fix parsing of gpg --list-public-keys output

Author: jokeyrhyme

CHANGELOG.md

@@ -10,3 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Removed
 
 - no longer support anything lower than Node.js 10.x
+
+### Fixed
+
+- fix parsing output from `gpg --list-public-keys --textmode`

bin/list.js

@@ -25,7 +25,7 @@ git-crypt-users-list: lists git-crypt users according to your GNUPG keyring
     }
 
     const details = [keyId, await getUsernames(keyId)];
-    const parsedKey = parsePublicKeys(result);
+    const parsedKey = await parsePublicKeys(result);
 
     const hasRevokedUser = parsedKey.users.some(
       user =>

bin/remove.js

@@ -60,7 +60,7 @@ const cwd = process.cwd();
       if (!publicKey) {
         return false;
       }
-      const parsedKey = parsePublicKeys(publicKey);
+      const parsedKey = await parsePublicKeys(publicKey);
       if (parsedKey.revocationSignature) {
         return false; // revoked!
       }

bin/rotate.js

@@ -58,7 +58,7 @@ const cwd = process.cwd();
       if (!publicKey) {
         return false;
       }
-      const parsedKey = parsePublicKeys(publicKey);
+      const parsedKey = await parsePublicKeys(publicKey);
       if (parsedKey.revocationSignature) {
         return false; // revoked!
       }

lib/gpg.js

@@ -4,6 +4,7 @@
 const execa = require('execa');
 
 const { HKP, key } = require('openpgp');
+global.fetch = require('node-fetch'); // needed for opengpg lookups
 
 /* :: import type { ParsedKey } from '../types.js' */
 
@@ -21,7 +22,7 @@ async function getLocalPublicKey(keyId /* : string */) {
 }
 
 async function getUsernames(keyId /* : string */) {
-  const parsedKey = parsePublicKeys(await getLocalPublicKey(keyId));
+  const parsedKey = await parsePublicKeys(await getLocalPublicKey(keyId));
   return (
     parsedKey.users
       .map(user => (user && user.userId && user.userId.userid) || 'unknown')
@@ -32,12 +33,7 @@ async function getUsernames(keyId /* : string */) {
 async function listKnownPublicKeys() {
   const { stdout } = await execa('gpg', ['--list-public-keys', '--textmode']);
 
-  // stdout starts with:
-  // /Users/$USER/.gnupg/pubring.kbx
-  // ---------------------------------
-  const [, output] = stdout.split('---------------------------------');
-
-  return output
+  return stdout
     .split('\n\n')
     .map(entry => {
       const [keyId] = entry.match(FINGERPRINT_REGEXP) || [];
@@ -50,8 +46,10 @@ async function lookupPublicKey(keyId /* : string */) {
   return (await mit.lookup({ keyId })) || (await pgp.lookup({ keyId }));
 }
 
-function parsePublicKeys(asciiArmor /* :? string */) /* : ParsedKey */ {
-  const { keys } = key.readArmored(asciiArmor);
+async function parsePublicKeys(
+  asciiArmor /* :? string */,
+) /* : Promise<ParsedKey> */ {
+  const { keys = [] } = await key.readArmored(asciiArmor);
   if (keys.length !== 1) {
     throw new TypeError(
       'parsePublicKeys() expects argument to contain a single public key',

lib/gpg.test.js

@@ -0,0 +1,129 @@
+/* eslint-env jest */
+'use strict';
+
+const { mkdtemp } = require('fs');
+const { tmpdir } = require('os');
+const { join: joinPath } = require('path');
+const { promisify } = require('util');
+
+const execa = require('execa');
+const rimraf = require('rimraf');
+
+const {
+  getLocalPublicKey,
+  getUsernames,
+  listKnownPublicKeys,
+  lookupPublicKey,
+  parsePublicKeys,
+} = require('./gpg');
+
+describe('gpg', () => {
+  let tempDir;
+
+  afterEach(async () => {
+    if (tempDir) {
+      await promisify(rimraf)(tempDir);
+    }
+    delete process.env.GNUPGHOME;
+  });
+
+  beforeEach(async () => {
+    tempDir = await promisify(mkdtemp)(
+      joinPath(tmpdir(), 'git-crypt-test--gpg-'),
+    );
+    process.env.GNUPGHOME = tempDir;
+    await execa('gpg', ['--generate-key', '--batch'], {
+      input: [
+        'Key-Type: default',
+        'Subkey-Type: default',
+        'Passphrase: alice',
+        'Name-Real: Alice',
+        'Name-Email: alice@example.local',
+        '%commit',
+      ].join('\n'),
+    });
+    await execa('gpg', ['--generate-key', '--batch'], {
+      input: [
+        'Key-Type: default',
+        'Subkey-Type: default',
+        'Passphrase: bob',
+        'Name-Real: Bob',
+        'Name-Email: bob@example.local',
+        '%commit',
+      ].join('\n'),
+    });
+  });
+
+  describe('getLocalPublicKey()', () => {
+    it('finds ASCII Armor for Alice or Bob', async () => {
+      const keyIds = await listKnownPublicKeys();
+      expect(keyIds).toHaveLength(2);
+
+      const [keyId] = keyIds;
+      const got = await getLocalPublicKey(keyId);
+      expect(got).toMatch('-BEGIN PGP PUBLIC KEY BLOCK-');
+      expect(got).toMatch('-END PGP PUBLIC KEY BLOCK-');
+    });
+  });
+
+  describe('getUsernames()', () => {
+    it('finds usernames for Alice and Bob', async () => {
+      const keyIds = await listKnownPublicKeys();
+      expect(keyIds).toHaveLength(2);
+
+      const got = await Promise.all(keyIds.map(getUsernames));
+      expect(got).toHaveLength(2);
+      expect(got).toContain('Alice <alice@example.local>');
+      expect(got).toContain('Bob <bob@example.local>');
+    });
+  });
+
+  describe('listKnownPublicKeys()', () => {
+    it('finds public keys for Alice and Bob', async () => {
+      const got = await listKnownPublicKeys();
+      expect(got).toHaveLength(2);
+      for (const keyId of got) {
+        expect(typeof keyId).toBe('string');
+      }
+
+      const unique = Array.from(new Set(got));
+      expect(unique).toHaveLength(2);
+    });
+  });
+
+  describe('lookupPublicKey()', () => {
+    it('finds the public key for Hashicorp', async () => {
+      try {
+        const got = await lookupPublicKey(
+          '91A6E7F85D05C65630BEF18951852D87348FFC4C',
+        );
+        expect(got).toMatch('-BEGIN PGP PUBLIC KEY BLOCK-');
+        expect(got).toMatch('-END PGP PUBLIC KEY BLOCK-');
+      } catch (err) {
+        // noop
+        // we're just testing the result when there is one,
+        // we don't care if the keyserver is having a bad day
+      }
+    });
+  });
+
+  describe('parsePublicKeys()', () => {
+    it('parses ASCII Armor for Alice or Bob', async () => {
+      const keyIds = await listKnownPublicKeys();
+      expect(keyIds).toHaveLength(2);
+
+      const [keyId] = keyIds;
+      const asciiArmor = await getLocalPublicKey(keyId);
+      const got = await parsePublicKeys(asciiArmor);
+      expect(typeof got.users[0].userId.userid).toBe('string');
+    });
+
+    it('throws when not given a valid ASCII Armor', async () => {
+      return expect(parsePublicKeys('')).rejects.toMatchObject(
+        new TypeError(
+          'parsePublicKeys() expects argument to contain a single public key',
+        ),
+      );
+    });
+  });
+});