Release 0.9.1

This commit is contained in:
Yarmo Mackenbach 2021-01-09 15:22:59 +01:00
parent 6e828ca588
commit 0d7c33bcf8
7 changed files with 64 additions and 11 deletions

View file

@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [0.9.1] - 2021-01-09
## Changed
- Use signature data to find key location
## [0.9.0] - 2021-01-07
## Added
- Signature claims verification

52
dist/doip.js vendored
View file

@ -1193,7 +1193,7 @@ process.umask = function() { return 0; };
},{}],9:[function(require,module,exports){
module.exports={
"name": "doipjs",
"version": "0.9.0",
"version": "0.9.1",
"description": "Decentralized OpenPGP Identity Proofs library in Node.js",
"main": "src/index.js",
"dependencies": {
@ -3015,16 +3015,24 @@ const verify = (signature, opts) => {
return new Promise(async (resolve, reject) => {
let errors = [],
sigData
try {
sigData = await openpgp.cleartext.readArmored(signature)
} catch (error) {
errors.push('invalid_signature')
reject({ errors: errors })
return
}
const issuerKeyId = sigData.signature.packets[0].issuerKeyId.toHex()
const signersUserId = sigData.signature.packets[0].signersUserId
const preferredKeyServer =
sigData.signature.packets[0].preferredKeyServer ||
'https://keys.openppg.org/'
const text = sigData.getText()
let sigKeys = []
let sigClaims = []
text.split('\n').forEach((line, i) => {
const match = line.match(/^(.*)\=(.*)$/i)
if (!match) {
@ -3044,12 +3052,35 @@ const verify = (signature, opts) => {
}
})
if (sigKeys.length === 0) {
errors.push('no_linked_keys')
let keyData, keyUri
// Try overruling key
if (sigKeys.length > 0) {
try {
keyUri = sigKeys[0]
keyData = await keys.fetch.uri(keyUri)
} catch(e) {}
}
// Try WKD
if (!keyData && signersUserId) {
try {
keyUri = `wkd:${signersUserId}`
keyData = await keys.fetch.uri(keyUri)
} catch(e) {}
}
// Try HKP
if (!keyData) {
try {
const match = preferredKeyServer.match(/^(.*\:\/\/)?([^/]*)(?:\/)?$/i)
keyUri = `hkp:${match[2]}:${issuerKeyId ? issuerKeyId : signersUserId}`
keyData = await keys.fetch.uri(keyUri)
} catch(e) {
errors.push('key_not_found')
reject({ errors: errors })
return
}
}
const keyData = await keys.fetch.uri(sigKeys[0])
const fingerprint = keyData.keyPacket.getFingerprint()
try {
@ -3058,14 +3089,25 @@ const verify = (signature, opts) => {
} catch (e) {
errors.push('invalid_signature_verification')
reject({ errors: errors })
return
}
const claimVerifications = await claims.verify(sigClaims, fingerprint, opts)
resolve({
errors: errors,
publicKey: keyData,
signature: {
data: sigData.signature,
issuerKeyId: issuerKeyId,
signersUserId: signersUserId,
preferredKeyServer: preferredKeyServer,
},
publicKey: {
data: keyData,
uri: keyUri,
fingerprint: fingerprint,
},
text: text,
claims: claimVerifications,
})
})

2
dist/doip.min.js vendored

File diff suppressed because one or more lines are too long

View file

@ -1,4 +1,4 @@
# doip.js <small>0.9.0</small>
# doip.js <small>0.9.1</small>
<img src="doip.png" width="120">

View file

@ -1,5 +1,12 @@
# Changelog
## [0.9.1]
[2021-01-09](https://codeberg.org/keyoxide/doipjs/releases/tag/0.9.1)
## Changed
- Use signature data to find key location
## [0.9.0]
[2021-01-07](https://codeberg.org/keyoxide/doipjs/releases/tag/0.9.0)

View file

@ -15,7 +15,7 @@ npm install --save doipjs
Install on website by including the following HTML snippet:
```html
<script src="https://cdn.jsdelivr.net/npm/doipjs@0.9.0/dist/doip.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/doipjs@0.9.1/dist/doip.min.js"></script>
```
Next step: [quick start (Node.js)](quickstart-nodejs.md) and [quick start (browser)](quickstart-browser.md)

View file

@ -1,6 +1,6 @@
{
"name": "doipjs",
"version": "0.9.0",
"version": "0.9.1",
"description": "Decentralized OpenPGP Identity Proofs library in Node.js",
"main": "src/index.js",
"dependencies": {