Implement revoked key submission in client

This commit is contained in:
s3lph 2023-01-31 01:23:16 +01:00
parent 68ac57c4ce
commit f00ffb7dd2

View file

@ -397,7 +397,7 @@ def _parse_confirmation_request(address, fingerprint, encrypted):
return rdict['sender'], rdict['nonce'] return rdict['sender'], rdict['nonce']
def _create_submission_request(address: str, fingerprint: str, submission_address: str): def _create_submission_request(address: str, submission_address: str, fingerprint: str, revoked_fingerprints):
gpg = subprocess.Popen([ gpg = subprocess.Popen([
'/usr/bin/gpg', '--locate-keys', '--with-colons', submission_address '/usr/bin/gpg', '--locate-keys', '--with-colons', submission_address
], stdout=subprocess.PIPE, stderr=subprocess.PIPE) ], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@ -409,7 +409,7 @@ def _create_submission_request(address: str, fingerprint: str, submission_addres
'/usr/bin/gpg', '--armor', '/usr/bin/gpg', '--armor',
'--export-options', 'export-minimal', '--export-options', 'export-minimal',
'--export', fingerprint '--export', fingerprint
], stdout=subprocess.PIPE, stderr=subprocess.PIPE) ] + revoked_fingerprints, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
gpg.wait() gpg.wait()
if gpg.returncode != 0: if gpg.returncode != 0:
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}') raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
@ -529,26 +529,40 @@ def _gpg_get_uid_fp(address: str):
raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}') raise RuntimeError(f'gpg subprocess returned with non-zero exit code; stderr: {gpg.stderr.read()}')
keylist = gpg.stdout.read().decode() keylist = gpg.stdout.read().decode()
pubs = [] pubs = []
revoked = []
fprs = [] fprs = []
for line in keylist.splitlines(): for line in keylist.splitlines():
if line.startswith('pub:'): if line.startswith('pub:'):
pub = line.split(':')[4] pub = line.split(':')[4]
r = line.split(':')[1] == 'r'
pubs.append(pub) pubs.append(pub)
revoked.append(r)
elif line.startswith('fpr:'): elif line.startswith('fpr:'):
fpr = line.split(':')[9] fpr = line.split(':')[9]
fprs.append(fpr) fprs.append(fpr)
if len(pubs) == 0: valid = {fprs[i]: pub for i, pub in enumerate(pubs) if not revoked[i]}
raise ValueError(f'No key found for {address}.') revoked = {fprs[i]: pub for i, pub in enumerate(pubs) if revoked[i]}
elif len(pubs) > 1: if len(valid) == 0:
raise ValueError(f'No valid key found for {address}.')
elif len(valid) > 1:
print(f'Found multiple keys for {address}, please choose:') print(f'Found multiple keys for {address}, please choose:')
for i, pub in enumerate(pubs, start=1): fpridx = list(valid.keys())
print(f'{i}: {pub}') for i, f in enumerate(fpridx, start=1):
print(f'{i}: {f}')
i = int(input('Enter number: ')) - 1 i = int(input('Enter number: ')) - 1
fpr = fpridx[i]
else: else:
i = 0 fpr = list(valid.keys())[0]
pub = pubs[i] if len(revoked) > 0:
fpr = next(filter(lambda x: x.endswith(pub), fprs)) print(f'There are revoked keys for {address}. Please choose which to upload (separate multiple by spaces): ')
return fpr revidx = list(revoked.keys())
for i, f in enumerate(revidx, start=1):
print(f'{i}: {f}')
rids = [int(i)-1 for i in input('Enter number(s): ').split()]
rfprs = [revidx[i] for i in rids]
else:
rfprs = []
return fpr, rfprs
def _get_submission_address(address: str): def _get_submission_address(address: str):
@ -572,8 +586,10 @@ def main():
except urllib.error.URLError: except urllib.error.URLError:
print('No WKS submission address found. Does your provider support WKS?') print('No WKS submission address found. Does your provider support WKS?')
exit(1) exit(1)
fp = _gpg_get_uid_fp(ad) fp, rfprs = _gpg_get_uid_fp(ad)
print(f'Chose {fp}') print(f'Chose {fp}')
for rfpr in rfprs:
print(f'Chose revoked key {rfpr}')
pw = getpass('Enter IMAP/POP3/SMTP password (will not echo): ') pw = getpass('Enter IMAP/POP3/SMTP password (will not echo): ')
for fn in [tb_wellknown_autoconfig, rfc6186_autoconfig, tb_ispdb_autoconfig, manual_config]: for fn in [tb_wellknown_autoconfig, rfc6186_autoconfig, tb_ispdb_autoconfig, manual_config]:
autoconf = fn(ad, pw) autoconf = fn(ad, pw)
@ -610,7 +626,7 @@ def main():
with incoming_server: with incoming_server:
now = datetime.utcnow() now = datetime.utcnow()
done = False done = False
request = _create_submission_request(ad, fp, sa) request = _create_submission_request(ad, sa, fp, rfprs)
print('Sending submission request') print('Sending submission request')
with outgoing_server: with outgoing_server:
outgoing_server.send_message(request) outgoing_server.send_message(request)