Use signature data to find key location

This commit is contained in:
Yarmo Mackenbach 2021-01-09 15:17:53 +01:00
parent 9e248e6aeb
commit 996ee8fbc7

View file

@ -22,16 +22,24 @@ const verify = (signature, opts) => {
return new Promise(async (resolve, reject) => { return new Promise(async (resolve, reject) => {
let errors = [], let errors = [],
sigData sigData
try { try {
sigData = await openpgp.cleartext.readArmored(signature) sigData = await openpgp.cleartext.readArmored(signature)
} catch (error) { } catch (error) {
errors.push('invalid_signature') errors.push('invalid_signature')
reject({ errors: errors }) reject({ errors: errors })
return
} }
const issuerKeyId = sigData.signature.packets[0].issuerKeyId.toHex()
const signersUserId = sigData.signature.packets[0].signersUserId
const preferredKeyServer =
sigData.signature.packets[0].preferredKeyServer ||
'https://keys.openppg.org/'
const text = sigData.getText() const text = sigData.getText()
let sigKeys = [] let sigKeys = []
let sigClaims = [] let sigClaims = []
text.split('\n').forEach((line, i) => { text.split('\n').forEach((line, i) => {
const match = line.match(/^(.*)\=(.*)$/i) const match = line.match(/^(.*)\=(.*)$/i)
if (!match) { if (!match) {
@ -51,12 +59,35 @@ const verify = (signature, opts) => {
} }
}) })
if (sigKeys.length === 0) { let keyData, keyUri
errors.push('no_linked_keys')
// Try overruling key
if (sigKeys.length > 0) {
try {
keyUri = sigKeys[0]
keyData = await keys.fetch.uri(keyUri)
} catch {}
}
// Try WKD
if (!keyData && signersUserId) {
try {
keyUri = `wkd:${signersUserId}`
keyData = await keys.fetch.uri(keyUri)
} catch {}
}
// Try HKP
if (!keyData) {
try {
const match = preferredKeyServer.match(/^(.*\:\/\/)?([^/]*)(?:\/)?$/i)
keyUri = `hkp:${match[2]}:${issuerKeyId ? issuerKeyId : signersUserId}`
keyData = await keys.fetch.uri(keyUri)
} catch {
errors.push('key_not_found')
reject({ errors: errors }) reject({ errors: errors })
return
}
} }
const keyData = await keys.fetch.uri(sigKeys[0])
const fingerprint = keyData.keyPacket.getFingerprint() const fingerprint = keyData.keyPacket.getFingerprint()
try { try {
@ -65,14 +96,25 @@ const verify = (signature, opts) => {
} catch (e) { } catch (e) {
errors.push('invalid_signature_verification') errors.push('invalid_signature_verification')
reject({ errors: errors }) reject({ errors: errors })
return
} }
const claimVerifications = await claims.verify(sigClaims, fingerprint, opts) const claimVerifications = await claims.verify(sigClaims, fingerprint, opts)
resolve({ resolve({
errors: errors, errors: errors,
publicKey: keyData, signature: {
data: sigData.signature,
issuerKeyId: issuerKeyId,
signersUserId: signersUserId,
preferredKeyServer: preferredKeyServer,
},
publicKey: {
data: keyData,
uri: keyUri,
fingerprint: fingerprint, fingerprint: fingerprint,
},
text: text,
claims: claimVerifications, claims: claimVerifications,
}) })
}) })