Skip to content

Wkd selects usable key from all received #3401

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 7, 2021
Merged

Wkd selects usable key from all received #3401

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions extension/js/common/api/key-server/wkd.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,12 @@ export class Wkd extends Api {
if (!response.buf) {
return { pubkey: null, pgpClient: null }; // do not retry direct if advanced had a policy file
}
const { keys: [key], errs } = await KeyUtil.readMany(response.buf);
if (errs.length || !key || !key.emails.some(x => x.toLowerCase() === email.toLowerCase())) {
const { keys, errs } = await KeyUtil.readMany(response.buf);
if (errs.length) {
return { pubkey: null, pgpClient: null };
}
const key = keys.find(key => key.usableForEncryption && key.emails.some(x => x.toLowerCase() === email.toLowerCase()));
if (!key) {
return { pubkey: null, pgpClient: null };
}
// if recipient uses same domain, we assume they use flowcrypt
Expand Down
93 changes: 93 additions & 0 deletions test/source/mock/wkd/wkd-endpoints.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,96 @@ nmusEeYtrrMytL4oUohBVZk=
-----END PGP PUBLIC KEY BLOCK-----
`;

const validAmongRevoked = `
-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGAeWswBCADHMQfmD4m5gO9DBsmDBOF2a/Bd0pGtJvjQwRYugvLZrupaqGnifxCmn1MlB4vy
ahGYDimEjfk8BtGUAC1ESP407m2gF/KCmizn9OQHFCXeksND7vTpawI+6S5SQl9IRsKKimgdhLqQ
1xUa90sY/sRvtfeVp1Ty/OFI/zLKx5yZxEQU9UiV0+Oo8EpWjaa0SW3gQQo+ubIkoH6ARIdu3t4N
sJBBXyo08UjBHY1W4N4TWIagGiT+XxPIgoUWi4MWv+iDhl/y8+MFckxgtA4ak0dMCTYrlbYe1GC1
A64UJraAkutN3CS58/lmYKZGl9sJzJvJCzBZ8CS5XoY+NPk8R7opABEBAAHCwHYEIAEIACAWIQSl
z8jo6krmmYn+JjEJfuvzVCWaXgUCYB5bIgIdAAAKCRAJfuvzVCWaXtKSCAC+pxvWG41iauUOzClO
i4atME29fgfxMKyZHMz6eCjBoKsIlYpo1fI0iMooLVfI+m9kRIiIDI5pNUVi55uxgowHIl1MAB0S
pxH9jsnwVQ3hY7q5kRe+djV9PzfUnXW0Yocu8rNLi9LFYhINEZ2+F19KvNQG9H8/aLSO2oALSXcT
JyGI01tNHXy3y6VtaY2UXYEsGR23y/OfcJHYkyWQi4DvvTscjNfL+wcGVBsGqlRoJeSD5mdGsJN/
+wEhGyFqcNV9YqEeqZl9F1ZvlEThzWNMY423625uhU2qSPiigHToN7JrDMG2NGpfy/5/aCQXApGZ
VHRa9UTF/xINKK6o2dfmzRZzb21lLnJldm9rZWRAbG9jYWxob3N0wsCJBBMBCAAzFiEEpc/I6OpK
5pmJ/iYxCX7r81Qlml4FAmAeWtECGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEAl+6/NUJZpel0wI
ALaREAYnFJd81M3peZDB0/qGs/G6VT/8Gp4ABVIgsrexhkVITyr9BeVZ2TPr8uDLssbvTNaFWtig
bgJT2p6rB73gNY+b4MdNk2fvy1nT4nB8RxwVcIW2K4SRHixw4a2Ro87S9+JaOPzXmvl19GgGjwhU
XIaZuYYaz6E9poXpDPdIjj0tWIplhW06PtQTbcCX5ulf1AYSqtuEz3szUDsfC40kN4aZKR8Pri9i
b3BJaz6vKwrcufL5pkXW7h/Nfxx/xWrx43rdxLE13bmQzUnfh3YjNcjWfAuXHMH5nyeoVwZScUH/
wALgwIJbVHXSn3uUAq5DTROHVu5+tPgMt3V6VajOwE0EYB5a0gEIANCbJg/MWZfB/Ofli7Dptgb4
Mt7jF3DRV0/joFRX1TvHHbQaR1GJZEWUVEYaKSKTTqW1VR2rDha4C/+llyiHrNbsPZrcFX9VY9az
hIyAkMicmMZ9fmgieXY5oAByyExWH8g38q2UoqQy595mj3OOJVD6+Qmg1WrV1JoBB3G3imK1noWn
DeLLq/LdK2ys3CFmDDt5ddhyqkxX6mxdPWhFOmfZQ0t3mQd38tV9er0kjvB7CG0zL3F/zQsrhO/j
VFmhXqHLcdJwMQbagfBLITtgAFEK7eVpyGwxCNjHfgw82RgptB/A4QySWp8nDPp7kdG2U9Kekis1
eHxKDu9AF3+FIV0AEQEAAcLAdgQYAQgAIBYhBKXPyOjqSuaZif4mMQl+6/NUJZpeBQJgHlrZAhsM
AAoJEAl+6/NUJZpemygH/ihN+ItFXT2/WRL5z4e2PMNpEhu4VEDFM7BpmfCj1fT8ns45vSY8J3QN
K5GAV1aY2wbIcDrlI4io0xdYSSUYBh/qwVlxRLWtIm0d15V0w9gZOlF58/uL5Yt8uLPU7coiwfoX
u8pi5UA4ZwjiMRtIw1sppvW48oUCyXuRA25/4RjyiwYpMzM/KfT7wjYGoGQijZSgvDcvZjAlwsNX
HpB6etO8CPq9VDcnNWATN/3XSv06LXpShQVZkxWYOG0betwzVCc4Jq3mARjsFXOZvtqB+mSkbP4T
+LugD7yQtGt711i3rvwrTVtBQefALyg/mOPZjCWe5rSAYPdDNLj+6El4p80=
=vqJ0
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGAeYQ0BCADHMOjbN/X/TH4JpTz7Sj1VTGIeXzWUVZIbsjLgp8U0dFo2zWXMsgLsnNAZuL43
pUAnIqw+wvUcSpndEO79upVvUzc1qgvp2DTJuDrVGAPx1cqKOi3A/XPO0uIxTyCChcQBQ+YUvwc6
7ZU69irRC320AQC5aFrL+yP7RmlWQgslJ0qJXPa3On6Cp71GL26iADPXnQOqZtmhv87nYlHhimOv
bKLtC/YMTqGk0h7HqNQPcP8B6bylofS/7Rgy+JKsqWmlng+U/0uQWsnfIua0BPkrZYwJdaF77cs1
7A2LV2glUiG7XzPkHPTMtG3xV7ZbiAsLSwWN7x1mG3uvpppeXkd1ABEBAAHNFnNvbWUucmV2b2tl
ZEBsb2NhbGhvc3TCwIkEEwEIADMWIQTWZixfub3p2gHzmUqqHvgy2Myk8gUCYB5hFQIbAwULCQgH
AgYVCAkKCwIFFgIDAQAACgkQqh74MtjMpPI7JQf8Dnw4XZLgR8lZV0S4e9JhG/cQqhIzXKVAFcMF
EPWVEHfUYTBCDmTPpi4m9rl5P9T70TXjMbpb6BzvuTS+OZHfyaj8YB39C5FKtqEemoMyO+VO5t7b
I4jUMG3Uu2kuwgN6I2g8jYeA6SYcoUN6NHIpQTkS2BW2IICWqUh09EfcVvdQbZKbMLaoQLfJvTze
gH7LPuNxsvfuhVPtL9WzOIgSFKDmfQnpHluJRKcAhK+aahtUetdsBemBrP7JbNIreIb6+qhmX4q5
8uGVUFrucSjRwFqqlxSo63ze1jsyzpOvfdzsaDMOG1yIX28cqfOZJpDft5nQjnznjSTJ3I6tGHtL
qs7ATQRgHmEVAQgArN5xkxz80Cbfm9UOT3U5wPkYyn/LA7UAfcdqk+rgLy+3dGItnUs2Lqa87fbT
YMf2Zj2fFnuIJ29DcPxRBF9s8FbeLx04wmzvw5TRE8AKvg4wGFlWm+pTOuik6069k/09rgCb5fOf
xEH6NKApQldaZGLWm8ThNX6jv30PwIjB/NwfCaGug6ehLyXGVSJuPhP5oYWUr/d+ppY5cNuObE83
ZAcOEYgdXFzERzTz25DnO38vhGlkBZZkBaGpLNfIbT7g9Ur4AVkMzJeOLIRtd7HDjWT8mww3DWly
UbdOhQoFEbQE2oVmYBBYXYMyS5wtRTufpcNYT+UC81W8nsX3rD2J3wARAQABwsB2BBgBCAAgFiEE
1mYsX7m96doB85lKqh74MtjMpPIFAmAeYRoCGwwACgkQqh74MtjMpPJp5QgApZ+Bm8v/EiwhIBnv
yAsXlVeMnKjnX8pjJouYtIwk4MoryZ6Ris/VD0WGG5nmgD5x9CbWNLh+pUj4I41uyMIbt++q5xlc
6qw4GsZVUkcTKIARKpPVvxkcZHlBbtkNj+US31lvkBlLPoIyn0/TB3aw9Sxu+DY0+tORGNI6VkAO
wPK57RZ8W/IQ7x76k7S44m634e6usKnD+reitX1QWi3vel8HC4qxviu/xLbIJyjMR1IgPsUWaMAe
DC024L0txF5zDnbODx9X1LM+/8D1pVizUjOwt1liPq0hh2JKU8iLqzdSkv0dte0UbEUPMyCVp8h6
scbnq9KEwLGCMJ0IkCSUNA==
=iXGJ
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGAeYGoBCADtGkPOvJG+Q1Sf3QcAbF6SpEyhkkjItMbpItg1kjrI4krD75aoPy0NemYkjWKk
4u5jpiWQjnsluvaayc98j2rphbM2Uh5n/pdFBhqJtZPspQI7JWaZ1ylDiwb42Yv5ofoZaGcurRBA
4v7A+PXJnY2Vi1eR+cpKPqIRYuf/h0Qesx9yRWV49C7EWgYtAZJktUeoBb3Sl0IIpwkPaydIu9C4
wILC8hSvZWwMsQF6mQ9UT3hy6c2TG198t3n3h5zazOW5y1LgCQuFFBsFSqEpmS4i2dEUwzifVPGb
3EzHykQxzEOoeuJX+5gBvSbKmI9vBnNUR1aNRUKb7BpmXSX/cGF/ABEBAAHCwHYEIAEIACAWIQQ5
MHUlVtV8RqHFa2PehTjdoWSMdgUCYB5gjAIdAAAKCRDehTjdoWSMdrAACADTjO3A7pPJIJhQUrfg
ep3BIFzev9XVrxi2zZTysRy47X5GklPJvmjuMKCdbFBFHomXhDX3jUqomvnQ7xfTpEzXQ+9uJTyO
pUmzhspo94r9e+EKPYSkQ1mdHX1RHhbLhJ6wN2dS9pJXMEYsKC9LI1UuQ+Xa0W6/rPwuLNr5GrGj
tmmgneD2R1ZVfOdfbgtCrRZYn9mP3aVWklcVuAX3R0EDpRtg8b21AOUCMS7ig1V9+90R0lpg1czi
nnW6bdVQ7xEac60A822VnGjKbuHpl+/HIr4NGBdgNQXSkMc3414qMpQkCF+GqvnfZJ9SIaROD43z
CIVHMlFCvmEUc4wo/KnYzRZzb21lLnJldm9rZWRAbG9jYWxob3N0wsCJBBMBCAAzFiEEOTB1JVbV
fEahxWtj3oU43aFkjHYFAmAeYHACGwMFCwkIBwIGFQgJCgsCBRYCAwEAAAoJEN6FON2hZIx2HMQH
/1d7jcl6SWHi+yhgyDPhuyC2PNHb6xhUA56FTx+rVVggdjSDm0XtVMNaRn6oYEIHdGH37Q62FQ0V
4vP+lfwQk57alwM7ova1+FBp1+MOAsAolIHX9ZhQd6wcJ/Y7l5RxwCaqrdCtDBL8WwLg08A/YnHg
nBHjVzPwDH8BEY4e69Xqx96F24cSZyJCpMpdx8ybtS0zf+hzumMs4S6WIQMLRF91raqeFAj8CSPM
Ll8Wb3J74jhqHFhLXG9Idwngr2UvJE4HrTwHnt1hl0Jz4+eJxTcd/Jr+Ri50v3I5ehxR+7Ns3xxW
Lb2aG+VIDZnnOkLmFvLhFIvvi+qJryf5Vr0Q5T/OwE0EYB5gcAEIAK9IafA5yin+wEUnVxrsBySO
UYN7aQFI5X1sX9H5htDXzZsjEYDE1J9JZodmJlqPr5BunJSKK4VUMRuESX+alP7VnG1zkdCGgP2O
INGDpdBfKyEpz2ItAVxl4inv8zNXKA+kV1AXkrNkvgP3Lv4jdnTKRq7i6+T9XNUlO46+42EU/fIO
PHG9se3R1bSneKrtv0JsDOf5SSPPdgZimOAkMZmOA6G6aNUOyMNKMO2x9DNzlYl+O4tJuaiJvhOO
VTltxbuMlS2t9/Eo7rkJsudWAWMLETt+9M1koEZKAmUcUWn3dCz7ElclrgTOq8dr8XwKbjFXpbNP
J5gMcDCJG5SJLX0AEQEAAcLAdgQYAQgAIBYhBDkwdSVW1XxGocVrY96FON2hZIx2BQJgHmB1AhsM
AAoJEN6FON2hZIx2Mj8H/RLWjoqApna6t4h6zJjX3XvkJXVGyFh4Qt1+an05knUkiVkbiRBmb1sA
s9Tq3rOY2D1L2ztx7zBcfGlZOmTjuTLxQM2OaA/PpX+9u/MVlJktNi3q+wxrqgIwcZAo2agQtOmV
cq4w9llj06CRUTKo4LwPK0ESP2OfNQtWaz5sceUI5parHn4n8aV1nQ3pTAaIhTOkzhbm+3aH8wby
hgT9Z+4pYT+erCXPq+wd0CBm5J3631frN+OPtftYLl/ESRkaX7c/ULkn7xePo8Uwd3JgpIgJuN8p
ctnWuBzRDeI0n6XDaPv5TpKpS7uqy/fTlJLGE9vZTFUKzeGkQFomBoXNVWs=
=vKdv
-----END PGP PUBLIC KEY BLOCK-----
`;
// todo - add a not found test with: throw new HttpClientErr('Pubkey not found', 404);

export const mockWkdEndpoints: HandlersDefinition = {
Expand All @@ -116,6 +206,9 @@ export const mockWkdEndpoints: HandlersDefinition = {
'/.well-known/openpgpkey/localhost/hu/pob4adi8roqdsmtmxikx68pi6ij35oca?l=incorrect': async () => {
return alice; // advanced for incorrect@localhost
},
'/.well-known/openpgpkey/localhost/hu/66iu18j7mk6hod4wqzf6qd37u6wejx4y?l=some.revoked': async () => {
return validAmongRevoked;
Copy link
Collaborator

@tomholub tomholub Feb 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed - we are returning armored keys here on the WKD endpoints but that does not reflect how WKD returns keys (which should be unarmored bytes, concatenated). I'll make another issue for this.

},
'/.well-known/openpgpkey/localhost/policy': async () => {
return ''; // allow advanced for localhost
},
Expand Down
17 changes: 17 additions & 0 deletions test/source/tests/browser-unit-tests/unit-Wkd.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,23 @@ BROWSER_UNIT_TEST_NAME(`Wkd advanced method`);
return 'pass';
})();

BROWSER_UNIT_TEST_NAME(`Wkd client picks valid key among revoked keys`);
(async () => {
const wkd = new Wkd('flowcrypt.com');
wkd.port = 8001;
const email = 'some.revoked@localhost';
const pubkey = (await wkd.lookupEmail(email)).pubkey;
if (!pubkey) {
throw Error(`Wkd for ${email} didn't return a pubkey`);
}
const key = await KeyUtil.parse(pubkey);
if (key && key.id.toUpperCase() === 'D6662C5FB9BDE9DA01F3994AAA1EF832D8CCA4F2' && key.usableForEncryption) {
return 'pass';
} else {
return `Expected key with id=D6662C5FB9BDE9DA01F3994AAA1EF832D8CCA4F2 wasn't received`;
}
})();

BROWSER_UNIT_TEST_NAME(`Wkd advanced shouldn't fall back on direct if advanced policy file is present`);
(async () => {
const wkd = new Wkd('flowcrypt.com');
Expand Down