keeweb/app/scripts/util/signature-verifier.js

const Logger = require('./logger');
const publicKey = require('raw-loader!../../resources/public-key.pem');
const kdbxweb = require('kdbxweb');

const SignatureVerifier = {
    logger: new Logger('signature-verifier'),

    publicKey: null,

    verify(data, signature, pk) {
        return new Promise((resolve, reject) => {
            const algo = {name: 'RSASSA-PKCS1-v1_5', hash: {name: 'SHA-256'}};
            try {
                if (!pk) {
                    pk = this.getPublicKey();
                }
                signature = kdbxweb.ByteUtils.base64ToBytes(signature);
                const subtle = window.crypto.subtle;
                const keyFormat = 'spki';
                pk = kdbxweb.ByteUtils.base64ToBytes(pk);
                subtle.importKey(
                    keyFormat, pk,
                    algo,
                    false, ['verify']
                ).then(cryptoKey => {
                    try {
                        subtle.verify(algo, cryptoKey,
                            kdbxweb.ByteUtils.arrayToBuffer(signature),
                            kdbxweb.ByteUtils.arrayToBuffer(data)
                        ).then(isValid => {
                            resolve(isValid);
                        }).catch(e => {
                            this.logger.error('Verify error', e);
                            reject();
                        });
                    } catch (e) {
                        this.logger.error('Signature verification error', e);
                        reject();
                    }
                }).catch(e => {
                    this.logger.error('ImportKey error', e);
                    reject();
                });
            } catch (e) {
                this.logger.error('Signature key verification error', e);
                reject();
            }
        });
    },

    getPublicKey() {
        if (!this.publicKey) {
            this.publicKey = publicKey
                .match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]
                .replace(/\s+/g, '');
        }
        return this.publicKey;
    }
};

module.exports = SignatureVerifier;
plugin gallery 2017-05-13 22:36:07 +02:00			`const Logger = require('./logger');`
			`const publicKey = require('raw-loader!../../resources/public-key.pem');`
			`const kdbxweb = require('kdbxweb');`

			`const SignatureVerifier = {`
			`logger: new Logger('signature-verifier'),`

check plugins public keys 2017-05-14 17:14:21 +02:00			`publicKey: null,`

refactored similar code 2017-05-14 00:24:06 +02:00			`verify(data, signature, pk) {`
plugin gallery 2017-05-13 22:36:07 +02:00			`return new Promise((resolve, reject) => {`
support plugins in safari 10.1 2017-05-14 16:58:42 +02:00			`const algo = {name: 'RSASSA-PKCS1-v1_5', hash: {name: 'SHA-256'}};`
plugin gallery 2017-05-13 22:36:07 +02:00			`try {`
refactored similar code 2017-05-14 00:24:06 +02:00			`if (!pk) {`
			`pk = this.getPublicKey();`
			`}`
			`signature = kdbxweb.ByteUtils.base64ToBytes(signature);`
removed obsolete code 2019-04-13 11:04:31 +02:00			`const subtle = window.crypto.subtle;`
			`const keyFormat = 'spki';`
			`pk = kdbxweb.ByteUtils.base64ToBytes(pk);`
support plugins in safari 10.1 2017-05-14 16:58:42 +02:00			`subtle.importKey(`
			`keyFormat, pk,`
			`algo,`
plugin gallery 2017-05-13 22:36:07 +02:00			`false, ['verify']`
			`).then(cryptoKey => {`
more error handling 2017-05-14 17:04:14 +02:00			`try {`
			`subtle.verify(algo, cryptoKey,`
			`kdbxweb.ByteUtils.arrayToBuffer(signature),`
			`kdbxweb.ByteUtils.arrayToBuffer(data)`
			`).then(isValid => {`
			`resolve(isValid);`
			`}).catch(e => {`
			`this.logger.error('Verify error', e);`
			`reject();`
			`});`
			`} catch (e) {`
			`this.logger.error('Signature verification error', e);`
plugin gallery 2017-05-13 22:36:07 +02:00			`reject();`
more error handling 2017-05-14 17:04:14 +02:00			`}`
plugin gallery 2017-05-13 22:36:07 +02:00			`}).catch(e => {`
			`this.logger.error('ImportKey error', e);`
			`reject();`
			`});`
			`} catch (e) {`
more error handling 2017-05-14 17:04:14 +02:00			`this.logger.error('Signature key verification error', e);`
plugin gallery 2017-05-13 22:36:07 +02:00			`reject();`
			`}`
			`});`
refactored similar code 2017-05-14 00:24:06 +02:00			`},`

			`getPublicKey() {`
check plugins public keys 2017-05-14 17:14:21 +02:00			`if (!this.publicKey) {`
			`this.publicKey = publicKey`
			`.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]`
			`.replace(/\s+/g, '');`
			`}`
			`return this.publicKey;`
plugin gallery 2017-05-13 22:36:07 +02:00			`}`
			`};`

			`module.exports = SignatureVerifier;`