keeweb/app/scripts/util/data/signature-verifier.js

import * as kdbxweb from 'kdbxweb';
import { Logger } from 'util/logger';
import publicKeyData from 'public-key.pem';
import publicKeyDataNew from 'public-key-new.pem';

const SignatureVerifier = {
    logger: new Logger('signature-verifier'),

    publicKeys: null,

    verify(data, signature, pk) {
        if (!pk) {
            const pks = this.getPublicKeys();
            return this.verify(data, signature, pks[0]).then((isValid) => {
                if (isValid || !pks[1]) {
                    return isValid;
                }
                return this.verify(data, signature, pks[1]);
            });
        }
        return new Promise((resolve, reject) => {
            const algo = { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } };
            try {
                if (typeof signature === 'string') {
                    signature = kdbxweb.ByteUtils.base64ToBytes(signature);
                }
                const subtle = window.crypto.subtle;
                const keyFormat = 'spki';
                pk = kdbxweb.ByteUtils.base64ToBytes(pk);
                subtle
                    .importKey(keyFormat, pk, algo, false, ['verify'])
                    .then((cryptoKey) => {
                        try {
                            subtle
                                .verify(
                                    algo,
                                    cryptoKey,
                                    kdbxweb.ByteUtils.arrayToBuffer(signature),
                                    kdbxweb.ByteUtils.arrayToBuffer(data)
                                )
                                .then((isValid) => {
                                    resolve(isValid);
                                })
                                .catch((e) => {
                                    this.logger.error('Verify error', e);
                                    reject(e);
                                });
                        } catch (e) {
                            this.logger.error('Signature verification error', e);
                            reject(e);
                        }
                    })
                    .catch((e) => {
                        this.logger.error('ImportKey error', e);
                        reject(e);
                    });
            } catch (e) {
                this.logger.error('Signature key verification error', e);
                reject(e);
            }
        });
    },

    getPublicKeys() {
        if (!this.publicKeys) {
            this.publicKeys = [publicKeyData, publicKeyDataNew].map((pk) =>
                pk.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1].replace(/\s+/g, '')
            );
        }
        return this.publicKeys;
    }
};

export { SignatureVerifier };
kdbxweb v2 2021-05-08 11:38:23 +02:00			`import * as kdbxweb from 'kdbxweb';`
imports 2019-09-15 14:16:32 +02:00			`import { Logger } from 'util/logger';`
fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`import publicKeyData from 'public-key.pem';`
			`import publicKeyDataNew from 'public-key-new.pem';`
plugin gallery 2017-05-13 22:36:07 +02:00
			`const SignatureVerifier = {`
			`logger: new Logger('signature-verifier'),`

fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`publicKeys: null,`
check plugins public keys 2017-05-14 17:14:21 +02:00
refactored similar code 2017-05-14 00:24:06 +02:00			`verify(data, signature, pk) {`
fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`if (!pk) {`
			`const pks = this.getPublicKeys();`
up modules; prettier 2020-06-01 16:53:51 +02:00			`return this.verify(data, signature, pks[0]).then((isValid) => {`
fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`if (isValid \|\| !pks[1]) {`
			`return isValid;`
			`}`
			`return this.verify(data, signature, pks[1]);`
			`});`
			`}`
plugin gallery 2017-05-13 22:36:07 +02:00			`return new Promise((resolve, reject) => {`
prettier 2019-08-16 23:05:39 +02:00			`const algo = { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } };`
plugin gallery 2017-05-13 22:36:07 +02:00			`try {`
using one key for everything 2019-09-28 14:17:55 +02:00			`if (typeof signature === 'string') {`
			`signature = kdbxweb.ByteUtils.base64ToBytes(signature);`
			`}`
removed obsolete code 2019-04-13 11:04:31 +02:00			`const subtle = window.crypto.subtle;`
			`const keyFormat = 'spki';`
			`pk = kdbxweb.ByteUtils.base64ToBytes(pk);`
prettier 2019-08-16 23:05:39 +02:00			`subtle`
			`.importKey(keyFormat, pk, algo, false, ['verify'])`
up modules; prettier 2020-06-01 16:53:51 +02:00			`.then((cryptoKey) => {`
prettier 2019-08-16 23:05:39 +02:00			`try {`
			`subtle`
			`.verify(`
			`algo,`
			`cryptoKey,`
			`kdbxweb.ByteUtils.arrayToBuffer(signature),`
			`kdbxweb.ByteUtils.arrayToBuffer(data)`
			`)`
up modules; prettier 2020-06-01 16:53:51 +02:00			`.then((isValid) => {`
prettier 2019-08-16 23:05:39 +02:00			`resolve(isValid);`
			`})`
up modules; prettier 2020-06-01 16:53:51 +02:00			`.catch((e) => {`
prettier 2019-08-16 23:05:39 +02:00			`this.logger.error('Verify error', e);`
using one key for everything 2019-09-28 14:17:55 +02:00			`reject(e);`
prettier 2019-08-16 23:05:39 +02:00			`});`
			`} catch (e) {`
			`this.logger.error('Signature verification error', e);`
using one key for everything 2019-09-28 14:17:55 +02:00			`reject(e);`
prettier 2019-08-16 23:05:39 +02:00			`}`
			`})`
up modules; prettier 2020-06-01 16:53:51 +02:00			`.catch((e) => {`
prettier 2019-08-16 23:05:39 +02:00			`this.logger.error('ImportKey error', e);`
using one key for everything 2019-09-28 14:17:55 +02:00			`reject(e);`
prettier 2019-08-16 23:05:39 +02:00			`});`
plugin gallery 2017-05-13 22:36:07 +02:00			`} catch (e) {`
more error handling 2017-05-14 17:04:14 +02:00			`this.logger.error('Signature key verification error', e);`
using one key for everything 2019-09-28 14:17:55 +02:00			`reject(e);`
plugin gallery 2017-05-13 22:36:07 +02:00			`}`
			`});`
refactored similar code 2017-05-14 00:24:06 +02:00			`},`

fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`getPublicKeys() {`
			`if (!this.publicKeys) {`
up modules; prettier 2020-06-01 16:53:51 +02:00			`this.publicKeys = [publicKeyData, publicKeyDataNew].map((pk) =>`
fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`pk.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1].replace(/\s+/g, '')`
			`);`
check plugins public keys 2017-05-14 17:14:21 +02:00			`}`
fix #1252: public key rotation 2019-09-28 14:40:46 +02:00			`return this.publicKeys;`
plugin gallery 2017-05-13 22:36:07 +02:00			`}`
			`};`

imports 2019-09-15 14:16:32 +02:00			`export { SignatureVerifier };`