Implement revoked key submission in client
This commit is contained in:
parent
68ac57c4ce
commit
f00ffb7dd2
1 changed files with 29 additions and 13 deletions
42
client.py
42
client.py
|
@ -397,7 +397,7 @@ def _parse_confirmation_request(address, fingerprint, encrypted):
|
||||||
return rdict['sender'], rdict['nonce']
|
return rdict['sender'], rdict['nonce']
|
||||||
|
|
||||||
|
|
||||||
def _create_submission_request(address: str, fingerprint: str, submission_address: str):
|
def _create_submission_request(address: str, submission_address: str, fingerprint: str, revoked_fingerprints):
|
||||||
gpg = subprocess.Popen([
|
gpg = subprocess.Popen([
|
||||||
'/usr/bin/gpg', '--locate-keys', '--with-colons', submission_address
|
'/usr/bin/gpg', '--locate-keys', '--with-colons', submission_address
|
||||||
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||||
|
@ -409,7 +409,7 @@ def _create_submission_request(address: str, fingerprint: str, submission_addres
|
||||||
'/usr/bin/gpg', '--armor',
|
'/usr/bin/gpg', '--armor',
|
||||||
'--export-options', 'export-minimal',
|
'--export-options', 'export-minimal',
|
||||||
'--export', fingerprint
|
'--export', fingerprint
|
||||||
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
] + revoked_fingerprints, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||||
gpg.wait()
|
gpg.wait()
|
||||||
if gpg.returncode != 0:
|
if gpg.returncode != 0:
|
||||||
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
|
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
|
||||||
|
@ -529,26 +529,40 @@ def _gpg_get_uid_fp(address: str):
|
||||||
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
|
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
|
||||||
keylist = gpg.stdout.read().decode()
|
keylist = gpg.stdout.read().decode()
|
||||||
pubs = []
|
pubs = []
|
||||||
|
revoked = []
|
||||||
fprs = []
|
fprs = []
|
||||||
for line in keylist.splitlines():
|
for line in keylist.splitlines():
|
||||||
if line.startswith('pub:'):
|
if line.startswith('pub:'):
|
||||||
pub = line.split(':')[4]
|
pub = line.split(':')[4]
|
||||||
|
r = line.split(':')[1] == 'r'
|
||||||
pubs.append(pub)
|
pubs.append(pub)
|
||||||
|
revoked.append(r)
|
||||||
elif line.startswith('fpr:'):
|
elif line.startswith('fpr:'):
|
||||||
fpr = line.split(':')[9]
|
fpr = line.split(':')[9]
|
||||||
fprs.append(fpr)
|
fprs.append(fpr)
|
||||||
if len(pubs) == 0:
|
valid = {fprs[i]: pub for i, pub in enumerate(pubs) if not revoked[i]}
|
||||||
raise ValueError(f'No key found for {address}.')
|
revoked = {fprs[i]: pub for i, pub in enumerate(pubs) if revoked[i]}
|
||||||
elif len(pubs) > 1:
|
if len(valid) == 0:
|
||||||
|
raise ValueError(f'No valid key found for {address}.')
|
||||||
|
elif len(valid) > 1:
|
||||||
print(f'Found multiple keys for {address}, please choose:')
|
print(f'Found multiple keys for {address}, please choose:')
|
||||||
for i, pub in enumerate(pubs, start=1):
|
fpridx = list(valid.keys())
|
||||||
print(f'{i}: {pub}')
|
for i, f in enumerate(fpridx, start=1):
|
||||||
|
print(f'{i}: {f}')
|
||||||
i = int(input('Enter number: ')) - 1
|
i = int(input('Enter number: ')) - 1
|
||||||
|
fpr = fpridx[i]
|
||||||
else:
|
else:
|
||||||
i = 0
|
fpr = list(valid.keys())[0]
|
||||||
pub = pubs[i]
|
if len(revoked) > 0:
|
||||||
fpr = next(filter(lambda x: x.endswith(pub), fprs))
|
print(f'There are revoked keys for {address}. Please choose which to upload (separate multiple by spaces): ')
|
||||||
return fpr
|
revidx = list(revoked.keys())
|
||||||
|
for i, f in enumerate(revidx, start=1):
|
||||||
|
print(f'{i}: {f}')
|
||||||
|
rids = [int(i)-1 for i in input('Enter number(s): ').split()]
|
||||||
|
rfprs = [revidx[i] for i in rids]
|
||||||
|
else:
|
||||||
|
rfprs = []
|
||||||
|
return fpr, rfprs
|
||||||
|
|
||||||
|
|
||||||
def _get_submission_address(address: str):
|
def _get_submission_address(address: str):
|
||||||
|
@ -572,8 +586,10 @@ def main():
|
||||||
except urllib.error.URLError:
|
except urllib.error.URLError:
|
||||||
print('No WKS submission address found. Does your provider support WKS?')
|
print('No WKS submission address found. Does your provider support WKS?')
|
||||||
exit(1)
|
exit(1)
|
||||||
fp = _gpg_get_uid_fp(ad)
|
fp, rfprs = _gpg_get_uid_fp(ad)
|
||||||
print(f'Chose {fp}')
|
print(f'Chose {fp}')
|
||||||
|
for rfpr in rfprs:
|
||||||
|
print(f'Chose revoked key {rfpr}')
|
||||||
pw = getpass('Enter IMAP/POP3/SMTP password (will not echo): ')
|
pw = getpass('Enter IMAP/POP3/SMTP password (will not echo): ')
|
||||||
for fn in [tb_wellknown_autoconfig, rfc6186_autoconfig, tb_ispdb_autoconfig, manual_config]:
|
for fn in [tb_wellknown_autoconfig, rfc6186_autoconfig, tb_ispdb_autoconfig, manual_config]:
|
||||||
autoconf = fn(ad, pw)
|
autoconf = fn(ad, pw)
|
||||||
|
@ -610,7 +626,7 @@ def main():
|
||||||
with incoming_server:
|
with incoming_server:
|
||||||
now = datetime.utcnow()
|
now = datetime.utcnow()
|
||||||
done = False
|
done = False
|
||||||
request = _create_submission_request(ad, fp, sa)
|
request = _create_submission_request(ad, sa, fp, rfprs)
|
||||||
print('Sending submission request')
|
print('Sending submission request')
|
||||||
with outgoing_server:
|
with outgoing_server:
|
||||||
outgoing_server.send_message(request)
|
outgoing_server.send_message(request)
|
||||||
|
|
Loading…
Reference in a new issue