mirror of https://github.com/keeweb/keeweb.git
62 lines
1.7 KiB
JavaScript
62 lines
1.7 KiB
JavaScript
const fs = require('fs');
|
|
const signer = require('pkcs11-smartcard-sign');
|
|
const crypto = require('crypto');
|
|
|
|
const verifyKey = fs.readFileSync('app/resources/public-key.pem');
|
|
const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
|
|
|
|
function getPin() {
|
|
if (getPin.pin) {
|
|
return Promise.resolve(getPin.pin);
|
|
}
|
|
return require('keytar')
|
|
.getPassword('keeweb.pin', 'keeweb')
|
|
.then((pass) => {
|
|
if (pass) {
|
|
getPin.pin = pass;
|
|
return pass;
|
|
} else {
|
|
throw 'Cannot find PIN';
|
|
}
|
|
});
|
|
}
|
|
|
|
function getPrivateKey(path) {
|
|
if (!getPrivateKey[path]) {
|
|
getPrivateKey[path] = fs.readFileSync(path);
|
|
}
|
|
return getPrivateKey[path];
|
|
}
|
|
|
|
module.exports = function sign(grunt, data) {
|
|
if (signerOptions.privateKey) {
|
|
return Promise.resolve().then(() => {
|
|
const algo = signerOptions.algo || 'sha256';
|
|
|
|
const sign = crypto.createSign(algo);
|
|
sign.update(data);
|
|
const signature = sign.sign(getPrivateKey(signerOptions.privateKey));
|
|
|
|
const verify = crypto.createVerify(algo);
|
|
verify.write(data);
|
|
verify.end();
|
|
|
|
if (verify.verify(verifyKey, signature)) {
|
|
return signature;
|
|
} else {
|
|
throw 'Validation error';
|
|
}
|
|
});
|
|
}
|
|
return getPin()
|
|
.then((pin) => signer.sign({ data, verifyKey, pin, ...signerOptions }))
|
|
.catch((err) => {
|
|
if (grunt) {
|
|
grunt.warn(`Error signing data: ${err}`);
|
|
}
|
|
throw err;
|
|
});
|
|
};
|
|
|
|
module.exports.getPin = getPin;
|