aboutsummaryrefslogtreecommitdiff
path: root/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification
diff options
context:
space:
mode:
Diffstat (limited to 'gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification')
-rw-r--r--gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala64
-rw-r--r--gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala4
-rw-r--r--gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala109
-rw-r--r--gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala39
-rw-r--r--gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala6
5 files changed, 222 insertions, 0 deletions
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala
new file mode 100644
index 0000000..5243b36
--- /dev/null
+++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/GitHubVerifier.scala
@@ -0,0 +1,64 @@
+package com.github.jodersky.skeybase
+package verification
+
+import scala.concurrent.Future
+
+import Verifier.extractSignedStatement
+import Verifier.finalHost
+import Verifier.verifyStatement
+import Verifier.withRedirects
+import akka.actor.ActorSystem
+import openpgp.Backend
+import spray.client.pipelining.Get
+import spray.client.pipelining.WithTransformerConcatenation
+import spray.client.pipelining.sendReceive
+import spray.client.pipelining.sendReceive$default$3
+import spray.client.pipelining.unmarshal
+import spray.httpx.SprayJsonSupport.sprayJsonUnmarshaller
+import spray.json.DefaultJsonProtocol
+
+object GitHubVerifier {
+ case class GistFile(rawUrl: String)
+ case class Gist(url: String, files: Map[String, GistFile])
+
+ object GitHubProtocol extends DefaultJsonProtocol {
+ implicit val gistFileFormat = jsonFormat(GistFile, "raw_url")
+ implicit val gistFormat = jsonFormat2(Gist)
+ }
+}
+
+class GitHubVerifier(backend: Backend) extends Verifier {
+ import Verifier._
+ import GitHubVerifier._
+ import GitHubVerifier.GitHubProtocol._
+
+ def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem) = {
+ import sys.dispatcher
+
+ val urlOfHeadGist = (gists: Seq[Gist]) => {
+ val url = for (
+ gist <- gists.headOption;
+ (_, file) <- gist.files.headOption
+ ) yield {
+ file.rawUrl
+ }
+ url getOrElse {
+ throw new NoSuchElementException("No gist found.")
+ }
+ }
+ val gistPipeline = withRedirects(sendReceive) ~> finalHost("api.github.com").tupled ~> unmarshal[Seq[Gist]] ~> urlOfHeadGist
+ val rawPipeline = sendReceive ~> unmarshal[String]
+
+ for (
+ rawUrl <- gistPipeline(Get("https://api.github.com/users/" + proof.nametag + "/gists"));
+ content <- rawPipeline(Get(rawUrl));
+ signed <- extractSignedStatement(content);
+ clear <- backend.verifySignature(signed, fingerprint);
+ verified <- verifyStatement(clear, "github", proof.nametag)
+ ) yield {
+ proof
+ }
+ }
+
+}
+ \ No newline at end of file
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala
new file mode 100644
index 0000000..a7c1f78
--- /dev/null
+++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/VerificationException.scala
@@ -0,0 +1,4 @@
+package com.github.jodersky.skeybase
+package verification
+
+class VerificationException(message: String) extends RuntimeException(message) \ No newline at end of file
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala
new file mode 100644
index 0000000..6025fef
--- /dev/null
+++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/Verifier.scala
@@ -0,0 +1,109 @@
+package com.github.jodersky.skeybase
+package verification
+
+import scala.language.implicitConversions
+
+import scala.concurrent.ExecutionContext
+import scala.concurrent.Future
+import scala.util.Failure
+import scala.util.Success
+import scala.util.Try
+
+import com.github.jodersky.skeybase.Proof
+import com.github.jodersky.skeybase.PublicKey
+
+import akka.actor.ActorSystem
+import spray.http.HttpHeaders.Location
+import spray.http.HttpRequest
+import spray.http.HttpResponse
+import spray.http.Uri
+import spray.json.DefaultJsonProtocol
+import spray.json.JsonParser
+import spray.json.ParserInput.apply
+
+trait Verifier {
+
+ def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem): Future[Proof]
+
+}
+
+object Verifier {
+
+ object JsonProtocol extends DefaultJsonProtocol {
+ implicit val serviceFormat = jsonFormat2(Service.apply)
+ implicit val keyFormat = jsonFormat1(PublicKey.apply)
+ implicit val statementBodyFormat = jsonFormat2(StatementBody.apply)
+ implicit val statementFormat = jsonFormat1(Statement.apply)
+ }
+ import JsonProtocol._
+
+ implicit def tryToFuture[A](t: Try[A]): Future[A] = t match {
+ case Success(a) => Future.successful(a)
+ case Failure(e) => Future.failed(e)
+ }
+
+ def withRedirects(
+ sendReceive: HttpRequest => Future[HttpResponse],
+ maxRedirects: Int = 5)(implicit ec: ExecutionContext): HttpRequest => Future[(Uri, HttpResponse)] = { request =>
+
+ def dispatch(request: HttpRequest, redirectsLeft: Int): Future[(Uri, HttpResponse)] = if (redirectsLeft <= 0) {
+ Future.failed(new RuntimeException("Too many redirects."))
+ } else {
+ sendReceive(request).flatMap { response =>
+ if (response.status.value.startsWith("3")) {
+ response.header[Location].map { location =>
+ dispatch(request.copy(uri = location.uri), redirectsLeft - 1)
+ } getOrElse {
+ Future.failed(new RuntimeException("Missing location header in redirect response."))
+ }
+ } else {
+ Future.successful(request.uri, response)
+ }
+ }
+ }
+
+ dispatch(request, maxRedirects)
+ }
+
+ def finalHost(host: String) = (uri: Uri, response: HttpResponse) => {
+ if (uri.authority.host.address != host)
+ throw new VerificationException("Final host is not " + host)
+ else
+ response
+ }
+
+ def extractSignedStatement(content: String): Try[String] = Try {
+ val regex = """(-----BEGIN PGP MESSAGE-----(.|\n)*-----END PGP MESSAGE-----?)""".r
+ regex.findFirstIn(content) getOrElse {
+ throw new VerificationException("No OpenPGP message found.")
+ }
+ }
+
+ def verifyStatement(statement: String, service: String, username: String): Try[String] = Try {
+ val stmt = JsonParser(statement).convertTo[Statement]
+
+ if (stmt.body.service.name != service) throw new VerificationException(
+ "The service specified in the signed statement (" + stmt.body.service.name + ") is not " +
+ "the same as the service under which the statement was found (" + service + ")")
+ else if (stmt.body.service.username != username) throw new VerificationException(
+ "The username specified in the signed statement (" + stmt.body.service.username + ") is not " +
+ "the same as the username under which the statement was found (" + username + ")")
+ else statement
+
+ }
+
+ /*
+ * if (!(uri.path.tail startsWith (Path(proof.nametag)))) {
+ * throw new VerificationException("Final github account does not match the one provided in the proof." + uri.path.head)
+ * }
+
+
+ def extractHtmlId(id: String, html: String): Option[String] = {
+ val cleaner = new HtmlCleaner
+ val root = cleaner.clean(html)
+ root.getElementsByName("div", true).find(_.getAttributeByName("id") == id).map { div =>
+ StringEscapeUtils.unescapeHtml4(div.getText.toString())
+ }
+ }*/
+
+} \ No newline at end of file
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala
new file mode 100644
index 0000000..04cad1e
--- /dev/null
+++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/WebsiteFileVerifier.scala
@@ -0,0 +1,39 @@
+package com.github.jodersky.skeybase
+package verification
+
+import scala.concurrent.Future
+
+
+import Verifier.extractSignedStatement
+import Verifier.finalHost
+import Verifier.verifyStatement
+import Verifier.withRedirects
+import akka.actor.ActorSystem
+import openpgp.Backend
+import spray.client.pipelining.Get
+import spray.client.pipelining.WithTransformerConcatenation
+import spray.client.pipelining.sendReceive
+import spray.client.pipelining.sendReceive$default$3
+import spray.client.pipelining.unmarshal
+import spray.httpx.SprayJsonSupport.sprayJsonUnmarshaller
+import spray.json.DefaultJsonProtocol
+
+class WebsiteFileVerifier(backend: Backend) extends Verifier {
+ import Verifier._
+
+ def verify(fingerprint: String, proof: Proof)(implicit sys: ActorSystem) = {
+ import sys.dispatcher
+
+ val pipeline = withRedirects(sendReceive) ~> finalHost(proof.nametag).tupled ~> unmarshal[String]
+ for (
+ content <- pipeline(Get(proof.proofUrl));
+ signed <- extractSignedStatement(content);
+ clear <- backend.verifySignature(signed, fingerprint);
+ verified <- verifyStatement(clear, "github", proof.nametag)
+ ) yield {
+ proof
+ }
+ }
+
+}
+ \ No newline at end of file
diff --git a/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala
new file mode 100644
index 0000000..cbe896f
--- /dev/null
+++ b/gpg/skeybase/src/main/scala/com/github/jodersky/skeybase/verification/statements.scala
@@ -0,0 +1,6 @@
+package com.github.jodersky.skeybase
+package verification
+
+case class Service(name: String, username: String)
+case class StatementBody(key: PublicKey, service: Service)
+case class Statement(body: StatementBody) \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-27 04:49:27 +0000