Commit e4c11c54 authored by Frauke's avatar Frauke
Browse files

Copied files spike into spike 2

parent 7ea76c17
var browserify = require('browserify')
var gulp = require('gulp')
var source = require('vinyl-source-stream')
var rename = require('gulp-rename')
gulp.task('js:bundle', () => {
browserify({
entries: 'src/js/script.js',
debug: true
})
.bundle()
.pipe(source('src/js/script.js'))
.pipe(rename({
dirname: ''
}))
.pipe(gulp.dest('./public/js'))
})
gulp.task('watch', () =>
gulp.watch('./src/**/*.js', ['js:bundle'])
)
This diff is collapsed.
......@@ -11,5 +11,17 @@
"url": "git@source.ind.ie:indienet/spikes/security/Libsodium.git"
},
"author": "Wim Vantomme, Frauke Vanderzijpen",
"license": "ISC"
"license": "ISC",
"devDependencies": {
"browserify": "^15.1.0",
"gulp": "^3.9.1",
"gulp-rename": "^1.2.2",
"standard": "^10.0.3",
"vinyl-source-stream": "^2.0.0"
},
"dependencies": {
"axios": "^0.17.1",
"body-parser": "^1.18.2",
"express": "^4.16.2"
}
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
<body>
<form action="register" method="post" id="register">
<label for="password">Password</label>
<input type="password" name="password" id="password">
<input type="submit" value="Create site">
</form>
<script src="js/vendor/OpenCrypto.js"></script>
<script src="js/script.js"></script>
</body>
</html>
This diff is collapsed.
const fs = require('fs')
const express = require('express')
const app = express()
const path = require('path')
const bodyParser = require('body-parser')
const fileUtils = require('./utils/fileUtils')
app.use(express.static(path.join(__dirname, '../public')))
app.use(bodyParser.json())
app.use(bodyParser.urlencoded({extended: false}))
app.post('/register', (req, res) => {
const salt = JSON.stringify({salt: req.body.salt})
const publicKey = JSON.stringify({publickKey: req.body.publicKey})
const privateKey = JSON.stringify({privateKey: req.body.privateKey})
const writeSalt = fileUtils.writeFile('./server/files/salt.json', salt)
const writePublicKey = fileUtils.writeFile('./server/files/publickey.json', publicKey)
const writePrivateKey = fileUtils.writeFile('./server/files/privatekey.json', privateKey)
Promise.all([writeSalt, writePublicKey, writePrivateKey]).then(() => {
res.status(200).end()
}).catch((er) => {
res.status(500).send('Ooops, something went wrong')
})
})
app.get('/publickey', (req, res) => {
fileUtils.readFile('./server/files/publickey.json').then((data) => {
data = JSON.parse(data)
res.status(200).send(data)
}).catch((err) => {
res.status(500).send('Ooops, something went wrong')
console.log(err)
})
})
app.get('/privatekey', (req, res) => {
fileUtils.readFile('./server/files/privatekey.json').then((data) => {
data = JSON.parse(data)
res.status(200).send(data)
}).catch((err) => {
res.status(500).send('Ooops, something went wrong')
console.log(err)
})
})
app.listen(8080)
const fs = require('fs')
// Writes a string to the filesystem.
function writeFile (fileName, value) {
return new Promise((resolve, reject) => {
fs.writeFile(fileName, value, (err) => {
if (err) {
reject(err)
}
resolve()
})
})
}
// Reads a file from the filesystem.
function readFile (fileName) {
return new Promise((resolve, reject) => {
fs.readFile(fileName, 'utf8', (err, data) => {
if (err) {
reject(err)
}
resolve(data)
})
})
}
module.exports = {
writeFile,
readFile
}
// Basic helper functions to directly write stuff to indexedDB through the browserAPI.
// Might be that we need to implement a shim for older browsers (shimIndexedDB)
function callOnStore (dbname, storeName, fn_) {
const indexedDB = window.indexedDB || window.mozIndexedDB || window.webkitIndexedDB || window.msIndexedDB
// Open or create the database.
const request = indexedDB.open(dbname, 1)
// Create the schema
request.onupgradeneeded = () => {
let db = request.result
let store = db.createObjectStore(storeName, {keyPath: 'id'})
}
request.onsuccess = () => {
let db = request.result
let transaction = db.transaction(storeName, 'readwrite')
let store = transaction.objectStore(storeName)
fn_(store)
transaction.oncomplete = () => db.close()
}
}
module.exports = {
callOnStore
}
const crypt = new OpenCrypto()
const axios = require('axios')
// Custom modules
const indexedDB = require('./indexedDB')
const form = document.getElementById('register')
function loadedKeyPair () {
indexedDB.callOnStore('testkeystore', 'keyStore', (store) => {
const getData = store.get(1)
getData.onsuccess = (event) => {
const keys = getData.result.keys
}
})
}
loadedKeyPair()
form.addEventListener('submit', (e) => {
e.preventDefault()
var saltValue = ''
const password = e.target.password.value
const salt = crypt.getRandomSalt()
salt.then((salt) => {
const keys = crypt.getKeyPair(undefined, undefined, undefined, true)
const pass = crypt.keyFromPassphrase(password, salt, 300000)
saltValue = salt
return Promise.all([keys, pass])
}).then((values) => {
const keyPair = values[0]
const hash = values[1]
const encryptedPrivateKey = crypt.encryptPrivateKey(keyPair.privateKey, hash)
const publicKeyValue = crypt.cryptoPublicToPem(keyPair.publicKey)
// Export key as an arraybuffer to import later as unextractable private key.
const exportedPrivateKey = crypto.subtle.exportKey('pkcs8', keyPair.privateKey)
return Promise.all([encryptedPrivateKey, publicKeyValue, exportedPrivateKey])
}).then((values) => {
// Import arraybuffer as an unextractable private key.
const nonExtractablePrivateKey = crypto.subtle.importKey('pkcs8', values[2], {name: 'RSA-OAEP', hash: {name: 'SHA-512'}, modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01])}, false, ['decrypt', 'unwrapKey'])
const postKeys = axios.post('register',
{
salt: saltValue,
publicKey: values[1],
privateKey: values[0]
})
return Promise.all([nonExtractablePrivateKey, postKeys])
}).then((values) => {
// Save unextractable private key to indexedDB.
indexedDB.callOnStore('testkeystore', 'keyStore', (store) => {
store.put({
id: 1,
keys: values[0]
})
})
}).catch((err) => {
console.log(err)
})
})
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment