-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b866753
commit 56eed70
Showing
11 changed files
with
201 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,24 @@ | |||
module Keyserver where | |||
|
|||
import Control.Error (hush, MaybeT(..), runMaybeT, hoistMaybe, headMay) | |||
import Data.Binary (decodeOrFail) | |||
import qualified Network.HTTP as HTTP | |||
import qualified Data.OpenPGP as OpenPGP | |||
import qualified Codec.Encryption.OpenPGP.ASCIIArmor as ASCIIArmor | |||
import qualified Codec.Encryption.OpenPGP.ASCIIArmor.Types as ASCIIArmor | |||
import qualified Data.ByteString.Lazy as LZ | |||
|
|||
fetchKey :: String -> IO (Maybe OpenPGP.Message) | |||
fetchKey fpr = runMaybeT $ do | |||
r <- MaybeT $ fmap hush $ HTTP.simpleHTTP req | |||
-- XXX: Data is all ASCII, but this is still a terrible hack | |||
let rbytes = LZ.pack $ map (toEnum.fromEnum) (HTTP.rspBody r) | |||
armor <- hoistMaybe $ headMay =<< hush (ASCIIArmor.decodeLazy rbytes :: Either String [ASCIIArmor.Armor]) | |||
bytes <- case armor of | |||
ASCIIArmor.Armor ASCIIArmor.ArmorPublicKeyBlock _ bytes -> return bytes | |||
_ -> hoistMaybe Nothing | |||
case decodeOrFail bytes of | |||
Left _ -> hoistMaybe Nothing | |||
Right (_,_,x) -> return x | |||
where | |||
req = HTTP.getRequest $ "http://singpolyma.net:11371/pks/lookup?op=get&search=0x" ++ fpr ++ "&exact=on&options=mr" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,75 +1,54 @@ | |||
module Sqlite3 where | module Sqlite3 where | ||
|
|
||
import Control.Applicative | import Control.Applicative | ||
import Data.String (fromString) | |||
import Control.Monad (when) | import Control.Monad (when) | ||
import Data.List (find) | import Data.List (find) | ||
import Control.Arrow (first) | import Control.Arrow (first) | ||
import Data.Maybe (listToMaybe, mapMaybe) | import Data.Maybe (listToMaybe, mapMaybe) | ||
import Data.String (fromString) | import Data.String (fromString) | ||
import Data.Time.Clock (getCurrentTime, diffUTCTime) | import Data.Time.Clock (getCurrentTime, diffUTCTime, addUTCTime) | ||
import Control.Error (readMay, hush, tryHead, noteT, EitherT(..), MaybeT(..), hoistMaybe, throwT) | import Control.Error (readMay, hush, tryHead, noteT, EitherT(..), MaybeT(..), hoistMaybe, throwT, headMay) | ||
import Data.Base58Address (RippleAddress) | import Data.Base58Address (RippleAddress) | ||
import Database.SQLite.Simple (query, field, FromRow(..), Connection, open, close) | import Database.SQLite.Simple (query, field, FromRow(..), Connection, execute) | ||
import Data.Binary (Binary, decodeOrFail) | import Data.Binary (Binary, decodeOrFail) | ||
import Control.Exception (try) | import Control.Exception (try) | ||
import Control.Monad.Trans (liftIO) | import Control.Monad.Trans (liftIO) | ||
import qualified Data.OpenPGP as OpenPGP | import qualified Data.OpenPGP as OpenPGP | ||
import qualified Data.OpenPGP.CryptoAPI as OpenPGP | |||
import qualified Data.ByteString.Lazy as LZ | import qualified Data.ByteString.Lazy as LZ | ||
|
|
||
import Keyserver | |||
import Records | |||
import Assertion | import Assertion | ||
import Websocket hiding (readM) | |||
|
|||
data AddressAndKey = AddressAndKey RippleAddress OpenPGP.Message | |||
deriving (Show, Eq) | |||
|
|||
instance FromRow AddressAndKey where | |||
fromRow = AddressAndKey <$> (field >>= readM) <*> (field >>= decodeM) | |||
|
|||
decodeM :: (Binary a, Monad m) => LZ.ByteString -> m a | |||
decodeM bytes = case decodeOrFail bytes of | |||
Left (_,_,e) -> fail e | |||
Right (_,_,x) -> return x | |||
|
|||
-- | Signal read errors in some Monad (for parsing) | |||
readM :: (Read r, Monad m) => String -> m r | |||
readM s = case readMay s of | |||
Just x -> return x | |||
Nothing -> fail $ s ++ " is invalid" | |||
|
|||
findByKeyId :: Connection -> [String] -> IO [AddressAndKey] | |||
findByKeyId conn keyIds = query conn q (map ('%':) keyIds) | |||
where | |||
q = fromString $ "SELECT ripple_address, keydata FROM keys WHERE 1=0" ++ | |||
concat (replicate (length keyIds) like) | |||
like = " OR fingerprint LIKE ?" | |||
|
|
||
issuerKeyIds :: OpenPGP.Message -> [String] | issuerKeyIds :: OpenPGP.Message -> [String] | ||
issuerKeyIds (OpenPGP.Message ((OpenPGP.CompressedDataPacket _ (OpenPGP.Message p1)):p2)) = | issuerKeyIds (OpenPGP.Message ((OpenPGP.CompressedDataPacket _ (OpenPGP.Message p1)):p2)) = | ||
issuerKeyIds (OpenPGP.Message (p1 ++ p2)) | issuerKeyIds (OpenPGP.Message (p1 ++ p2)) | ||
issuerKeyIds (OpenPGP.Message pkts) = mapMaybe OpenPGP.signature_issuer pkts | issuerKeyIds (OpenPGP.Message pkts) = mapMaybe OpenPGP.signature_issuer pkts | ||
|
|
||
processObject :: Connection -> OpenPGP.Message -> IO (Either String (RippleAddress, Assertion)) | extractVerifiedAssertion :: OpenPGP.Message -> IO (Either String (OpenPGP.Packet, OpenPGP.Message, Assertion)) | ||
processObject conn msg = runEitherT $ do | extractVerifiedAssertion msg = runEitherT $ do | ||
time <- liftIO $ getCurrentTime | time <- liftIO $ getCurrentTime | ||
r <- liftIO $ findByKeyId conn (issuerKeyIds msg) | k <- noteT "Keyserver fetch failed." $ (MaybeT . fetchKey) =<< (hoistMaybe $ headMay (issuerKeyIds msg)) | ||
(adr, obj@(assertion, target, at)) <- tryHead "No valid signed object found." $ | (adr, obj@(assertion, target, at)) <- noteT "No valid signed object found." $ hoistMaybe $ | ||
mapMaybe (\(AddressAndKey adr k) -> | verifyAssertion time k msg | ||
fmap (first (const adr)) (verifyAssertion time k msg) | |||
) r | |||
|
|
||
when (at > time) (throwT "Signed object claims to be from the future.") | when (at > time) (throwT "Signed object claims to be from the future.") | ||
when (time `diffUTCTime` at > 3600) (throwT "Signed object is too old.") | when (time `diffUTCTime` at > 3600) (throwT "Signed object is too old.") | ||
|
|
||
AccountLinesR _ lines <- noteT (show adr ++ " has no credit relationships.") $ MaybeT $ doit adr | return (adr, k, obj) | ||
let line = filter ((== target) . lineAccount) lines |
|
||
when (null line) (throwT $ show adr ++ " has no credit relationship with " ++ show target) | insertVerifiedAssertion :: Connection -> OpenPGP.Message -> IO (Either String ()) | ||
let isOwed = any ((>0). lineBalance) line | insertVerifiedAssertion conn msg = runEitherT $ do | ||
(key, keyM, (typ,to,time)) <- EitherT $ extractVerifiedAssertion msg | |||
let fpr = OpenPGP.fingerprint key | |||
let row = AssertionRow keyM fpr to time typ msg | |||
|
|
||
-- TODO: refuse objects from A to B too close together | -- refuse objects from this key that are too close together | ||
r <- liftIO $ query conn (fromString "SELECT count(1) FROM assertions WHERE `at` > ? AND `at` < ?") (addUTCTime (-10) time, addUTCTime 10 time) | |||
case r of | |||
[[x]] | (x::Int) > 0 -> throwT "You have submitted other assertions too close in time to that assertion." | |||
_ -> return () | |||
|
|
||
case assertion of | liftIO $ execute conn (fromString "INSERT INTO assertions VALUES (?,?,?,?,?,?)") row | ||
MadePayment -> return (adr, obj) | |||
Chargeback -> return (adr, obj) | |||
MissedPayment | isOwed -> return (adr, obj) | |||
NotTrusted | isOwed -> return (adr, obj) | |||
_ -> throwT (show target ++ " is not in debt to " ++ show adr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,14 +1 @@ | |||
thread A that just waits on websocket for messages | SIGNING SUBKEYS | ||
If it's not a sort we understand, ignore it | |||
|
|||
thread B that gets signaled by thread A on new message and also takes requests to be sent out | |||
If it's a transaction, are we waiting for this one to auth someone? | |||
If yes, then switch their status | |||
If it's a response we're waiting for, send it back | |||
Else, ignore it | |||
|
|||
NEEDS TO BE A REC IN Records.hs YOU FOOL! AssertionRow probably also needs ToRow. We store normalized data from the blob in the DB for aggregation and sorting, and so might as well use it for display. INVESTIGATE HOW UTCTIME IS STORED IN DB! | |||
|
|||
Need JSON outputs also, just derive ToJSON for the record I expect. Include blobs in the JSON? | |||
|
|||
NO SEQUENTIAL IDS! data: URIs? Hashes? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1 +1,3 @@ | |||
GET /for/: => reportFor | GET /for/: => reportFor | ||
GET /for/:/submit => submitFor | |||
POST /for/: => assertFor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,58 @@ | |||
<!DOCTYPE html> | |||
<html xmlns="http://www.w3.org/1999/xhtml"> | |||
<head> | |||
<base href="http://rippleunion.com/" /> | |||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |||
<title>Submit Assertion for {{formAddress}}</title> | |||
|
|||
<style type="text/css"> | |||
html, body { | |||
background-color: #abcdef; | |||
font-family: "Liberation Sans", sans-serif; | |||
} | |||
body { | |||
margin-left: 10%; | |||
margin-right: 10%; | |||
margin-top: 2em; | |||
} | |||
body > h1 { | |||
overflow: hidden; | |||
} | |||
h1 * { | |||
vertical-align: middle; | |||
} | |||
h1 img { | |||
float: left; | |||
padding-right: 5em; | |||
} | |||
.rippleAddress { | |||
font-size: 0.5em; | |||
} | |||
a[rel=enclosure] img { | |||
position: relative; | |||
top: 4px; | |||
} | |||
input { | |||
display: block; | |||
} | |||
</style> | |||
</head> | |||
|
|||
<body> | |||
<h1><img src="/logo.png" alt="Ripple Union" /> Submit Assertion for <span class="rippleAddress">{{formAddress}}</span></h1> | |||
|
|||
<form method="post" action="{{formAction}}" enctype="multipart/form-data"> | |||
<label for="assertion">OpenPGP signed assertion</label> | |||
<input type="file" id="assertion" name="assertion" /> | |||
<input type="submit" value="Submit" /> | |||
</form> | |||
|
|||
</body> | |||
</html> |