2020-11-16 16:50:26 -07:00
|
|
|
/*
|
|
|
|
Copyright 2020 Yarmo Mackenbach
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
2020-11-20 01:13:08 -07:00
|
|
|
const path = require('path')
|
2020-11-16 16:50:26 -07:00
|
|
|
const mergeOptions = require('merge-options')
|
|
|
|
const validUrl = require('valid-url')
|
2020-12-09 17:56:34 -07:00
|
|
|
const openpgp = require('openpgp')
|
2020-11-16 16:50:26 -07:00
|
|
|
const serviceproviders = require('./serviceproviders')
|
2020-11-16 18:18:08 -07:00
|
|
|
const keys = require('./keys')
|
2020-11-16 17:18:12 -07:00
|
|
|
const utils = require('./utils')
|
|
|
|
|
2020-11-16 17:20:00 -07:00
|
|
|
const runVerificationJson = (
|
|
|
|
res,
|
|
|
|
proofData,
|
|
|
|
checkPath,
|
|
|
|
checkClaim,
|
|
|
|
checkRelation
|
|
|
|
) => {
|
2020-11-16 17:18:12 -07:00
|
|
|
let re
|
|
|
|
|
|
|
|
if (res.isVerified || !proofData) {
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
if (Array.isArray(proofData)) {
|
|
|
|
proofData.forEach((item, i) => {
|
|
|
|
res = runVerificationJson(res, item, checkPath, checkClaim, checkRelation)
|
|
|
|
})
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
if (checkPath.length == 0) {
|
|
|
|
switch (checkRelation) {
|
|
|
|
default:
|
|
|
|
case 'contains':
|
2020-11-20 11:40:20 -07:00
|
|
|
re = new RegExp(checkClaim, 'gi')
|
|
|
|
res.isVerified = re.test(proofData.replace(/\r?\n|\r|\\/g, ''))
|
2020-11-16 17:18:12 -07:00
|
|
|
break
|
|
|
|
case 'equals':
|
|
|
|
res.isVerified =
|
2020-11-20 11:40:20 -07:00
|
|
|
proofData.replace(/\r?\n|\r|\\/g, '').toLowerCase() ==
|
2020-11-16 17:18:12 -07:00
|
|
|
checkClaim.toLowerCase()
|
|
|
|
break
|
|
|
|
case 'oneOf':
|
|
|
|
re = new RegExp(checkClaim, 'gi')
|
|
|
|
res.isVerified = re.test(proofData.join('|'))
|
|
|
|
break
|
|
|
|
}
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
checkPath[0] in proofData
|
|
|
|
} catch (e) {
|
|
|
|
res.errors.push('err_data_structure_incorrect')
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
res = runVerificationJson(
|
|
|
|
res,
|
|
|
|
proofData[checkPath[0]],
|
|
|
|
checkPath.slice(1),
|
|
|
|
checkClaim,
|
|
|
|
checkRelation
|
|
|
|
)
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
const runVerification = (proofData, spData) => {
|
|
|
|
let res = {
|
|
|
|
isVerified: false,
|
|
|
|
errors: [],
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (spData.proof.format) {
|
|
|
|
case 'json':
|
|
|
|
res = runVerificationJson(
|
|
|
|
res,
|
|
|
|
proofData,
|
|
|
|
spData.claim.path,
|
|
|
|
utils.generateClaim(spData.claim.fingerprint, spData.claim.format),
|
|
|
|
spData.claim.relation
|
|
|
|
)
|
|
|
|
break
|
|
|
|
case 'text':
|
|
|
|
re = new RegExp(
|
|
|
|
utils.generateClaim(spData.claim.fingerprint, spData.claim.format),
|
|
|
|
'gi'
|
|
|
|
)
|
2020-11-16 18:17:40 -07:00
|
|
|
res.isVerified = re.test(proofData.replace(/\r?\n|\r/, ''))
|
2020-11-16 17:18:12 -07:00
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
return res
|
|
|
|
}
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-11-16 18:18:08 -07:00
|
|
|
const verify = async (input, fingerprint, opts) => {
|
|
|
|
if (input instanceof openpgp.key.Key) {
|
2020-11-20 15:20:26 -07:00
|
|
|
const fingerprintFromKey = await keys.getFingerprint(input)
|
|
|
|
const userData = await keys.getUserData(input)
|
|
|
|
|
|
|
|
const promises = userData.map(async (user, i) => {
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
try {
|
|
|
|
const res = await verify(user.notations, fingerprintFromKey, opts)
|
|
|
|
resolve(res)
|
|
|
|
} catch (e) {
|
|
|
|
reject(e)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2020-12-10 15:21:22 -07:00
|
|
|
return Promise.allSettled(promises).then((values) => {
|
|
|
|
return values.map((obj, i) => {
|
|
|
|
return obj.value
|
|
|
|
})
|
2020-11-20 15:20:26 -07:00
|
|
|
})
|
2020-11-16 18:18:08 -07:00
|
|
|
}
|
|
|
|
if (input instanceof Array) {
|
|
|
|
const promises = input.map(async (uri, i) => {
|
|
|
|
return new Promise(async (resolve, reject) => {
|
|
|
|
try {
|
|
|
|
const res = await verify(uri, fingerprint, opts)
|
|
|
|
resolve(res)
|
|
|
|
} catch (e) {
|
|
|
|
reject(e)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2020-12-10 15:21:22 -07:00
|
|
|
return Promise.allSettled(promises).then((values) => {
|
|
|
|
return values.map((obj, i) => {
|
|
|
|
return obj.value
|
|
|
|
})
|
2020-11-16 18:18:08 -07:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
const promiseClaim = new Promise(async (resolve, reject) => {
|
|
|
|
let objResult = {
|
|
|
|
isVerified: null,
|
|
|
|
errors: [],
|
|
|
|
serviceproviderData: null,
|
|
|
|
}
|
|
|
|
const uri = input.replace(/^\s+|\s+$/g, '')
|
2020-11-16 18:18:08 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (!fingerprint) {
|
|
|
|
fingerprint = null
|
|
|
|
}
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
const defaultOpts = {
|
|
|
|
returnMatchesOnly: false,
|
|
|
|
proxyPolicy: 'adaptive',
|
|
|
|
doipProxyHostname: 'proxy.keyoxide.org',
|
|
|
|
}
|
|
|
|
opts = mergeOptions(defaultOpts, opts ? opts : {})
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (!validUrl.isUri(uri)) {
|
|
|
|
objResult.errors.push('invalid_uri')
|
|
|
|
reject(objResult)
|
|
|
|
}
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
const spMatches = serviceproviders.match(uri, opts)
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if ('returnMatchesOnly' in opts && opts.returnMatchesOnly) {
|
|
|
|
resolve(spMatches)
|
|
|
|
}
|
2020-12-10 15:22:10 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
let claimVerificationDone = false,
|
|
|
|
claimVerificationResult,
|
|
|
|
sp,
|
|
|
|
iSp = 0,
|
|
|
|
res,
|
|
|
|
proofData,
|
|
|
|
spData
|
2020-12-10 15:22:10 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
while (!claimVerificationDone && iSp < spMatches.length) {
|
|
|
|
spData = spMatches[iSp]
|
|
|
|
spData.claim.fingerprint = fingerprint
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
res = null
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (spData.customRequestHandler instanceof Function) {
|
|
|
|
try {
|
|
|
|
proofData = await spData.customRequestHandler(spData, opts)
|
|
|
|
} catch (e) {
|
|
|
|
objResult.errors.push('custom_request_handler_failed')
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
switch (opts.proxyPolicy) {
|
|
|
|
case 'adaptive':
|
|
|
|
if (spData.proof.useProxy) {
|
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.proxyRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
} else {
|
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.directRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
if (!proofData) {
|
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.proxyRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 'fallback':
|
2020-12-10 15:22:10 -07:00
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.directRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
if (!proofData) {
|
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.proxyRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
}
|
2020-12-20 14:44:37 -07:00
|
|
|
break;
|
|
|
|
case 'always':
|
2020-12-10 15:22:10 -07:00
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.proxyRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
2020-12-20 14:44:37 -07:00
|
|
|
break;
|
|
|
|
case 'never':
|
|
|
|
try {
|
|
|
|
proofData = await serviceproviders.directRequestHandler(spData, opts)
|
|
|
|
} catch(er) {}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
objResult.errors.push('invalid_proxy_policy')
|
|
|
|
}
|
2020-12-10 15:22:10 -07:00
|
|
|
}
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (proofData) {
|
|
|
|
claimVerificationResult = runVerification(proofData, spData)
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (claimVerificationResult.errors.length == 0) {
|
|
|
|
claimVerificationDone = true
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
objResult.errors.push('unsuccessful_claim_verification')
|
2020-11-16 16:50:26 -07:00
|
|
|
}
|
2020-12-20 14:44:37 -07:00
|
|
|
|
|
|
|
iSp++
|
2020-11-16 16:50:26 -07:00
|
|
|
}
|
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
if (!claimVerificationResult) {
|
|
|
|
claimVerificationResult = {
|
|
|
|
isVerified: false,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
objResult.isVerified = claimVerificationResult.isVerified
|
|
|
|
objResult.serviceproviderData = spData
|
|
|
|
resolve(objResult)
|
|
|
|
})
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
const promiseTimeout = new Promise((res) => {
|
|
|
|
const objResult = {
|
|
|
|
isVerified: null,
|
|
|
|
errors: 'verification_timed_out',
|
|
|
|
serviceproviderData: null,
|
2020-11-16 16:50:26 -07:00
|
|
|
}
|
2020-12-20 14:44:37 -07:00
|
|
|
setTimeout(() => res(objResult), 5000)
|
|
|
|
})
|
2020-11-16 16:50:26 -07:00
|
|
|
|
2020-12-20 14:44:37 -07:00
|
|
|
return await Promise.race([promiseClaim, promiseTimeout])
|
2020-11-16 16:50:26 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
exports.verify = verify
|