| blob | 9175acd8258673bda8591fa45aa3bc114a75f02c |
1 import { CryptoProxy } from '@proton/crypto';
2 import isTruthy from '@proton/utils/isTruthy';
4 import type { API_KEY_SOURCE } from '../../constants';
5 import type {
6 Api,
7 FetchedSignedKeyList,
8 KTUserContext,
9 KeyTransparencyVerificationResult,
10 ProcessedApiKey,
11 VerifyOutboundPublicKeys,
12 } from '../../interfaces';
13 import { getAllPublicKeys } from '../keys';
15 export interface ApiKeysWithKTStatus {
16 Address: {
17 Keys: ApiAddressKey[];
18 SignedKeyList: FetchedSignedKeyList | null;
19 };
20 addressKeys: ProcessedApiKey[];
21 addressKTResult?: KeyTransparencyVerificationResult;
22 catchAllKeys?: ProcessedApiKey[];
23 catchAllKTResult?: KeyTransparencyVerificationResult;
24 unverifiedKeys?: ProcessedApiKey[];
25 hasValidProtonMX?: boolean;
26 Code?: number;
27 Warnings?: string[];
28 }
30 interface ApiAddressKey {
31 PublicKey: string;
32 Flags: number;
33 Source: API_KEY_SOURCE;
34 }
36 const importKeys = async (keys: ApiAddressKey[], checkCompatibility?: boolean): Promise<ProcessedApiKey[]> => {
37 const promises = await Promise.all(
38 keys.map(async ({ PublicKey: armoredKey, Flags, Source }) => {
39 const publicKey = await CryptoProxy.importPublicKey({ armoredKey, checkCompatibility }).catch(() => null);
41 if (!publicKey) {
42 return null;
43 }
45 return {
46 armoredKey,
47 flags: Flags,
48 publicKey: publicKey,
49 source: Source,
50 };
51 })
52 );
54 return promises.filter(isTruthy);
55 };
57 export const getAndVerifyApiKeys = async ({
58 api,
59 email,
60 internalKeysOnly,
61 verifyOutboundPublicKeys,
62 skipVerificationOfExternalDomains = false,
63 silence = false,
64 noCache = false,
65 userContext,
66 }: {
67 api: Api;
68 email: string;
69 internalKeysOnly: boolean;
70 /** KT verification function, or `null` for legacy use-case where KT is disabled */
71 verifyOutboundPublicKeys: VerifyOutboundPublicKeys | null;
72 userContext?: KTUserContext;
73 /** Optimisations _only_ for apps where users with external domains do not have valid keys (e.g. Mail) */
74 skipVerificationOfExternalDomains?: boolean;
75 silence?: boolean;
76 noCache?: boolean;
77 }): Promise<ApiKeysWithKTStatus> => {
78 const config: any = { ...getAllPublicKeys({ Email: email, InternalOnly: internalKeysOnly ? 1 : 0 }), silence };
79 if (noCache) {
80 config.cache = 'no-cache';
81 }
82 const { Address, CatchAll, Unverified, ProtonMX, ...rest } = await api<{
83 Address: {
84 Keys: ApiAddressKey[];
85 SignedKeyList: FetchedSignedKeyList | null;
86 };
87 CatchAll:
88 | {
89 Keys: ApiAddressKey[];
90 SignedKeyList: FetchedSignedKeyList | null;
91 }
92 | undefined;
93 Unverified: {
94 Keys: ApiAddressKey[];
95 };
96 ProtonMX: boolean;
97 Warnings: string[];
98 }>(config);
99 const addressKeys = await importKeys(Address.Keys);
100 const unverifiedKeys = Unverified ? await importKeys(Unverified.Keys, true) : undefined;
101 const catchAllKeys = CatchAll ? await importKeys(CatchAll.Keys) : undefined;
102 const ktResult = verifyOutboundPublicKeys
103 ? await verifyOutboundPublicKeys({
104 userContext,
105 api,
106 email,
107 skipVerificationOfExternalDomains,
108 address: { keyList: addressKeys, signedKeyList: Address.SignedKeyList },
109 catchAll: CatchAll ? { keyList: catchAllKeys!, signedKeyList: CatchAll.SignedKeyList } : undefined,
110 })
111 : {};
112 return {
113 Address,
114 addressKeys,
115 catchAllKeys,
116 unverifiedKeys,
117 hasValidProtonMX: ProtonMX,
118 ...rest,
119 ...ktResult,
120 };
121 };