diff options
Diffstat (limited to 'src/routes/canaries')
| -rw-r--r-- | src/routes/canaries/keystore.ts | 96 |
1 files changed, 49 insertions, 47 deletions
diff --git a/src/routes/canaries/keystore.ts b/src/routes/canaries/keystore.ts index 788428d..af710ec 100644 --- a/src/routes/canaries/keystore.ts +++ b/src/routes/canaries/keystore.ts @@ -1,12 +1,10 @@ -import { PublicKey, readCleartextMessage, readKey, verify } from 'openpgp'; +import { PublicKey, readCleartextMessage, readKey, verify } from "openpgp"; export const keyStore = new Map<string, PublicKey>(); -export const validateSignature = async ( - message: string, - id: string, -) => { +export const validateSignature = async (message: string, id: string) => { + await initKeystore; id = id.toUpperCase(); - const key = keyStore.get(id) ?? keyStore.get(id.replace(/ /g, '')); - if (!key) throw new Error('Could not find key from keystore'); + const key = keyStore.get(id) ?? keyStore.get(id.replace(/ /g, "")); + if (!key) throw new Error("Could not find key from keystore"); const signedMessage = await readCleartextMessage({ cleartextMessage: message, }); @@ -17,19 +15,23 @@ export const validateSignature = async ( }); return verificationResult.data; }; -const pushKey = async ( - { ids, key, is_url, expectUserIds, signed_by }: { - ids?: string[]; - expectUserIds?: string[]; - key: string; - is_url?: boolean; - signed_by?: string; - }, -) => { +const pushKey = async ({ + ids, + key, + is_url, + expectUserIds, + signed_by, +}: { + ids?: string[]; + expectUserIds?: string[]; + key: string; + is_url?: boolean; + signed_by?: string; +}) => { ids = ids ?? []; if (is_url) { key = await fetch( - new URL(key, 'https://keys.openpgp.org/vks/v1/by-fingerprint/'), + new URL(key, "https://keys.openpgp.org/vks/v1/by-fingerprint/"), {}, ).then((v) => v.text()); } @@ -44,15 +46,15 @@ const pushKey = async ( expectUserIds?.filter((v) => !expectUserIds.includes(v)) ?? []; if (missingUserIds.length) { throw new Error( - `Key ${parsedKey.getFingerprint()} is missing User IDs: ${ - missingUserIds.join(', ') - }`, + `Key ${parsedKey.getFingerprint()} is missing User IDs: ${missingUserIds.join( + ", ", + )}`, ); } } ids.push( - parsedKey.getKeyID().toHex().replace(/ /g, ''), - parsedKey.getFingerprint().replace(/ /g, ''), + parsedKey.getKeyID().toHex().replace(/ /g, ""), + parsedKey.getFingerprint().replace(/ /g, ""), ...(expectUserIds ?? []), ); ids = ids.filter((v, i, a) => a.indexOf(v) === i).map((v) => v.toUpperCase()); @@ -60,18 +62,19 @@ const pushKey = async ( keyStore.set(id, parsedKey); } }; -await pushKey({ - key: 'B546778F06BBCC8EC167DB3CD919706487B8B6DE', - ids: ['memdmp'], - expectUserIds: [ - 'memdmp <memdmp@estrogen.zone>', - 'memdmp <memdmp@memeware.net>', - ], - is_url: true, -}); -await pushKey({ - // TODO: when primary memdmp key rotates, or when this key expires, replace this inline string with a new one - key: `-----BEGIN PGP SIGNED MESSAGE----- +export const initKeystore = (async () => { + await pushKey({ + key: "B546778F06BBCC8EC167DB3CD919706487B8B6DE", + ids: ["memdmp"], + expectUserIds: [ + "memdmp <memdmp@estrogen.zone>", + "memdmp <memdmp@memeware.net>", + ], + is_url: true, + }); + await pushKey({ + // TODO: when primary memdmp key rotates, or when this key expires, replace this inline string with a new one + key: `-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -----BEGIN PGP PUBLIC KEY BLOCK----- @@ -103,18 +106,17 @@ ZQ4KTbprMz8J4AD/bG33f9Kqg3AqehEyU2TldJs9U9Oni5AXGSGfKLJhmQc= =945T -----END PGP SIGNATURE----- `, - signed_by: 'memdmp <memdmp@memeware.net>', - ids: ['canary-sigkey-signing'], -}); -await pushKey({ - // TODO: adapt to the relevant url on current domain when up - key: 'https://files.catbox.moe/yf4x40.sig', - ids: ['napatha'], - expectUserIds: [ - 'chef naphtha <naphtha@kyun.host>', - ], - is_url: true, - signed_by: 'canary-sigkey-signing', -}); + signed_by: "memdmp <memdmp@memeware.net>", + ids: ["canary-sigkey-signing"], + }); + await pushKey({ + // TODO: adapt to the relevant url on current domain when up + key: "https://files.catbox.moe/yf4x40.sig", + ids: ["napatha"], + expectUserIds: ["chef naphtha <naphtha@kyun.host>"], + is_url: true, + signed_by: "canary-sigkey-signing", + }); +})(); export default keyStore; |