fix: Fix fingerprint sanitization

This commit is contained in:
Yarmo Mackenbach 2023-03-02 09:38:01 +01:00
parent 9982d8cfc9
commit 769e256405
No known key found for this signature in database
GPG key ID: 37367F4AF4087AD1

View file

@ -124,22 +124,20 @@ const fetchHKP = (id, keyserverDomain) => {
keyserverDomain = keyserverDomain || 'keys.openpgp.org'
let query = ''
let sanitizedId = '';
if (id.includes('@')) {
query = id
} else {
const whitespaceRegex = /\s/g;
let sanitizedId = id
const whitespaceRegex = /\s/g
if (whitespaceRegex.test(id)) {
sanitizedId = id.replaceAll(whitespaceRegex, '');
} else {
sanitizedId = id;
sanitizedId = id.replaceAll(whitespaceRegex, '')
}
query = `0x${sanitizedId}`
}
output.fetchURL = `https://${keyserverDomain}/pks/lookup?op=get&options=mr&search=${query}`
const hash = createHash('md5').update(`${sanitizedId}__${keyserverDomain}`).digest('hex')
const hash = createHash('md5').update(`${query}__${keyserverDomain}`).digest('hex')
if (c && await c.get(hash)) {
output.publicKey = await readKey({
@ -147,7 +145,7 @@ const fetchHKP = (id, keyserverDomain) => {
})
} else {
try {
output.publicKey = await doipjs.keys.fetchHKP(sanitizedId, keyserverDomain)
output.publicKey = await doipjs.keys.fetchHKP(query, keyserverDomain)
} catch (error) {
reject(new Error('No public keys could be fetched using HKP'))
}