Check existing recipients before trying to add a new one

Fixes gopasspw#1918 RELEASE_NOTES=[ENHANCEMENT] Check recipients before adding a new one. Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
dominikschulz · Dec 23, 2022 · e943fa1 · e943fa1
1 parent 310159b
commit e943fa1
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 1 deletion.
diff --git a/internal/action/recipients.go b/internal/action/recipients.go
@@ -86,6 +86,10 @@ func (s *Action) RecipientsAdd(c *cli.Context) error {
 		store = cui.AskForStore(ctx, s.Store)
 	}
 
+	if err := s.Store.CheckRecipients(ctx, store); err != nil {
+		return exit.Error(exit.Recipients, err, "recipients invalid: %q", err)
+	}
+
 	crypto := s.Store.Crypto(ctx, store)
 
 	// select recipient.

diff --git a/internal/backend/crypto/gpg/cli/recipients.go b/internal/backend/crypto/gpg/cli/recipients.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"strings"
@@ -33,9 +34,12 @@ func (g *GPG) ListRecipients(ctx context.Context) ([]string, error) {
 // FindRecipients searches for the given public keys.
 func (g *GPG) FindRecipients(ctx context.Context, search ...string) ([]string, error) {
 	kl, err := g.listKeys(ctx, "public", search...)
-	if err != nil || kl == nil {
+	if err != nil {
 		return nil, err
 	}
+	if kl == nil {
+		return nil, fmt.Errorf("no keys found for %v", search)
+	}
 
 	recp := kl.UseableKeys(gpg.IsAlwaysTrust(ctx)).Recipients()
 	if gpg.IsAlwaysTrust(ctx) {

diff --git a/internal/store/leaf/recipients.go b/internal/store/leaf/recipients.go
@@ -71,6 +71,27 @@ func (s *Store) RecipientsTree(ctx context.Context) map[string][]string {
 	return out
 }
 
+// CheckRecipients makes sure all existing recipients are valid.
+func (s *Store) CheckRecipients(ctx context.Context) error {
+	rs, err := s.GetRecipients(ctx, "")
+	if err != nil {
+		return fmt.Errorf("failed to read recipient list: %w", err)
+	}
+
+	for _, k := range rs.IDs() {
+		validKeys, err := s.crypto.FindRecipients(ctx, k)
+		if err != nil {
+			return fmt.Errorf("Warning: Failed to get GPG Key Info for %s: %w", k, err)
+		}
+
+		if len(validKeys) < 1 {
+			return fmt.Errorf("found no valid keys for %s", k)
+		}
+	}
+
+	return nil
+}
+
 // AddRecipient adds a new recipient to the list.
 func (s *Store) AddRecipient(ctx context.Context, id string) error {
 	rs, err := s.GetRecipients(ctx, "")

diff --git a/internal/store/root/recipients.go b/internal/store/root/recipients.go
@@ -20,6 +20,14 @@ func (r *Store) ListRecipients(ctx context.Context, store string) []string {
 	return sub.Recipients(ctx)
 }
 
+// CheckRecipients checks all current recipients to make sure that they are
+// valid, e.g. not expired.
+func (r *Store) CheckRecipients(ctx context.Context, store string) error {
+	sub, _ := r.getStore(store)
+
+	return sub.CheckRecipients(ctx)
+}
+
 // AddRecipient adds a single recipient to the given store.
 func (r *Store) AddRecipient(ctx context.Context, store, rec string) error {
 	sub, _ := r.getStore(store)