From 22c6c80310a8d3d3abbd1006598b4fbaec98ffd0 Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 22 Sep 2017 15:30:40 +0200 Subject: wkd: implement basic lookup of keys through wkd wkd is the web key directory. See the Readme.md in /lib/nickserver/wkd --- lib/nickserver/wkd/source.rb | 23 +++++++++++++++++++++-- lib/nickserver/wkd/url.rb | 3 +-- 2 files changed, 22 insertions(+), 4 deletions(-) (limited to 'lib/nickserver') diff --git a/lib/nickserver/wkd/source.rb b/lib/nickserver/wkd/source.rb index 01f376e..750d3fa 100644 --- a/lib/nickserver/wkd/source.rb +++ b/lib/nickserver/wkd/source.rb @@ -1,5 +1,7 @@ require 'nickserver/source' require 'nickserver/response' +require 'nickserver/wkd/url' +require 'nickserver/hkp/response' module Nickserver module Wkd @@ -7,10 +9,27 @@ module Nickserver def query(email) url = Url.new(email) - status, body = adapter.get url - return Nickserver::Response.new(status, body) + status, blob = adapter.get url + Hkp::Response.new(email.to_s, armor_key(blob)) if status == 200 end + protected + + def armor_key(blob) + header + encode(blob) + footer + end + + def encode(blob) + Base64.strict_encode64(blob).scan(/.{1,64}/).join "\n" + end + + def header + "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\n" + end + + def footer + "\n-----END PGP PUBLIC KEY BLOCK-----\n" + end end end end diff --git a/lib/nickserver/wkd/url.rb b/lib/nickserver/wkd/url.rb index 965e7ec..1670628 100644 --- a/lib/nickserver/wkd/url.rb +++ b/lib/nickserver/wkd/url.rb @@ -11,8 +11,7 @@ module Nickserver end def to_s - "https://#{domain}/.well-known/openpgpkey" + - "/hu/#{domain}/#{encoded_digest}" + "https://#{domain}/.well-known/openpgpkey/hu/#{encoded_digest}" end protected -- cgit v1.2.3 From 40916407517f4bdb75a295caf29e02d4f403349b Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 23 Sep 2017 11:07:32 +0200 Subject: style: rubocop mostly auto-correct --- lib/nickserver/adapters/celluloid_http.rb | 2 +- lib/nickserver/adapters/http.rb | 26 ++++---- lib/nickserver/config.rb | 47 ++++++------- lib/nickserver/couch_db/response.rb | 5 +- lib/nickserver/couch_db/source.rb | 9 ++- lib/nickserver/daemon.rb | 78 ++++++++++------------ lib/nickserver/dispatcher.rb | 18 +++-- lib/nickserver/email_address.rb | 2 - lib/nickserver/handler_chain.rb | 5 +- lib/nickserver/hkp/client.rb | 31 ++++----- lib/nickserver/hkp/key_info.rb | 13 ++-- lib/nickserver/hkp/parse_key_info.rb | 19 +++--- lib/nickserver/hkp/response.rb | 2 - lib/nickserver/hkp/source.rb | 29 ++++---- lib/nickserver/hkp/v_index_response.rb | 15 ++--- lib/nickserver/logging_responder.rb | 1 - lib/nickserver/nicknym/source.rb | 4 +- lib/nickserver/reel_server.rb | 6 +- lib/nickserver/request.rb | 4 +- lib/nickserver/request_handlers/base.rb | 3 +- .../request_handlers/fingerprint_handler.rb | 2 - .../request_handlers/hkp_email_handler.rb | 2 - .../request_handlers/invalid_email_handler.rb | 3 +- .../request_handlers/leap_email_handler.rb | 2 - .../request_handlers/local_email_handler.rb | 2 - lib/nickserver/response.rb | 1 - lib/nickserver/server.rb | 5 +- lib/nickserver/source.rb | 1 - lib/nickserver/version.rb | 2 +- lib/nickserver/wkd/source.rb | 42 ++++++------ lib/nickserver/wkd/url.rb | 1 - 31 files changed, 162 insertions(+), 220 deletions(-) (limited to 'lib/nickserver') diff --git a/lib/nickserver/adapters/celluloid_http.rb b/lib/nickserver/adapters/celluloid_http.rb index 62f905f..cdcc493 100644 --- a/lib/nickserver/adapters/celluloid_http.rb +++ b/lib/nickserver/adapters/celluloid_http.rb @@ -4,6 +4,7 @@ silence_warnings do end module Nickserver::Adapters + # HTTP Adapter using Celluloid::IO class CelluloidHttp < Http silence_warnings do include Celluloid::IO @@ -14,6 +15,5 @@ module Nickserver::Adapters def default_options super.merge ssl_socket_class: Celluloid::IO::SSLSocket end - end end diff --git a/lib/nickserver/adapters/http.rb b/lib/nickserver/adapters/http.rb index eb77cc6..a759e53 100644 --- a/lib/nickserver/adapters/http.rb +++ b/lib/nickserver/adapters/http.rb @@ -2,22 +2,20 @@ require 'nickserver/adapters' require 'nickserver/config' require 'http' -# Nickserver::Adapters::Http -# -# Basic http adapter with ssl and minimal error handling. -# Only implemented get requests so far. -# -# Error Handling: -# -# Pass a string as the 'rescue' option. If a ConnectionError occures -# which includes the string passed it will be rescued and the request -# will return nil. This allows handling the error inside the adapter so -# that for the derived CelluloidHttp Adapter the actor does not get -# killed. - module Nickserver::Adapters + # Nickserver::Adapters::Http + # + # Basic http adapter with ssl and minimal error handling. + # Only implemented get requests so far. + # + # Error Handling: + # + # Pass a string as the 'rescue' option. If a ConnectionError occures + # which includes the string passed it will be rescued and the request + # will return nil. This allows handling the error inside the adapter so + # that for the derived CelluloidHttp Adapter the actor does not get + # killed. class Http - def get(url, options = {}) url = HTTP::URI.parse url.to_s response = get_with_auth url, params: options[:query] diff --git a/lib/nickserver/config.rb b/lib/nickserver/config.rb index b1def7c..62623c1 100644 --- a/lib/nickserver/config.rb +++ b/lib/nickserver/config.rb @@ -5,7 +5,7 @@ module Nickserver PATHS = [ File.expand_path('../../../config/default.yml', __FILE__), '/etc/nickserver.yml' - ] + ].freeze class << self attr_accessor :hkp_url @@ -29,22 +29,21 @@ module Nickserver def self.load self.loaded ||= begin PATHS.each do |file_path| - self.load_config(file_path) + load_config(file_path) end true end - self.validate + validate end def self.couch_url - [ 'http://', - couch_auth, - couch_host, - ':', - couch_port, - '/', - couch_database - ].join + ['http://', + couch_auth, + couch_host, + ':', + couch_port, + '/', + couch_database].join end def self.couch_auth @@ -70,22 +69,20 @@ module Nickserver end def self.load_config(file_path) - begin - YAML.load(File.read(file_path)).each do |key, value| - begin - self.send("#{key}=", value) - rescue NoMethodError - STDERR.puts "ERROR in file #{file_path}, '#{key}' is not a valid option" - exit(1) - end + YAML.safe_load(File.read(file_path)).each do |key, value| + begin + send("#{key}=", value) + rescue NoMethodError + STDERR.puts "ERROR in file #{file_path}, '#{key}' is not a valid option" + exit(1) end - puts "Loaded #{file_path}" if Config.verbose - rescue Errno::ENOENT => exc - puts "Skipping #{file_path}" if Config.verbose - rescue Exception => exc - STDERR.puts exc.inspect - exit(1) end + puts "Loaded #{file_path}" if Config.verbose + rescue Errno::ENOENT => exc + puts "Skipping #{file_path}" if Config.verbose + rescue Exception => exc + STDERR.puts exc.inspect + exit(1) end end end diff --git a/lib/nickserver/couch_db/response.rb b/lib/nickserver/couch_db/response.rb index fe482a8..eae5cc1 100644 --- a/lib/nickserver/couch_db/response.rb +++ b/lib/nickserver/couch_db/response.rb @@ -3,7 +3,6 @@ require 'json' module Nickserver::CouchDB class Response - def initialize(nick, couch_response = {}) @nick = nick @couch_status = couch_response[:status] @@ -39,7 +38,7 @@ module Nickserver::CouchDB end def key - rows.first["value"] + rows.first['value'] end def ok? @@ -51,7 +50,7 @@ module Nickserver::CouchDB end def rows - json["rows"] + json['rows'] end attr_reader :couch_status, :json, :nick diff --git a/lib/nickserver/couch_db/source.rb b/lib/nickserver/couch_db/source.rb index dd29c2a..b7531e4 100644 --- a/lib/nickserver/couch_db/source.rb +++ b/lib/nickserver/couch_db/source.rb @@ -9,9 +9,8 @@ module Nickserver::CouchDB class Error < StandardError; end class Source < Nickserver::Source - - VIEW = '/_design/Identity/_view/pgp_key_by_email' - UNEXPECTED_RESPONSE_CODES = [401, 500] + VIEW = '/_design/Identity/_view/pgp_key_by_email'.freeze + UNEXPECTED_RESPONSE_CODES = [401, 500].freeze def query(nick) status, body = adapter.get url, query: query_for(nick) @@ -23,7 +22,7 @@ module Nickserver::CouchDB def handle_unexpected_responses(status, body) if UNEXPECTED_RESPONSE_CODES.include? status - raise Error.new("Couch responded with #{status}: #{body}") + raise Error, "Couch responded with #{status}: #{body}" end end @@ -32,7 +31,7 @@ module Nickserver::CouchDB end def query_for(nick) - { reduce: "false", key: "\"#{nick}\"" } + { reduce: 'false', key: "\"#{nick}\"" } end attr_reader :config diff --git a/lib/nickserver/daemon.rb b/lib/nickserver/daemon.rb index 12ed30e..06e0720 100644 --- a/lib/nickserver/daemon.rb +++ b/lib/nickserver/daemon.rb @@ -1,5 +1,5 @@ -require "nickserver/version" -require "nickserver/config" +require 'nickserver/version' +require 'nickserver/config' require 'etc' require 'fileutils' @@ -10,9 +10,8 @@ require 'fileutils' module Nickserver class Daemon - def self.run(name, &block) - self.new.run(name, &block) + new.run(name, &block) end def run(name, &block) @@ -38,9 +37,7 @@ module Nickserver if username != 'root' if Process::Sys.getuid == 0 Process::Sys.setuid(Etc.getpwnam(username).uid) - if root? - bail "failed to drop permissions" - end + bail 'failed to drop permissions' if root? else bail "cannot change process uid to #{username}" end @@ -48,13 +45,11 @@ module Nickserver end def root? - begin - Process::Sys.setuid(0) - rescue Errno::EPERM - false - else - true - end + Process::Sys.setuid(0) + rescue Errno::EPERM + false + else + true end # @@ -62,7 +57,7 @@ module Nickserver # def daemonize - return bail("Process is already started") if daemon_running? + return bail('Process is already started') if daemon_running? _pid = fork do exit if fork Process.setsid @@ -71,7 +66,7 @@ module Nickserver catch_signals redirect_output drop_permissions_to(Config.user) if Config.user - File.umask 0000 + File.umask 0o000 yield end end @@ -99,11 +94,7 @@ module Nickserver def pid_from_file(file) pid = IO.read(file).chomp - if pid != "" - pid.to_i - else - nil - end + pid.to_i if pid != '' end def kill_pid @@ -134,10 +125,10 @@ module Nickserver # stop when we should # def catch_signals - ["SIGTERM", "SIGINT", "SIGHUP"].each do |signal| - Signal.trap(signal) { + %w[SIGTERM SIGINT SIGHUP].each do |signal| + Signal.trap(signal) do exit - } + end end end @@ -149,15 +140,15 @@ module Nickserver puts msg puts puts "Usage: #{@name} [OPTION] COMMAND" - puts "COMMAND is one of: start, stop, restart, status, version, foreground" - puts "OPTION is one of: --verbose" + puts 'COMMAND is one of: start, stop, restart, status, version, foreground' + puts 'OPTION is one of: --verbose' puts exit 1 end def bail(msg) puts "#{@name.capitalize} ERROR: #{msg}." - puts "Bailing out." + puts 'Bailing out.' exit(1) end @@ -167,9 +158,9 @@ module Nickserver # def redirect_output if log_path = Config.log_file - FileUtils.mkdir_p File.dirname(log_path), mode: 0755 + FileUtils.mkdir_p File.dirname(log_path), mode: 0o755 FileUtils.touch log_path - File.chmod(0600, log_path) + File.chmod(0o600, log_path) if Config.user && Process::Sys.getuid == 0 FileUtils.chown(Config.user, nil, log_path) end @@ -195,10 +186,10 @@ module Nickserver # Runs until the block condition is met or the timeout_seconds is exceeded # until_true(10) { ...return_condition... } # - def until_true(timeout_seconds=MAX_WAIT, &block) + def until_true(timeout_seconds = MAX_WAIT) elapsed_seconds = 0 interval = 0.5 - while elapsed_seconds < timeout_seconds && block.call != true + while elapsed_seconds < timeout_seconds && yield != true elapsed_seconds += interval sleep(interval) end @@ -208,18 +199,18 @@ module Nickserver def parse_options loop do case ARGV[0] - when 'start' then ARGV.shift; @command = :start - when 'stop' then ARGV.shift; @command = :stop - when 'restart' then ARGV.shift; @command = :restart - when 'status' then ARGV.shift; @command = :status - when 'version' then ARGV.shift; @command = :version - when 'foreground' then ARGV.shift; @command = :foreground - when '--verbose' then ARGV.shift; Config.verbose = true - when /^-/ then override_default_config(ARGV.shift, ARGV.shift) - else break + when 'start' then ARGV.shift; @command = :start + when 'stop' then ARGV.shift; @command = :stop + when 'restart' then ARGV.shift; @command = :restart + when 'status' then ARGV.shift; @command = :status + when 'version' then ARGV.shift; @command = :version + when 'foreground' then ARGV.shift; @command = :foreground + when '--verbose' then ARGV.shift; Config.verbose = true + when /^-/ then override_default_config(ARGV.shift, ARGV.shift) + else break end end - usage("Missing command") unless @command + usage('Missing command') unless @command end def override_default_config(flag, value) @@ -251,8 +242,8 @@ module Nickserver end end - def command_foreground(&block) - trap("INT") do + def command_foreground + trap('INT') do puts "\nShutting down..." exit(0) end @@ -285,6 +276,5 @@ module Nickserver exit(1) # must exit non-zero if not running end end - end end diff --git a/lib/nickserver/dispatcher.rb b/lib/nickserver/dispatcher.rb index dfd53e5..99f06c3 100644 --- a/lib/nickserver/dispatcher.rb +++ b/lib/nickserver/dispatcher.rb @@ -23,7 +23,6 @@ require 'nickserver/request_handlers/fingerprint_handler' module Nickserver class Dispatcher - def initialize(responder, adapter = nil) @responder = responder @adapter = adapter @@ -49,23 +48,22 @@ module Nickserver def init_handler_chain chain = HandlerChain.new RequestHandlers::InvalidEmailHandler, - RequestHandlers::LocalEmailHandler, - RequestHandlers::LeapEmailHandler, - RequestHandlers::HkpEmailHandler, - RequestHandlers::FingerprintHandler, - Proc.new { proxy_error_response }, - Proc.new { Nickserver::Response.new(404, "404 Not Found\n") } + RequestHandlers::LocalEmailHandler, + RequestHandlers::LeapEmailHandler, + RequestHandlers::HkpEmailHandler, + RequestHandlers::FingerprintHandler, + proc { proxy_error_response }, + proc { Nickserver::Response.new(404, "404 Not Found\n") } chain.continue_on HTTP::ConnectionError - return chain + chain end def proxy_error_response exc = handler_chain.rescued_exceptions.first if exc Nickserver::Response.new 502, - JSON.dump(error: exc.to_s) + JSON.dump(error: exc.to_s) end end - end end diff --git a/lib/nickserver/email_address.rb b/lib/nickserver/email_address.rb index 20f642c..5dfd931 100644 --- a/lib/nickserver/email_address.rb +++ b/lib/nickserver/email_address.rb @@ -1,6 +1,5 @@ module Nickserver class EmailAddress - REGEXP = begin qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]' dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]' @@ -48,6 +47,5 @@ module Nickserver protected attr_reader :address - end end diff --git a/lib/nickserver/handler_chain.rb b/lib/nickserver/handler_chain.rb index afc24a5..843313e 100644 --- a/lib/nickserver/handler_chain.rb +++ b/lib/nickserver/handler_chain.rb @@ -14,7 +14,6 @@ module Nickserver class HandlerChain - def initialize(*handlers) @handlers = handlers @exceptions_to_rescue = [] @@ -27,7 +26,7 @@ module Nickserver def handle(*args) result = nil - _handled_by = @handlers.find{|h| result = try_handler(h, *args)} + _handled_by = @handlers.find { |h| result = try_handler(h, *args) } result end @@ -41,7 +40,7 @@ module Nickserver def try_handler(handler, *args) result = handler.call(*args) rescue *exceptions_to_rescue - self.rescued_exceptions << $! + rescued_exceptions << $ERROR_INFO result = false end end diff --git a/lib/nickserver/hkp/client.rb b/lib/nickserver/hkp/client.rb index d53daad..3dbb1de 100644 --- a/lib/nickserver/hkp/client.rb +++ b/lib/nickserver/hkp/client.rb @@ -1,18 +1,15 @@ require 'nickserver/hkp' -# -# Client for the HKP protocol. -# -# This is not a complete implementation - only the parts we need. -# Instantiate with an adapter that will take care of the http requests. -# -# For each request we yield http_status and the response content just -# like the adapter does. - - -module Nickserver; module Hkp +module Nickserver::Hkp + # + # Client for the HKP protocol. + # + # This is not a complete implementation - only the parts we need. + # Instantiate with an adapter that will take care of the http requests. + # + # For each request we yield http_status and the response content just + # like the adapter does. class Client - def initialize(adapter) @adapter = adapter end @@ -20,7 +17,7 @@ module Nickserver; module Hkp # # used to fetch an array of KeyInfo objects that match the given email # - def get_key_infos_by_email(email, &block) + def get_key_infos_by_email(email) get op: 'vindex', search: email.to_s, fingerprint: 'on' end @@ -28,7 +25,7 @@ module Nickserver; module Hkp # fetches ascii armored OpenPGP public key from the keyserver # def get_key_by_fingerprint(fingerprint) - get op: 'get', search: "0x" + fingerprint + get op: 'get', search: '0x' + fingerprint end protected @@ -37,9 +34,9 @@ module Nickserver; module Hkp def get(query) # in practice, exact=on seems to have no effect - query = {exact: 'on', options: 'mr'}.merge query + query = { exact: 'on', options: 'mr' }.merge query response = adapter.get Config.hkp_url, query: query - return response + response end end -end; end +end diff --git a/lib/nickserver/hkp/key_info.rb b/lib/nickserver/hkp/key_info.rb index d4ecf10..ed38643 100644 --- a/lib/nickserver/hkp/key_info.rb +++ b/lib/nickserver/hkp/key_info.rb @@ -32,26 +32,22 @@ module Nickserver::Hkp def creationdate @creationdate ||= begin - if @creationdate_s - Time.at(@creationdate_s.to_i) - end + Time.at(@creationdate_s.to_i) if @creationdate_s end end def expirationdate @expirationdate ||= begin - if @expirationdate_s - Time.at(@expirationdate_s.to_i) - end + Time.at(@expirationdate_s.to_i) if @expirationdate_s end end def rsa? - @algo == "1" + @algo == '1' end def dsa? - @algo == "17" + @algo == '17' end def revoked? @@ -66,5 +62,4 @@ module Nickserver::Hkp @flags =~ /e/ end end - end diff --git a/lib/nickserver/hkp/parse_key_info.rb b/lib/nickserver/hkp/parse_key_info.rb index 2f928a0..09dc69e 100644 --- a/lib/nickserver/hkp/parse_key_info.rb +++ b/lib/nickserver/hkp/parse_key_info.rb @@ -5,9 +5,8 @@ # Parsing a response with 12 keys and validating them takes 2ms. # So no need for memoization and making things more complex. # -module Nickserver; module Hkp +module Nickserver::Hkp class ParseKeyInfo - # for this regexp to work, the source text must end in a trailing "\n", # which the output of sks does. MATCH_PUB_KEY = /(^pub:.+?\n(^uid:.+?\n)+)/m @@ -47,7 +46,7 @@ module Nickserver; module Hkp if errors(uid).any? error_messages(uid).join "\n" else - "Could not fetch keyinfo." + 'Could not fetch keyinfo.' end end @@ -63,7 +62,7 @@ module Nickserver; module Hkp end def errors(uid) - key_infos(uid).map{|key| error_for_key(key) }.compact + key_infos(uid).map { |key| error_for_key(key) }.compact end def error_messages(uid) @@ -97,16 +96,16 @@ module Nickserver; module Hkp def error_for_key(key) if key.keylen < 2048 - "key length is too short." + 'key length is too short.' elsif key.expired? - "key expired." + 'key expired.' elsif key.revoked? - "key revoked." + 'key revoked.' elsif key.disabled? - "key disabled." + 'key disabled.' elsif key.expirationdate && key.expirationdate < Time.now - "key expired" + 'key expired' end end end -end; end +end diff --git a/lib/nickserver/hkp/response.rb b/lib/nickserver/hkp/response.rb index c52e25f..2cc69d3 100644 --- a/lib/nickserver/hkp/response.rb +++ b/lib/nickserver/hkp/response.rb @@ -1,6 +1,5 @@ module Nickserver::Hkp class Response - attr_reader :status, :content def initialize(uid, key) @@ -13,6 +12,5 @@ module Nickserver::Hkp def format_response(map) map.to_json end - end end diff --git a/lib/nickserver/hkp/source.rb b/lib/nickserver/hkp/source.rb index 82c94a0..d7c86a3 100644 --- a/lib/nickserver/hkp/source.rb +++ b/lib/nickserver/hkp/source.rb @@ -2,24 +2,21 @@ require 'nickserver/source' require 'nickserver/response' require 'nickserver/hkp/response' require 'nickserver/hkp/client' -require "nickserver/hkp/parse_key_info" -require "nickserver/hkp/key_info" - - -# -# Fetch keys via HKP -# http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00 -# - -module Nickserver; module Hkp +require 'nickserver/hkp/parse_key_info' +require 'nickserver/hkp/key_info' + +module Nickserver::Hkp + # + # Fetch keys via HKP + # http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00 + # class Source < Nickserver::Source - def query(nick) status, response = search(nick) if status == 200 best = pick_best_key(response) get_key_by_fingerprint(best.keyid, nick) - elsif status != 404 # 404 means no key found and we proceed + elsif status != 404 # 404 means no key found and we proceed Nickserver::Response.new(status, response) end end @@ -27,7 +24,7 @@ module Nickserver; module Hkp def search(nick) status, response = client.get_key_infos_by_email(nick) parser = ParseKeyInfo.new status, response - return parser.status_for(nick), parser.response_for(nick) + [parser.status_for(nick), parser.response_for(nick)] end def get_key_by_fingerprint(fingerprint, nick = nil) @@ -35,7 +32,7 @@ module Nickserver; module Hkp if status == 200 Response.new nick, response else - Nickserver::Response.new status, "HKP Request failed" + Nickserver::Response.new status, 'HKP Request failed' end end @@ -48,11 +45,11 @@ module Nickserver; module Hkp # that is signed by the oldest key. # def pick_best_key(key_info_list) - key_info_list.sort {|a,b| a.creationdate <=> b.creationdate}.last + key_info_list.sort_by(&:creationdate).last end def client @client ||= Client.new(adapter) end end -end; end +end diff --git a/lib/nickserver/hkp/v_index_response.rb b/lib/nickserver/hkp/v_index_response.rb index 865d476..a2a7b0d 100644 --- a/lib/nickserver/hkp/v_index_response.rb +++ b/lib/nickserver/hkp/v_index_response.rb @@ -9,7 +9,6 @@ require 'nickserver/hkp/key_info' # So no need for memoization and making things more complex. module Nickserver::Hkp class VIndexResponse - # for this regexp to work, the source text must end in a trailing "\n", # which the output of sks does. MATCH_PUB_KEY = /(^pub:.+?\n(^uid:.+?\n)+)/m @@ -36,7 +35,7 @@ module Nickserver::Hkp if errors.any? error_messages.join "\n" else - "Could not fetch keyinfo." + 'Could not fetch keyinfo.' end end @@ -53,7 +52,7 @@ module Nickserver::Hkp end def errors - key_infos.map{|key| error_for_key(key) }.compact + key_infos.map { |key| error_for_key(key) }.compact end def error_messages @@ -81,15 +80,15 @@ module Nickserver::Hkp def error_for_key(key) if key.keylen < 2048 - "key length is too short." + 'key length is too short.' elsif key.expired? - "key expired." + 'key expired.' elsif key.revoked? - "key revoked." + 'key revoked.' elsif key.disabled? - "key disabled." + 'key disabled.' elsif key.expirationdate && key.expirationdate < Time.now - "key expired" + 'key expired' end end end diff --git a/lib/nickserver/logging_responder.rb b/lib/nickserver/logging_responder.rb index 6eb756f..08a9ce7 100644 --- a/lib/nickserver/logging_responder.rb +++ b/lib/nickserver/logging_responder.rb @@ -1,6 +1,5 @@ module Nickserver class LoggingResponder - def initialize(responder, logger) @responder = responder @logger = logger diff --git a/lib/nickserver/nicknym/source.rb b/lib/nickserver/nicknym/source.rb index f49547e..9c2d8c4 100644 --- a/lib/nickserver/nicknym/source.rb +++ b/lib/nickserver/nicknym/source.rb @@ -9,13 +9,13 @@ module Nickserver def available_for?(domain) status, body = adapter.get "https://#{domain}/provider.json", - rescue: 'failed to connect: getaddrinfo' + rescue: 'failed to connect: getaddrinfo' status == 200 && provider_with_mx?(body) end def query(email) status, body = nicknym_get email.domain, address: email.to_s - return Nickserver::Response.new(status, body) + Nickserver::Response.new(status, body) end protected diff --git a/lib/nickserver/reel_server.rb b/lib/nickserver/reel_server.rb index db38e50..f7cc3b0 100644 --- a/lib/nickserver/reel_server.rb +++ b/lib/nickserver/reel_server.rb @@ -9,14 +9,13 @@ require 'nickserver/logging_responder' module Nickserver class ReelServer < Reel::Server::HTTP - DEFAULT_ADAPTER_CLASS = Nickserver::Adapters::CelluloidHttp def self.start(options = {}) new(options[:host], options[:port]) end - def initialize(host = "127.0.0.1", port = 3000) + def initialize(host = '127.0.0.1', port = 3000) Celluloid.logger = logger super(host, port, &method(:on_connection)) end @@ -33,7 +32,6 @@ module Nickserver end end - protected def handle_request(request) @@ -44,7 +42,7 @@ module Nickserver end end rescue StandardError - request.respond 500, "{}" + request.respond 500, '{}' end def logging_request(request) diff --git a/lib/nickserver/request.rb b/lib/nickserver/request.rb index c21c280..0d6dab6 100644 --- a/lib/nickserver/request.rb +++ b/lib/nickserver/request.rb @@ -6,11 +6,11 @@ module Nickserver end def email - param("address") + param('address') end def fingerprint - param("fingerprint") + param('fingerprint') end def domain diff --git a/lib/nickserver/request_handlers/base.rb b/lib/nickserver/request_handlers/base.rb index 495a6da..a33e772 100644 --- a/lib/nickserver/request_handlers/base.rb +++ b/lib/nickserver/request_handlers/base.rb @@ -1,7 +1,6 @@ module Nickserver module RequestHandlers class Base - def self.call(request, adapter = nil) new(request, adapter).handle end @@ -12,8 +11,8 @@ module Nickserver end protected + attr_reader :request, :adapter end end end - diff --git a/lib/nickserver/request_handlers/fingerprint_handler.rb b/lib/nickserver/request_handlers/fingerprint_handler.rb index ac3c3c8..4917338 100644 --- a/lib/nickserver/request_handlers/fingerprint_handler.rb +++ b/lib/nickserver/request_handlers/fingerprint_handler.rb @@ -5,7 +5,6 @@ require 'nickserver/error_response' module Nickserver module RequestHandlers class FingerprintHandler < Base - def handle return unless fingerprint if fingerprint.length == 40 && !fingerprint[/\H/] @@ -24,7 +23,6 @@ module Nickserver def source Nickserver::Hkp::Source.new adapter end - end end end diff --git a/lib/nickserver/request_handlers/hkp_email_handler.rb b/lib/nickserver/request_handlers/hkp_email_handler.rb index 393ef87..3d39a4e 100644 --- a/lib/nickserver/request_handlers/hkp_email_handler.rb +++ b/lib/nickserver/request_handlers/hkp_email_handler.rb @@ -4,7 +4,6 @@ require 'nickserver/hkp/source' module Nickserver module RequestHandlers class HkpEmailHandler < Base - def handle source.query(email) if request.email end @@ -18,7 +17,6 @@ module Nickserver def source Nickserver::Hkp::Source.new adapter end - end end end diff --git a/lib/nickserver/request_handlers/invalid_email_handler.rb b/lib/nickserver/request_handlers/invalid_email_handler.rb index bb98f65..3a6cfa0 100644 --- a/lib/nickserver/request_handlers/invalid_email_handler.rb +++ b/lib/nickserver/request_handlers/invalid_email_handler.rb @@ -5,10 +5,9 @@ require 'nickserver/error_response' module Nickserver module RequestHandlers class InvalidEmailHandler < Base - def handle return unless request.email - ErrorResponse.new("Not a valid address") if email.invalid? + ErrorResponse.new('Not a valid address') if email.invalid? end protected diff --git a/lib/nickserver/request_handlers/leap_email_handler.rb b/lib/nickserver/request_handlers/leap_email_handler.rb index bc3ddef..d202e15 100644 --- a/lib/nickserver/request_handlers/leap_email_handler.rb +++ b/lib/nickserver/request_handlers/leap_email_handler.rb @@ -5,7 +5,6 @@ require 'nickserver/nicknym/source' module Nickserver module RequestHandlers class LeapEmailHandler < Base - def handle source.query(email) if request.email && remote_email? && nicknym_email? end @@ -31,7 +30,6 @@ module Nickserver def domain Config.domain || request.domain end - end end end diff --git a/lib/nickserver/request_handlers/local_email_handler.rb b/lib/nickserver/request_handlers/local_email_handler.rb index 08147a0..bed26bd 100644 --- a/lib/nickserver/request_handlers/local_email_handler.rb +++ b/lib/nickserver/request_handlers/local_email_handler.rb @@ -5,7 +5,6 @@ require 'nickserver/couch_db/source' module Nickserver module RequestHandlers class LocalEmailHandler < Base - def handle source.query(email) if request.email && email.domain?(domain) end @@ -23,7 +22,6 @@ module Nickserver def source Nickserver::CouchDB::Source.new adapter end - end end end diff --git a/lib/nickserver/response.rb b/lib/nickserver/response.rb index 372da36..9aef3af 100644 --- a/lib/nickserver/response.rb +++ b/lib/nickserver/response.rb @@ -1,6 +1,5 @@ module Nickserver class Response - attr_reader :status, :body def initialize(status, body) diff --git a/lib/nickserver/server.rb b/lib/nickserver/server.rb index 2139029..ff1d362 100644 --- a/lib/nickserver/server.rb +++ b/lib/nickserver/server.rb @@ -10,7 +10,6 @@ require 'nickserver/reel_server' # module Nickserver class Server - # # Starts the Nickserver. # @@ -19,7 +18,7 @@ module Nickserver # * :port (default Nickserver::Config.port) # * :host (default 127.0.0.1) # - def self.start(opts={}) + def self.start(opts = {}) Nickserver::Config.load options = { host: '127.0.0.1', @@ -32,7 +31,5 @@ module Nickserver Nickserver::ReelServer.start(options) end - - end end diff --git a/lib/nickserver/source.rb b/lib/nickserver/source.rb index 934407a..d7f4d12 100644 --- a/lib/nickserver/source.rb +++ b/lib/nickserver/source.rb @@ -1,6 +1,5 @@ module Nickserver class Source - def initialize(adapter = nil) @adapter = adapter end diff --git a/lib/nickserver/version.rb b/lib/nickserver/version.rb index 9811fb5..67f2b2a 100644 --- a/lib/nickserver/version.rb +++ b/lib/nickserver/version.rb @@ -1,3 +1,3 @@ module Nickserver - VERSION = "0.10.0" + VERSION = '0.10.0'.freeze end diff --git a/lib/nickserver/wkd/source.rb b/lib/nickserver/wkd/source.rb index 750d3fa..b994c6c 100644 --- a/lib/nickserver/wkd/source.rb +++ b/lib/nickserver/wkd/source.rb @@ -3,33 +3,31 @@ require 'nickserver/response' require 'nickserver/wkd/url' require 'nickserver/hkp/response' -module Nickserver - module Wkd - class Source < Nickserver::Source - - def query(email) - url = Url.new(email) - status, blob = adapter.get url - Hkp::Response.new(email.to_s, armor_key(blob)) if status == 200 - end +module Nickserver::Wkd + # Query the web key directory for a given email address + class Source < Nickserver::Source + def query(email) + url = Url.new(email) + status, blob = adapter.get url + Hkp::Response.new(email.to_s, armor_key(blob)) if status == 200 + end - protected + protected - def armor_key(blob) - header + encode(blob) + footer - end + def armor_key(blob) + header + encode(blob) + footer + end - def encode(blob) - Base64.strict_encode64(blob).scan(/.{1,64}/).join "\n" - end + def encode(blob) + Base64.strict_encode64(blob).scan(/.{1,64}/).join "\n" + end - def header - "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\n" - end + def header + "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\n" + end - def footer - "\n-----END PGP PUBLIC KEY BLOCK-----\n" - end + def footer + "\n-----END PGP PUBLIC KEY BLOCK-----\n" end end end diff --git a/lib/nickserver/wkd/url.rb b/lib/nickserver/wkd/url.rb index 1670628..6530efc 100644 --- a/lib/nickserver/wkd/url.rb +++ b/lib/nickserver/wkd/url.rb @@ -4,7 +4,6 @@ require 'zbase32' module Nickserver module Wkd class Url - def initialize(email) @domain = email.domain.downcase @local_part = email.local_part.downcase -- cgit v1.2.3 From f40ef14010af08c49810c0a6a2349072948170e6 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 23 Sep 2017 13:43:29 +0200 Subject: style: more rubocop fixes --- lib/nickserver/handler_chain.rb | 2 + lib/nickserver/hkp/client.rb | 3 +- lib/nickserver/hkp/key_info.rb | 76 ++++++++++++++++++++++-------------- lib/nickserver/hkp/parse_key_info.rb | 14 +++---- lib/nickserver/wkd/source.rb | 4 +- lib/nickserver/wkd/url.rb | 35 ++++++++--------- 6 files changed, 78 insertions(+), 56 deletions(-) (limited to 'lib/nickserver') diff --git a/lib/nickserver/handler_chain.rb b/lib/nickserver/handler_chain.rb index 843313e..f685a2e 100644 --- a/lib/nickserver/handler_chain.rb +++ b/lib/nickserver/handler_chain.rb @@ -1,3 +1,5 @@ +require 'English' + # # Handler Chain # diff --git a/lib/nickserver/hkp/client.rb b/lib/nickserver/hkp/client.rb index 3dbb1de..d632a36 100644 --- a/lib/nickserver/hkp/client.rb +++ b/lib/nickserver/hkp/client.rb @@ -1,4 +1,5 @@ require 'nickserver/hkp' +require 'nickserver/config' module Nickserver::Hkp # @@ -35,7 +36,7 @@ module Nickserver::Hkp def get(query) # in practice, exact=on seems to have no effect query = { exact: 'on', options: 'mr' }.merge query - response = adapter.get Config.hkp_url, query: query + response = adapter.get Nickserver::Config.hkp_url, query: query response end end diff --git a/lib/nickserver/hkp/key_info.rb b/lib/nickserver/hkp/key_info.rb index ed38643..5c8b845 100644 --- a/lib/nickserver/hkp/key_info.rb +++ b/lib/nickserver/hkp/key_info.rb @@ -1,65 +1,83 @@ require 'cgi' require 'nickserver/hkp' -# -# Class to represent the key information result from a query to a key server -# (but not the key itself). -# -# The initialize method parses the hkp 'machine readable' output. -# -# format definition of machine readable index output is here: -# http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5.2 -# module Nickserver::Hkp + # + # Class to represent the key information result from a query to a key server + # (but not the key itself). + # + # The initialize method parses the hkp 'machine readable' output. + # + # format definition of machine readable index output is here: + # http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5.2 + # class KeyInfo - attr_accessor :uids, :keyid, :algo, :flags + attr_accessor :uids def initialize(hkp_record) uid_lines = hkp_record.split("\n") pub_line = uid_lines.shift - @keyid, @algo, @keylen_s, @creationdate_s, @expirationdate_s, @flags = pub_line.split(':')[1..-1] - @uids = [] - uid_lines.each do |uid_line| - uid, _creationdate, _expirationdate, _flags = uid_line.split(':')[1..-1] - # for now, ignore the expirationdate and flags of uids. sks does return them anyway - @uids << CGI.unescape(uid.sub(/.*<(.+)>.*/, '\1')) - end + @properties = pub_line.split(':')[1..-1] + @uids = extract_uids(uid_lines) + end + + def keyid + properties.first + end + + def algo + properties.second end def keylen - @keylen ||= @keylen_s.to_i + properties[2].to_i end def creationdate - @creationdate ||= begin - Time.at(@creationdate_s.to_i) if @creationdate_s - end + created = properties[3] + Time.at(created.to_i) end def expirationdate - @expirationdate ||= begin - Time.at(@expirationdate_s.to_i) if @expirationdate_s - end + expires = properties[4] + Time.at(expires.to_i) + end + + def flags + properties.last end def rsa? - @algo == '1' + algo == '1' end def dsa? - @algo == '17' + algo == '17' end def revoked? - @flags =~ /r/ + flags =~ /r/ end def disabled? - @flags =~ /d/ + flags =~ /d/ end def expired? - @flags =~ /e/ + flags =~ /e/ + end + + protected + + attr_reader :properties + + def extract_uids(uid_lines) + uid_lines.map do |uid_line| + # for now, ignore the expirationdate and flags of uids. + # sks does return them anyway + uid, _creationdate, _expirationdate, _flags = uid_line.split(':')[1..-1] + CGI.unescape(uid.sub(/.*<(.+)>.*/, '\1')) + end end end end diff --git a/lib/nickserver/hkp/parse_key_info.rb b/lib/nickserver/hkp/parse_key_info.rb index 09dc69e..c23751b 100644 --- a/lib/nickserver/hkp/parse_key_info.rb +++ b/lib/nickserver/hkp/parse_key_info.rb @@ -1,11 +1,11 @@ -# -# Simple parser for Hkp KeyInfo responses. -# -# Focus is on simple here. Trying to avoid state and sideeffects. -# Parsing a response with 12 keys and validating them takes 2ms. -# So no need for memoization and making things more complex. -# module Nickserver::Hkp + # + # Simple parser for Hkp KeyInfo responses. + # + # Focus is on simple here. Trying to avoid state and sideeffects. + # Parsing a response with 12 keys and validating them takes 2ms. + # So no need for memoization and making things more complex. + # class ParseKeyInfo # for this regexp to work, the source text must end in a trailing "\n", # which the output of sks does. diff --git a/lib/nickserver/wkd/source.rb b/lib/nickserver/wkd/source.rb index b994c6c..43f0b2e 100644 --- a/lib/nickserver/wkd/source.rb +++ b/lib/nickserver/wkd/source.rb @@ -9,7 +9,9 @@ module Nickserver::Wkd def query(email) url = Url.new(email) status, blob = adapter.get url - Hkp::Response.new(email.to_s, armor_key(blob)) if status == 200 + if status == 200 + Nickserver::Hkp::Response.new(email.to_s, armor_key(blob)) + end end protected diff --git a/lib/nickserver/wkd/url.rb b/lib/nickserver/wkd/url.rb index 6530efc..0ccff38 100644 --- a/lib/nickserver/wkd/url.rb +++ b/lib/nickserver/wkd/url.rb @@ -1,29 +1,28 @@ require 'digest/sha1' require 'zbase32' -module Nickserver - module Wkd - class Url - def initialize(email) - @domain = email.domain.downcase - @local_part = email.local_part.downcase - end +module Nickserver::Wkd + # The url to lookup the given email address in the web key directory. + class Url + def initialize(email) + @domain = email.domain.downcase + @local_part = email.local_part.downcase + end - def to_s - "https://#{domain}/.well-known/openpgpkey/hu/#{encoded_digest}" - end + def to_s + "https://#{domain}/.well-known/openpgpkey/hu/#{encoded_digest}" + end - protected + protected - attr_reader :domain, :local_part + attr_reader :domain, :local_part - def encoded_digest - ZBase32.encode32(digest.to_i(16).to_s(2)) - end + def encoded_digest + ZBase32.encode32(digest.to_i(16).to_s(2)) + end - def digest - Digest::SHA1.hexdigest local_part - end + def digest + Digest::SHA1.hexdigest local_part end end end -- cgit v1.2.3 From b2543051d0629ab11adae1a64a1aed2105a1b9d9 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 23 Sep 2017 15:10:11 +0200 Subject: refactor: move error detection into key_info Still needs something better than all these elsifs though --- lib/nickserver/hkp/key_info.rb | 14 ++++++++++++++ lib/nickserver/hkp/parse_key_info.rb | 25 +++++-------------------- lib/nickserver/hkp/v_index_response.rb | 23 ++++------------------- 3 files changed, 23 insertions(+), 39 deletions(-) (limited to 'lib/nickserver') diff --git a/lib/nickserver/hkp/key_info.rb b/lib/nickserver/hkp/key_info.rb index 5c8b845..568a798 100644 --- a/lib/nickserver/hkp/key_info.rb +++ b/lib/nickserver/hkp/key_info.rb @@ -21,6 +21,20 @@ module Nickserver::Hkp @uids = extract_uids(uid_lines) end + def error + if keylen < 2048 + 'key length is too short.' + elsif expired? + 'key expired.' + elsif revoked? + 'key revoked.' + elsif disabled? + 'key disabled.' + elsif expirationdate && expirationdate < Time.now + 'key expired' + end + end + def keyid properties.first end diff --git a/lib/nickserver/hkp/parse_key_info.rb b/lib/nickserver/hkp/parse_key_info.rb index c23751b..a6f170c 100644 --- a/lib/nickserver/hkp/parse_key_info.rb +++ b/lib/nickserver/hkp/parse_key_info.rb @@ -39,7 +39,7 @@ module Nickserver::Hkp protected def keys(uid) - key_infos(uid).reject { |key| error_for_key(key) } + key_infos(uid).reject(&:error) end def msg(uid) @@ -62,13 +62,12 @@ module Nickserver::Hkp end def errors(uid) - key_infos(uid).map { |key| error_for_key(key) }.compact + key_infos(uid).map(&:error).compact end def error_messages(uid) key_infos(uid).map do |key| - err = error_for_key(key) - error_message(uid, key, err) + error_message(uid, key) end.compact end @@ -90,22 +89,8 @@ module Nickserver::Hkp status == 200 end - def error_message(uid, key, err) - "Ignoring key #{key.keyid} for #{uid}: #{err}" if err - end - - def error_for_key(key) - if key.keylen < 2048 - 'key length is too short.' - elsif key.expired? - 'key expired.' - elsif key.revoked? - 'key revoked.' - elsif key.disabled? - 'key disabled.' - elsif key.expirationdate && key.expirationdate < Time.now - 'key expired' - end + def error_message(uid, key) + "Ignoring key #{key.keyid} for #{uid}: #{key.error}" if key.error end end end diff --git a/lib/nickserver/hkp/v_index_response.rb b/lib/nickserver/hkp/v_index_response.rb index a2a7b0d..a44af51 100644 --- a/lib/nickserver/hkp/v_index_response.rb +++ b/lib/nickserver/hkp/v_index_response.rb @@ -28,7 +28,7 @@ module Nickserver::Hkp end def keys - key_infos.reject { |key| error_for_key(key) } + key_infos.reject &:error end def msg @@ -57,8 +57,7 @@ module Nickserver::Hkp def error_messages key_infos.map do |key| - err = error_for_key(key) - error_message(key, err) + error_message(key) end.compact end @@ -74,22 +73,8 @@ module Nickserver::Hkp end end - def error_message(key, err) - "Ignoring key #{key.keyid} for #{nick}: #{err}" if err - end - - def error_for_key(key) - if key.keylen < 2048 - 'key length is too short.' - elsif key.expired? - 'key expired.' - elsif key.revoked? - 'key revoked.' - elsif key.disabled? - 'key disabled.' - elsif key.expirationdate && key.expirationdate < Time.now - 'key expired' - end + def error_message(key) + "Ignoring key #{key.keyid} for #{nick}: #{key.error}" if key.error end end end -- cgit v1.2.3 From 8ac6bb8492c9a3b9ec5d7b5bf2b35907a1f8c332 Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 23 Sep 2017 15:41:56 +0200 Subject: style: avoid endless elsif in KeyInfo#error using an array of symbols representing the different checks now. --- lib/nickserver/hkp/key_info.rb | 49 +++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 22 deletions(-) (limited to 'lib/nickserver') diff --git a/lib/nickserver/hkp/key_info.rb b/lib/nickserver/hkp/key_info.rb index 568a798..e1a9500 100644 --- a/lib/nickserver/hkp/key_info.rb +++ b/lib/nickserver/hkp/key_info.rb @@ -21,17 +21,12 @@ module Nickserver::Hkp @uids = extract_uids(uid_lines) end + CHECKS = %i[too_short? expired? revoked? disabled? outdated?].freeze + def error - if keylen < 2048 - 'key length is too short.' - elsif expired? - 'key expired.' - elsif revoked? - 'key revoked.' - elsif disabled? - 'key disabled.' - elsif expirationdate && expirationdate < Time.now - 'key expired' + CHECKS.find do |check| + msg = check.to_s.chop.tr('_', ' ') + "key is #{msg}." if send(check) end end @@ -69,18 +64,6 @@ module Nickserver::Hkp algo == '17' end - def revoked? - flags =~ /r/ - end - - def disabled? - flags =~ /d/ - end - - def expired? - flags =~ /e/ - end - protected attr_reader :properties @@ -93,5 +76,27 @@ module Nickserver::Hkp CGI.unescape(uid.sub(/.*<(.+)>.*/, '\1')) end end + + # CHECKS + + def too_short? + keylen < 2048 + end + + def expired? + flags =~ /e/ + end + + def revoked? + flags =~ /r/ + end + + def disabled? + flags =~ /d/ + end + + def outdated? + expirationdate && expirationdate < Time.now + end end end -- cgit v1.2.3