Add Web Key Directory endpoint

Serve public keys in binary and armored text, if they contain a user's account address.
2024-09-23 19:20:10 +02:00
parent 3042a02a17
commit 4a677178e8
5 changed files with 135 additions and 3 deletions
--- a/spec/requests/web_key_directory_spec.rb
+++ b/spec/requests/web_key_directory_spec.rb
@@ -0,0 +1,84 @@
+require 'rails_helper'
+
+RSpec.describe "OpenPGP Web Key Directory", type: :request do
+  describe "non-existent user" do
+    it "returns a 404 status" do
+      get "/.well-known/openpgpkey/hu/fmb8gw3n4zdj4xpwaziki4mwcxr1368i?l=aristotle"
+      expect(response).to have_http_status(:not_found)
+    end
+  end
+
+  describe "user without pubkey" do
+    let(:user) { create :user, cn: 'bernd', ou: 'kosmos.org' }
+
+    it "returns a 404 status" do
+      get "/.well-known/openpgpkey/hu/kp95h369c89sx8ia1hn447i868nqyz4t?l=bernd"
+      expect(response).to have_http_status(:not_found)
+    end
+  end
+
+  describe "user with pubkey" do
+    let(:alice) { create :user, id: 2, cn: "alice", email: "alice@example.com" }
+    let(:jimmy) { create :user, id: 3, cn: "jimmy", email: "jimmy@example.com" }
+    let(:valid_key_alice) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_valid_alice.asc") }
+    let(:valid_key_jimmy) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_valid_jimmy.asc") }
+    let(:fingerprint_alice) { "EB85BB5FA33A75E15E944E63F231550C4F47E38E" }
+    let(:fingerprint_jimmy) { "316BF516236DAF77236B15F6057D93972FB862C3" }
+    let(:invalid_key) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_invalid.asc") }
+
+    before do
+      GPGME::Key.import(valid_key_alice)
+      GPGME::Key.import(valid_key_jimmy)
+      alice.update pgp_fpr: fingerprint_alice
+      jimmy.update pgp_fpr: fingerprint_jimmy
+    end
+
+    after do
+      alice.gnupg_key.delete!
+      jimmy.gnupg_key.delete!
+    end
+
+    describe "pubkey does not contain user address" do
+      before do
+        allow_any_instance_of(User).to receive(:ldap_entry)
+          .and_return({ pgp_key: valid_key_alice })
+      end
+
+      it "returns a 404 status" do
+        get "/.well-known/openpgpkey/hu/kei1q4tipxxu1yj79k9kfukdhfy631xe?l=alice"
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
+    describe "pubkey contains user address" do
+      before do
+        allow_any_instance_of(User).to receive(:ldap_entry)
+          .and_return({ pgp_key: valid_key_jimmy })
+      end
+
+      it "returns the pubkey in binary format" do
+        get "/.well-known/openpgpkey/hu/yuca4ky39mhwkjo78qb8zjgbfj1hg3yf?l=jimmy"
+        expect(response).to have_http_status(:ok)
+        expect(response.headers['Content-Type']).to eq("application/octet-stream")
+        expected_binary_data = File.binread("#{Rails.root}/spec/fixtures/files/pgp_key_valid_jimmy.pem")
+        expect(response.body).to eq(expected_binary_data)
+      end
+
+      context "with .txt extension" do
+        it "returns the pubkey as ASCII Armor plain text" do
+          get "/.well-known/openpgpkey/hu/yuca4ky39mhwkjo78qb8zjgbfj1hg3yf.txt?l=jimmy"
+          expect(response).to have_http_status(:ok)
+          expect(response.body).to eq(valid_key_jimmy)
+          expect(response.headers['Content-Type']).to eq("text/plain")
+        end
+      end
+
+      context "invalid URL" do
+        it "returns a 422 status" do
+          get "/.well-known/openpgpkey/hu/123456abcdef?l=alice"
+          expect(response).to have_http_status(:not_found)
+        end
+      end
+    end
+  end
+end