mirror of
https://codeberg.org/keyoxide/doipjs.git
synced 2024-12-22 14:39:28 -07:00
feat: support OpenPGP claims
This commit is contained in:
parent
dd2c134a75
commit
cd96131ad1
6 changed files with 297 additions and 0 deletions
12
src/enums.js
12
src/enums.js
|
@ -50,6 +50,8 @@ export const Fetcher = {
|
||||||
IRC: 'irc',
|
IRC: 'irc',
|
||||||
/** HTTP request to Matrix API */
|
/** HTTP request to Matrix API */
|
||||||
MATRIX: 'matrix',
|
MATRIX: 'matrix',
|
||||||
|
/** HKP and WKS request for OpenPGP */
|
||||||
|
OPENPGP: 'openpgp',
|
||||||
/** HTTP request to Telegram API */
|
/** HTTP request to Telegram API */
|
||||||
TELEGRAM: 'telegram',
|
TELEGRAM: 'telegram',
|
||||||
/** XMPP module from Node.js */
|
/** XMPP module from Node.js */
|
||||||
|
@ -197,3 +199,13 @@ export const PublicKeyFetchMethod = {
|
||||||
HTTP: 'http',
|
HTTP: 'http',
|
||||||
NONE: 'none'
|
NONE: 'none'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Protocol to query OpenPGP public keys
|
||||||
|
* @readonly
|
||||||
|
* @enum {string}
|
||||||
|
*/
|
||||||
|
export const OpenPgpQueryProtocol = {
|
||||||
|
HKP: 'hkp',
|
||||||
|
WKD: 'wkd'
|
||||||
|
}
|
||||||
|
|
|
@ -19,5 +19,6 @@ export * as graphql from './graphql.js'
|
||||||
export * as http from './http.js'
|
export * as http from './http.js'
|
||||||
export * as irc from './irc.js'
|
export * as irc from './irc.js'
|
||||||
export * as matrix from './matrix.js'
|
export * as matrix from './matrix.js'
|
||||||
|
export * as openpgp from './openpgp.js'
|
||||||
export * as telegram from './telegram.js'
|
export * as telegram from './telegram.js'
|
||||||
export * as xmpp from './xmpp.js'
|
export * as xmpp from './xmpp.js'
|
||||||
|
|
|
@ -17,4 +17,5 @@ export * as activitypub from './activitypub.js'
|
||||||
export * as graphql from './graphql.js'
|
export * as graphql from './graphql.js'
|
||||||
export * as http from './http.js'
|
export * as http from './http.js'
|
||||||
export * as matrix from './matrix.js'
|
export * as matrix from './matrix.js'
|
||||||
|
export * as openpgp from './openpgp.js'
|
||||||
export * as telegram from './telegram.js'
|
export * as telegram from './telegram.js'
|
||||||
|
|
111
src/fetcher/openpgp.js
Normal file
111
src/fetcher/openpgp.js
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
/*
|
||||||
|
Copyright 2024 Yarmo Mackenbach
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
import axios from 'axios'
|
||||||
|
import { readKey } from 'openpgp'
|
||||||
|
import { OpenPgpQueryProtocol } from '../enums.js'
|
||||||
|
import { version } from '../constants.js'
|
||||||
|
import { parsePublicKey } from '../openpgp.js'
|
||||||
|
|
||||||
|
export const timeout = 5000
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Execute a fetch request
|
||||||
|
* @function
|
||||||
|
* @async
|
||||||
|
* @param {object} data - Data used in the request
|
||||||
|
* @param {string} data.url - The URL pointing at targeted content
|
||||||
|
* @param {OpenPgpQueryProtocol} data.protocol - The protocol used to access the targeted content
|
||||||
|
* @param {number} [data.fetcherTimeout] - Optional timeout for the fetcher
|
||||||
|
* @returns {Promise<object|string>}
|
||||||
|
*/
|
||||||
|
export async function fn (data, opts) {
|
||||||
|
let timeoutHandle
|
||||||
|
const timeoutPromise = new Promise((resolve, reject) => {
|
||||||
|
timeoutHandle = setTimeout(
|
||||||
|
() => reject(new Error('Request was timed out')),
|
||||||
|
data.fetcherTimeout ? data.fetcherTimeout : timeout
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
const fetchPromise = new Promise((resolve, reject) => {
|
||||||
|
if (!data.url) {
|
||||||
|
reject(new Error('No valid URI provided'))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (data.protocol) {
|
||||||
|
case OpenPgpQueryProtocol.HKP:
|
||||||
|
axios.get(data.url, {
|
||||||
|
headers: {
|
||||||
|
Accept: 'application/pgp-keys',
|
||||||
|
'User-Agent': `doipjs/${version}`
|
||||||
|
},
|
||||||
|
validateStatus: (status) => status >= 200 && status < 400
|
||||||
|
})
|
||||||
|
.then(res => res.data)
|
||||||
|
.then(async data => await readKey({ armoredKey: data }))
|
||||||
|
.then(async publicKey => await parsePublicKey(publicKey))
|
||||||
|
.then(profile =>
|
||||||
|
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
|
||||||
|
)
|
||||||
|
.then(res => {
|
||||||
|
resolve({
|
||||||
|
notations: {
|
||||||
|
'proof@ariadne.id': res
|
||||||
|
}
|
||||||
|
})
|
||||||
|
})
|
||||||
|
.catch(e => {
|
||||||
|
reject(e)
|
||||||
|
})
|
||||||
|
break
|
||||||
|
case OpenPgpQueryProtocol.WKD:
|
||||||
|
axios.get(data.url, {
|
||||||
|
headers: {
|
||||||
|
Accept: 'application/octet-stream',
|
||||||
|
'User-Agent': `doipjs/${version}`
|
||||||
|
},
|
||||||
|
responseType: 'arraybuffer',
|
||||||
|
validateStatus: (status) => status >= 200 && status < 400
|
||||||
|
})
|
||||||
|
.then(res => res.data)
|
||||||
|
.then(async data => await readKey({ binaryKey: data }))
|
||||||
|
.then(async publicKey => await parsePublicKey(publicKey))
|
||||||
|
.then(profile =>
|
||||||
|
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
|
||||||
|
)
|
||||||
|
.then(res => {
|
||||||
|
resolve({
|
||||||
|
notations: {
|
||||||
|
'proof@ariadne.id': res
|
||||||
|
}
|
||||||
|
})
|
||||||
|
})
|
||||||
|
.catch(e => {
|
||||||
|
reject(e)
|
||||||
|
})
|
||||||
|
break
|
||||||
|
default:
|
||||||
|
reject(new Error('Unsupported OpenPGP query protocol'))
|
||||||
|
break
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
return Promise.race([fetchPromise, timeoutPromise]).then((result) => {
|
||||||
|
clearTimeout(timeoutHandle)
|
||||||
|
return result
|
||||||
|
})
|
||||||
|
}
|
|
@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
import * as openpgp from './openpgp.js'
|
||||||
import * as dns from './dns.js'
|
import * as dns from './dns.js'
|
||||||
import * as irc from './irc.js'
|
import * as irc from './irc.js'
|
||||||
import * as xmpp from './xmpp.js'
|
import * as xmpp from './xmpp.js'
|
||||||
|
@ -37,6 +38,7 @@ import * as keybase from './keybase.js'
|
||||||
import * as opencollective from './opencollective.js'
|
import * as opencollective from './opencollective.js'
|
||||||
|
|
||||||
const _data = {
|
const _data = {
|
||||||
|
openpgp,
|
||||||
dns,
|
dns,
|
||||||
irc,
|
irc,
|
||||||
xmpp,
|
xmpp,
|
||||||
|
|
170
src/serviceProviders/openpgp.js
Normal file
170
src/serviceProviders/openpgp.js
Normal file
|
@ -0,0 +1,170 @@
|
||||||
|
/*
|
||||||
|
Copyright 2024 Yarmo Mackenbach
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
import * as E from '../enums.js'
|
||||||
|
import { ServiceProvider } from '../serviceProvider.js'
|
||||||
|
|
||||||
|
export const reURI = /^(.*)/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @function
|
||||||
|
* @param {string} uri
|
||||||
|
*/
|
||||||
|
export function processURI (uri) {
|
||||||
|
const reURIHkp = /^openpgp4fpr:(?:0x)?([a-zA-Z0-9.\-_]*)/
|
||||||
|
const reURIWkdDirect = /^https:\/\/(.*)\/.well-known\/openpgpkey\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
|
||||||
|
const reURIWkdAdvanced = /^https:\/\/(openpgpkey.*)\/.well-known\/openpgpkey\/(.*)\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
|
||||||
|
|
||||||
|
let reURI = null
|
||||||
|
let mode = null
|
||||||
|
let match = null
|
||||||
|
|
||||||
|
if (reURIHkp.test(uri)) {
|
||||||
|
reURI = reURIHkp
|
||||||
|
mode = E.OpenPgpQueryProtocol.HKP
|
||||||
|
match = uri.match(reURI)
|
||||||
|
}
|
||||||
|
if (!mode && reURIWkdAdvanced.test(uri)) {
|
||||||
|
reURI = reURIWkdAdvanced
|
||||||
|
mode = E.OpenPgpQueryProtocol.WKD
|
||||||
|
match = uri.match(reURI)
|
||||||
|
}
|
||||||
|
if (!mode && reURIWkdDirect.test(uri)) {
|
||||||
|
reURI = reURIWkdDirect
|
||||||
|
mode = E.OpenPgpQueryProtocol.WKD
|
||||||
|
match = uri.match(reURI)
|
||||||
|
}
|
||||||
|
|
||||||
|
let output = null
|
||||||
|
|
||||||
|
switch (mode) {
|
||||||
|
case E.OpenPgpQueryProtocol.HKP:
|
||||||
|
output = new ServiceProvider({
|
||||||
|
about: {
|
||||||
|
id: 'openpgp',
|
||||||
|
name: 'OpenPGP'
|
||||||
|
},
|
||||||
|
profile: {
|
||||||
|
display: `openpgp4fpr:${match[1]}`,
|
||||||
|
uri: `https://keys.openpgp.org/search?q=${match[1]}`,
|
||||||
|
qr: null
|
||||||
|
},
|
||||||
|
claim: {
|
||||||
|
uriRegularExpression: reURI.toString(),
|
||||||
|
uriIsAmbiguous: false
|
||||||
|
},
|
||||||
|
proof: {
|
||||||
|
request: {
|
||||||
|
uri: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
|
||||||
|
fetcher: E.Fetcher.OPENPGP,
|
||||||
|
accessRestriction: E.ProofAccessRestriction.NONE,
|
||||||
|
data: {
|
||||||
|
url: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
|
||||||
|
protocol: E.OpenPgpQueryProtocol.HKP
|
||||||
|
}
|
||||||
|
},
|
||||||
|
response: {
|
||||||
|
format: E.ProofFormat.JSON
|
||||||
|
},
|
||||||
|
target: [{
|
||||||
|
format: E.ClaimFormat.URI,
|
||||||
|
encoding: E.EntityEncodingFormat.PLAIN,
|
||||||
|
relation: E.ClaimRelation.EQUALS,
|
||||||
|
path: ['notations', 'proof@ariadne.id']
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
})
|
||||||
|
break
|
||||||
|
case E.OpenPgpQueryProtocol.WKD:
|
||||||
|
output = new ServiceProvider({
|
||||||
|
about: {
|
||||||
|
id: 'openpgp',
|
||||||
|
name: 'OpenPGP'
|
||||||
|
},
|
||||||
|
profile: {
|
||||||
|
display: 'unknown fingerprint',
|
||||||
|
uri,
|
||||||
|
qr: null
|
||||||
|
},
|
||||||
|
claim: {
|
||||||
|
uriRegularExpression: reURI.toString(),
|
||||||
|
uriIsAmbiguous: false
|
||||||
|
},
|
||||||
|
proof: {
|
||||||
|
request: {
|
||||||
|
uri,
|
||||||
|
fetcher: E.Fetcher.OPENPGP,
|
||||||
|
accessRestriction: E.ProofAccessRestriction.NONE,
|
||||||
|
data: {
|
||||||
|
url: uri,
|
||||||
|
protocol: E.OpenPgpQueryProtocol.WKD
|
||||||
|
}
|
||||||
|
},
|
||||||
|
response: {
|
||||||
|
format: E.ProofFormat.JSON
|
||||||
|
},
|
||||||
|
target: [{
|
||||||
|
format: E.ClaimFormat.URI,
|
||||||
|
encoding: E.EntityEncodingFormat.PLAIN,
|
||||||
|
relation: E.ClaimRelation.EQUALS,
|
||||||
|
path: ['notations', 'proof@ariadne.id']
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
})
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
return output
|
||||||
|
}
|
||||||
|
|
||||||
|
export const tests = [
|
||||||
|
{
|
||||||
|
uri: 'openpgp4fpr:123456789',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'openpgp4fpr:abcdef123',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def?l=name',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
// The following will not pass .processURI, but reURI currently accepts anything
|
||||||
|
{
|
||||||
|
uri: 'https://domain.tld',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
|
||||||
|
shouldMatch: true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
uri: 'https://domain.tld/.well-known/openpgpkey/123abc456def?l=name',
|
||||||
|
shouldMatch: true
|
||||||
|
}
|
||||||
|
]
|
Loading…
Reference in a new issue