2021-05-02 04:49:52 -06:00
|
|
|
/*
|
|
|
|
|
Copyright (C) 2021 Yarmo Mackenbach
|
|
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify it under
|
|
|
|
|
the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
Software Foundation, either version 3 of the License, or (at your option)
|
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
|
|
|
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
Also add information on how to contact you by electronic and paper mail.
|
|
|
|
|
|
|
|
|
|
If your software can interact with users remotely through a computer network,
|
|
|
|
|
you should also make sure that it provides a way for users to get its source.
|
|
|
|
|
For example, if your program is a web application, its interface could display
|
|
|
|
|
a "Source" link that leads users to an archive of the code. There are many
|
|
|
|
|
ways you could offer source, and different solutions will be better for different
|
|
|
|
|
programs; see section 13 for the specific requirements.
|
|
|
|
|
|
|
|
|
|
You should also get your employer (if you work as a programmer) or school,
|
|
|
|
|
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
|
|
|
|
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
2022-02-27 14:59:17 -07:00
|
|
|
import got from 'got'
|
|
|
|
|
import * as doipjs from 'doipjs'
|
|
|
|
|
import { readKey, readCleartextMessage, verify } from 'openpgp'
|
|
|
|
|
import { computeWKDLocalPart } from './utils.js'
|
2022-10-06 07:19:29 -06:00
|
|
|
import { createHash } from 'crypto'
|
2022-10-06 09:57:07 -06:00
|
|
|
import Keyv from 'keyv'
|
2022-10-06 07:19:29 -06:00
|
|
|
|
2022-10-06 09:57:07 -06:00
|
|
|
const c = process.env.ENABLE_EXPERIMENTAL_CACHE ? new Keyv() : null
|
2021-05-02 04:49:52 -06:00
|
|
|
|
|
|
|
|
const fetchWKD = (id) => {
|
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
|
let output = {
|
|
|
|
|
publicKey: null,
|
|
|
|
|
fetchURL: null
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-04 03:51:59 -06:00
|
|
|
if (!id.includes('@')) {
|
|
|
|
|
reject(new Error(`The WKD identifier "${id}" is invalid`));
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-02 04:49:52 -06:00
|
|
|
const [, localPart, domain] = /([^\@]*)@(.*)/.exec(id)
|
2021-05-04 03:51:59 -06:00
|
|
|
if (!localPart || !domain) {
|
|
|
|
|
reject(new Error(`The WKD identifier "${id}" is invalid`));
|
|
|
|
|
}
|
2022-02-27 14:59:17 -07:00
|
|
|
const localEncoded = await computeWKDLocalPart(localPart)
|
2021-05-02 04:49:52 -06:00
|
|
|
const urlAdvanced = `https://openpgpkey.${domain}/.well-known/openpgpkey/${domain}/hu/${localEncoded}`
|
|
|
|
|
const urlDirect = `https://${domain}/.well-known/openpgpkey/hu/${localEncoded}`
|
|
|
|
|
let plaintext
|
2022-10-06 07:19:29 -06:00
|
|
|
|
|
|
|
|
const hash = createHash('md5').update(id).digest('hex')
|
2022-10-06 09:57:07 -06:00
|
|
|
if (c && await c.get(hash)) {
|
|
|
|
|
plaintext = Uint8Array.from((await c.get(hash)).split(','))
|
2022-10-06 07:19:29 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!plaintext) {
|
2021-05-02 04:49:52 -06:00
|
|
|
try {
|
2022-10-06 07:19:29 -06:00
|
|
|
plaintext = await got(urlAdvanced).then((response) => {
|
2021-05-02 04:49:52 -06:00
|
|
|
if (response.statusCode === 200) {
|
2022-10-06 07:19:29 -06:00
|
|
|
output.fetchURL = urlAdvanced
|
2021-05-02 04:49:52 -06:00
|
|
|
return new Uint8Array(response.rawBody)
|
|
|
|
|
} else {
|
|
|
|
|
return null
|
|
|
|
|
}
|
|
|
|
|
})
|
2022-10-06 07:19:29 -06:00
|
|
|
} catch (e) {
|
|
|
|
|
try {
|
|
|
|
|
plaintext = await got(urlDirect).then((response) => {
|
|
|
|
|
if (response.statusCode === 200) {
|
|
|
|
|
output.fetchURL = urlDirect
|
|
|
|
|
return new Uint8Array(response.rawBody)
|
|
|
|
|
} else {
|
|
|
|
|
return null
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
} catch (error) {
|
|
|
|
|
reject(new Error(`No public keys could be fetched using WKD`))
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-10-06 09:57:07 -06:00
|
|
|
|
2022-10-06 07:19:29 -06:00
|
|
|
if (!plaintext) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be fetched using WKD`))
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
2022-10-06 07:19:29 -06:00
|
|
|
if (c) {
|
2022-10-06 09:57:07 -06:00
|
|
|
await c.set(hash, plaintext.toString(), 60 * 1000)
|
2022-10-06 07:19:29 -06:00
|
|
|
}
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2022-02-27 14:59:17 -07:00
|
|
|
output.publicKey = await readKey({
|
2022-02-26 01:00:48 -07:00
|
|
|
binaryKey: plaintext
|
|
|
|
|
})
|
2021-05-02 04:49:52 -06:00
|
|
|
} catch(error) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be read from the data fetched using WKD`))
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!output.publicKey) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be read from the data fetched using WKD`))
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resolve(output)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const fetchHKP = (id, keyserverDomain) => {
|
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
|
let output = {
|
|
|
|
|
publicKey: null,
|
|
|
|
|
fetchURL: null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keyserverDomain = keyserverDomain ? keyserverDomain : 'keys.openpgp.org'
|
|
|
|
|
|
|
|
|
|
let query = ''
|
|
|
|
|
if (id.includes('@')) {
|
|
|
|
|
query = id
|
|
|
|
|
} else {
|
|
|
|
|
query = `0x${id}`
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-06 09:57:07 -06:00
|
|
|
output.fetchURL = `https://${keyserverDomain}/pks/lookup?op=get&options=mr&search=${query}`
|
|
|
|
|
|
2022-10-06 07:19:29 -06:00
|
|
|
const hash = createHash('md5').update(`${id}__${keyserverDomain}`).digest('hex')
|
|
|
|
|
|
2022-10-06 09:57:07 -06:00
|
|
|
if (c && await c.get(hash)) {
|
|
|
|
|
output.publicKey = await readKey({
|
|
|
|
|
armoredKey: await c.get(hash)
|
|
|
|
|
})
|
2022-10-06 07:19:29 -06:00
|
|
|
} else {
|
|
|
|
|
try {
|
|
|
|
|
output.publicKey = await doipjs.keys.fetchHKP(id, keyserverDomain)
|
|
|
|
|
} catch(error) {
|
|
|
|
|
reject(new Error(`No public keys could be fetched using HKP`))
|
|
|
|
|
}
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!output.publicKey) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be fetched using HKP`))
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-06 07:19:29 -06:00
|
|
|
if (c) {
|
2022-10-06 09:57:07 -06:00
|
|
|
await c.set(hash, output.publicKey.armor(), 60 * 1000)
|
2022-10-06 07:19:29 -06:00
|
|
|
}
|
|
|
|
|
|
2021-05-03 09:09:10 -06:00
|
|
|
resolve(output)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const fetchSignature = (signature) => {
|
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
|
let output = {
|
|
|
|
|
publicKey: null,
|
|
|
|
|
fetchURL: null,
|
|
|
|
|
keyData: null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check validity of signature
|
|
|
|
|
let signatureData
|
|
|
|
|
try {
|
2022-02-27 14:59:17 -07:00
|
|
|
signatureData = await readCleartextMessage({
|
2022-02-26 07:09:44 -07:00
|
|
|
cleartextMessage: signature
|
|
|
|
|
})
|
2021-05-03 09:09:10 -06:00
|
|
|
} catch (error) {
|
|
|
|
|
reject(new Error(`Signature could not be properly read (${error.message})`))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Process the signature
|
|
|
|
|
try {
|
2022-02-27 14:59:17 -07:00
|
|
|
output.keyData = await doipjs.signatures.process(signature)
|
2021-05-03 09:09:10 -06:00
|
|
|
output.publicKey = output.keyData.key.data
|
|
|
|
|
// TODO Find the URL to the key
|
|
|
|
|
output.fetchURL = null
|
|
|
|
|
} catch(error) {
|
|
|
|
|
reject(new Error(`Signature could not be properly read (${error.message})`))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if a key was fetched
|
|
|
|
|
if (!output.publicKey) {
|
|
|
|
|
reject(new Error(`No public keys could be fetched`))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check validity of signature
|
2022-02-27 14:59:17 -07:00
|
|
|
const verified = await verify({
|
2021-05-03 09:09:10 -06:00
|
|
|
message: signatureData,
|
2022-02-26 07:09:44 -07:00
|
|
|
verificationKeys: output.publicKey
|
2021-05-03 09:09:10 -06:00
|
|
|
})
|
2022-02-26 07:09:44 -07:00
|
|
|
|
|
|
|
|
if (!await verified.signatures[0].verified) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error('Signature was invalid'))
|
2021-05-02 04:49:52 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resolve(output)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-02 15:05:40 -06:00
|
|
|
const fetchKeybase = (username, fingerprint) => {
|
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
|
let output = {
|
|
|
|
|
publicKey: null,
|
|
|
|
|
fetchURL: null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2022-02-27 14:59:17 -07:00
|
|
|
output.publicKey = await doipjs.keys.fetchKeybase(username, fingerprint)
|
2021-05-03 02:45:35 -06:00
|
|
|
output.fetchURL = `https://keybase.io/${username}/pgp_keys.asc?fingerprint=${fingerprint}`
|
2021-05-02 15:05:40 -06:00
|
|
|
} catch(error) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be fetched from Keybase`))
|
2021-05-02 15:05:40 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!output.publicKey) {
|
2021-05-03 09:09:10 -06:00
|
|
|
reject(new Error(`No public keys could be fetched from Keybase`))
|
2021-05-02 15:05:40 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resolve(output)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-03 08:25:34 -07:00
|
|
|
export { fetchWKD }
|
|
|
|
|
export { fetchHKP }
|
|
|
|
|
export { fetchSignature }
|
|
|
|
|
export { fetchKeybase }
|
