Skip to content

Commit d6d1e7c

Browse files
code-ashercode-asher
committed
be me; in rome
1 parent 46ee3f6 commit d6d1e7c

File tree

3 files changed

+40
-53
lines changed

3 files changed

+40
-53
lines changed

src/pgp.test.ts

Lines changed: 21 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -29,63 +29,46 @@ describe("pgp", () => {
2929
it("cannot read non-existent signature", async () => {
3030
const armoredKeys = await fs.readFile(publicKeysPath, "utf8");
3131
const publicKeys = await openpgp.readKeys({ armoredKeys });
32-
const result = await pgp.verifySignature(
33-
publicKeys,
34-
cliPath,
35-
path.join(__dirname, "does-not-exist"),
36-
);
37-
expect((result as pgp.VerificationError).code).toBe(
38-
pgp.VerificationErrorCode.Read,
39-
);
32+
await expect(
33+
pgp.verifySignature(
34+
publicKeys,
35+
cliPath,
36+
path.join(__dirname, "does-not-exist"),
37+
),
38+
).rejects.toThrow("Failed to read");
4039
});
4140

4241
it("cannot read invalid signature", async () => {
4342
const armoredKeys = await fs.readFile(publicKeysPath, "utf8");
4443
const publicKeys = await openpgp.readKeys({ armoredKeys });
45-
const result = await pgp.verifySignature(
46-
publicKeys,
47-
cliPath,
48-
invalidSignaturePath,
49-
);
50-
expect((result as pgp.VerificationError).code).toBe(
51-
pgp.VerificationErrorCode.Read,
52-
);
44+
await expect(
45+
pgp.verifySignature(publicKeys, cliPath, invalidSignaturePath),
46+
).rejects.toThrow("Failed to read");
5347
});
5448

5549
it("cannot read file", async () => {
5650
const armoredKeys = await fs.readFile(publicKeysPath, "utf8");
5751
const publicKeys = await openpgp.readKeys({ armoredKeys });
58-
const result = await pgp.verifySignature(
59-
publicKeys,
60-
path.join(__dirname, "does-not-exist"),
61-
validSignaturePath,
62-
);
63-
expect((result as pgp.VerificationError).code).toBe(
64-
pgp.VerificationErrorCode.Read,
65-
);
52+
await expect(
53+
pgp.verifySignature(
54+
publicKeys,
55+
path.join(__dirname, "does-not-exist"),
56+
validSignaturePath,
57+
),
58+
).rejects.toThrow("Failed to read");
6659
});
6760

6861
it("mismatched signature", async () => {
6962
const armoredKeys = await fs.readFile(publicKeysPath, "utf8");
7063
const publicKeys = await openpgp.readKeys({ armoredKeys });
71-
const result = await pgp.verifySignature(
72-
publicKeys,
73-
__filename,
74-
validSignaturePath,
75-
);
76-
expect((result as pgp.VerificationError).code).toBe(
77-
pgp.VerificationErrorCode.Invalid,
78-
);
64+
await expect(
65+
pgp.verifySignature(publicKeys, __filename, validSignaturePath),
66+
).rejects.toThrow("Unable to verify");
7967
});
8068

8169
it("verifies signature", async () => {
8270
const armoredKeys = await fs.readFile(publicKeysPath, "utf8");
8371
const publicKeys = await openpgp.readKeys({ armoredKeys });
84-
const result = await pgp.verifySignature(
85-
publicKeys,
86-
cliPath,
87-
validSignaturePath,
88-
);
89-
expect(result).toBe(true);
72+
await pgp.verifySignature(publicKeys, cliPath, validSignaturePath);
9073
});
9174
});

src/pgp.ts

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,15 +46,15 @@ export async function readPublicKeys(
4646

4747
/**
4848
* Given public keys, a path to a file to verify, and a path to a detached
49-
* signature, verify the file's signature. Return true if valid, otherwise
50-
* return VerificationError.
49+
* signature, verify the file's signature. Throw VerificationError if invalid
50+
* or unable to validate.
5151
*/
5252
export async function verifySignature(
5353
publicKeys: openpgp.Key[],
5454
cliPath: string,
5555
signaturePath: string,
5656
logger?: vscode.LogOutputChannel,
57-
): Promise<true | VerificationError> {
57+
): Promise<void> {
5858
try {
5959
logger?.info("Reading signature", signaturePath);
6060
const armoredSignature = await fs.readFile(signaturePath, "utf8");
@@ -81,12 +81,11 @@ export async function verifySignature(
8181
} catch (e) {
8282
const error = `Unable to verify the authenticity of the binary: ${errToStr(e)}. The binary may have been tampered with.`;
8383
logger?.warn(error);
84-
return new VerificationError(VerificationErrorCode.Invalid, error);
84+
throw new VerificationError(VerificationErrorCode.Invalid, error);
8585
}
8686
} catch (e) {
8787
const error = `Failed to read signature or binary: ${errToStr(e)}.`;
8888
logger?.warn(error);
89-
return new VerificationError(VerificationErrorCode.Read, error);
89+
throw new VerificationError(VerificationErrorCode.Read, error);
9090
}
91-
return true;
9291
}

src/storage.ts

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -524,19 +524,24 @@ export class Storage {
524524
const writeStream = createWriteStream(signaturePath);
525525
const status = await this.download(client, source, writeStream);
526526
if (status === 200) {
527-
const result = await pgp.verifySignature(
528-
publicKeys,
529-
cliPath,
530-
signaturePath,
531-
this.output,
532-
);
533-
if (result !== true) {
527+
try {
528+
await pgp.verifySignature(
529+
publicKeys,
530+
cliPath,
531+
signaturePath,
532+
this.output,
533+
);
534+
} catch (error) {
534535
const action = await this.vscodeProposed.window.showWarningMessage(
535-
result.summary(),
536+
// VerificationError should be the only thing that throws, but
537+
// unfortunately caught errors are always type unknown.
538+
error instanceof pgp.VerificationError
539+
? error.summary()
540+
: "Failed to verify signature",
536541
{
537542
useCustom: true,
538543
modal: true,
539-
detail: `${result.message} Would you like to accept this risk and run the binary anyway?`,
544+
detail: `${errToStr(error)} Would you like to accept this risk and run the binary anyway?`,
540545
},
541546
"Run anyway",
542547
);

0 commit comments

Comments
 (0)