diff --git a/lang/js/src/Connection.js b/lang/js/src/Connection.js
index c4921d53..a421985a 100644
--- a/lang/js/src/Connection.js
+++ b/lang/js/src/Connection.js
@@ -1,290 +1,311 @@
/* gpgme.js - Javascript integration for gpgme
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see
*/
/* global chrome */
import { permittedOperations } from './permittedOperations';
import { gpgme_error } from './Errors';
import { GPGME_Message, createMessage } from './Message';
import { decode, atobArray, Utf8ArrayToStr } from './Helpers';
/**
* A Connection handles the nativeMessaging interaction via a port. As the
* protocol only allows up to 1MB of message sent from the nativeApp to the
* browser, the connection will stay open until all parts of a communication
* are finished. For a new request, a new port will open, to avoid mixing
* contexts.
* @class
*/
export class Connection{
constructor (){
this._connection = chrome.runtime.connectNative('gpgmejson');
}
/**
* Immediately closes an open port.
*/
disconnect () {
if (this._connection){
this._connection.disconnect();
this._connection = null;
}
}
/**
* @typedef {Object} backEndDetails
* @property {String} gpgme Version number of gpgme
* @property {Array} info Further information about the backend
* and the used applications (Example:
* {
* "protocol": "OpenPGP",
* "fname": "/usr/bin/gpg",
* "version": "2.2.6",
* "req_version": "1.4.0",
* "homedir": "default"
* }
*/
/**
* Retrieves the information about the backend.
* @param {Boolean} details (optional) If set to false, the promise will
* just return if a connection was successful.
* @returns {Promise|Promise} Details from the
* backend
* @async
*/
checkConnection (details = true){
const msg = createMessage('version');
if (details === true) {
return this.post(msg);
} else {
let me = this;
return new Promise(function (resolve) {
Promise.race([
me.post(msg),
new Promise(function (resolve, reject){
setTimeout(function (){
reject(gpgme_error('CONN_TIMEOUT'));
}, 500);
})
]).then(function (){ // success
resolve(true);
}, function (){ // failure
resolve(false);
});
});
}
}
/**
* Sends a {@link GPGME_Message} via tghe nativeMessaging port. It
* resolves with the completed answer after all parts have been
* received and reassembled, or rejects with an {@link GPGME_Error}.
*
* @param {GPGME_Message} message
* @returns {Promise} The collected answer
* @async
*/
post (message){
if (!message || !(message instanceof GPGME_Message)){
this.disconnect();
return Promise.reject(gpgme_error(
'PARAM_WRONG', 'Connection.post'));
}
if (message.isComplete() !== true){
this.disconnect();
return Promise.reject(gpgme_error('MSG_INCOMPLETE'));
}
let chunksize = message.chunksize;
const me = this;
return new Promise(function (resolve, reject){
let answer = new Answer(message);
let listener = function (msg) {
if (!msg){
me._connection.onMessage.removeListener(listener);
me._connection.disconnect();
reject(gpgme_error('CONN_EMPTY_GPG_ANSWER'));
} else {
let answer_result = answer.collect(msg);
if (answer_result !== true){
me._connection.onMessage.removeListener(listener);
me._connection.disconnect();
reject(answer_result);
} else {
if (msg.more === true){
me._connection.postMessage({
'op': 'getmore',
'chunksize': chunksize
});
} else {
me._connection.onMessage.removeListener(listener);
me._connection.disconnect();
const message = answer.getMessage();
if (message instanceof Error){
reject(message);
} else {
resolve(message);
}
}
}
}
};
me._connection.onMessage.addListener(listener);
if (permittedOperations[message.operation].pinentry){
return me._connection.postMessage(message.message);
} else {
return Promise.race([
me._connection.postMessage(message.message),
function (resolve, reject){
setTimeout(function (){
me._connection.disconnect();
reject(gpgme_error('CONN_TIMEOUT'));
}, 5000);
}
]).then(function (result){
return result;
}, function (reject){
if (!(reject instanceof Error)) {
me._connection.disconnect();
return gpgme_error('GNUPG_ERROR', reject);
} else {
return reject;
}
});
}
});
}
}
/**
* A class for answer objects, checking and processing the return messages of
* the nativeMessaging communication.
* @protected
*/
class Answer{
/**
* @param {GPGME_Message} message
*/
constructor (message){
this._operation = message.operation;
this._expected = message.expected;
this._response_b64 = null;
}
get operation (){
return this._operation;
}
get expected (){
return this._expected;
}
/**
* Adds incoming base64 encoded data to the existing response
* @param {*} msg base64 encoded data.
* @returns {Boolean}
*
* @private
*/
collect (msg){
if (typeof (msg) !== 'object' || !msg.hasOwnProperty('response')) {
return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
if (!this._response_b64){
this._response_b64 = msg.response;
return true;
} else {
this._response_b64 += msg.response;
return true;
}
}
/**
* Decodes and verifies the base64 encoded answer data. Verified against
* {@link permittedOperations}.
* @returns {Object} The readable gpnupg answer
*/
getMessage (){
if (this._response_b64 === null){
return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
let _decodedResponse = JSON.parse(atob(this._response_b64));
let _response = {
format: 'ascii'
};
let messageKeys = Object.keys(_decodedResponse);
let poa = permittedOperations[this.operation].answer;
if (messageKeys.length === 0){
return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
for (let i= 0; i < messageKeys.length; i++){
let key = messageKeys[i];
switch (key) {
- case 'type':
+ case 'type': {
if (_decodedResponse.type === 'error'){
return (gpgme_error('GNUPG_ERROR',
decode(_decodedResponse.msg)));
} else if (poa.type.indexOf(_decodedResponse.type) < 0){
return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
break;
- case 'base64':
+ }
+ case 'base64': {
break;
- case 'msg':
+ }
+ case 'msg': {
if (_decodedResponse.type === 'error'){
return (gpgme_error('GNUPG_ERROR', _decodedResponse.msg));
}
break;
- default:
- if (!poa.data.hasOwnProperty(key)){
- return gpgme_error('CONN_UNEXPECTED_ANSWER');
+ }
+ default: {
+ let answerType = null;
+ if (poa.payload && poa.payload.hasOwnProperty(key)){
+ answerType = 'p';
+ } else if (poa.info && poa.info.hasOwnProperty(key)){
+ answerType = 'i';
}
- if ( typeof (_decodedResponse[key]) !== poa.data[key] ){
+ if (answerType !== 'p' && answerType !== 'i'){
return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
- if (_decodedResponse.base64 === true
- && poa.data[key] === 'string'
- ) {
- if (this.expected === 'uint8'){
- _response[key] = atobArray(_decodedResponse[key]);
- _response.format = 'uint8';
- } else if (this.expected === 'base64'){
+
+ if (answerType === 'i') {
+ if ( typeof (_decodedResponse[key]) !== poa.info[key] ){
+ return gpgme_error('CONN_UNEXPECTED_ANSWER');
+ }
+ _response[key] = decode(_decodedResponse[key]);
+
+ } else if (answerType === 'p') {
+ if (_decodedResponse.base64 === true
+ && poa.payload[key] === 'string'
+ ) {
+ if (this.expected === 'uint8'){
+ _response[key] = atobArray(_decodedResponse[key]);
+ _response.format = 'uint8';
+
+ } else if (this.expected === 'base64'){
+ _response[key] = _decodedResponse[key];
+ _response.format = 'base64';
+
+ } else { // no 'expected'
+ _response[key] = Utf8ArrayToStr(
+ atobArray(_decodedResponse[key]));
+ _response.format = 'string';
+ }
+ } else if (poa.payload[key] === 'string') {
_response[key] = _decodedResponse[key];
- _response.format = 'base64';
} else {
- _response[key] = Utf8ArrayToStr(
- atobArray(_decodedResponse[key]));
- _response.format = 'string';
+ // fallthrough, should not be reached
+ // (payload is always string)
+ return gpgme_error('CONN_UNEXPECTED_ANSWER');
}
- } else {
- _response[key] = decode(_decodedResponse[key]);
}
break;
- }
+ } }
}
return _response;
}
}
diff --git a/lang/js/src/permittedOperations.js b/lang/js/src/permittedOperations.js
index efb34f9b..c3c72ca1 100644
--- a/lang/js/src/permittedOperations.js
+++ b/lang/js/src/permittedOperations.js
@@ -1,409 +1,416 @@
/* gpgme.js - Javascript integration for gpgme
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see
*/
/**
* @typedef {Object} messageProperty
* A message Property is defined by it's key.
* @property {Array} allowed Array of allowed types.
* Currently accepted values are 'number', 'string', 'boolean'.
* @property {Boolean} array_allowed If the value can be an array of types
* defined in allowed
* @property {Array<*>} allowed_data (optional) restricts to the given values
*/
/**
* Definition of the possible interactions with gpgme-json.
* @param {Object} operation Each operation is named by a key and contains
* the following properties:
* @property {messageProperty} required An object with all required parameters
* @property {messageProperty} optional An object with all optional parameters
* @property {Boolean} pinentry (optional) If true, a password dialog is
* expected, thus a connection tuimeout is not advisable
* @property {Object} answer The definition on what to expect as answer, if the
* answer is not an error
* @property {Array} answer.type the type(s) as reported by gpgme-json.
- * @property {Object} answer.data key-value combinations of expected properties
- * of an answer and their type ('boolean', 'string', object)
+ * @property {Object} answer.payload key-value combinations of expected
+ * properties of an answer and their type ('boolean', 'string', object), which
+ * may need further decoding from base64
+ * @property {Object} answer.info key-value combinations of expected
+ * properties of an answer and their type ('boolean', 'string', object), which
+ * are meant to be data directly sent by gpgme (i.e. user ids)
@const
*/
export const permittedOperations = {
encrypt: {
pinentry: true, // TODO only with signing_keys
required: {
'keys': {
allowed: ['string'],
array_allowed: true
},
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'signing_keys': {
allowed: ['string'],
array_allowed: true
},
'base64': {
allowed: ['boolean']
},
'mime': {
allowed: ['boolean']
},
'armor': {
allowed: ['boolean']
},
'always-trust': {
allowed: ['boolean']
},
'no-encrypt-to': {
allowed: ['string'],
array_allowed: true
},
'no-compress': {
allowed: ['boolean']
},
'throw-keyids': {
allowed: ['boolean']
},
'want-address': {
allowed: ['boolean']
},
'wrap': {
allowed: ['boolean']
},
'sender': {
allowed: ['string']
},
'file_name': {
allowed: ['string']
}
},
answer: {
type: ['ciphertext'],
- data: {
- 'data': 'string',
+ payload: {
+ 'data': 'string'
+ },
+ info: {
'base64':'boolean'
}
}
},
decrypt: {
pinentry: true,
required: {
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'base64': {
allowed: ['boolean']
}
},
answer: {
type: ['plaintext'],
- data: {
+ payload: {
'data': 'string',
+ },
+ info: {
'base64': 'boolean',
'mime': 'boolean',
'info': 'object',
'dec_info': 'object'
}
}
},
sign: {
pinentry: true,
required: {
'data': {
allowed: ['string'] },
'keys': {
allowed: ['string'],
array_allowed: true
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'sender': {
allowed: ['string'],
},
'mode': {
allowed: ['string'],
allowed_data: ['detached', 'clearsign']
// TODO 'opaque' is not used, but available on native app
},
'base64': {
allowed: ['boolean']
},
'armor': {
allowed: ['boolean']
},
},
answer: {
type: ['signature', 'ciphertext'],
- data: {
+ payload: {
'data': 'string',
+ },
+ info: {
'base64':'boolean'
}
-
}
},
// note: For the meaning of the optional keylist flags, refer to
// https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html
keylist:{
required: {},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'secret': {
allowed: ['boolean']
},
'extern': {
allowed: ['boolean']
},
'local':{
allowed: ['boolean']
},
'locate': {
allowed: ['boolean']
},
'sigs':{
allowed: ['boolean']
},
'notations':{
allowed: ['boolean']
},
'tofu': {
allowed: ['boolean']
},
'ephemeral': {
allowed: ['boolean']
},
'validate': {
allowed: ['boolean']
},
'keys': {
allowed: ['string'],
array_allowed: true
}
},
answer: {
type: ['keys'],
- data: {
+ info: {
+ 'keys': 'object',
'base64': 'boolean',
- 'keys': 'object'
}
}
},
export: {
required: {},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'keys': {
allowed: ['string'],
array_allowed: true
},
'armor': {
allowed: ['boolean']
},
'extern': {
allowed: ['boolean']
},
'minimal': {
allowed: ['boolean']
},
'raw': {
allowed: ['boolean']
},
'pkcs12': {
allowed: ['boolean']
},
'with-sec-fprs': {
allowed: ['boolean']
}
// secret: not yet implemented
},
answer: {
type: ['keys'],
- data: {
+ payload: {
'data': 'string',
+ },
+ info: {
'base64': 'boolean',
'sec-fprs': 'object'
}
}
},
import: {
required: {
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'base64': {
allowed: ['boolean']
},
},
answer: {
type: [],
- data: {
+ info: {
'result': 'object'
}
}
},
delete: {
pinentry: true,
required:{
'key': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
},
answer: {
- data: {
+ info: {
'success': 'boolean'
}
}
},
version: {
required: {},
optional: {},
answer: {
type: [''],
- data: {
+ info: {
'gpgme': 'string',
'info': 'object'
}
}
},
createkey: {
pinentry: true,
required: {
userid: {
allowed: ['string']
}
},
optional: {
algo: {
allowed: ['string']
},
'subkey-algo': {
allowed: ['string']
},
expires: {
allowed: ['number'],
}
},
answer: {
type: [''],
- data: { 'fingerprint': 'string' }
+ info: { 'fingerprint': 'string' }
}
},
verify: {
required: {
data: {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'signature': {
allowed: ['string']
},
'base64':{
allowed: ['boolean']
}
},
answer: {
type: ['plaintext'],
- data:{
- data: 'string',
- base64:'boolean',
- info: 'object'
+ payload:{
+ 'data': 'string'
+ },
+ info: {
+ 'base64':'boolean',
+ 'info': 'object'
// info.file_name: Optional string of the plaintext file name.
// info.is_mime: Boolean if the messages claims it is MIME.
// info.signatures: Array of signatures
}
}
},
config_opt: {
required: {
'component':{
allowed: ['string'],
// allowed_data: ['gpg'] // TODO check all available
},
'option': {
allowed: ['string'],
// allowed_data: ['default-key'] // TODO check all available
}
},
optional: {},
answer: {
type: [],
- data: {
- option: 'object'
+ info: {
+ 'option': 'object'
}
}
}
-
- /**
- * TBD handling of secrets
- * TBD key modification?
- */
-
};