diff options
Diffstat (limited to 'src/routes/canaries')
| -rw-r--r-- | src/routes/canaries/keystore.ts | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/src/routes/canaries/keystore.ts b/src/routes/canaries/keystore.ts index 1d2aefb..5b85201 100644 --- a/src/routes/canaries/keystore.ts +++ b/src/routes/canaries/keystore.ts @@ -2,23 +2,31 @@ import { dev } from "$app/environment"; import { PublicKey, readCleartextMessage, readKey, verify } from "openpgp"; import { fallbackKeys } from "./fallback-keys"; export const keyStore = new Map<string, PublicKey>(); -const will_debug = false; -const debug = dev && will_debug ? console.debug : () => void 0; +const will_debug = true; +const debug = dev && will_debug ? (z: any, ...a: any[]) => console.debug(...[ + ...(typeof z === 'string' ? [`[keystore] ${z}`] : ['[keystore]', z]), + ...a +]) : () => void 0; const _validateSignature = async (message: string, id: string) => { id = id.toUpperCase(); + debug(`[validateSignature][status=lookup] looking up key by ID ${JSON.stringify(id)}`) const key = keyStore.get(id) ?? keyStore.get(id.replace(/ /g, "")); if (!key) throw new Error("Could not find key from keystore"); + debug(`[validateSignature][status=parse] parsing message`) const signedMessage = await readCleartextMessage({ cleartextMessage: message, }); + debug(`[validateSignature][status=verify] verifying message signature`) const verificationResult = await verify({ message: signedMessage, verificationKeys: key, expectSigned: true, }); + debug(`[validateSignature][success] successfully validated message signature`) return verificationResult.data; } export const validateSignature: typeof _validateSignature = async (message, id) => { + debug(`[validateSignature][globalState] waiting on initKeystore`) await initKeystore; return _validateSignature(message, id) }; @@ -40,22 +48,22 @@ const pushKey = async ({ ids = ids ?? []; if (is_url) { const url = new URL(key, "https://keys.openpgp.org/vks/v1/by-fingerprint/"); - debug('getting key with url', url) + debug('[pushKey][info] Getting key with url\n\n', url) key = await fetch( url, ).then((v) => v.text()).catch(e => { if (fallbackKeys.has(key)) { - debug('failed with error', e, 'but found fallback key') + debug('[pushKey][warn] Failed with error', e, 'but found fallback key') return fallbackKeys.get(key)! } else { - debug('failed to fetch key, cannot find fallback') + debug('[pushKey][error] Failed to fetch key, cannot find fallback') throw e } }); - debug('fetched key', key) + debug('[pushKey][success] Fetched key\n\n', JSON.stringify(key)) } else { - debug('found key', key) + debug('[pushKey][success] Found key\n\n', JSON.stringify(key)) } if (key === null) throw new Error('Key is null.') @@ -64,9 +72,9 @@ const pushKey = async ({ if (typeof key !== 'string') throw new Error(`Expected key with type string, got key of type ${key}`) if (signed_by) { - debug('key must be signed by', signed_by) + debug('[pushKey][validation][info] Key must be signed by', signed_by) key = await _validateSignature(key, signed_by); - debug('validated signature') + debug('[pushKey][success] Validated signature') } const parsedKey = await readKey({ armoredKey: key, @@ -88,9 +96,9 @@ const pushKey = async ({ `Key ${parsedKey.getFingerprint()} is not ${expect_fingerprint}`, ); else if (expect_fingerprint) - debug('fingerprint matches expected fingerprint') + debug('[success] Fingerprint matches expected fingerprint') else - debug('no expected fingerprint passed') + debug('[warn] No expected fingerprint passed') ids.push( parsedKey.getKeyID().toHex().replace(/ /g, ""), parsedKey.getFingerprint().replace(/ /g, ""), @@ -100,7 +108,10 @@ const pushKey = async ({ for (const id of ids) { keyStore.set(id, parsedKey); } - debug('added key', parsedKey, 'with ids', ids, 'to keystore') + debug('[success] Added key\n\n', { + key: parsedKey, + ids, + }) }; export const initKeystore = (async () => { await pushKey({ @@ -158,6 +169,7 @@ ZQ4KTbprMz8J4AD/bG33f9Kqg3AqehEyU2TldJs9U9Oni5AXGSGfKLJhmQc= is_url: true, signed_by: "canary-sigkey-signing", }); + debug('[success] keystore initialization completed') })(); export default keyStore; |