func (s *Session) SetLoggedIn(sessionID, csrfToken string, username NormalizedUsername, uid keybase1.UID, deviceID keybase1.DeviceID) error {
s.valid = true
s.uid = uid
s.username = &username
s.token = sessionID
if s.file == nil {
G.Log.Warning("s.file == nil")
if err := s.Load(); err != nil {
return err
}
}
if s.GetDictionary() == nil {
G.Log.Warning("s.GetDict() == nil")
}
s.GetDictionary().SetKey("session", jsonw.NewString(sessionID))
s.SetCsrf(csrfToken)
s.deviceID = deviceID
if s.file == nil {
return errors.New("no session file")
}
s.GetDictionary().SetKey("device_provisioned", jsonw.NewString(deviceID.String()))
return s.save()
}
func (t WebServiceType) ToServiceJSON(un string) *jsonw.Wrapper {
h, p, _ := ParseWeb(un)
ret := jsonw.NewDictionary()
ret.SetKey("protocol", jsonw.NewString(p+":"))
ret.SetKey("hostname", jsonw.NewString(h))
return ret
}
func condenseRecord(l *libkb.TrackChainLink) (*jsonw.Wrapper, error) {
uid, err := l.GetTrackedUID()
if err != nil {
return nil, err
}
trackedKeys, err := l.GetTrackedKeys()
if err != nil {
return nil, err
}
fpsDisplay := make([]string, len(trackedKeys))
for i, trackedKey := range trackedKeys {
fpsDisplay[i] = strings.ToUpper(trackedKey.Fingerprint.String())
}
un, err := l.GetTrackedUsername()
if err != nil {
return nil, err
}
rp := l.RemoteKeyProofs()
out := jsonw.NewDictionary()
out.SetKey("uid", libkb.UIDWrapper(uid))
out.SetKey("keys", jsonw.NewString(strings.Join(fpsDisplay, ", ")))
out.SetKey("ctime", jsonw.NewInt64(l.GetCTime().Unix()))
out.SetKey("username", jsonw.NewString(un))
out.SetKey("proofs", rp)
return out, nil
}
func (u *User) RevokeKeysProof(key GenericKey, kidsToRevoke []keybase1.KID, deviceToDisable keybase1.DeviceID) (*jsonw.Wrapper, error) {
ret, err := ProofMetadata{
Me: u,
LinkType: RevokeType,
SigningKey: key,
}.ToJSON(u.G())
if err != nil {
return nil, err
}
body := ret.AtKey("body")
revokeSection := jsonw.NewDictionary()
revokeSection.SetKey("kids", jsonw.NewWrapper(kidsToRevoke))
body.SetKey("revoke", revokeSection)
if deviceToDisable.Exists() {
device, err := u.GetDevice(deviceToDisable)
if err != nil {
return nil, err
}
deviceSection := jsonw.NewDictionary()
deviceSection.SetKey("id", jsonw.NewString(deviceToDisable.String()))
deviceSection.SetKey("type", jsonw.NewString(device.Type))
deviceSection.SetKey("status", jsonw.NewInt(DeviceStatusDefunct))
body.SetKey("device", deviceSection)
}
return ret, nil
}
func (c *CmdSearch) showJSONResults(results []keybase1.UserSummary) error {
output := jsonw.NewArray(len(results))
for userIndex, user := range results {
userBlob := jsonw.NewDictionary()
userBlob.SetKey("username", jsonw.NewString(user.Username))
for _, social := range user.Proofs.Social {
userBlob.SetKey(social.ProofType, jsonw.NewString(social.ProofName))
}
if len(user.Proofs.Web) > 0 {
var webProofs []string
for _, webProof := range user.Proofs.Web {
for _, protocol := range webProof.Protocols {
webProofs = append(webProofs, libkb.MakeURI(protocol, webProof.Hostname))
}
}
websites := jsonw.NewArray(len(webProofs))
for i, wp := range webProofs {
websites.SetIndex(i, jsonw.NewString(wp))
}
userBlob.SetKey("websites", websites)
}
output.SetIndex(userIndex, userBlob)
}
GlobUI.Println(output.MarshalPretty())
return nil
}
func (k *KexProvisioner) verifyPleaseSign(jw *jsonw.Wrapper, newKID keybase1.KID) (err error) {
jw.AssertEqAtPath("body.key.kid", k.sigKey.GetKID().ToJsonw(), &err)
jw.AssertEqAtPath("body.key.uid", libkb.UIDWrapper(k.user.GetUID()), &err)
jw.AssertEqAtPath("body.key.eldest_kid", k.user.GetEldestKID().ToJsonw(), &err)
jw.AssertEqAtPath("body.key.username", jsonw.NewString(k.user.GetName()), &err)
jw.AssertEqAtPath("body.device.kid", newKID.ToJsonw(), &err)
jw.AssertEqAtPath("body.type", jsonw.NewString("sibkey"), &err)
return err
}
func (sh SigHint) MarshalToJSON() *jsonw.Wrapper {
ret := jsonw.NewDictionary()
ret.SetKey("sig_id", jsonw.NewString(sh.sigID.ToString(true)))
ret.SetKey("remote_id", jsonw.NewString(sh.remoteID))
ret.SetKey("api_url", jsonw.NewString(sh.apiURL))
ret.SetKey("human_url", jsonw.NewString(sh.humanURL))
ret.SetKey("proof_text_check", jsonw.NewString(sh.checkText))
return ret
}
func (u *User) ToTrackingStatementSeqTail() *jsonw.Wrapper {
mul := u.GetPublicChainTail()
if mul == nil {
return jsonw.NewNil()
}
ret := jsonw.NewDictionary()
ret.SetKey("sig_id", jsonw.NewString(mul.SigID.ToString(true)))
ret.SetKey("seqno", jsonw.NewInt(int(mul.Seqno)))
ret.SetKey("payload_hash", jsonw.NewString(mul.LinkID.String()))
return ret
}
func (w *WebProofChainLink) CheckDataJSON() *jsonw.Wrapper {
ret := jsonw.NewDictionary()
if w.protocol == "dns" {
ret.SetKey("protocol", jsonw.NewString(w.protocol))
ret.SetKey("domain", jsonw.NewString(w.hostname))
} else {
ret.SetKey("protocol", jsonw.NewString(w.protocol+":"))
ret.SetKey("hostname", jsonw.NewString(w.hostname))
}
return ret
}
func (u *User) ToTrackingStatementKey(errp *error) *jsonw.Wrapper {
ret := jsonw.NewDictionary()
if !u.HasActiveKey() {
*errp = fmt.Errorf("User %s doesn't have an active key", u.GetName())
} else {
kid := u.GetEldestKID()
ret.SetKey("kid", jsonw.NewString(kid.String()))
ckf := u.GetComputedKeyFamily()
if fingerprint, exists := ckf.kf.kid2pgp[kid]; exists {
ret.SetKey("key_fingerprint", jsonw.NewString(fingerprint.String()))
}
}
return ret
}
func (s *Session) SetCsrf(t string) {
s.csrf = t
if s.file == nil {
return
}
s.GetDictionary().SetKey("csrf", jsonw.NewString(t))
}
// checkReverseSig verifies that the reverse sig in jw is valid
// and matches jw.
func (e *Kex2Provisioner) checkReverseSig(jw *jsonw.Wrapper) error {
kid, err := jw.AtPath("body.sibkey.kid").GetString()
if err != nil {
return err
}
keypair, err := libkb.ImportKeypairFromKID(keybase1.KIDFromString(kid))
if err != nil {
return err
}
revsig, err := jw.AtPath("body.sibkey.reverse_sig").GetString()
if err != nil {
return err
}
// set reverse_sig to nil to verify it:
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewNil())
msg, err := jw.Marshal()
if err != nil {
return err
}
_, err = keypair.VerifyString(revsig, msg)
if err != nil {
return err
}
// put reverse_sig back in
jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(revsig))
return nil
}
func (e *Kex2Provisionee) addDeviceSibkey(jw *jsonw.Wrapper) error {
if e.device.Description == nil {
e.G().Log.Debug("prompting for device name")
// TODO: get existing device names
arg := keybase1.PromptNewDeviceNameArg{}
name, err := e.ctx.ProvisionUI.PromptNewDeviceName(context.TODO(), arg)
if err != nil {
return err
}
e.device.Description = &name
e.G().Log.Debug("got device name: %q", name)
}
s := libkb.DeviceStatusActive
e.device.Status = &s
e.device.Kid = e.eddsa.GetKID()
dw, err := e.device.Export(libkb.SibkeyType)
if err != nil {
return err
}
jw.SetValueAtPath("body.device", dw)
if err = jw.SetValueAtPath("body.sibkey.kid", jsonw.NewString(e.eddsa.GetKID().String())); err != nil {
return err
}
return nil
}
func (f *JSONConfigFile) setUserConfigWithLock(u *UserConfig, overwrite bool) error {
if u == nil {
f.G().Log.Debug("| SetUserConfig(nil)")
f.jw.DeleteKey("current_user")
f.userConfigWrapper.userConfig = nil
return f.flush()
}
parent := f.jw.AtKey("users")
un := u.GetUsername()
f.G().Log.Debug("| SetUserConfig(%s)", un)
if parent.IsNil() {
parent = jsonw.NewDictionary()
f.jw.SetKey("users", parent)
f.dirty = true
}
if parent.AtKey(un.String()).IsNil() || overwrite {
uWrapper, err := jsonw.NewObjectWrapper(*u)
if err != nil {
return err
}
parent.SetKey(un.String(), uWrapper)
f.userConfigWrapper.userConfig = u
f.dirty = true
}
if !f.getCurrentUser().Eq(un) {
f.jw.SetKey("current_user", jsonw.NewString(un.String()))
f.userConfigWrapper.userConfig = nil
f.dirty = true
}
return f.Write()
}
func (s *Session) SetDeviceProvisioned(devid keybase1.DeviceID) error {
s.G().Log.Debug("Local Session: setting provisioned device id: %s", devid)
s.deviceID = devid
if s.file == nil {
return errors.New("no session file")
}
s.GetDictionary().SetKey("device_provisioned", jsonw.NewString(devid.String()))
return s.save()
}
func (k *PGPKeyBundle) StoreToLocalDb(g *GlobalContext) error {
s, err := k.Encode()
if err != nil {
return err
}
val := jsonw.NewString(s)
g.Log.Debug("| Storing Key (kid=%s) to Local DB", k.GetKID())
return g.LocalDb.Put(DbKey{Typ: DBPGPKey, Key: k.GetKID().String()}, []DbKey{}, val)
}
func (mr *MerkleRoot) ToSigJSON() (ret *jsonw.Wrapper) {
ret = jsonw.NewDictionary()
ret.SetKey("seqno", jsonw.NewInt(int(mr.seqno)))
ret.SetKey("ctime", jsonw.NewInt64(mr.ctime))
ret.SetKey("hash", jsonw.NewString(mr.rootHash.String()))
return
}
func (u *User) ToTrackingStatementPGPKeys(errp *error) *jsonw.Wrapper {
keys := u.GetActivePGPKeys(true)
if len(keys) == 0 {
return nil
}
ret := jsonw.NewArray(len(keys))
for i, k := range keys {
kd := jsonw.NewDictionary()
kid := k.GetKID()
fp := k.GetFingerprintP()
kd.SetKey("kid", jsonw.NewString(kid.String()))
if fp != nil {
kd.SetKey("key_fingerprint", jsonw.NewString(fp.String()))
}
ret.SetIndex(i, kd)
}
return ret
}
func (cr CheckResult) Pack() *jsonw.Wrapper {
p := jsonw.NewDictionary()
if cr.Status != nil {
s := jsonw.NewDictionary()
s.SetKey("code", jsonw.NewInt(int(cr.Status.GetProofStatus())))
s.SetKey("desc", jsonw.NewString(cr.Status.GetDesc()))
p.SetKey("status", s)
}
p.SetKey("time", jsonw.NewInt64(cr.Time.Unix()))
return p
}
func (u *User) ToTrackingStatementBasics(errp *error) *jsonw.Wrapper {
ret := jsonw.NewDictionary()
ret.SetKey("username", jsonw.NewString(u.name))
if lastIDChange, err := u.basics.AtKey("last_id_change").GetInt(); err == nil {
ret.SetKey("last_id_change", jsonw.NewInt(lastIDChange))
}
if idVersion, err := u.basics.AtKey("id_version").GetInt(); err == nil {
ret.SetKey("id_version", jsonw.NewInt(idVersion))
}
return ret
}
// AuthenticationProof makes a JSON proof statement for the user that he can sign
// to prove a log-in to the system. If successful, the server will return with
// a session token.
func (u *User) AuthenticationProof(key GenericKey, session string, ei int) (ret *jsonw.Wrapper, err error) {
if ret, err = (ProofMetadata{
Me: u,
LinkType: AuthenticationType,
ExpireIn: ei,
SigningKey: key,
}.ToJSON(u.G())); err != nil {
return
}
body := ret.AtKey("body")
var nonce [16]byte
if _, err = rand.Read(nonce[:]); err != nil {
return
}
auth := jsonw.NewDictionary()
auth.SetKey("nonce", jsonw.NewString(hex.EncodeToString(nonce[:])))
auth.SetKey("session", jsonw.NewString(session))
body.SetKey("auth", auth)
return
}
func createKeyFamily(bundles []string) (*KeyFamily, error) {
allKeys := jsonw.NewArray(len(bundles))
for i, bundle := range bundles {
err := allKeys.SetIndex(i, jsonw.NewString(bundle))
if err != nil {
return nil, err
}
}
publicKeys := jsonw.NewDictionary()
publicKeys.SetKey("all_bundles", allKeys)
return ParseKeyFamily(publicKeys)
}
func (u *User) CryptocurrencySig(key GenericKey, address string, sigToRevoke keybase1.SigID) (*jsonw.Wrapper, error) {
ret, err := ProofMetadata{
Me: u,
LinkType: CryptocurrencyType,
SigningKey: key,
}.ToJSON(u.G())
if err != nil {
return nil, err
}
body := ret.AtKey("body")
currencySection := jsonw.NewDictionary()
currencySection.SetKey("address", jsonw.NewString(address))
currencySection.SetKey("type", jsonw.NewString("bitcoin"))
body.SetKey("cryptocurrency", currencySection)
if len(sigToRevoke) > 0 {
revokeSection := jsonw.NewDictionary()
revokeSection.SetKey("sig_id", jsonw.NewString(sigToRevoke.ToString(true /* suffix */)))
body.SetKey("revoke", revokeSection)
}
return ret, nil
}
func (arg KeySection) ToJSON() (*jsonw.Wrapper, error) {
ret := jsonw.NewDictionary()
ret.SetKey("kid", jsonw.NewString(arg.Key.GetKID().String()))
if arg.EldestKID != "" {
ret.SetKey("eldest_kid", jsonw.NewString(arg.EldestKID.String()))
}
if arg.ParentKID != "" {
ret.SetKey("parent_kid", jsonw.NewString(arg.ParentKID.String()))
}
if arg.HasRevSig {
var revSig *jsonw.Wrapper
if arg.RevSig != "" {
revSig = jsonw.NewString(arg.RevSig)
} else {
revSig = jsonw.NewNil()
}
ret.SetKey("reverse_sig", revSig)
}
if arg.SigningUser != nil {
ret.SetKey("host", jsonw.NewString(CanonicalHost))
ret.SetKey("uid", UIDWrapper(arg.SigningUser.GetUID()))
ret.SetKey("username", jsonw.NewString(arg.SigningUser.GetName()))
}
if pgp, ok := arg.Key.(*PGPKeyBundle); ok {
fingerprint := pgp.GetFingerprint()
ret.SetKey("fingerprint", jsonw.NewString(fingerprint.String()))
ret.SetKey("key_id", jsonw.NewString(fingerprint.ToKeyID()))
if arg.IncludePGPHash {
hash, err := pgp.FullHash()
if err != nil {
return nil, err
}
ret.SetKey("full_hash", jsonw.NewString(hash))
}
}
return ret, nil
}
func (g *GenericChainLink) BaseToTrackingStatement(state keybase1.ProofState) *jsonw.Wrapper {
ret := jsonw.NewDictionary()
ret.SetKey("curr", jsonw.NewString(g.id.String()))
ret.SetKey("sig_id", jsonw.NewString(g.GetSigID().ToString(true)))
rkp := jsonw.NewDictionary()
ret.SetKey("remote_key_proof", rkp)
rkp.SetKey("state", jsonw.NewInt(int(state)))
prev := g.GetPrev()
var prevVal *jsonw.Wrapper
if prev == nil {
prevVal = jsonw.NewNil()
} else {
prevVal = jsonw.NewString(prev.String())
}
ret.SetKey("prev", prevVal)
ret.SetKey("ctime", jsonw.NewInt64(g.unpacked.ctime))
ret.SetKey("etime", jsonw.NewInt64(g.unpacked.etime))
return ret
}
func (c *ChainLink) Pack() error {
p := jsonw.NewDictionary()
// Store the original JSON string so its order is preserved
p.SetKey("payload_json", jsonw.NewString(c.unpacked.payloadJSONStr))
p.SetKey("sig", jsonw.NewString(c.unpacked.sig))
p.SetKey("sig_id", jsonw.NewString(string(c.unpacked.sigID)))
p.SetKey("kid", c.unpacked.kid.ToJsonw())
p.SetKey("ctime", jsonw.NewInt64(c.unpacked.ctime))
if c.unpacked.pgpFingerprint != nil {
p.SetKey("fingerprint", jsonw.NewString(c.unpacked.pgpFingerprint.String()))
}
p.SetKey("sig_verified", jsonw.NewBool(c.sigVerified))
p.SetKey("proof_text_full", jsonw.NewString(c.unpacked.proofText))
if c.cki != nil {
p.SetKey("computed_key_infos", jsonw.NewWrapper(*c.cki))
}
c.packed = p
return nil
}
func (f *JSONConfigFile) SwitchUser(nu NormalizedUsername) error {
f.userConfigWrapper.Lock()
defer f.userConfigWrapper.Unlock()
if cu := f.getCurrentUser(); cu.Eq(nu) {
f.G().Log.Debug("| Already configured as user=%s", nu)
return nil
}
if f.jw.AtKey("users").AtKey(nu.String()).IsNil() {
return UserNotFoundError{msg: nu.String()}
}
f.jw.SetKey("current_user", jsonw.NewString(nu.String()))
f.userConfigWrapper.userConfig = nil
return f.flush()
}
func (u *User) UpdatePassphraseProof(key GenericKey, pwh string, ppGen PassphraseGeneration) (*jsonw.Wrapper, error) {
ret, err := ProofMetadata{
Me: u,
LinkType: UpdatePassphraseType,
SigningKey: key,
}.ToJSON(u.G())
if err != nil {
return nil, err
}
body := ret.AtKey("body")
pp := jsonw.NewDictionary()
pp.SetKey("hash", jsonw.NewString(pwh))
pp.SetKey("version", jsonw.NewInt(int(triplesec.Version)))
pp.SetKey("passphrase_generation", jsonw.NewInt(int(ppGen)))
body.SetKey("update_passphrase_hash", pp)
return ret, nil
}
func (e *Kex2Provisionee) reverseSig(jw *jsonw.Wrapper) error {
// need to set reverse_sig to nil before making reverse sig:
if err := jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewNil()); err != nil {
return err
}
sig, _, _, err := libkb.SignJSON(jw, e.eddsa)
if err != nil {
return err
}
// put the signature in reverse_sig
if err := jw.SetValueAtPath("body.sibkey.reverse_sig", jsonw.NewString(sig)); err != nil {
return err
}
return nil
}
func (u *User) RevokeSigsProof(key GenericKey, sigIDsToRevoke []keybase1.SigID) (*jsonw.Wrapper, error) {
ret, err := ProofMetadata{
Me: u,
LinkType: RevokeType,
SigningKey: key,
}.ToJSON(u.G())
if err != nil {
return nil, err
}
body := ret.AtKey("body")
revokeSection := jsonw.NewDictionary()
idsArray := jsonw.NewArray(len(sigIDsToRevoke))
for i, id := range sigIDsToRevoke {
idsArray.SetIndex(i, jsonw.NewString(id.ToString(true)))
}
revokeSection.SetKey("sig_ids", idsArray)
body.SetKey("revoke", revokeSection)
return ret, nil
}
