From d238a023c1eb57e86ae7d5c7353b784d899db800 Mon Sep 17 00:00:00 2001 From: larabr Date: Thu, 24 Jun 2021 19:53:10 +0200 Subject: [PATCH] Support using `Key.isPrivate()` for type inference, remove `Key.isPublic()` (#1347) API changes: - `Key.isPublic()` has been removed, since it was redundant and it would introduce TypeScript issues. Call `!Key.isPrivate()` instead. TypeScript changes: - the `openpgp.readKey(s)` functions are now declared as returning a `Key` instead of a `PublicKey`. This is just a readability improvement to make it clearer that the result could also be a `PrivateKey`. - All `Key` methods that return a key object now have the narrowest possible return type. - The `Key.isPrivate()` method can now be used for type inference, allowing the compiler to distinguish between `PrivateKey` and `PublicKey`. Calling `key.isPrivate()` is the recommended way of distinguishing between a `PrivateKey` and `PublicKey` at runtime, over using `key instanceof ...`, since the latter depends on the specifics of the `Key` class hierarchy. --- openpgp.d.ts | 27 ++++++++++++++------------- src/key/factory.js | 2 +- src/key/key.js | 2 +- src/key/private_key.js | 11 +---------- src/key/public_key.js | 11 +---------- src/key/user.js | 2 +- src/message.js | 4 ++-- test/general/key.js | 6 +++--- test/general/openpgp.js | 18 +++++++++--------- test/typescript/definitions.ts | 17 ++++++++++++++++- 10 files changed, 49 insertions(+), 51 deletions(-) diff --git a/openpgp.d.ts b/openpgp.d.ts index e66604fe..aa855626 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -8,11 +8,12 @@ */ /* ############## v5 KEY #################### */ - -export function readKey(options: { armoredKey: string, config?: PartialConfig }): Promise; -export function readKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise; -export function readKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise; -export function readKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise; +// The Key and PublicKey types can be used interchangably since TS cannot detect the difference, as they have the same class properties. +// The declared readKey(s) return type is Key instead of a PublicKey since it seems more obvious that a Key can be cast to a PrivateKey. +export function readKey(options: { armoredKey: string, config?: PartialConfig }): Promise; +export function readKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise; +export function readKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise; +export function readKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise; export function readPrivateKey(options: { armoredKey: string, config?: PartialConfig }): Promise; export function readPrivateKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise; export function readPrivateKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise; @@ -46,20 +47,21 @@ export abstract class Key { public getKeyIDs(): KeyID[]; public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise; // throws on error public getUserIDs(): string[]; - public isPrivate(): boolean; - public isPublic(): boolean; + public isPrivate(): this is PrivateKey; public toPublic(): PublicKey; + // NB: the order of the `update` declarations matters, since PublicKey includes PrivateKey + public update(sourceKey: PrivateKey, date?: Date, config?: Config): Promise; public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise; - public signPrimaryUser(privateKeys: PrivateKey[], date?: Date, userID?: UserID, config?: Config): Promise - public signAllUsers(privateKeys: PrivateKey[], date?: Date, config?: Config): Promise + public signPrimaryUser(privateKeys: PrivateKey[], date?: Date, userID?: UserID, config?: Config): Promise + public signAllUsers(privateKeys: PrivateKey[], date?: Date, config?: Config): Promise public verifyPrimaryKey(date?: Date, userID?: UserID, config?: Config): Promise; // throws on error public verifyPrimaryUser(publicKeys: PublicKey[], date?: Date, userIDs?: UserID, config?: Config): Promise<{ keyID: KeyID, valid: boolean | null }[]>; public verifyAllUsers(publicKeys: PublicKey[], date?: Date, config?: Config): Promise<{ userID: string, keyID: KeyID, valid: boolean | null }[]>; public isRevoked(signature: SignaturePacket, key?: AnyKeyPacket, date?: Date, config?: Config): Promise; public getRevocationCertificate(date?: Date, config?: Config): Promise | string | undefined>; - public getEncryptionKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; - public getSigningKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; - public getKeys(keyID?: KeyID): (PublicKey | Subkey)[]; + public getEncryptionKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; + public getSigningKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise; + public getKeys(keyID?: KeyID): (this | Subkey)[]; public getSubkeys(keyID?: KeyID): Subkey[]; public getFingerprint(): string; public getCreationTime(): Date; @@ -80,7 +82,6 @@ export class PrivateKey extends PublicKey { public addSubkey(options: SubkeyOptions): Promise; public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise; - public getKeys(keyID?: KeyID): (PrivateKey | Subkey)[]; } export class Subkey { diff --git a/src/key/factory.js b/src/key/factory.js index 3122ce29..1a738b2b 100644 --- a/src/key/factory.js +++ b/src/key/factory.js @@ -95,7 +95,7 @@ export async function reformat(options, config) { options = sanitize(options); const { privateKey } = options; - if (privateKey.isPublic()) { + if (!privateKey.isPrivate()) { throw new Error('Cannot reformat a public key'); } diff --git a/src/key/key.js b/src/key/key.js index 205340a3..2bb1bd2f 100644 --- a/src/key/key.js +++ b/src/key/key.js @@ -476,7 +476,7 @@ class Key { if (!this.hasSameFingerprintAs(sourceKey)) { throw new Error('Primary key fingerprints must be equal to update the key'); } - if (this.isPublic() && sourceKey.isPrivate()) { + if (!this.isPrivate() && sourceKey.isPrivate()) { // check for equal subkey packets const equal = (this.subkeys.length === sourceKey.subkeys.length) && (this.subkeys.every(destSubkey => { diff --git a/src/key/private_key.js b/src/key/private_key.js index fa5cd29f..e7d1bd49 100644 --- a/src/key/private_key.js +++ b/src/key/private_key.js @@ -24,15 +24,6 @@ class PrivateKey extends PublicKey { } } - /** - * Returns true if this is a public key - * @returns {Boolean} - */ - // eslint-disable-next-line class-methods-use-this - isPublic() { - return false; - } - /** * Returns true if this is a private key * @returns {Boolean} @@ -192,7 +183,7 @@ class PrivateKey extends PublicKey { date = new Date(), config = defaultConfig ) { - if (this.isPublic()) { + if (!this.isPrivate()) { throw new Error('Need private key for revoking'); } const dataToSign = { key: this.keyPacket }; diff --git a/src/key/public_key.js b/src/key/public_key.js index 7f972f8c..c2c10fe2 100644 --- a/src/key/public_key.js +++ b/src/key/public_key.js @@ -40,18 +40,9 @@ class PublicKey extends Key { } } - /** - * Returns true if this is a public key - * @returns {Boolean} - */ - // eslint-disable-next-line class-methods-use-this - isPublic() { - return true; - } - /** * Returns true if this is a private key - * @returns {Boolean} + * @returns {false} */ // eslint-disable-next-line class-methods-use-this isPrivate() { diff --git a/src/key/user.js b/src/key/user.js index ba4045f4..e65532f7 100644 --- a/src/key/user.js +++ b/src/key/user.js @@ -65,7 +65,7 @@ class User { }; const user = new User(dataToSign.userID || dataToSign.userAttribute, this.mainKey); user.otherCertifications = await Promise.all(signingKeys.map(async function(privateKey) { - if (privateKey.isPublic()) { + if (!privateKey.isPrivate()) { throw new Error('Need private key for signing'); } if (privateKey.hasSameFingerprintAs(primaryKey)) { diff --git a/src/message.js b/src/message.js index 46fcfda2..455c8587 100644 --- a/src/message.js +++ b/src/message.js @@ -463,7 +463,7 @@ export class Message { } await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) { - if (primaryKey.isPublic()) { + if (!primaryKey.isPrivate()) { throw new Error('Need private key for signing'); } const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i]; @@ -672,7 +672,7 @@ export async function createSignaturePackets(literalDataPacket, signingKeys, sig await Promise.all(signingKeys.map(async (primaryKey, i) => { const userID = userIDs[i]; - if (primaryKey.isPublic()) { + if (!primaryKey.isPrivate()) { throw new Error('Need private key for signing'); } const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config); diff --git a/test/general/key.js b/test/general/key.js index 627f1bb1..6fdeb12e 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -3164,7 +3164,7 @@ module.exports = () => describe('Key', function() { it('update() - merge private key into public key', async function() { const source = await openpgp.readKey({ armoredKey: priv_key_rsa }); const [dest] = await openpgp.readKeys({ armoredKeys: twoKeys }); - expect(dest.isPublic()).to.be.true; + expect(dest.isPrivate()).to.be.false; return dest.update(source).then(async updated => { expect(updated.isPrivate()).to.be.true; return Promise.all([ @@ -3186,7 +3186,7 @@ module.exports = () => describe('Key', function() { const [dest] = await openpgp.readKeys({ armoredKeys: twoKeys }); source.subkeys = []; dest.subkeys = []; - expect(dest.isPublic()).to.be.true; + expect(dest.isPrivate()).to.be.false; const updated = await dest.update(source); expect(updated.isPrivate()).to.be.true; @@ -3203,7 +3203,7 @@ module.exports = () => describe('Key', function() { const [dest] = await openpgp.readKeys({ armoredKeys: twoKeys }); source.subkeys = []; expect(dest.subkeys).to.exist; - expect(dest.isPublic()).to.be.true; + expect(dest.isPrivate()).to.be.false; await expect(dest.update(source)) .to.be.rejectedWith('Cannot update public key with private key if subkeys mismatch'); }); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 3c0496cc..ef146e7e 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -1010,15 +1010,15 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }; const armored = await openpgp.generateKey({ ...opt, format: 'armor' }); expect((await openpgp.readKey({ armoredKey: armored.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPrivate()).to.be.false; const binary = await openpgp.generateKey({ ...opt, format: 'binary' }); expect((await openpgp.readKey({ binaryKey: binary.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPrivate()).to.be.false; const { privateKey, publicKey } = await openpgp.generateKey({ ...opt, format: 'object' }); expect(privateKey.isPrivate()).to.be.true; - expect(publicKey.isPublic()).to.be.true; + expect(publicKey.isPrivate()).to.be.false; }); }); @@ -1036,15 +1036,15 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }; const armored = await openpgp.reformatKey({ ...opt, format: 'armor' }); expect((await openpgp.readKey({ armoredKey: armored.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPrivate()).to.be.false; const binary = await openpgp.reformatKey({ ...opt, format: 'binary' }); expect((await openpgp.readKey({ binaryKey: binary.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPrivate()).to.be.false; const { privateKey, publicKey } = await openpgp.reformatKey({ ...opt, format: 'object' }); expect(privateKey.isPrivate()).to.be.true; - expect(publicKey.isPublic()).to.be.true; + expect(publicKey.isPrivate()).to.be.false; }); }); @@ -1058,15 +1058,15 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { const armored = await openpgp.revokeKey({ key, format: 'armor' }); expect((await openpgp.readKey({ armoredKey: armored.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ armoredKey: armored.publicKey })).isPrivate()).to.be.false; const binary = await openpgp.revokeKey({ key, format: 'binary' }); expect((await openpgp.readKey({ binaryKey: binary.privateKey })).isPrivate()).to.be.true; - expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPublic()).to.be.true; + expect((await openpgp.readKey({ binaryKey: binary.publicKey })).isPrivate()).to.be.false; const { privateKey, publicKey } = await openpgp.revokeKey({ key, format: 'object' }); expect(privateKey.isPrivate()).to.be.true; - expect(publicKey.isPublic()).to.be.true; + expect(publicKey.isPrivate()).to.be.false; }); }); diff --git a/test/typescript/definitions.ts b/test/typescript/definitions.ts index d55ebe6a..b4c22f31 100644 --- a/test/typescript/definitions.ts +++ b/test/typescript/definitions.ts @@ -32,11 +32,26 @@ import { expect(await readKeys({ armoredKeys: publicKeyArmored })).to.have.lengthOf(1); const parsedKey: Key = await readKey({ armoredKey: publicKeyArmored }); expect(parsedKey.armor(config)).to.equal(publicKeyArmored); - expect(parsedKey.isPublic()).to.be.true; + expect(parsedKey.isPrivate()).to.be.false; const parsedPrivateKey: PrivateKey = await readPrivateKey({ armoredKey: privateKeyArmored }); expect(parsedPrivateKey.isPrivate()).to.be.true; const parsedBinaryPrivateKey: PrivateKey = await readPrivateKey({ binaryKey: privateKeyBinary }); expect(parsedBinaryPrivateKey.isPrivate()).to.be.true; + // a generic Key can be directly used as PublicKey, since both classes have the same properties + // eslint-disable-next-line no-unused-vars + const unusedPublicKey: PublicKey = parsedKey; + + // Check PrivateKey type inference + if (parsedKey.isPrivate()) { + expect(parsedKey.isDecrypted()).to.be.true; + } else { + // @ts-expect-error isDecrypted is not defined for public keys + try { parsedKey.isDecrypted(); } catch (e) {} + } + (await privateKey.update(privateKey)).isDecrypted(); + (await privateKey.toPublic().update(privateKey)).isDecrypted(); + // @ts-expect-error isDecrypted is not defined for public keys + try { (await privateKey.toPublic().update(privateKey.toPublic())).isDecrypted(); } catch (e) {} // Revoke keys await revokeKey({ key: privateKey });