summaryrefslogtreecommitdiff
path: root/src/lib/pgp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pgp')
-rw-r--r--src/lib/pgp/sign.ts1
-rw-r--r--src/lib/pgp/trust.ts5
-rw-r--r--src/lib/pgp/user.ts33
-rw-r--r--src/lib/pgp/verify.ts39
4 files changed, 42 insertions, 36 deletions
diff --git a/src/lib/pgp/sign.ts b/src/lib/pgp/sign.ts
index 5f7f5a8..6d1e78c 100644
--- a/src/lib/pgp/sign.ts
+++ b/src/lib/pgp/sign.ts
@@ -26,6 +26,7 @@ export class Signature {
getPackets(key?: MaybeIterable<KeyID>): Packet[] {
key ??= this.signingKeyIDs;
+ // deno-lint-ignore no-undef
const iterator = Iterator.from(surelyIterable(key));
return iterator.map((key) => this.#packets.get(key.bytes)).filter(defined)
.flatMap(identity).toArray();
diff --git a/src/lib/pgp/trust.ts b/src/lib/pgp/trust.ts
index cf022b4..34d454b 100644
--- a/src/lib/pgp/trust.ts
+++ b/src/lib/pgp/trust.ts
@@ -1,19 +1,20 @@
import type { Key } from "npm:openpgp@^6.1.1";
-import { TRUSTED_KEYS_DIR } from "../../consts.ts";
import { createKeysFromDir } from "./create.ts";
import type { AsyncYieldType } from "../../utils/iterator.ts";
import { equal, getCall } from "../../utils/anonymous.ts";
+import { env } from "../env.ts";
let trusted:
| Iterable<AsyncYieldType<ReturnType<typeof createKeysFromDir>>>
| undefined = undefined;
const fingerprints = () =>
+ // deno-lint-ignore no-undef
Iterator.from(trusted ?? []).map(getCall("getFingerprint"));
export async function keyTrust(key: Key): Promise<number> {
if (trusted === undefined) {
- trusted = await Array.fromAsync(createKeysFromDir(TRUSTED_KEYS_DIR));
+ trusted = await Array.fromAsync(createKeysFromDir(env.TRUSTED_KEYS_DIR));
}
return fingerprints().some(equal(key.getFingerprint())) ? 255 : 0;
}
diff --git a/src/lib/pgp/user.ts b/src/lib/pgp/user.ts
new file mode 100644
index 0000000..334fbde
--- /dev/null
+++ b/src/lib/pgp/user.ts
@@ -0,0 +1,33 @@
+import { PublicKey, type Subkey, UserIDPacket } from "openpgp";
+import type { Signature } from "./sign.ts";
+import { defined, get } from "../../utils/anonymous.ts";
+
+export function getUserIDsFromKey(
+ signature: Signature | undefined,
+ key: PublicKey | Subkey,
+): UserIDPacket[] {
+ const packet = signature?.getPackets?.()?.[0];
+ const userID = packet?.signersUserID;
+
+ if (userID) {
+ return [UserIDPacket.fromObject(parseUserID(userID))];
+ }
+
+ key = key instanceof PublicKey ? key : key.mainKey;
+ return key.users.map(get("userID")).filter(defined);
+}
+
+function parseUserID(input: string) {
+ const regex = /^(.*?)\s*(?:\((.*?)\))?\s*(?:<(.+?)>)?$/;
+ const match = input.match(regex);
+
+ if (!match) return {};
+
+ const [, name, comment, email] = match;
+
+ return {
+ name: name?.trim() || undefined,
+ comment: comment?.trim() || undefined,
+ email: email?.trim() || undefined,
+ };
+}
diff --git a/src/lib/pgp/verify.ts b/src/lib/pgp/verify.ts
index da2de7f..f37c0bb 100644
--- a/src/lib/pgp/verify.ts
+++ b/src/lib/pgp/verify.ts
@@ -3,7 +3,7 @@ import {
PublicKey,
readSignature,
type Subkey,
- UserIDPacket,
+ type UserIDPacket,
verify,
} from "openpgp";
import {
@@ -18,11 +18,12 @@ import {
type KeyFileFormat,
} from "./create.ts";
import { getLastCommitForOneOfFiles } from "../git/log.ts";
-import { defined, get, instanciate } from "../../utils/anonymous.ts";
+import { get, instanciate } from "../../utils/anonymous.ts";
import { Packet, Signature } from "./sign.ts";
import type { Commit } from "../git/types.ts";
-import { TRUSTED_KEYS_DIR } from "../../consts.ts";
import { findMapAsync, type MaybeIterable } from "../../utils/iterator.ts";
+import { getUserIDsFromKey } from "./user.ts";
+import { env } from "../env.ts";
type DataURL = [URL, URL?];
type Corrupted = [false] | [true, Error];
@@ -251,7 +252,7 @@ export class SignatureVerifier {
public static async instance(): Promise<SignatureVerifier> {
if (!SignatureVerifier.#instance) {
SignatureVerifier.#instance = new SignatureVerifier();
- await SignatureVerifier.#instance.addKeysFromDir(TRUSTED_KEYS_DIR);
+ await SignatureVerifier.#instance.addKeysFromDir(env.TRUSTED_KEYS_DIR);
}
return SignatureVerifier.#instance;
@@ -270,36 +271,6 @@ export class SignatureVerifier {
export const verifier = SignatureVerifier.instance();
-function getUserIDsFromKey(
- signature: Signature,
- key: PublicKey | Subkey,
-): UserIDPacket[] {
- const packet = signature.getPackets()[0];
- const userID = packet.signersUserID;
-
- if (userID) {
- return [UserIDPacket.fromObject(parseUserID(userID))];
- }
-
- key = key instanceof PublicKey ? key : key.mainKey;
- return key.users.map(get("userID")).filter(defined);
-}
-
-function parseUserID(input: string) {
- const regex = /^(.*?)\s*(?:\((.*?)\))?\s*(?:<(.+?)>)?$/;
- const match = input.match(regex);
-
- if (!match) return {};
-
- const [, name, comment, email] = match;
-
- return {
- name: name?.trim() || undefined,
- comment: comment?.trim() || undefined,
- email: email?.trim() || undefined,
- };
-}
-
async function isSignatureCorrupted(
verified: Awaited<
ReturnType<typeof verify>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-17 20:20:43 +0000