Generating a root keyblock through gen-root command

app/lib/keyhelper.js

@@ -37,7 +37,10 @@ function KeyHelper (packetList) {
   };
 
   this.getBase64publicKey = function (){
-    return key.getKeyPacket() && base64.encode(key.getKeyPacket().write());
+    var packets = new PacketList();
+    if (key.getKeyPacket())
+      packets.push(key.getKeyPacket());
+    return base64.encode(packets.write());
   };
 
   this.getBase64primaryUser = function (){
@@ -66,7 +69,7 @@ function KeyHelper (packetList) {
   this.getBase64subkeys = function (){
     var bSubkeys = [];
     (key.subKeys || []).forEach(function(subkeyWrapper){
-      if (subkeyWrapper.isValidSigningKey(key) || subkeyWrapper.isValidEncryptionKey(key)) {
+      if (subkeyWrapper.isValidSigningKey(key.primaryKey) || subkeyWrapper.isValidEncryptionKey(key.primaryKey)) {
         var packets = new PacketList();
         packets.push(subkeyWrapper.subKey);
         packets.push(subkeyWrapper.bindingSignature);
@@ -75,4 +78,19 @@ function KeyHelper (packetList) {
     });
     return bSubkeys;
   };
+
+  this.getPotentials = function (){
+    var potentials = [];
+    if (that.hasValidUdid2()) {
+      potentials.push(that.getBase64publicKey());
+      potentials.push(that.getBase64primaryUser());
+      that.getBase64primaryUserOtherCertifications().forEach(function(base64SubKey){
+        potentials.push(base64SubKey);
+      });
+      that.getBase64subkeys().forEach(function(base64SubKey){
+        potentials.push(base64SubKey);
+      });
+    }
+    return potentials;
+  };
 }

app/models/publickey.js

@@ -84,7 +84,30 @@ PublicKeySchema.methods = {
 
   getRaw: function () {
     return this.raw;
+  },
+
+  getWritablePacketsWithoutOtherCertifications: function (){
+    var wrappedKey = KHelper.fromArmored(this.raw);
+    var packets = new openpgp.packet.List();
+    var potentials = wrappedKey.getPotentials();
+    var pubkeyPkt = wrappedKey.getBase64publicKey();
+    // Pubkey packet
+    if (~potentials.indexOf(pubkeyPkt)) {
+      packets.read(base64.decode(pubkeyPkt));
+    }
+    // UserID packets
+    var userIDPkt = wrappedKey.getBase64primaryUser();
+    if (~potentials.indexOf(userIDPkt)) {
+      packets.read(base64.decode(userIDPkt));
     }
+    // SubKey packets
+    wrappedKey.getBase64subkeys().forEach(function(subKPkt){
+      if (~potentials.indexOf(subKPkt)) {
+        packets.read(base64.decode(subKPkt));
+      }
+    });
+    return packets;
+  },
 };
 
 PublicKeySchema.statics.getTheOne = function (keyID, done) {
@@ -216,17 +239,7 @@ PublicKeySchema.statics.persist = function (pubkey, done) {
           // Merges packets
           storedKey.update(comingKey);
           var kh = KHelper.fromPackets(storedKey.toPacketlist());
-          var potentials = [];
-          if (kh.hasValidUdid2()) {
-            potentials.push(kh.getBase64publicKey());
-            potentials.push(kh.getBase64primaryUser());
-            kh.getBase64primaryUserOtherCertifications().forEach(function(base64SubKey){
-              potentials.push(base64SubKey);
-            });
-            kh.getBase64subkeys().forEach(function(base64SubKey){
-              potentials.push(base64SubKey);
-            });
-          }
+          var potentials = kh.getPotentials();
           potentials.forEach(function(encoded){
             var md5ed = md5(encoded);
             if (foundKeys[0].registered.indexOf(md5ed) == -1 && foundKeys[0].eligible.indexOf(md5ed) == -1)  {

app/service/KeychainService.js

@@ -7,6 +7,7 @@ var base64   = require('../lib/base64');
 var unix2dos  = require('../lib/unix2dos');
 var dos2unix  = require('../lib/dos2unix');
 var parsers   = require('../lib/streams/parsers/doc');
+var keyhelper = require('../lib/keyhelper');
 var logger    = require('../lib/logger')('membership');
 var moment    = require('moment');
 
@@ -91,7 +92,7 @@ function KeyService (conn, conf, PublicKeyService) {
           next(null, true); // Key is already in the chain
         else {
           // Key is not in the keychain: valid if it has a valid udid2 (implying pubkey + self certificatio)
-          var wrappedKey = require('../lib/keyhelper').fromArmored(pubkey.raw);
+          var wrappedKey = keyhelper.fromArmored(pubkey.raw);
           next(null, wrappedKey.hasValidUdid2());
         }
       },
@@ -681,15 +682,15 @@ function KeyService (conn, conf, PublicKeyService) {
       var join = { pubkey: null, ms: null };
       async.waterfall([
         function (next){
-          Membership.find({ userid: uid }, next);
+          Membership.find({ userid: uid, eligible: true }, next);
         },
         function (mss, next){
           if (mss.length == 0) {
-            next('Membership not found?!')
+            next('Membership of ' + uid + ' not found');
             return;
           }
           else if (mss.length > 1) {
-            next('Multiple membership found! Stopping.')
+            next('Multiple memberships for same user found! Stopping.')
             return;
           }
           else {
@@ -700,8 +701,18 @@ function KeyService (conn, conf, PublicKeyService) {
         },
         function (pubk, next){
           join.pubkey = pubk;
+          if (!pubk.keychain && pubk.eligible.length > 0) {
+            // Not in the keychain, with eligible packets, potential new member
+            var wrappedKey = keyhelper.fromArmored(pubk.raw);
+            // Just require a good udid2
+            if (!wrappedKey.hasValidUdid2()) {
+              next('User ' + uid + ' does not have a valid udid2');
+              return;
+            }
             joinData[join.pubkey.fingerprint] = join;
             next();
+          }
+          else next('Already in the keychain, or no eligible packet');
         },
       ], callback);
     }, function(err){
@@ -721,10 +732,9 @@ function KeyService (conn, conf, PublicKeyService) {
       // Public keys
       block.publicKeys = [];
       _(joinData).values().forEach(function(join){
-        var key = openpgp.key.readArmored(join.pubkey.raw).keys[0];
         var pkData = {
           fingerprint: join.pubkey.fingerprint,
-          packets: base64.encode(key.toPacketlist().write())
+          packets: base64.encode(join.pubkey.getWritablePacketsWithoutOtherCertifications().write())
         };
         block.publicKeys.push(pkData);
       });

bin/ucoind

@@ -233,18 +233,13 @@ program
           next('usage: gen-root [host] [port]');
           return;
         }
-        KeychainService.current(function (err, current) {
-          if (current) {
-            next('Local keychain is already started.');
-            return;
-          }
-          else next();
-        })
-      },
-      function (next){
-        Membership.find({}, next);
+        Membership.find({ eligible: true }, next);
       },
       function (mss, next){
+        if (mss.length == 0) {
+          next('No membership was received, no changes to add.');
+          return;
+        }
         var uids = [];
         mss.forEach(function(ms){
           uids.push(ms.userid);