forked from keybase/client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
revoke_sigs.go
103 lines (90 loc) · 2.22 KB
/
revoke_sigs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package engine
import (
"fmt"
"github.com/keybase/client/go/libkb"
keybase1 "github.com/keybase/client/go/protocol"
)
type RevokeSigsEngine struct {
libkb.Contextified
sigIDs []keybase1.SigID
}
func NewRevokeSigsEngine(sigIDs []keybase1.SigID, g *libkb.GlobalContext) *RevokeSigsEngine {
return &RevokeSigsEngine{
sigIDs: sigIDs,
Contextified: libkb.NewContextified(g),
}
}
func (e *RevokeSigsEngine) Name() string {
return "RevokeSigs"
}
func (e *RevokeSigsEngine) Prereqs() Prereqs {
return Prereqs{
Device: true,
}
}
func (e *RevokeSigsEngine) RequiredUIs() []libkb.UIKind {
return []libkb.UIKind{
libkb.LogUIKind,
libkb.SecretUIKind,
}
}
func (e *RevokeSigsEngine) SubConsumers() []libkb.UIConsumer {
return []libkb.UIConsumer{}
}
func (e *RevokeSigsEngine) getSigIDsToRevoke(me *libkb.User) ([]keybase1.SigID, error) {
ret := make([]keybase1.SigID, len(e.sigIDs))
copy(ret, e.sigIDs)
for _, sigID := range ret {
valid, err := me.IsSigIDActive(sigID)
if err != nil {
return nil, err
}
if !valid {
return nil, fmt.Errorf("Signature '%s' does not exist.", sigID)
}
}
return ret, nil
}
func (e *RevokeSigsEngine) Run(ctx *Context) error {
me, err := libkb.LoadMe(libkb.NewLoadUserArg(e.G()))
if err != nil {
return err
}
sigIDsToRevoke, err := e.getSigIDsToRevoke(me)
if err != nil {
return err
}
sigKey, err := e.G().Keyrings.GetSecretKeyWithPrompt(ctx.LoginContext, libkb.SecretKeyArg{
Me: me,
KeyType: libkb.DeviceSigningKeyType,
}, ctx.SecretUI, "to revoke a signature")
if sigKey == nil {
return fmt.Errorf("Revocation signing key is nil.")
}
if err = sigKey.CheckSecretKey(); err != nil {
return err
}
proof, err := me.RevokeSigsProof(sigKey, sigIDsToRevoke)
if err != nil {
return err
}
sig, _, _, err := libkb.SignJSON(proof, sigKey)
if err != nil {
return err
}
kid := sigKey.GetKID()
_, err = e.G().API.Post(libkb.APIArg{
Endpoint: "sig/revoke",
NeedSession: true,
Args: libkb.HTTPArgs{
"signing_kid": libkb.S{Val: kid.String()},
"sig": libkb.S{Val: sig},
},
})
if err != nil {
return err
}
return nil
}