func GetMerkleTriple(jw *jsonw.Wrapper) (ret *MerkleTriple, err error) {
var tmp MerkleTriple
if err = jw.UnmarshalAgain(&tmp); err != nil {
ret = &tmp
}
return ret, err
}
func (u *User) ToUntrackingStatement(w *jsonw.Wrapper) (err error) {
untrack := jsonw.NewDictionary()
untrack.SetKey("basics", u.ToUntrackingStatementBasics())
untrack.SetKey("id", UIDWrapper(u.GetUID()))
w.SetKey("untrack", untrack)
return
}
func (a *InternalAPIEngine) checkAppStatus(arg APIArg, jw *jsonw.Wrapper) (string, error) {
var set []string
resName, err := jw.AtKey("name").GetString()
if err != nil {
err = fmt.Errorf("Cannot find status name in reply")
return "", err
}
if arg.AppStatus == nil || len(arg.AppStatus) == 0 {
set = []string{"OK"}
} else {
set = arg.AppStatus
}
for _, status := range set {
if resName == status {
return resName, nil
}
}
// check if there was a bad session error:
if err := a.checkSessionExpired(arg, jw); err != nil {
return "", err
}
return "", NewAppStatusError(jw)
}
// checkReverseSig verifies that the reverse sig in jw is valid
// and matches jw.
func (e *Kex2Provisioner) checkReverseSig(jw *jsonw.Wrapper) error {
kid, err := jw.AtPath("body.sibkey.kid").GetString()
if err != nil {
return err
}
keypair, err := libkb.ImportKeypairFromKID(keybase1.KIDFromString(kid))
if err != nil {
return err
}
revsig, err := jw.AtPath("body.sibkey.reverse_sig").GetString()
if err != nil {
return err
}
// set reverse_sig to nil to verify it:
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewNil())
msg, err := jw.Marshal()
if err != nil {
return err
}
_, err = keypair.VerifyString(revsig, msg)
if err != nil {
return err
}
// put reverse_sig back in
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(revsig))
return nil
}
func (a *InternalAPIEngine) checkAppStatusFromJSONWrapper(arg APIArg, jw *jsonw.Wrapper) (*AppStatus, error) {
var ast AppStatus
if err := jw.UnmarshalAgain(&ast); err != nil {
return nil, err
}
return &ast, a.checkAppStatus(arg, &ast)
}
func (e *Kex2Provisionee) addDeviceSibkey(jw *jsonw.Wrapper) error {
if e.device.Description == nil {
e.G().Log.Debug("prompting for device name")
// TODO: get existing device names
arg := keybase1.PromptNewDeviceNameArg{}
name, err := e.ctx.ProvisionUI.PromptNewDeviceName(context.TODO(), arg)
if err != nil {
return err
}
e.device.Description = &name
e.G().Log.Debug("got device name: %q", name)
}
s := libkb.DeviceStatusActive
e.device.Status = &s
e.device.Kid = e.eddsa.GetKID()
dw, err := e.device.Export(libkb.SibkeyType)
if err != nil {
return err
}
jw.SetValueAtPath("body.device", dw)
if err = jw.SetValueAtPath("body.sibkey.kid", jsonw.NewString(e.eddsa.GetKID().String())); err != nil {
return err
}
return nil
}
func (a *InternalAPIEngine) checkSessionExpired(arg APIArg, status *jsonw.Wrapper) error {
code, err := status.AtKey("code").GetInt()
if err != nil {
return fmt.Errorf("Cannot find status 'code' in reply")
}
if code != SCBadSession {
return nil
}
var loggedIn bool
if arg.SessionR != nil {
loggedIn = arg.SessionR.IsLoggedIn()
} else {
loggedIn = a.G().LoginState().LoggedIn()
}
if !loggedIn {
return nil
}
a.G().Log.Debug("local session -> is logged in, remote -> not logged in. invalidating local session:")
if arg.SessionR != nil {
arg.SessionR.Invalidate()
} else {
a.G().LoginState().LocalSession(func(s *Session) { s.Invalidate() }, "api - checkSessionExpired")
}
return LoginRequiredError{Context: "your session has expired."}
}
func (j *JSONLocalDb) Put(id DbKey, aliases []DbKey, val *jsonw.Wrapper) error {
bytes, err := val.Marshal()
if err == nil {
err = j.engine.Put(id, aliases, bytes)
}
return err
}
func GetSigID(w *jsonw.Wrapper, suffix bool) (keybase1.SigID, error) {
s, err := w.GetString()
if err != nil {
return "", err
}
return keybase1.SigIDFromString(s, suffix)
}
func GetPGPFingerprint(w *jsonw.Wrapper) (*PGPFingerprint, error) {
s, err := w.GetString()
if err != nil {
return nil, err
}
return PGPFingerprintFromHex(s)
}
func ParseDevice(jw *jsonw.Wrapper) (ret *Device, err error) {
var obj Device
if err = jw.UnmarshalAgain(&obj); err == nil {
ret = &obj
}
return
}
func GetOneKey(jw *jsonw.Wrapper) (*PGPKeyBundle, error) {
s, err := jw.GetString()
if err != nil {
return nil, err
}
return ReadOneKeyFromString(s)
}
func (vp *VerificationPath) VerifyUser() (user *MerkleUserLeaf, err error) {
curr := vp.root.rootHash
var leaf *jsonw.Wrapper
leaf, err = vp.path.VerifyPath(curr, vp.uid.String())
if leaf != nil && err == nil {
if leaf, err = leaf.ToArray(); err != nil {
msg := fmt.Sprintf("Didn't find a leaf for user in tree: %s", err)
err = MerkleNotFoundError{vp.uid.String(), msg}
}
}
if err == nil {
// noop
} else if _, ok := err.(MerkleNotFoundError); ok {
vp.G().Log.Debug(fmt.Sprintf("In checking Merkle tree: %s", err))
} else {
return
}
user, err = parseMerkleUserLeaf(leaf, vp.G())
if user != nil {
user.uid = vp.uid
}
return
}
func parseV2(jw *jsonw.Wrapper) (*MerkleUserLeaf, error) {
user := MerkleUserLeaf{}
l, err := jw.Len()
if err != nil {
return nil, err
}
if l < 2 {
return nil, fmt.Errorf("No public chain.")
}
user.public, err = parseTriple(jw.AtIndex(1))
if err != nil {
return nil, err
}
if l >= 3 {
user.private, err = parseTriple(jw.AtIndex(2))
if err != nil {
return nil, err
}
}
if l >= 4 && !jw.AtIndex(3).IsNil() {
eldest, err := GetKID(jw.AtIndex(3))
if err != nil {
return nil, err
}
user.eldest = eldest
}
return &user, nil
}
func GetNodeHash(w *jsonw.Wrapper) (NodeHash, error) {
s, err := w.GetString()
if err != nil {
return nil, err
}
ret, err := NodeHashFromHex(s)
return ret, err
}
func GetUID(w *jsonw.Wrapper) (keybase1.UID, error) {
s, err := w.GetString()
var nilUID keybase1.UID
if err != nil {
return nilUID, err
}
return UIDFromHex(s)
}
func (k *KexProvisioner) verifyPleaseSign(jw *jsonw.Wrapper, newKID keybase1.KID) (err error) {
jw.AssertEqAtPath("body.key.kid", k.sigKey.GetKID().ToJsonw(), &err)
jw.AssertEqAtPath("body.key.uid", libkb.UIDWrapper(k.user.GetUID()), &err)
jw.AssertEqAtPath("body.key.eldest_kid", k.user.GetEldestKID().ToJsonw(), &err)
jw.AssertEqAtPath("body.key.username", jsonw.NewString(k.user.GetName()), &err)
jw.AssertEqAtPath("body.device.kid", newKID.ToJsonw(), &err)
jw.AssertEqAtPath("body.type", jsonw.NewString("sibkey"), &err)
return err
}
func ParseDevice(jw *jsonw.Wrapper, t time.Time) (ret *Device, err error) {
var obj Device
if err = jw.UnmarshalAgain(&obj); err == nil {
ret = &obj
ret.CTime = keybase1.ToTime(t)
ret.MTime = keybase1.ToTime(t)
}
return
}
func GetKID(w *jsonw.Wrapper) (kid keybase1.KID, err error) {
var s string
s, err = w.GetString()
if err != nil {
return
}
kid = keybase1.KIDFromString(s)
return
}
// ParseKeyFamily takes as input a dictionary from a JSON file and returns
// a parsed version for manipulation in the program.
func ParseKeyFamily(jw *jsonw.Wrapper) (ret *KeyFamily, err error) {
G.Log.Debug("+ ParseKeyFamily")
defer func() {
G.Log.Debug("- ParseKeyFamily -> %s", ErrToOk(err))
}()
if jw == nil || jw.IsNil() {
err = KeyFamilyError{"nil record from server"}
return
}
kf := KeyFamily{
pgp2kid: make(map[PGPFingerprint]keybase1.KID),
kid2pgp: make(map[keybase1.KID]PGPFingerprint),
Contextified: NewContextified(G),
}
// Fill in AllKeys. Somewhat wasteful but probably faster than
// using Jsonw wrappers, and less error-prone.
var rkf RawKeyFamily
if err = jw.UnmarshalAgain(&rkf); err != nil {
return
}
kf.BundlesForTesting = rkf.AllBundles
// Parse the keys, and collect the PGP keys to map their fingerprints.
kf.AllKIDs = make(map[keybase1.KID]bool)
kf.PGPKeySets = make(map[keybase1.KID]*PGPKeySet)
kf.SingleKeys = make(map[keybase1.KID]GenericKey)
for _, bundle := range rkf.AllBundles {
newKey, err := ParseGenericKey(bundle)
if err != nil {
return nil, err
}
kid := newKey.GetKID()
if pgp, isPGP := newKey.(*PGPKeyBundle); isPGP {
ks, ok := kf.PGPKeySets[kid]
if !ok {
ks = &PGPKeySet{nil, make(map[string]*PGPKeyBundle)}
kf.PGPKeySets[kid] = ks
fp := pgp.GetFingerprint()
kf.pgp2kid[fp] = kid
kf.kid2pgp[kid] = fp
}
ks.addKey(pgp)
} else {
kf.SingleKeys[kid] = newKey
}
kf.AllKIDs[kid] = true
}
ret = &kf
return
}
func NewSigHint(jw *jsonw.Wrapper) (sh *SigHint, err error) {
sh = &SigHint{}
sh.sigID, err = GetSigID(jw.AtKey("sig_id"), true)
sh.remoteID, _ = jw.AtKey("remote_id").GetString()
sh.apiURL, _ = jw.AtKey("api_url").GetString()
sh.humanURL, _ = jw.AtKey("human_url").GetString()
sh.checkText, _ = jw.AtKey("proof_text_check").GetString()
return
}
// SimpleSignJson marshals the given Json structure and then signs it.
func SignJSON(jw *jsonw.Wrapper, key GenericKey) (out string, id keybase1.SigID, lid LinkID, err error) {
var tmp []byte
if tmp, err = jw.Marshal(); err != nil {
return
}
out, id, err = key.SignToString(tmp)
lid = ComputeLinkID(tmp)
return
}
func (c *ChainLink) UnpackComputedKeyInfos(jw *jsonw.Wrapper) (err error) {
var tmp ComputedKeyInfos
if jw == nil || jw.IsNil() {
return
}
if err = jw.UnmarshalAgain(&tmp); err == nil {
c.cki = &tmp
}
return
}
func GetLinkID(w *jsonw.Wrapper) (LinkID, error) {
if w.IsNil() {
return nil, nil
}
s, err := w.GetString()
if err != nil {
return nil, err
}
ret, err := LinkIDFromHex(s)
return ret, err
}
func ImportLinkFromServer(g *GlobalContext, parent *SigChain, jw *jsonw.Wrapper, selfUID keybase1.UID) (ret *ChainLink, err error) {
var id LinkID
GetLinkIDVoid(jw.AtKey("payload_hash"), &id, &err)
if err != nil {
return
}
ret = NewChainLink(g, parent, id, jw)
if err = ret.Unpack(false, selfUID); err != nil {
ret = nil
}
return
}
func remoteProofToTrackingStatement(s RemoteProofChainLink, base *jsonw.Wrapper) error {
typS := s.TableKey()
i, found := RemoteServiceTypes[typS]
if !found {
return fmt.Errorf("No service type found for %q in proof %d", typS, s.GetSeqno())
}
base.AtKey("remote_key_proof").SetKey("proof_type", jsonw.NewInt(int(i)))
base.AtKey("remote_key_proof").SetKey("check_data_json", s.CheckDataJSON())
base.SetKey("sig_type", jsonw.NewInt(SigTypeRemoteProof))
return nil
}
func (r *Resolver) resolveURLViaServerLookup(au AssertionURL, input string, withBody bool) (res ResolveResult) {
var key, val string
var ares *APIRes
var l int
if au.IsKeybase() {
res.kbUsername = au.GetValue()
}
if key, val, res.err = au.ToLookup(); res.err != nil {
return
}
ha := HTTPArgsFromKeyValuePair(key, S{val})
ha.Add("multi", I{1})
fields := "basics"
if withBody {
fields += ",public_keys,pictures"
}
ha.Add("fields", S{fields})
ares, res.err = r.G().API.Get(APIArg{
Endpoint: "user/lookup",
NeedSession: false,
Args: ha,
})
if res.err != nil {
return
}
var them *jsonw.Wrapper
if them, res.err = ares.Body.AtKey("them").ToArray(); res.err != nil {
return
}
if l, res.err = them.Len(); res.err != nil {
return
}
if l == 0 {
res.err = ResolutionError{Input: input, Msg: "No resolution found"}
} else if l > 1 {
res.err = ResolutionError{Input: input, Msg: "Identify is ambiguous"}
} else {
res.body = them.AtIndex(0)
res.uid, res.err = GetUID(res.body.AtKey("id"))
}
return
}
func ImportUserConfigFromJSONWrapper(jw *jsonw.Wrapper) (ret *UserConfig, err error) {
var tmp UserConfig
if jw == nil {
return
}
if err = jw.UnmarshalAgain(&tmp); err != nil {
return
}
if err = tmp.Import(); err != nil {
return
}
ret = &tmp
return
}
func (sh *SigHints) PopulateWith(jw *jsonw.Wrapper) (err error) {
if jw == nil || jw.IsNil() {
return
}
jw.AtKey("version").GetIntVoid(&sh.version, &err)
if err != nil {
return
}
sh.hints = make(map[keybase1.SigID]*SigHint)
var n int
n, err = jw.AtKey("hints").Len()
if err != nil {
return
}
for i := 0; i < n; i++ {
hint, tmpe := NewSigHint(jw.AtKey("hints").AtIndex(i))
if tmpe != nil {
sh.G().Log.Warning("Bad SigHint Loaded: %s", tmpe)
} else {
sh.hints[hint.sigID] = hint
}
}
return
}
func trackedKeyFromJSON(jw *jsonw.Wrapper) (TrackedKey, error) {
var ret TrackedKey
kid, err := GetKID(jw.AtKey("kid"))
if err != nil {
return TrackedKey{}, err
}
ret.KID = kid
// It's ok if key_fingerprint doesn't exist. But if it does, then include it:
fp, err := GetPGPFingerprint(jw.AtKey("key_fingerprint"))
if err == nil && fp != nil {
ret.Fingerprint = fp
}
return ret, nil
}