keyoxide-web/server/keys.js

229 lines
7.4 KiB
JavaScript
Raw Permalink Normal View History

/*
Copyright (C) 2021 Yarmo Mackenbach
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU Affero General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.
You should have received a copy of the GNU Affero General Public License along
with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer network,
you should also make sure that it provides a way for users to get its source.
For example, if your program is a web application, its interface could display
a "Source" link that leads users to an archive of the code. There are many
ways you could offer source, and different solutions will be better for different
programs; see section 13 for the specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary. For
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
*/
2022-02-27 14:59:17 -07:00
import got from 'got'
import * as doipjs from 'doipjs'
import { readKey, readCleartextMessage, verify } from 'openpgp'
import { computeWKDLocalPart } from './utils.js'
2022-10-06 07:19:29 -06:00
import { createHash } from 'crypto'
import cache from 'cache'
let c = process.env.ENABLE_EXPERIMENTAL_CACHE ? new cache(60 * 1000) : null
const fetchWKD = (id) => {
return new Promise(async (resolve, reject) => {
let output = {
publicKey: null,
fetchURL: null
}
2021-05-04 03:51:59 -06:00
if (!id.includes('@')) {
reject(new Error(`The WKD identifier "${id}" is invalid`));
}
const [, localPart, domain] = /([^\@]*)@(.*)/.exec(id)
2021-05-04 03:51:59 -06:00
if (!localPart || !domain) {
reject(new Error(`The WKD identifier "${id}" is invalid`));
}
2022-02-27 14:59:17 -07:00
const localEncoded = await computeWKDLocalPart(localPart)
const urlAdvanced = `https://openpgpkey.${domain}/.well-known/openpgpkey/${domain}/hu/${localEncoded}`
const urlDirect = `https://${domain}/.well-known/openpgpkey/hu/${localEncoded}`
let plaintext
2022-10-06 07:19:29 -06:00
const hash = createHash('md5').update(id).digest('hex')
2022-10-06 07:19:29 -06:00
if (c && c.get(hash)) {
plaintext = c.get(hash)
}
if (!plaintext) {
try {
2022-10-06 07:19:29 -06:00
plaintext = await got(urlAdvanced).then((response) => {
if (response.statusCode === 200) {
2022-10-06 07:19:29 -06:00
output.fetchURL = urlAdvanced
return new Uint8Array(response.rawBody)
} else {
return null
}
})
2022-10-06 07:19:29 -06:00
} catch (e) {
try {
plaintext = await got(urlDirect).then((response) => {
if (response.statusCode === 200) {
output.fetchURL = urlDirect
return new Uint8Array(response.rawBody)
} else {
return null
}
})
} catch (error) {
reject(new Error(`No public keys could be fetched using WKD`))
}
}
if (!plaintext) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be fetched using WKD`))
}
2022-10-06 07:19:29 -06:00
if (c) {
c.put(hash, plaintext)
}
}
try {
2022-02-27 14:59:17 -07:00
output.publicKey = await readKey({
2022-02-26 01:00:48 -07:00
binaryKey: plaintext
})
} catch(error) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be read from the data fetched using WKD`))
}
if (!output.publicKey) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be read from the data fetched using WKD`))
}
resolve(output)
})
}
const fetchHKP = (id, keyserverDomain) => {
return new Promise(async (resolve, reject) => {
let output = {
publicKey: null,
fetchURL: null
}
keyserverDomain = keyserverDomain ? keyserverDomain : 'keys.openpgp.org'
let query = ''
if (id.includes('@')) {
query = id
} else {
query = `0x${id}`
}
2022-10-06 07:19:29 -06:00
const hash = createHash('md5').update(`${id}__${keyserverDomain}`).digest('hex')
if (c && c.get(hash)) {
output = c.get(hash)
} else {
try {
output.publicKey = await doipjs.keys.fetchHKP(id, keyserverDomain)
output.fetchURL = `https://${keyserverDomain}/pks/lookup?op=get&options=mr&search=${query}`
} catch(error) {
reject(new Error(`No public keys could be fetched using HKP`))
}
}
if (!output.publicKey) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be fetched using HKP`))
}
2022-10-06 07:19:29 -06:00
if (c) {
c.put(hash, output)
}
2021-05-03 09:09:10 -06:00
resolve(output)
})
}
const fetchSignature = (signature) => {
return new Promise(async (resolve, reject) => {
let output = {
publicKey: null,
fetchURL: null,
keyData: null
}
// Check validity of signature
let signatureData
try {
2022-02-27 14:59:17 -07:00
signatureData = await readCleartextMessage({
2022-02-26 07:09:44 -07:00
cleartextMessage: signature
})
2021-05-03 09:09:10 -06:00
} catch (error) {
reject(new Error(`Signature could not be properly read (${error.message})`))
}
// Process the signature
try {
2022-02-27 14:59:17 -07:00
output.keyData = await doipjs.signatures.process(signature)
2021-05-03 09:09:10 -06:00
output.publicKey = output.keyData.key.data
// TODO Find the URL to the key
output.fetchURL = null
} catch(error) {
reject(new Error(`Signature could not be properly read (${error.message})`))
}
// Check if a key was fetched
if (!output.publicKey) {
reject(new Error(`No public keys could be fetched`))
}
// Check validity of signature
2022-02-27 14:59:17 -07:00
const verified = await verify({
2021-05-03 09:09:10 -06:00
message: signatureData,
2022-02-26 07:09:44 -07:00
verificationKeys: output.publicKey
2021-05-03 09:09:10 -06:00
})
2022-02-26 07:09:44 -07:00
if (!await verified.signatures[0].verified) {
2021-05-03 09:09:10 -06:00
reject(new Error('Signature was invalid'))
}
resolve(output)
})
}
2021-05-02 15:05:40 -06:00
const fetchKeybase = (username, fingerprint) => {
return new Promise(async (resolve, reject) => {
let output = {
publicKey: null,
fetchURL: null
}
try {
2022-02-27 14:59:17 -07:00
output.publicKey = await doipjs.keys.fetchKeybase(username, fingerprint)
2021-05-03 02:45:35 -06:00
output.fetchURL = `https://keybase.io/${username}/pgp_keys.asc?fingerprint=${fingerprint}`
2021-05-02 15:05:40 -06:00
} catch(error) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be fetched from Keybase`))
2021-05-02 15:05:40 -06:00
}
if (!output.publicKey) {
2021-05-03 09:09:10 -06:00
reject(new Error(`No public keys could be fetched from Keybase`))
2021-05-02 15:05:40 -06:00
}
resolve(output)
})
}
2022-03-03 08:25:34 -07:00
export { fetchWKD }
export { fetchHKP }
export { fetchSignature }
export { fetchKeybase }