diff --git a/javascript/src/iframe/viamapi-iframe.js b/javascript/src/iframe/viamapi-iframe.js
index f66bd71da8e7067ac14972853aeb910cabe8b036..1dbf23255846c48509596e4fcd46afe84d19a64d 100644
--- a/javascript/src/iframe/viamapi-iframe.js
+++ b/javascript/src/iframe/viamapi-iframe.js
@@ -6,7 +6,7 @@ import {
stringToUtf8Base64,
utf8Base64ToString,
base64ToByteArray,
- byteArrayToBase64
+ byteArrayToBase64,
} from "../utilities/stringUtilities";
import { extractMessageID } from "../helpers/mailparser";
@@ -17,7 +17,7 @@ import {
destroyIdentityFromLocalStorage,
encodeResponse,
listIdentitiesFromLocalStorage,
- makeid
+ makeid,
} from "../utilities/appUtility";
import { LOGIN_MODES } from "../constants/authentication";
import {
@@ -29,7 +29,7 @@ import {
encryptMessage,
parseCertificate,
signEmail,
- verifySMIME
+ verifySMIME,
} from "../utilities/signingUtilities";
import { signPdf } from "../utilities/pdfUtilities";
import CryptoData from "../CryptoData";
@@ -37,14 +37,14 @@ import Identity from "../Identity";
import {
STATUS_DEVICE_REVOKED,
STATUS_USER_NOT_ACTIVATED,
- STATUS_USER_BLOCKED
+ STATUS_USER_BLOCKED,
} from "../constants/statuses";
import generateQrCode from "../utilities/generateQrCode";
import {
generateRecoveryKey,
- divideSecretToShares,
- combineSecret,
- encryptShare
+ getRecoveryKeyShares,
+ checkRecoveryKeyCombine,
+ encryptShare,
} from "../utilities/secrets";
const penpalMethods = require("../../temp/penpal-methods").default;
@@ -109,7 +109,7 @@ function setIdentityInLocalStorage(identityToStore, extendKey = true) {
}
return encryptMessage(serializedIdentity, pinCode, "identity").then(
- encryptedIdentity => {
+ (encryptedIdentity) => {
let success = true;
if (extendKey === true) {
success = extendPinCodeTtl(key, pinCode);
@@ -129,13 +129,13 @@ function setIdentityInLocalStorage(identityToStore, extendKey = true) {
}
function getProfileData(identity) {
- return new Penpal.Promise(executeResultUpper => {
+ return new Penpal.Promise((executeResultUpper) => {
executeRestfulFunction(
"private",
viamApi,
viamApi.identityGetIdentityProfileData,
null
- ).then(executeResult => {
+ ).then((executeResult) => {
if (executeResult.code === "200") {
const listItem = {};
@@ -232,7 +232,7 @@ function createEvent(actionId, type, payloads) {
actionID: actionId,
type,
stamp: new Date().getTime(),
- payloads
+ payloads,
};
}
@@ -292,7 +292,7 @@ async function executeRestfulFunction(type, that, fn, config, ...args) {
const {
currentlyAuthenticatedIdentity,
viamApi,
- currentlyLoadedIdentity
+ currentlyLoadedIdentity,
} = window;
let response;
try {
@@ -306,7 +306,7 @@ async function executeRestfulFunction(type, that, fn, config, ...args) {
const data = {
data: "",
code: "999",
- status: error.message
+ status: error.message,
};
return data;
}
@@ -371,15 +371,15 @@ async function executeRestfulFunction(type, that, fn, config, ...args) {
window.executeRestfulFunction = executeRestfulFunction;
function loadIdentityInternal(identityKey, pinCode) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
getIdentityFromLocalStorage(identityKey, pinCode)
- .then(async loadedIdentity => {
+ .then(async (loadedIdentity) => {
if (loadedIdentity == null) {
result({
data: "",
code: "400",
status:
- "Please restore or authorize your account via another device."
+ "Please restore or authorize your account via another device.",
});
}
localStorage.removeItem("attempt");
@@ -407,25 +407,25 @@ function loadIdentityInternal(identityKey, pinCode) {
data: {
authentication: {
publicKey,
- x509Certificate
- }
+ x509Certificate,
+ },
},
code: "200",
- status: "Identity loaded"
+ status: "Identity loaded",
});
})
- .catch(e => {
+ .catch((e) => {
result({
data: "",
code: "400",
- status: "" + e
+ status: "" + e,
});
});
});
}
function getCertificateForPassport(passportUUID, internal) {
- return new Penpal.Promise(certificateResult => {
+ return new Penpal.Promise((certificateResult) => {
if (window.currentlyAuthenticatedIdentity === null) {
return { data: "", code: "400", status: "Identity not authenticated" };
}
@@ -433,7 +433,7 @@ function getCertificateForPassport(passportUUID, internal) {
const passportIdentity = window.currentlyAuthenticatedIdentity;
const passport = passportIdentity.getPassport(passportUUID);
if (passport === undefined || passport === null) {
- createPassportCertificate(passportUUID).then(function(keys) {
+ createPassportCertificate(passportUUID).then(function (keys) {
const cryptoData = new CryptoData();
cryptoData.setPublicKey(keys["publicKeyPEM"]);
cryptoData.setPrivateKey(keys["privateKeyPEM"]);
@@ -447,7 +447,7 @@ function getCertificateForPassport(passportUUID, internal) {
null,
btoa(certificate),
passportUUID
- ).then(executeResult => {
+ ).then((executeResult) => {
if (executeResult.code === "200") {
const signedCertificate = atob(
executeResult.data["SignedCertificate"]
@@ -469,7 +469,7 @@ function getCertificateForPassport(passportUUID, internal) {
passportIdentity.setPassport(passportUUID, cryptoData);
- getProfileData(passportIdentity).then(executeResult1 => {
+ getProfileData(passportIdentity).then((executeResult1) => {
setIdentityInLocalStorage(passportIdentity)
.then(() => {
window.currentlyAuthenticatedIdentity = passportIdentity;
@@ -486,14 +486,14 @@ function getCertificateForPassport(passportUUID, internal) {
certificateResult({
data: copyOfCryptoData,
code: "200",
- status: "Certificate got"
+ status: "Certificate got",
});
})
- .catch(e => {
+ .catch((e) => {
certificateResult({
data: "",
code: "400",
- status: "Can not store certificate " + e
+ status: "Can not store certificate " + e,
});
});
});
@@ -512,7 +512,7 @@ function getCertificateForPassport(passportUUID, internal) {
certificateResult({
data: copyOfCryptoData,
code: "200",
- status: "Certificate got"
+ status: "Certificate got",
});
}
});
@@ -550,8 +550,8 @@ const connection = Penpal.connectToParent({
},
...penpalMethods,
createIdentity(pinCode) {
- return new Penpal.Promise(result => {
- createPassportCertificate(makeid()).then(function(keys) {
+ return new Penpal.Promise((result) => {
+ createPassportCertificate(makeid()).then(function (keys) {
const newIdentity = new Identity();
const cryptoData = new CryptoData();
cryptoData.setPublicKey(keys["publicKeyPEM"]);
@@ -574,17 +574,17 @@ const connection = Penpal.connectToParent({
data: {
authentication: {
publicKey,
- x509Certificate
- }
+ x509Certificate,
+ },
},
code: "200",
- status: "Identity created"
+ status: "Identity created",
});
});
});
},
listIdentities() {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const identities = listIdentitiesFromLocalStorage();
result({ data: identities, code: "200", status: "Identities listed" });
});
@@ -628,7 +628,7 @@ const connection = Penpal.connectToParent({
}
},
getIdentityProfile(identityKey) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const serializedProfile = localStorage.getItem(
"profiles/" + identityKey
);
@@ -638,7 +638,7 @@ const connection = Penpal.connectToParent({
result({
data: JSON.parse(serializedProfile),
code: "200",
- status: "Identities cleared"
+ status: "Identities cleared",
});
}
});
@@ -654,7 +654,7 @@ const connection = Penpal.connectToParent({
return encodeResponse("200", "", "Identities cleared");
},
confirmIdentificator(identity, confirmationCodeArg) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(identity.authentication.publicKey);
executeRestfulFunction(
@@ -663,13 +663,13 @@ const connection = Penpal.connectToParent({
viamApi.identityConfirmIdentificator,
null,
confirmationCodeArg
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
},
identityGetIdentificatorByRegisterToken(identity, tokenArg) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(identity.authentication.publicKey);
executeRestfulFunction(
@@ -678,13 +678,13 @@ const connection = Penpal.connectToParent({
viamApi.identityGetIdentificatorByRegisterToken,
null,
tokenArg
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
},
submitIdentificator(identity, identificatorArg, registerToken) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(identity.authentication.publicKey);
executeRestfulFunction(
@@ -694,7 +694,7 @@ const connection = Penpal.connectToParent({
null,
identificatorArg,
registerToken
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
@@ -706,7 +706,7 @@ const connection = Penpal.connectToParent({
emailArg,
phonenumberArg
) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(identity.authentication.publicKey);
executeRestfulFunction(
@@ -718,7 +718,7 @@ const connection = Penpal.connectToParent({
familynameArg,
emailArg,
phonenumberArg
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
@@ -734,7 +734,7 @@ const connection = Penpal.connectToParent({
);
},
agreeOnRegistration(registerIdentity) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(registerIdentity.authentication.publicKey);
executeRestfulFunction(
@@ -742,7 +742,7 @@ const connection = Penpal.connectToParent({
viamApi,
viamApi.identityAgreeOnRegistration,
null
- ).then(executeResult => {
+ ).then((executeResult) => {
let sequence = Promise.resolve();
if (executeResult.code === "200") {
sequence = sequence.then(() => {
@@ -753,18 +753,18 @@ const connection = Penpal.connectToParent({
.then(() => {
result(executeResult);
})
- .catch(e => {
+ .catch((e) => {
result({
data: "",
code: "400",
- status: "Can not store identity: " + e
+ status: "Can not store identity: " + e,
});
});
});
});
},
resendConfirmationCode(identity, identificatorArg) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity(identity.authentication.publicKey);
executeRestfulFunction(
@@ -773,7 +773,7 @@ const connection = Penpal.connectToParent({
viamApi.identityResendConfirmationCode,
null,
identificatorArg
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
@@ -783,7 +783,7 @@ const connection = Penpal.connectToParent({
return {
data: "",
code: "400",
- status: "Identity not loaded"
+ status: "Identity not loaded",
};
}
@@ -829,7 +829,7 @@ const connection = Penpal.connectToParent({
return responseToClient;
},
identityAddNewDevice() {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -838,7 +838,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -846,7 +846,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -856,7 +856,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -865,7 +865,7 @@ const connection = Penpal.connectToParent({
viamApi,
viamApi.identityAddNewDevice,
null
- ).then(async executeResult => {
+ ).then(async (executeResult) => {
if (executeResult.code === "200") {
const actionID = executeResult.data["ActionID"];
const QrCode = executeResult.data["QrCode"];
@@ -879,7 +879,7 @@ const connection = Penpal.connectToParent({
});
},
identityDestroyKeysForDevice(authenticationPublicKeyArg) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -887,14 +887,14 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
if (window.loadedIdentities[authenticationPublicKey] === null) {
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -904,7 +904,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -914,7 +914,7 @@ const connection = Penpal.connectToParent({
viamApi.identityDestroyKeysForDevice,
null,
btoa(authenticationPublicKeyArg)
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
@@ -931,7 +931,7 @@ const connection = Penpal.connectToParent({
return {
data: "",
code: "400",
- status: "Identity not loaded"
+ status: "Identity not loaded",
};
}
@@ -946,19 +946,19 @@ const connection = Penpal.connectToParent({
window.viamApi,
window.viamApi.identityLogout,
{
- headers
+ headers,
}
);
} catch (e) {
return {
data: "",
code: "400",
- status: e.message
+ status: e.message,
};
}
},
identityRestoreAccess(restoreAccessIdentity, identificator) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setSessionData("", "");
viamApi.setIdentity(restoreAccessIdentity.authentication.publicKey);
@@ -968,7 +968,7 @@ const connection = Penpal.connectToParent({
viamApi.identityRestoreAccess,
null,
identificator
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
@@ -981,51 +981,42 @@ const connection = Penpal.connectToParent({
window.viamApi.contactsGetTrusteeContactsPublicKeys,
null
);
- console.log({ response });
const responseData = response.data;
- const contactsUuids = Object.keys(responseData);
- console.log({ contactsUuids });
- if (!contactsUuids.length) {
- return encodeResponse("400", "", response.status);
+ const trusteesDevices = Object.values(responseData);
+
+ /** Check if there are new trustees without added secret part */
+ const hasNewTrustees = trusteesDevices.some(
+ (device) => !device.hasShamirPart
+ );
+ if (!hasNewTrustees) {
+ return response;
}
- const sharesNumber = contactsUuids.length;
- const getThreshold = () =>
- sharesNumber === 3 ? 2 : parseInt(sharesNumber / 2);
- const threshold = getThreshold();
- const recoveryKey = generateRecoveryKey(512);
- const recoveryKeyShares = divideSecretToShares(
+ const trusteesUuids = Object.keys(responseData);
+ const trusteesToDevices = Object.entries(responseData);
+ const sharesNumber = trusteesUuids.length;
+ const recoveryKey = generateRecoveryKey();
+ const recoveryKeyShares = getRecoveryKeyShares(
+ recoveryKey,
+ sharesNumber
+ );
+ const sanityCheckResponse = checkRecoveryKeyCombine(
recoveryKey,
- sharesNumber,
- threshold
+ recoveryKeyShares
);
- // Sanity check
- let checkKey;
- checkKey = combineSecret(recoveryKeyShares.slice(0, 2));
- if (checkKey !== recoveryKey) {
- return encodeResponse("400", "", "First sanity check failed");
- }
- checkKey = combineSecret(recoveryKeyShares.slice(0, 1));
- if (checkKey === recoveryKey) {
- return encodeResponse("400", "", "Second sanity check failed");
- }
- checkKey = combineSecret(recoveryKeyShares);
- if (checkKey !== recoveryKey) {
- return encodeResponse("400", "", "Third sanity check failed");
+ if (sanityCheckResponse.code !== "200") {
+ return sanityCheckResponse;
}
- // End of sanity check
// Encrypt each share with every publicKey of each contact device
- const contactsToDevices = Object.entries(responseData);
- console.log({ contactsToDevices });
const shamirPartsList = await Promise.all(
- contactsToDevices.map(async ([contactUuid, device], index) => {
+ trusteesToDevices.map(async ([contactUuid, device], index) => {
const deviceIdsToPublicKeys = Object.entries(device);
-
- const deviceIdsToEncryptedKeysList = await Promise.all(
- deviceIdsToPublicKeys.map(async ([deviceId, publicKey]) => {
+ // Encrypt secret shares in parallel
+ const deviceIdsToEncryptedPartsList = await Promise.all(
+ deviceIdsToPublicKeys.map(async ([deviceId, { publicKey }]) => {
const encryptedShare = await encryptShare(
recoveryKeyShares[index],
publicKey
@@ -1034,34 +1025,34 @@ const connection = Penpal.connectToParent({
return [deviceId, encryptedShare];
})
);
-
- const deviceIdsToEncryptedKeys = Object.fromEntries(
- deviceIdsToEncryptedKeysList
+ // Turn deviceIdsToEncryptedPartsList array to object
+ const deviceIdsToEncryptedParts = Object.fromEntries(
+ deviceIdsToEncryptedPartsList
);
- return [contactUuid, deviceIdsToEncryptedKeys];
+ return [contactUuid, deviceIdsToEncryptedParts];
})
);
+ // Turn shamirPartsList array to object
const shamirParts = Object.fromEntries(shamirPartsList);
- console.log({ shamirParts });
+
// Save Shamir parts to database
- const savePartsResponse = await executeRestfulFunction(
+ await executeRestfulFunction(
"private",
window.viamApi,
window.viamApi.contactsSaveShamirParts,
null,
shamirParts
);
- console.log({ savePartsResponse });
+
return response;
} catch (error) {
- console.trace(error);
return encodeResponse("400", "", error.message);
}
},
parseSMIME,
getCurrentlyLoggedInUUID() {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -1078,7 +1069,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -1088,12 +1079,12 @@ const connection = Penpal.connectToParent({
result({
data: localStorage.getItem("uuid"),
code: "200",
- status: "UUID loaded"
+ status: "UUID loaded",
});
});
},
getCertificateByPassport(passportUUID) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -1110,19 +1101,19 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
getCertificateForPassport(passportUUID, false).then(
- certificateResult => {
+ (certificateResult) => {
result(certificateResult);
}
);
});
},
getOneTimeCertificateByPassport(passportUUID, emailArg) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -1139,12 +1130,12 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
getCertificateForPassport(passportUUID, true).then(
- certificateResult => {
+ (certificateResult) => {
if (certificateResult.code === "200") {
const passportCertificate =
certificateResult.data["x509Certificate"];
@@ -1156,7 +1147,7 @@ const connection = Penpal.connectToParent({
emailArg,
passportPrivateKey,
passportCertificate
- ).then(function(keys) {
+ ).then(function (keys) {
const publicKeyOneTime = keys["publicKeyPEM"];
const privateKeyOneTime = keys["privateKeyPEM"];
const certificateOneTime = keys["certificatePEM"];
@@ -1171,7 +1162,7 @@ const connection = Penpal.connectToParent({
result({
data: oneTimeCryptoData,
code: "200",
- status: "One time certificate generated"
+ status: "One time certificate generated",
});
// Prints PEM formatted signed certificate
// -----BEGIN CERTIFICATE-----MIID....7Hyg==-----END CERTIFICATE-----
@@ -1180,14 +1171,14 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Can not generate one time certificate"
+ status: "Can not generate one time certificate",
});
}
}
);
});
},
- verifySMIME: async smimeString => {
+ verifySMIME: async (smimeString) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -1252,7 +1243,7 @@ const connection = Penpal.connectToParent({
if (signatures) {
for (const signature of signatures) {
const certificateChain = signature.certificateChainPEM.map(
- certificatePEM => {
+ (certificatePEM) => {
const certificate = parseCertificate(certificatePEM);
const certificateData = new CertificateData(certificate);
return certificateData;
@@ -1286,7 +1277,7 @@ const connection = Penpal.connectToParent({
const {
x509Certificate: passportCertificate,
privateKey: passportPrivateKey,
- chain: passportChain
+ chain: passportChain,
} = response.data;
const keys = await createOneTimePassportCertificate(
@@ -1298,7 +1289,7 @@ const connection = Penpal.connectToParent({
const {
privateKeyPEM: privateKeyOneTime,
- certificatePEM: certificateOneTime
+ certificatePEM: certificateOneTime,
} = keys;
passportChain.push(passportCertificate);
@@ -1360,7 +1351,7 @@ const connection = Penpal.connectToParent({
const {
x509Certificate: passportCertificate,
privateKey: passportPrivateKey,
- chain: passportChain
+ chain: passportChain,
} = certResponse.data;
const keys = await createOneTimePassportCertificate(
@@ -1372,7 +1363,7 @@ const connection = Penpal.connectToParent({
const {
privateKeyPEM: privateKeyOneTime,
- certificatePEM: certificateOneTime
+ certificatePEM: certificateOneTime,
} = keys;
passportChain.reverse();
@@ -1482,7 +1473,7 @@ const connection = Penpal.connectToParent({
const {
x509Certificate: passportCertificate,
privateKey: passportPrivateKey,
- chain: passportChain
+ chain: passportChain,
} = certResponse.data;
const keys = await createOneTimePassportCertificate(
@@ -1494,7 +1485,7 @@ const connection = Penpal.connectToParent({
const {
privateKeyPEM: privateKeyOneTime,
- certificatePEM: certificateOneTime
+ certificatePEM: certificateOneTime,
} = keys;
passportChain.reverse();
@@ -1578,7 +1569,7 @@ const connection = Penpal.connectToParent({
const vCardAttribs = {
...attribs,
passportUUID,
- messageUUID
+ messageUUID,
};
let vCardImageData;
@@ -1615,7 +1606,7 @@ const connection = Penpal.connectToParent({
vCardImageData = new ImageData({
contentType: "image/png",
contentBase64:
- "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=" //1x1px transparent pixel
+ "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=", //1x1px transparent pixel
});
} else {
const vCardImageResponse = await executeRestfulFunction(
@@ -1646,7 +1637,7 @@ const connection = Penpal.connectToParent({
);
qrCodeImageData = new ImageData({
contentType: "image/png",
- content: qrCodeBase64Content
+ content: qrCodeBase64Content,
});
}
@@ -1660,14 +1651,14 @@ const connection = Penpal.connectToParent({
}
const htmlPart = {
headers: {
- "Content-Type": "text/html"
+ "Content-Type": "text/html",
},
- body: htmlBody
+ body: htmlBody,
};
parts.unshift(htmlPart);
} else {
console.log("Html body is not passed to signVCard, its value is ", {
- html: htmlBody
+ html: htmlBody,
});
}
@@ -1677,14 +1668,14 @@ const connection = Penpal.connectToParent({
}
const textPart = {
headers: {
- "Content-Type": "text/plain"
+ "Content-Type": "text/plain",
},
- body: textBody
+ body: textBody,
};
parts.unshift(textPart);
} else {
console.log("Text body is not passed to signVCard, its value is ", {
- text: textBody
+ text: textBody,
});
}
@@ -1705,7 +1696,7 @@ const connection = Penpal.connectToParent({
const {
x509Certificate: passportCertificate,
privateKey: passportPrivateKey,
- chain: passportChain
+ chain: passportChain,
} = certResponse.data;
const keys = await createOneTimePassportCertificate(
@@ -1717,7 +1708,7 @@ const connection = Penpal.connectToParent({
const {
privateKeyPEM: privateKeyOneTime,
- certificatePEM: certificateOneTime
+ certificatePEM: certificateOneTime,
} = keys;
passportChain.reverse();
@@ -1752,7 +1743,7 @@ const connection = Penpal.connectToParent({
"200",
{
image: signedVCardImageData,
- messageUUID: messageUUID
+ messageUUID: messageUUID,
},
"vCard signed"
);
@@ -1793,7 +1784,7 @@ const connection = Penpal.connectToParent({
if (signatures) {
for (const signature of signatures) {
const certificateChain = signature.certificateChainPEM.map(
- certificatePEM => {
+ (certificatePEM) => {
const certificate = parseCertificate(certificatePEM);
const certificateData = new CertificateData(certificate);
return certificateData;
@@ -1831,8 +1822,8 @@ const connection = Penpal.connectToParent({
path,
passportuuid: passportUUID,
contentType,
- title
- }
+ title,
+ },
};
const response = await executeRestfulFunction(
"private",
@@ -1874,8 +1865,8 @@ const connection = Penpal.connectToParent({
passportuuid: passportUUID,
resourceid,
contentType,
- upload
- }
+ upload,
+ },
};
const response = await executeRestfulFunction(
@@ -1893,7 +1884,7 @@ const connection = Penpal.connectToParent({
return encodeResponse("200", response.data, "Document stored");
},
hasSession() {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -1901,14 +1892,14 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
if (window.loadedIdentities[authenticationPublicKey] === null) {
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -1918,7 +1909,7 @@ const connection = Penpal.connectToParent({
result({
data: "",
code: "400",
- status: "Identity not authenticated"
+ status: "Identity not authenticated",
});
}
@@ -1927,13 +1918,13 @@ const connection = Penpal.connectToParent({
viamApi,
viamApi.identityHasSession,
null
- ).then(executeResult => {
+ ).then((executeResult) => {
result(executeResult);
});
});
},
marketingSignUpIdentificator(identificator, reference) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity("marketingapppublickey");
executeRestfulFunction(
@@ -1943,7 +1934,7 @@ const connection = Penpal.connectToParent({
null,
identificator,
reference
- ).then(executeResult => {
+ ).then((executeResult) => {
viamApi.setIdentity("");
viamApi.setSessionData("", "");
result(executeResult);
@@ -1951,7 +1942,7 @@ const connection = Penpal.connectToParent({
});
},
marketingGetIdentificatorProfile(identificator, pincode) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity("marketingapppublickey");
executeRestfulFunction(
@@ -1961,7 +1952,7 @@ const connection = Penpal.connectToParent({
null,
identificator,
pincode
- ).then(executeResult => {
+ ).then((executeResult) => {
viamApi.setIdentity("");
viamApi.setSessionData("", "");
result(executeResult);
@@ -1969,7 +1960,7 @@ const connection = Penpal.connectToParent({
});
},
marketingExecuteEventForIdentificator(identificator, pincode, event) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
viamApi.setIdentity("marketingapppublickey");
executeRestfulFunction(
@@ -1980,7 +1971,7 @@ const connection = Penpal.connectToParent({
identificator,
pincode,
event
- ).then(executeResult => {
+ ).then((executeResult) => {
viamApi.setIdentity("");
viamApi.setSessionData("", "");
result(executeResult);
@@ -1990,7 +1981,7 @@ const connection = Penpal.connectToParent({
getCurrentlyAuthenticatedIdentity() {
const {
publicKey,
- x509Certificate
+ x509Certificate,
} = window.currentlyAuthenticatedIdentity.authentication;
return encodeResponse(
@@ -1998,51 +1989,51 @@ const connection = Penpal.connectToParent({
{
authentication: {
publicKey,
- x509Certificate
- }
+ x509Certificate,
+ },
},
"Currently authenticated identity"
);
},
extractMessageID(mime) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(extractMessageID(mime));
});
},
stringToUtf8ByteArray(str) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(stringToUtf8ByteArray(str));
});
},
utf8ByteArrayToString(ba) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(utf8ByteArrayToString(ba));
});
},
stringToUtf8Base64(str) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(stringToUtf8Base64(str));
});
},
utf8Base64ToString(strBase64) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(utf8Base64ToString(strBase64));
});
},
base64ToByteArray(strBase64) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(base64ToByteArray(strBase64));
});
},
byteArrayToBase64(ba) {
- return new Penpal.Promise(result => {
+ return new Penpal.Promise((result) => {
result(byteArrayToBase64(ba));
});
},
// Collabora APIs
collaboraDiscovery() {
- return collaboraApi.discovery().then(apps => apps);
+ return collaboraApi.discovery().then((apps) => apps);
},
// WOPI
@@ -2066,7 +2057,7 @@ const connection = Penpal.connectToParent({
return response.data;
},
- getPassports: async fileId => {
+ getPassports: async (fileId) => {
const authenticationPublicKey = localStorage.getItem(
"authenticatedIdentity"
);
@@ -2099,8 +2090,8 @@ const connection = Penpal.connectToParent({
headers: {
path,
passportuuid: passportUUID,
- title
- }
+ title,
+ },
};
const createDocumentResult = await executeRestfulFunction(
"private",
@@ -2128,7 +2119,7 @@ const connection = Penpal.connectToParent({
const result = {
resourceID,
- accessToken
+ accessToken,
};
return encodeResponse("200", result, "ok");
@@ -2170,11 +2161,11 @@ const connection = Penpal.connectToParent({
const response = await wopiAPI.putDocument(resourceID, accessToken, file);
return response.data;
- }
- }
+ },
+ },
});
-connection.promise.then(parent => {
+connection.promise.then((parent) => {
iframeParent = parent;
if (!navigator.cookieEnabled) {
@@ -2182,7 +2173,7 @@ connection.promise.then(parent => {
return;
}
- window.addEventListener("storage", event => {
+ window.addEventListener("storage", (event) => {
if (event.key === "authenticatedIdentity" && event.newValue === null) {
const publicKey =
window.currentlyAuthenticatedIdentity.authentication.publicKey;
@@ -2218,18 +2209,20 @@ connection.promise.then(parent => {
const pinCode = getPincode(authenticationPublicKey);
if (pinCode === "" || pinCode === null) {
- loadIdentityInternal(authenticationPublicKey, "00000000").then(result => {
- if (result.code !== "200") {
- const event = createEvent(
- "CanNotGetPincodeForAuthenticatedIdentity",
- "IdentityNotLoaded",
- [authenticationPublicKey]
- );
- parent.onEvent(event);
+ loadIdentityInternal(authenticationPublicKey, "00000000").then(
+ (result) => {
+ if (result.code !== "200") {
+ const event = createEvent(
+ "CanNotGetPincodeForAuthenticatedIdentity",
+ "IdentityNotLoaded",
+ [authenticationPublicKey]
+ );
+ parent.onEvent(event);
+ }
}
- });
+ );
} else {
- loadIdentityInternal(authenticationPublicKey, pinCode).then(result => {
+ loadIdentityInternal(authenticationPublicKey, pinCode).then((result) => {
if (result.code !== "200") {
const event = createEvent(
"CanNotLoadIdentity",
@@ -2258,7 +2251,7 @@ connection.promise.then(parent => {
let previousLocalStorageToken;
let previousLocalStorageIdentity;
- setInterval(async function() {
+ setInterval(async function () {
if (window.currentlyAuthenticatedIdentity) {
const { authentication } = window.currentlyAuthenticatedIdentity;
const pinCode = getPincode(authentication.publicKey);
@@ -2273,7 +2266,7 @@ connection.promise.then(parent => {
if (!identityAuthenticatedEvent && identity) {
const event = createEvent("IdentityAuthenticated", "Authenticated", [
- identity.authentication.publicKey
+ identity.authentication.publicKey,
]);
parent.onEvent(event);
identityAuthenticatedEvent = true;
diff --git a/javascript/src/utilities/secrets.js b/javascript/src/utilities/secrets.js
index 49e67cbefd690bc78e236866cfb48fa2edd91ee2..764649eecffbde63c0726baa1b50edd5a89d8725 100644
--- a/javascript/src/utilities/secrets.js
+++ b/javascript/src/utilities/secrets.js
@@ -1,5 +1,6 @@
-import { encryptMessage } from "./signingUtilities.js";
import secrets from "../lib/secrets";
+import { encryptMessage } from "./signingUtilities.js";
+import { encodeResponse } from "./appUtility";
/** Initialize
*/
@@ -14,7 +15,7 @@ export const getSecretsConfig = () => secrets.getConfig();
* @param {number} bits
* @returns {string} hex
*/
-export const generateRecoveryKey = bits => secrets.random(bits);
+export const generateSecret = bits => secrets.random(bits);
/**
* Divide a secret expressed in hexadecimal form into numShares number of shares, requiring that threshold number of shares be present for reconstructing the secret
@@ -42,3 +43,36 @@ export const combineSecret = shares => secrets.combine(shares);
export const encryptShare = async (share, publicKey) =>
await encryptMessage(share, publicKey, "secretPart");
+
+/** Account Recovery key management */
+
+export const getSecretThreshold = sharesNumber =>
+ sharesNumber === 3 ? 2 : parseInt(sharesNumber / 2);
+
+export const generateRecoveryKey = () => {
+ const recoveryKey = generateSecret(512);
+ return recoveryKey;
+};
+
+export const getRecoveryKeyShares = (recoveryKey, sharesNumber) => {
+ const threshold = getSecretThreshold(sharesNumber);
+ return divideSecretToShares(recoveryKey, sharesNumber, threshold);
+};
+
+export const checkRecoveryKeyCombine = (recoveryKey, recoveryKeyShares) => {
+ let checkKey;
+ checkKey = combineSecret(recoveryKeyShares.slice(0, 2));
+ if (checkKey !== recoveryKey) {
+ return encodeResponse("400", "", "First sanity check failed");
+ }
+ checkKey = combineSecret(recoveryKeyShares.slice(0, 1));
+ if (checkKey === recoveryKey) {
+ return encodeResponse("400", "", "Second sanity check failed");
+ }
+ checkKey = combineSecret(recoveryKeyShares);
+ if (checkKey !== recoveryKey) {
+ return encodeResponse("400", "", "Third sanity check failed");
+ }
+
+ return encodeResponse("200", "", "Check passed");
+};