Upstream
/
bitwarden-browser
mirror of https://github.com/bitwarden/browser.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added models, crypto, and constants services

This commit is contained in:
Kyle Spearrin 2018-01-08 14:11:28 -05:00
parent af9b95936f
commit 7c848edf3c
59 changed files with 2419 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package.json
View File

@ -30,5 +30,10 @@
"tslint": "^5.8.0",
"typedoc": "^0.9.0",
"typescript": "^2.6.2"
},
"dependencies": {
"node-forge": "0.7.1",
"@types/node-forge": "0.7.1",
"@types/webcrypto": "0.0.28"
}
}

28
src/abstractions/crypto.service.ts Normal file
View File

@ -0,0 +1,28 @@
import { CipherString } from '../models/domain/cipherString';
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
import { ProfileOrganizationResponse } from '../models/response/profileOrganizationResponse';
export interface CryptoService {
setKey(key: SymmetricCryptoKey): Promise<any>;
setKeyHash(keyHash: string): Promise<{}>;
setEncKey(encKey: string): Promise<{}>;
setEncPrivateKey(encPrivateKey: string): Promise<{}>;
setOrgKeys(orgs: ProfileOrganizationResponse[]): Promise<{}>;
getKey(): Promise<SymmetricCryptoKey>;
getKeyHash(): Promise<string>;
getEncKey(): Promise<SymmetricCryptoKey>;
getPrivateKey(): Promise<ArrayBuffer>;
getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>>;
getOrgKey(orgId: string): Promise<SymmetricCryptoKey>;
clearKeys(): Promise<any>;
toggleKey(): Promise<any>;
makeKey(password: string, salt: string): SymmetricCryptoKey;
hashPassword(password: string, key: SymmetricCryptoKey): Promise<string>;
makeEncKey(key: SymmetricCryptoKey): Promise<CipherString>;
encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey, plainValueEncoding?: string): Promise<CipherString>;
encryptToBytes(plainValue: ArrayBuffer, key?: SymmetricCryptoKey): Promise<ArrayBuffer>;
decrypt(cipherString: CipherString, key?: SymmetricCryptoKey, outputEncoding?: string): Promise<string>;
decryptFromBytes(encBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer>;
rsaDecrypt(encValue: string): Promise<string>;
}

1
src/abstractions/index.ts
View File

@ -1,3 +1,4 @@
export { CryptoService } from './crypto.service';
export { MessagingService } from './messaging.service';
export { PlatformUtilsService } from './platformUtils.service';
export { StorageService } from './storage.service';

6
src/index.ts
View File

@ -1,5 +1,9 @@
import * as Abstractions from './abstractions';
import * as Enums from './enums';
import * as Data from './models/data';
import * as Domain from './models/domain';
import * as Request from './models/request';
import * as Response from './models/response';
import * as Services from './services';
export { Abstractions, Enums, Services };
export { Abstractions, Enums, Data, Domain, Request, Response, Services };

20
src/models/data/attachmentData.ts Normal file
View File

@ -0,0 +1,20 @@
import { AttachmentResponse } from '../response/attachmentResponse';
class AttachmentData {
id: string;
url: string;
fileName: string;
size: number;
sizeName: string;
constructor(response: AttachmentResponse) {
this.id = response.id;
this.url = response.url;
this.fileName = response.fileName;
this.size = response.size;
this.sizeName = response.sizeName;
}
}
export { AttachmentData };
(window as any).AttachmentData = AttachmentData;

20
src/models/data/cardData.ts Normal file
View File

@ -0,0 +1,20 @@
class CardData {
cardholderName: string;
brand: string;
number: string;
expMonth: string;
expYear: string;
code: string;
constructor(data: any) {
this.cardholderName = data.CardholderName;
this.brand = data.Brand;
this.number = data.Number;
this.expMonth = data.ExpMonth;
this.expYear = data.ExpYear;
this.code = data.Code;
}
}
export { CardData };
(window as any).CardData = CardData;

87
src/models/data/cipherData.ts Normal file
View File

@ -0,0 +1,87 @@
import { CipherType } from '../../enums/cipherType';
import { AttachmentData } from './attachmentData';
import { CardData } from './cardData';
import { FieldData } from './fieldData';
import { IdentityData } from './identityData';
import { LoginData } from './loginData';
import { SecureNoteData } from './secureNoteData';
import { CipherResponse } from '../response/cipherResponse';
class CipherData {
id: string;
organizationId: string;
folderId: string;
userId: string;
edit: boolean;
organizationUseTotp: boolean;
favorite: boolean;
revisionDate: string;
type: CipherType;
sizeName: string;
name: string;
notes: string;
login?: LoginData;
secureNote?: SecureNoteData;
card?: CardData;
identity?: IdentityData;
fields?: FieldData[];
attachments?: AttachmentData[];
collectionIds?: string[];
constructor(response: CipherResponse, userId: string, collectionIds?: string[]) {
this.id = response.id;
this.organizationId = response.organizationId;
this.folderId = response.folderId;
this.userId = userId;
this.edit = response.edit;
this.organizationUseTotp = response.organizationUseTotp;
this.favorite = response.favorite;
this.revisionDate = response.revisionDate;
this.type = response.type;
if (collectionIds != null) {
this.collectionIds = collectionIds;
} else {
this.collectionIds = response.collectionIds;
}
this.name = response.data.Name;
this.notes = response.data.Notes;
switch (this.type) {
case CipherType.Login:
this.login = new LoginData(response.data);
break;
case CipherType.SecureNote:
this.secureNote = new SecureNoteData(response.data);
break;
case CipherType.Card:
this.card = new CardData(response.data);
break;
case CipherType.Identity:
this.identity = new IdentityData(response.data);
break;
default:
break;
}
if (response.data.Fields != null) {
this.fields = [];
response.data.Fields.forEach((field: any) => {
this.fields.push(new FieldData(field));
});
}
if (response.attachments != null) {
this.attachments = [];
response.attachments.forEach((attachment) => {
this.attachments.push(new AttachmentData(attachment));
});
}
}
}
export { CipherData };
(window as any).CipherData = CipherData;

16
src/models/data/collectionData.ts Normal file
View File

@ -0,0 +1,16 @@
import { CollectionResponse } from '../response/collectionResponse';
class CollectionData {
id: string;
organizationId: string;
name: string;
constructor(response: CollectionResponse) {
this.id = response.id;
this.organizationId = response.organizationId;
this.name = response.name;
}
}
export { CollectionData };
(window as any).CollectionData = CollectionData;

16
src/models/data/fieldData.ts Normal file
View File

@ -0,0 +1,16 @@
import { FieldType } from '../../enums/fieldType';
class FieldData {
type: FieldType;
name: string;
value: string;
constructor(response: any) {
this.type = response.Type;
this.name = response.Name;
this.value = response.Value;
}
}
export { FieldData };
(window as any).FieldData = FieldData;

18
src/models/data/folderData.ts Normal file
View File

@ -0,0 +1,18 @@
import { FolderResponse } from '../response/folderResponse';
class FolderData {
id: string;
userId: string;
name: string;
revisionDate: string;
constructor(response: FolderResponse, userId: string) {
this.userId = userId;
this.name = response.name;
this.id = response.id;
this.revisionDate = response.revisionDate;
}
}
export { FolderData };
(window as any).FolderData = FolderData;

44
src/models/data/identityData.ts Normal file
View File

@ -0,0 +1,44 @@
class IdentityData {
title: string;
firstName: string;
middleName: string;
lastName: string;
address1: string;
address2: string;
address3: string;
city: string;
state: string;
postalCode: string;
country: string;
company: string;
email: string;
phone: string;
ssn: string;
username: string;
passportNumber: string;
licenseNumber: string;
constructor(data: any) {
this.title = data.Title;
this.firstName = data.FirstName;
this.middleName = data.MiddleName;
this.lastName = data.LastName;
this.address1 = data.Address1;
this.address2 = data.Address2;
this.address3 = data.Address3;
this.city = data.City;
this.state = data.State;
this.postalCode = data.PostalCode;
this.country = data.Country;
this.company = data.Company;
this.email = data.Email;
this.phone = data.Phone;
this.ssn = data.SSN;
this.username = data.Username;
this.passportNumber = data.PassportNumber;
this.licenseNumber = data.LicenseNumber;
}
}
export { IdentityData };
(window as any).IdentityData = IdentityData;

9
src/models/data/index.ts Normal file
View File

@ -0,0 +1,9 @@
export { AttachmentData } from './attachmentData';
export { CardData } from './cardData';
export { CipherData } from './cipherData';
export { CollectionData } from './collectionData';
export { FieldData } from './fieldData';
export { FolderData } from './folderData';
export { IdentityData } from './identityData';
export { LoginData } from './loginData';
export { SecureNoteData } from './secureNoteData';

16
src/models/data/loginData.ts Normal file
View File

@ -0,0 +1,16 @@
class LoginData {
uri: string;
username: string;
password: string;
totp: string;
constructor(data: any) {
this.uri = data.Uri;
this.username = data.Username;
this.password = data.Password;
this.totp = data.Totp;
}
}
export { LoginData };
(window as any).LoginData = LoginData;

12
src/models/data/secureNoteData.ts Normal file
View File

@ -0,0 +1,12 @@
import { SecureNoteType } from '../../enums/secureNoteType';
class SecureNoteData {
type: SecureNoteType;
constructor(data: any) {
this.type = data.Type;
}
}
export { SecureNoteData };
(window as any).SecureNoteData = SecureNoteData;

43
src/models/domain/attachment.ts Normal file
View File

@ -0,0 +1,43 @@
import { AttachmentData } from '../data/attachmentData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Attachment extends Domain {
id: string;
url: string;
size: number;
sizeName: string;
fileName: CipherString;
constructor(obj?: AttachmentData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.size = obj.size;
this.buildDomainModel(this, obj, {
id: null,
url: null,
sizeName: null,
fileName: null,
}, alreadyEncrypted, ['id', 'url', 'sizeName']);
}
decrypt(orgId: string): Promise<any> {
const model = {
id: this.id,
size: this.size,
sizeName: this.sizeName,
url: this.url,
};
return this.decryptObj(model, {
fileName: null,
}, orgId);
}
}
export { Attachment };
(window as any).Attachment = Attachment;

43
src/models/domain/card.ts Normal file
View File

@ -0,0 +1,43 @@
import { CardData } from '../data/cardData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Card extends Domain {
cardholderName: CipherString;
brand: CipherString;
number: CipherString;
expMonth: CipherString;
expYear: CipherString;
code: CipherString;
constructor(obj?: CardData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
cardholderName: null,
brand: null,
number: null,
expMonth: null,
expYear: null,
code: null,
}, alreadyEncrypted, []);
}
decrypt(orgId: string): Promise<any> {
return this.decryptObj({}, {
cardholderName: null,
brand: null,
number: null,
expMonth: null,
expYear: null,
code: null,
}, orgId);
}
}
export { Card };
(window as any).Card = Card;

192
src/models/domain/cipher.ts Normal file
View File

@ -0,0 +1,192 @@
import { CipherType } from '../../enums/cipherType';
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
import { CipherData } from '../data/cipherData';
import { Attachment } from './attachment';
import { Card } from './card';
import { CipherString } from './cipherString';
import Domain from './domain';
import { Field } from './field';
import { Identity } from './identity';
import { Login } from './login';
import { SecureNote } from './secureNote';
class Cipher extends Domain {
id: string;
organizationId: string;
folderId: string;
name: CipherString;
notes: CipherString;
type: CipherType;
favorite: boolean;
organizationUseTotp: boolean;
edit: boolean;
localData: any;
login: Login;
identity: Identity;
card: Card;
secureNote: SecureNote;
attachments: Attachment[];
fields: Field[];
collectionIds: string[];
constructor(obj?: CipherData, alreadyEncrypted: boolean = false, localData: any = null) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
id: null,
organizationId: null,
folderId: null,
name: null,
notes: null,
}, alreadyEncrypted, ['id', 'organizationId', 'folderId']);
this.type = obj.type;
this.favorite = obj.favorite;
this.organizationUseTotp = obj.organizationUseTotp;
this.edit = obj.edit;
this.collectionIds = obj.collectionIds;
this.localData = localData;
switch (this.type) {
case CipherType.Login:
this.login = new Login(obj.login, alreadyEncrypted);
break;
case CipherType.SecureNote:
this.secureNote = new SecureNote(obj.secureNote, alreadyEncrypted);
break;
case CipherType.Card:
this.card = new Card(obj.card, alreadyEncrypted);
break;
case CipherType.Identity:
this.identity = new Identity(obj.identity, alreadyEncrypted);
break;
default:
break;
}
if (obj.attachments != null) {
this.attachments = [];
obj.attachments.forEach((attachment) => {
this.attachments.push(new Attachment(attachment, alreadyEncrypted));
});
} else {
this.attachments = null;
}
if (obj.fields != null) {
this.fields = [];
obj.fields.forEach((field) => {
this.fields.push(new Field(field, alreadyEncrypted));
});
} else {
this.fields = null;
}
}
async decrypt(): Promise<any> {
const model = {
id: this.id,
organizationId: this.organizationId,
folderId: this.folderId,
favorite: this.favorite,
type: this.type,
localData: this.localData,
login: null as any,
card: null as any,
identity: null as any,
secureNote: null as any,
subTitle: null as string,
attachments: null as any[],
fields: null as any[],
collectionIds: this.collectionIds,
};
await this.decryptObj(model, {
name: null,
notes: null,
}, this.organizationId);
switch (this.type) {
case CipherType.Login:
model.login = await this.login.decrypt(this.organizationId);
model.subTitle = model.login.username;
if (model.login.uri) {
const containerService = (window as any).BitwardenContainerService;
if (containerService) {
const platformUtilsService: PlatformUtilsService =
containerService.getPlatformUtilsService();
model.login.domain = platformUtilsService.getDomain(model.login.uri);
} else {
throw new Error('window.BitwardenContainerService not initialized.');
}
}
break;
case CipherType.SecureNote:
model.secureNote = await this.secureNote.decrypt(this.organizationId);
model.subTitle = null;
break;
case CipherType.Card:
model.card = await this.card.decrypt(this.organizationId);
model.subTitle = model.card.brand;
if (model.card.number && model.card.number.length >= 4) {
if (model.subTitle !== '') {
model.subTitle += ', ';
}
model.subTitle += ('*' + model.card.number.substr(model.card.number.length - 4));
}
break;
case CipherType.Identity:
model.identity = await this.identity.decrypt(this.organizationId);
model.subTitle = '';
if (model.identity.firstName) {
model.subTitle = model.identity.firstName;
}
if (model.identity.lastName) {
if (model.subTitle !== '') {
model.subTitle += ' ';
}
model.subTitle += model.identity.lastName;
}
break;
default:
break;
}
const orgId = this.organizationId;
if (this.attachments != null && this.attachments.length > 0) {
const attachments: any[] = [];
await this.attachments.reduce((promise, attachment) => {
return promise.then(() => {
return attachment.decrypt(orgId);
}).then((decAttachment) => {
attachments.push(decAttachment);
});
}, Promise.resolve());
model.attachments = attachments;
}
if (this.fields != null && this.fields.length > 0) {
const fields: any[] = [];
await this.fields.reduce((promise, field) => {
return promise.then(() => {
return field.decrypt(orgId);
}).then((decField) => {
fields.push(decField);
});
}, Promise.resolve());
model.fields = fields;
}
return model;
}
}
export { Cipher };
(window as any).Cipher = Cipher;

116
src/models/domain/cipherString.ts Normal file
View File

@ -0,0 +1,116 @@
import { EncryptionType } from '../../enums/encryptionType';
import { CryptoService } from '../../abstractions/crypto.service';
class CipherString {
encryptedString?: string;
encryptionType?: EncryptionType;
decryptedValue?: string;
cipherText?: string;
initializationVector?: string;
mac?: string;
constructor(encryptedStringOrType: string | EncryptionType, ct?: string, iv?: string, mac?: string) {
if (ct != null) {
// ct and header
const encType = encryptedStringOrType as EncryptionType;
this.encryptedString = encType + '.' + ct;
// iv
if (iv != null) {
this.encryptedString += ('|' + iv);
}
// mac
if (mac != null) {
this.encryptedString += ('|' + mac);
}
this.encryptionType = encType;
this.cipherText = ct;
this.initializationVector = iv;
this.mac = mac;
return;
}
this.encryptedString = encryptedStringOrType as string;
if (!this.encryptedString) {
return;
}
const headerPieces = this.encryptedString.split('.');
let encPieces: string[] = null;
if (headerPieces.length === 2) {
try {
this.encryptionType = parseInt(headerPieces[0], null);
encPieces = headerPieces[1].split('|');
} catch (e) {
return;
}
} else {
encPieces = this.encryptedString.split('|');
this.encryptionType = encPieces.length === 3 ? EncryptionType.AesCbc128_HmacSha256_B64 :
EncryptionType.AesCbc256_B64;
}
switch (this.encryptionType) {
case EncryptionType.AesCbc128_HmacSha256_B64:
case EncryptionType.AesCbc256_HmacSha256_B64:
if (encPieces.length !== 3) {
return;
}
this.initializationVector = encPieces[0];
this.cipherText = encPieces[1];
this.mac = encPieces[2];
break;
case EncryptionType.AesCbc256_B64:
if (encPieces.length !== 2) {
return;
}
this.initializationVector = encPieces[0];
this.cipherText = encPieces[1];
break;
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_B64:
if (encPieces.length !== 1) {
return;
}
this.cipherText = encPieces[0];
break;
default:
return;
}
}
decrypt(orgId: string): Promise<string> {
if (this.decryptedValue) {
return Promise.resolve(this.decryptedValue);
}
let cryptoService: CryptoService;
const containerService = (window as any).BitwardenContainerService;
if (containerService) {
cryptoService = containerService.getCryptoService();
} else {
throw new Error('window.BitwardenContainerService not initialized.');
}
return cryptoService.getOrgKey(orgId).then((orgKey: any) => {
return cryptoService.decrypt(this, orgKey);
}).then((decValue: any) => {
this.decryptedValue = decValue;
return this.decryptedValue;
}).catch(() => {
this.decryptedValue = '[error: cannot decrypt]';
return this.decryptedValue;
});
}
}
export { CipherString };
(window as any).CipherString = CipherString;

37
src/models/domain/collection.ts Normal file
View File

@ -0,0 +1,37 @@
import { CollectionData } from '../data/collectionData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Collection extends Domain {
id: string;
organizationId: string;
name: CipherString;
constructor(obj?: CollectionData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
id: null,
organizationId: null,
name: null,
}, alreadyEncrypted, ['id', 'organizationId']);
}
decrypt(): Promise<any> {
const model = {
id: this.id,
organizationId: this.organizationId,
};
return this.decryptObj(model, {
name: null,
}, this.organizationId);
}
}
export { Collection };
(window as any).Collection = Collection;

46
src/models/domain/domain.ts Normal file
View File

@ -0,0 +1,46 @@
import { CipherString } from '../domain/cipherString';
export default abstract class Domain {
protected buildDomainModel(model: any, obj: any, map: any, alreadyEncrypted: boolean, notEncList: any[] = []) {
for (const prop in map) {
if (!map.hasOwnProperty(prop)) {
continue;
}
const objProp = obj[(map[prop] || prop)];
if (alreadyEncrypted === true || notEncList.indexOf(prop) > -1) {
model[prop] = objProp ? objProp : null;
} else {
model[prop] = objProp ? new CipherString(objProp) : null;
}
}
}
protected async decryptObj(model: any, map: any, orgId: string) {
const promises = [];
const self: any = this;
for (const prop in map) {
if (!map.hasOwnProperty(prop)) {
continue;
}
// tslint:disable-next-line
(function (theProp) {
const p = Promise.resolve().then(() => {
const mapProp = map[theProp] || theProp;
if (self[mapProp]) {
return self[mapProp].decrypt(orgId);
}
return null;
}).then((val: any) => {
model[theProp] = val;
});
promises.push(p);
})(prop);
}
await Promise.all(promises);
return model;
}
}

8
src/models/domain/encryptedObject.ts Normal file
View File

@ -0,0 +1,8 @@
import { SymmetricCryptoKey } from './symmetricCryptoKey';
export class EncryptedObject {
iv: Uint8Array;
ct: Uint8Array;
mac: Uint8Array;
key: SymmetricCryptoKey;
}

5
src/models/domain/environmentUrls.ts Normal file
View File

@ -0,0 +1,5 @@
export class EnvironmentUrls {
base: string;
api: string;
identity: string;
}

39
src/models/domain/field.ts Normal file
View File

@ -0,0 +1,39 @@
import { FieldType } from '../../enums/fieldType';
import { FieldData } from '../data/fieldData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Field extends Domain {
name: CipherString;
vault: CipherString;
type: FieldType;
constructor(obj?: FieldData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.type = obj.type;
this.buildDomainModel(this, obj, {
name: null,
value: null,
}, alreadyEncrypted, []);
}
decrypt(orgId: string): Promise<any> {
const model = {
type: this.type,
};
return this.decryptObj(model, {
name: null,
value: null,
}, orgId);
}
}
export { Field };
(window as any).Field = Field;

34
src/models/domain/folder.ts Normal file
View File

@ -0,0 +1,34 @@
import { FolderData } from '../data/folderData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Folder extends Domain {
id: string;
name: CipherString;
constructor(obj?: FolderData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
id: null,
name: null,
}, alreadyEncrypted, ['id']);
}
decrypt(): Promise<any> {
const model = {
id: this.id,
};
return this.decryptObj(model, {
name: null,
}, null);
}
}
export { Folder };
(window as any).Folder = Folder;

79
src/models/domain/identity.ts Normal file
View File

@ -0,0 +1,79 @@
import { IdentityData } from '../data/identityData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Identity extends Domain {
title: CipherString;
firstName: CipherString;
middleName: CipherString;
lastName: CipherString;
address1: CipherString;
address2: CipherString;
address3: CipherString;
city: CipherString;
state: CipherString;
postalCode: CipherString;
country: CipherString;
company: CipherString;
email: CipherString;
phone: CipherString;
ssn: CipherString;
username: CipherString;
passportNumber: CipherString;
licenseNumber: CipherString;
constructor(obj?: IdentityData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
title: null,
firstName: null,
middleName: null,
lastName: null,
address1: null,
address2: null,
address3: null,
city: null,
state: null,
postalCode: null,
country: null,
company: null,
email: null,
phone: null,
ssn: null,
username: null,
passportNumber: null,
licenseNumber: null,
}, alreadyEncrypted, []);
}
decrypt(orgId: string): Promise<any> {
return this.decryptObj({}, {
title: null,
firstName: null,
middleName: null,
lastName: null,
address1: null,
address2: null,
address3: null,
city: null,
state: null,
postalCode: null,
country: null,
company: null,
email: null,
phone: null,
ssn: null,
username: null,
passportNumber: null,
licenseNumber: null,
}, orgId);
}
}
export { Identity };
(window as any).Identity = Identity;

15
src/models/domain/index.ts Normal file
View File

@ -0,0 +1,15 @@
export { Attachment } from './attachment';
export { Card } from './card';
export { Cipher } from './cipher';
export { CipherString } from './cipherString';
export { Collection } from './collection';
export { EncryptedObject } from './encryptedObject';
export { EnvironmentUrls } from './environmentUrls';
export { Field } from './field';
export { Folder } from './folder';
export { Identity } from './identity';
export { Login } from './login';
export { PasswordHistory } from './passwordHistory';
export { SecureNote } from './secureNote';
export { SymmetricCryptoKey } from './symmetricCryptoKey';
export { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';

37
src/models/domain/login.ts Normal file
View File

@ -0,0 +1,37 @@
import { LoginData } from '../data/loginData';
import { CipherString } from './cipherString';
import Domain from './domain';
class Login extends Domain {
uri: CipherString;
username: CipherString;
password: CipherString;
totp: CipherString;
constructor(obj?: LoginData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.buildDomainModel(this, obj, {
uri: null,
username: null,
password: null,
totp: null,
}, alreadyEncrypted, []);
}
decrypt(orgId: string): Promise<any> {
return this.decryptObj({}, {
uri: null,
username: null,
password: null,
totp: null,
}, orgId);
}
}
export { Login };
(window as any).Login = Login;

9
src/models/domain/passwordHistory.ts Normal file
View File

@ -0,0 +1,9 @@
export class PasswordHistory {
password: string;
date: number;
constructor(password: string, date: number) {
this.password = password;
this.date = date;
}
}

27
src/models/domain/secureNote.ts Normal file
View File

@ -0,0 +1,27 @@
import { SecureNoteType } from '../../enums/secureNoteType';
import { SecureNoteData } from '../data/secureNoteData';
import Domain from './domain';
class SecureNote extends Domain {
type: SecureNoteType;
constructor(obj?: SecureNoteData, alreadyEncrypted: boolean = false) {
super();
if (obj == null) {
return;
}
this.type = obj.type;
}
decrypt(orgId: string): any {
return {
type: this.type,
};
}
}
export { SecureNote };
(window as any).SecureNote = SecureNote;

80
src/models/domain/symmetricCryptoKey.ts Normal file
View File

@ -0,0 +1,80 @@
import * as forge from 'node-forge';
import { EncryptionType } from '../../enums/encryptionType';
import { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';
import { UtilsService } from '../../services/utils.service';
export class SymmetricCryptoKey {
key: string;
keyB64: string;
encKey: string;
macKey: string;
encType: EncryptionType;
keyBuf: SymmetricCryptoKeyBuffers;
constructor(keyBytes: string, b64KeyBytes?: boolean, encType?: EncryptionType) {
if (b64KeyBytes) {
keyBytes = forge.util.decode64(keyBytes);
}
if (!keyBytes) {
throw new Error('Must provide keyBytes');
}
const buffer = (forge as any).util.createBuffer(keyBytes);
if (!buffer || buffer.length() === 0) {
throw new Error('Couldn\'t make buffer');
}
const bufferLength: number = buffer.length();
if (encType == null) {
if (bufferLength === 32) {
encType = EncryptionType.AesCbc256_B64;
} else if (bufferLength === 64) {
encType = EncryptionType.AesCbc256_HmacSha256_B64;
} else {
throw new Error('Unable to determine encType.');
}
}
this.key = keyBytes;
this.keyB64 = forge.util.encode64(keyBytes);
this.encType = encType;
if (encType === EncryptionType.AesCbc256_B64 && bufferLength === 32) {
this.encKey = keyBytes;
this.macKey = null;
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && bufferLength === 32) {
this.encKey = buffer.getBytes(16); // first half
this.macKey = buffer.getBytes(16); // second half
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && bufferLength === 64) {
this.encKey = buffer.getBytes(32); // first half
this.macKey = buffer.getBytes(32); // second half
} else {
throw new Error('Unsupported encType/key length.');
}
}
getBuffers() {
if (this.keyBuf) {
return this.keyBuf;
}
const key = UtilsService.fromB64ToArray(this.keyB64);
const keys = new SymmetricCryptoKeyBuffers(key.buffer);
if (this.macKey) {
keys.encKey = key.slice(0, key.length / 2).buffer;
keys.macKey = key.slice(key.length / 2).buffer;
} else {
keys.encKey = key.buffer;
keys.macKey = null;
}
this.keyBuf = keys;
return this.keyBuf;
}
}

9
src/models/domain/symmetricCryptoKeyBuffers.ts Normal file
View File

@ -0,0 +1,9 @@
export class SymmetricCryptoKeyBuffers {
key: ArrayBuffer;
encKey?: ArrayBuffer;
macKey?: ArrayBuffer;
constructor(key: ArrayBuffer) {
this.key = key;
}
}

89
src/models/request/cipherRequest.ts Normal file
View File

@ -0,0 +1,89 @@
import { CipherType } from '../../enums/cipherType';
class CipherRequest {
type: CipherType;
folderId: string;
organizationId: string;
name: string;
notes: string;
favorite: boolean;
login: any;
secureNote: any;
card: any;
identity: any;
fields: any[];
constructor(cipher: any) {
this.type = cipher.type;
this.folderId = cipher.folderId;
this.organizationId = cipher.organizationId;
this.name = cipher.name ? cipher.name.encryptedString : null;
this.notes = cipher.notes ? cipher.notes.encryptedString : null;
this.favorite = cipher.favorite;
switch (this.type) {
case CipherType.Login:
this.login = {
uri: cipher.login.uri ? cipher.login.uri.encryptedString : null,
username: cipher.login.username ? cipher.login.username.encryptedString : null,
password: cipher.login.password ? cipher.login.password.encryptedString : null,
totp: cipher.login.totp ? cipher.login.totp.encryptedString : null,
};
break;
case CipherType.SecureNote:
this.secureNote = {
type: cipher.secureNote.type,
};
break;
case CipherType.Card:
this.card = {
cardholderName: cipher.card.cardholderName ? cipher.card.cardholderName.encryptedString : null,
brand: cipher.card.brand ? cipher.card.brand.encryptedString : null,
number: cipher.card.number ? cipher.card.number.encryptedString : null,
expMonth: cipher.card.expMonth ? cipher.card.expMonth.encryptedString : null,
expYear: cipher.card.expYear ? cipher.card.expYear.encryptedString : null,
code: cipher.card.code ? cipher.card.code.encryptedString : null,
};
break;
case CipherType.Identity:
this.identity = {
title: cipher.identity.title ? cipher.identity.title.encryptedString : null,
firstName: cipher.identity.firstName ? cipher.identity.firstName.encryptedString : null,
middleName: cipher.identity.middleName ? cipher.identity.middleName.encryptedString : null,
lastName: cipher.identity.lastName ? cipher.identity.lastName.encryptedString : null,
address1: cipher.identity.address1 ? cipher.identity.address1.encryptedString : null,
address2: cipher.identity.address2 ? cipher.identity.address2.encryptedString : null,
address3: cipher.identity.address3 ? cipher.identity.address3.encryptedString : null,
city: cipher.identity.city ? cipher.identity.city.encryptedString : null,
state: cipher.identity.state ? cipher.identity.state.encryptedString : null,
postalCode: cipher.identity.postalCode ? cipher.identity.postalCode.encryptedString : null,
country: cipher.identity.country ? cipher.identity.country.encryptedString : null,
company: cipher.identity.company ? cipher.identity.company.encryptedString : null,
email: cipher.identity.email ? cipher.identity.email.encryptedString : null,
phone: cipher.identity.phone ? cipher.identity.phone.encryptedString : null,
ssn: cipher.identity.ssn ? cipher.identity.ssn.encryptedString : null,
username: cipher.identity.username ? cipher.identity.username.encryptedString : null,
passportNumber: cipher.identity.passportNumber ?
cipher.identity.passportNumber.encryptedString : null,
licenseNumber: cipher.identity.licenseNumber ? cipher.identity.licenseNumber.encryptedString : null,
};
break;
default:
break;
}
if (cipher.fields) {
this.fields = [];
cipher.fields.forEach((field: any) => {
this.fields.push({
type: field.type,
name: field.name ? field.name.encryptedString : null,
value: field.value ? field.value.encryptedString : null,
});
});
}
}
}
export { CipherRequest };
(window as any).CipherRequest = CipherRequest;

20
src/models/request/deviceRequest.ts Normal file
View File

@ -0,0 +1,20 @@
import { DeviceType } from '../../enums/deviceType';
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
class DeviceRequest {
type: DeviceType;
name: string;
identifier: string;
pushToken?: string;
constructor(appId: string, platformUtilsService: PlatformUtilsService) {
this.type = platformUtilsService.getDevice();
this.name = platformUtilsService.getDeviceString();
this.identifier = appId;
this.pushToken = null;
}
}
export { DeviceRequest };
(window as any).DeviceRequest = DeviceRequest;

10
src/models/request/deviceTokenRequest.ts Normal file
View File

@ -0,0 +1,10 @@
class DeviceTokenRequest {
pushToken: string;
constructor() {
this.pushToken = null;
}
}
export { DeviceTokenRequest };
(window as any).DeviceTokenRequest = DeviceTokenRequest;

12
src/models/request/folderRequest.ts Normal file
View File

@ -0,0 +1,12 @@
import { Folder } from '../domain/folder';
class FolderRequest {
name: string;
constructor(folder: Folder) {
this.name = folder.name ? folder.name.encryptedString : null;
}
}
export { FolderRequest };
(window as any).FolderRequest = FolderRequest;

8
src/models/request/index.ts Normal file
View File

@ -0,0 +1,8 @@
export { CipherRequest } from './cipherRequest';
export { DeviceRequest } from './deviceRequest';
export { DeviceTokenRequest } from './deviceTokenRequest';
export { FolderRequest } from './folderRequest';
export { PasswordHintRequest } from './passwordHintRequest';
export { RegisterRequest } from './registerRequest';
export { TokenRequest } from './tokenRequest';
export { TwoFactorEmailRequest } from './twoFactorEmailRequest';

10
src/models/request/passwordHintRequest.ts Normal file
View File

@ -0,0 +1,10 @@
class PasswordHintRequest {
email: string;
constructor(email: string) {
this.email = email;
}
}
export { PasswordHintRequest };
(window as any).PasswordHintRequest = PasswordHintRequest;

18
src/models/request/registerRequest.ts Normal file
View File

@ -0,0 +1,18 @@
class RegisterRequest {
name: string;
email: string;
masterPasswordHash: string;
masterPasswordHint: string;
key: string;
constructor(email: string, masterPasswordHash: string, masterPasswordHint: string, key: string) {
this.name = null;
this.email = email;
this.masterPasswordHash = masterPasswordHash;
this.masterPasswordHint = masterPasswordHint ? masterPasswordHint : null;
this.key = key;
}
}
export { RegisterRequest };
(window as any).RegisterRequest = RegisterRequest;

49
src/models/request/tokenRequest.ts Normal file
View File

@ -0,0 +1,49 @@
import { DeviceRequest } from './deviceRequest';
class TokenRequest {
email: string;
masterPasswordHash: string;
token: string;
provider: number;
remember: boolean;
device?: DeviceRequest;
constructor(email: string, masterPasswordHash: string, provider: number,
token: string, remember: boolean, device?: DeviceRequest) {
this.email = email;
this.masterPasswordHash = masterPasswordHash;
this.token = token;
this.provider = provider;
this.remember = remember;
this.device = device != null ? device : null;
}
toIdentityToken() {
const obj: any = {
grant_type: 'password',
username: this.email,
password: this.masterPasswordHash,
scope: 'api offline_access',
client_id: 'browser',
};
if (this.device) {
obj.deviceType = this.device.type;
obj.deviceIdentifier = this.device.identifier;
obj.deviceName = this.device.name;
// no push tokens for browser apps yet
// obj.devicePushToken = this.device.pushToken;
}
if (this.token && this.provider !== null && (typeof this.provider !== 'undefined')) {
obj.twoFactorToken = this.token;
obj.twoFactorProvider = this.provider;
obj.twoFactorRemember = this.remember ? '1' : '0';
}
return obj;
}
}
export { TokenRequest };
(window as any).TokenRequest = TokenRequest;

12
src/models/request/twoFactorEmailRequest.ts Normal file
View File

@ -0,0 +1,12 @@
class TwoFactorEmailRequest {
email: string;
masterPasswordHash: string;
constructor(email: string, masterPasswordHash: string) {
this.email = email;
this.masterPasswordHash = masterPasswordHash;
}
}
export { TwoFactorEmailRequest };
(window as any).TwoFactorEmailRequest = TwoFactorEmailRequest;

18
src/models/response/attachmentResponse.ts Normal file
View File

@ -0,0 +1,18 @@
class AttachmentResponse {
id: string;
url: string;
fileName: string;
size: number;
sizeName: string;
constructor(response: any) {
this.id = response.Id;
this.url = response.Url;
this.fileName = response.FileName;
this.size = response.Size;
this.sizeName = response.SizeName;
}
}
export { AttachmentResponse };
(window as any).AttachmentResponse = AttachmentResponse;

44
src/models/response/cipherResponse.ts Normal file
View File

@ -0,0 +1,44 @@
import { AttachmentResponse } from './attachmentResponse';
class CipherResponse {
id: string;
organizationId: string;
folderId: string;
type: number;
favorite: boolean;
edit: boolean;
organizationUseTotp: boolean;
data: any;
revisionDate: string;
attachments: AttachmentResponse[];
collectionIds: string[];
constructor(response: any) {
this.id = response.Id;
this.organizationId = response.OrganizationId;
this.folderId = response.FolderId;
this.type = response.Type;
this.favorite = response.Favorite;
this.edit = response.Edit;
this.organizationUseTotp = response.OrganizationUseTotp;
this.data = response.Data;
this.revisionDate = response.RevisionDate;
if (response.Attachments != null) {
this.attachments = [];
response.Attachments.forEach((attachment: any) => {
this.attachments.push(new AttachmentResponse(attachment));
});
}
if (response.CollectionIds) {
this.collectionIds = [];
response.CollectionIds.forEach((id: string) => {
this.collectionIds.push(id);
});
}
}
}
export { CipherResponse };
(window as any).CipherResponse = CipherResponse;

14
src/models/response/collectionResponse.ts Normal file
View File

@ -0,0 +1,14 @@
class CollectionResponse {
id: string;
organizationId: string;
name: string;
constructor(response: any) {
this.id = response.Id;
this.organizationId = response.OrganizationId;
this.name = response.Name;
}
}
export { CollectionResponse };
(window as any).CollectionResponse = CollectionResponse;

20
src/models/response/deviceResponse.ts Normal file
View File

@ -0,0 +1,20 @@
import { DeviceType } from '../../enums/deviceType';
class DeviceResponse {
id: string;
name: number;
identifier: string;
type: DeviceType;
creationDate: string;
constructor(response: any) {
this.id = response.Id;
this.name = response.Name;
this.identifier = response.Identifier;
this.type = response.Type;
this.creationDate = response.CreationDate;
}
}
export { DeviceResponse };
(window as any).DeviceResponse = DeviceResponse;

20
src/models/response/domainsResponse.ts Normal file
View File

@ -0,0 +1,20 @@
import { GlobalDomainResponse } from './globalDomainResponse';
class DomainsResponse {
equivalentDomains: string[][];
globalEquivalentDomains: GlobalDomainResponse[] = [];
constructor(response: any) {
this.equivalentDomains = response.EquivalentDomains;
this.globalEquivalentDomains = [];
if (response.GlobalEquivalentDomains) {
response.GlobalEquivalentDomains.forEach((domain: any) => {
this.globalEquivalentDomains.push(new GlobalDomainResponse(domain));
});
}
}
}
export { DomainsResponse };
(window as any).DomainsResponse = DomainsResponse;

37
src/models/response/errorResponse.ts Normal file
View File

@ -0,0 +1,37 @@
class ErrorResponse {
message: string;
validationErrors: { [key: string]: string[]; };
statusCode: number;
constructor(response: any, status: number, identityResponse?: boolean) {
let errorModel = null;
if (identityResponse && response && response.ErrorModel) {
errorModel = response.ErrorModel;
} else if (response) {
errorModel = response;
}
if (errorModel) {
this.message = errorModel.Message;
this.validationErrors = errorModel.ValidationErrors;
}
this.statusCode = status;
}
getSingleMessage(): string {
if (this.validationErrors) {
for (const key in this.validationErrors) {
if (!this.validationErrors.hasOwnProperty(key)) {
continue;
}
if (this.validationErrors[key].length) {
return this.validationErrors[key][0];
}
}
}
return this.message;
}
}
export { ErrorResponse };
(window as any).ErrorResponse = ErrorResponse;

14
src/models/response/folderResponse.ts Normal file
View File

@ -0,0 +1,14 @@
class FolderResponse {
id: string;
name: string;
revisionDate: string;
constructor(response: any) {
this.id = response.Id;
this.name = response.Name;
this.revisionDate = response.RevisionDate;
}
}
export { FolderResponse };
(window as any).FolderResponse = FolderResponse;

14
src/models/response/globalDomainResponse.ts Normal file
View File

@ -0,0 +1,14 @@
class GlobalDomainResponse {
type: number;
domains: string[];
excluded: number[];
constructor(response: any) {
this.type = response.Type;
this.domains = response.Domains;
this.excluded = response.Excluded;
}
}
export { GlobalDomainResponse };
(window as any).GlobalDomainResponse = GlobalDomainResponse;

24
src/models/response/identityTokenResponse.ts Normal file
View File

@ -0,0 +1,24 @@
class IdentityTokenResponse {
accessToken: string;
expiresIn: number;
refreshToken: string;
tokenType: string;
privateKey: string;
key: string;
twoFactorToken: string;
constructor(response: any) {
this.accessToken = response.access_token;
this.expiresIn = response.expires_in;
this.refreshToken = response.refresh_token;
this.tokenType = response.token_type;
this.privateKey = response.PrivateKey;
this.key = response.Key;
this.twoFactorToken = response.TwoFactorToken;
}
}
export { IdentityTokenResponse };
(window as any).IdentityTokenResponse = IdentityTokenResponse;

14
src/models/response/index.ts Normal file
View File

@ -0,0 +1,14 @@
export { AttachmentResponse } from './attachmentResponse';
export { CipherResponse } from './cipherResponse';
export { CollectionResponse } from './collectionResponse';
export { DeviceResponse } from './deviceResponse';
export { DomainsResponse } from './domainsResponse';
export { ErrorResponse } from './errorResponse';
export { FolderResponse } from './folderResponse';
export { GlobalDomainResponse } from './globalDomainResponse';
export { IdentityTokenResponse } from './identityTokenResponse';
export { KeysResponse } from './keysResponse';
export { ListResponse } from './listResponse';
export { ProfileOrganizationResponse } from './profileOrganizationResponse';
export { ProfileResponse } from './profileResponse';
export { SyncResponse } from './syncResponse';

12
src/models/response/keysResponse.ts Normal file
View File

@ -0,0 +1,12 @@
class KeysResponse {
privateKey: string;
publicKey: string;
constructor(response: any) {
this.privateKey = response.PrivateKey;
this.publicKey = response.PublicKey;
}
}
export { KeysResponse };
(window as any).KeysResponse = KeysResponse;

10
src/models/response/listResponse.ts Normal file
View File

@ -0,0 +1,10 @@
class ListResponse {
data: any;
constructor(data: any) {
this.data = data;
}
}
export { ListResponse };
(window as any).ListResponse = ListResponse;

30
src/models/response/profileOrganizationResponse.ts Normal file
View File

@ -0,0 +1,30 @@
class ProfileOrganizationResponse {
id: string;
name: string;
useGroups: boolean;
useDirectory: boolean;
useTotp: boolean;
seats: number;
maxCollections: number;
maxStorageGb?: number;
key: string;
status: number; // TODO: map to enum
type: number; // TODO: map to enum
constructor(response: any) {
this.id = response.Id;
this.name = response.Name;
this.useGroups = response.UseGroups;
this.useDirectory = response.UseDirectory;
this.useTotp = response.UseTotp;
this.seats = response.Seats;
this.maxCollections = response.MaxCollections;
this.maxStorageGb = response.MaxStorageGb;
this.key = response.Key;
this.status = response.Status;
this.type = response.Type;
}
}
export { ProfileOrganizationResponse };
(window as any).ProfileOrganizationResponse = ProfileOrganizationResponse;

39
src/models/response/profileResponse.ts Normal file
View File

@ -0,0 +1,39 @@
import { ProfileOrganizationResponse } from './profileOrganizationResponse';
class ProfileResponse {
id: string;
name: string;
email: string;
emailVerified: boolean;
masterPasswordHint: string;
premium: boolean;
culture: string;
twoFactorEnabled: boolean;
key: string;
privateKey: string;
securityStamp: string;
organizations: ProfileOrganizationResponse[] = [];
constructor(response: any) {
this.id = response.Id;
this.name = response.Name;
this.email = response.Email;
this.emailVerified = response.EmailVerified;
this.masterPasswordHint = response.MasterPasswordHint;
this.premium = response.Premium;
this.culture = response.Culture;
this.twoFactorEnabled = response.TwoFactorEnabled;
this.key = response.Key;
this.privateKey = response.PrivateKey;
this.securityStamp = response.SecurityStamp;
if (response.Organizations) {
response.Organizations.forEach((org: any) => {
this.organizations.push(new ProfileOrganizationResponse(org));
});
}
}
}
export { ProfileResponse };
(window as any).ProfileResponse = ProfileResponse;

44
src/models/response/syncResponse.ts Normal file
View File

@ -0,0 +1,44 @@
import { CipherResponse } from './cipherResponse';
import { CollectionResponse } from './collectionResponse';
import { DomainsResponse } from './domainsResponse';
import { FolderResponse } from './folderResponse';
import { ProfileResponse } from './profileResponse';
class SyncResponse {
profile?: ProfileResponse;
folders: FolderResponse[] = [];
collections: CollectionResponse[] = [];
ciphers: CipherResponse[] = [];
domains?: DomainsResponse;
constructor(response: any) {
if (response.Profile) {
this.profile = new ProfileResponse(response.Profile);
}
if (response.Folders) {
response.Folders.forEach((folder: any) => {
this.folders.push(new FolderResponse(folder));
});
}
if (response.Collections) {
response.Collections.forEach((collection: any) => {
this.collections.push(new CollectionResponse(collection));
});
}
if (response.Ciphers) {
response.Ciphers.forEach((cipher: any) => {
this.ciphers.push(new CipherResponse(cipher));
});
}
if (response.Domains) {
this.domains = new DomainsResponse(response.Domains);
}
}
}
export { SyncResponse };
(window as any).SyncResponse = SyncResponse;

116
src/services/constants.service.ts Normal file
View File

@ -0,0 +1,116 @@
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
export class ConstantsService {
static readonly environmentUrlsKey: string = 'environmentUrls';
static readonly disableGaKey: string = 'disableGa';
static readonly disableAddLoginNotificationKey: string = 'disableAddLoginNotification';
static readonly disableContextMenuItemKey: string = 'disableContextMenuItem';
static readonly disableFaviconKey: string = 'disableFavicon';
static readonly disableAutoTotpCopyKey: string = 'disableAutoTotpCopy';
static readonly enableAutoFillOnPageLoadKey: string = 'enableAutoFillOnPageLoad';
static readonly lockOptionKey: string = 'lockOption';
static readonly lastActiveKey: string = 'lastActive';
// TODO: remove these instance properties once all references are reading from the static properties
readonly environmentUrlsKey: string = 'environmentUrls';
readonly disableGaKey: string = 'disableGa';
readonly disableAddLoginNotificationKey: string = 'disableAddLoginNotification';
readonly disableContextMenuItemKey: string = 'disableContextMenuItem';
readonly disableFaviconKey: string = 'disableFavicon';
readonly disableAutoTotpCopyKey: string = 'disableAutoTotpCopy';
readonly enableAutoFillOnPageLoadKey: string = 'enableAutoFillOnPageLoad';
readonly lockOptionKey: string = 'lockOption';
readonly lastActiveKey: string = 'lastActive';
// TODO: Convert these objects to enums
readonly encType: any = {
AesCbc256_B64: 0,
AesCbc128_HmacSha256_B64: 1,
AesCbc256_HmacSha256_B64: 2,
Rsa2048_OaepSha256_B64: 3,
Rsa2048_OaepSha1_B64: 4,
Rsa2048_OaepSha256_HmacSha256_B64: 5,
Rsa2048_OaepSha1_HmacSha256_B64: 6,
};
readonly cipherType: any = {
login: 1,
secureNote: 2,
card: 3,
identity: 4,
};
readonly fieldType: any = {
text: 0,
hidden: 1,
boolean: 2,
};
readonly twoFactorProvider: any = {
u2f: 4,
yubikey: 3,
duo: 2,
authenticator: 0,
email: 1,
remember: 5,
};
twoFactorProviderInfo: any[];
constructor(i18nService: any, platformUtilsService: PlatformUtilsService) {
if (platformUtilsService.isEdge()) {
// delay for i18n fetch
setTimeout(() => {
this.bootstrap(i18nService);
}, 1000);
} else {
this.bootstrap(i18nService);
}
}
private bootstrap(i18nService: any) {
this.twoFactorProviderInfo = [
{
type: 0,
name: i18nService.authenticatorAppTitle,
description: i18nService.authenticatorAppDesc,
active: true,
free: true,
displayOrder: 0,
priority: 1,
},
{
type: 3,
name: i18nService.yubiKeyTitle,
description: i18nService.yubiKeyDesc,
active: true,
displayOrder: 1,
priority: 3,
},
{
type: 2,
name: 'Duo',
description: i18nService.duoDesc,
active: true,
displayOrder: 2,
priority: 2,
},
{
type: 4,
name: i18nService.u2fTitle,
description: i18nService.u2fDesc,
active: true,
displayOrder: 3,
priority: 4,
},
{
type: 1,
name: i18nService.emailTitle,
description: i18nService.emailDesc,
active: true,
displayOrder: 4,
priority: 0,
},
];
}
}

602
src/services/crypto.service.ts Normal file
View File

@ -0,0 +1,602 @@
import * as forge from 'node-forge';
import { EncryptionType } from '../enums/encryptionType';
import { CipherString } from '../models/domain/cipherString';
import { EncryptedObject } from '../models/domain/encryptedObject';
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
import { ProfileOrganizationResponse } from '../models/response/profileOrganizationResponse';
import { CryptoService as CryptoServiceInterface } from '../abstractions/crypto.service';
import { StorageService as StorageServiceInterface } from '../abstractions/storage.service';
import { ConstantsService } from './constants.service';
import { UtilsService } from './utils.service';
const Keys = {
key: 'key',
encOrgKeys: 'encOrgKeys',
encPrivateKey: 'encPrivateKey',
encKey: 'encKey',
keyHash: 'keyHash',
};
const SigningAlgorithm = {
name: 'HMAC',
hash: { name: 'SHA-256' },
};
const AesAlgorithm = {
name: 'AES-CBC',
};
const Crypto = window.crypto;
const Subtle = Crypto.subtle;
export class CryptoService implements CryptoServiceInterface {
private key: SymmetricCryptoKey;
private encKey: SymmetricCryptoKey;
private legacyEtmKey: SymmetricCryptoKey;
private keyHash: string;
private privateKey: ArrayBuffer;
private orgKeys: Map<string, SymmetricCryptoKey>;
constructor(private storageService: StorageServiceInterface,
private secureStorageService: StorageServiceInterface) {
}
async setKey(key: SymmetricCryptoKey): Promise<any> {
this.key = key;
const option = await this.storageService.get<number>(ConstantsService.lockOptionKey);
if (option != null) {
// if we have a lock option set, we do not store the key
return;
}
return this.secureStorageService.save(Keys.key, key.keyB64);
}
setKeyHash(keyHash: string): Promise<{}> {
this.keyHash = keyHash;
return this.storageService.save(Keys.keyHash, keyHash);
}
async setEncKey(encKey: string): Promise<{}> {
if (encKey == null) {
return;
}
await this.storageService.save(Keys.encKey, encKey);
this.encKey = null;
}
async setEncPrivateKey(encPrivateKey: string): Promise<{}> {
if (encPrivateKey == null) {
return;
}
await this.storageService.save(Keys.encPrivateKey, encPrivateKey);
this.privateKey = null;
}
setOrgKeys(orgs: ProfileOrganizationResponse[]): Promise<{}> {
const orgKeys: any = {};
orgs.forEach((org) => {
orgKeys[org.id] = org.key;
});
return this.storageService.save(Keys.encOrgKeys, orgKeys);
}
async getKey(): Promise<SymmetricCryptoKey> {
if (this.key != null) {
return this.key;
}
const option = await this.storageService.get<number>(ConstantsService.lockOptionKey);
if (option != null) {
return null;
}
const key = await this.secureStorageService.get<string>(Keys.key);
if (key) {
this.key = new SymmetricCryptoKey(key, true);
}
return key == null ? null : this.key;
}
getKeyHash(): Promise<string> {
if (this.keyHash != null) {
return Promise.resolve(this.keyHash);
}
return this.storageService.get<string>(Keys.keyHash);
}
async getEncKey(): Promise<SymmetricCryptoKey> {
if (this.encKey != null) {
return this.encKey;
}
const encKey = await this.storageService.get<string>(Keys.encKey);
if (encKey == null) {
return null;
}
const key = await this.getKey();
if (key == null) {
return null;
}
const decEncKey = await this.decrypt(new CipherString(encKey), key, 'raw');
if (decEncKey == null) {
return null;
}
this.encKey = new SymmetricCryptoKey(decEncKey);
return this.encKey;
}
async getPrivateKey(): Promise<ArrayBuffer> {
if (this.privateKey != null) {
return this.privateKey;
}
const encPrivateKey = await this.storageService.get<string>(Keys.encPrivateKey);
if (encPrivateKey == null) {
return null;
}
const privateKey = await this.decrypt(new CipherString(encPrivateKey), null, 'raw');
const privateKeyB64 = forge.util.encode64(privateKey);
this.privateKey = UtilsService.fromB64ToArray(privateKeyB64).buffer;
return this.privateKey;
}
async getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>> {
if (this.orgKeys != null && this.orgKeys.size > 0) {
return this.orgKeys;
}
const encOrgKeys = await this.storageService.get<any>(Keys.encOrgKeys);
if (!encOrgKeys) {
return null;
}
const orgKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
let setKey = false;
for (const orgId in encOrgKeys) {
if (!encOrgKeys.hasOwnProperty(orgId)) {
continue;
}
const decValueB64 = await this.rsaDecrypt(encOrgKeys[orgId]);
orgKeys.set(orgId, new SymmetricCryptoKey(decValueB64, true));
setKey = true;
}
if (setKey) {
this.orgKeys = orgKeys;
}
return this.orgKeys;
}
async getOrgKey(orgId: string): Promise<SymmetricCryptoKey> {
if (orgId == null) {
return null;
}
const orgKeys = await this.getOrgKeys();
if (orgKeys == null || !orgKeys.has(orgId)) {
return null;
}
return orgKeys.get(orgId);
}
clearKey(): Promise<any> {
this.key = this.legacyEtmKey = null;
return this.secureStorageService.remove(Keys.key);
}
clearKeyHash(): Promise<any> {
this.keyHash = null;
return this.storageService.remove(Keys.keyHash);
}
clearEncKey(memoryOnly?: boolean): Promise<any> {
this.encKey = null;
if (memoryOnly) {
return Promise.resolve();
}
return this.storageService.remove(Keys.encKey);
}
clearPrivateKey(memoryOnly?: boolean): Promise<any> {
this.privateKey = null;
if (memoryOnly) {
return Promise.resolve();
}
return this.storageService.remove(Keys.encPrivateKey);
}
clearOrgKeys(memoryOnly?: boolean): Promise<any> {
this.orgKeys = null;
if (memoryOnly) {
return Promise.resolve();
}
return this.storageService.remove(Keys.encOrgKeys);
}
clearKeys(): Promise<any> {
return Promise.all([
this.clearKey(),
this.clearKeyHash(),
this.clearOrgKeys(),
this.clearEncKey(),
this.clearPrivateKey(),
]);
}
async toggleKey(): Promise<any> {
const key = await this.getKey();
const option = await this.storageService.get(ConstantsService.lockOptionKey);
if (option != null || option === 0) {
// if we have a lock option set, clear the key
await this.clearKey();
this.key = key;
return;
}
await this.setKey(key);
}
makeKey(password: string, salt: string): SymmetricCryptoKey {
const keyBytes: string = (forge as any).pbkdf2(forge.util.encodeUtf8(password), forge.util.encodeUtf8(salt),
5000, 256 / 8, 'sha256');
return new SymmetricCryptoKey(keyBytes);
}
async hashPassword(password: string, key: SymmetricCryptoKey): Promise<string> {
const storedKey = await this.getKey();
key = key || storedKey;
if (!password || !key) {
throw new Error('Invalid parameters.');
}
const hashBits = (forge as any).pbkdf2(key.key, forge.util.encodeUtf8(password), 1, 256 / 8, 'sha256');
return forge.util.encode64(hashBits);
}
makeEncKey(key: SymmetricCryptoKey): Promise<CipherString> {
const bytes = new Uint8Array(512 / 8);
Crypto.getRandomValues(bytes);
return this.encrypt(bytes, key, 'raw');
}
async encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey,
plainValueEncoding: string = 'utf8'): Promise<CipherString> {
if (!plainValue) {
return Promise.resolve(null);
}
let plainValueArr: Uint8Array;
if (plainValueEncoding === 'utf8') {
plainValueArr = UtilsService.fromUtf8ToArray(plainValue as string);
} else {
plainValueArr = plainValue as Uint8Array;
}
const encValue = await this.aesEncrypt(plainValueArr.buffer, key);
const iv = UtilsService.fromBufferToB64(encValue.iv.buffer);
const ct = UtilsService.fromBufferToB64(encValue.ct.buffer);
const mac = encValue.mac ? UtilsService.fromBufferToB64(encValue.mac.buffer) : null;
return new CipherString(encValue.key.encType, iv, ct, mac);
}
async encryptToBytes(plainValue: ArrayBuffer, key?: SymmetricCryptoKey): Promise<ArrayBuffer> {
const encValue = await this.aesEncrypt(plainValue, key);
let macLen = 0;
if (encValue.mac) {
macLen = encValue.mac.length;
}
const encBytes = new Uint8Array(1 + encValue.iv.length + macLen + encValue.ct.length);
encBytes.set([encValue.key.encType]);
encBytes.set(encValue.iv, 1);
if (encValue.mac) {
encBytes.set(encValue.mac, 1 + encValue.iv.length);
}
encBytes.set(encValue.ct, 1 + encValue.iv.length + macLen);
return encBytes.buffer;
}
async decrypt(cipherString: CipherString, key?: SymmetricCryptoKey,
outputEncoding: string = 'utf8'): Promise<string> {
const ivBytes: string = forge.util.decode64(cipherString.initializationVector);
const ctBytes: string = forge.util.decode64(cipherString.cipherText);
const macBytes: string = cipherString.mac ? forge.util.decode64(cipherString.mac) : null;
const decipher = await this.aesDecrypt(cipherString.encryptionType, ctBytes, ivBytes, macBytes, key);
if (!decipher) {
return null;
}
if (outputEncoding === 'utf8') {
return decipher.output.toString('utf8');
} else {
return decipher.output.getBytes();
}
}
async decryptFromBytes(encBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
if (!encBuf) {
throw new Error('no encBuf.');
}
const encBytes = new Uint8Array(encBuf);
const encType = encBytes[0];
let ctBytes: Uint8Array = null;
let ivBytes: Uint8Array = null;
let macBytes: Uint8Array = null;
switch (encType) {
case EncryptionType.AesCbc128_HmacSha256_B64:
case EncryptionType.AesCbc256_HmacSha256_B64:
if (encBytes.length <= 49) { // 1 + 16 + 32 + ctLength
return null;
}
ivBytes = encBytes.slice(1, 17);
macBytes = encBytes.slice(17, 49);
ctBytes = encBytes.slice(49);
break;
case EncryptionType.AesCbc256_B64:
if (encBytes.length <= 17) { // 1 + 16 + ctLength
return null;
}
ivBytes = encBytes.slice(1, 17);
ctBytes = encBytes.slice(17);
break;
default:
return null;
}
return await this.aesDecryptWC(encType, ctBytes.buffer, ivBytes.buffer, macBytes ? macBytes.buffer : null, key);
}
async rsaDecrypt(encValue: string): Promise<string> {
const headerPieces = encValue.split('.');
let encType: EncryptionType = null;
let encPieces: string[];
if (headerPieces.length === 1) {
encType = EncryptionType.Rsa2048_OaepSha256_B64;
encPieces = [headerPieces[0]];
} else if (headerPieces.length === 2) {
try {
encType = parseInt(headerPieces[0], null);
encPieces = headerPieces[1].split('|');
} catch (e) { }
}
switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_B64:
if (encPieces.length !== 1) {
throw new Error('Invalid cipher format.');
}
break;
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
if (encPieces.length !== 2) {
throw new Error('Invalid cipher format.');
}
break;
default:
throw new Error('encType unavailable.');
}
if (encPieces == null || encPieces.length <= 0) {
throw new Error('encPieces unavailable.');
}
const key = await this.getEncKey();
if (key != null && key.macKey != null && encPieces.length > 1) {
const ctBytes: string = forge.util.decode64(encPieces[0]);
const macBytes: string = forge.util.decode64(encPieces[1]);
const computedMacBytes = await this.computeMac(ctBytes, key.macKey, false);
const macsEqual = await this.macsEqual(key.macKey, macBytes, computedMacBytes);
if (!macsEqual) {
throw new Error('MAC failed.');
}
}
const privateKeyBytes = await this.getPrivateKey();
if (!privateKeyBytes) {
throw new Error('No private key.');
}
let rsaAlgorithm: any = null;
switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
rsaAlgorithm = {
name: 'RSA-OAEP',
hash: { name: 'SHA-256' },
};
break;
case EncryptionType.Rsa2048_OaepSha1_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
rsaAlgorithm = {
name: 'RSA-OAEP',
hash: { name: 'SHA-1' },
};
break;
default:
throw new Error('encType unavailable.');
}
const privateKey = await Subtle.importKey('pkcs8', privateKeyBytes, rsaAlgorithm, false, ['decrypt']);
const ctArr = UtilsService.fromB64ToArray(encPieces[0]);
const decBytes = await Subtle.decrypt(rsaAlgorithm, privateKey, ctArr.buffer);
const b64DecValue = UtilsService.fromBufferToB64(decBytes);
return b64DecValue;
}
// Helpers
private async aesEncrypt(plainValue: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
const obj = new EncryptedObject();
obj.key = await this.getKeyForEncryption(key);
const keyBuf = obj.key.getBuffers();
obj.iv = new Uint8Array(16);
Crypto.getRandomValues(obj.iv);
const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['encrypt']);
const encValue = await Subtle.encrypt({ name: 'AES-CBC', iv: obj.iv }, encKey, plainValue);
obj.ct = new Uint8Array(encValue);
if (keyBuf.macKey) {
const data = new Uint8Array(obj.iv.length + obj.ct.length);
data.set(obj.iv, 0);
data.set(obj.ct, obj.iv.length);
const mac = await this.computeMacWC(data.buffer, keyBuf.macKey);
obj.mac = new Uint8Array(mac);
}
return obj;
}
private async aesDecrypt(encType: EncryptionType, ctBytes: string, ivBytes: string, macBytes: string,
key: SymmetricCryptoKey): Promise<any> {
const keyForEnc = await this.getKeyForEncryption(key);
const theKey = this.resolveLegacyKey(encType, keyForEnc);
if (encType !== theKey.encType) {
// tslint:disable-next-line
console.error('encType unavailable.');
return null;
}
if (theKey.macKey != null && macBytes != null) {
const computedMacBytes = this.computeMac(ivBytes + ctBytes, theKey.macKey, false);
if (!this.macsEqual(theKey.macKey, computedMacBytes, macBytes)) {
// tslint:disable-next-line
console.error('MAC failed.');
return null;
}
}
const ctBuffer = (forge as any).util.createBuffer(ctBytes);
const decipher = (forge as any).cipher.createDecipher('AES-CBC', theKey.encKey);
decipher.start({ iv: ivBytes });
decipher.update(ctBuffer);
decipher.finish();
return decipher;
}
private async aesDecryptWC(encType: EncryptionType, ctBuf: ArrayBuffer, ivBuf: ArrayBuffer,
macBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
const theKey = await this.getKeyForEncryption(key);
const keyBuf = theKey.getBuffers();
const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['decrypt']);
if (!keyBuf.macKey || !macBuf) {
return null;
}
const data = new Uint8Array(ivBuf.byteLength + ctBuf.byteLength);
data.set(new Uint8Array(ivBuf), 0);
data.set(new Uint8Array(ctBuf), ivBuf.byteLength);
const computedMacBuf = await this.computeMacWC(data.buffer, keyBuf.macKey);
if (computedMacBuf === null) {
return null;
}
const macsMatch = await this.macsEqualWC(keyBuf.macKey, macBuf, computedMacBuf);
if (macsMatch === false) {
// tslint:disable-next-line
console.error('MAC failed.');
return null;
}
return await Subtle.decrypt({ name: 'AES-CBC', iv: ivBuf }, encKey, ctBuf);
}
private computeMac(dataBytes: string, macKey: string, b64Output: boolean): string {
const hmac = (forge as any).hmac.create();
hmac.start('sha256', macKey);
hmac.update(dataBytes);
const mac = hmac.digest();
return b64Output ? forge.util.encode64(mac.getBytes()) : mac.getBytes();
}
private async computeMacWC(dataBuf: ArrayBuffer, macKeyBuf: ArrayBuffer): Promise<ArrayBuffer> {
const key = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
return await Subtle.sign(SigningAlgorithm, key, dataBuf);
}
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
private macsEqual(macKey: string, mac1: string, mac2: string): boolean {
const hmac = (forge as any).hmac.create();
hmac.start('sha256', macKey);
hmac.update(mac1);
const mac1Bytes = hmac.digest().getBytes();
hmac.start(null, null);
hmac.update(mac2);
const mac2Bytes = hmac.digest().getBytes();
return mac1Bytes === mac2Bytes;
}
private async macsEqualWC(macKeyBuf: ArrayBuffer, mac1Buf: ArrayBuffer, mac2Buf: ArrayBuffer): Promise<boolean> {
const macKey = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
const mac1 = await Subtle.sign(SigningAlgorithm, macKey, mac1Buf);
const mac2 = await Subtle.sign(SigningAlgorithm, macKey, mac2Buf);
if (mac1.byteLength !== mac2.byteLength) {
return false;
}
const arr1 = new Uint8Array(mac1);
const arr2 = new Uint8Array(mac2);
for (let i = 0; i < arr2.length; i++) {
if (arr1[i] !== arr2[i]) {
return false;
}
}
return true;
}
private async getKeyForEncryption(key?: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
if (key) {
return key;
}
const encKey = await this.getEncKey();
return encKey || (await this.getKey());
}
private resolveLegacyKey(encType: EncryptionType, key: SymmetricCryptoKey): SymmetricCryptoKey {
if (encType === EncryptionType.AesCbc128_HmacSha256_B64 &&
key.encType === EncryptionType.AesCbc256_B64) {
// Old encrypt-then-mac scheme, make a new key
this.legacyEtmKey = this.legacyEtmKey ||
new SymmetricCryptoKey(key.key, false, EncryptionType.AesCbc128_HmacSha256_B64);
return this.legacyEtmKey;
}
return key;
}
}

2
src/services/index.ts
View File

@ -1 +1,3 @@
export { ConstantsService } from './crypto.service';
export { CryptoService } from './crypto.service';
export { UtilsService } from './utils.service';

6
tsconfig.json
View File

@ -12,11 +12,7 @@
"outDir": "dist/es",
"typeRoots": [
"node_modules/@types"
],
"forceConsistentCasingInFileNames": true,
"noFallthroughCasesInSwitch": true,
"noUnusedLocals": true,
"noUnusedParameters": true
]
},
"include": [
"src"