diff options
Diffstat (limited to 'gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification')
5 files changed, 222 insertions, 0 deletions
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala new file mode 100644 index 0000000..5243b36 --- /dev/null +++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala @@ -0,0 +1,64 @@ +package com.github.jodersky.skeybase +package verification + +import scala.concurrent.Future + +import Verifier.extractSignedStatement +import Verifier.finalHost +import Verifier.verifyStatement +import Verifier.withRedirects +import akka.actor.ActorSystem +import openpgp.Backend +import spray.client.pipelining.Get +import spray.client.pipelining.WithTransformerConcatenation +import spray.client.pipelining.sendReceive +import spray.client.pipelining.sendReceive$default$3 +import spray.client.pipelining.unmarshal +import spray.httpx.SprayJsonSupport.sprayJsonUnmarshaller +import spray.json.DefaultJsonProtocol + +object GitHubVerifier { + case class GistFile(rawUrl: String) + case class Gist(url: String, files: Map[String, GistFile]) + + object GitHubProtocol extends DefaultJsonProtocol { + implicit val gistFileFormat = jsonFormat(GistFile, "raw_url") + implicit val gistFormat = jsonFormat2(Gist) + } +} + +class GitHubVerifier(backend: Backend) extends Verifier { + import Verifier._ + import GitHubVerifier._ + import GitHubVerifier.GitHubProtocol._ + + def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem) = { + import sys.dispatcher + + val urlOfHeadGist = (gists: Seq[Gist]) => { + val url = for ( + gist <- gists.headOption; + (_, file) <- gist.files.headOption + ) yield { + file.rawUrl + } + url getOrElse { + throw new NoSuchElementException("No gist found.") + } + } + val gistPipeline = withRedirects(sendReceive) ~> finalHost("api.github.com").tupled ~> unmarshal[Seq[Gist]] ~> urlOfHeadGist + val rawPipeline = sendReceive ~> unmarshal[String] + + for ( + rawUrl <- gistPipeline(Get("https://api.github.com/users/" + proof.nametag + "/gists")); + content <- rawPipeline(Get(rawUrl)); + signed <- extractSignedStatement(content); + clear <- backend.verifySignature(signed, fingerprint); + verified <- verifyStatement(clear, "github", proof.nametag) + ) yield { + proof + } + } + +} +
\ No newline at end of file diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala new file mode 100644 index 0000000..a7c1f78 --- /dev/null +++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala @@ -0,0 +1,4 @@ +package com.github.jodersky.skeybase +package verification + +class VerificationException(message: String) extends RuntimeException(message)
\ No newline at end of file diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala new file mode 100644 index 0000000..6025fef --- /dev/null +++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala @@ -0,0 +1,109 @@ +package com.github.jodersky.skeybase +package verification + +import scala.language.implicitConversions + +import scala.concurrent.ExecutionContext +import scala.concurrent.Future +import scala.util.Failure +import scala.util.Success +import scala.util.Try + +import com.github.jodersky.skeybase.Proof +import com.github.jodersky.skeybase.PublicKey + +import akka.actor.ActorSystem +import spray.http.HttpHeaders.Location +import spray.http.HttpRequest +import spray.http.HttpResponse +import spray.http.Uri +import spray.json.DefaultJsonProtocol +import spray.json.JsonParser +import spray.json.ParserInput.apply + +trait Verifier { + + def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem): Future[Proof] + +} + +object Verifier { + + object JsonProtocol extends DefaultJsonProtocol { + implicit val serviceFormat = jsonFormat2(Service.apply) + implicit val keyFormat = jsonFormat1(PublicKey.apply) + implicit val statementBodyFormat = jsonFormat2(StatementBody.apply) + implicit val statementFormat = jsonFormat1(Statement.apply) + } + import JsonProtocol._ + + implicit def tryToFuture[A](t: Try[A]): Future[A] = t match { + case Success(a) => Future.successful(a) + case Failure(e) => Future.failed(e) + } + + def withRedirects( + sendReceive: HttpRequest => Future[HttpResponse], + maxRedirects: Int = 5)(implicit ec: ExecutionContext): HttpRequest => Future[(Uri, HttpResponse)] = { request => + + def dispatch(request: HttpRequest, redirectsLeft: Int): Future[(Uri, HttpResponse)] = if (redirectsLeft <= 0) { + Future.failed(new RuntimeException("Too many redirects.")) + } else { + sendReceive(request).flatMap { response => + if (response.status.value.startsWith("3")) { + response.header[Location].map { location => + dispatch(request.copy(uri = location.uri), redirectsLeft - 1) + } getOrElse { + Future.failed(new RuntimeException("Missing location header in redirect response.")) + } + } else { + Future.successful(request.uri, response) + } + } + } + + dispatch(request, maxRedirects) + } + + def finalHost(host: String) = (uri: Uri, response: HttpResponse) => { + if (uri.authority.host.address != host) + throw new VerificationException("Final host is not " + host) + else + response + } + + def extractSignedStatement(content: String): Try[String] = Try { + val regex = """(-----BEGIN PGP MESSAGE-----(.|\n)*-----END PGP MESSAGE-----?)""".r + regex.findFirstIn(content) getOrElse { + throw new VerificationException("No OpenPGP message found.") + } + } + + def verifyStatement(statement: String, service: String, username: String): Try[String] = Try { + val stmt = JsonParser(statement).convertTo[Statement] + + if (stmt.body.service.name != service) throw new VerificationException( + "The service specified in the signed statement (" + stmt.body.service.name + ") is not " + + "the same as the service under which the statement was found (" + service + ")") + else if (stmt.body.service.username != username) throw new VerificationException( + "The username specified in the signed statement (" + stmt.body.service.username + ") is not " + + "the same as the username under which the statement was found (" + username + ")") + else statement + + } + + /* + * if (!(uri.path.tail startsWith (Path(proof.nametag)))) { + * throw new VerificationException("Final github account does not match the one provided in the proof." + uri.path.head) + * } + + + def extractHtmlId(id: String, html: String): Option[String] = { + val cleaner = new HtmlCleaner + val root = cleaner.clean(html) + root.getElementsByName("div", true).find(_.getAttributeByName("id") == id).map { div => + StringEscapeUtils.unescapeHtml4(div.getText.toString()) + } + }*/ + +}
\ No newline at end of file diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala new file mode 100644 index 0000000..04cad1e --- /dev/null +++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala @@ -0,0 +1,39 @@ +package com.github.jodersky.skeybase +package verification + +import scala.concurrent.Future + + +import Verifier.extractSignedStatement +import Verifier.finalHost +import Verifier.verifyStatement +import Verifier.withRedirects +import akka.actor.ActorSystem +import openpgp.Backend +import spray.client.pipelining.Get +import spray.client.pipelining.WithTransformerConcatenation +import spray.client.pipelining.sendReceive +import spray.client.pipelining.sendReceive$default$3 +import spray.client.pipelining.unmarshal +import spray.httpx.SprayJsonSupport.sprayJsonUnmarshaller +import spray.json.DefaultJsonProtocol + +class WebsiteFileVerifier(backend: Backend) extends Verifier { + import Verifier._ + + def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem) = { + import sys.dispatcher + + val pipeline = withRedirects(sendReceive) ~> finalHost(proof.nametag).tupled ~> unmarshal[String] + for ( + content <- pipeline(Get(proof.proofUrl)); + signed <- extractSignedStatement(content); + clear <- backend.verifySignature(signed, fingerprint); + verified <- verifyStatement(clear, "github", proof.nametag) + ) yield { + proof + } + } + +} +
\ No newline at end of file diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala new file mode 100644 index 0000000..cbe896f --- /dev/null +++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala @@ -0,0 +1,6 @@ +package com.github.jodersky.skeybase +package verification + +case class Service(name: String, username: String) +case class StatementBody(key: PublicKey, service: Service) +case class Statement(body: StatementBody)
\ No newline at end of file |