SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

module SecureMailing::PGP::Tool::Parse
  extend ActiveSupport::Concern

  include SecureMailing::PGP::Tool::Exec

  PGP_KEY_INFO = Struct.new(:fingerprint, :uids, :created_at, :expires_at, :secret)

  PGP_KEY_INFO_EXPIRES_AT_TIMESTAMP = 6
  PGP_KEY_INFO_CREATED_AT_TIMESTAMP = 5
  PGP_KEY_INFO_UID = 9
  PGP_KEY_INFO_UID_VALIDITY = 1
  PGP_KEY_INFO_UID_INVALID_STATE = %w[i d r n].freeze

  included do # rubocop:disable Metrics/BlockLength

    def info(key)
      result = gpg('show-key', options: %w[--with-colons], stdin: key)

      parse_info(result.stdout)
    end

    private

    def parse_info(data)
      # https://github.com/gpg/gnupg/blob/master/doc/DETAILS
      info = {
        fingerprint: nil,
        uids:        [],
        created_at:  nil,
        expires_at:  nil,
        secret:      false
      }

      data.split("\n").tap do |chunks|
        # We assume all relevant subkeys [SCE] have the same expiration date.
        dates = chunks.find { |chunk| chunk.start_with?(%r{pub|sec}) }
        info[:expires_at]  = expires_at(dates)
        info[:created_at]  = created_at(dates)

        info[:secret] = secret?(chunks)

        fpr = chunks.find { |chunk| chunk.start_with?('fpr') }
        info[:fingerprint] = fingerprint(fpr)

        uids = chunks.select { |chunk| chunk.start_with?('uid') }
        uids = uids.map { |uid| uid(uid) }
        info[:uids] = uids.compact
      end

      PGP_KEY_INFO.new(*info.values)
    end

    def created_at(chunk)
      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_CREATED_AT_TIMESTAMP)
      return nil if timestamp == '0'

      Time.zone.at(timestamp.to_i)
    end

    def expires_at(chunk)
      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_EXPIRES_AT_TIMESTAMP)
      return nil if timestamp.blank? || timestamp == '0'

      Time.zone.at(timestamp.to_i)
    end

    def fingerprint(chunk)
      chunk.split(':').last
    end

    def uid(chunk)
      hunks = chunk.split(':')
      return nil if PGP_KEY_INFO_UID_INVALID_STATE.include?(hunks.fetch(PGP_KEY_INFO_UID_VALIDITY))

      hunks.fetch(PGP_KEY_INFO_UID)
    end

    def secret?(chunks)
      chunks.any? { |chunk| chunk.start_with?('sec') }
    end
  end
end