simple-gnupg-keyserver 1.3.0 → 2.0.0

data/.gitignore

@@ -1,6 +1,10 @@
+_site
+.sass-cache
 Manifest.txt
 *.gem
 /pkg/
 /tmp/
 /rdoc/
-
+/_site/
+/.sass*/
+pkg/

data/History.txt

@@ -3,5 +3,3 @@
 * 1 major enhancement
 
   * Birthday!
-
-

data/Manifest.txt

@@ -4,4 +4,7 @@ History.txt
 README.rdoc
 Rakefile
 lib/simpleHKP.rb
-lib/simpleHKP/echo.rb
+lib/simpleHKP/echo.rb
+lib/simpleHKP/identities.rb
+lib/simpleHKP/keys.rb
+lib/simpleHKP/server.rb

data/README.rdoc

@@ -1,32 +1,22 @@
 = rGem-simple-gnupg-keyserver
 
-home :: https://github.com/stephengaito/rGem-simple-gnupg-keyserver
+code :: https://github.com/stephengaito/rGem-simple-gnupg-keyserver
 
-== DESCRIPTION:
-
-SimpleHKP is a simple Ruby/rack based GnuPG HKP key server.
-
-Its sole task is to supply a limited number of GnuPG _public_ keys 
-to/from MonkeySphere on a limited number of machines/servers. It is 
-_not_ meant to server hundreds of keys, so it is not meant as a truely 
-public key server.
-
-If you need to run your own _large_ scale production Key Sever then use 
-{SKS}[https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home]. You 
-might want to read Paul Bauer's {How To Setup A Free PGP Key Server in 
-Ubuntu}[http://www.bauer-power.net/2010/05/how-to-setup-free-pgp-key-server-in.html].
+docs :: https://stephengaito.github.io/rGem-simple-gnupg-keyserver
 
-=== Key storage
+== DESCRIPTION:
 
-Since this is a _simple_ key server, all keys are imported into a GnuPG 
-keyring located in the "keys" directory.
+SimpleHKP is a simple Ruby/rack based GnuPG extendedHKP key and 
+identity server packaged as a standard Ruby Gem. 
 
-=== Key search
+As such it conforms to an {extended 
+version}[http://stephengaito.github.io/rGem-simple-gnupg-keyserver/] of 
+{the OpenPGP HTTP Keyserver Protocol (HKP) 
+(draft-shaw-openpgp-hkp-00.txt)}[http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00].
 
-For each uploaded key, the key's "gpg2 --with-fingerprint --with-colon" 
-output (key data) is stored in an internal ruby Hash using the key's 
-keyID name as hash key. All searches become Ruby regular expressions 
-which are matched against each key's key data.
+The {associated 
+documentation}[https://stephengaito.github.io/rGem-simple-gnupg-keyserver] 
+provides more detail.
 
 === Security:
 
@@ -47,6 +37,13 @@ This rack application is intentionally as self contained and simple as
 possible.  If you have any security concerns, this rack application is 
 easily readable.
 
+When used with SimpleMonkey, this SimpleHKP acts like a distributed 
+password file. All important (non-public identity) details are 
+encrypted, however, the collection of servers, users and their 
+associated roles are visibly in the "public domain". It is important to 
+run your own collection of SimpleHKP servers *inside* a controlled 
+domain or VPN.
+
 == SYNOPSIS:
 
 A typical rackup.ru file might be:
@@ -68,13 +65,14 @@ key/value pairs.
 The current default options are:
 
   defaultOptions = {
-    'debug'        => false,       # should debug output to logged?
-    'title'        => 'SimpleHKP'  # the title used by the default headerHTML
-    'simpleHKPdir' => 'simpleHKP', # base disk path to simpleHKP disk space
-    'keyDir'       => 'keys',      # subdir to key storage directory
-    'mediaDir'     => 'media',     # subdir to any css, js, images etc
-    'htmlDir'      => 'html',      # subdir to html partials
-    'mimeMap'      => {            # a file ext to mime mapping
+    'debug'        => false,        # should debug output to logged?
+    'title'        => 'SimpleHKP'   # the title used by the default headerHTML
+    'simpleHKPdir' => 'simpleHKP',  # base disk path to simpleHKP disk space
+    'keyDir'       => 'keys',       # subdir to key storage directory
+    'idDir'        => 'identities', # subdir to identity storage directory
+    'mediaDir'     => 'media',      # subdir to any css, js, images etc
+    'htmlDir'      => 'html',       # subdir to html partials
+    'mimeMap'      => {             # a file ext to mime mapping
       'css'  => 'text/css',
       'html' => 'text/html',
       'js'   => 'text/javascript'
@@ -86,14 +84,16 @@ the use of humans:
 
 * header.html
 * defaultBody.html
-* lookupForm.html
-* uploadForm.html
+* lookupKeysForm.html
+* lookupIdentitiesForm.html
+* uploadKeyForm.html
+* uploadIdentityForm.html
 * footer.html
 
 == SYNCHRONIZATION
 
-A 'simpleHKP/echo' class has been added which knows how to echo keys from 
-one key server to another.
+A 'simpleHKP/echo' class has been added which knows how to echo 
+keys/identities from one key server to another.
 
 So that for example the following ruby script could be placed into one 
 of your machine's /etc/daily directories and the script would ensure 
@@ -101,13 +101,13 @@ all key servers are synchronized daily.
 
   #!/usr/bin/env ruby
 
-  # A simple key server sychronization example
+  # A simple key/identity server sychronization example
   #
   # We use a hub-spoke model. We choose one "hub" key server to act as
-  # the master key server and amalgamate all of the keys from the spoke
-  # key server back to the hub key server. We then push the amalgamated
-  # keys in the hub back to the spokes, so that after two passes, all key
-  # servers have the same keys.
+  # the master key server and amalgamate all of the keys/identities from
+  # the spoke key server back to the hub key server. We then push the
+  # amalgamated keys/identities in the hub back to the spokes, so that
+  # after two passes, all key servers have the same keys/identities.
 
   require 'simpleHKP/echo'
 
@@ -118,13 +118,13 @@ all key servers are synchronized daily.
     'spokeKeyServer3'
   ]
 
-  # Start by bringing all spoke keys into the hub
+  # Start by bringing all spoke keys/identities into the hub
   #
   spokeKeyServers.each do | aKeyServer |
     SimpleHKPEcho.echoFromTo(aKeyServer, hubKeyServer)
   end
 
-  # now send the amalgamated hub keys back to each spoke
+  # now send the amalgamated hub keys/identities back to each spoke
   #
   spokeKeyServers.each do | aKeyServer |
     SimpleHKPEcho.echoFromTo(hubKeyServer, aKeyServer)
@@ -137,6 +137,10 @@ The SimpleHKPEcho.echoFromTo method fails gracefully if a given key
 server is offline, by simply returning. In the example above, all other 
 echo pairs (from, to) will be tried.
 
+To just echo either the keys or identities you can use 
+SimpleHKPEcho.echoKeysFromTo or SimpleHKPEcho.echoIdentitiesFromTo 
+respectively.
+
 == REQUIREMENTS:
 
 There are explicitly no external Ruby requirements other than Ruby and 
@@ -175,3 +179,4 @@ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+

data/Rakefile

@@ -37,3 +37,4 @@ Hoe.spec 'simple-gnupg-keyserver' do
 end
 
 # vim: syntax=ruby
+

data/lib/simpleHKP/echo.rb

@@ -2,10 +2,11 @@ require 'uri'
 require 'net/http'
 require 'pp'
 
-# This code provides a simple way to ensure keys are synchronized 
-# between a pair of key servers.
+# This code provides a simple way to ensure keys/identities are 
+# synchronized between a pair of key/identity servers.
 
-# It conforms to: The OpenPGP HTTP Keyserver Protocol (HKP)
+# It conforms to our simple extension to: 
+#   The OpenPGP HTTP Keyserver Protocol (HKP)
 #   draft-shaw-openpgp-hkp-00.txt
 #     http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
 
@@ -48,7 +49,7 @@ class SimpleHKPEcho
       aKeyServerStr
     end
 
-    def echoFromTo(fromKeyServer, toKeyServer, options = {})
+    def echoKeysFromTo(fromKeyServer, toKeyServer, options = {})
       begin
         debug = options.delete('debug')
         puts fromKeyServer if debug
@@ -59,7 +60,7 @@ class SimpleHKPEcho
         puts toKeyServer if debug
 
         keys = Array.new
-        url = URI.parse(fromKeyServer+'/lookup?search=&op=index&options=mr')
+        url = URI.parse(fromKeyServer+'/pks/lookup?search=&op=index&options=mr')
         response = Net::HTTP.get_response(url)
         response.body.each_line do | aLine |
           next unless aLine =~ /^pub/
@@ -68,19 +69,59 @@ class SimpleHKPEcho
         pp keys if debug
         keys.each do | aKey |
           keyData = ""
-          url = URI.parse(fromKeyServer+"/lookup?op=get&options=mr&search=#{aKey}")
+          url = URI.parse(fromKeyServer+"/pks/lookup?op=get&options=mr&search=#{aKey}")
           response = Net::HTTP.get_response(url)
           keyData = response.body
           puts aKey if debug
           puts keyData if debug
-          url = URI.parse(toKeyServer+'/add')
+          url = URI.parse(toKeyServer+'/pks/add')
           Net::HTTP.post_form(url, { 'keytext' => keyData })
         end
-      rescue SocketError => se
+      rescue Exception => ex
         puts "Cound not echo keys from #{fromKeyServer} to #{toKeyServer}"
+        puts ex
       end
     end
 
+    def echoIdentitiesFromTo(fromKeyServer, toKeyServer, options = {})
+      begin
+        debug = options.delete('debug')
+        puts fromKeyServer if debug
+        fromKeyServer = convertToHttp(fromKeyServer)
+        puts fromKeyServer if debug
+        puts toKeyServer if debug
+        toKeyServer   = convertToHttp(toKeyServer)
+        puts toKeyServer if debug
+
+        identities = Array.new
+        url = URI.parse(fromKeyServer+'/pis/lookup?search=&op=index&options=mr')
+        response = Net::HTTP.get_response(url)
+        response.body.each_line do | aLine |
+          next unless aLine =~ /^idn/
+          identities.push(aLine.split(/:/)[1])
+        end
+        pp identities if debug
+        identities.each do | anIdFile |
+          idData = ""
+          url = URI.parse(fromKeyServer+"/pis/lookup?op=get&options=mr&search=#{anIdFile}")
+          response = Net::HTTP.get_response(url)
+          idData = response.body
+          puts anIdFile if debug
+          puts idData if debug
+          url = URI.parse(toKeyServer+'/pis/add')
+          Net::HTTP.post_form(url, { 'keytext' => idData })
+        end
+      rescue Exception => ex
+        puts "Cound not echo identities from #{fromKeyServer} to #{toKeyServer}"
+        puts ex
+      end
+    end
+
+    def echoFromTo(fromKeyServer, toKeyServer, options = {})
+      echoKeysFromTo(fromKeyServer, toKeyServer, options)
+      echoIdentitiesFromTo(fromKeyServer, toKeyServer, options)
+    end
+
   end
 
 end

data/lib/simpleHKP/identities.rb

@@ -0,0 +1,240 @@
+
+module SimpleHKP
+
+  module Identities
+
+    def loadIdentityFile(fileName)
+      identityContents = ''
+      begin
+        identityContents = File.open(fileName, 'r').read
+      rescue Exception => e
+        puts "Error reading file #{fileName}: #{e.message}"
+      end
+      identityContents
+    end
+
+    def getIdentityMetaData(fileContents)
+      metaData = Hash.new
+      begin
+        if fileContents =~ /\A(---\s*\n.*?\n?)^((---|\.\.\.)\s*$\n?)/m
+          metaData = SafeYAML.load($1)
+        end
+      rescue SyntaxError => e
+        puts "YAML Exception reading #{fileName}: #{e.message}"
+      end
+
+      if !metaData.has_key?('role') ||
+         !metaData.has_key?('userKeyID') ||
+         metaData['userKeyID'] !~ /^\h+$/ then
+        puts "WARNING the identity file has NO role or userKeyID or a malformed userKeyID"
+        return ''
+      end
+
+      #
+      # normalize the meta data with any missing (but useful) values
+      #
+      metaData['userID'] = metaData['userKeyID'] unless
+        metaData.has_key?('userID')
+      metaData['algorithm'] = 'unknown' unless metaData.has_key?('algorithm')
+      metaData['created'] = Date.today.strftime("%Y%m%d") unless
+        metaData.has_key?('created')
+      metaData['expires'] = Date.today.strftime("%Y%m%d") unless
+        metaData.has_key?('expires')
+      metaData['flags'] = '' unless metaData.has_key?('flags')
+      #
+      # compute the idFile for searching
+      #
+      metaData['identity'] = metaData['role']+'-'+metaData['userKeyID']
+      #
+      # wrap the whole meta data into a searchable string
+      #
+      metaData['searchData'] = metaData.to_s
+      metaData
+    end
+
+    def indexIdentityFiles
+      puts "SimpleHKP: indexing identities" if @debug
+      @idMetaData = Hash.new
+      Dir.glob(@idDir+'/**/*.asc') do | aFile |
+        idFile = File.basename(aFile, '.*')
+        puts aFile if @debug
+        puts idFile if @debug
+        identityFile = loadIdentityFile(aFile)
+        metaData = getIdentityMetaData(identityFile)
+        if metaData.empty? then
+          puts "WARNING the identity file [#{aFile}] is malformed!"
+        else
+          @idMetaData[idFile] = metaData
+        end
+        puts @idMetaData[idFile] if @debug
+      end
+#      File.open(@idIndex, 'w') do | indexFile |
+#        indexFile.puts "# identity metaData index created: #{DateTime.now}"
+#        indexFile.write(YAML.dump(@idMetaData))
+#      end
+      puts "SimpleHKP: finished indexing identities" if @debug
+    end
+
+    def loadIdentities
+      @idLookupData = Hash.new
+      puts "SimpleHKP: loading identities" if @debug
+      indexIdentityFiles
+      pp @idMetaData
+      puts "SimpleHKP: finished loading identities" if @debug
+    end
+
+    def storeIdentity(env)
+      #
+      # decode the post data
+      #
+      keys = URI.decode_www_form(env['rack.input'].read)
+      #
+      # ensure we are being sent a key
+      #
+      return replyBadRequest("No keytext field in post data") unless
+        keys[0][0] =~ /keytext/
+      pp keys[0][1] if @debug
+      metaData = getIdentityMetaData(keys[0][1])
+      pp metaData
+      return replyBadRequest("malformed identity metaData") if metaData.empty?
+      #
+      # store this key as a flat file with the name of the keyID.asc
+      #
+      idFile = metaData['role']+'-'+metaData['userKeyID']
+      idFileName = @idDir+'/'+idFile+'.asc'
+      idChanged = 'unchanged'
+      if !File.exists?(idFileName) || keys[0][1] != File.read(idFileName) then
+        idChanged = 'changed'
+        File.write(idFileName, keys[0][1])
+        @idMetaData[idFile] = metaData
+      end
+      pp @idMetaData
+      #
+      # return OK
+      #
+      @statusCode = 200
+      @body << @headerHtml
+      @body << "<h1 class=\"simpleHKP-storedIdentity\">Stored identity: [#{idFile}]</h1>"
+      @body << "<p>identity #{idChanged}</p>"
+      @body << "<h2 class=\"simpleHKP-identityDataID\">Identity data for identity: [#{idFile}]</h2>"
+      @body << '<pre class="simpleHKP-identityData">'+keys[0][1]+"</pre>\n"
+      @body << @footer
+    end
+
+    def lookUpIdentity(queryString)
+      return replyBadRequest("No search field in queryString") unless
+        queryString.has_key?('search')
+      #
+      # normalize the search string
+      #
+      searchString = queryString['search']
+      searchRegexp = Regexp.new(searchString,
+                                Regexp::IGNORECASE | Regexp::MULTILINE)
+      puts searchRegexp if @debug
+      #
+      # (linearly) look through the hash of known identities
+      # looking for the FIRST match
+      #
+      idFile = nil
+      pp @idMetaData
+      @idMetaData.each_pair do | idKey, idData |
+        next unless idData['searchData'] =~ searchRegexp
+        puts "FOUND #{idKey} (#{idData})" if @debug
+        idFile = idKey
+        break
+      end
+      return replyNotFound if idFile.nil?
+
+      idFileName = @idDir+'/'+idFile+'.asc'
+      if queryString.has_key?('options') &&
+        queryString['options'] == 'mr' then
+        #
+        # return the key data in machine readable format
+        #
+        @header = {
+          'Content-Type' => 'text/plain; charset=utf-8',
+          'Content-Disposition' =>
+            'attachment; filename=' + File.basename(idFileName)
+        }
+        puts @header if @debug
+        @body << File.read(idFileName)
+      else
+        #
+        # return the key data for a human to read
+        #
+        @body << @headerHtml
+        @body << @lookupIdentitiesForm
+        @body << '<h1 class="simpleHKP-identityAscIdFile">Identity: '+idFile+'</h1>'
+        @body << '<h2 class="simpleHKP-identityAscTitle">Identity contents:</h2>'
+        @body << '<pre class="simpleHKP-identityAsc">'
+        @body << File.read(idFileName)
+        @body << '</pre>'
+        @body << @footer
+      end
+    end
+
+    def indexIdentities(queryString)
+      return replyBadRequest("No search field in queryString") unless
+        queryString.has_key?('search')
+      #
+      # normalize the search string
+      #
+      searchString = queryString['search']
+      searchRegexp = Regexp.new(searchString,
+                                Regexp::IGNORECASE | Regexp::MULTILINE)
+      puts searchRegexp if @debug
+      #
+      # accumulate the idFiles of any identities that match the search
+      #
+      idFiles = Array.new
+      pp @idMetaData
+      @idMetaData.each_pair do | idKey, idData |
+        next unless idData['searchData'] =~ searchRegexp
+        puts "FOUND #{idKey} (#{idData})" if @debug
+        idFiles.push(idKey)
+      end
+
+      if queryString.has_key?('options') &&
+        queryString['options'] == 'mr' then
+        #
+        # return a machine readable list of the dFiles found
+        #
+        @header = { 'Content-Type' => 'text/plain' }
+        @body << "info:1:#{idFiles.size}\n"
+        idFiles.each do | anIdFile |
+          next unless @idMetaData.has_key?(anIdFile)
+          idData   = @idMetaData[anIdFile]
+          idnData = [ "idn" ]
+          idnData << anIdFile
+          idnData << idData['role']
+          idnData << idData['userID'].gsub(/:/, '\x3a')
+          idnData << idData['algorithm']
+          idnData << idData['created']
+          idnData << idData['expires']
+          idnData << idData['flags']
+          @body << idnData.join(':')
+          @body << "\n"
+        end
+      else
+        #
+        # return a (simple) human readable list of the keys found
+        #
+        @body << @headerHtml
+        @body << @lookupIdentitiesForm
+        @body << '<h1 class="simpleHKP-searchString">Identities matching: ['+searchString+']</h1><ul class="simpleHKP-searchList">'
+        idFiles.each do | anIdFile |
+          next unless @idMetaData.has_key?(anIdFile)
+          idData   = @idMetaData[anIdFile]
+          idStr = "  <li class=\"simpleHKP-searchItem\"><a href=\"/pis/lookup?op=get&search=#{anIdFile}\">"
+          idStr << anIdFile+':&nbsp;'+idData['userID']+'&nbsp;('+idData['role']+')'
+          idStr <<  "</a></li>\n"
+          @body << idStr
+        end
+        @body << '</ul>'
+        @body << @footer
+      end
+      pp @body if @debug
+    end
+
+  end
+end