schleuder 2.2.4 → 3.2.2

data/lib/schleuder/gpgme/ctx.rb

@@ -0,0 +1,274 @@
+module GPGME
+  class Ctx
+    IMPORT_FLAGS = {
+      'new_key' => 1,
+      'new_uids' => 2,
+      'new_signatures' => 4,
+      'new_subkeys' => 8
+    }
+
+    def keyimport(keydata)
+      self.import_keys(GPGME::Data.new(keydata))
+      result = self.import_result
+      result.imports.map(&:set_action)
+      result
+    end
+
+    # TODO: find solution for I18n — could be a different language in API-clients than here!
+    def interpret_import_result(import_result)
+      case import_result.imports.size
+      when 1
+        import_status = import_result.imports.first
+        if import_status.action == 'not imported'
+          [nil, "Key #{import_status.fpr} could not be imported!"]
+        else
+          [import_status.fpr, nil]
+        end
+      when 0
+        [nil, "The given key material did not contain any keys!"]
+      else
+        # TODO: report import-stati of the keys?
+        [nil, "The given key material contained more than one key, could not determine which fingerprint to use. Please set it manually!"]
+      end
+    end
+
+    def find_keys(input=nil, secret_only=nil)
+      _, input = clean_and_classify_input(input)
+      keys(input, secret_only)
+    end
+
+    def find_distinct_key(input=nil, secret_only=nil)
+      _, input = clean_and_classify_input(input)
+      keys = keys(input, secret_only)
+      if keys.size == 1
+        keys.first
+      else
+        nil
+      end
+    end
+
+    def clean_and_classify_input(input)
+      case input
+      when /.*?([^ <>]+@[^ <>]+).*?/
+        [:email, "<#{$1}>"]
+      when /^http/
+        [:url, input]
+      when Conf::FINGERPRINT_REGEXP
+        [:fingerprint, "0x#{input.gsub(/^0x/, '')}"]
+      else
+        [nil, input]
+      end
+    end
+
+    # Tell gpgme to use the given binary.
+    def self.set_gpg_path_from_env
+      path = ENV['GPGBIN'].to_s
+      if ! path.empty?
+        Schleuder.logger.debug "setting gpg to use #{path}"
+        GPGME::Engine.set_info(GPGME::PROTOCOL_OpenPGP, path, ENV['GNUPGHOME'])
+        if gpg_engine.version.nil?
+          $stderr.puts "Error: The binary you specified doesn't provide a gpg-version."
+          exit 1
+        end
+      end
+    end
+
+    def self.sufficient_gpg_version?(required)
+      Gem::Version.new(required) <= Gem::Version.new(gpg_engine.version)
+    end
+
+    def self.check_gpg_version
+      if ! sufficient_gpg_version?('2.0')
+        $stderr.puts "Error: GnuPG version >= 2.0 required.\nPlease install it and/or provide the path to the binary via the environment-variable GPGBIN.\nExample: GPGBIN=/opt/gpg2/bin/gpg ..."
+        exit 1
+      end
+    end
+
+    def self.gpg_engine
+      GPGME::Engine.info.find {|e| e.protocol == GPGME::PROTOCOL_OpenPGP }
+    end
+
+    def refresh_keys(keys)
+      # reorder keys so the update pattern is random
+      output = keys.shuffle.map do |key|
+        # Sleep a short while to make traffic analysis less easy.
+        sleep rand(1.0..5.0)
+        refresh_key(key.fingerprint).presence
+      end
+      # TODO: drop version check once we killed gpg 2.0 support.
+      if GPGME::Ctx.sufficient_gpg_version?('2.1')
+        `gpgconf --kill dirmngr`
+      end
+      output.compact.join("\n")
+    end
+
+    def refresh_key(fingerprint)
+      args = "#{keyserver_arg} --refresh-keys #{fingerprint}"
+      gpgerr, gpgout, exitcode = self.class.gpgcli(args)
+
+      if exitcode > 0
+        # Return filtered error messages. Include gpgkeys-messages from stdout
+        # (gpg 2.0 does that), which could e.g. report a failure to connect to
+        # the keyserver.
+        res = [
+          refresh_key_filter_messages(gpgerr),
+          refresh_key_filter_messages(gpgout).grep(/^gpgkeys: /)
+        ].flatten.compact
+        # if there was an error that we don't filter out,
+        # we better kill dirmngr, so it hopefully won't suffer
+        # from the same error during the next run.
+        # See #309 for background
+        # TODO: drop version check once we killed gpg 2.0 support.
+        if !res.empty? && GPGME::Ctx.sufficient_gpg_version?('2.1')
+          `gpgconf --kill dirmngr`
+        end
+        res.join("\n")
+      else
+        lines = translate_output('key_updated', gpgout).reject do |line|
+          # Reduce the noise a little.
+          line.match(/.* \(unchanged\):$/)
+        end
+        lines.join("\n")
+      end
+    end
+
+    def fetch_key(input)
+      arguments, error = fetch_key_gpg_arguments_for(input)
+      return error if error
+
+      gpgerr, gpgout, exitcode = self.class.gpgcli(arguments)
+
+      # Unfortunately gpg doesn't exit with code > 0 if `--fetch-key` fails.
+      if exitcode > 0 || gpgerr.grep(/ unable to fetch /).presence
+        "Fetching #{input} did not succeed:\n#{gpgerr.join("\n")}"
+      else
+        translate_output('key_fetched', gpgout).join("\n")
+      end
+    end
+
+    def fetch_key_gpg_arguments_for(input)
+      case input
+      when Conf::FINGERPRINT_REGEXP
+        "#{keyserver_arg} --recv-key #{input}"
+      when /^http/
+        "--fetch-key #{input}"
+      when /@/
+        # --recv-key doesn't work with email-addresses, so we use --locate-key
+        # restricted to keyservers.
+        "#{keyserver_arg} --auto-key-locate keyserver --locate-key #{input}"
+      else
+        [nil, I18n.t("fetch_key.invalid_input")]
+      end
+    end
+
+    def translate_output(locale_key, gpgoutput)
+      import_states = translate_import_data(gpgoutput)
+      strings = import_states.map do |fingerprint, states|
+        key = find_distinct_key(fingerprint)
+        I18n.t(locale_key, { key_oneline: key.oneline,
+                             states: states.to_sentence })
+      end
+      strings
+    end
+
+    def translate_import_data(gpgoutput)
+      result = {}
+      gpgoutput.grep(/IMPORT_OK/) do |import_ok|
+        next if import_ok.blank?
+
+        import_status, fingerprint = import_ok.split(/\s/).slice(2, 2)
+        import_status = import_status.to_i
+        states = []
+
+        if import_status == 0
+          states << I18n.t("import_states.unchanged")
+        else
+          IMPORT_FLAGS.each do |text, int|
+            if (import_status & int) > 0
+              states << I18n.t("import_states.#{text}")
+            end
+          end
+        end
+        result[fingerprint] = states
+      end
+      result
+    end
+
+    # Unfortunately we can't distinguish between a failure to connect the
+    # keyserver, and a failure to find the key on the server. So we try to
+    # filter misleading errors to check if there are any to be reported.
+    def refresh_key_filter_messages(strings)
+      strings.reject do |line|
+        line.chomp == 'gpg: keyserver refresh failed: No data' ||
+          line.match(/^gpgkeys: key .* not found on keyserver/) ||
+          line.match(/^gpg: refreshing /) ||
+          line.match(/^gpg: requesting key /) ||
+          line.match(/^gpg: no valid OpenPGP data found/)
+      end
+    end
+
+    def self.gpgcli(args)
+      exitcode = -1
+      errors = []
+      output = []
+      base_cmd = gpg_engine.file_name
+      base_args = "--no-greeting --no-permission-warning --quiet --armor --trust-model always --no-tty --command-fd 0 --status-fd 1"
+      cmd = [base_cmd, base_args, args].flatten.join(' ')
+      Open3.popen3(cmd) do |stdin, stdout, stderr, thread|
+        if block_given?
+          output = yield(stdin, stdout, stderr)
+        else
+          output = stdout.readlines
+        end
+        stdin.close if ! stdin.closed?
+        errors = stderr.readlines
+        exitcode = thread.value.exitstatus
+      end
+
+      [errors, output, exitcode]
+    rescue Errno::ENOENT
+      raise 'Need gpg in $PATH or in $GPGBIN'
+    end
+
+    def self.gpgcli_expect(args)
+      gpgcli(args) do |stdin, stdout, stderr|
+        counter = 0
+        while line = stdout.gets rescue nil
+          counter += 1
+          if counter > 1042
+            return "Too many input-lines from gpg, something went wrong"
+          end
+          output, error = yield(line.chomp)
+          if output == false
+            return error
+          elsif output
+            stdin.puts output
+          end
+        end
+      end
+    end
+
+    def self.spawn_daemon(name, args)
+      delete_daemon_socket(name)
+      cmd = "#{name} #{args} --daemon > /dev/null 2>&1"
+      if ! system(cmd)
+        return [false, "#{name} exited with code #{$?}"]
+      end
+    end
+
+    def self.delete_daemon_socket(name)
+      path = File.join(ENV["GNUPGHOME"], "S.#{name}")
+      if File.exist?(path)
+        File.delete(path)
+      end
+    end
+
+    def keyserver_arg
+      if Conf.keyserver.present?
+        "--keyserver #{Conf.keyserver}"
+      else
+        ""
+      end
+    end
+  end
+end

data/lib/schleuder/gpgme/import_status.rb

@@ -0,0 +1,27 @@
+module GPGME
+  class ImportStatus
+    attr_reader :action
+
+    # Unfortunately in initialize() @status and @result are not yet intialized.
+    def set_action
+      @action ||= if self.status > 0
+                    'imported'
+                  elsif self.result == 0
+                    'unchanged'
+                  else
+                    # An error happened.
+                    # TODO: Give details by going through the list of errors in
+                    # "gpg-errors.h" and find out which is present here.
+                    'not imported'
+                  end
+      self
+    end
+
+    # Force encoding, some databases save "ASCII-8BIT" as binary data.
+    alias_method :orig_fingerprint, :fingerprint
+    def fingerprint
+      orig_fingerprint.encode(Encoding::US_ASCII)
+    end
+
+  end
+end

data/lib/schleuder/gpgme/key.rb

@@ -0,0 +1,212 @@
+module GPGME
+  class Key
+    # Overwrite to specify the full fingerprint instead of the short key-ID.
+    def to_s
+      primary_subkey = subkeys[0]
+      s = sprintf("%s   %4d%s/%s %s\n",
+                  primary_subkey.secret? ? 'sec' : 'pub',
+                  primary_subkey.length,
+                  primary_subkey.pubkey_algo_letter,
+                  primary_subkey.fingerprint,
+                  primary_subkey.timestamp.strftime('%Y-%m-%d'))
+      uids.each do |user_id|
+        s << "uid\t\t#{user_id.name} <#{user_id.email}>\n"
+      end
+      subkeys.each do |subkey|
+        s << subkey.to_s
+      end
+      s
+    end
+
+    def generated_at
+      primary_subkey.timestamp
+    end
+
+    def expired?
+      expired.present?
+    end
+
+    def oneline
+      @oneline ||= 
+        begin
+          datefmt = '%Y-%m-%d'
+          attribs = [
+            "0x#{fingerprint}",
+            email,
+            generated_at.strftime(datefmt)
+          ]
+          if usability_issue.present?
+            case usability_issue
+            when :expired
+              attribs << "[expired: #{expires.strftime(datefmt)}]"
+            when :revoked
+              # TODO: add revocation date when it's available.
+              attribs << "[revoked]"
+            else
+              attribs << "[#{usability_issue}]"
+            end
+          end
+          if expires? && ! expired?
+            attribs << "[expires: #{expires.strftime(datefmt)}]"
+          end
+          attribs.join(' ')
+        end
+    end
+
+    def armored
+      "#{self.to_s}\n\n#{export(armor: true).read}"
+    end
+
+    # Force encoding, some databases save "ASCII-8BIT" as binary data.
+    alias_method :orig_fingerprint, :fingerprint
+    def fingerprint
+      orig_fingerprint.encode(Encoding::US_ASCII)
+    end
+
+    def usable?
+      usability_issue.blank?
+    end
+
+    def usability_issue
+      if trust.present?
+        trust
+      elsif ! usable_for?(:encrypt)
+        "not capable of encryption"
+      else
+        nil
+      end
+    end
+
+    def set_primary_uid(email)
+      # We rely on the order of UIDs here. Seems to work.
+      index = self.uids.map(&:email).index(email)
+      uid_number = index + 1
+      primary_set = false
+      args = "--edit-key '#{self.fingerprint}' #{uid_number}"
+      errors, _ = GPGME::Ctx.gpgcli_expect(args) do |line|
+        case line.chomp
+        when /keyedit.prompt/
+          if ! primary_set
+            primary_set = true
+            "primary"
+          else
+            "save"
+          end
+        else
+          nil
+        end
+      end
+      errors.join
+    end
+
+    def adduid(uid, email)
+      # This block can be deleted once we cease to support gnupg 2.0.
+      if ! GPGME::Ctx.sufficient_gpg_version?('2.1.4')
+        return adduid_expect(uid, email)
+      end
+
+      # Specifying the key via fingerprint apparently doesn't work.
+      errors, _ = GPGME::Ctx.gpgcli("--quick-adduid #{uid} '#{uid} <#{email}>'")
+      errors.join
+    end
+
+    # This method can be deleted once we cease to support gnupg 2.0.
+    def adduid_expect(uid, email)
+      args = "--allow-freeform-uid --edit-key '#{self.fingerprint}' adduid"
+      errors, _ = GPGME::Ctx.gpgcli_expect(args) do |line|
+        case line.chomp
+        when /keygen.name/
+          uid
+        when /keygen.email/
+          email
+        when /keygen.comment/
+          ''
+        when /keyedit.prompt/
+          "save"
+        else
+          nil
+        end
+      end
+      errors.join
+    end
+
+    def clearpassphrase(oldpw)
+      # This block can be deleted once we cease to support gnupg 2.0.
+      if ! GPGME::Ctx.sufficient_gpg_version?('2.1.0')
+        return clearpassphrase_v20(oldpw)
+      end
+
+      oldpw_given = false
+      # Don't use '--passwd', it claims to fail (even though it factually doesn't).
+      args = "--pinentry-mode loopback --edit-key '#{self.fingerprint}' passwd"
+      errors, _, exitcode = GPGME::Ctx.gpgcli_expect(args) do |line|
+        case line
+        when /passphrase.enter/
+          if ! oldpw_given
+            oldpw_given = true
+            oldpw
+          else
+            ""
+          end
+        when /BAD_PASSPHRASE/
+          [false, 'bad passphrase']
+        when /change_passwd.empty.okay/
+          'y'
+        when /keyedit.prompt/
+          "save"
+        else
+          nil
+        end
+      end
+
+      # Only show errors if something apparently went wrong. Otherwise we might
+      # leak useless strings from gpg and make the caller report errors even
+      # though this method succeeded.
+      if exitcode > 0
+        errors.join
+      else
+        nil
+      end
+    end
+
+    # This method can be deleted once we cease to support gnupg 2.0.
+    def clearpassphrase_v20(oldpw)
+      start_gpg_agent(oldpw)
+      # Don't use '--passwd', it claims to fail (even though it factually doesn't).
+      errors, _, exitcode = GPGME::Ctx.gpgcli_expect("--edit-key '#{self.fingerprint}' passwd") do |line|
+        case line
+        when /BAD_PASSPHRASE/
+          [false, 'bad passphrase']
+        when /change_passwd.empty.okay/
+          'y'
+        when /keyedit.prompt/
+          "save"
+        else
+          nil
+        end
+      end
+      stop_gpg_agent
+
+      # Only show errors if something apparently went wrong. Otherwise we might
+      # leak useless strings from gpg and make the caller report errors even
+      # though this method succeeded.
+      if exitcode > 0
+        errors.join
+      else
+        nil
+      end
+    end
+
+    # This method can be deleted once we cease to support gnupg 2.0.
+    def stop_gpg_agent
+      # gpg-agent terminates itself if its socket goes away.
+      GPGME::Ctx.delete_daemon_socket('gpg-agent')
+    end
+
+    def start_gpg_agent(oldpw)
+      ENV['PINENTRY_USER_DATA'] = oldpw
+      pinentry = File.join(ENV['SCHLEUDER_ROOT'], 'bin', 'pinentry-clearpassphrase')
+      GPGME::Ctx.spawn_daemon('gpg-agent', "--use-standard-socket --pinentry-program #{pinentry}")
+    end
+  end
+end