Added key trust model

gnewpg · Apr 18, 2013 · abb640d · abb640d
1 parent be452b4
commit abb640d
Show file tree

Hide file tree

Showing 8 changed files with 464 additions and 6 deletions.
diff --git a/keyring/file.js b/keyring/file.js
@@ -290,6 +290,60 @@ utils.extend(_KeyringStream.prototype, {
 		this._subkeySignatures = { };
 		this._identitySignatures = { };
 		this._attributeSignatures = { };
+		this._ownerTrust = { };
+	},
+
+	_getOwnerTrustInfo : function(keyId, filter, fields) {
+		return Keyring._filter(new Fifo.fromArraySingle(this._ownerTrust[keyId] || [ ]), filter).map(function(it, next) {
+			next(null, Keyring._strip(it, fields));
+		});
+	},
+
+	_addOwnerTrustInfo : function(keyId, trustInfo, callback) {
+		if(!this._ownerTrust[keyId])
+			this._ownerTrust[keyId] = [ ];
+		this._ownerTrust[keyId].push(trustInfo);
+		callback(null);
+	},
+
+	_removeOwnerTrustBySignature : function(signatureId) {
+		var ret = [ ];
+		for(var i in this._ownerTrust) {
+			for(var j=0; j<this._ownerTrust[i].length; j++) {
+				if(this._ownerTrust[i][j].signaturePath.indexOf(signatureId) != -1) {
+					ret.push(utils.extend({ key: i }, this._ownerTrust[i][j]));
+					this._ownerTrust[i] = this._ownerTrust[i].slice(0, j).concat(this._ownerTrust[i].slice(j+1));
+					j--;
+				}
+			}
+		}
+		return Fifo.fromArraySingle(ret);
+	},
+
+	_removeKeyTrust : function(keyId) {
+		if(!this._ownerTrust[keyId])
+			return Fifo.fromArraySingle([ ]);
+
+		for(var i=0; i<this._ownerTrust[keyId].length; i++) {
+			if(this._ownerTrust[keyId][i].signaturePath.length == 0) {
+				this._ownerTrust[keyId] = this._ownerTrust[keyId].slice(0, i).concat(this._ownerTrust[keyId].slice(i+1));
+				i--;
+			}
+		}
+
+		var ret = [ ];
+
+		for(var i in this._ownerTrust) {
+			for(var j=0; j<this._ownerTrust[i].length; j++) {
+				if(this._ownerTrust[i][j].keyPath[0] == keyId) {
+					ret.push(utils.extend({ key: i }, this._ownerTrust[i][j]));
+					this._ownerTrust[i] = this._ownerTrust[i].slice(0, j).concat(this._ownerTrust[i].slice(j+1));
+					j--;
+				}
+			}
+		}
+
+		return Fifo.fromArraySingle(ret);
 	}
 });
 

diff --git a/keyring/filters.js b/keyring/filters.js
@@ -120,6 +120,10 @@ Filter.KeyFlag = _valueFilter(function(subPackets, flag) {
 	return false;
 });
 
+Filter.ArrayContains = _valueFilter(function(array, contains) {
+	return array.indexOf(contains) != -1;
+});
+
 
 function _normaliseFilterValue(value) {
 	if(value instanceof Date)

diff --git a/keyring/index.js b/keyring/index.js
@@ -396,6 +396,14 @@ Keyring.prototype = {
 		callback(new Error("Not implemented."));
 	},
 
+	getAllSignatures : function(keyId, filter, fields) {
+		return Fifo.fromArraySingle([
+			this.getKeySignatures(keyId, filter, fields),
+			this.getIdentityList(keyId).map(function(identityId, next) { next(null, this.getIdentitySignatures(keyId, identityId, filter, fields));}.bind(this)),
+			this.getAttributeList(keyId).map(function(attributeId, next) { next(null, this.getAttributeSignatures(keyId, attributeId, filter, fields));}.bind(this))
+		]).recursive();
+	},
+
 	saveChanges : function(callback) {
 		callback(new Error("Not implemented."));
 	},
@@ -458,6 +466,42 @@ Keyring.prototype = {
 
 	searchByFingerprint : function(keyId) {
 		throw new Error("Implemented in keyring/combine.js");
+	},
+
+	/**
+	 * Trust all signatures and trust signatures issued by the given key.
+	 */
+	trustKey : function(keyId, callback) {
+		throw new Error("Implemented in keyring/trust.js");
+	},
+
+	untrustKey : function(keyId, callback) {
+		throw new Error("Implemented in keyring/trust.js");
+	},
+
+	_getOwnerTrustInfo : function(keyId, filter, fields) {
+		return __getNotImplementedFifo();
+	},
+
+	_addOwnerTrustInfo : function(keyId, trustInfo, callback) {
+		callback(new Error("Not implemented."));
+	},
+
+	/**
+	 * Removes all owner trust records that contain the given signature in their signature chain.
+	 * Returns those records.
+	 */
+	_removeOwnerTrustBySignature : function(signatureId) {
+		return __getNotImplementedFifo();
+	},
+
+	/**
+	 * Removes the initial key trust records for that key (that is, a trust record with an empty signature
+	 * path). Also removes all trust records that have that key at the start of their key path and returns
+	 * them.
+	 */
+	_removeKeyTrust : function(keyId) {
+		return __getNotImplementedFifo();
 	}
 };
 
@@ -523,4 +567,5 @@ require("./addRemove");
 require("./search");
 require("./importExport");
 require("./combine");
-require("./signatureRelations");
+require("./signatureRelations");
+require("./trust");
diff --git a/keyring/signatureRelations.js b/keyring/signatureRelations.js
@@ -59,6 +59,13 @@ var async = require("async");
  *        mark it as non-sensitive.
  * 8. Make sure that the security level of a key is inherited to the signatures it makes.
  *     a) A signature is verified. Set its security level to the lowest among its own and that of the key.
+ * 9. Calculate the trust of keys, identities and attributes. TODO: Handle signature expiration and revocation
+ *     a) A certification signature is verified, revoked or removed. Recalculate the trust of the signed
+ *        identity or attribute.
+ *     b) A key or certification signature is verified, revoked or removed that contains a trust amount.
+ *        Recalculate the owner trust of the signed key.
+ *     c) The owner trust of a key changes. Apply the effects of this on all the keys, identities and
+ *        attributes that have been signed by the key.
 */
 
 utils.extend(Keyring.prototype, {
@@ -98,6 +105,10 @@ utils.extend(Keyring.prototype, {
 				checks.push(this.__checkSelfSignatures.bind(this, keyId));
 		}
 
+		// Check 9b
+		if([ consts.SIG.KEY, consts.SIG.CERT_0, consts.SIG.CERT_1, consts.SIG.CERT_2, consts.SIG.CERT_3 ].indexOf(signatureInfo.sigtype) != -1 && signatureInfo.trustSignature)
+			checks.push(remove ? this.__removeOwnerTrustSignature.bind(this, signatureInfo.id) : this.__addOwnerTrustSignature.bind(this, keyId, signatureInfo));
+
 		async.series(checks, callback);
 	},
 
@@ -125,6 +136,10 @@ utils.extend(Keyring.prototype, {
 	__identitySignatureVerified : function(keyId, identityId, signatureInfo, callback) {
 		var checks = [ this.__keySignatureVerified.bind(this, keyId, signatureInfo) ];
 
+		// Check 9a
+		if([ consts.SIG.CERT_0, consts.SIG.CERT_1, consts.SIG.CERT_2, consts.SIG.CERT_3 ].indexOf(signatureInfo.sigtype) != -1)
+			checks.push(this.__updateIdentityTrust.bind(this, keyId, identityId));
+
 		async.series(checks, callback);
 	},
 
@@ -135,6 +150,10 @@ utils.extend(Keyring.prototype, {
 	__attributeSignatureVerified : function(keyId, attributeId, signatureInfo, callback) {
 		var checks = [ this.__keySignatureVerified.bind(this, keyId, signatureInfo) ];
 
+		// Check 9a
+		if([ consts.SIG.CERT_0, consts.SIG.CERT_2, consts.SIG.CERT_3 ].indexOf(signatureInfo.sigtype) != -1)
+			checks.push(this.__updateAttributeTrust.bind(this, keyId, attributeId));
+
 		async.series(checks, callback);
 	},
 
@@ -541,5 +560,4 @@ utils.extend(Keyring.prototype, {
 			}.bind(this));
 		}.bind(this), [ "date" ]);
 	}
-
 });