From 84850a29ae6d7c9e724f1e4cba1c34767380f41d Mon Sep 17 00:00:00 2001 From: cgeek Date: Tue, 19 Aug 2014 21:57:45 +0200 Subject: [PATCH] Cleaning old unused code --- app/models/keyblock.js | 53 ------ app/service/KeychainService.js | 290 +-------------------------------- 2 files changed, 2 insertions(+), 341 deletions(-) diff --git a/app/models/keyblock.js b/app/models/keyblock.js index d5a34a4e..0fe24a60 100644 --- a/app/models/keyblock.js +++ b/app/models/keyblock.js @@ -117,59 +117,6 @@ KeyBlockSchema.methods = { return pubkeys; }, - getTierCertificationPackets: function() { - var certifications = []; - this.publicKeys.forEach(function(obj){ - var fingerprint = obj.fingerprint; - var packets = new openpgp.packet.List(); - var base64decoded = base64.decode(obj.packets); - packets.read(base64decoded); - packets = packets.filterByTag(openpgp.enums.packet.signature); - packets.forEach(function(p){ - if (p.tag == openpgp.enums.packet.signature) { - var signaturesToKeep = [ - openpgp.enums.signature.cert_generic, - openpgp.enums.signature.cert_persona, - openpgp.enums.signature.cert_casual, - openpgp.enums.signature.cert_positive - ]; - var selfSig = fingerprint.match(new RegExp(p.issuerKeyId.toHex().toUpperCase() + '$')); - if (~signaturesToKeep.indexOf(p.signatureType) && !selfSig) - certifications.push(p); - } - }); - }); - return certifications; - }, - - getTierCertificationPacketsFor: function(fingerprint) { - var certifications = []; - this.publicKeys.forEach(function(obj){ - if (obj.fingerprint == fingerprint) { - var fingerprint = obj.fingerprint; - var packets = new openpgp.packet.List(); - var base64decoded = base64.decode(obj.packets); - packets.read(base64decoded); - packets = packets.filterByTag(openpgp.enums.packet.signature); - packets.forEach(function(p){ - if (p.tag == openpgp.enums.packet.signature) { - var signaturesToKeep = [ - openpgp.enums.signature.cert_generic, - openpgp.enums.signature.cert_persona, - openpgp.enums.signature.cert_casual, - openpgp.enums.signature.cert_positive - ]; - var selfSig = fingerprint.match(new RegExp(p.issuerKeyId.toHex().toUpperCase() + '$')); - p.target = fingerprint; - if (~signaturesToKeep.indexOf(p.signatureType) && !selfSig) - certifications.push(p); - } - }); - } - }); - return certifications; - }, - getMemberships: function() { var notFoundMembership = 0; var mss = {}; diff --git a/app/service/KeychainService.js b/app/service/KeychainService.js index 74780585..8f2304ce 100644 --- a/app/service/KeychainService.js +++ b/app/service/KeychainService.js @@ -275,6 +275,8 @@ function KeyService (conn, conf, PublicKeyService) { return; } + // TODO: check subkeys? + // Check against signature var entity = new Membership(ms); var armoredPubkey = key.getArmored(); @@ -352,126 +354,6 @@ function KeyService (conn, conf, PublicKeyService) { } } - /** - * Find the pubkey matching fingerprint + test its validity against WoT constraints (signatures). - **/ - function getValidMemberPubkey (now, block, fingerprint, done) { - var wotKey; - async.waterfall([ - function (next){ - getMemberOrNewcomerPubkey(block, fingerprint, next); - }, - function (wotPubkey, next) { - wotKey = wotPubkey; - // Check signatures' quantity + distance to WoT - var nbLinks = wotKey.getSignatories().length; - // wotKey.getSignatories().forEach(function(link){ - // if (Math.max(now - link.timestamp, 0) < LINK_DURATION) { - // nbLinks++; - // } - // }); - // Check against quantity - if (block.number > 0 && nbLinks < LINK_QUANTITY_MIN) { - next('Not enough links to join the Web of Trust'); - return; - } - Key.getMembers(next); - }, - function (members, next){ - // Check against distance to the WoT - async.forEach(members, function(member, callback){ - findExistingPath(wotKey, member, MAX_STEPS, callback); - }, next); - }, - function (next){ - next(null, wotKey.armor()); - }, - ], done); - } - - /** - * Find a member's pubkey, wether it is in the memory block or persisted keychain, - * and returns it as WOTPubkey object. - **/ - function getMemberOrNewcomerPubkey (block, fingerprint, done) { - var wotPubkey; - block.publicKeys.forEach(function(pk){ - if (pk.fingerprint == fingerprint) - wotPubkey = new WOTPubkey(fingerprint, pk.packets); - }); - // New PubKey - if (wotPubkey) { - async.waterfall([ - function (next) { - // Check each pubkey packet has a UserID, and only one - // Check the self-certification exists with pubkey - // Only one self-certification - if (!wotPubkey.hasOnlyOneValidUserID()) { - next('One and only one UserID required & allowed for a pubkey'); - return; - } - if (wotPubkey.getSelfCertifications().length != 1) { - next('Only one self certification allowed for a key'); - return; - } - // Check each pubkey is here for first time - // Check no KeyID conflict - Key.isMember(fingerprint.substring(24), next); - }, - function (isMember, next){ - if (isMember) { - next('Cannot add a pubkey for an existing member'); - return; - } - // Check signatures (good signature + from member) - if (block.number == 0) { - // No tier-signature allowed (no existing member to justify it) - if (wotPubkey.getSignatories().length > 0) { - next('No tier-certification allowed for root keyblock'); - return; - } - else next(); - } - else { - async.forEach(wotPubkey.getSignatories(), function(signatory, callback){ - async.waterfall([ - function (next){ - getMemberPubkey(signatory.keyID, next); - }, - function (wotKey, next){ - // Tiers certif: only from members - if (!signatory.packet.verify(wotPubkey.userid, tierPubkey)) { - next('Signature verification failed for userid'); - return; - } - next(); - }, - ], callback); - }, next); - } - }, - ], function (err) { - done(err, wotPubkey); - }); - } - else { - // Existing pubkey - async.waterfall([ - function (next){ - PublicKey.getTheOne(fingerprint, next); - }, - function (pubk, next){ - next(null, new WOTPubkey(fingerprint, pubk.keychain)); - }, - function (wotPubk, next){ - var certifs = block.getTierCertificationPacketsFor(wotPubk.fingerprint); - wotPubk.addAll(certifs); - next(null, wotPubk); - }, - ], done); - } - } - function checkProofOfWork (block, done) { var powRegexp = new RegExp('^0{' + MINIMUM_ZERO_START + '}'); if (!block.hash.match(powRegexp)) @@ -480,32 +362,6 @@ function KeyService (conn, conf, PublicKeyService) { done(); } - /** - * Find a member's pubkey, wether it is in the memory block or persisted keychain, - * and returns it as WOTPubkey object. - **/ - function getMemberPubkey (fingerprint, done) { - async.waterfall([ - function (next){ - Key.isMember(fingerprint, next); - }, - function (isMember, next){ - if (!isMember) { - next('Not a member key'); - return; - } - PublicKey.getTheOne(fingerprint, next); - }, - function (pubkey, next){ - next(null, new WOTPubkey(fingerprint, pubkey.keychain)); - }, - ], done); - } - - function findExistingPath(wotKey, member, maxSteps, callback) { - callback('No path found!'); - } - function checkKicked (block, newLinks, done) { var membersChanges = block.membersChanges; async.waterfall([ @@ -556,23 +412,6 @@ function KeyService (conn, conf, PublicKeyService) { ], done); } - function checkCertificationsUpdates (block, done) { - // Only *members* signatures can be here (not newcomers, nor leaving members) - if (block.number == 0) { - done(); - return; - } - var certifications = block.getTierCertificationPackets(); - async.forEach(certifications, function(cert, callback){ - Key.isStayingMember(cert.issuerKeyId.toHex().toUpperCase(), function (err, willBeMember) { - if (!willBeMember || err) - callback(err || 'Signatory is not a member'); - else - callback(); - }); - }, done); - } - function updateMembers (block, done) { async.forEach(block.membersChanges, function(mc, callback){ var isPlus = mc[0] == '+'; @@ -732,131 +571,6 @@ function KeyService (conn, conf, PublicKeyService) { }, done); } - function WOTPubkey (fingerprint, rawPackets) { - - this.packets = new openpgp.packet.List(); - - var that = this; - - // Get signatories' certification packet of the userid (not checked yet) - this.addAll = function (packets) { - var thePackets = new openpgp.packet.List(); - var base64decoded = base64.decode(packets); - thePackets.read(base64decoded); - thePackets = thePackets.filterByTag( - openpgp.enums.packet.publicKey, - openpgp.enums.packet.publicSubkey, - openpgp.enums.packet.userid, - openpgp.enums.packet.signature); - thePackets.forEach(function(p){ - if (p.tag == openpgp.enums.packet.signature) { - var signaturesToKeep = [ - openpgp.enums.signature.cert_generic, - openpgp.enums.signature.cert_persona, - openpgp.enums.signature.cert_casual, - openpgp.enums.signature.cert_positive, - openpgp.enums.signature.subkey_binding - ]; - if (~signaturesToKeep.indexOf(p.signatureType)) - that.packets.push(p); - } - else that.packets.push(p); - }); - } - - this.addAll(rawPackets); - - // Get signatories' certification packet of the userid (not checked yet) - this.getSignatories = function () { - var signatories = []; - this.packets.filterByTag(openpgp.enums.packet.signature).forEach(function(packet){ - var issuerKeyId = packet.issuerKeyId.toHex().toUpperCase(); - var isSelfSig = fingerprint.match(new RegExp(issuerKeyId + '$')); - if (!isSelfSig) { - signatories.push({ - keyID: issuerKeyId, - packet: packet - }); - } - }); - return signatories; - }; - - // Get signatories' certification packet of the userid (not checked yet) - this.hasOnlyOneValidUserID = function () { - return this.getPubKey().getPrimaryUser() != null && this.getUserIDs().length == 1; - }; - - // Get signatories' certification packet of the userid (not checked yet) - this.getSelfCertifications = function () { - var certifs = []; - this.packets.filterByTag(openpgp.enums.packet.signature).forEach(function(packet){ - var signaturesToKeep = [ - openpgp.enums.signature.cert_generic, - openpgp.enums.signature.cert_persona, - openpgp.enums.signature.cert_casual, - openpgp.enums.signature.cert_positive - ]; - if (~signaturesToKeep.indexOf(packet.signatureType)) { - var issuerKeyId = packet.issuerKeyId.toHex().toUpperCase(); - var isSelfSig = fingerprint.match(new RegExp(issuerKeyId + '$')); - if (isSelfSig) { - certifs.push({ - keyID: issuerKeyId, - packet: packet - }); - } - } - }); - return certifs; - }; - - this.getPurePubkey = function () { - return new openpgp.key.Key(this.getPurePackets()); - }; - - // Get signatories' certification packet of the userid (not checked yet) - this.getPurePackets = function () { - var purePackets = []; - var packets = this.packets.filterByTag( - openpgp.enums.packet.publicKey, - openpgp.enums.packet.publicSubkey, - openpgp.enums.packet.userid, - openpgp.enums.packet.signature); - packets.forEach(function(packet){ - var signaturesToKeep = [ - openpgp.enums.signature.cert_generic, - openpgp.enums.signature.cert_persona, - openpgp.enums.signature.cert_casual, - openpgp.enums.signature.cert_positive, - openpgp.enums.signature.subkey_binding - ]; - if (~signaturesToKeep.indexOf(packet.signatureType)) { - var issuerKeyId = packet.issuerKeyId.toHex().toUpperCase(); - var isSelfSig = fingerprint.match(new RegExp(issuerKeyId + '$')); - if (isSelfSig) { - purePackets.push(packet); - } - } - }); - return purePackets; - }; - - this.getPubKey = function () { - return new openpgp.key.Key(this.packets); - }; - - this.getUserIDs = function () { - var pk = this.getPubKey(); - return pk.getUserIds(); - } - - this.armor = function () { - var armor = new openpgp.key.Key(this.packets).armor(); - return armor; - } - } - this.current = function (done) { KeyBlock.current(function (err, kb) { done(err, kb || null); -- 2.22.0