Bug fix.
- Remove unsafe keystore. - Refactor functionality from unsafe keystore into mutable keystore.
This commit is contained in:
Spencer Ofwiti
199
src/assets/js/cic-meta/auth.ts
Normal file
199
src/assets/js/cic-meta/auth.ts
Normal file
@@ -0,0 +1,199 @@
|
||||
import * as pgp from 'openpgp';
|
||||
import * as crypto from 'crypto';
|
||||
|
||||
interface Signable {
|
||||
digest(): string;
|
||||
}
|
||||
|
||||
type KeyGetter = () => any;
|
||||
|
||||
type Signature = {
|
||||
engine: string
|
||||
algo: string
|
||||
data: string
|
||||
digest: string
|
||||
};
|
||||
|
||||
interface Signer {
|
||||
prepare(Signable): boolean;
|
||||
|
||||
onsign(Signature): void;
|
||||
|
||||
onverify(bool): void;
|
||||
|
||||
sign(digest: string): void;
|
||||
|
||||
verify(digest: string, signature: Signature): void;
|
||||
|
||||
fingerprint(): string;
|
||||
}
|
||||
|
||||
|
||||
interface Authoritative {
|
||||
}
|
||||
|
||||
interface KeyStore {
|
||||
getPrivateKey: KeyGetter;
|
||||
getFingerprint: () => string;
|
||||
getTrustedKeys: () => Array<any>;
|
||||
getTrustedActiveKeys: () => Array<any>;
|
||||
getEncryptKeys: () => Array<any>;
|
||||
}
|
||||
|
||||
class PGPKeyStore implements KeyStore {
|
||||
|
||||
fingerprint: string;
|
||||
pk: any;
|
||||
|
||||
pubk = {
|
||||
active: [],
|
||||
trusted: [],
|
||||
encrypt: [],
|
||||
};
|
||||
loads = 0x00;
|
||||
loadsTarget = 0x0f;
|
||||
onload: (k: KeyStore) => void;
|
||||
|
||||
constructor(passphrase: string, pkArmor: string, pubkActiveArmor: string, pubkTrustedArmor: string, pubkEncryptArmor: string,
|
||||
onload = (ks: KeyStore) => {
|
||||
}) {
|
||||
this._readKey(pkArmor, undefined, 1, passphrase);
|
||||
this._readKey(pubkActiveArmor, 'active', 2);
|
||||
this._readKey(pubkTrustedArmor, 'trusted', 4);
|
||||
this._readKey(pubkEncryptArmor, 'encrypt', 8);
|
||||
this.onload = onload;
|
||||
}
|
||||
|
||||
private _readKey(a: string, x: any, n: number, pass?: string): void {
|
||||
pgp.key.readArmored(a).then((k) => {
|
||||
if (pass !== undefined) {
|
||||
this.pk = k.keys[0];
|
||||
this.pk.decrypt(pass).then(() => {
|
||||
this.fingerprint = this.pk.getFingerprint();
|
||||
console.log('private key (sign)', this.fingerprint);
|
||||
this._registerLoad(n);
|
||||
});
|
||||
} else {
|
||||
this.pubk[x] = k.keys;
|
||||
k.keys.forEach((pubk) => {
|
||||
console.log('public key (' + x + ')', pubk.getFingerprint());
|
||||
});
|
||||
this._registerLoad(n);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private _registerLoad(b: number): void {
|
||||
this.loads |= b;
|
||||
if (this.loads == this.loadsTarget) {
|
||||
this.onload(this);
|
||||
}
|
||||
}
|
||||
|
||||
public getTrustedKeys(): Array<any> {
|
||||
return this.pubk.trusted;
|
||||
}
|
||||
|
||||
public getTrustedActiveKeys(): Array<any> {
|
||||
return this.pubk.active;
|
||||
}
|
||||
|
||||
public getEncryptKeys(): Array<any> {
|
||||
return this.pubk.encrypt;
|
||||
}
|
||||
|
||||
public getPrivateKey(): any {
|
||||
return this.pk;
|
||||
}
|
||||
|
||||
public getFingerprint(): string {
|
||||
return this.fingerprint;
|
||||
}
|
||||
}
|
||||
|
||||
class PGPSigner implements Signer {
|
||||
|
||||
engine = 'pgp';
|
||||
algo = 'sha256';
|
||||
dgst: string;
|
||||
signature: Signature;
|
||||
keyStore: KeyStore;
|
||||
onsign: (Signature) => void;
|
||||
onverify: (bool) => void;
|
||||
|
||||
constructor(keyStore: KeyStore) {
|
||||
this.keyStore = keyStore;
|
||||
this.onsign = (string) => {
|
||||
};
|
||||
this.onverify = (boolean) => {
|
||||
};
|
||||
}
|
||||
|
||||
public fingerprint(): string {
|
||||
return this.keyStore.getFingerprint();
|
||||
}
|
||||
|
||||
public prepare(material: Signable): boolean {
|
||||
this.dgst = material.digest();
|
||||
return true;
|
||||
}
|
||||
|
||||
public verify(digest: string, signature: Signature): void {
|
||||
pgp.signature.readArmored(signature.data).then((s) => {
|
||||
const opts = {
|
||||
message: pgp.cleartext.fromText(digest),
|
||||
publicKeys: this.keyStore.getTrustedKeys(),
|
||||
signature: s,
|
||||
};
|
||||
pgp.verify(opts).then((v) => {
|
||||
let i = 0;
|
||||
for (i = 0; i < v.signatures.length; i++) {
|
||||
const s = v.signatures[i];
|
||||
if (s.valid) {
|
||||
this.onverify(s);
|
||||
return;
|
||||
}
|
||||
}
|
||||
console.error('checked ' + i + ' signature(s) but none valid');
|
||||
this.onverify(false);
|
||||
});
|
||||
}).catch((e) => {
|
||||
console.error(e);
|
||||
this.onverify(false);
|
||||
});
|
||||
}
|
||||
|
||||
public sign(digest: string): void {
|
||||
const m = pgp.cleartext.fromText(digest);
|
||||
const pk = this.keyStore.getPrivateKey();
|
||||
const opts = {
|
||||
message: m,
|
||||
privateKeys: [pk],
|
||||
detached: true,
|
||||
};
|
||||
pgp.sign(opts).then((s) => {
|
||||
this.signature = {
|
||||
engine: this.engine,
|
||||
algo: this.algo,
|
||||
data: s.signature,
|
||||
// TODO: fix for browser later
|
||||
digest: digest,
|
||||
};
|
||||
this.onsign(this.signature);
|
||||
}).catch((e) => {
|
||||
console.error(e);
|
||||
this.onsign(undefined);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
export {
|
||||
Signature,
|
||||
Authoritative,
|
||||
Signer,
|
||||
KeyGetter,
|
||||
Signable,
|
||||
KeyStore,
|
||||
PGPSigner,
|
||||
PGPKeyStore,
|
||||
};
|
||||
@@ -3,7 +3,7 @@ import {hobaResult, hobaToSign} from "@src/assets/js/hoba.js";
|
||||
const alg = '969';
|
||||
|
||||
export async function signChallenge(challenge, realm, origin, keyStore) {
|
||||
const fingerprint = keyStore.fingerprint();
|
||||
const fingerprint = keyStore.getFingerprint();
|
||||
const nonce_array = new Uint8Array(32);
|
||||
crypto.getRandomValues(nonce_array);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user