Extend error logging

This commit is contained in:
Thomas Oberndörfer 2019-03-06 09:52:08 +01:00
parent 9db75f4034
commit cee14ba99c
4 changed files with 28 additions and 10 deletions

View File

@ -82,9 +82,13 @@ class Email {
* @return {string} the encrypted PGP message block * @return {string} the encrypted PGP message block
*/ */
async _pgpEncrypt(plaintext, publicKeyArmored) { async _pgpEncrypt(plaintext, publicKeyArmored) {
const {keys, err} = await openpgp.key.readArmored(publicKeyArmored);
if (err) {
log.error('email', 'Reading armored key failed.', err, publicKeyArmored);
}
const ciphertext = await openpgp.encrypt({ const ciphertext = await openpgp.encrypt({
message: openpgp.message.fromText(plaintext), message: openpgp.message.fromText(plaintext),
publicKeys: (await openpgp.key.readArmored(publicKeyArmored)).keys, publicKeys: keys,
}); });
return ciphertext.data; return ciphertext.data;
} }

View File

@ -53,6 +53,9 @@ class PGP {
// verify primary key // verify primary key
const key = r.keys[0]; const key = r.keys[0];
const primaryKey = key.primaryKey; const primaryKey = key.primaryKey;
if (primaryKey.created > new Date()) {
log.error('pgp', 'Key creation date is in the future', primaryKey.created);
}
if (await key.verifyPrimaryKey() !== openpgp.enums.keyStatus.valid) { if (await key.verifyPrimaryKey() !== openpgp.enums.keyStatus.valid) {
util.throw(400, 'Invalid PGP key: primary key verification failed'); util.throw(400, 'Invalid PGP key: primary key verification failed');
} }
@ -67,7 +70,7 @@ class PGP {
// check for at least one valid user id // check for at least one valid user id
const userIds = await this.parseUserIds(key.users, primaryKey); const userIds = await this.parseUserIds(key.users, primaryKey);
if (!userIds.length) { if (!userIds.length) {
util.throw(400, 'Invalid PGP key: invalid user ids'); util.throw(400, 'Invalid PGP key: invalid user IDs');
} }
// get algorithm details from primary key // get algorithm details from primary key
@ -119,7 +122,7 @@ class PGP {
*/ */
async parseUserIds(users, primaryKey) { async parseUserIds(users, primaryKey) {
if (!users || !users.length) { if (!users || !users.length) {
util.throw(400, 'Invalid PGP key: no user id found'); util.throw(400, 'Invalid PGP key: no user ID found');
} }
// at least one user id must be valid, revoked or expired // at least one user id must be valid, revoked or expired
const result = []; const result = [];
@ -161,8 +164,16 @@ class PGP {
* @return {String} merged armored key block * @return {String} merged armored key block
*/ */
async updateKey(srcArmored, dstArmored) { async updateKey(srcArmored, dstArmored) {
const {keys: [srcKey]} = await openpgp.key.readArmored(srcArmored); const {keys: [srcKey], err: srcErr} = await openpgp.key.readArmored(srcArmored);
const {keys: [dstKey]} = await openpgp.key.readArmored(dstArmored); if (srcErr) {
log.error('pgp', 'Failed to parse source PGP key for update:\n%s', srcArmored, srcErr);
util.throw(500, 'Failed to parse PGP key');
}
const {keys: [dstKey], err: dstErr} = await openpgp.key.readArmored(dstArmored);
if (dstErr) {
log.error('pgp', 'Failed to parse destination PGP key for update:\n%s', dstArmored, dstErr);
util.throw(500, 'Failed to parse PGP key');
}
await dstKey.update(srcKey); await dstKey.update(srcKey);
return dstKey.armor(); return dstKey.armor();
} }

View File

@ -91,6 +91,9 @@ class PublicKey {
key.publicKeyArmored = await this._pgp.updateKey(verified.publicKeyArmored, filteredPublicKeyArmored); key.publicKeyArmored = await this._pgp.updateKey(verified.publicKeyArmored, filteredPublicKeyArmored);
} else { } else {
key.userIds = key.userIds.filter(userId => userId.status === KEY_STATUS_VALID); key.userIds = key.userIds.filter(userId => userId.status === KEY_STATUS_VALID);
if (!key.userIds.length) {
util.throw(400, 'Invalid PGP key: no valid user IDs found');
}
await this._addKeyArmored(key.userIds, key.publicKeyArmored); await this._addKeyArmored(key.userIds, key.publicKeyArmored);
// new key, set armored to null // new key, set armored to null
key.publicKeyArmored = null; key.publicKeyArmored = null;
@ -203,7 +206,7 @@ class PublicKey {
const query = {keyId, 'userIds.nonce': nonce}; const query = {keyId, 'userIds.nonce': nonce};
const key = await this._mongo.get(query, DB_TYPE); const key = await this._mongo.get(query, DB_TYPE);
if (!key) { if (!key) {
util.throw(404, 'User id not found'); util.throw(404, 'User ID not found');
} }
await this._removeKeysWithSameEmail(key, nonce); await this._removeKeysWithSameEmail(key, nonce);
let {publicKeyArmored} = key.userIds.find(userId => userId.nonce === nonce); let {publicKeyArmored} = key.userIds.find(userId => userId.nonce === nonce);
@ -312,7 +315,7 @@ class PublicKey {
// flag user ids for removal // flag user ids for removal
const key = await this._flagForRemove(keyId, email); const key = await this._flagForRemove(keyId, email);
if (!key) { if (!key) {
util.throw(404, 'User id not found'); util.throw(404, 'User ID not found');
} }
// send verification mails // send verification mails
keyId = key.keyId; // get keyId in case request was by email keyId = key.keyId; // get keyId in case request was by email
@ -364,7 +367,7 @@ class PublicKey {
// check if key exists in database // check if key exists in database
const flagged = await this._mongo.get({keyId, 'userIds.nonce': nonce}, DB_TYPE); const flagged = await this._mongo.get({keyId, 'userIds.nonce': nonce}, DB_TYPE);
if (!flagged) { if (!flagged) {
util.throw(404, 'User id not found'); util.throw(404, 'User ID not found');
} }
if (flagged.userIds.length === 1) { if (flagged.userIds.length === 1) {
// delete the key // delete the key

View File

@ -87,7 +87,7 @@ describe('PGP Unit Tests', () => {
it('should only accept valid user ids', () => { it('should only accept valid user ids', () => {
sandbox.stub(pgp, 'parseUserIds').returns([]); sandbox.stub(pgp, 'parseUserIds').returns([]);
return expect(pgp.parseKey(key3Armored)).to.eventually.be.rejectedWith(/invalid user ids/); return expect(pgp.parseKey(key3Armored)).to.eventually.be.rejectedWith(/invalid user IDs/);
}); });
it('should be able to parse RSA key', async () => { it('should be able to parse RSA key', async () => {
@ -180,7 +180,7 @@ describe('PGP Unit Tests', () => {
}); });
it('should throw for an empty user ids array', () => it('should throw for an empty user ids array', () =>
expect(pgp.parseUserIds([], key.primaryKey)).to.eventually.be.rejectedWith(/no user id/) expect(pgp.parseUserIds([], key.primaryKey)).to.eventually.be.rejectedWith(/no user ID/)
); );
it('should return no user id for an invalid signature', async () => { it('should return no user id for an invalid signature', async () => {