feat: support OpenPGP claims

This commit is contained in:
Yarmo Mackenbach 2024-01-23 13:54:34 +01:00
parent dd2c134a75
commit cd96131ad1
No known key found for this signature in database
GPG key ID: C248C28D432560ED
6 changed files with 297 additions and 0 deletions

View file

@ -50,6 +50,8 @@ export const Fetcher = {
IRC: 'irc',
/** HTTP request to Matrix API */
MATRIX: 'matrix',
/** HKP and WKS request for OpenPGP */
OPENPGP: 'openpgp',
/** HTTP request to Telegram API */
TELEGRAM: 'telegram',
/** XMPP module from Node.js */
@ -197,3 +199,13 @@ export const PublicKeyFetchMethod = {
HTTP: 'http',
NONE: 'none'
}
/**
* Protocol to query OpenPGP public keys
* @readonly
* @enum {string}
*/
export const OpenPgpQueryProtocol = {
HKP: 'hkp',
WKD: 'wkd'
}

View file

@ -19,5 +19,6 @@ export * as graphql from './graphql.js'
export * as http from './http.js'
export * as irc from './irc.js'
export * as matrix from './matrix.js'
export * as openpgp from './openpgp.js'
export * as telegram from './telegram.js'
export * as xmpp from './xmpp.js'

View file

@ -17,4 +17,5 @@ export * as activitypub from './activitypub.js'
export * as graphql from './graphql.js'
export * as http from './http.js'
export * as matrix from './matrix.js'
export * as openpgp from './openpgp.js'
export * as telegram from './telegram.js'

111
src/fetcher/openpgp.js Normal file
View file

@ -0,0 +1,111 @@
/*
Copyright 2024 Yarmo Mackenbach
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import axios from 'axios'
import { readKey } from 'openpgp'
import { OpenPgpQueryProtocol } from '../enums.js'
import { version } from '../constants.js'
import { parsePublicKey } from '../openpgp.js'
export const timeout = 5000
/**
* Execute a fetch request
* @function
* @async
* @param {object} data - Data used in the request
* @param {string} data.url - The URL pointing at targeted content
* @param {OpenPgpQueryProtocol} data.protocol - The protocol used to access the targeted content
* @param {number} [data.fetcherTimeout] - Optional timeout for the fetcher
* @returns {Promise<object|string>}
*/
export async function fn (data, opts) {
let timeoutHandle
const timeoutPromise = new Promise((resolve, reject) => {
timeoutHandle = setTimeout(
() => reject(new Error('Request was timed out')),
data.fetcherTimeout ? data.fetcherTimeout : timeout
)
})
const fetchPromise = new Promise((resolve, reject) => {
if (!data.url) {
reject(new Error('No valid URI provided'))
return
}
switch (data.protocol) {
case OpenPgpQueryProtocol.HKP:
axios.get(data.url, {
headers: {
Accept: 'application/pgp-keys',
'User-Agent': `doipjs/${version}`
},
validateStatus: (status) => status >= 200 && status < 400
})
.then(res => res.data)
.then(async data => await readKey({ armoredKey: data }))
.then(async publicKey => await parsePublicKey(publicKey))
.then(profile =>
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
)
.then(res => {
resolve({
notations: {
'proof@ariadne.id': res
}
})
})
.catch(e => {
reject(e)
})
break
case OpenPgpQueryProtocol.WKD:
axios.get(data.url, {
headers: {
Accept: 'application/octet-stream',
'User-Agent': `doipjs/${version}`
},
responseType: 'arraybuffer',
validateStatus: (status) => status >= 200 && status < 400
})
.then(res => res.data)
.then(async data => await readKey({ binaryKey: data }))
.then(async publicKey => await parsePublicKey(publicKey))
.then(profile =>
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
)
.then(res => {
resolve({
notations: {
'proof@ariadne.id': res
}
})
})
.catch(e => {
reject(e)
})
break
default:
reject(new Error('Unsupported OpenPGP query protocol'))
break
}
})
return Promise.race([fetchPromise, timeoutPromise]).then((result) => {
clearTimeout(timeoutHandle)
return result
})
}

View file

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import * as openpgp from './openpgp.js'
import * as dns from './dns.js'
import * as irc from './irc.js'
import * as xmpp from './xmpp.js'
@ -37,6 +38,7 @@ import * as keybase from './keybase.js'
import * as opencollective from './opencollective.js'
const _data = {
openpgp,
dns,
irc,
xmpp,

View file

@ -0,0 +1,170 @@
/*
Copyright 2024 Yarmo Mackenbach
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import * as E from '../enums.js'
import { ServiceProvider } from '../serviceProvider.js'
export const reURI = /^(.*)/
/**
* @function
* @param {string} uri
*/
export function processURI (uri) {
const reURIHkp = /^openpgp4fpr:(?:0x)?([a-zA-Z0-9.\-_]*)/
const reURIWkdDirect = /^https:\/\/(.*)\/.well-known\/openpgpkey\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
const reURIWkdAdvanced = /^https:\/\/(openpgpkey.*)\/.well-known\/openpgpkey\/(.*)\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
let reURI = null
let mode = null
let match = null
if (reURIHkp.test(uri)) {
reURI = reURIHkp
mode = E.OpenPgpQueryProtocol.HKP
match = uri.match(reURI)
}
if (!mode && reURIWkdAdvanced.test(uri)) {
reURI = reURIWkdAdvanced
mode = E.OpenPgpQueryProtocol.WKD
match = uri.match(reURI)
}
if (!mode && reURIWkdDirect.test(uri)) {
reURI = reURIWkdDirect
mode = E.OpenPgpQueryProtocol.WKD
match = uri.match(reURI)
}
let output = null
switch (mode) {
case E.OpenPgpQueryProtocol.HKP:
output = new ServiceProvider({
about: {
id: 'openpgp',
name: 'OpenPGP'
},
profile: {
display: `openpgp4fpr:${match[1]}`,
uri: `https://keys.openpgp.org/search?q=${match[1]}`,
qr: null
},
claim: {
uriRegularExpression: reURI.toString(),
uriIsAmbiguous: false
},
proof: {
request: {
uri: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
fetcher: E.Fetcher.OPENPGP,
accessRestriction: E.ProofAccessRestriction.NONE,
data: {
url: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
protocol: E.OpenPgpQueryProtocol.HKP
}
},
response: {
format: E.ProofFormat.JSON
},
target: [{
format: E.ClaimFormat.URI,
encoding: E.EntityEncodingFormat.PLAIN,
relation: E.ClaimRelation.EQUALS,
path: ['notations', 'proof@ariadne.id']
}]
}
})
break
case E.OpenPgpQueryProtocol.WKD:
output = new ServiceProvider({
about: {
id: 'openpgp',
name: 'OpenPGP'
},
profile: {
display: 'unknown fingerprint',
uri,
qr: null
},
claim: {
uriRegularExpression: reURI.toString(),
uriIsAmbiguous: false
},
proof: {
request: {
uri,
fetcher: E.Fetcher.OPENPGP,
accessRestriction: E.ProofAccessRestriction.NONE,
data: {
url: uri,
protocol: E.OpenPgpQueryProtocol.WKD
}
},
response: {
format: E.ProofFormat.JSON
},
target: [{
format: E.ClaimFormat.URI,
encoding: E.EntityEncodingFormat.PLAIN,
relation: E.ClaimRelation.EQUALS,
path: ['notations', 'proof@ariadne.id']
}]
}
})
break
}
return output
}
export const tests = [
{
uri: 'openpgp4fpr:123456789',
shouldMatch: true
},
{
uri: 'openpgp4fpr:abcdef123',
shouldMatch: true
},
{
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def?l=name',
shouldMatch: true
},
{
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def',
shouldMatch: true
},
{
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
shouldMatch: true
},
{
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def',
shouldMatch: true
},
// The following will not pass .processURI, but reURI currently accepts anything
{
uri: 'https://domain.tld',
shouldMatch: true
},
{
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
shouldMatch: true
},
{
uri: 'https://domain.tld/.well-known/openpgpkey/123abc456def?l=name',
shouldMatch: true
}
]