Extend error logging
This commit is contained in:
parent
9db75f4034
commit
cee14ba99c
@ -82,9 +82,13 @@ class Email {
|
|||||||
* @return {string} the encrypted PGP message block
|
* @return {string} the encrypted PGP message block
|
||||||
*/
|
*/
|
||||||
async _pgpEncrypt(plaintext, publicKeyArmored) {
|
async _pgpEncrypt(plaintext, publicKeyArmored) {
|
||||||
|
const {keys, err} = await openpgp.key.readArmored(publicKeyArmored);
|
||||||
|
if (err) {
|
||||||
|
log.error('email', 'Reading armored key failed.', err, publicKeyArmored);
|
||||||
|
}
|
||||||
const ciphertext = await openpgp.encrypt({
|
const ciphertext = await openpgp.encrypt({
|
||||||
message: openpgp.message.fromText(plaintext),
|
message: openpgp.message.fromText(plaintext),
|
||||||
publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys,
|
publicKeys: keys,
|
||||||
});
|
});
|
||||||
return ciphertext.data;
|
return ciphertext.data;
|
||||||
}
|
}
|
||||||
|
@ -53,6 +53,9 @@ class PGP {
|
|||||||
// verify primary key
|
// verify primary key
|
||||||
const key = r.keys[0];
|
const key = r.keys[0];
|
||||||
const primaryKey = key.primaryKey;
|
const primaryKey = key.primaryKey;
|
||||||
|
if (primaryKey.created > new Date()) {
|
||||||
|
log.error('pgp', 'Key creation date is in the future', primaryKey.created);
|
||||||
|
}
|
||||||
if (await key.verifyPrimaryKey() !== openpgp.enums.keyStatus.valid) {
|
if (await key.verifyPrimaryKey() !== openpgp.enums.keyStatus.valid) {
|
||||||
util.throw(400, 'Invalid PGP key: primary key verification failed');
|
util.throw(400, 'Invalid PGP key: primary key verification failed');
|
||||||
}
|
}
|
||||||
@ -67,7 +70,7 @@ class PGP {
|
|||||||
// check for at least one valid user id
|
// check for at least one valid user id
|
||||||
const userIds = await this.parseUserIds(key.users, primaryKey);
|
const userIds = await this.parseUserIds(key.users, primaryKey);
|
||||||
if (!userIds.length) {
|
if (!userIds.length) {
|
||||||
util.throw(400, 'Invalid PGP key: invalid user ids');
|
util.throw(400, 'Invalid PGP key: invalid user IDs');
|
||||||
}
|
}
|
||||||
|
|
||||||
// get algorithm details from primary key
|
// get algorithm details from primary key
|
||||||
@ -119,7 +122,7 @@ class PGP {
|
|||||||
*/
|
*/
|
||||||
async parseUserIds(users, primaryKey) {
|
async parseUserIds(users, primaryKey) {
|
||||||
if (!users || !users.length) {
|
if (!users || !users.length) {
|
||||||
util.throw(400, 'Invalid PGP key: no user id found');
|
util.throw(400, 'Invalid PGP key: no user ID found');
|
||||||
}
|
}
|
||||||
// at least one user id must be valid, revoked or expired
|
// at least one user id must be valid, revoked or expired
|
||||||
const result = [];
|
const result = [];
|
||||||
@ -161,8 +164,16 @@ class PGP {
|
|||||||
* @return {String} merged armored key block
|
* @return {String} merged armored key block
|
||||||
*/
|
*/
|
||||||
async updateKey(srcArmored, dstArmored) {
|
async updateKey(srcArmored, dstArmored) {
|
||||||
const {keys: [srcKey]} = await openpgp.key.readArmored(srcArmored);
|
const {keys: [srcKey], err: srcErr} = await openpgp.key.readArmored(srcArmored);
|
||||||
const {keys: [dstKey]} = await openpgp.key.readArmored(dstArmored);
|
if (srcErr) {
|
||||||
|
log.error('pgp', 'Failed to parse source PGP key for update:\n%s', srcArmored, srcErr);
|
||||||
|
util.throw(500, 'Failed to parse PGP key');
|
||||||
|
}
|
||||||
|
const {keys: [dstKey], err: dstErr} = await openpgp.key.readArmored(dstArmored);
|
||||||
|
if (dstErr) {
|
||||||
|
log.error('pgp', 'Failed to parse destination PGP key for update:\n%s', dstArmored, dstErr);
|
||||||
|
util.throw(500, 'Failed to parse PGP key');
|
||||||
|
}
|
||||||
await dstKey.update(srcKey);
|
await dstKey.update(srcKey);
|
||||||
return dstKey.armor();
|
return dstKey.armor();
|
||||||
}
|
}
|
||||||
|
@ -91,6 +91,9 @@ class PublicKey {
|
|||||||
key.publicKeyArmored = await this._pgp.updateKey(verified.publicKeyArmored, filteredPublicKeyArmored);
|
key.publicKeyArmored = await this._pgp.updateKey(verified.publicKeyArmored, filteredPublicKeyArmored);
|
||||||
} else {
|
} else {
|
||||||
key.userIds = key.userIds.filter(userId => userId.status === KEY_STATUS_VALID);
|
key.userIds = key.userIds.filter(userId => userId.status === KEY_STATUS_VALID);
|
||||||
|
if (!key.userIds.length) {
|
||||||
|
util.throw(400, 'Invalid PGP key: no valid user IDs found');
|
||||||
|
}
|
||||||
await this._addKeyArmored(key.userIds, key.publicKeyArmored);
|
await this._addKeyArmored(key.userIds, key.publicKeyArmored);
|
||||||
// new key, set armored to null
|
// new key, set armored to null
|
||||||
key.publicKeyArmored = null;
|
key.publicKeyArmored = null;
|
||||||
@ -203,7 +206,7 @@ class PublicKey {
|
|||||||
const query = {keyId, 'userIds.nonce': nonce};
|
const query = {keyId, 'userIds.nonce': nonce};
|
||||||
const key = await this._mongo.get(query, DB_TYPE);
|
const key = await this._mongo.get(query, DB_TYPE);
|
||||||
if (!key) {
|
if (!key) {
|
||||||
util.throw(404, 'User id not found');
|
util.throw(404, 'User ID not found');
|
||||||
}
|
}
|
||||||
await this._removeKeysWithSameEmail(key, nonce);
|
await this._removeKeysWithSameEmail(key, nonce);
|
||||||
let {publicKeyArmored} = key.userIds.find(userId => userId.nonce === nonce);
|
let {publicKeyArmored} = key.userIds.find(userId => userId.nonce === nonce);
|
||||||
@ -312,7 +315,7 @@ class PublicKey {
|
|||||||
// flag user ids for removal
|
// flag user ids for removal
|
||||||
const key = await this._flagForRemove(keyId, email);
|
const key = await this._flagForRemove(keyId, email);
|
||||||
if (!key) {
|
if (!key) {
|
||||||
util.throw(404, 'User id not found');
|
util.throw(404, 'User ID not found');
|
||||||
}
|
}
|
||||||
// send verification mails
|
// send verification mails
|
||||||
keyId = key.keyId; // get keyId in case request was by email
|
keyId = key.keyId; // get keyId in case request was by email
|
||||||
@ -364,7 +367,7 @@ class PublicKey {
|
|||||||
// check if key exists in database
|
// check if key exists in database
|
||||||
const flagged = await this._mongo.get({keyId, 'userIds.nonce': nonce}, DB_TYPE);
|
const flagged = await this._mongo.get({keyId, 'userIds.nonce': nonce}, DB_TYPE);
|
||||||
if (!flagged) {
|
if (!flagged) {
|
||||||
util.throw(404, 'User id not found');
|
util.throw(404, 'User ID not found');
|
||||||
}
|
}
|
||||||
if (flagged.userIds.length === 1) {
|
if (flagged.userIds.length === 1) {
|
||||||
// delete the key
|
// delete the key
|
||||||
|
@ -87,7 +87,7 @@ describe('PGP Unit Tests', () => {
|
|||||||
|
|
||||||
it('should only accept valid user ids', () => {
|
it('should only accept valid user ids', () => {
|
||||||
sandbox.stub(pgp, 'parseUserIds').returns([]);
|
sandbox.stub(pgp, 'parseUserIds').returns([]);
|
||||||
return expect(pgp.parseKey(key3Armored)).to.eventually.be.rejectedWith(/invalid user ids/);
|
return expect(pgp.parseKey(key3Armored)).to.eventually.be.rejectedWith(/invalid user IDs/);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should be able to parse RSA key', async () => {
|
it('should be able to parse RSA key', async () => {
|
||||||
@ -180,7 +180,7 @@ describe('PGP Unit Tests', () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it('should throw for an empty user ids array', () =>
|
it('should throw for an empty user ids array', () =>
|
||||||
expect(pgp.parseUserIds([], key.primaryKey)).to.eventually.be.rejectedWith(/no user id/)
|
expect(pgp.parseUserIds([], key.primaryKey)).to.eventually.be.rejectedWith(/no user ID/)
|
||||||
);
|
);
|
||||||
|
|
||||||
it('should return no user id for an invalid signature', async () => {
|
it('should return no user id for an invalid signature', async () => {
|
||||||
|
Loading…
Reference in New Issue
Block a user