00:00
|
|
|
* @param {String|Object} data text/data to be encrypted as String. Also
|
|
|
|
* accepts Objects with a getText method
|
2018-07-10 12:32:26 +00:00
|
|
|
* @param {inputKeys} publicKeys
|
2018-06-06 11:05:53 +00:00
|
|
|
* Keys used to encrypt the message
|
2018-07-10 12:32:26 +00:00
|
|
|
* @param {inputKeys} secretKeys (optional) Keys used to sign the message.
|
|
|
|
* If Keys are present, the operation requested is assumed to be 'encrypt
|
|
|
|
* and sign'
|
2018-06-08 15:54:58 +00:00
|
|
|
* @param {Boolean} base64 (optional) The data will be interpreted as
|
2018-07-10 12:32:26 +00:00
|
|
|
* base64 encoded data.
|
|
|
|
* @param {Boolean} armor (optional) Request the output as armored block.
|
2018-06-06 11:05:53 +00:00
|
|
|
* @param {Boolean} wildcard (optional) If true, recipient information will
|
2018-07-10 12:32:26 +00:00
|
|
|
* not be added to the message.
|
|
|
|
* @param {Object} additional use additional valid gpg options as defined
|
|
|
|
* in {@link permittedOperations}
|
|
|
|
* @returns {Promise<encrypt_result>} Object containing the encrypted
|
|
|
|
* message and additional info.
|
2018-05-30 15:05:54 +00:00
|
|
|
* @async
|
2018-04-18 14:38:06 +00:00
|
|
|
*/
|
2018-05-30 15:05:54 +00:00
|
|
|
encrypt(data, publicKeys, secretKeys, base64=false, armor=true,
|
|
|
|
wildcard=false, additional = {}
|
|
|
|
){
|
2018-04-25 17:45:39 +00:00
|
|
|
let msg = createMessage('encrypt');
|
|
|
|
if (msg instanceof Error){
|
2018-06-06 11:05:53 +00:00
|
|
|
return Promise.reject(msg);
|
2018-04-25 17:45:39 +00:00
|
|
|
}
|
2018-05-30 15:05:54 +00:00
|
|
|
msg.setParameter('armor', armor);
|
2018-04-18 14:38:06 +00:00
|
|
|
msg.setParameter('always-trust', true);
|
2018-05-22 12:24:16 +00:00
|
|
|
if (base64 === true) {
|
|
|
|
msg.setParameter('base64', true);
|
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
let pubkeys = toKeyIdArray(publicKeys);
|
|
|
|
msg.setParameter('keys', pubkeys);
|
2018-05-30 15:05:54 +00:00
|
|
|
let sigkeys = toKeyIdArray(secretKeys);
|
|
|
|
if (sigkeys.length > 0) {
|
|
|
|
msg.setParameter('signing_keys', sigkeys);
|
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
putData(msg, data);
|
2018-05-22 12:24:16 +00:00
|
|
|
if (wildcard === true){
|
|
|
|
msg.setParameter('throw-keyids', true);
|
2018-06-06 11:05:53 +00:00
|
|
|
}
|
2018-05-30 15:05:54 +00:00
|
|
|
if (additional){
|
|
|
|
let additional_Keys = Object.keys(additional);
|
|
|
|
for (let k = 0; k < additional_Keys.length; k++) {
|
|
|
|
msg.setParameter(additional_Keys[k],
|
|
|
|
additional[additional_Keys[k]]);
|
|
|
|
}
|
|
|
|
}
|
2018-04-27 18:03:09 +00:00
|
|
|
if (msg.isComplete === true){
|
2018-05-28 14:52:50 +00:00
|
|
|
return msg.post();
|
2018-04-27 18:03:09 +00:00
|
|
|
} else {
|
|
|
|
return Promise.reject(gpgme_error('MSG_INCOMPLETE'));
|
|
|
|
}
|
2018-04-10 09:33:14 +00:00
|
|
|
}
|
|
|
|
|
2018-04-18 14:38:06 +00:00
|
|
|
/**
|
2018-07-10 12:32:26 +00:00
|
|
|
* Decrypts a Message
|
2018-06-06 11:05:53 +00:00
|
|
|
* @param {String|Object} data text/data to be decrypted. Accepts Strings
|
|
|
|
* and Objects with a getText method
|
2018-06-14 10:15:51 +00:00
|
|
|
* @param {Boolean} base64 (optional) false if the data is an armored block,
|
|
|
|
* true if it is base64 encoded binary data
|
2018-07-10 12:32:26 +00:00
|
|
|
* @returns {Promise<decrypt_result>} Decrypted Message and information
|
2018-04-18 14:38:06 +00:00
|
|
|
* @async
|
|
|
|
*/
|
2018-06-14 10:15:51 +00:00
|
|
|
decrypt(data, base64=false){
|
2018-04-18 14:38:06 +00:00
|
|
|
if (data === undefined){
|
2018-04-25 13:59:36 +00:00
|
|
|
return Promise.reject(gpgme_error('MSG_EMPTY'));
|
2018-04-18 14:38:06 +00:00
|
|
|
}
|
2018-04-25 17:45:39 +00:00
|
|
|
let msg = createMessage('decrypt');
|
2018-06-08 15:54:58 +00:00
|
|
|
|
2018-04-25 17:45:39 +00:00
|
|
|
if (msg instanceof Error){
|
|
|
|
return Promise.reject(msg);
|
|
|
|
}
|
2018-06-14 10:15:51 +00:00
|
|
|
if (base64 === true){
|
|
|
|
msg.setParameter('base64', true);
|
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
putData(msg, data);
|
2018-06-14 10:15:51 +00:00
|
|
|
if (base64 === true){
|
|
|
|
msg.setParameter('base64', true);
|
|
|
|
}
|
|
|
|
return new Promise(function(resolve, reject){
|
|
|
|
msg.post().then(function(result){
|
|
|
|
let _result = {data: result.data};
|
|
|
|
_result.base64 = result.base64 ? true: false;
|
|
|
|
_result.is_mime = result.mime ? true: false;
|
|
|
|
if (result.file_name){
|
|
|
|
_result.file_name = result.file_name;
|
|
|
|
}
|
|
|
|
if (
|
|
|
|
result.hasOwnProperty('signatures') &&
|
|
|
|
Array.isArray(result.signatures)
|
|
|
|
) {
|
|
|
|
_result.signatures = collectSignatures(result.signatures);
|
|
|
|
}
|
|
|
|
resolve(_result);
|
|
|
|
}, function(error){
|
|
|
|
reject(error);
|
|
|
|
});
|
|
|
|
});
|
2018-04-23 15:18:46 +00:00
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
|
2018-05-30 15:05:54 +00:00
|
|
|
/**
|
|
|
|
* Sign a Message
|
2018-06-20 11:42:19 +00:00
|
|
|
* @param {String|Object} data text/data to be signed. Accepts Strings
|
2018-07-10 12:32:26 +00:00
|
|
|
* and Objects with a getText method.
|
|
|
|
* @param {inputKeys} keys The key/keys to use for signing
|
|
|
|
* @param {String} mode The signing mode. Currently supported:
|
|
|
|
* 'clearsign':The Message is embedded into the signature;
|
|
|
|
* 'detached': The signature is stored separately
|
|
|
|
* @param {Boolean} base64 input is considered base64
|
|
|
|
* @returns {Promise<signResult>}
|
2018-05-30 15:05:54 +00:00
|
|
|
* @async
|
|
|
|
*/
|
|
|
|
sign(data, keys, mode='clearsign', base64=false) {
|
2018-05-24 13:16:18 +00:00
|
|
|
if (data === undefined){
|
|
|
|
return Promise.reject(gpgme_error('MSG_EMPTY'));
|
|
|
|
}
|
|
|
|
let key_arr = toKeyIdArray(keys);
|
|
|
|
if (key_arr.length === 0){
|
|
|
|
return Promise.reject(gpgme_error('MSG_NO_KEYS'));
|
|
|
|
}
|
|
|
|
let msg = createMessage('sign');
|
|
|
|
|
|
|
|
msg.setParameter('keys', key_arr);
|
|
|
|
if (base64 === true){
|
|
|
|
msg.setParameter('base64', true);
|
|
|
|
}
|
|
|
|
msg.setParameter('mode', mode);
|
|
|
|
putData(msg, data);
|
|
|
|
return new Promise(function(resolve,reject) {
|
2018-06-08 15:54:58 +00:00
|
|
|
if (mode ==='detached'){
|
|
|
|
msg.expect= 'base64';
|
|
|
|
}
|
2018-05-28 14:52:50 +00:00
|
|
|
msg.post().then( function(message) {
|
2018-05-24 13:16:18 +00:00
|
|
|
if (mode === 'clearsign'){
|
|
|
|
resolve({
|
|
|
|
data: message.data}
|
|
|
|
);
|
|
|
|
} else if (mode === 'detached') {
|
|
|
|
resolve({
|
|
|
|
data: data,
|
|
|
|
signature: message.data
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}, function(error){
|
|
|
|
reject(error);
|
2018-06-06 11:05:53 +00:00
|
|
|
});
|
2018-05-24 13:16:18 +00:00
|
|
|
});
|
|
|
|
}
|
2018-06-14 10:15:51 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Verifies data.
|
|
|
|
* @param {String|Object} data text/data to be verified. Accepts Strings
|
2018-07-10 12:32:26 +00:00
|
|
|
* and Objects with a getText method
|
2018-06-14 10:15:51 +00:00
|
|
|
* @param {String} (optional) A detached signature. If not present, opaque
|
|
|
|
* mode is assumed
|
|
|
|
* @param {Boolean} (optional) Data and signature are base64 encoded
|
2018-07-10 12:32:26 +00:00
|
|
|
* @returns {Promise<verifyResult>}
|
|
|
|
*@async
|
2018-06-14 10:15:51 +00:00
|
|
|
*/
|
|
|
|
verify(data, signature, base64 = false){
|
|
|
|
let msg = createMessage('verify');
|
2018-06-20 11:42:19 +00:00
|
|
|
let dt = putData(msg, data);
|
2018-06-14 10:15:51 +00:00
|
|
|
if (dt instanceof Error){
|
|
|
|
return Promise.reject(dt);
|
|
|
|
}
|
|
|
|
if (signature){
|
|
|
|
if (typeof(signature)!== 'string'){
|
|
|
|
return Promise.reject(gpgme_error('PARAM_WRONG'));
|
|
|
|
} else {
|
|
|
|
msg.setParameter('signature', signature);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (base64 === true){
|
|
|
|
msg.setParameter('base64', true);
|
|
|
|
}
|
|
|
|
return new Promise(function(resolve, reject){
|
|
|
|
msg.post().then(function (message){
|
2018-07-04 13:46:45 +00:00
|
|
|
if (!message.info || !message.info.signatures){
|
2018-06-14 10:15:51 +00:00
|
|
|
reject(gpgme_error('SIG_NO_SIGS'));
|
|
|
|
} else {
|
|
|
|
let _result = collectSignatures(message.info.signatures);
|
|
|
|
_result.is_mime = message.info.is_mime? true: false;
|
|
|
|
if (message.info.filename){
|
|
|
|
_result.file_name = message.info.filename;
|
|
|
|
}
|
|
|
|
_result.data = message.data;
|
|
|
|
resolve(_result);
|
|
|
|
}
|
|
|
|
}, function(error){
|
|
|
|
reject(error);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
}
|
2018-04-10 09:33:14 +00:00
|
|
|
|
|
|
|
/**
|
2018-05-30 15:05:54 +00:00
|
|
|
* Sets the data of the message, setting flags according on the data type
|
2018-04-18 14:38:06 +00:00
|
|
|
* @param {GPGME_Message} message The message where this data will be set
|
2018-07-10 12:32:26 +00:00
|
|
|
* @param { String| Object } data The data to enter. Expects either a string of
|
|
|
|
* data, or an object with a getText method
|
|
|
|
* @returns {undefined| GPGME_Error} Error if not successful, nothing otherwise
|
|
|
|
* @private
|
2018-04-10 09:33:14 +00:00
|
|
|
*/
|
2018-04-18 14:38:06 +00:00
|
|
|
function putData(message, data){
|
2018-06-06 11:05:53 +00:00
|
|
|
if (!message || !(message instanceof GPGME_Message) ) {
|
2018-04-25 13:59:36 +00:00
|
|
|
return gpgme_error('PARAM_WRONG');
|
2018-04-10 09:33:14 +00:00
|
|
|
}
|
2018-04-18 14:38:06 +00:00
|
|
|
if (!data){
|
2018-04-27 18:03:09 +00:00
|
|
|
return gpgme_error('PARAM_WRONG');
|
2018-04-18 14:38:06 +00:00
|
|
|
} else if (typeof(data) === 'string') {
|
|
|
|
message.setParameter('data', data);
|
2018-05-14 14:23:24 +00:00
|
|
|
} else if (
|
|
|
|
typeof(data) === 'object' &&
|
|
|
|
typeof(data.getText) === 'function'
|
|
|
|
){
|
2018-04-24 17:47:48 +00:00
|
|
|
let txt = data.getText();
|
2018-05-22 12:24:16 +00:00
|
|
|
if (typeof(txt) === 'string'){
|
|
|
|
message.setParameter('data', txt);
|
2018-05-14 14:23:24 +00:00
|
|
|
} else {
|
2018-05-08 16:33:41 +00:00
|
|
|
return gpgme_error('PARAM_WRONG');
|
2018-04-24 17:47:48 +00:00
|
|
|
}
|
2018-05-14 14:23:24 +00:00
|
|
|
|
2018-04-18 14:38:06 +00:00
|
|
|
} else {
|
2018-04-25 13:59:36 +00:00
|
|
|
return gpgme_error('PARAM_WRONG');
|
2018-04-10 09:33:14 +00:00
|
|
|
}
|
2018-04-24 16:44:30 +00:00
|
|
|
}
|
2018-06-14 10:15:51 +00:00
|
|
|
|
2018-07-10 12:32:26 +00:00
|
|
|
/**
|
|
|
|
* Parses, validates and converts incoming objects into signatures.
|
|
|
|
* @param {Array<Object>} sigs
|
|
|
|
* @returns {signatureDetails} Details about the signatures
|
|
|
|
*/
|
2018-06-14 10:15:51 +00:00
|
|
|
function collectSignatures(sigs){
|
|
|
|
if (!Array.isArray(sigs)){
|
|
|
|
return gpgme_error('SIG_NO_SIGS');
|
|
|
|
}
|
|
|
|
let summary = {
|
|
|
|
all_valid: false,
|
|
|
|
count: sigs.length,
|
|
|
|
failures: 0,
|
|
|
|
signatures: {
|
|
|
|
good: [],
|
|
|
|
bad: [],
|
|
|
|
}
|
|
|
|
};
|
|
|
|
for (let i=0; i< sigs.length; i++){
|
|
|
|
let sigObj = createSignature(sigs[i]);
|
|
|
|
if (sigObj instanceof Error){
|
2018-06-20 11:42:19 +00:00
|
|
|
return gpgme_error(sigObj);
|
2018-06-14 10:15:51 +00:00
|
|
|
}
|
|
|
|
if (sigObj.valid !== true){
|
|
|
|
summary.failures += 1;
|
|
|
|
summary.signatures.bad.push(sigObj);
|
|
|
|
} else {
|
|
|
|
summary.signatures.good.push(sigObj);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (summary.failures === 0){
|
|
|
|
summary.all_valid = true;
|
|
|
|
}
|
|
|
|
return summary;
|
|
|
|
}
|