mirror of
https://codeberg.org/keyoxide/keyoxide-web.git
synced 2024-12-22 23:09:29 -07:00
202 lines
6.6 KiB
JavaScript
202 lines
6.6 KiB
JavaScript
/*
|
|
Copyright (C) 2021 Yarmo Mackenbach
|
|
|
|
This program is free software: you can redistribute it and/or modify it under
|
|
the terms of the GNU Affero General Public License as published by the Free
|
|
Software Foundation, either version 3 of the License, or (at your option)
|
|
any later version.
|
|
|
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License along
|
|
with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
Also add information on how to contact you by electronic and paper mail.
|
|
|
|
If your software can interact with users remotely through a computer network,
|
|
you should also make sure that it provides a way for users to get its source.
|
|
For example, if your program is a web application, its interface could display
|
|
a "Source" link that leads users to an archive of the code. There are many
|
|
ways you could offer source, and different solutions will be better for different
|
|
programs; see section 13 for the specific requirements.
|
|
|
|
You should also get your employer (if you work as a programmer) or school,
|
|
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
|
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
const got = require('got')
|
|
const doip = require('doipjs')
|
|
const openpgp = require('openpgp')
|
|
const utils = require('./utils')
|
|
|
|
const fetchWKD = (id) => {
|
|
return new Promise(async (resolve, reject) => {
|
|
let output = {
|
|
publicKey: null,
|
|
fetchURL: null
|
|
}
|
|
|
|
if (!id.includes('@')) {
|
|
reject(new Error(`The WKD identifier "${id}" is invalid`));
|
|
}
|
|
|
|
const [, localPart, domain] = /([^\@]*)@(.*)/.exec(id)
|
|
if (!localPart || !domain) {
|
|
reject(new Error(`The WKD identifier "${id}" is invalid`));
|
|
}
|
|
const localEncoded = await utils.computeWKDLocalPart(localPart)
|
|
const urlAdvanced = `https://openpgpkey.${domain}/.well-known/openpgpkey/${domain}/hu/${localEncoded}`
|
|
const urlDirect = `https://${domain}/.well-known/openpgpkey/hu/${localEncoded}`
|
|
let plaintext
|
|
|
|
try {
|
|
plaintext = await got(urlAdvanced).then((response) => {
|
|
if (response.statusCode === 200) {
|
|
output.fetchURL = urlAdvanced
|
|
return new Uint8Array(response.rawBody)
|
|
} else {
|
|
return null
|
|
}
|
|
})
|
|
} catch (e) {
|
|
try {
|
|
plaintext = await got(urlDirect).then((response) => {
|
|
if (response.statusCode === 200) {
|
|
output.fetchURL = urlDirect
|
|
return new Uint8Array(response.rawBody)
|
|
} else {
|
|
return null
|
|
}
|
|
})
|
|
} catch (error) {
|
|
reject(new Error(`No public keys could be fetched using WKD`))
|
|
}
|
|
}
|
|
|
|
if (!plaintext) {
|
|
reject(new Error(`No public keys could be fetched using WKD`))
|
|
}
|
|
|
|
try {
|
|
output.publicKey = await openpgp.readKey({
|
|
binaryKey: plaintext
|
|
})
|
|
} catch(error) {
|
|
reject(new Error(`No public keys could be read from the data fetched using WKD`))
|
|
}
|
|
|
|
if (!output.publicKey) {
|
|
reject(new Error(`No public keys could be read from the data fetched using WKD`))
|
|
}
|
|
|
|
resolve(output)
|
|
})
|
|
}
|
|
|
|
const fetchHKP = (id, keyserverDomain) => {
|
|
return new Promise(async (resolve, reject) => {
|
|
let output = {
|
|
publicKey: null,
|
|
fetchURL: null
|
|
}
|
|
|
|
keyserverDomain = keyserverDomain ? keyserverDomain : 'keys.openpgp.org'
|
|
|
|
let query = ''
|
|
if (id.includes('@')) {
|
|
query = id
|
|
} else {
|
|
query = `0x${id}`
|
|
}
|
|
|
|
try {
|
|
output.publicKey = await doip.keys.fetchHKP(id, keyserverDomain)
|
|
output.fetchURL = `https://${keyserverDomain}/pks/lookup?op=get&options=mr&search=${query}`
|
|
} catch(error) {
|
|
reject(new Error(`No public keys could be fetched using HKP`))
|
|
}
|
|
|
|
if (!output.publicKey) {
|
|
reject(new Error(`No public keys could be fetched using HKP`))
|
|
}
|
|
|
|
resolve(output)
|
|
})
|
|
}
|
|
|
|
const fetchSignature = (signature) => {
|
|
return new Promise(async (resolve, reject) => {
|
|
let output = {
|
|
publicKey: null,
|
|
fetchURL: null,
|
|
keyData: null
|
|
}
|
|
|
|
// Check validity of signature
|
|
let signatureData
|
|
try {
|
|
signatureData = await openpgp.readCleartextMessage({
|
|
cleartextMessage: signature
|
|
})
|
|
} catch (error) {
|
|
reject(new Error(`Signature could not be properly read (${error.message})`))
|
|
}
|
|
|
|
// Process the signature
|
|
try {
|
|
output.keyData = await doip.signatures.process(signature)
|
|
output.publicKey = output.keyData.key.data
|
|
// TODO Find the URL to the key
|
|
output.fetchURL = null
|
|
} catch(error) {
|
|
reject(new Error(`Signature could not be properly read (${error.message})`))
|
|
}
|
|
|
|
// Check if a key was fetched
|
|
if (!output.publicKey) {
|
|
reject(new Error(`No public keys could be fetched`))
|
|
}
|
|
|
|
// Check validity of signature
|
|
const verified = await openpgp.verify({
|
|
message: signatureData,
|
|
verificationKeys: output.publicKey
|
|
})
|
|
|
|
if (!await verified.signatures[0].verified) {
|
|
reject(new Error('Signature was invalid'))
|
|
}
|
|
|
|
resolve(output)
|
|
})
|
|
}
|
|
|
|
const fetchKeybase = (username, fingerprint) => {
|
|
return new Promise(async (resolve, reject) => {
|
|
let output = {
|
|
publicKey: null,
|
|
fetchURL: null
|
|
}
|
|
|
|
try {
|
|
output.publicKey = await doip.keys.fetchKeybase(username, fingerprint)
|
|
output.fetchURL = `https://keybase.io/${username}/pgp_keys.asc?fingerprint=${fingerprint}`
|
|
} catch(error) {
|
|
reject(new Error(`No public keys could be fetched from Keybase`))
|
|
}
|
|
|
|
if (!output.publicKey) {
|
|
reject(new Error(`No public keys could be fetched from Keybase`))
|
|
}
|
|
|
|
resolve(output)
|
|
})
|
|
}
|
|
|
|
exports.fetchWKD = fetchWKD
|
|
exports.fetchHKP = fetchHKP
|
|
exports.fetchSignature = fetchSignature
|
|
exports.fetchKeybase = fetchKeybase
|