forked from Mirrors/doipjs
Merge pull request 'Support OpenPGP/ASPE claims' (#66) from support-openpgp-aspe-claims into dev
Reviewed-on: https://codeberg.org/keyoxide/doipjs/pulls/66
This commit is contained in:
commit
70ee790f0a
8 changed files with 466 additions and 0 deletions
14
src/enums.js
14
src/enums.js
|
@ -40,6 +40,8 @@ export const ProxyPolicy = {
|
|||
export const Fetcher = {
|
||||
/** HTTP requests to ActivityPub */
|
||||
ACTIVITYPUB: 'activitypub',
|
||||
/** ASPE HTTP requests */
|
||||
ASPE: 'aspe',
|
||||
/** DNS module from Node.js */
|
||||
DNS: 'dns',
|
||||
/** GraphQL over HTTP requests */
|
||||
|
@ -50,6 +52,8 @@ export const Fetcher = {
|
|||
IRC: 'irc',
|
||||
/** HTTP request to Matrix API */
|
||||
MATRIX: 'matrix',
|
||||
/** HKP and WKS request for OpenPGP */
|
||||
OPENPGP: 'openpgp',
|
||||
/** HTTP request to Telegram API */
|
||||
TELEGRAM: 'telegram',
|
||||
/** XMPP module from Node.js */
|
||||
|
@ -197,3 +201,13 @@ export const PublicKeyFetchMethod = {
|
|||
HTTP: 'http',
|
||||
NONE: 'none'
|
||||
}
|
||||
|
||||
/**
|
||||
* Protocol to query OpenPGP public keys
|
||||
* @readonly
|
||||
* @enum {string}
|
||||
*/
|
||||
export const OpenPgpQueryProtocol = {
|
||||
HKP: 'hkp',
|
||||
WKD: 'wkd'
|
||||
}
|
||||
|
|
77
src/fetcher/aspe.js
Normal file
77
src/fetcher/aspe.js
Normal file
|
@ -0,0 +1,77 @@
|
|||
/*
|
||||
Copyright 2024 Yarmo Mackenbach
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
import axios from 'axios'
|
||||
import isFQDN from 'validator/lib/isFQDN.js'
|
||||
import { version } from '../constants.js'
|
||||
import { parseProfileJws } from '../asp.js'
|
||||
|
||||
export const timeout = 5000
|
||||
|
||||
/**
|
||||
* Execute a fetch request
|
||||
* @function
|
||||
* @async
|
||||
* @param {object} data - Data used in the request
|
||||
* @param {string} data.aspeUri - ASPE URI of the targeted profile
|
||||
* @param {number} [data.fetcherTimeout] - Optional timeout for the fetcher
|
||||
* @returns {Promise<object|string>}
|
||||
*/
|
||||
export async function fn (data, opts) {
|
||||
let timeoutHandle
|
||||
const timeoutPromise = new Promise((resolve, reject) => {
|
||||
timeoutHandle = setTimeout(
|
||||
() => reject(new Error('Request was timed out')),
|
||||
data.fetcherTimeout ? data.fetcherTimeout : timeout
|
||||
)
|
||||
})
|
||||
|
||||
const fetchPromise = new Promise((resolve, reject) => {
|
||||
const reURI = /^aspe:([a-zA-Z0-9.\-_]*):([a-zA-Z0-9]*)/
|
||||
const match = data.aspeUri.match(reURI)
|
||||
|
||||
if (!data.aspeUri || !reURI.test(data.aspeUri) || !isFQDN(match[1])) {
|
||||
reject(new Error('No valid ASPE URI provided'))
|
||||
return
|
||||
}
|
||||
|
||||
const url = `https://${match[1]}/.well-known/aspe/id/${match[2].toUpperCase()}`
|
||||
|
||||
axios.get(url, {
|
||||
headers: {
|
||||
Accept: 'application/asp+jwt',
|
||||
'User-Agent': `doipjs/${version}`
|
||||
},
|
||||
validateStatus: (status) => status >= 200 && status < 400
|
||||
})
|
||||
.then(async res => await parseProfileJws(res.data, data.aspeUri))
|
||||
.then(profile =>
|
||||
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
|
||||
)
|
||||
.then(res => {
|
||||
resolve({
|
||||
claims: res
|
||||
})
|
||||
})
|
||||
.catch(e => {
|
||||
reject(e)
|
||||
})
|
||||
})
|
||||
|
||||
return Promise.race([fetchPromise, timeoutPromise]).then((result) => {
|
||||
clearTimeout(timeoutHandle)
|
||||
return result
|
||||
})
|
||||
}
|
|
@ -14,10 +14,12 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
export * as activitypub from './activitypub.js'
|
||||
export * as aspe from './aspe.js'
|
||||
export * as dns from './dns.js'
|
||||
export * as graphql from './graphql.js'
|
||||
export * as http from './http.js'
|
||||
export * as irc from './irc.js'
|
||||
export * as matrix from './matrix.js'
|
||||
export * as openpgp from './openpgp.js'
|
||||
export * as telegram from './telegram.js'
|
||||
export * as xmpp from './xmpp.js'
|
||||
|
|
|
@ -14,7 +14,9 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
*/
|
||||
export * as activitypub from './activitypub.js'
|
||||
export * as aspe from './aspe.js'
|
||||
export * as graphql from './graphql.js'
|
||||
export * as http from './http.js'
|
||||
export * as matrix from './matrix.js'
|
||||
export * as openpgp from './openpgp.js'
|
||||
export * as telegram from './telegram.js'
|
||||
|
|
111
src/fetcher/openpgp.js
Normal file
111
src/fetcher/openpgp.js
Normal file
|
@ -0,0 +1,111 @@
|
|||
/*
|
||||
Copyright 2024 Yarmo Mackenbach
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
import axios from 'axios'
|
||||
import { readKey } from 'openpgp'
|
||||
import { OpenPgpQueryProtocol } from '../enums.js'
|
||||
import { version } from '../constants.js'
|
||||
import { parsePublicKey } from '../openpgp.js'
|
||||
|
||||
export const timeout = 5000
|
||||
|
||||
/**
|
||||
* Execute a fetch request
|
||||
* @function
|
||||
* @async
|
||||
* @param {object} data - Data used in the request
|
||||
* @param {string} data.url - The URL pointing at targeted content
|
||||
* @param {OpenPgpQueryProtocol} data.protocol - The protocol used to access the targeted content
|
||||
* @param {number} [data.fetcherTimeout] - Optional timeout for the fetcher
|
||||
* @returns {Promise<object|string>}
|
||||
*/
|
||||
export async function fn (data, opts) {
|
||||
let timeoutHandle
|
||||
const timeoutPromise = new Promise((resolve, reject) => {
|
||||
timeoutHandle = setTimeout(
|
||||
() => reject(new Error('Request was timed out')),
|
||||
data.fetcherTimeout ? data.fetcherTimeout : timeout
|
||||
)
|
||||
})
|
||||
|
||||
const fetchPromise = new Promise((resolve, reject) => {
|
||||
if (!data.url) {
|
||||
reject(new Error('No valid URI provided'))
|
||||
return
|
||||
}
|
||||
|
||||
switch (data.protocol) {
|
||||
case OpenPgpQueryProtocol.HKP:
|
||||
axios.get(data.url, {
|
||||
headers: {
|
||||
Accept: 'application/pgp-keys',
|
||||
'User-Agent': `doipjs/${version}`
|
||||
},
|
||||
validateStatus: (status) => status >= 200 && status < 400
|
||||
})
|
||||
.then(res => res.data)
|
||||
.then(async data => await readKey({ armoredKey: data }))
|
||||
.then(async publicKey => await parsePublicKey(publicKey))
|
||||
.then(profile =>
|
||||
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
|
||||
)
|
||||
.then(res => {
|
||||
resolve({
|
||||
notations: {
|
||||
'proof@ariadne.id': res
|
||||
}
|
||||
})
|
||||
})
|
||||
.catch(e => {
|
||||
reject(e)
|
||||
})
|
||||
break
|
||||
case OpenPgpQueryProtocol.WKD:
|
||||
axios.get(data.url, {
|
||||
headers: {
|
||||
Accept: 'application/octet-stream',
|
||||
'User-Agent': `doipjs/${version}`
|
||||
},
|
||||
responseType: 'arraybuffer',
|
||||
validateStatus: (status) => status >= 200 && status < 400
|
||||
})
|
||||
.then(res => res.data)
|
||||
.then(async data => await readKey({ binaryKey: data }))
|
||||
.then(async publicKey => await parsePublicKey(publicKey))
|
||||
.then(profile =>
|
||||
profile.personas.flatMap(p => { return p.claims.map(c => c._uri) })
|
||||
)
|
||||
.then(res => {
|
||||
resolve({
|
||||
notations: {
|
||||
'proof@ariadne.id': res
|
||||
}
|
||||
})
|
||||
})
|
||||
.catch(e => {
|
||||
reject(e)
|
||||
})
|
||||
break
|
||||
default:
|
||||
reject(new Error('Unsupported OpenPGP query protocol'))
|
||||
break
|
||||
}
|
||||
})
|
||||
|
||||
return Promise.race([fetchPromise, timeoutPromise]).then((result) => {
|
||||
clearTimeout(timeoutHandle)
|
||||
return result
|
||||
})
|
||||
}
|
86
src/serviceProviders/aspe.js
Normal file
86
src/serviceProviders/aspe.js
Normal file
|
@ -0,0 +1,86 @@
|
|||
/*
|
||||
Copyright 2024 Yarmo Mackenbach
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
import isFQDN from 'validator/lib/isFQDN.js'
|
||||
import * as E from '../enums.js'
|
||||
import { ServiceProvider } from '../serviceProvider.js'
|
||||
|
||||
export const reURI = /^aspe:([a-zA-Z0-9.\-_]*):([a-zA-Z0-9]*)/
|
||||
|
||||
/**
|
||||
* @function
|
||||
* @param {string} uri
|
||||
*/
|
||||
export function processURI (uri) {
|
||||
const match = uri.match(reURI)
|
||||
|
||||
if (!isFQDN(match[1])) {
|
||||
return null
|
||||
}
|
||||
|
||||
return new ServiceProvider({
|
||||
about: {
|
||||
id: 'aspe',
|
||||
name: 'ASPE'
|
||||
},
|
||||
profile: {
|
||||
display: match[1],
|
||||
uri,
|
||||
qr: null
|
||||
},
|
||||
claim: {
|
||||
uriRegularExpression: reURI.toString(),
|
||||
uriIsAmbiguous: false
|
||||
},
|
||||
proof: {
|
||||
request: {
|
||||
uri: null,
|
||||
fetcher: E.Fetcher.ASPE,
|
||||
accessRestriction: E.ProofAccessRestriction.NONE,
|
||||
data: {
|
||||
aspeUri: uri
|
||||
}
|
||||
},
|
||||
response: {
|
||||
format: E.ProofFormat.JSON
|
||||
},
|
||||
target: [{
|
||||
format: E.ClaimFormat.URI,
|
||||
encoding: E.EntityEncodingFormat.PLAIN,
|
||||
relation: E.ClaimRelation.CONTAINS,
|
||||
path: ['claims']
|
||||
}]
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
export const tests = [
|
||||
{
|
||||
uri: 'aspe:domain.tld:abc123def456',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'aspe:domain.tld',
|
||||
shouldMatch: false
|
||||
},
|
||||
{
|
||||
uri: 'dns:domain.tld',
|
||||
shouldMatch: false
|
||||
},
|
||||
{
|
||||
uri: 'https://domain.tld',
|
||||
shouldMatch: false
|
||||
}
|
||||
]
|
|
@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
import * as aspe from './aspe.js'
|
||||
import * as openpgp from './openpgp.js'
|
||||
import * as dns from './dns.js'
|
||||
import * as irc from './irc.js'
|
||||
import * as xmpp from './xmpp.js'
|
||||
|
@ -37,6 +39,8 @@ import * as keybase from './keybase.js'
|
|||
import * as opencollective from './opencollective.js'
|
||||
|
||||
const _data = {
|
||||
aspe,
|
||||
openpgp,
|
||||
dns,
|
||||
irc,
|
||||
xmpp,
|
||||
|
|
170
src/serviceProviders/openpgp.js
Normal file
170
src/serviceProviders/openpgp.js
Normal file
|
@ -0,0 +1,170 @@
|
|||
/*
|
||||
Copyright 2024 Yarmo Mackenbach
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
import * as E from '../enums.js'
|
||||
import { ServiceProvider } from '../serviceProvider.js'
|
||||
|
||||
export const reURI = /^(.*)/
|
||||
|
||||
/**
|
||||
* @function
|
||||
* @param {string} uri
|
||||
*/
|
||||
export function processURI (uri) {
|
||||
const reURIHkp = /^openpgp4fpr:(?:0x)?([a-zA-Z0-9.\-_]*)/
|
||||
const reURIWkdDirect = /^https:\/\/(.*)\/.well-known\/openpgpkey\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
|
||||
const reURIWkdAdvanced = /^https:\/\/(openpgpkey.*)\/.well-known\/openpgpkey\/(.*)\/hu\/([a-zA-Z0-9]*)(?:\?l=(.*))?/
|
||||
|
||||
let reURI = null
|
||||
let mode = null
|
||||
let match = null
|
||||
|
||||
if (reURIHkp.test(uri)) {
|
||||
reURI = reURIHkp
|
||||
mode = E.OpenPgpQueryProtocol.HKP
|
||||
match = uri.match(reURI)
|
||||
}
|
||||
if (!mode && reURIWkdAdvanced.test(uri)) {
|
||||
reURI = reURIWkdAdvanced
|
||||
mode = E.OpenPgpQueryProtocol.WKD
|
||||
match = uri.match(reURI)
|
||||
}
|
||||
if (!mode && reURIWkdDirect.test(uri)) {
|
||||
reURI = reURIWkdDirect
|
||||
mode = E.OpenPgpQueryProtocol.WKD
|
||||
match = uri.match(reURI)
|
||||
}
|
||||
|
||||
let output = null
|
||||
|
||||
switch (mode) {
|
||||
case E.OpenPgpQueryProtocol.HKP:
|
||||
output = new ServiceProvider({
|
||||
about: {
|
||||
id: 'openpgp',
|
||||
name: 'OpenPGP'
|
||||
},
|
||||
profile: {
|
||||
display: `openpgp4fpr:${match[1]}`,
|
||||
uri: `https://keys.openpgp.org/search?q=${match[1]}`,
|
||||
qr: null
|
||||
},
|
||||
claim: {
|
||||
uriRegularExpression: reURI.toString(),
|
||||
uriIsAmbiguous: false
|
||||
},
|
||||
proof: {
|
||||
request: {
|
||||
uri: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
|
||||
fetcher: E.Fetcher.OPENPGP,
|
||||
accessRestriction: E.ProofAccessRestriction.NONE,
|
||||
data: {
|
||||
url: `https://keys.openpgp.org/vks/v1/by-fingerprint/${match[1].toUpperCase()}`,
|
||||
protocol: E.OpenPgpQueryProtocol.HKP
|
||||
}
|
||||
},
|
||||
response: {
|
||||
format: E.ProofFormat.JSON
|
||||
},
|
||||
target: [{
|
||||
format: E.ClaimFormat.URI,
|
||||
encoding: E.EntityEncodingFormat.PLAIN,
|
||||
relation: E.ClaimRelation.EQUALS,
|
||||
path: ['notations', 'proof@ariadne.id']
|
||||
}]
|
||||
}
|
||||
})
|
||||
break
|
||||
case E.OpenPgpQueryProtocol.WKD:
|
||||
output = new ServiceProvider({
|
||||
about: {
|
||||
id: 'openpgp',
|
||||
name: 'OpenPGP'
|
||||
},
|
||||
profile: {
|
||||
display: 'unknown fingerprint',
|
||||
uri,
|
||||
qr: null
|
||||
},
|
||||
claim: {
|
||||
uriRegularExpression: reURI.toString(),
|
||||
uriIsAmbiguous: false
|
||||
},
|
||||
proof: {
|
||||
request: {
|
||||
uri,
|
||||
fetcher: E.Fetcher.OPENPGP,
|
||||
accessRestriction: E.ProofAccessRestriction.NONE,
|
||||
data: {
|
||||
url: uri,
|
||||
protocol: E.OpenPgpQueryProtocol.WKD
|
||||
}
|
||||
},
|
||||
response: {
|
||||
format: E.ProofFormat.JSON
|
||||
},
|
||||
target: [{
|
||||
format: E.ClaimFormat.URI,
|
||||
encoding: E.EntityEncodingFormat.PLAIN,
|
||||
relation: E.ClaimRelation.EQUALS,
|
||||
path: ['notations', 'proof@ariadne.id']
|
||||
}]
|
||||
}
|
||||
})
|
||||
break
|
||||
}
|
||||
|
||||
return output
|
||||
}
|
||||
|
||||
export const tests = [
|
||||
{
|
||||
uri: 'openpgp4fpr:123456789',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'openpgp4fpr:abcdef123',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def?l=name',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/domain.tld/hu/123abc456def',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://domain.tld/.well-known/openpgpkey/hu/123abc456def',
|
||||
shouldMatch: true
|
||||
},
|
||||
// The following will not pass .processURI, but reURI currently accepts anything
|
||||
{
|
||||
uri: 'https://domain.tld',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://openpgpkey.domain.tld/.well-known/openpgpkey/hu/123abc456def?l=name',
|
||||
shouldMatch: true
|
||||
},
|
||||
{
|
||||
uri: 'https://domain.tld/.well-known/openpgpkey/123abc456def?l=name',
|
||||
shouldMatch: true
|
||||
}
|
||||
]
|
Loading…
Reference in a new issue