From 4dbfcc50436957a5f7f387d866356ef409c8c5e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= Date: Tue, 24 Jan 2023 16:34:58 +0100 Subject: [PATCH] Add `revoke` method to User (#1584) --- src/key/user.js | 38 +++++++++++++++++++++++++++++++++++++- test/general/key.js | 22 ++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/src/key/user.js b/src/key/user.js index e65532f7..738f31cb 100644 --- a/src/key/user.js +++ b/src/key/user.js @@ -7,6 +7,7 @@ import enums from '../enums'; import util from '../util'; import { PacketList } from '../packet'; import { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper'; +import defaultConfig from '../config'; /** * Class that represents an user ID or attribute packet and the relevant signatures. @@ -94,7 +95,7 @@ class User { * @returns {Promise} True if the certificate is revoked. * @async */ - async isRevoked(certificate, keyPacket, date = new Date(), config) { + async isRevoked(certificate, keyPacket, date = new Date(), config = defaultConfig) { const primaryKey = this.mainKey.keyPacket; return isDataRevoked(primaryKey, enums.signature.certRevocation, { key: primaryKey, @@ -233,6 +234,41 @@ class User { return isDataRevoked(primaryKey, enums.signature.certRevocation, dataToVerify, [srcRevSig], undefined, undefined, date, config); }); } + + /** + * Revokes the user + * @param {SecretKeyPacket} primaryKey - decrypted private primary key for revocation + * @param {Object} reasonForRevocation - optional, object indicating the reason for revocation + * @param {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation + * @param {String} reasonForRevocation.string optional, string explaining the reason for revocation + * @param {Date} date - optional, override the creationtime of the revocation signature + * @param {Object} [config] - Full configuration, defaults to openpgp.config + * @returns {Promise} New user with revocation signature. + * @async + */ + async revoke( + primaryKey, + { + flag: reasonForRevocationFlag = enums.reasonForRevocation.noReason, + string: reasonForRevocationString = '' + } = {}, + date = new Date(), + config = defaultConfig + ) { + const dataToSign = { + userID: this.userID, + userAttribute: this.userAttribute, + key: primaryKey + }; + const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); + user.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { + signatureType: enums.signature.certRevocation, + reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), + reasonForRevocationString + }, date, undefined, false, config)); + await user.update(this); + return user; + } } export default User; diff --git a/test/general/key.js b/test/general/key.js index f7cfda77..c22a75a4 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -3277,6 +3277,28 @@ module.exports = () => describe('Key', function() { }); }); + it('revoke() - user', async function() { + const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); + + const user = pubKey.users[0]; + await user.revoke(privKey.keyPacket, { + flag: openpgp.enums.reasonForRevocation.userIDInvalid + }).then(async revUser => { + expect(user.userID.equals(revUser.userID)).to.be.true; + expect(revUser.revocationSignatures).to.exist.and.have.length(1); + expect(revUser.revocationSignatures[0].signatureType).to.equal(openpgp.enums.signature.certRevocation); + expect(revUser.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.userIDInvalid); + expect(revUser.revocationSignatures[0].reasonForRevocationString).to.equal(''); + + await user.verify(); + await expect(revUser.verify()).to.be.rejectedWith('Self-certification is revoked'); + }); + }); + it('applyRevocationCertificate() should produce the same revoked key as GnuPG', async function() { const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm4 });