func TestRevokeKey(t *testing.T) {
tc := SetupEngineTest(t, "rev")
defer tc.Cleanup()
u := createFakeUserWithPGPSibkeyPaper(tc)
assertNumDevicesAndKeys(tc, u, 2, 5)
_, keys := getActiveDevicesAndKeys(tc, u)
var pgpKey *libkb.GenericKey
for i, key := range keys {
if libkb.IsPGP(key) {
// XXX: Don't use &key. That refers to the loop variable, which
// gets overwritten.
pgpKey = &keys[i] //
break
}
}
if pgpKey == nil {
t.Fatal("Expected to find PGP key")
}
err := doRevokeKey(tc, u, (*pgpKey).GetKID())
if err != nil {
tc.T.Fatal(err)
}
assertNumDevicesAndKeys(tc, u, 2, 4)
}
func (e *RevokeEngine) getKIDsToRevoke(me *libkb.User) ([]keybase1.KID, error) {
if e.mode == RevokeDevice {
deviceKeys, err := me.GetComputedKeyFamily().GetAllActiveKeysForDevice(e.deviceID)
if err != nil {
return nil, err
}
if len(deviceKeys) == 0 {
return nil, fmt.Errorf("No active keys to revoke for device %s.", e.deviceID)
}
return deviceKeys, nil
} else if e.mode == RevokeKey {
kid := e.kid
key, err := me.GetComputedKeyFamily().FindKeyWithKIDUnsafe(kid)
if err != nil {
return nil, err
}
if !libkb.IsPGP(key) {
return nil, fmt.Errorf("Key %s is not a PGP key. To revoke device keys, use the `device remove` command.", e.kid)
}
for _, activePGPKey := range me.GetComputedKeyFamily().GetActivePGPKeys(false /* sibkeys only */) {
if activePGPKey.GetKID().Equal(kid) {
return []keybase1.KID{kid}, nil
}
}
return nil, fmt.Errorf("PGP key %s is not active", e.kid)
} else {
return nil, fmt.Errorf("Unknown revoke mode: %d", e.mode)
}
}