3 files changed, 37 insertions, 3 deletions

diff --git a/app/controllers/api/keys_controller.rb b/app/controllers/api/keys_controller.rb
index d4cb759..7eb76ee 100644
--- a/app/controllers/api/keys_controller.rb
+++ b/app/controllers/api/keys_controller.rb
@@ -25,10 +25,22 @@ class Api::KeysController < ApiController
   def update
     keyring.update type, rev: rev, value: value
     head :no_content
+  rescue Keyring::NotFound => e
+    render status: 404, json: {error: e.message}
   rescue Keyring::Error, ActionController::ParameterMissing => e
     render status: 422, json: {error: e.message}
   end
 
+  def destroy
+    keyring.delete type, rev: rev
+    head :no_content
+  rescue Keyring::NotFound => e
+    render status: 404, json: {error: e.message}
+  rescue Keyring::Error, ActionController::ParameterMissing => e
+    render status: 422, json: {error: e.message}
+  end
+
+
   protected
 
   def require_enabled
diff --git a/app/models/identity.rb b/app/models/identity.rb
index 92f8f7a..b8c2245 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -136,6 +136,11 @@ class Identity < CouchRest::Model::Base
     write_attribute('keys', keys.merge(type => key.to_s))
   end
 
+  def delete_key(type)
+    raise 'key not found' unless keys[type]
+    write_attribute('keys', keys.except(type))
+  end
+
   def cert_fingerprints
     read_attribute('cert_fingerprints') || Hash.new
   end
diff --git a/app/models/keyring.rb b/app/models/keyring.rb
index 6779d5d..66f7bfd 100644
--- a/app/models/keyring.rb
+++ b/app/models/keyring.rb
@@ -8,6 +8,12 @@ class Keyring
   class Error < RuntimeError
   end
 
+  class NotFound < Error
+    def initialize(type)
+      super "no such key: #{type}"
+    end
+  end
+
   def initialize(storage)
     @storage = storage
   end
@@ -19,19 +25,30 @@ class Keyring
   end
 
   def update(type, rev:, value:)
-    old_rev = key_of_type(type)['rev']
-    raise Error, "wrong revision: #{rev}" unless old_rev == rev
+    check_rev type, rev
     storage.set_key type, {type: type, value: value, rev: new_rev}.to_json
     storage.save
   end
 
+  def delete(type, rev:)
+    check_rev type, rev
+    storage.delete_key type
+    storage.save
+  end
+
   def key_of_type(type)
-    JSON.parse(storage.keys[type])
+    JSON.parse(storage.keys[type]) if storage.keys[type]
   end
 
   protected
   attr_reader :storage
 
+  def check_rev(type, rev)
+    old = key_of_type(type)
+    raise NotFound, type unless old
+    raise Error, "wrong revision: #{rev}" unless old['rev'] == rev
+  end
+
   def new_rev
     SecureRandom.urlsafe_base64(8)
   end