2016-05-26 07:58:50 +00:00
|
|
|
/**
|
|
|
|
* Mailvelope - secure email with OpenPGP encryption for Webmail
|
|
|
|
* Copyright (C) 2016 Mailvelope GmbH
|
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License version 3
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
2017-08-22 04:13:15 +00:00
|
|
|
const config = require('config');
|
2016-05-27 17:57:48 +00:00
|
|
|
const util = require('./util');
|
2016-06-01 06:59:25 +00:00
|
|
|
const tpl = require('../email/templates.json');
|
2016-05-27 17:57:48 +00:00
|
|
|
|
2016-05-26 11:45:32 +00:00
|
|
|
/**
|
|
|
|
* Database documents have the format:
|
|
|
|
* {
|
2016-06-09 15:07:51 +00:00
|
|
|
* _id: ObjectId, // a randomly generated MongoDB document ID
|
|
|
|
* keyId: 'b8e4105cc9dedc77', // the 16 char key id in lowercase hex
|
|
|
|
* fingerprint: 'e3317db04d3958fd5f662c37b8e4105cc9dedc77', // the 40 char key fingerprint in lowercase hex
|
|
|
|
* userIds: [
|
|
|
|
* {
|
|
|
|
* name:'Jon Smith',
|
|
|
|
* email:'jon@smith.com',
|
2016-06-10 08:44:26 +00:00
|
|
|
* nonce: "6a314915c09368224b11df0feedbc53c", // random 32 char verifier used to prove ownership
|
2016-06-09 15:07:51 +00:00
|
|
|
* verified: true // if the user ID has been verified
|
|
|
|
* }
|
|
|
|
* ],
|
|
|
|
* created: Sat Oct 17 2015 12:17:03 GMT+0200 (CEST), // key creation time as JavaScript Date
|
|
|
|
* algorithm: 'rsa_encrypt_sign', // primary key alogrithm
|
|
|
|
* keySize: 4096, // key length in bits
|
|
|
|
* publicKeyArmored: '-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----'
|
2016-05-26 11:45:32 +00:00
|
|
|
* }
|
|
|
|
*/
|
|
|
|
const DB_TYPE = 'publickey';
|
|
|
|
|
2016-05-26 07:58:50 +00:00
|
|
|
/**
|
2016-05-28 13:17:46 +00:00
|
|
|
* A service that handlers PGP public keys queries to the database
|
2016-05-26 07:58:50 +00:00
|
|
|
*/
|
|
|
|
class PublicKey {
|
|
|
|
/**
|
2016-05-28 13:17:46 +00:00
|
|
|
* Create an instance of the service
|
2016-06-09 15:07:51 +00:00
|
|
|
* @param {Object} pgp An instance of the OpenPGP.js wrapper
|
2016-05-27 17:57:48 +00:00
|
|
|
* @param {Object} mongo An instance of the MongoDB client
|
|
|
|
* @param {Object} email An instance of the Email Sender
|
2016-05-26 07:58:50 +00:00
|
|
|
*/
|
2016-06-09 15:07:51 +00:00
|
|
|
constructor(pgp, mongo, email) {
|
|
|
|
this._pgp = pgp;
|
2016-05-26 07:58:50 +00:00
|
|
|
this._mongo = mongo;
|
2016-05-27 17:57:48 +00:00
|
|
|
this._email = email;
|
2016-05-26 07:58:50 +00:00
|
|
|
}
|
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
/**
|
|
|
|
* Persist a new public key
|
2016-05-29 14:47:45 +00:00
|
|
|
* @param {String} publicKeyArmored The ascii armored pgp key block
|
|
|
|
* @param {Object} origin Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' }
|
2016-05-27 17:57:48 +00:00
|
|
|
* @yield {undefined}
|
|
|
|
*/
|
2017-08-23 10:08:18 +00:00
|
|
|
async put({publicKeyArmored, origin}) {
|
2017-08-22 04:13:15 +00:00
|
|
|
// lazily purge old/unverified keys on every key upload
|
|
|
|
await this._purgeOldUnverified();
|
2016-05-27 17:57:48 +00:00
|
|
|
// parse key block
|
2017-08-15 08:03:06 +00:00
|
|
|
const key = this._pgp.parseKey(publicKeyArmored);
|
2016-05-27 17:57:48 +00:00
|
|
|
// check for existing verfied key by id or email addresses
|
2017-08-16 09:55:32 +00:00
|
|
|
const verified = await this.getVerified(key);
|
2016-05-27 17:57:48 +00:00
|
|
|
if (verified) {
|
2016-06-01 10:28:37 +00:00
|
|
|
util.throw(304, 'Key for this user already exists');
|
2016-05-27 17:57:48 +00:00
|
|
|
}
|
2016-06-01 10:28:37 +00:00
|
|
|
// store key in database
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._persisKey(key);
|
2016-05-28 08:49:26 +00:00
|
|
|
// send mails to verify user ids (send only one if primary email is provided)
|
2017-08-23 10:08:18 +00:00
|
|
|
await this._sendVerifyEmail(key, origin);
|
2016-05-26 11:45:32 +00:00
|
|
|
}
|
|
|
|
|
2017-08-22 04:13:15 +00:00
|
|
|
/**
|
2017-08-22 07:26:15 +00:00
|
|
|
* Delete all keys where no user id has been verified after x days.
|
2017-08-22 04:13:15 +00:00
|
|
|
* @yield {undefined}
|
|
|
|
*/
|
|
|
|
async _purgeOldUnverified() {
|
|
|
|
// create date in the past to compare with
|
|
|
|
const xDaysAgo = new Date();
|
|
|
|
xDaysAgo.setDate(xDaysAgo.getDate() - config.publicKey.purgeTimeInDays);
|
|
|
|
// remove unverified keys older than x days (or no 'uploaded' attribute)
|
|
|
|
const query = {
|
|
|
|
'userIds.verified': {$ne: true},
|
2017-08-22 07:26:15 +00:00
|
|
|
uploaded: {$lt: xDaysAgo}
|
2017-08-22 04:13:15 +00:00
|
|
|
};
|
|
|
|
return this._mongo.remove(query, DB_TYPE);
|
|
|
|
}
|
|
|
|
|
2016-06-01 10:28:37 +00:00
|
|
|
/**
|
|
|
|
* Persist the public key and its user ids in the database.
|
2016-06-09 15:07:51 +00:00
|
|
|
* @param {Object} key public key parameters
|
|
|
|
* @yield {undefined} The persisted user id documents
|
2016-06-01 10:28:37 +00:00
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async _persisKey(key) {
|
2016-06-09 15:07:51 +00:00
|
|
|
// delete old/unverified key
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._mongo.remove({keyId: key.keyId}, DB_TYPE);
|
2016-06-09 15:07:51 +00:00
|
|
|
// generate nonces for verification
|
2017-08-15 08:03:06 +00:00
|
|
|
for (const uid of key.userIds) {
|
2016-06-10 08:44:26 +00:00
|
|
|
uid.nonce = util.random();
|
2016-06-09 15:07:51 +00:00
|
|
|
}
|
2016-06-01 10:28:37 +00:00
|
|
|
// persist new key
|
2017-08-16 09:55:32 +00:00
|
|
|
const r = await this._mongo.create(key, DB_TYPE);
|
2016-06-01 10:28:37 +00:00
|
|
|
if (r.insertedCount !== 1) {
|
|
|
|
util.throw(500, 'Failed to persist key');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Send verification emails to the public keys user ids for verification.
|
|
|
|
* If a primary email address is provided only one email will be sent.
|
2016-06-02 14:19:54 +00:00
|
|
|
* @param {Array} userIds user id documents containg the verification nonces
|
|
|
|
* @param {Object} origin the server's origin (required for email links)
|
2016-06-01 10:28:37 +00:00
|
|
|
* @yield {undefined}
|
|
|
|
*/
|
2017-08-23 10:08:18 +00:00
|
|
|
async _sendVerifyEmail({userIds, keyId, publicKeyArmored}, origin) {
|
2017-08-15 08:03:06 +00:00
|
|
|
for (const userId of userIds) {
|
|
|
|
userId.publicKeyArmored = publicKeyArmored; // set key for encryption
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._email.send({template: tpl.verifyKey, userId, keyId, origin});
|
2016-06-01 10:28:37 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-27 17:57:48 +00:00
|
|
|
/**
|
2016-06-09 15:07:51 +00:00
|
|
|
* Verify a user id by proving knowledge of the nonce.
|
|
|
|
* @param {string} keyId Correspronding public key id
|
|
|
|
* @param {string} nonce The verification nonce proving email address ownership
|
|
|
|
* @yield {undefined}
|
2016-05-27 17:57:48 +00:00
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async verify({keyId, nonce}) {
|
2016-06-09 15:07:51 +00:00
|
|
|
// look for verification nonce in database
|
2017-08-15 08:03:06 +00:00
|
|
|
const query = {keyId, 'userIds.nonce': nonce};
|
2017-08-16 09:55:32 +00:00
|
|
|
const key = await this._mongo.get(query, DB_TYPE);
|
2016-06-09 15:07:51 +00:00
|
|
|
if (!key) {
|
|
|
|
util.throw(404, 'User id not found');
|
2016-05-27 17:57:48 +00:00
|
|
|
}
|
2016-06-14 11:13:34 +00:00
|
|
|
// check if user ids of this key have already been verified in another key
|
2017-08-16 09:55:32 +00:00
|
|
|
const verified = await this.getVerified(key);
|
2016-06-17 17:56:33 +00:00
|
|
|
if (verified && verified.keyId !== keyId) {
|
2016-06-14 11:13:34 +00:00
|
|
|
util.throw(304, 'Key for this user already exists');
|
|
|
|
}
|
2016-06-09 15:07:51 +00:00
|
|
|
// flag the user id as verified
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._mongo.update(query, {
|
2016-06-09 15:07:51 +00:00
|
|
|
'userIds.$.verified': true,
|
|
|
|
'userIds.$.nonce': null
|
|
|
|
}, DB_TYPE);
|
2016-05-26 11:45:32 +00:00
|
|
|
}
|
|
|
|
|
2016-06-02 20:55:32 +00:00
|
|
|
/**
|
2016-06-09 15:07:51 +00:00
|
|
|
* Check if a verified key already exists either by fingerprint, 16 char key id,
|
|
|
|
* or email address. There can only be one verified user ID for an email address
|
|
|
|
* at any given time.
|
|
|
|
* @param {Array} userIds A list of user ids to check
|
|
|
|
* @param {string} fingerprint The public key fingerprint
|
|
|
|
* @param {string} keyId (optional) The public key id
|
|
|
|
* @yield {Object} The verified key document
|
2016-06-02 20:55:32 +00:00
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async getVerified({userIds, fingerprint, keyId}) {
|
2016-06-09 15:07:51 +00:00
|
|
|
let queries = [];
|
|
|
|
// query by fingerprint
|
|
|
|
if (fingerprint) {
|
|
|
|
queries.push({
|
|
|
|
fingerprint: fingerprint.toLowerCase(),
|
|
|
|
'userIds.verified': true
|
|
|
|
});
|
|
|
|
}
|
|
|
|
// query by key id (to prevent key id collision)
|
|
|
|
if (keyId) {
|
|
|
|
queries.push({
|
|
|
|
keyId: keyId.toLowerCase(),
|
|
|
|
'userIds.verified': true
|
|
|
|
});
|
2016-06-02 20:55:32 +00:00
|
|
|
}
|
2016-06-09 15:07:51 +00:00
|
|
|
// query by user id
|
|
|
|
if (userIds) {
|
|
|
|
queries = queries.concat(userIds.map(uid => ({
|
|
|
|
userIds: {
|
|
|
|
$elemMatch: {
|
|
|
|
'email': uid.email.toLowerCase(),
|
|
|
|
'verified': true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})));
|
|
|
|
}
|
2017-08-16 09:55:32 +00:00
|
|
|
return this._mongo.get({$or: queries}, DB_TYPE);
|
2016-06-02 20:55:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-06-09 15:07:51 +00:00
|
|
|
* Fetch a verified public key from the database. Either the key id or the
|
|
|
|
* email address muss be provided.
|
|
|
|
* @param {string} fingerprint (optional) The public key fingerprint
|
|
|
|
* @param {string} keyId (optional) The public key id
|
|
|
|
* @param {String} email (optional) The user's email address
|
|
|
|
* @yield {Object} The public key document
|
2016-06-02 20:55:32 +00:00
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async get({fingerprint, keyId, email}) {
|
2016-06-09 15:07:51 +00:00
|
|
|
// look for verified key
|
2017-08-15 08:03:06 +00:00
|
|
|
const userIds = email ? [{email}] : undefined;
|
2017-08-16 09:55:32 +00:00
|
|
|
const key = await this.getVerified({keyId, fingerprint, userIds});
|
2016-06-09 15:07:51 +00:00
|
|
|
if (!key) {
|
|
|
|
util.throw(404, 'Key not found');
|
|
|
|
}
|
|
|
|
// clean json return value (_id, nonce)
|
|
|
|
delete key._id;
|
|
|
|
key.userIds = key.userIds.map(uid => ({
|
|
|
|
name: uid.name,
|
|
|
|
email: uid.email,
|
|
|
|
verified: uid.verified
|
|
|
|
}));
|
|
|
|
return key;
|
2016-06-02 20:55:32 +00:00
|
|
|
}
|
|
|
|
|
2016-06-01 06:59:25 +00:00
|
|
|
/**
|
|
|
|
* Request removal of the public key by flagging all user ids and sending
|
|
|
|
* a verification email to the primary email address. Only one email
|
|
|
|
* needs to sent to a single user id to authenticate removal of all user ids
|
|
|
|
* that belong the a certain key id.
|
2016-06-09 15:07:51 +00:00
|
|
|
* @param {String} keyId (optional) The public key id
|
2016-06-01 06:59:25 +00:00
|
|
|
* @param {String} email (optional) The user's email address
|
|
|
|
* @param {Object} origin Required for links to the keyserver e.g. { protocol:'https', host:'openpgpkeys@example.com' }
|
|
|
|
* @yield {undefined}
|
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async requestRemove({keyId, email, origin}) {
|
2016-06-10 17:58:26 +00:00
|
|
|
// flag user ids for removal
|
2017-08-16 09:55:32 +00:00
|
|
|
const key = await this._flagForRemove(keyId, email);
|
2016-06-10 11:17:28 +00:00
|
|
|
if (!key) {
|
2016-06-01 10:28:37 +00:00
|
|
|
util.throw(404, 'User id not found');
|
|
|
|
}
|
2016-06-10 17:58:26 +00:00
|
|
|
// send verification mails
|
2016-06-10 11:17:28 +00:00
|
|
|
keyId = key.keyId; // get keyId in case request was by email
|
2017-08-15 08:03:06 +00:00
|
|
|
for (const userId of key.userIds) {
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._email.send({template: tpl.verifyRemove, userId, keyId, origin});
|
2016-06-09 15:07:51 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Flag all user IDs of a key for removal by generating a new nonce and
|
|
|
|
* saving it. Either a key id or email address must be provided
|
|
|
|
* @param {String} keyId (optional) The public key id
|
|
|
|
* @param {String} email (optional) The user's email address
|
|
|
|
* @yield {Array} A list of user ids with nonces
|
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async _flagForRemove(keyId, email) {
|
2017-08-15 08:03:06 +00:00
|
|
|
const query = email ? {'userIds.email': email} : {keyId};
|
2017-08-16 09:55:32 +00:00
|
|
|
const key = await this._mongo.get(query, DB_TYPE);
|
2016-06-09 15:07:51 +00:00
|
|
|
if (!key) {
|
2016-06-10 11:17:28 +00:00
|
|
|
return;
|
2016-06-09 15:07:51 +00:00
|
|
|
}
|
2016-06-10 17:58:26 +00:00
|
|
|
// flag only the provided user id
|
2016-06-09 15:07:51 +00:00
|
|
|
if (email) {
|
2017-08-15 08:03:06 +00:00
|
|
|
const nonce = util.random();
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._mongo.update(query, {'userIds.$.nonce': nonce}, DB_TYPE);
|
2017-08-15 08:03:06 +00:00
|
|
|
const uid = key.userIds.find(u => u.email === email);
|
2016-06-09 15:07:51 +00:00
|
|
|
uid.nonce = nonce;
|
2017-08-15 08:03:06 +00:00
|
|
|
return {userIds: [uid], keyId: key.keyId};
|
2016-06-09 15:07:51 +00:00
|
|
|
}
|
2016-06-10 17:58:26 +00:00
|
|
|
// flag all key user ids
|
2016-06-09 15:07:51 +00:00
|
|
|
if (keyId) {
|
2017-08-15 08:03:06 +00:00
|
|
|
for (const uid of key.userIds) {
|
|
|
|
const nonce = util.random();
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._mongo.update({'userIds.email': uid.email}, {'userIds.$.nonce': nonce}, DB_TYPE);
|
2016-06-09 15:07:51 +00:00
|
|
|
uid.nonce = nonce;
|
|
|
|
}
|
2016-06-10 11:17:28 +00:00
|
|
|
return key;
|
2016-06-01 06:59:25 +00:00
|
|
|
}
|
2016-05-26 11:45:32 +00:00
|
|
|
}
|
|
|
|
|
2016-06-01 06:59:25 +00:00
|
|
|
/**
|
|
|
|
* Verify the removal of the user's key id by proving knowledge of the nonce.
|
|
|
|
* Also deletes all user id documents of that key id.
|
2016-06-09 15:07:51 +00:00
|
|
|
* @param {string} keyId public key id
|
2016-06-01 06:59:25 +00:00
|
|
|
* @param {string} nonce The verification nonce proving email address ownership
|
|
|
|
* @yield {undefined}
|
|
|
|
*/
|
2017-08-16 09:55:32 +00:00
|
|
|
async verifyRemove({keyId, nonce}) {
|
2016-06-10 17:58:26 +00:00
|
|
|
// check if key exists in database
|
2017-08-16 09:55:32 +00:00
|
|
|
const flagged = await this._mongo.get({keyId, 'userIds.nonce': nonce}, DB_TYPE);
|
2016-06-01 06:59:25 +00:00
|
|
|
if (!flagged) {
|
|
|
|
util.throw(404, 'User id not found');
|
|
|
|
}
|
2016-06-10 17:58:26 +00:00
|
|
|
// delete the key
|
2017-08-16 09:55:32 +00:00
|
|
|
await this._mongo.remove({keyId}, DB_TYPE);
|
2016-05-26 11:45:32 +00:00
|
|
|
}
|
2016-05-26 07:58:50 +00:00
|
|
|
}
|
|
|
|
|
2017-08-15 08:03:06 +00:00
|
|
|
module.exports = PublicKey;
|