doipjs/src/signatures.js

/*
Copyright 2021 Yarmo Mackenbach

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import { CleartextMessage, PublicKey, readCleartextMessage, verify } from 'openpgp'
import { Claim } from './claim.js'
import { fetchURI } from './openpgp.js'
import { Profile } from './profile.js'
import { ProfileType, PublicKeyEncoding, PublicKeyType } from './enums.js'
import { Persona } from './persona.js'

/**
 * @module signatures
 */

/**
 * Extract the profile from a signature and fetch the associated key
 * @async
 * @param {string} signature - The plaintext signature to parse
 * @returns {Promise<Profile>}
 */
export async function parse (signature) {
  /** @type {CleartextMessage} */
  let sigData

  // Read the signature
  try {
    sigData = await readCleartextMessage({
      cleartextMessage: signature
    })
  } catch (e) {
    throw new Error(`Signature could not be read (${e.message})`)
  }

  // @ts-ignore
  const issuerKeyID = sigData.signature.packets[0].issuerKeyID.toHex()
  // @ts-ignore
  const signersUserID = sigData.signature.packets[0].signersUserID
  const preferredKeyServer =
  // @ts-ignore
    sigData.signature.packets[0].preferredKeyServer ||
    'https://keys.openpgp.org/'
  const text = sigData.getText()
  const sigKeys = []
  const claims = []

  text.split('\n').forEach((line, i) => {
    const match = line.match(/^([a-zA-Z0-9]*)=(.*)$/i)
    if (!match) {
      return
    }
    switch (match[1].toLowerCase()) {
      case 'key':
        sigKeys.push(match[2])
        break

      case 'proof':
        claims.push(new Claim(match[2]))
        break

      default:
        break
    }
  })

  const obtainedKey = {
    query: null,
    data: null,
    method: null
  }

  // Try key identifier found in the signature
  if (sigKeys.length > 0) {
    try {
      obtainedKey.query = sigKeys[0]
      /** @type {PublicKey} */
      obtainedKey.data = (await fetchURI(obtainedKey.query)).publicKey.key
      obtainedKey.method = obtainedKey.query.split(':')[0]
    } catch (e) {}
  }
  // Try WKD
  if (!obtainedKey.data && signersUserID) {
    try {
      obtainedKey.query = signersUserID
      obtainedKey.data = (await fetchURI(`wkd:${signersUserID}`)).publicKey.key
      obtainedKey.method = 'wkd'
    } catch (e) {}
  }
  // Try HKP
  if (!obtainedKey.data) {
    try {
      const match = preferredKeyServer.match(/^(.*:\/\/)?([^/]*)(?:\/)?$/i)
      obtainedKey.query = issuerKeyID || signersUserID
      obtainedKey.data = (await fetchURI(`hkp:${match[2]}:${obtainedKey.query}`)).publicKey.key
      obtainedKey.method = 'hkp'
    } catch (e) {
      throw new Error('Public key not found')
    }
  }

  const primaryUserData = await obtainedKey.data.getPrimaryUser()
  const fingerprint = obtainedKey.data.getFingerprint()

  // Verify the signature
  const verificationResult = await verify({
    // @ts-ignore
    message: sigData,
    verificationKeys: obtainedKey.data
  })
  const { verified } = verificationResult.signatures[0]
  try {
    await verified
  } catch (e) {
    throw new Error(`Signature could not be verified (${e.message})`)
  }

  // Build the persona
  const persona = new Persona(primaryUserData.user.userID.name, [])
  persona.setIdentifier(primaryUserData.user.userID.userID)
  persona.setDescription(primaryUserData.user.userID.comment || null)
  persona.setEmailAddress(primaryUserData.user.userID.email || null)
  persona.claims = claims
    .map(
      ({ value }) =>
        new Claim(new TextDecoder().decode(value), `openpgp4fpr:${fingerprint}`)
    )

  const profile = new Profile(ProfileType.OPENPGP, `openpgp4fpr:${fingerprint}`, [persona])

  profile.publicKey.keyType = PublicKeyType.OPENPGP
  profile.publicKey.encoding = PublicKeyEncoding.ARMORED_PGP
  profile.publicKey.encodedKey = obtainedKey.data.armor()
  profile.publicKey.key = obtainedKey.data
  profile.publicKey.fetch.method = obtainedKey.method
  profile.publicKey.fetch.query = obtainedKey.query

  return profile
}
Add signature verification 2021-01-07 08:15:50 -07:00			`/*`
Update year 2021-01-13 05:20:33 -07:00			`Copyright 2021 Yarmo Mackenbach`
Add signature verification 2021-01-07 08:15:50 -07:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`
fix: remove TS import types 2024-01-27 09:57:46 -07:00			`import { CleartextMessage, PublicKey, readCleartextMessage, verify } from 'openpgp'`
feat: convert CJS to ESM 2023-07-08 00:17:13 -06:00			`import { Claim } from './claim.js'`
feat: tweaks to src, use new classes and enums 2023-07-09 04:03:25 -06:00			`import { fetchURI } from './openpgp.js'`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`import { Profile } from './profile.js'`
			`import { ProfileType, PublicKeyEncoding, PublicKeyType } from './enums.js'`
			`import { Persona } from './persona.js'`
Add signature verification 2021-01-07 08:15:50 -07:00
Add jsdoc documentation 2021-04-22 07:14:21 -06:00			`/**`
Run prettier 2021-04-22 08:00:37 -06:00			`* @module signatures`
Add jsdoc documentation 2021-04-22 07:14:21 -06:00			`*/`

			`/**`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`* Extract the profile from a signature and fetch the associated key`
Add jsdoc documentation 2021-04-22 07:14:21 -06:00			`* @async`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`* @param {string} signature - The plaintext signature to parse`
fix: remove TS import types 2024-01-27 09:57:46 -07:00			`* @returns {Promise<Profile>}`
Add jsdoc documentation 2021-04-22 07:14:21 -06:00			`*/`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`export async function parse (signature) {`
fix: remove TS import types 2024-01-27 09:57:46 -07:00			`/** @type {CleartextMessage} */`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`let sigData`

Fix signature profile verification 2022-03-25 16:16:46 -06:00			`// Read the signature`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`try {`
feat: convert CJS to ESM 2023-07-08 00:17:13 -06:00			`sigData = await readCleartextMessage({`
Update code to openpgpjs 5 syntax 2021-11-17 07:54:48 -07:00			`cleartextMessage: signature`
			`})`
Fix signature profile verification 2022-03-25 16:16:46 -06:00			`} catch (e) {`
			throw new Error(`Signature could not be read (${e.message})`)
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`}`
Fix signature profile verification 2022-03-25 16:16:46 -06:00
fix: ignore non-issues without current solution 2023-05-03 07:35:40 -06:00			`// @ts-ignore`
Update code to openpgpjs 5 syntax 2021-11-17 07:54:48 -07:00			`const issuerKeyID = sigData.signature.packets[0].issuerKeyID.toHex()`
fix: ignore non-issues without current solution 2023-05-03 07:35:40 -06:00			`// @ts-ignore`
Update code to openpgpjs 5 syntax 2021-11-17 07:54:48 -07:00			`const signersUserID = sigData.signature.packets[0].signersUserID`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`const preferredKeyServer =`
fix: ignore non-issues without current solution 2023-05-03 07:35:40 -06:00			`// @ts-ignore`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`sigData.signature.packets[0].preferredKeyServer \|\|`
			`'https://keys.openpgp.org/'`
			`const text = sigData.getText()`
			`const sigKeys = []`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`const claims = []`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00
			`text.split('\n').forEach((line, i) => {`
			`const match = line.match(/^([a-zA-Z0-9])=(.)$/i)`
			`if (!match) {`
			`return`
Add signature verification 2021-01-07 08:15:50 -07:00			`}`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`switch (match[1].toLowerCase()) {`
			`case 'key':`
			`sigKeys.push(match[2])`
			`break`
Run prettier 2021-01-07 08:17:24 -07:00
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`case 'proof':`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`claims.push(new Claim(match[2]))`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`break`
Make process functions uniform 2021-04-19 03:06:29 -06:00
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`default:`
			`break`
Add signature verification 2021-01-07 08:15:50 -07:00			`}`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`})`
Add signature verification 2021-01-07 08:15:50 -07:00
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`const obtainedKey = {`
			`query: null,`
			`data: null,`
			`method: null`
			`}`

			`// Try key identifier found in the signature`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`if (sigKeys.length > 0) {`
			`try {`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`obtainedKey.query = sigKeys[0]`
fix: remove TS import types 2024-01-27 09:57:46 -07:00			`/** @type {PublicKey} */`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`obtainedKey.data = (await fetchURI(obtainedKey.query)).publicKey.key`
			`obtainedKey.method = obtainedKey.query.split(':')[0]`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`} catch (e) {}`
			`}`
			`// Try WKD`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`if (!obtainedKey.data && signersUserID) {`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`try {`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`obtainedKey.query = signersUserID`
			obtainedKey.data = (await fetchURI(`wkd:${signersUserID}`)).publicKey.key
			`obtainedKey.method = 'wkd'`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`} catch (e) {}`
			`}`
			`// Try HKP`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`if (!obtainedKey.data) {`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`try {`
			`const match = preferredKeyServer.match(/^(.:\/\/)?([^/])(?:\/)?$/i)`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`obtainedKey.query = issuerKeyID \|\| signersUserID`
			obtainedKey.data = (await fetchURI(`hkp:${match[2]}:${obtainedKey.query}`)).publicKey.key
			`obtainedKey.method = 'hkp'`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`} catch (e) {`
Fix signature profile verification 2022-03-25 16:16:46 -06:00			`throw new Error('Public key not found')`
Make process functions uniform 2021-04-19 03:06:29 -06:00			`}`
Fix JavaScript Standard Style issues 2021-07-09 15:44:52 -06:00			`}`
Make process functions uniform 2021-04-19 03:06:29 -06:00
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`const primaryUserData = await obtainedKey.data.getPrimaryUser()`
			`const fingerprint = obtainedKey.data.getFingerprint()`

Fix signature profile verification 2022-03-25 16:16:46 -06:00			`// Verify the signature`
feat: convert CJS to ESM 2023-07-08 00:17:13 -06:00			`const verificationResult = await verify({`
fix: ignore non-issues without current solution 2023-05-03 07:35:40 -06:00			`// @ts-ignore`
Fix signature profile verification 2022-03-25 16:16:46 -06:00			`message: sigData,`
fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`verificationKeys: obtainedKey.data`
Fix signature profile verification 2022-03-25 16:16:46 -06:00			`})`
			`const { verified } = verificationResult.signatures[0]`
			`try {`
			`await verified`
			`} catch (e) {`
			throw new Error(`Signature could not be verified (${e.message})`)
			`}`

fix: legacy signature functionality 2023-07-13 02:40:02 -06:00			`// Build the persona`
			`const persona = new Persona(primaryUserData.user.userID.name, [])`
			`persona.setIdentifier(primaryUserData.user.userID.userID)`
			`persona.setDescription(primaryUserData.user.userID.comment \|\| null)`
			`persona.setEmailAddress(primaryUserData.user.userID.email \|\| null)`
			`persona.claims = claims`
			`.map(`
			`({ value }) =>`
			new Claim(new TextDecoder().decode(value), `openpgp4fpr:${fingerprint}`)
			`)`

			const profile = new Profile(ProfileType.OPENPGP, `openpgp4fpr:${fingerprint}`, [persona])

			`profile.publicKey.keyType = PublicKeyType.OPENPGP`
			`profile.publicKey.encoding = PublicKeyEncoding.ARMORED_PGP`
			`profile.publicKey.encodedKey = obtainedKey.data.armor()`
			`profile.publicKey.key = obtainedKey.data`
			`profile.publicKey.fetch.method = obtainedKey.method`
			`profile.publicKey.fetch.query = obtainedKey.query`

			`return profile`
Add signature verification 2021-01-07 08:15:50 -07:00			`}`