From 0e287cc0d133d4e16ac1b141e84abf90b18b5c10 Mon Sep 17 00:00:00 2001 From: Roman Shevchenko Date: Sat, 6 Feb 2021 05:37:04 -0500 Subject: [PATCH] Wkd selects usable key from all received --- extension/js/common/api/key-server/wkd.ts | 8 +- test/source/mock/wkd/wkd-endpoints.ts | 93 +++++++++++++++++++ .../tests/browser-unit-tests/unit-Wkd.js | 17 ++++ 3 files changed, 116 insertions(+), 2 deletions(-) diff --git a/extension/js/common/api/key-server/wkd.ts b/extension/js/common/api/key-server/wkd.ts index 35119a8e7a5..c42fec84a9b 100644 --- a/extension/js/common/api/key-server/wkd.ts +++ b/extension/js/common/api/key-server/wkd.ts @@ -58,8 +58,12 @@ export class Wkd extends Api { if (!response.buf) { return { pubkey: null, pgpClient: null }; // do not retry direct if advanced had a policy file } - const { keys: [key], errs } = await KeyUtil.readMany(response.buf); - if (errs.length || !key || !key.emails.some(x => x.toLowerCase() === email.toLowerCase())) { + const { keys, errs } = await KeyUtil.readMany(response.buf); + if (errs.length) { + return { pubkey: null, pgpClient: null }; + } + const key = keys.find(key => key.usableForEncryption && key.emails.some(x => x.toLowerCase() === email.toLowerCase())); + if (!key) { return { pubkey: null, pgpClient: null }; } // if recipient uses same domain, we assume they use flowcrypt diff --git a/test/source/mock/wkd/wkd-endpoints.ts b/test/source/mock/wkd/wkd-endpoints.ts index 4a6b6567e12..76a78f0f21f 100644 --- a/test/source/mock/wkd/wkd-endpoints.ts +++ b/test/source/mock/wkd/wkd-endpoints.ts @@ -95,6 +95,96 @@ nmusEeYtrrMytL4oUohBVZk= -----END PGP PUBLIC KEY BLOCK----- `; +const validAmongRevoked = ` +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsBNBGAeWswBCADHMQfmD4m5gO9DBsmDBOF2a/Bd0pGtJvjQwRYugvLZrupaqGnifxCmn1MlB4vy +ahGYDimEjfk8BtGUAC1ESP407m2gF/KCmizn9OQHFCXeksND7vTpawI+6S5SQl9IRsKKimgdhLqQ +1xUa90sY/sRvtfeVp1Ty/OFI/zLKx5yZxEQU9UiV0+Oo8EpWjaa0SW3gQQo+ubIkoH6ARIdu3t4N +sJBBXyo08UjBHY1W4N4TWIagGiT+XxPIgoUWi4MWv+iDhl/y8+MFckxgtA4ak0dMCTYrlbYe1GC1 +A64UJraAkutN3CS58/lmYKZGl9sJzJvJCzBZ8CS5XoY+NPk8R7opABEBAAHCwHYEIAEIACAWIQSl +z8jo6krmmYn+JjEJfuvzVCWaXgUCYB5bIgIdAAAKCRAJfuvzVCWaXtKSCAC+pxvWG41iauUOzClO +i4atME29fgfxMKyZHMz6eCjBoKsIlYpo1fI0iMooLVfI+m9kRIiIDI5pNUVi55uxgowHIl1MAB0S +pxH9jsnwVQ3hY7q5kRe+djV9PzfUnXW0Yocu8rNLi9LFYhINEZ2+F19KvNQG9H8/aLSO2oALSXcT +JyGI01tNHXy3y6VtaY2UXYEsGR23y/OfcJHYkyWQi4DvvTscjNfL+wcGVBsGqlRoJeSD5mdGsJN/ ++wEhGyFqcNV9YqEeqZl9F1ZvlEThzWNMY423625uhU2qSPiigHToN7JrDMG2NGpfy/5/aCQXApGZ +VHRa9UTF/xINKK6o2dfmzRZzb21lLnJldm9rZWRAbG9jYWxob3N0wsCJBBMBCAAzFiEEpc/I6OpK +5pmJ/iYxCX7r81Qlml4FAmAeWtECGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEAl+6/NUJZpel0wI +ALaREAYnFJd81M3peZDB0/qGs/G6VT/8Gp4ABVIgsrexhkVITyr9BeVZ2TPr8uDLssbvTNaFWtig +bgJT2p6rB73gNY+b4MdNk2fvy1nT4nB8RxwVcIW2K4SRHixw4a2Ro87S9+JaOPzXmvl19GgGjwhU +XIaZuYYaz6E9poXpDPdIjj0tWIplhW06PtQTbcCX5ulf1AYSqtuEz3szUDsfC40kN4aZKR8Pri9i +b3BJaz6vKwrcufL5pkXW7h/Nfxx/xWrx43rdxLE13bmQzUnfh3YjNcjWfAuXHMH5nyeoVwZScUH/ +wALgwIJbVHXSn3uUAq5DTROHVu5+tPgMt3V6VajOwE0EYB5a0gEIANCbJg/MWZfB/Ofli7Dptgb4 +Mt7jF3DRV0/joFRX1TvHHbQaR1GJZEWUVEYaKSKTTqW1VR2rDha4C/+llyiHrNbsPZrcFX9VY9az +hIyAkMicmMZ9fmgieXY5oAByyExWH8g38q2UoqQy595mj3OOJVD6+Qmg1WrV1JoBB3G3imK1noWn +DeLLq/LdK2ys3CFmDDt5ddhyqkxX6mxdPWhFOmfZQ0t3mQd38tV9er0kjvB7CG0zL3F/zQsrhO/j +VFmhXqHLcdJwMQbagfBLITtgAFEK7eVpyGwxCNjHfgw82RgptB/A4QySWp8nDPp7kdG2U9Kekis1 +eHxKDu9AF3+FIV0AEQEAAcLAdgQYAQgAIBYhBKXPyOjqSuaZif4mMQl+6/NUJZpeBQJgHlrZAhsM +AAoJEAl+6/NUJZpemygH/ihN+ItFXT2/WRL5z4e2PMNpEhu4VEDFM7BpmfCj1fT8ns45vSY8J3QN +K5GAV1aY2wbIcDrlI4io0xdYSSUYBh/qwVlxRLWtIm0d15V0w9gZOlF58/uL5Yt8uLPU7coiwfoX +u8pi5UA4ZwjiMRtIw1sppvW48oUCyXuRA25/4RjyiwYpMzM/KfT7wjYGoGQijZSgvDcvZjAlwsNX +HpB6etO8CPq9VDcnNWATN/3XSv06LXpShQVZkxWYOG0betwzVCc4Jq3mARjsFXOZvtqB+mSkbP4T ++LugD7yQtGt711i3rvwrTVtBQefALyg/mOPZjCWe5rSAYPdDNLj+6El4p80= +=vqJ0 +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsBNBGAeYQ0BCADHMOjbN/X/TH4JpTz7Sj1VTGIeXzWUVZIbsjLgp8U0dFo2zWXMsgLsnNAZuL43 +pUAnIqw+wvUcSpndEO79upVvUzc1qgvp2DTJuDrVGAPx1cqKOi3A/XPO0uIxTyCChcQBQ+YUvwc6 +7ZU69irRC320AQC5aFrL+yP7RmlWQgslJ0qJXPa3On6Cp71GL26iADPXnQOqZtmhv87nYlHhimOv +bKLtC/YMTqGk0h7HqNQPcP8B6bylofS/7Rgy+JKsqWmlng+U/0uQWsnfIua0BPkrZYwJdaF77cs1 +7A2LV2glUiG7XzPkHPTMtG3xV7ZbiAsLSwWN7x1mG3uvpppeXkd1ABEBAAHNFnNvbWUucmV2b2tl +ZEBsb2NhbGhvc3TCwIkEEwEIADMWIQTWZixfub3p2gHzmUqqHvgy2Myk8gUCYB5hFQIbAwULCQgH +AgYVCAkKCwIFFgIDAQAACgkQqh74MtjMpPI7JQf8Dnw4XZLgR8lZV0S4e9JhG/cQqhIzXKVAFcMF +EPWVEHfUYTBCDmTPpi4m9rl5P9T70TXjMbpb6BzvuTS+OZHfyaj8YB39C5FKtqEemoMyO+VO5t7b +I4jUMG3Uu2kuwgN6I2g8jYeA6SYcoUN6NHIpQTkS2BW2IICWqUh09EfcVvdQbZKbMLaoQLfJvTze +gH7LPuNxsvfuhVPtL9WzOIgSFKDmfQnpHluJRKcAhK+aahtUetdsBemBrP7JbNIreIb6+qhmX4q5 +8uGVUFrucSjRwFqqlxSo63ze1jsyzpOvfdzsaDMOG1yIX28cqfOZJpDft5nQjnznjSTJ3I6tGHtL +qs7ATQRgHmEVAQgArN5xkxz80Cbfm9UOT3U5wPkYyn/LA7UAfcdqk+rgLy+3dGItnUs2Lqa87fbT +YMf2Zj2fFnuIJ29DcPxRBF9s8FbeLx04wmzvw5TRE8AKvg4wGFlWm+pTOuik6069k/09rgCb5fOf +xEH6NKApQldaZGLWm8ThNX6jv30PwIjB/NwfCaGug6ehLyXGVSJuPhP5oYWUr/d+ppY5cNuObE83 +ZAcOEYgdXFzERzTz25DnO38vhGlkBZZkBaGpLNfIbT7g9Ur4AVkMzJeOLIRtd7HDjWT8mww3DWly +UbdOhQoFEbQE2oVmYBBYXYMyS5wtRTufpcNYT+UC81W8nsX3rD2J3wARAQABwsB2BBgBCAAgFiEE +1mYsX7m96doB85lKqh74MtjMpPIFAmAeYRoCGwwACgkQqh74MtjMpPJp5QgApZ+Bm8v/EiwhIBnv +yAsXlVeMnKjnX8pjJouYtIwk4MoryZ6Ris/VD0WGG5nmgD5x9CbWNLh+pUj4I41uyMIbt++q5xlc +6qw4GsZVUkcTKIARKpPVvxkcZHlBbtkNj+US31lvkBlLPoIyn0/TB3aw9Sxu+DY0+tORGNI6VkAO +wPK57RZ8W/IQ7x76k7S44m634e6usKnD+reitX1QWi3vel8HC4qxviu/xLbIJyjMR1IgPsUWaMAe +DC024L0txF5zDnbODx9X1LM+/8D1pVizUjOwt1liPq0hh2JKU8iLqzdSkv0dte0UbEUPMyCVp8h6 +scbnq9KEwLGCMJ0IkCSUNA== +=iXGJ +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsBNBGAeYGoBCADtGkPOvJG+Q1Sf3QcAbF6SpEyhkkjItMbpItg1kjrI4krD75aoPy0NemYkjWKk +4u5jpiWQjnsluvaayc98j2rphbM2Uh5n/pdFBhqJtZPspQI7JWaZ1ylDiwb42Yv5ofoZaGcurRBA +4v7A+PXJnY2Vi1eR+cpKPqIRYuf/h0Qesx9yRWV49C7EWgYtAZJktUeoBb3Sl0IIpwkPaydIu9C4 +wILC8hSvZWwMsQF6mQ9UT3hy6c2TG198t3n3h5zazOW5y1LgCQuFFBsFSqEpmS4i2dEUwzifVPGb +3EzHykQxzEOoeuJX+5gBvSbKmI9vBnNUR1aNRUKb7BpmXSX/cGF/ABEBAAHCwHYEIAEIACAWIQQ5 +MHUlVtV8RqHFa2PehTjdoWSMdgUCYB5gjAIdAAAKCRDehTjdoWSMdrAACADTjO3A7pPJIJhQUrfg +ep3BIFzev9XVrxi2zZTysRy47X5GklPJvmjuMKCdbFBFHomXhDX3jUqomvnQ7xfTpEzXQ+9uJTyO +pUmzhspo94r9e+EKPYSkQ1mdHX1RHhbLhJ6wN2dS9pJXMEYsKC9LI1UuQ+Xa0W6/rPwuLNr5GrGj +tmmgneD2R1ZVfOdfbgtCrRZYn9mP3aVWklcVuAX3R0EDpRtg8b21AOUCMS7ig1V9+90R0lpg1czi +nnW6bdVQ7xEac60A822VnGjKbuHpl+/HIr4NGBdgNQXSkMc3414qMpQkCF+GqvnfZJ9SIaROD43z +CIVHMlFCvmEUc4wo/KnYzRZzb21lLnJldm9rZWRAbG9jYWxob3N0wsCJBBMBCAAzFiEEOTB1JVbV +fEahxWtj3oU43aFkjHYFAmAeYHACGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEN6FON2hZIx2HMQH +/1d7jcl6SWHi+yhgyDPhuyC2PNHb6xhUA56FTx+rVVggdjSDm0XtVMNaRn6oYEIHdGH37Q62FQ0V +4vP+lfwQk57alwM7ova1+FBp1+MOAsAolIHX9ZhQd6wcJ/Y7l5RxwCaqrdCtDBL8WwLg08A/YnHg +nBHjVzPwDH8BEY4e69Xqx96F24cSZyJCpMpdx8ybtS0zf+hzumMs4S6WIQMLRF91raqeFAj8CSPM +Ll8Wb3J74jhqHFhLXG9Idwngr2UvJE4HrTwHnt1hl0Jz4+eJxTcd/Jr+Ri50v3I5ehxR+7Ns3xxW +Lb2aG+VIDZnnOkLmFvLhFIvvi+qJryf5Vr0Q5T/OwE0EYB5gcAEIAK9IafA5yin+wEUnVxrsBySO +UYN7aQFI5X1sX9H5htDXzZsjEYDE1J9JZodmJlqPr5BunJSKK4VUMRuESX+alP7VnG1zkdCGgP2O +INGDpdBfKyEpz2ItAVxl4inv8zNXKA+kV1AXkrNkvgP3Lv4jdnTKRq7i6+T9XNUlO46+42EU/fIO +PHG9se3R1bSneKrtv0JsDOf5SSPPdgZimOAkMZmOA6G6aNUOyMNKMO2x9DNzlYl+O4tJuaiJvhOO +VTltxbuMlS2t9/Eo7rkJsudWAWMLETt+9M1koEZKAmUcUWn3dCz7ElclrgTOq8dr8XwKbjFXpbNP +J5gMcDCJG5SJLX0AEQEAAcLAdgQYAQgAIBYhBDkwdSVW1XxGocVrY96FON2hZIx2BQJgHmB1AhsM +AAoJEN6FON2hZIx2Mj8H/RLWjoqApna6t4h6zJjX3XvkJXVGyFh4Qt1+an05knUkiVkbiRBmb1sA +s9Tq3rOY2D1L2ztx7zBcfGlZOmTjuTLxQM2OaA/PpX+9u/MVlJktNi3q+wxrqgIwcZAo2agQtOmV +cq4w9llj06CRUTKo4LwPK0ESP2OfNQtWaz5sceUI5parHn4n8aV1nQ3pTAaIhTOkzhbm+3aH8wby +hgT9Z+4pYT+erCXPq+wd0CBm5J3631frN+OPtftYLl/ESRkaX7c/ULkn7xePo8Uwd3JgpIgJuN8p +ctnWuBzRDeI0n6XDaPv5TpKpS7uqy/fTlJLGE9vZTFUKzeGkQFomBoXNVWs= +=vKdv +-----END PGP PUBLIC KEY BLOCK----- +`; // todo - add a not found test with: throw new HttpClientErr('Pubkey not found', 404); export const mockWkdEndpoints: HandlersDefinition = { @@ -116,6 +206,9 @@ export const mockWkdEndpoints: HandlersDefinition = { '/.well-known/openpgpkey/localhost/hu/pob4adi8roqdsmtmxikx68pi6ij35oca?l=incorrect': async () => { return alice; // advanced for incorrect@localhost }, + '/.well-known/openpgpkey/localhost/hu/66iu18j7mk6hod4wqzf6qd37u6wejx4y?l=some.revoked': async () => { + return validAmongRevoked; + }, '/.well-known/openpgpkey/localhost/policy': async () => { return ''; // allow advanced for localhost }, diff --git a/test/source/tests/browser-unit-tests/unit-Wkd.js b/test/source/tests/browser-unit-tests/unit-Wkd.js index 0a779d7b2f8..319e2f055ab 100644 --- a/test/source/tests/browser-unit-tests/unit-Wkd.js +++ b/test/source/tests/browser-unit-tests/unit-Wkd.js @@ -52,6 +52,23 @@ BROWSER_UNIT_TEST_NAME(`Wkd advanced method`); return 'pass'; })(); +BROWSER_UNIT_TEST_NAME(`Wkd client picks valid key among revoked keys`); +(async () => { + const wkd = new Wkd('flowcrypt.com'); + wkd.port = 8001; + const email = 'some.revoked@localhost'; + const pubkey = (await wkd.lookupEmail(email)).pubkey; + if (!pubkey) { + throw Error(`Wkd for ${email} didn't return a pubkey`); + } + const key = await KeyUtil.parse(pubkey); + if (key && key.id.toUpperCase() === 'D6662C5FB9BDE9DA01F3994AAA1EF832D8CCA4F2' && key.usableForEncryption) { + return 'pass'; + } else { + return `Expected key with id=D6662C5FB9BDE9DA01F3994AAA1EF832D8CCA4F2 wasn't received`; + } +})(); + BROWSER_UNIT_TEST_NAME(`Wkd advanced shouldn't fall back on direct if advanced policy file is present`); (async () => { const wkd = new Wkd('flowcrypt.com');