simple-gnupg-keyserver 1.1.0 → 1.2.0

data/README.rdoc

@@ -18,14 +18,14 @@ Ubuntu}[http://www.bauer-power.net/2010/05/how-to-setup-free-pgp-key-server-in.h
 
 === Key storage
 
-Since this is a _simple_ key server, all keys are stored as flat 
-ASCII armored files in the "keys" directory.
+Since this is a _simple_ key server, all keys are imported into a GnuPG 
+keyring located in the "keys" directory.
 
 === Key search
 
 For each uploaded key, the key's "gpg2 --with-fingerprint --with-colon" 
 output (key data) is stored in an internal ruby Hash using the key's 
-file name as hash key. All searches become Ruby regular expressions 
+keyID name as hash key. All searches become Ruby regular expressions 
 which are matched against each key's key data.
 
 === Security:
@@ -69,6 +69,7 @@ The current default options are:
 
   defaultOptions = {
     'debug'        => false,       # should debug output to logged?
+    'title'        => 'SimpleHKP'  # the title used by the default headerHTML
     'simpleHKPdir' => 'simpleHKP', # base disk path to simpleHKP disk space
     'keyDir'       => 'keys',      # subdir to key storage directory
     'mediaDir'     => 'media',     # subdir to any css, js, images etc

data/lib/simpleHKP.rb

@@ -1,4 +1,5 @@
 require 'uri'
+require 'open3'
 require 'pp'
 require 'fileutils'
 
@@ -40,16 +41,47 @@ require 'fileutils'
 
 class SimpleHKP
 
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
+
+  def saveLastKey(lastKey)
+    lastKey['colonData'].gsub!(/\\x3a/,':') if 
+      lastKey.has_key?('colonData')
+    pp lastKey if @debug
+    @keyLookupData[lastKey['keyID']] = lastKey unless 
+      lastKey.empty? || lastKey['keyID'].empty?
+  end
 
   def loadKeys
     @keyLookupData = Hash.new
     puts "SimpleHKP: loading keys" if @debug
-    Dir.glob(@keyDir+'/**/*.asc') do | aFile |
-      puts aFile if @debug
-      @keyLookupData[aFile] = `gpg2 --with-fingerprint --with-colons #{aFile}`
-      puts @keyLookupData[aFile] if @debug
+    gpg2cmd = "gpg2 --homedir #{@keyDir} --with-fingerprint --with-colons --list-sigs"
+    puts gpg2cmd if @debug
+    lastKey = Hash.new
+    IO.popen(gpg2cmd, 'r').readlines.each do | aLine |
+      next if aLine =~ /^tru/
+      if aLine =~ /^pub/ then
+        saveLastKey(lastKey)
+        lastKey = Hash.new
+        keyData = aLine.split(/:/)
+        lastKey['userID']    = keyData[9].gsub(/\\x3a/,':') # user ID
+        lastKey['keyID']     = keyData[4] #  key ID
+        lastKey['algorithm'] = keyData[3] #  key type (algorithm)
+        lastKey['len']       = keyData[2] #  key length
+        lastKey['created']   = keyData[5] #  creation date
+        lastKey['expires']   = keyData[6] #  expiration date
+        lastKey['flags']     = keyData[1] #  flags
+        lastKey['colonData'] = aLine
+        next
+      end
+      lastKey['userID'] = aLine.split(/:/)[9].gsub(/\\x3a/,':') if
+        aLine =~ /^uid/ && lastKey['userID'].empty?
+      lastKey['colonData'] << aLine
     end
+    saveLastKey(lastKey)
+    @keyLookupData.each_pair do | key, value |
+      value['humanData'] = `gpg2 --list-sig #{key}`
+    end
+    pp @keyLookupData if @debug
     puts "SimpleHKP: finished loading keys" if @debug
   end
 
@@ -152,6 +184,7 @@ class SimpleHKP
     # ensure the required directories all exist
     #
     FileUtils.mkdir_p(@keyDir)
+    FileUtils.chmod(0700, @keyDir)
     FileUtils.mkdir_p(@mediaDir)
     FileUtils.mkdir_p(@htmlDir)
     #
@@ -243,7 +276,27 @@ class SimpleHKP
       keys[0][0] =~ /keytext/
     pp keys[0][1] if @debug
     #
-    # send the key data through gpg2 to extract the keyID
+    # send the key data through gpg2 to import it
+    #
+    gpgStdErr  = ""
+    Open3.popen3("gpg2 --homedir #{@keyDir} --import") do | stdin, stdout, stderr, wait_thread |
+      stdin.write(keys[0][1])
+      stdin.close
+      gpgStdErr  = stderr.read
+    end
+    #
+    # check to see if the key has already been imported and/or changed
+    #
+    puts "[[#{gpgStdErr}]]" if @debug
+    keyChanged = "changed"
+    if gpgStdErr =~ /not\s+changed/ then
+      keyChanged = "unchanged"
+    else
+      # something has changed to re-load the keys 
+      loadKeys
+    end
+    #
+    # send the key data through gpg2 (again ;-( to extract the keyID
     #
     gpgKeyData = ""
     IO.popen('gpg2 --with-fingerprint --with-colons -', 'r+') do | pipe |
@@ -256,34 +309,24 @@ class SimpleHKP
     #
     # look for the keyID of the public key
     #
-    keyID   = nil
+    keyID = nil
     gpgKeyData.each_line do | aLine |
       keyData = aLine.split(/:/)
       next unless keyData[0] =~ /pub/
-      keyID   = keyData[4]
+      keyID = keyData[4]
       break
     end
     return replyBadRequest("No keyID found in gpg2 result using uploaded keytext data") if keyID.nil?
     #
-    # record the fact that we have stored this key for later lookup
-    #
-    keyFile = "#{@keyDir}/#{keyID}.asc"
-    @keyLookupData[keyFile] = gpgKeyData
-    pp @keyLookupData if @debug
-    #
-    # store this key as a flat file with the name of the keyID.asc
-    #
-    File.open(keyFile,'w') do | keyFile |
-      keyFile.write(keys[0][1])
-    end
-    #
     # return OK
     #
     @statusCode = 200
     @body << @headerHtml
     @body << "<h1 class=\"simpleHKP-storedKey\">Stored key: [#{keyID}]</h1>"
+    @body << "<p>key #{keyChanged}</p>"
     @body << "<h2 class=\"simpleHKP-keyDataKeyID\">Key data for key: [#{keyID}]</h2>"
-    @body << '<pre class="simpleHKP-keyData">'+gpgKeyData+"</pre>\n"
+    @body << '<pre class="simpleHKP-keyData">'+@keyLookupData[keyID]['colonData']+"</pre>\n"
+    @body << '<pre class="simpleHKP-keyData">'+@keyLookupData[keyID]['humanData']+"</pre>\n"
     @body << @footer
   end
 
@@ -302,14 +345,14 @@ class SimpleHKP
     # (linearly) look through the hash of known keys
     # looking for the FIRST match
     #
-    keyFile = nil
-    @keyLookupData.each_pair do | aKeyFile, keyData |
-      next unless keyData =~ searchRegexp
-      puts "FOUND #{aKeyFile} (#{keyData})" if @debug
-      keyFile = aKeyFile
+    keyID = nil
+    @keyLookupData.each_pair do | key, keyData |
+      next unless keyData['colonData'] =~ searchRegexp
+      puts "FOUND #{key} (#{keyData})" if @debug
+      keyID = key
       break
     end
-    return replyNotFound if keyFile.nil?
+    return replyNotFound if keyID.nil?
 
     if queryString.has_key?('options') &&
       queryString['options'] == 'mr' then
@@ -319,52 +362,29 @@ class SimpleHKP
       @header = {
         'Content-Type' => 'application/pgp-keys; charset=utf-8',
         'Content-Disposition' =>
-          'attachment; filename=' + keyFile
+          'attachment; filename=' + keyID
       }
       puts @header if @debug
-      @body << File.open(keyFile,'r').read
+      @body << `gpg2 --homedir #{@keyDir} --armor --export #{keyID}`
     else
       #
       # return the key data for a human to read
       #
-      keyID = File.basename(keyFile, '.*')
       @body << @headerHtml
       @body << @lookupForm
       @body << '<h1 class="simpleHKP-keyAsckeyId">Key: '+keyID+'</h1>'
       @body << '<h2 class="simpleHKP-keyDataTitle">Key data:</h2>'
       @body << '<pre class="simpleHKP-keyData">'
-      @body << @keyLookupData[keyFile].gsub(/\\x3a/,':')
+      @body << @keyLookupData[keyID]['humanData']
       @body << '</pre>'
       @body << '<h2 class="simpleHKP-keyAscTitle">Key contents:</h2>'
       @body << '<pre class="simpleHKP-keyAsc">'
-      @body << File.open(keyFile,'r').read
+      @body << `gpg2 --homedir #{@keyDir} --armor --export #{keyID}`
       @body << '</pre>'
       @body << @footer
     end
   end
 
-  def extractKeyInfo(keyFile)
-    keyInfo = Array.new
-    return keyInfo unless @keyLookupData.has_key?(keyFile)
-    # 
-    # extract the detailed key information from the PUBLIC key
-    # see the doc/DETAILS file in the gnupg2 source code
-    #
-    @keyLookupData[keyFile].each_line do | aLine |
-      next unless aLine =~ /^pub/
-      keyData = aLine.split(/:/)
-      keyInfo.push(keyData[9].gsub(/\\x3a/,':')) # -1 = user ID
-      keyInfo.push(keyData[4]) #  0 = key ID
-      keyInfo.push(keyData[3]) #  1 = key type (algorithm)
-      keyInfo.push(keyData[2]) #  2 = key length
-      keyInfo.push(keyData[5]) #  3 = creation date
-      keyInfo.push(keyData[6]) #  4 = expiration date
-      keyInfo.push(keyData[1]) #  5 = flags
-    end
-
-    keyInfo
-  end
-
   def indexKeys(queryString)
     return replyBadRequest("No search field in queryString") unless
       queryString.has_key?('search')
@@ -377,13 +397,13 @@ class SimpleHKP
                               Regexp::IGNORECASE | Regexp::MULTILINE)
     puts searchRegexp if @debug
     #
-    # accumulate the keyFiles of any keys that match the serach
+    # accumulate the keyIDs of any keys that match the serach
     #
     keys = Array.new
-    @keyLookupData.each_pair do | aKeyFile, keyData |
-      next unless keyData.gsub(/\\x3a/,':') =~ searchRegexp
-      puts "FOUND #{aKeyFile} (#{keyData})" if @debug
-      keys.push(aKeyFile)
+    @keyLookupData.each_pair do | key, keyData |
+      next unless keyData['colonData'] =~ searchRegexp
+      puts "FOUND #{key} (#{keyData})" if @debug
+      keys.push(key)
     end
 
     if queryString.has_key?('options') &&
@@ -393,15 +413,24 @@ class SimpleHKP
       #
       @header = { 'Content-Type' => 'text/plain' }
       @body << "info:1:#{keys.size}\n"
-      keys.each do | aKeyFile |
-        keyInfo = extractKeyInfo(aKeyFile)
-        next if keyInfo.empty?
-        userID    = keyInfo.shift
-        @body << "pub:#{keyInfo.join(':')}\n"
-        keyID     = keyInfo.shift
-        keyType   = keyInfo.shift
-        keyLength = keyInfo.shift
-        @body << "uid:#{userID}:#{keyInfo.join(':')}\n"
+      keys.each do | aKey |
+        next unless @keyLookupData.has_key?(aKey)
+        keyData   = @keyLookupData[aKey]
+        pubData = [ "pub" ]
+        pubData << aKey
+        pubData << keyData['algorithm']
+        pubData << keyData['len']
+        pubData << keyData['created']
+        pubData << keyData['expires']
+        pubData << keyData['flags']
+        @body << pubData.join(':')
+        @body << "\n"
+        uidData = [ "uid" ]
+        uidData << keyData['userID'].gsub(/:/, '\x3a')
+        uidData << keyData['created']
+        uidData << keyData['expires']
+        uidData << keyData['flags']
+        @body << uidData.join(':')
         @body << "\n"
       end
     else
@@ -411,17 +440,11 @@ class SimpleHKP
       @body << @headerHtml
       @body << @lookupForm
       @body << '<h1 class="simpleHKP-searchString">Keys matching: ['+searchString+']</h1><ul class="simpleHKP-searchList">'
-      keys.each do | aKeyFile |
-        keyInfo   = extractKeyInfo(aKeyFile)
-        userID    = keyInfo.shift
-        keyID     = keyInfo.shift
-        keyType   = keyInfo.shift
-        keyLength = keyInfo.shift
-        created   = keyInfo.shift
-        expires   = keyInfo.shift
-        flags     = keyInfo.shift
-        keyStr = "  <li class=\"simpleHKP-searchItem\"><a href=\"lookup?op=get&search=#{keyID}\">#{keyID}:&nbsp;"
-        keyStr << userID
+      keys.each do | aKey |
+        next unless @keyLookupData.has_key?(aKey)
+        keyData   = @keyLookupData[aKey]
+        keyStr = "  <li class=\"simpleHKP-searchItem\"><a href=\"lookup?op=get&search=#{aKey}\">#{aKey}:&nbsp;"
+        keyStr << keyData['userID']
         keyStr <<  "</a></li>\n"
         @body << keyStr
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simple-gnupg-keyserver
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
   prerelease: 
 platform: ruby
 authors: