Commit ec6a71dd authored by Cédric Moreau's avatar Cédric Moreau

A keyblock must be signed by an existing member

parent d8894109
......@@ -21,6 +21,7 @@ function PubkeyParser (onError) {
obj.raw = dosStr;
obj.hash = sha1(dosStr).toUpperCase();
var k = jpgp().certificate(obj.raw);
if (!k.key) return;
// Extract udid2
obj.udid2s = getSignedUdid2s(k.key);
if (obj.udid2s.length) {
......@@ -64,6 +65,9 @@ function PubkeyParser (onError) {
if (!obj.fingerprint) {
return "Data does not seem to be a key";
}
if (!obj.udid2s) {
return "Cannot extract udid2";
}
};
}
......
......@@ -136,6 +136,10 @@ function KeyService (conn, conf, PublicKeyService) {
// Check the challenge depending on issuer
checkProofOfWork(block, next);
},
function (next) {
// Check document's coherence
checkIssuer(block, next);
},
function (next) {
// Check document's coherence
checkCoherence(block, next);
......@@ -149,6 +153,29 @@ function KeyService (conn, conf, PublicKeyService) {
});
};
function checkIssuer (block, done) {
async.waterfall([
function (next){
Key.isMember(block.issuer, next);
},
function (isMember, next){
if (isMember)
next();
else {
if (block.number == 0) {
if (~block.membersChanges.indexOf('+' + block.issuer)) {
next();
} else {
next('Keyblock not signed by the root members');
}
} else {
next('Keyblock must be signed by an existing member');
}
}
},
], done);
}
function checkCoherence (block, done) {
var newLinks = {};
async.waterfall([
......@@ -330,8 +357,8 @@ function KeyService (conn, conf, PublicKeyService) {
// TODO: check subkeys?
// Check certifications
kc.certifiers = [];
async.forEach(keyhelper.toPacketlist(kc.certpackets), function(certif, callback){
kc.certifiers = [];
async.waterfall([
function (next){
checkCertificationOfKey(certif, kc.fingerprint, newKeys, next);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment