Port to OpenPGP.js 5.3.1

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>

package.json

@@ -30,7 +30,7 @@
     "koa-static": "5.0.0",
     "mongodb": "3.6.6",
     "nodemailer": "6.6.0",
-    "openpgp": "4.5.5",
+    "openpgp": "5.3.1",
     "winston": "3.3.3",
     "winston-papertrail": "1.0.5"
   },

src/email/email.js

@@ -81,21 +81,26 @@ class Email {
    * @return {string}                    the encrypted PGP message block
    */
   async _pgpEncrypt(plaintext, publicKeyArmored) {
-    const {keys: [key], err} = await openpgp.key.readArmored(publicKeyArmored);
-    if (err) {
+    //const {keys: [key], err} = 
+	  let key;
+	  try {
+    key = await openpgp.readKey({armoredKey: publicKeyArmored});
+	  }	  catch (err) {
       log.error('email', 'Reading armored key failed.', err, publicKeyArmored);
     }
     const now = new Date();
     // set message creation date if key has been created with future creation date
-    const msgCreationDate = key.primaryKey.created > now ? key.primaryKey.created : now;
+    const msgCreationDate = key.created > now ? key.created : now;
+    const crypttext = await openpgp.createMessage({text: plaintext})
     try {
       const ciphertext = await openpgp.encrypt({
-        message: openpgp.message.fromText(plaintext),
-        publicKeys: key,
+        message: crypttext,
+        encryptionKeys: key,
         date: msgCreationDate
       });
-      return ciphertext.data;
+      return ciphertext;
     } catch (error) {
+      console.log(error);
       log.error('email', 'Encrypting message failed.', error, publicKeyArmored);
       util.throw(400, 'Encrypting message for verification email failed.', error);
     }

src/service/pgp.js

@@ -41,46 +41,49 @@ class PGP {
   async parseKey(publicKeyArmored) {
     publicKeyArmored = this.trimKey(publicKeyArmored);
 
-    const r = await openpgp.key.readArmored(publicKeyArmored);
+    const r = await openpgp.readKeys({armoredKeys: publicKeyArmored});
+    //const r = await openpgp.key.readArmored(publicKeyArmored);
     if (r.err) {
       const error = r.err[0];
       log.error('pgp', 'Failed to parse PGP key:\n%s', publicKeyArmored, error);
       util.throw(500, 'Failed to parse PGP key');
-    } else if (!r.keys || r.keys.length !== 1 || !r.keys[0].primaryKey) {
+    } else if (!r || r.length !== 1 || !r[0].keyPacket) {
       util.throw(400, 'Invalid PGP key: only one key can be uploaded');
     }
 
     // verify primary key
-    const key = r.keys[0];
-    const primaryKey = key.primaryKey;
+    const key = r[0];
+    //const primaryKey = key;
     const now = new Date();
-    const verifyDate = primaryKey.created > now ? primaryKey.created : now;
-    if (await key.verifyPrimaryKey(verifyDate) !== openpgp.enums.keyStatus.valid) {
+    const verifyDate = key.created > now ? key.created : now;
+    try {
+      await key.verifyPrimaryKey(verifyDate)
+    } catch (myerror) {
       util.throw(400, 'Invalid PGP key: primary key verification failed');
     }
 
     // accept version 4 keys only
-    const keyId = primaryKey.getKeyId().toHex();
-    const fingerprint = primaryKey.getFingerprint();
+    const keyId = key.keyPacket.keyID.toHex();
+    const fingerprint = key.getFingerprint();
     if (!util.isKeyId(keyId) || !util.isFingerPrint(fingerprint)) {
       util.throw(400, 'Invalid PGP key: only v4 keys are accepted');
     }
 
     // check for at least one valid user id
-    const userIds = await this.parseUserIds(key.users, primaryKey, verifyDate);
+    const userIds = await this.parseUserIds(key.users, key.keyPacket, verifyDate);
     if (!userIds.length) {
       util.throw(400, 'Invalid PGP key: invalid user IDs');
     }
 
     // get algorithm details from primary key
-    const keyInfo = key.primaryKey.getAlgorithmInfo();
+    const keyInfo = key.getAlgorithmInfo();
 
     // public key document that is stored in the database
     return {
       keyId,
       fingerprint,
       userIds,
-      created: primaryKey.created,
+      created: key.created,
       uploaded: new Date(),
       algorithm: keyInfo.algorithm,
       keySize: keyInfo.bits,
@@ -128,10 +131,10 @@ class PGP {
     // at least one user id must be valid, revoked or expired
     const result = [];
     for (const user of users) {
-      const userStatus = await user.verify(primaryKey, verifyDate);
-      if (userStatus !== openpgp.enums.keyStatus.invalid && user.userId && user.userId.userid) {
+      const userStatus = await user.verify(verifyDate, openpgp.config);
+      if (userStatus !== 0 && user.userID && user.userID.userID) {
         try {
-          const uid = openpgp.util.parseUserId(user.userId.userid);
+          const uid = user.userID;
           if (util.isEmail(uid.email)) {
             // map to local user id object format
             result.push({
@@ -141,7 +144,7 @@ class PGP {
               verified: false
             });
           }
-        } catch (e) {}
+        } catch (e) { console.log(e); }
       }
     }
     return result;
@@ -155,7 +158,8 @@ class PGP {
    */
   async filterKeyByUserIds(userIds, armored) {
     const emails = userIds.map(({email}) => email);
-    const {keys: [key]} = await openpgp.key.readArmored(armored);
+    const key = await openpgp.readKey({armoredKey: armored});
+    //const {keys: [key]} = r;
     key.users = key.users.filter(({userId}) => !userId || emails.includes(util.normalizeEmail(userId.email)));
     return key.armor();
   }

src/service/public-key.js

@@ -43,7 +43,8 @@ const tpl = require('../email/templates');
  * }
  */
 const DB_TYPE = 'publickey';
-const KEY_STATUS_VALID = 3;
+//const KEY_STATUS_VALID = 3;
+const KEY_STATUS_VALID = true;
 
 /**
  * A service that handlers PGP public keys queries to the database
@@ -78,8 +79,8 @@ class PublicKey {
     // if emails array is empty, all userIds of the key will be submitted
     if (emails.length) {
       // keep submitted user IDs only
-      key.userIds = key.userIds.filter(({email}) => emails.includes(email));
-      if (key.userIds.length !== emails.length) {
+      key.userIds = key.getUserIDs.filter(({email}) => emails.includes(email));
+      if (key.getUserIDs().length !== emails.length) {
         util.throw(400, 'Provided email address does not match a valid user ID of the key');
       }
     }