mirror of
https://github.com/bitwarden/browser.git
synced 2024-09-25 03:43:10 +02:00
added models, crypto, and constants services
This commit is contained in:
parent
af9b95936f
commit
7c848edf3c
@ -30,5 +30,10 @@
|
|||||||
"tslint": "^5.8.0",
|
"tslint": "^5.8.0",
|
||||||
"typedoc": "^0.9.0",
|
"typedoc": "^0.9.0",
|
||||||
"typescript": "^2.6.2"
|
"typescript": "^2.6.2"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"node-forge": "0.7.1",
|
||||||
|
"@types/node-forge": "0.7.1",
|
||||||
|
"@types/webcrypto": "0.0.28"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
28
src/abstractions/crypto.service.ts
Normal file
28
src/abstractions/crypto.service.ts
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
import { CipherString } from '../models/domain/cipherString';
|
||||||
|
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
|
||||||
|
|
||||||
|
import { ProfileOrganizationResponse } from '../models/response/profileOrganizationResponse';
|
||||||
|
|
||||||
|
export interface CryptoService {
|
||||||
|
setKey(key: SymmetricCryptoKey): Promise<any>;
|
||||||
|
setKeyHash(keyHash: string): Promise<{}>;
|
||||||
|
setEncKey(encKey: string): Promise<{}>;
|
||||||
|
setEncPrivateKey(encPrivateKey: string): Promise<{}>;
|
||||||
|
setOrgKeys(orgs: ProfileOrganizationResponse[]): Promise<{}>;
|
||||||
|
getKey(): Promise<SymmetricCryptoKey>;
|
||||||
|
getKeyHash(): Promise<string>;
|
||||||
|
getEncKey(): Promise<SymmetricCryptoKey>;
|
||||||
|
getPrivateKey(): Promise<ArrayBuffer>;
|
||||||
|
getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>>;
|
||||||
|
getOrgKey(orgId: string): Promise<SymmetricCryptoKey>;
|
||||||
|
clearKeys(): Promise<any>;
|
||||||
|
toggleKey(): Promise<any>;
|
||||||
|
makeKey(password: string, salt: string): SymmetricCryptoKey;
|
||||||
|
hashPassword(password: string, key: SymmetricCryptoKey): Promise<string>;
|
||||||
|
makeEncKey(key: SymmetricCryptoKey): Promise<CipherString>;
|
||||||
|
encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey, plainValueEncoding?: string): Promise<CipherString>;
|
||||||
|
encryptToBytes(plainValue: ArrayBuffer, key?: SymmetricCryptoKey): Promise<ArrayBuffer>;
|
||||||
|
decrypt(cipherString: CipherString, key?: SymmetricCryptoKey, outputEncoding?: string): Promise<string>;
|
||||||
|
decryptFromBytes(encBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer>;
|
||||||
|
rsaDecrypt(encValue: string): Promise<string>;
|
||||||
|
}
|
@ -1,3 +1,4 @@
|
|||||||
|
export { CryptoService } from './crypto.service';
|
||||||
export { MessagingService } from './messaging.service';
|
export { MessagingService } from './messaging.service';
|
||||||
export { PlatformUtilsService } from './platformUtils.service';
|
export { PlatformUtilsService } from './platformUtils.service';
|
||||||
export { StorageService } from './storage.service';
|
export { StorageService } from './storage.service';
|
||||||
|
@ -1,5 +1,9 @@
|
|||||||
import * as Abstractions from './abstractions';
|
import * as Abstractions from './abstractions';
|
||||||
import * as Enums from './enums';
|
import * as Enums from './enums';
|
||||||
|
import * as Data from './models/data';
|
||||||
|
import * as Domain from './models/domain';
|
||||||
|
import * as Request from './models/request';
|
||||||
|
import * as Response from './models/response';
|
||||||
import * as Services from './services';
|
import * as Services from './services';
|
||||||
|
|
||||||
export { Abstractions, Enums, Services };
|
export { Abstractions, Enums, Data, Domain, Request, Response, Services };
|
||||||
|
20
src/models/data/attachmentData.ts
Normal file
20
src/models/data/attachmentData.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import { AttachmentResponse } from '../response/attachmentResponse';
|
||||||
|
|
||||||
|
class AttachmentData {
|
||||||
|
id: string;
|
||||||
|
url: string;
|
||||||
|
fileName: string;
|
||||||
|
size: number;
|
||||||
|
sizeName: string;
|
||||||
|
|
||||||
|
constructor(response: AttachmentResponse) {
|
||||||
|
this.id = response.id;
|
||||||
|
this.url = response.url;
|
||||||
|
this.fileName = response.fileName;
|
||||||
|
this.size = response.size;
|
||||||
|
this.sizeName = response.sizeName;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { AttachmentData };
|
||||||
|
(window as any).AttachmentData = AttachmentData;
|
20
src/models/data/cardData.ts
Normal file
20
src/models/data/cardData.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
class CardData {
|
||||||
|
cardholderName: string;
|
||||||
|
brand: string;
|
||||||
|
number: string;
|
||||||
|
expMonth: string;
|
||||||
|
expYear: string;
|
||||||
|
code: string;
|
||||||
|
|
||||||
|
constructor(data: any) {
|
||||||
|
this.cardholderName = data.CardholderName;
|
||||||
|
this.brand = data.Brand;
|
||||||
|
this.number = data.Number;
|
||||||
|
this.expMonth = data.ExpMonth;
|
||||||
|
this.expYear = data.ExpYear;
|
||||||
|
this.code = data.Code;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CardData };
|
||||||
|
(window as any).CardData = CardData;
|
87
src/models/data/cipherData.ts
Normal file
87
src/models/data/cipherData.ts
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
import { CipherType } from '../../enums/cipherType';
|
||||||
|
|
||||||
|
import { AttachmentData } from './attachmentData';
|
||||||
|
import { CardData } from './cardData';
|
||||||
|
import { FieldData } from './fieldData';
|
||||||
|
import { IdentityData } from './identityData';
|
||||||
|
import { LoginData } from './loginData';
|
||||||
|
import { SecureNoteData } from './secureNoteData';
|
||||||
|
|
||||||
|
import { CipherResponse } from '../response/cipherResponse';
|
||||||
|
|
||||||
|
class CipherData {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
folderId: string;
|
||||||
|
userId: string;
|
||||||
|
edit: boolean;
|
||||||
|
organizationUseTotp: boolean;
|
||||||
|
favorite: boolean;
|
||||||
|
revisionDate: string;
|
||||||
|
type: CipherType;
|
||||||
|
sizeName: string;
|
||||||
|
name: string;
|
||||||
|
notes: string;
|
||||||
|
login?: LoginData;
|
||||||
|
secureNote?: SecureNoteData;
|
||||||
|
card?: CardData;
|
||||||
|
identity?: IdentityData;
|
||||||
|
fields?: FieldData[];
|
||||||
|
attachments?: AttachmentData[];
|
||||||
|
collectionIds?: string[];
|
||||||
|
|
||||||
|
constructor(response: CipherResponse, userId: string, collectionIds?: string[]) {
|
||||||
|
this.id = response.id;
|
||||||
|
this.organizationId = response.organizationId;
|
||||||
|
this.folderId = response.folderId;
|
||||||
|
this.userId = userId;
|
||||||
|
this.edit = response.edit;
|
||||||
|
this.organizationUseTotp = response.organizationUseTotp;
|
||||||
|
this.favorite = response.favorite;
|
||||||
|
this.revisionDate = response.revisionDate;
|
||||||
|
this.type = response.type;
|
||||||
|
|
||||||
|
if (collectionIds != null) {
|
||||||
|
this.collectionIds = collectionIds;
|
||||||
|
} else {
|
||||||
|
this.collectionIds = response.collectionIds;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.name = response.data.Name;
|
||||||
|
this.notes = response.data.Notes;
|
||||||
|
|
||||||
|
switch (this.type) {
|
||||||
|
case CipherType.Login:
|
||||||
|
this.login = new LoginData(response.data);
|
||||||
|
break;
|
||||||
|
case CipherType.SecureNote:
|
||||||
|
this.secureNote = new SecureNoteData(response.data);
|
||||||
|
break;
|
||||||
|
case CipherType.Card:
|
||||||
|
this.card = new CardData(response.data);
|
||||||
|
break;
|
||||||
|
case CipherType.Identity:
|
||||||
|
this.identity = new IdentityData(response.data);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.data.Fields != null) {
|
||||||
|
this.fields = [];
|
||||||
|
response.data.Fields.forEach((field: any) => {
|
||||||
|
this.fields.push(new FieldData(field));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.attachments != null) {
|
||||||
|
this.attachments = [];
|
||||||
|
response.attachments.forEach((attachment) => {
|
||||||
|
this.attachments.push(new AttachmentData(attachment));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CipherData };
|
||||||
|
(window as any).CipherData = CipherData;
|
16
src/models/data/collectionData.ts
Normal file
16
src/models/data/collectionData.ts
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
import { CollectionResponse } from '../response/collectionResponse';
|
||||||
|
|
||||||
|
class CollectionData {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
name: string;
|
||||||
|
|
||||||
|
constructor(response: CollectionResponse) {
|
||||||
|
this.id = response.id;
|
||||||
|
this.organizationId = response.organizationId;
|
||||||
|
this.name = response.name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CollectionData };
|
||||||
|
(window as any).CollectionData = CollectionData;
|
16
src/models/data/fieldData.ts
Normal file
16
src/models/data/fieldData.ts
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
import { FieldType } from '../../enums/fieldType';
|
||||||
|
|
||||||
|
class FieldData {
|
||||||
|
type: FieldType;
|
||||||
|
name: string;
|
||||||
|
value: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.type = response.Type;
|
||||||
|
this.name = response.Name;
|
||||||
|
this.value = response.Value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { FieldData };
|
||||||
|
(window as any).FieldData = FieldData;
|
18
src/models/data/folderData.ts
Normal file
18
src/models/data/folderData.ts
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
import { FolderResponse } from '../response/folderResponse';
|
||||||
|
|
||||||
|
class FolderData {
|
||||||
|
id: string;
|
||||||
|
userId: string;
|
||||||
|
name: string;
|
||||||
|
revisionDate: string;
|
||||||
|
|
||||||
|
constructor(response: FolderResponse, userId: string) {
|
||||||
|
this.userId = userId;
|
||||||
|
this.name = response.name;
|
||||||
|
this.id = response.id;
|
||||||
|
this.revisionDate = response.revisionDate;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { FolderData };
|
||||||
|
(window as any).FolderData = FolderData;
|
44
src/models/data/identityData.ts
Normal file
44
src/models/data/identityData.ts
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
class IdentityData {
|
||||||
|
title: string;
|
||||||
|
firstName: string;
|
||||||
|
middleName: string;
|
||||||
|
lastName: string;
|
||||||
|
address1: string;
|
||||||
|
address2: string;
|
||||||
|
address3: string;
|
||||||
|
city: string;
|
||||||
|
state: string;
|
||||||
|
postalCode: string;
|
||||||
|
country: string;
|
||||||
|
company: string;
|
||||||
|
email: string;
|
||||||
|
phone: string;
|
||||||
|
ssn: string;
|
||||||
|
username: string;
|
||||||
|
passportNumber: string;
|
||||||
|
licenseNumber: string;
|
||||||
|
|
||||||
|
constructor(data: any) {
|
||||||
|
this.title = data.Title;
|
||||||
|
this.firstName = data.FirstName;
|
||||||
|
this.middleName = data.MiddleName;
|
||||||
|
this.lastName = data.LastName;
|
||||||
|
this.address1 = data.Address1;
|
||||||
|
this.address2 = data.Address2;
|
||||||
|
this.address3 = data.Address3;
|
||||||
|
this.city = data.City;
|
||||||
|
this.state = data.State;
|
||||||
|
this.postalCode = data.PostalCode;
|
||||||
|
this.country = data.Country;
|
||||||
|
this.company = data.Company;
|
||||||
|
this.email = data.Email;
|
||||||
|
this.phone = data.Phone;
|
||||||
|
this.ssn = data.SSN;
|
||||||
|
this.username = data.Username;
|
||||||
|
this.passportNumber = data.PassportNumber;
|
||||||
|
this.licenseNumber = data.LicenseNumber;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { IdentityData };
|
||||||
|
(window as any).IdentityData = IdentityData;
|
9
src/models/data/index.ts
Normal file
9
src/models/data/index.ts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
export { AttachmentData } from './attachmentData';
|
||||||
|
export { CardData } from './cardData';
|
||||||
|
export { CipherData } from './cipherData';
|
||||||
|
export { CollectionData } from './collectionData';
|
||||||
|
export { FieldData } from './fieldData';
|
||||||
|
export { FolderData } from './folderData';
|
||||||
|
export { IdentityData } from './identityData';
|
||||||
|
export { LoginData } from './loginData';
|
||||||
|
export { SecureNoteData } from './secureNoteData';
|
16
src/models/data/loginData.ts
Normal file
16
src/models/data/loginData.ts
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
class LoginData {
|
||||||
|
uri: string;
|
||||||
|
username: string;
|
||||||
|
password: string;
|
||||||
|
totp: string;
|
||||||
|
|
||||||
|
constructor(data: any) {
|
||||||
|
this.uri = data.Uri;
|
||||||
|
this.username = data.Username;
|
||||||
|
this.password = data.Password;
|
||||||
|
this.totp = data.Totp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { LoginData };
|
||||||
|
(window as any).LoginData = LoginData;
|
12
src/models/data/secureNoteData.ts
Normal file
12
src/models/data/secureNoteData.ts
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
import { SecureNoteType } from '../../enums/secureNoteType';
|
||||||
|
|
||||||
|
class SecureNoteData {
|
||||||
|
type: SecureNoteType;
|
||||||
|
|
||||||
|
constructor(data: any) {
|
||||||
|
this.type = data.Type;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { SecureNoteData };
|
||||||
|
(window as any).SecureNoteData = SecureNoteData;
|
43
src/models/domain/attachment.ts
Normal file
43
src/models/domain/attachment.ts
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
import { AttachmentData } from '../data/attachmentData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Attachment extends Domain {
|
||||||
|
id: string;
|
||||||
|
url: string;
|
||||||
|
size: number;
|
||||||
|
sizeName: string;
|
||||||
|
fileName: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: AttachmentData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.size = obj.size;
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
id: null,
|
||||||
|
url: null,
|
||||||
|
sizeName: null,
|
||||||
|
fileName: null,
|
||||||
|
}, alreadyEncrypted, ['id', 'url', 'sizeName']);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<any> {
|
||||||
|
const model = {
|
||||||
|
id: this.id,
|
||||||
|
size: this.size,
|
||||||
|
sizeName: this.sizeName,
|
||||||
|
url: this.url,
|
||||||
|
};
|
||||||
|
|
||||||
|
return this.decryptObj(model, {
|
||||||
|
fileName: null,
|
||||||
|
}, orgId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Attachment };
|
||||||
|
(window as any).Attachment = Attachment;
|
43
src/models/domain/card.ts
Normal file
43
src/models/domain/card.ts
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
import { CardData } from '../data/cardData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Card extends Domain {
|
||||||
|
cardholderName: CipherString;
|
||||||
|
brand: CipherString;
|
||||||
|
number: CipherString;
|
||||||
|
expMonth: CipherString;
|
||||||
|
expYear: CipherString;
|
||||||
|
code: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: CardData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
cardholderName: null,
|
||||||
|
brand: null,
|
||||||
|
number: null,
|
||||||
|
expMonth: null,
|
||||||
|
expYear: null,
|
||||||
|
code: null,
|
||||||
|
}, alreadyEncrypted, []);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<any> {
|
||||||
|
return this.decryptObj({}, {
|
||||||
|
cardholderName: null,
|
||||||
|
brand: null,
|
||||||
|
number: null,
|
||||||
|
expMonth: null,
|
||||||
|
expYear: null,
|
||||||
|
code: null,
|
||||||
|
}, orgId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Card };
|
||||||
|
(window as any).Card = Card;
|
192
src/models/domain/cipher.ts
Normal file
192
src/models/domain/cipher.ts
Normal file
@ -0,0 +1,192 @@
|
|||||||
|
import { CipherType } from '../../enums/cipherType';
|
||||||
|
|
||||||
|
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
|
||||||
|
|
||||||
|
import { CipherData } from '../data/cipherData';
|
||||||
|
|
||||||
|
import { Attachment } from './attachment';
|
||||||
|
import { Card } from './card';
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
import { Field } from './field';
|
||||||
|
import { Identity } from './identity';
|
||||||
|
import { Login } from './login';
|
||||||
|
import { SecureNote } from './secureNote';
|
||||||
|
|
||||||
|
class Cipher extends Domain {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
folderId: string;
|
||||||
|
name: CipherString;
|
||||||
|
notes: CipherString;
|
||||||
|
type: CipherType;
|
||||||
|
favorite: boolean;
|
||||||
|
organizationUseTotp: boolean;
|
||||||
|
edit: boolean;
|
||||||
|
localData: any;
|
||||||
|
login: Login;
|
||||||
|
identity: Identity;
|
||||||
|
card: Card;
|
||||||
|
secureNote: SecureNote;
|
||||||
|
attachments: Attachment[];
|
||||||
|
fields: Field[];
|
||||||
|
collectionIds: string[];
|
||||||
|
|
||||||
|
constructor(obj?: CipherData, alreadyEncrypted: boolean = false, localData: any = null) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
id: null,
|
||||||
|
organizationId: null,
|
||||||
|
folderId: null,
|
||||||
|
name: null,
|
||||||
|
notes: null,
|
||||||
|
}, alreadyEncrypted, ['id', 'organizationId', 'folderId']);
|
||||||
|
|
||||||
|
this.type = obj.type;
|
||||||
|
this.favorite = obj.favorite;
|
||||||
|
this.organizationUseTotp = obj.organizationUseTotp;
|
||||||
|
this.edit = obj.edit;
|
||||||
|
this.collectionIds = obj.collectionIds;
|
||||||
|
this.localData = localData;
|
||||||
|
|
||||||
|
switch (this.type) {
|
||||||
|
case CipherType.Login:
|
||||||
|
this.login = new Login(obj.login, alreadyEncrypted);
|
||||||
|
break;
|
||||||
|
case CipherType.SecureNote:
|
||||||
|
this.secureNote = new SecureNote(obj.secureNote, alreadyEncrypted);
|
||||||
|
break;
|
||||||
|
case CipherType.Card:
|
||||||
|
this.card = new Card(obj.card, alreadyEncrypted);
|
||||||
|
break;
|
||||||
|
case CipherType.Identity:
|
||||||
|
this.identity = new Identity(obj.identity, alreadyEncrypted);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (obj.attachments != null) {
|
||||||
|
this.attachments = [];
|
||||||
|
obj.attachments.forEach((attachment) => {
|
||||||
|
this.attachments.push(new Attachment(attachment, alreadyEncrypted));
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
this.attachments = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (obj.fields != null) {
|
||||||
|
this.fields = [];
|
||||||
|
obj.fields.forEach((field) => {
|
||||||
|
this.fields.push(new Field(field, alreadyEncrypted));
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
this.fields = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async decrypt(): Promise<any> {
|
||||||
|
const model = {
|
||||||
|
id: this.id,
|
||||||
|
organizationId: this.organizationId,
|
||||||
|
folderId: this.folderId,
|
||||||
|
favorite: this.favorite,
|
||||||
|
type: this.type,
|
||||||
|
localData: this.localData,
|
||||||
|
login: null as any,
|
||||||
|
card: null as any,
|
||||||
|
identity: null as any,
|
||||||
|
secureNote: null as any,
|
||||||
|
subTitle: null as string,
|
||||||
|
attachments: null as any[],
|
||||||
|
fields: null as any[],
|
||||||
|
collectionIds: this.collectionIds,
|
||||||
|
};
|
||||||
|
|
||||||
|
await this.decryptObj(model, {
|
||||||
|
name: null,
|
||||||
|
notes: null,
|
||||||
|
}, this.organizationId);
|
||||||
|
|
||||||
|
switch (this.type) {
|
||||||
|
case CipherType.Login:
|
||||||
|
model.login = await this.login.decrypt(this.organizationId);
|
||||||
|
model.subTitle = model.login.username;
|
||||||
|
if (model.login.uri) {
|
||||||
|
const containerService = (window as any).BitwardenContainerService;
|
||||||
|
if (containerService) {
|
||||||
|
const platformUtilsService: PlatformUtilsService =
|
||||||
|
containerService.getPlatformUtilsService();
|
||||||
|
model.login.domain = platformUtilsService.getDomain(model.login.uri);
|
||||||
|
} else {
|
||||||
|
throw new Error('window.BitwardenContainerService not initialized.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case CipherType.SecureNote:
|
||||||
|
model.secureNote = await this.secureNote.decrypt(this.organizationId);
|
||||||
|
model.subTitle = null;
|
||||||
|
break;
|
||||||
|
case CipherType.Card:
|
||||||
|
model.card = await this.card.decrypt(this.organizationId);
|
||||||
|
model.subTitle = model.card.brand;
|
||||||
|
if (model.card.number && model.card.number.length >= 4) {
|
||||||
|
if (model.subTitle !== '') {
|
||||||
|
model.subTitle += ', ';
|
||||||
|
}
|
||||||
|
model.subTitle += ('*' + model.card.number.substr(model.card.number.length - 4));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case CipherType.Identity:
|
||||||
|
model.identity = await this.identity.decrypt(this.organizationId);
|
||||||
|
model.subTitle = '';
|
||||||
|
if (model.identity.firstName) {
|
||||||
|
model.subTitle = model.identity.firstName;
|
||||||
|
}
|
||||||
|
if (model.identity.lastName) {
|
||||||
|
if (model.subTitle !== '') {
|
||||||
|
model.subTitle += ' ';
|
||||||
|
}
|
||||||
|
model.subTitle += model.identity.lastName;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
const orgId = this.organizationId;
|
||||||
|
|
||||||
|
if (this.attachments != null && this.attachments.length > 0) {
|
||||||
|
const attachments: any[] = [];
|
||||||
|
await this.attachments.reduce((promise, attachment) => {
|
||||||
|
return promise.then(() => {
|
||||||
|
return attachment.decrypt(orgId);
|
||||||
|
}).then((decAttachment) => {
|
||||||
|
attachments.push(decAttachment);
|
||||||
|
});
|
||||||
|
}, Promise.resolve());
|
||||||
|
model.attachments = attachments;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.fields != null && this.fields.length > 0) {
|
||||||
|
const fields: any[] = [];
|
||||||
|
await this.fields.reduce((promise, field) => {
|
||||||
|
return promise.then(() => {
|
||||||
|
return field.decrypt(orgId);
|
||||||
|
}).then((decField) => {
|
||||||
|
fields.push(decField);
|
||||||
|
});
|
||||||
|
}, Promise.resolve());
|
||||||
|
model.fields = fields;
|
||||||
|
}
|
||||||
|
|
||||||
|
return model;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Cipher };
|
||||||
|
(window as any).Cipher = Cipher;
|
116
src/models/domain/cipherString.ts
Normal file
116
src/models/domain/cipherString.ts
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
import { EncryptionType } from '../../enums/encryptionType';
|
||||||
|
|
||||||
|
import { CryptoService } from '../../abstractions/crypto.service';
|
||||||
|
|
||||||
|
class CipherString {
|
||||||
|
encryptedString?: string;
|
||||||
|
encryptionType?: EncryptionType;
|
||||||
|
decryptedValue?: string;
|
||||||
|
cipherText?: string;
|
||||||
|
initializationVector?: string;
|
||||||
|
mac?: string;
|
||||||
|
|
||||||
|
constructor(encryptedStringOrType: string | EncryptionType, ct?: string, iv?: string, mac?: string) {
|
||||||
|
if (ct != null) {
|
||||||
|
// ct and header
|
||||||
|
const encType = encryptedStringOrType as EncryptionType;
|
||||||
|
this.encryptedString = encType + '.' + ct;
|
||||||
|
|
||||||
|
// iv
|
||||||
|
if (iv != null) {
|
||||||
|
this.encryptedString += ('|' + iv);
|
||||||
|
}
|
||||||
|
|
||||||
|
// mac
|
||||||
|
if (mac != null) {
|
||||||
|
this.encryptedString += ('|' + mac);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.encryptionType = encType;
|
||||||
|
this.cipherText = ct;
|
||||||
|
this.initializationVector = iv;
|
||||||
|
this.mac = mac;
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.encryptedString = encryptedStringOrType as string;
|
||||||
|
if (!this.encryptedString) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const headerPieces = this.encryptedString.split('.');
|
||||||
|
let encPieces: string[] = null;
|
||||||
|
|
||||||
|
if (headerPieces.length === 2) {
|
||||||
|
try {
|
||||||
|
this.encryptionType = parseInt(headerPieces[0], null);
|
||||||
|
encPieces = headerPieces[1].split('|');
|
||||||
|
} catch (e) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
encPieces = this.encryptedString.split('|');
|
||||||
|
this.encryptionType = encPieces.length === 3 ? EncryptionType.AesCbc128_HmacSha256_B64 :
|
||||||
|
EncryptionType.AesCbc256_B64;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (this.encryptionType) {
|
||||||
|
case EncryptionType.AesCbc128_HmacSha256_B64:
|
||||||
|
case EncryptionType.AesCbc256_HmacSha256_B64:
|
||||||
|
if (encPieces.length !== 3) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.initializationVector = encPieces[0];
|
||||||
|
this.cipherText = encPieces[1];
|
||||||
|
this.mac = encPieces[2];
|
||||||
|
break;
|
||||||
|
case EncryptionType.AesCbc256_B64:
|
||||||
|
if (encPieces.length !== 2) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.initializationVector = encPieces[0];
|
||||||
|
this.cipherText = encPieces[1];
|
||||||
|
break;
|
||||||
|
case EncryptionType.Rsa2048_OaepSha256_B64:
|
||||||
|
case EncryptionType.Rsa2048_OaepSha1_B64:
|
||||||
|
if (encPieces.length !== 1) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.cipherText = encPieces[0];
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<string> {
|
||||||
|
if (this.decryptedValue) {
|
||||||
|
return Promise.resolve(this.decryptedValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
let cryptoService: CryptoService;
|
||||||
|
const containerService = (window as any).BitwardenContainerService;
|
||||||
|
if (containerService) {
|
||||||
|
cryptoService = containerService.getCryptoService();
|
||||||
|
} else {
|
||||||
|
throw new Error('window.BitwardenContainerService not initialized.');
|
||||||
|
}
|
||||||
|
|
||||||
|
return cryptoService.getOrgKey(orgId).then((orgKey: any) => {
|
||||||
|
return cryptoService.decrypt(this, orgKey);
|
||||||
|
}).then((decValue: any) => {
|
||||||
|
this.decryptedValue = decValue;
|
||||||
|
return this.decryptedValue;
|
||||||
|
}).catch(() => {
|
||||||
|
this.decryptedValue = '[error: cannot decrypt]';
|
||||||
|
return this.decryptedValue;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CipherString };
|
||||||
|
(window as any).CipherString = CipherString;
|
37
src/models/domain/collection.ts
Normal file
37
src/models/domain/collection.ts
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
import { CollectionData } from '../data/collectionData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Collection extends Domain {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
name: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: CollectionData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
id: null,
|
||||||
|
organizationId: null,
|
||||||
|
name: null,
|
||||||
|
}, alreadyEncrypted, ['id', 'organizationId']);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(): Promise<any> {
|
||||||
|
const model = {
|
||||||
|
id: this.id,
|
||||||
|
organizationId: this.organizationId,
|
||||||
|
};
|
||||||
|
|
||||||
|
return this.decryptObj(model, {
|
||||||
|
name: null,
|
||||||
|
}, this.organizationId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Collection };
|
||||||
|
(window as any).Collection = Collection;
|
46
src/models/domain/domain.ts
Normal file
46
src/models/domain/domain.ts
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
import { CipherString } from '../domain/cipherString';
|
||||||
|
|
||||||
|
export default abstract class Domain {
|
||||||
|
protected buildDomainModel(model: any, obj: any, map: any, alreadyEncrypted: boolean, notEncList: any[] = []) {
|
||||||
|
for (const prop in map) {
|
||||||
|
if (!map.hasOwnProperty(prop)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
const objProp = obj[(map[prop] || prop)];
|
||||||
|
if (alreadyEncrypted === true || notEncList.indexOf(prop) > -1) {
|
||||||
|
model[prop] = objProp ? objProp : null;
|
||||||
|
} else {
|
||||||
|
model[prop] = objProp ? new CipherString(objProp) : null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected async decryptObj(model: any, map: any, orgId: string) {
|
||||||
|
const promises = [];
|
||||||
|
const self: any = this;
|
||||||
|
|
||||||
|
for (const prop in map) {
|
||||||
|
if (!map.hasOwnProperty(prop)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
// tslint:disable-next-line
|
||||||
|
(function (theProp) {
|
||||||
|
const p = Promise.resolve().then(() => {
|
||||||
|
const mapProp = map[theProp] || theProp;
|
||||||
|
if (self[mapProp]) {
|
||||||
|
return self[mapProp].decrypt(orgId);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}).then((val: any) => {
|
||||||
|
model[theProp] = val;
|
||||||
|
});
|
||||||
|
promises.push(p);
|
||||||
|
})(prop);
|
||||||
|
}
|
||||||
|
|
||||||
|
await Promise.all(promises);
|
||||||
|
return model;
|
||||||
|
}
|
||||||
|
}
|
8
src/models/domain/encryptedObject.ts
Normal file
8
src/models/domain/encryptedObject.ts
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
import { SymmetricCryptoKey } from './symmetricCryptoKey';
|
||||||
|
|
||||||
|
export class EncryptedObject {
|
||||||
|
iv: Uint8Array;
|
||||||
|
ct: Uint8Array;
|
||||||
|
mac: Uint8Array;
|
||||||
|
key: SymmetricCryptoKey;
|
||||||
|
}
|
5
src/models/domain/environmentUrls.ts
Normal file
5
src/models/domain/environmentUrls.ts
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
export class EnvironmentUrls {
|
||||||
|
base: string;
|
||||||
|
api: string;
|
||||||
|
identity: string;
|
||||||
|
}
|
39
src/models/domain/field.ts
Normal file
39
src/models/domain/field.ts
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
import { FieldType } from '../../enums/fieldType';
|
||||||
|
|
||||||
|
import { FieldData } from '../data/fieldData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Field extends Domain {
|
||||||
|
name: CipherString;
|
||||||
|
vault: CipherString;
|
||||||
|
type: FieldType;
|
||||||
|
|
||||||
|
constructor(obj?: FieldData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.type = obj.type;
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
name: null,
|
||||||
|
value: null,
|
||||||
|
}, alreadyEncrypted, []);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<any> {
|
||||||
|
const model = {
|
||||||
|
type: this.type,
|
||||||
|
};
|
||||||
|
|
||||||
|
return this.decryptObj(model, {
|
||||||
|
name: null,
|
||||||
|
value: null,
|
||||||
|
}, orgId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Field };
|
||||||
|
(window as any).Field = Field;
|
34
src/models/domain/folder.ts
Normal file
34
src/models/domain/folder.ts
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
import { FolderData } from '../data/folderData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Folder extends Domain {
|
||||||
|
id: string;
|
||||||
|
name: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: FolderData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
id: null,
|
||||||
|
name: null,
|
||||||
|
}, alreadyEncrypted, ['id']);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(): Promise<any> {
|
||||||
|
const model = {
|
||||||
|
id: this.id,
|
||||||
|
};
|
||||||
|
|
||||||
|
return this.decryptObj(model, {
|
||||||
|
name: null,
|
||||||
|
}, null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Folder };
|
||||||
|
(window as any).Folder = Folder;
|
79
src/models/domain/identity.ts
Normal file
79
src/models/domain/identity.ts
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
import { IdentityData } from '../data/identityData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Identity extends Domain {
|
||||||
|
title: CipherString;
|
||||||
|
firstName: CipherString;
|
||||||
|
middleName: CipherString;
|
||||||
|
lastName: CipherString;
|
||||||
|
address1: CipherString;
|
||||||
|
address2: CipherString;
|
||||||
|
address3: CipherString;
|
||||||
|
city: CipherString;
|
||||||
|
state: CipherString;
|
||||||
|
postalCode: CipherString;
|
||||||
|
country: CipherString;
|
||||||
|
company: CipherString;
|
||||||
|
email: CipherString;
|
||||||
|
phone: CipherString;
|
||||||
|
ssn: CipherString;
|
||||||
|
username: CipherString;
|
||||||
|
passportNumber: CipherString;
|
||||||
|
licenseNumber: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: IdentityData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
title: null,
|
||||||
|
firstName: null,
|
||||||
|
middleName: null,
|
||||||
|
lastName: null,
|
||||||
|
address1: null,
|
||||||
|
address2: null,
|
||||||
|
address3: null,
|
||||||
|
city: null,
|
||||||
|
state: null,
|
||||||
|
postalCode: null,
|
||||||
|
country: null,
|
||||||
|
company: null,
|
||||||
|
email: null,
|
||||||
|
phone: null,
|
||||||
|
ssn: null,
|
||||||
|
username: null,
|
||||||
|
passportNumber: null,
|
||||||
|
licenseNumber: null,
|
||||||
|
}, alreadyEncrypted, []);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<any> {
|
||||||
|
return this.decryptObj({}, {
|
||||||
|
title: null,
|
||||||
|
firstName: null,
|
||||||
|
middleName: null,
|
||||||
|
lastName: null,
|
||||||
|
address1: null,
|
||||||
|
address2: null,
|
||||||
|
address3: null,
|
||||||
|
city: null,
|
||||||
|
state: null,
|
||||||
|
postalCode: null,
|
||||||
|
country: null,
|
||||||
|
company: null,
|
||||||
|
email: null,
|
||||||
|
phone: null,
|
||||||
|
ssn: null,
|
||||||
|
username: null,
|
||||||
|
passportNumber: null,
|
||||||
|
licenseNumber: null,
|
||||||
|
}, orgId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Identity };
|
||||||
|
(window as any).Identity = Identity;
|
15
src/models/domain/index.ts
Normal file
15
src/models/domain/index.ts
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
export { Attachment } from './attachment';
|
||||||
|
export { Card } from './card';
|
||||||
|
export { Cipher } from './cipher';
|
||||||
|
export { CipherString } from './cipherString';
|
||||||
|
export { Collection } from './collection';
|
||||||
|
export { EncryptedObject } from './encryptedObject';
|
||||||
|
export { EnvironmentUrls } from './environmentUrls';
|
||||||
|
export { Field } from './field';
|
||||||
|
export { Folder } from './folder';
|
||||||
|
export { Identity } from './identity';
|
||||||
|
export { Login } from './login';
|
||||||
|
export { PasswordHistory } from './passwordHistory';
|
||||||
|
export { SecureNote } from './secureNote';
|
||||||
|
export { SymmetricCryptoKey } from './symmetricCryptoKey';
|
||||||
|
export { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';
|
37
src/models/domain/login.ts
Normal file
37
src/models/domain/login.ts
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
import { LoginData } from '../data/loginData';
|
||||||
|
|
||||||
|
import { CipherString } from './cipherString';
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class Login extends Domain {
|
||||||
|
uri: CipherString;
|
||||||
|
username: CipherString;
|
||||||
|
password: CipherString;
|
||||||
|
totp: CipherString;
|
||||||
|
|
||||||
|
constructor(obj?: LoginData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.buildDomainModel(this, obj, {
|
||||||
|
uri: null,
|
||||||
|
username: null,
|
||||||
|
password: null,
|
||||||
|
totp: null,
|
||||||
|
}, alreadyEncrypted, []);
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): Promise<any> {
|
||||||
|
return this.decryptObj({}, {
|
||||||
|
uri: null,
|
||||||
|
username: null,
|
||||||
|
password: null,
|
||||||
|
totp: null,
|
||||||
|
}, orgId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { Login };
|
||||||
|
(window as any).Login = Login;
|
9
src/models/domain/passwordHistory.ts
Normal file
9
src/models/domain/passwordHistory.ts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
export class PasswordHistory {
|
||||||
|
password: string;
|
||||||
|
date: number;
|
||||||
|
|
||||||
|
constructor(password: string, date: number) {
|
||||||
|
this.password = password;
|
||||||
|
this.date = date;
|
||||||
|
}
|
||||||
|
}
|
27
src/models/domain/secureNote.ts
Normal file
27
src/models/domain/secureNote.ts
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
import { SecureNoteType } from '../../enums/secureNoteType';
|
||||||
|
|
||||||
|
import { SecureNoteData } from '../data/secureNoteData';
|
||||||
|
|
||||||
|
import Domain from './domain';
|
||||||
|
|
||||||
|
class SecureNote extends Domain {
|
||||||
|
type: SecureNoteType;
|
||||||
|
|
||||||
|
constructor(obj?: SecureNoteData, alreadyEncrypted: boolean = false) {
|
||||||
|
super();
|
||||||
|
if (obj == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.type = obj.type;
|
||||||
|
}
|
||||||
|
|
||||||
|
decrypt(orgId: string): any {
|
||||||
|
return {
|
||||||
|
type: this.type,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { SecureNote };
|
||||||
|
(window as any).SecureNote = SecureNote;
|
80
src/models/domain/symmetricCryptoKey.ts
Normal file
80
src/models/domain/symmetricCryptoKey.ts
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
import * as forge from 'node-forge';
|
||||||
|
|
||||||
|
import { EncryptionType } from '../../enums/encryptionType';
|
||||||
|
|
||||||
|
import { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';
|
||||||
|
|
||||||
|
import { UtilsService } from '../../services/utils.service';
|
||||||
|
|
||||||
|
export class SymmetricCryptoKey {
|
||||||
|
key: string;
|
||||||
|
keyB64: string;
|
||||||
|
encKey: string;
|
||||||
|
macKey: string;
|
||||||
|
encType: EncryptionType;
|
||||||
|
keyBuf: SymmetricCryptoKeyBuffers;
|
||||||
|
|
||||||
|
constructor(keyBytes: string, b64KeyBytes?: boolean, encType?: EncryptionType) {
|
||||||
|
if (b64KeyBytes) {
|
||||||
|
keyBytes = forge.util.decode64(keyBytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!keyBytes) {
|
||||||
|
throw new Error('Must provide keyBytes');
|
||||||
|
}
|
||||||
|
|
||||||
|
const buffer = (forge as any).util.createBuffer(keyBytes);
|
||||||
|
if (!buffer || buffer.length() === 0) {
|
||||||
|
throw new Error('Couldn\'t make buffer');
|
||||||
|
}
|
||||||
|
|
||||||
|
const bufferLength: number = buffer.length();
|
||||||
|
|
||||||
|
if (encType == null) {
|
||||||
|
if (bufferLength === 32) {
|
||||||
|
encType = EncryptionType.AesCbc256_B64;
|
||||||
|
} else if (bufferLength === 64) {
|
||||||
|
encType = EncryptionType.AesCbc256_HmacSha256_B64;
|
||||||
|
} else {
|
||||||
|
throw new Error('Unable to determine encType.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
this.key = keyBytes;
|
||||||
|
this.keyB64 = forge.util.encode64(keyBytes);
|
||||||
|
this.encType = encType;
|
||||||
|
|
||||||
|
if (encType === EncryptionType.AesCbc256_B64 && bufferLength === 32) {
|
||||||
|
this.encKey = keyBytes;
|
||||||
|
this.macKey = null;
|
||||||
|
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && bufferLength === 32) {
|
||||||
|
this.encKey = buffer.getBytes(16); // first half
|
||||||
|
this.macKey = buffer.getBytes(16); // second half
|
||||||
|
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && bufferLength === 64) {
|
||||||
|
this.encKey = buffer.getBytes(32); // first half
|
||||||
|
this.macKey = buffer.getBytes(32); // second half
|
||||||
|
} else {
|
||||||
|
throw new Error('Unsupported encType/key length.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
getBuffers() {
|
||||||
|
if (this.keyBuf) {
|
||||||
|
return this.keyBuf;
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = UtilsService.fromB64ToArray(this.keyB64);
|
||||||
|
const keys = new SymmetricCryptoKeyBuffers(key.buffer);
|
||||||
|
|
||||||
|
if (this.macKey) {
|
||||||
|
keys.encKey = key.slice(0, key.length / 2).buffer;
|
||||||
|
keys.macKey = key.slice(key.length / 2).buffer;
|
||||||
|
} else {
|
||||||
|
keys.encKey = key.buffer;
|
||||||
|
keys.macKey = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.keyBuf = keys;
|
||||||
|
return this.keyBuf;
|
||||||
|
}
|
||||||
|
}
|
9
src/models/domain/symmetricCryptoKeyBuffers.ts
Normal file
9
src/models/domain/symmetricCryptoKeyBuffers.ts
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
export class SymmetricCryptoKeyBuffers {
|
||||||
|
key: ArrayBuffer;
|
||||||
|
encKey?: ArrayBuffer;
|
||||||
|
macKey?: ArrayBuffer;
|
||||||
|
|
||||||
|
constructor(key: ArrayBuffer) {
|
||||||
|
this.key = key;
|
||||||
|
}
|
||||||
|
}
|
89
src/models/request/cipherRequest.ts
Normal file
89
src/models/request/cipherRequest.ts
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
import { CipherType } from '../../enums/cipherType';
|
||||||
|
|
||||||
|
class CipherRequest {
|
||||||
|
type: CipherType;
|
||||||
|
folderId: string;
|
||||||
|
organizationId: string;
|
||||||
|
name: string;
|
||||||
|
notes: string;
|
||||||
|
favorite: boolean;
|
||||||
|
login: any;
|
||||||
|
secureNote: any;
|
||||||
|
card: any;
|
||||||
|
identity: any;
|
||||||
|
fields: any[];
|
||||||
|
|
||||||
|
constructor(cipher: any) {
|
||||||
|
this.type = cipher.type;
|
||||||
|
this.folderId = cipher.folderId;
|
||||||
|
this.organizationId = cipher.organizationId;
|
||||||
|
this.name = cipher.name ? cipher.name.encryptedString : null;
|
||||||
|
this.notes = cipher.notes ? cipher.notes.encryptedString : null;
|
||||||
|
this.favorite = cipher.favorite;
|
||||||
|
|
||||||
|
switch (this.type) {
|
||||||
|
case CipherType.Login:
|
||||||
|
this.login = {
|
||||||
|
uri: cipher.login.uri ? cipher.login.uri.encryptedString : null,
|
||||||
|
username: cipher.login.username ? cipher.login.username.encryptedString : null,
|
||||||
|
password: cipher.login.password ? cipher.login.password.encryptedString : null,
|
||||||
|
totp: cipher.login.totp ? cipher.login.totp.encryptedString : null,
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
case CipherType.SecureNote:
|
||||||
|
this.secureNote = {
|
||||||
|
type: cipher.secureNote.type,
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
case CipherType.Card:
|
||||||
|
this.card = {
|
||||||
|
cardholderName: cipher.card.cardholderName ? cipher.card.cardholderName.encryptedString : null,
|
||||||
|
brand: cipher.card.brand ? cipher.card.brand.encryptedString : null,
|
||||||
|
number: cipher.card.number ? cipher.card.number.encryptedString : null,
|
||||||
|
expMonth: cipher.card.expMonth ? cipher.card.expMonth.encryptedString : null,
|
||||||
|
expYear: cipher.card.expYear ? cipher.card.expYear.encryptedString : null,
|
||||||
|
code: cipher.card.code ? cipher.card.code.encryptedString : null,
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
case CipherType.Identity:
|
||||||
|
this.identity = {
|
||||||
|
title: cipher.identity.title ? cipher.identity.title.encryptedString : null,
|
||||||
|
firstName: cipher.identity.firstName ? cipher.identity.firstName.encryptedString : null,
|
||||||
|
middleName: cipher.identity.middleName ? cipher.identity.middleName.encryptedString : null,
|
||||||
|
lastName: cipher.identity.lastName ? cipher.identity.lastName.encryptedString : null,
|
||||||
|
address1: cipher.identity.address1 ? cipher.identity.address1.encryptedString : null,
|
||||||
|
address2: cipher.identity.address2 ? cipher.identity.address2.encryptedString : null,
|
||||||
|
address3: cipher.identity.address3 ? cipher.identity.address3.encryptedString : null,
|
||||||
|
city: cipher.identity.city ? cipher.identity.city.encryptedString : null,
|
||||||
|
state: cipher.identity.state ? cipher.identity.state.encryptedString : null,
|
||||||
|
postalCode: cipher.identity.postalCode ? cipher.identity.postalCode.encryptedString : null,
|
||||||
|
country: cipher.identity.country ? cipher.identity.country.encryptedString : null,
|
||||||
|
company: cipher.identity.company ? cipher.identity.company.encryptedString : null,
|
||||||
|
email: cipher.identity.email ? cipher.identity.email.encryptedString : null,
|
||||||
|
phone: cipher.identity.phone ? cipher.identity.phone.encryptedString : null,
|
||||||
|
ssn: cipher.identity.ssn ? cipher.identity.ssn.encryptedString : null,
|
||||||
|
username: cipher.identity.username ? cipher.identity.username.encryptedString : null,
|
||||||
|
passportNumber: cipher.identity.passportNumber ?
|
||||||
|
cipher.identity.passportNumber.encryptedString : null,
|
||||||
|
licenseNumber: cipher.identity.licenseNumber ? cipher.identity.licenseNumber.encryptedString : null,
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cipher.fields) {
|
||||||
|
this.fields = [];
|
||||||
|
cipher.fields.forEach((field: any) => {
|
||||||
|
this.fields.push({
|
||||||
|
type: field.type,
|
||||||
|
name: field.name ? field.name.encryptedString : null,
|
||||||
|
value: field.value ? field.value.encryptedString : null,
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CipherRequest };
|
||||||
|
(window as any).CipherRequest = CipherRequest;
|
20
src/models/request/deviceRequest.ts
Normal file
20
src/models/request/deviceRequest.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import { DeviceType } from '../../enums/deviceType';
|
||||||
|
|
||||||
|
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
|
||||||
|
|
||||||
|
class DeviceRequest {
|
||||||
|
type: DeviceType;
|
||||||
|
name: string;
|
||||||
|
identifier: string;
|
||||||
|
pushToken?: string;
|
||||||
|
|
||||||
|
constructor(appId: string, platformUtilsService: PlatformUtilsService) {
|
||||||
|
this.type = platformUtilsService.getDevice();
|
||||||
|
this.name = platformUtilsService.getDeviceString();
|
||||||
|
this.identifier = appId;
|
||||||
|
this.pushToken = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { DeviceRequest };
|
||||||
|
(window as any).DeviceRequest = DeviceRequest;
|
10
src/models/request/deviceTokenRequest.ts
Normal file
10
src/models/request/deviceTokenRequest.ts
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
class DeviceTokenRequest {
|
||||||
|
pushToken: string;
|
||||||
|
|
||||||
|
constructor() {
|
||||||
|
this.pushToken = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { DeviceTokenRequest };
|
||||||
|
(window as any).DeviceTokenRequest = DeviceTokenRequest;
|
12
src/models/request/folderRequest.ts
Normal file
12
src/models/request/folderRequest.ts
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
import { Folder } from '../domain/folder';
|
||||||
|
|
||||||
|
class FolderRequest {
|
||||||
|
name: string;
|
||||||
|
|
||||||
|
constructor(folder: Folder) {
|
||||||
|
this.name = folder.name ? folder.name.encryptedString : null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { FolderRequest };
|
||||||
|
(window as any).FolderRequest = FolderRequest;
|
8
src/models/request/index.ts
Normal file
8
src/models/request/index.ts
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
export { CipherRequest } from './cipherRequest';
|
||||||
|
export { DeviceRequest } from './deviceRequest';
|
||||||
|
export { DeviceTokenRequest } from './deviceTokenRequest';
|
||||||
|
export { FolderRequest } from './folderRequest';
|
||||||
|
export { PasswordHintRequest } from './passwordHintRequest';
|
||||||
|
export { RegisterRequest } from './registerRequest';
|
||||||
|
export { TokenRequest } from './tokenRequest';
|
||||||
|
export { TwoFactorEmailRequest } from './twoFactorEmailRequest';
|
10
src/models/request/passwordHintRequest.ts
Normal file
10
src/models/request/passwordHintRequest.ts
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
class PasswordHintRequest {
|
||||||
|
email: string;
|
||||||
|
|
||||||
|
constructor(email: string) {
|
||||||
|
this.email = email;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { PasswordHintRequest };
|
||||||
|
(window as any).PasswordHintRequest = PasswordHintRequest;
|
18
src/models/request/registerRequest.ts
Normal file
18
src/models/request/registerRequest.ts
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
class RegisterRequest {
|
||||||
|
name: string;
|
||||||
|
email: string;
|
||||||
|
masterPasswordHash: string;
|
||||||
|
masterPasswordHint: string;
|
||||||
|
key: string;
|
||||||
|
|
||||||
|
constructor(email: string, masterPasswordHash: string, masterPasswordHint: string, key: string) {
|
||||||
|
this.name = null;
|
||||||
|
this.email = email;
|
||||||
|
this.masterPasswordHash = masterPasswordHash;
|
||||||
|
this.masterPasswordHint = masterPasswordHint ? masterPasswordHint : null;
|
||||||
|
this.key = key;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { RegisterRequest };
|
||||||
|
(window as any).RegisterRequest = RegisterRequest;
|
49
src/models/request/tokenRequest.ts
Normal file
49
src/models/request/tokenRequest.ts
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
import { DeviceRequest } from './deviceRequest';
|
||||||
|
|
||||||
|
class TokenRequest {
|
||||||
|
email: string;
|
||||||
|
masterPasswordHash: string;
|
||||||
|
token: string;
|
||||||
|
provider: number;
|
||||||
|
remember: boolean;
|
||||||
|
device?: DeviceRequest;
|
||||||
|
|
||||||
|
constructor(email: string, masterPasswordHash: string, provider: number,
|
||||||
|
token: string, remember: boolean, device?: DeviceRequest) {
|
||||||
|
this.email = email;
|
||||||
|
this.masterPasswordHash = masterPasswordHash;
|
||||||
|
this.token = token;
|
||||||
|
this.provider = provider;
|
||||||
|
this.remember = remember;
|
||||||
|
this.device = device != null ? device : null;
|
||||||
|
}
|
||||||
|
|
||||||
|
toIdentityToken() {
|
||||||
|
const obj: any = {
|
||||||
|
grant_type: 'password',
|
||||||
|
username: this.email,
|
||||||
|
password: this.masterPasswordHash,
|
||||||
|
scope: 'api offline_access',
|
||||||
|
client_id: 'browser',
|
||||||
|
};
|
||||||
|
|
||||||
|
if (this.device) {
|
||||||
|
obj.deviceType = this.device.type;
|
||||||
|
obj.deviceIdentifier = this.device.identifier;
|
||||||
|
obj.deviceName = this.device.name;
|
||||||
|
// no push tokens for browser apps yet
|
||||||
|
// obj.devicePushToken = this.device.pushToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.token && this.provider !== null && (typeof this.provider !== 'undefined')) {
|
||||||
|
obj.twoFactorToken = this.token;
|
||||||
|
obj.twoFactorProvider = this.provider;
|
||||||
|
obj.twoFactorRemember = this.remember ? '1' : '0';
|
||||||
|
}
|
||||||
|
|
||||||
|
return obj;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { TokenRequest };
|
||||||
|
(window as any).TokenRequest = TokenRequest;
|
12
src/models/request/twoFactorEmailRequest.ts
Normal file
12
src/models/request/twoFactorEmailRequest.ts
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
class TwoFactorEmailRequest {
|
||||||
|
email: string;
|
||||||
|
masterPasswordHash: string;
|
||||||
|
|
||||||
|
constructor(email: string, masterPasswordHash: string) {
|
||||||
|
this.email = email;
|
||||||
|
this.masterPasswordHash = masterPasswordHash;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { TwoFactorEmailRequest };
|
||||||
|
(window as any).TwoFactorEmailRequest = TwoFactorEmailRequest;
|
18
src/models/response/attachmentResponse.ts
Normal file
18
src/models/response/attachmentResponse.ts
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
class AttachmentResponse {
|
||||||
|
id: string;
|
||||||
|
url: string;
|
||||||
|
fileName: string;
|
||||||
|
size: number;
|
||||||
|
sizeName: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.url = response.Url;
|
||||||
|
this.fileName = response.FileName;
|
||||||
|
this.size = response.Size;
|
||||||
|
this.sizeName = response.SizeName;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { AttachmentResponse };
|
||||||
|
(window as any).AttachmentResponse = AttachmentResponse;
|
44
src/models/response/cipherResponse.ts
Normal file
44
src/models/response/cipherResponse.ts
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
import { AttachmentResponse } from './attachmentResponse';
|
||||||
|
|
||||||
|
class CipherResponse {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
folderId: string;
|
||||||
|
type: number;
|
||||||
|
favorite: boolean;
|
||||||
|
edit: boolean;
|
||||||
|
organizationUseTotp: boolean;
|
||||||
|
data: any;
|
||||||
|
revisionDate: string;
|
||||||
|
attachments: AttachmentResponse[];
|
||||||
|
collectionIds: string[];
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.organizationId = response.OrganizationId;
|
||||||
|
this.folderId = response.FolderId;
|
||||||
|
this.type = response.Type;
|
||||||
|
this.favorite = response.Favorite;
|
||||||
|
this.edit = response.Edit;
|
||||||
|
this.organizationUseTotp = response.OrganizationUseTotp;
|
||||||
|
this.data = response.Data;
|
||||||
|
this.revisionDate = response.RevisionDate;
|
||||||
|
|
||||||
|
if (response.Attachments != null) {
|
||||||
|
this.attachments = [];
|
||||||
|
response.Attachments.forEach((attachment: any) => {
|
||||||
|
this.attachments.push(new AttachmentResponse(attachment));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.CollectionIds) {
|
||||||
|
this.collectionIds = [];
|
||||||
|
response.CollectionIds.forEach((id: string) => {
|
||||||
|
this.collectionIds.push(id);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CipherResponse };
|
||||||
|
(window as any).CipherResponse = CipherResponse;
|
14
src/models/response/collectionResponse.ts
Normal file
14
src/models/response/collectionResponse.ts
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
class CollectionResponse {
|
||||||
|
id: string;
|
||||||
|
organizationId: string;
|
||||||
|
name: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.organizationId = response.OrganizationId;
|
||||||
|
this.name = response.Name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { CollectionResponse };
|
||||||
|
(window as any).CollectionResponse = CollectionResponse;
|
20
src/models/response/deviceResponse.ts
Normal file
20
src/models/response/deviceResponse.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import { DeviceType } from '../../enums/deviceType';
|
||||||
|
|
||||||
|
class DeviceResponse {
|
||||||
|
id: string;
|
||||||
|
name: number;
|
||||||
|
identifier: string;
|
||||||
|
type: DeviceType;
|
||||||
|
creationDate: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.name = response.Name;
|
||||||
|
this.identifier = response.Identifier;
|
||||||
|
this.type = response.Type;
|
||||||
|
this.creationDate = response.CreationDate;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { DeviceResponse };
|
||||||
|
(window as any).DeviceResponse = DeviceResponse;
|
20
src/models/response/domainsResponse.ts
Normal file
20
src/models/response/domainsResponse.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import { GlobalDomainResponse } from './globalDomainResponse';
|
||||||
|
|
||||||
|
class DomainsResponse {
|
||||||
|
equivalentDomains: string[][];
|
||||||
|
globalEquivalentDomains: GlobalDomainResponse[] = [];
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.equivalentDomains = response.EquivalentDomains;
|
||||||
|
|
||||||
|
this.globalEquivalentDomains = [];
|
||||||
|
if (response.GlobalEquivalentDomains) {
|
||||||
|
response.GlobalEquivalentDomains.forEach((domain: any) => {
|
||||||
|
this.globalEquivalentDomains.push(new GlobalDomainResponse(domain));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { DomainsResponse };
|
||||||
|
(window as any).DomainsResponse = DomainsResponse;
|
37
src/models/response/errorResponse.ts
Normal file
37
src/models/response/errorResponse.ts
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
class ErrorResponse {
|
||||||
|
message: string;
|
||||||
|
validationErrors: { [key: string]: string[]; };
|
||||||
|
statusCode: number;
|
||||||
|
|
||||||
|
constructor(response: any, status: number, identityResponse?: boolean) {
|
||||||
|
let errorModel = null;
|
||||||
|
if (identityResponse && response && response.ErrorModel) {
|
||||||
|
errorModel = response.ErrorModel;
|
||||||
|
} else if (response) {
|
||||||
|
errorModel = response;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (errorModel) {
|
||||||
|
this.message = errorModel.Message;
|
||||||
|
this.validationErrors = errorModel.ValidationErrors;
|
||||||
|
}
|
||||||
|
this.statusCode = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
getSingleMessage(): string {
|
||||||
|
if (this.validationErrors) {
|
||||||
|
for (const key in this.validationErrors) {
|
||||||
|
if (!this.validationErrors.hasOwnProperty(key)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (this.validationErrors[key].length) {
|
||||||
|
return this.validationErrors[key][0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return this.message;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { ErrorResponse };
|
||||||
|
(window as any).ErrorResponse = ErrorResponse;
|
14
src/models/response/folderResponse.ts
Normal file
14
src/models/response/folderResponse.ts
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
class FolderResponse {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
revisionDate: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.name = response.Name;
|
||||||
|
this.revisionDate = response.RevisionDate;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { FolderResponse };
|
||||||
|
(window as any).FolderResponse = FolderResponse;
|
14
src/models/response/globalDomainResponse.ts
Normal file
14
src/models/response/globalDomainResponse.ts
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
class GlobalDomainResponse {
|
||||||
|
type: number;
|
||||||
|
domains: string[];
|
||||||
|
excluded: number[];
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.type = response.Type;
|
||||||
|
this.domains = response.Domains;
|
||||||
|
this.excluded = response.Excluded;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { GlobalDomainResponse };
|
||||||
|
(window as any).GlobalDomainResponse = GlobalDomainResponse;
|
24
src/models/response/identityTokenResponse.ts
Normal file
24
src/models/response/identityTokenResponse.ts
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
class IdentityTokenResponse {
|
||||||
|
accessToken: string;
|
||||||
|
expiresIn: number;
|
||||||
|
refreshToken: string;
|
||||||
|
tokenType: string;
|
||||||
|
|
||||||
|
privateKey: string;
|
||||||
|
key: string;
|
||||||
|
twoFactorToken: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.accessToken = response.access_token;
|
||||||
|
this.expiresIn = response.expires_in;
|
||||||
|
this.refreshToken = response.refresh_token;
|
||||||
|
this.tokenType = response.token_type;
|
||||||
|
|
||||||
|
this.privateKey = response.PrivateKey;
|
||||||
|
this.key = response.Key;
|
||||||
|
this.twoFactorToken = response.TwoFactorToken;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { IdentityTokenResponse };
|
||||||
|
(window as any).IdentityTokenResponse = IdentityTokenResponse;
|
14
src/models/response/index.ts
Normal file
14
src/models/response/index.ts
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
export { AttachmentResponse } from './attachmentResponse';
|
||||||
|
export { CipherResponse } from './cipherResponse';
|
||||||
|
export { CollectionResponse } from './collectionResponse';
|
||||||
|
export { DeviceResponse } from './deviceResponse';
|
||||||
|
export { DomainsResponse } from './domainsResponse';
|
||||||
|
export { ErrorResponse } from './errorResponse';
|
||||||
|
export { FolderResponse } from './folderResponse';
|
||||||
|
export { GlobalDomainResponse } from './globalDomainResponse';
|
||||||
|
export { IdentityTokenResponse } from './identityTokenResponse';
|
||||||
|
export { KeysResponse } from './keysResponse';
|
||||||
|
export { ListResponse } from './listResponse';
|
||||||
|
export { ProfileOrganizationResponse } from './profileOrganizationResponse';
|
||||||
|
export { ProfileResponse } from './profileResponse';
|
||||||
|
export { SyncResponse } from './syncResponse';
|
12
src/models/response/keysResponse.ts
Normal file
12
src/models/response/keysResponse.ts
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
class KeysResponse {
|
||||||
|
privateKey: string;
|
||||||
|
publicKey: string;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.privateKey = response.PrivateKey;
|
||||||
|
this.publicKey = response.PublicKey;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { KeysResponse };
|
||||||
|
(window as any).KeysResponse = KeysResponse;
|
10
src/models/response/listResponse.ts
Normal file
10
src/models/response/listResponse.ts
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
class ListResponse {
|
||||||
|
data: any;
|
||||||
|
|
||||||
|
constructor(data: any) {
|
||||||
|
this.data = data;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { ListResponse };
|
||||||
|
(window as any).ListResponse = ListResponse;
|
30
src/models/response/profileOrganizationResponse.ts
Normal file
30
src/models/response/profileOrganizationResponse.ts
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
class ProfileOrganizationResponse {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
useGroups: boolean;
|
||||||
|
useDirectory: boolean;
|
||||||
|
useTotp: boolean;
|
||||||
|
seats: number;
|
||||||
|
maxCollections: number;
|
||||||
|
maxStorageGb?: number;
|
||||||
|
key: string;
|
||||||
|
status: number; // TODO: map to enum
|
||||||
|
type: number; // TODO: map to enum
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.name = response.Name;
|
||||||
|
this.useGroups = response.UseGroups;
|
||||||
|
this.useDirectory = response.UseDirectory;
|
||||||
|
this.useTotp = response.UseTotp;
|
||||||
|
this.seats = response.Seats;
|
||||||
|
this.maxCollections = response.MaxCollections;
|
||||||
|
this.maxStorageGb = response.MaxStorageGb;
|
||||||
|
this.key = response.Key;
|
||||||
|
this.status = response.Status;
|
||||||
|
this.type = response.Type;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { ProfileOrganizationResponse };
|
||||||
|
(window as any).ProfileOrganizationResponse = ProfileOrganizationResponse;
|
39
src/models/response/profileResponse.ts
Normal file
39
src/models/response/profileResponse.ts
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
import { ProfileOrganizationResponse } from './profileOrganizationResponse';
|
||||||
|
|
||||||
|
class ProfileResponse {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
email: string;
|
||||||
|
emailVerified: boolean;
|
||||||
|
masterPasswordHint: string;
|
||||||
|
premium: boolean;
|
||||||
|
culture: string;
|
||||||
|
twoFactorEnabled: boolean;
|
||||||
|
key: string;
|
||||||
|
privateKey: string;
|
||||||
|
securityStamp: string;
|
||||||
|
organizations: ProfileOrganizationResponse[] = [];
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
this.id = response.Id;
|
||||||
|
this.name = response.Name;
|
||||||
|
this.email = response.Email;
|
||||||
|
this.emailVerified = response.EmailVerified;
|
||||||
|
this.masterPasswordHint = response.MasterPasswordHint;
|
||||||
|
this.premium = response.Premium;
|
||||||
|
this.culture = response.Culture;
|
||||||
|
this.twoFactorEnabled = response.TwoFactorEnabled;
|
||||||
|
this.key = response.Key;
|
||||||
|
this.privateKey = response.PrivateKey;
|
||||||
|
this.securityStamp = response.SecurityStamp;
|
||||||
|
|
||||||
|
if (response.Organizations) {
|
||||||
|
response.Organizations.forEach((org: any) => {
|
||||||
|
this.organizations.push(new ProfileOrganizationResponse(org));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { ProfileResponse };
|
||||||
|
(window as any).ProfileResponse = ProfileResponse;
|
44
src/models/response/syncResponse.ts
Normal file
44
src/models/response/syncResponse.ts
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
import { CipherResponse } from './cipherResponse';
|
||||||
|
import { CollectionResponse } from './collectionResponse';
|
||||||
|
import { DomainsResponse } from './domainsResponse';
|
||||||
|
import { FolderResponse } from './folderResponse';
|
||||||
|
import { ProfileResponse } from './profileResponse';
|
||||||
|
|
||||||
|
class SyncResponse {
|
||||||
|
profile?: ProfileResponse;
|
||||||
|
folders: FolderResponse[] = [];
|
||||||
|
collections: CollectionResponse[] = [];
|
||||||
|
ciphers: CipherResponse[] = [];
|
||||||
|
domains?: DomainsResponse;
|
||||||
|
|
||||||
|
constructor(response: any) {
|
||||||
|
if (response.Profile) {
|
||||||
|
this.profile = new ProfileResponse(response.Profile);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.Folders) {
|
||||||
|
response.Folders.forEach((folder: any) => {
|
||||||
|
this.folders.push(new FolderResponse(folder));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.Collections) {
|
||||||
|
response.Collections.forEach((collection: any) => {
|
||||||
|
this.collections.push(new CollectionResponse(collection));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.Ciphers) {
|
||||||
|
response.Ciphers.forEach((cipher: any) => {
|
||||||
|
this.ciphers.push(new CipherResponse(cipher));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (response.Domains) {
|
||||||
|
this.domains = new DomainsResponse(response.Domains);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export { SyncResponse };
|
||||||
|
(window as any).SyncResponse = SyncResponse;
|
116
src/services/constants.service.ts
Normal file
116
src/services/constants.service.ts
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
||||||
|
|
||||||
|
export class ConstantsService {
|
||||||
|
static readonly environmentUrlsKey: string = 'environmentUrls';
|
||||||
|
static readonly disableGaKey: string = 'disableGa';
|
||||||
|
static readonly disableAddLoginNotificationKey: string = 'disableAddLoginNotification';
|
||||||
|
static readonly disableContextMenuItemKey: string = 'disableContextMenuItem';
|
||||||
|
static readonly disableFaviconKey: string = 'disableFavicon';
|
||||||
|
static readonly disableAutoTotpCopyKey: string = 'disableAutoTotpCopy';
|
||||||
|
static readonly enableAutoFillOnPageLoadKey: string = 'enableAutoFillOnPageLoad';
|
||||||
|
static readonly lockOptionKey: string = 'lockOption';
|
||||||
|
static readonly lastActiveKey: string = 'lastActive';
|
||||||
|
|
||||||
|
// TODO: remove these instance properties once all references are reading from the static properties
|
||||||
|
readonly environmentUrlsKey: string = 'environmentUrls';
|
||||||
|
readonly disableGaKey: string = 'disableGa';
|
||||||
|
readonly disableAddLoginNotificationKey: string = 'disableAddLoginNotification';
|
||||||
|
readonly disableContextMenuItemKey: string = 'disableContextMenuItem';
|
||||||
|
readonly disableFaviconKey: string = 'disableFavicon';
|
||||||
|
readonly disableAutoTotpCopyKey: string = 'disableAutoTotpCopy';
|
||||||
|
readonly enableAutoFillOnPageLoadKey: string = 'enableAutoFillOnPageLoad';
|
||||||
|
readonly lockOptionKey: string = 'lockOption';
|
||||||
|
readonly lastActiveKey: string = 'lastActive';
|
||||||
|
|
||||||
|
// TODO: Convert these objects to enums
|
||||||
|
readonly encType: any = {
|
||||||
|
AesCbc256_B64: 0,
|
||||||
|
AesCbc128_HmacSha256_B64: 1,
|
||||||
|
AesCbc256_HmacSha256_B64: 2,
|
||||||
|
Rsa2048_OaepSha256_B64: 3,
|
||||||
|
Rsa2048_OaepSha1_B64: 4,
|
||||||
|
Rsa2048_OaepSha256_HmacSha256_B64: 5,
|
||||||
|
Rsa2048_OaepSha1_HmacSha256_B64: 6,
|
||||||
|
};
|
||||||
|
|
||||||
|
readonly cipherType: any = {
|
||||||
|
login: 1,
|
||||||
|
secureNote: 2,
|
||||||
|
card: 3,
|
||||||
|
identity: 4,
|
||||||
|
};
|
||||||
|
|
||||||
|
readonly fieldType: any = {
|
||||||
|
text: 0,
|
||||||
|
hidden: 1,
|
||||||
|
boolean: 2,
|
||||||
|
};
|
||||||
|
|
||||||
|
readonly twoFactorProvider: any = {
|
||||||
|
u2f: 4,
|
||||||
|
yubikey: 3,
|
||||||
|
duo: 2,
|
||||||
|
authenticator: 0,
|
||||||
|
email: 1,
|
||||||
|
remember: 5,
|
||||||
|
};
|
||||||
|
|
||||||
|
twoFactorProviderInfo: any[];
|
||||||
|
|
||||||
|
constructor(i18nService: any, platformUtilsService: PlatformUtilsService) {
|
||||||
|
if (platformUtilsService.isEdge()) {
|
||||||
|
// delay for i18n fetch
|
||||||
|
setTimeout(() => {
|
||||||
|
this.bootstrap(i18nService);
|
||||||
|
}, 1000);
|
||||||
|
} else {
|
||||||
|
this.bootstrap(i18nService);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private bootstrap(i18nService: any) {
|
||||||
|
this.twoFactorProviderInfo = [
|
||||||
|
{
|
||||||
|
type: 0,
|
||||||
|
name: i18nService.authenticatorAppTitle,
|
||||||
|
description: i18nService.authenticatorAppDesc,
|
||||||
|
active: true,
|
||||||
|
free: true,
|
||||||
|
displayOrder: 0,
|
||||||
|
priority: 1,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type: 3,
|
||||||
|
name: i18nService.yubiKeyTitle,
|
||||||
|
description: i18nService.yubiKeyDesc,
|
||||||
|
active: true,
|
||||||
|
displayOrder: 1,
|
||||||
|
priority: 3,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type: 2,
|
||||||
|
name: 'Duo',
|
||||||
|
description: i18nService.duoDesc,
|
||||||
|
active: true,
|
||||||
|
displayOrder: 2,
|
||||||
|
priority: 2,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type: 4,
|
||||||
|
name: i18nService.u2fTitle,
|
||||||
|
description: i18nService.u2fDesc,
|
||||||
|
active: true,
|
||||||
|
displayOrder: 3,
|
||||||
|
priority: 4,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
type: 1,
|
||||||
|
name: i18nService.emailTitle,
|
||||||
|
description: i18nService.emailDesc,
|
||||||
|
active: true,
|
||||||
|
displayOrder: 4,
|
||||||
|
priority: 0,
|
||||||
|
},
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
602
src/services/crypto.service.ts
Normal file
602
src/services/crypto.service.ts
Normal file
@ -0,0 +1,602 @@
|
|||||||
|
import * as forge from 'node-forge';
|
||||||
|
|
||||||
|
import { EncryptionType } from '../enums/encryptionType';
|
||||||
|
|
||||||
|
import { CipherString } from '../models/domain/cipherString';
|
||||||
|
import { EncryptedObject } from '../models/domain/encryptedObject';
|
||||||
|
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
|
||||||
|
import { ProfileOrganizationResponse } from '../models/response/profileOrganizationResponse';
|
||||||
|
|
||||||
|
import { CryptoService as CryptoServiceInterface } from '../abstractions/crypto.service';
|
||||||
|
import { StorageService as StorageServiceInterface } from '../abstractions/storage.service';
|
||||||
|
|
||||||
|
import { ConstantsService } from './constants.service';
|
||||||
|
import { UtilsService } from './utils.service';
|
||||||
|
|
||||||
|
const Keys = {
|
||||||
|
key: 'key',
|
||||||
|
encOrgKeys: 'encOrgKeys',
|
||||||
|
encPrivateKey: 'encPrivateKey',
|
||||||
|
encKey: 'encKey',
|
||||||
|
keyHash: 'keyHash',
|
||||||
|
};
|
||||||
|
|
||||||
|
const SigningAlgorithm = {
|
||||||
|
name: 'HMAC',
|
||||||
|
hash: { name: 'SHA-256' },
|
||||||
|
};
|
||||||
|
|
||||||
|
const AesAlgorithm = {
|
||||||
|
name: 'AES-CBC',
|
||||||
|
};
|
||||||
|
|
||||||
|
const Crypto = window.crypto;
|
||||||
|
const Subtle = Crypto.subtle;
|
||||||
|
|
||||||
|
export class CryptoService implements CryptoServiceInterface {
|
||||||
|
private key: SymmetricCryptoKey;
|
||||||
|
private encKey: SymmetricCryptoKey;
|
||||||
|
private legacyEtmKey: SymmetricCryptoKey;
|
||||||
|
private keyHash: string;
|
||||||
|
private privateKey: ArrayBuffer;
|
||||||
|
private orgKeys: Map<string, SymmetricCryptoKey>;
|
||||||
|
|
||||||
|
constructor(private storageService: StorageServiceInterface,
|
||||||
|
private secureStorageService: StorageServiceInterface) {
|
||||||
|
}
|
||||||
|
|
||||||
|
async setKey(key: SymmetricCryptoKey): Promise<any> {
|
||||||
|
this.key = key;
|
||||||
|
|
||||||
|
const option = await this.storageService.get<number>(ConstantsService.lockOptionKey);
|
||||||
|
if (option != null) {
|
||||||
|
// if we have a lock option set, we do not store the key
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.secureStorageService.save(Keys.key, key.keyB64);
|
||||||
|
}
|
||||||
|
|
||||||
|
setKeyHash(keyHash: string): Promise<{}> {
|
||||||
|
this.keyHash = keyHash;
|
||||||
|
return this.storageService.save(Keys.keyHash, keyHash);
|
||||||
|
}
|
||||||
|
|
||||||
|
async setEncKey(encKey: string): Promise<{}> {
|
||||||
|
if (encKey == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
await this.storageService.save(Keys.encKey, encKey);
|
||||||
|
this.encKey = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
async setEncPrivateKey(encPrivateKey: string): Promise<{}> {
|
||||||
|
if (encPrivateKey == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.storageService.save(Keys.encPrivateKey, encPrivateKey);
|
||||||
|
this.privateKey = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
setOrgKeys(orgs: ProfileOrganizationResponse[]): Promise<{}> {
|
||||||
|
const orgKeys: any = {};
|
||||||
|
orgs.forEach((org) => {
|
||||||
|
orgKeys[org.id] = org.key;
|
||||||
|
});
|
||||||
|
|
||||||
|
return this.storageService.save(Keys.encOrgKeys, orgKeys);
|
||||||
|
}
|
||||||
|
|
||||||
|
async getKey(): Promise<SymmetricCryptoKey> {
|
||||||
|
if (this.key != null) {
|
||||||
|
return this.key;
|
||||||
|
}
|
||||||
|
|
||||||
|
const option = await this.storageService.get<number>(ConstantsService.lockOptionKey);
|
||||||
|
if (option != null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = await this.secureStorageService.get<string>(Keys.key);
|
||||||
|
if (key) {
|
||||||
|
this.key = new SymmetricCryptoKey(key, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
return key == null ? null : this.key;
|
||||||
|
}
|
||||||
|
|
||||||
|
getKeyHash(): Promise<string> {
|
||||||
|
if (this.keyHash != null) {
|
||||||
|
return Promise.resolve(this.keyHash);
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.storageService.get<string>(Keys.keyHash);
|
||||||
|
}
|
||||||
|
|
||||||
|
async getEncKey(): Promise<SymmetricCryptoKey> {
|
||||||
|
if (this.encKey != null) {
|
||||||
|
return this.encKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encKey = await this.storageService.get<string>(Keys.encKey);
|
||||||
|
if (encKey == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = await this.getKey();
|
||||||
|
if (key == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const decEncKey = await this.decrypt(new CipherString(encKey), key, 'raw');
|
||||||
|
if (decEncKey == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.encKey = new SymmetricCryptoKey(decEncKey);
|
||||||
|
return this.encKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
async getPrivateKey(): Promise<ArrayBuffer> {
|
||||||
|
if (this.privateKey != null) {
|
||||||
|
return this.privateKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encPrivateKey = await this.storageService.get<string>(Keys.encPrivateKey);
|
||||||
|
if (encPrivateKey == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const privateKey = await this.decrypt(new CipherString(encPrivateKey), null, 'raw');
|
||||||
|
const privateKeyB64 = forge.util.encode64(privateKey);
|
||||||
|
this.privateKey = UtilsService.fromB64ToArray(privateKeyB64).buffer;
|
||||||
|
return this.privateKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
async getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>> {
|
||||||
|
if (this.orgKeys != null && this.orgKeys.size > 0) {
|
||||||
|
return this.orgKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encOrgKeys = await this.storageService.get<any>(Keys.encOrgKeys);
|
||||||
|
if (!encOrgKeys) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const orgKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
|
||||||
|
let setKey = false;
|
||||||
|
|
||||||
|
for (const orgId in encOrgKeys) {
|
||||||
|
if (!encOrgKeys.hasOwnProperty(orgId)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
const decValueB64 = await this.rsaDecrypt(encOrgKeys[orgId]);
|
||||||
|
orgKeys.set(orgId, new SymmetricCryptoKey(decValueB64, true));
|
||||||
|
setKey = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (setKey) {
|
||||||
|
this.orgKeys = orgKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.orgKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
async getOrgKey(orgId: string): Promise<SymmetricCryptoKey> {
|
||||||
|
if (orgId == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const orgKeys = await this.getOrgKeys();
|
||||||
|
if (orgKeys == null || !orgKeys.has(orgId)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return orgKeys.get(orgId);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearKey(): Promise<any> {
|
||||||
|
this.key = this.legacyEtmKey = null;
|
||||||
|
return this.secureStorageService.remove(Keys.key);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearKeyHash(): Promise<any> {
|
||||||
|
this.keyHash = null;
|
||||||
|
return this.storageService.remove(Keys.keyHash);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearEncKey(memoryOnly?: boolean): Promise<any> {
|
||||||
|
this.encKey = null;
|
||||||
|
if (memoryOnly) {
|
||||||
|
return Promise.resolve();
|
||||||
|
}
|
||||||
|
return this.storageService.remove(Keys.encKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearPrivateKey(memoryOnly?: boolean): Promise<any> {
|
||||||
|
this.privateKey = null;
|
||||||
|
if (memoryOnly) {
|
||||||
|
return Promise.resolve();
|
||||||
|
}
|
||||||
|
return this.storageService.remove(Keys.encPrivateKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearOrgKeys(memoryOnly?: boolean): Promise<any> {
|
||||||
|
this.orgKeys = null;
|
||||||
|
if (memoryOnly) {
|
||||||
|
return Promise.resolve();
|
||||||
|
}
|
||||||
|
return this.storageService.remove(Keys.encOrgKeys);
|
||||||
|
}
|
||||||
|
|
||||||
|
clearKeys(): Promise<any> {
|
||||||
|
return Promise.all([
|
||||||
|
this.clearKey(),
|
||||||
|
this.clearKeyHash(),
|
||||||
|
this.clearOrgKeys(),
|
||||||
|
this.clearEncKey(),
|
||||||
|
this.clearPrivateKey(),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
async toggleKey(): Promise<any> {
|
||||||
|
const key = await this.getKey();
|
||||||
|
const option = await this.storageService.get(ConstantsService.lockOptionKey);
|
||||||
|
if (option != null || option === 0) {
|
||||||
|
// if we have a lock option set, clear the key
|
||||||
|
await this.clearKey();
|
||||||
|
this.key = key;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await this.setKey(key);
|
||||||
|
}
|
||||||
|
|
||||||
|
makeKey(password: string, salt: string): SymmetricCryptoKey {
|
||||||
|
const keyBytes: string = (forge as any).pbkdf2(forge.util.encodeUtf8(password), forge.util.encodeUtf8(salt),
|
||||||
|
5000, 256 / 8, 'sha256');
|
||||||
|
return new SymmetricCryptoKey(keyBytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
async hashPassword(password: string, key: SymmetricCryptoKey): Promise<string> {
|
||||||
|
const storedKey = await this.getKey();
|
||||||
|
key = key || storedKey;
|
||||||
|
if (!password || !key) {
|
||||||
|
throw new Error('Invalid parameters.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const hashBits = (forge as any).pbkdf2(key.key, forge.util.encodeUtf8(password), 1, 256 / 8, 'sha256');
|
||||||
|
return forge.util.encode64(hashBits);
|
||||||
|
}
|
||||||
|
|
||||||
|
makeEncKey(key: SymmetricCryptoKey): Promise<CipherString> {
|
||||||
|
const bytes = new Uint8Array(512 / 8);
|
||||||
|
Crypto.getRandomValues(bytes);
|
||||||
|
return this.encrypt(bytes, key, 'raw');
|
||||||
|
}
|
||||||
|
|
||||||
|
async encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey,
|
||||||
|
plainValueEncoding: string = 'utf8'): Promise<CipherString> {
|
||||||
|
if (!plainValue) {
|
||||||
|
return Promise.resolve(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
let plainValueArr: Uint8Array;
|
||||||
|
if (plainValueEncoding === 'utf8') {
|
||||||
|
plainValueArr = UtilsService.fromUtf8ToArray(plainValue as string);
|
||||||
|
} else {
|
||||||
|
plainValueArr = plainValue as Uint8Array;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encValue = await this.aesEncrypt(plainValueArr.buffer, key);
|
||||||
|
const iv = UtilsService.fromBufferToB64(encValue.iv.buffer);
|
||||||
|
const ct = UtilsService.fromBufferToB64(encValue.ct.buffer);
|
||||||
|
const mac = encValue.mac ? UtilsService.fromBufferToB64(encValue.mac.buffer) : null;
|
||||||
|
return new CipherString(encValue.key.encType, iv, ct, mac);
|
||||||
|
}
|
||||||
|
|
||||||
|
async encryptToBytes(plainValue: ArrayBuffer, key?: SymmetricCryptoKey): Promise<ArrayBuffer> {
|
||||||
|
const encValue = await this.aesEncrypt(plainValue, key);
|
||||||
|
let macLen = 0;
|
||||||
|
if (encValue.mac) {
|
||||||
|
macLen = encValue.mac.length;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encBytes = new Uint8Array(1 + encValue.iv.length + macLen + encValue.ct.length);
|
||||||
|
encBytes.set([encValue.key.encType]);
|
||||||
|
encBytes.set(encValue.iv, 1);
|
||||||
|
if (encValue.mac) {
|
||||||
|
encBytes.set(encValue.mac, 1 + encValue.iv.length);
|
||||||
|
}
|
||||||
|
|
||||||
|
encBytes.set(encValue.ct, 1 + encValue.iv.length + macLen);
|
||||||
|
return encBytes.buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
async decrypt(cipherString: CipherString, key?: SymmetricCryptoKey,
|
||||||
|
outputEncoding: string = 'utf8'): Promise<string> {
|
||||||
|
const ivBytes: string = forge.util.decode64(cipherString.initializationVector);
|
||||||
|
const ctBytes: string = forge.util.decode64(cipherString.cipherText);
|
||||||
|
const macBytes: string = cipherString.mac ? forge.util.decode64(cipherString.mac) : null;
|
||||||
|
const decipher = await this.aesDecrypt(cipherString.encryptionType, ctBytes, ivBytes, macBytes, key);
|
||||||
|
if (!decipher) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (outputEncoding === 'utf8') {
|
||||||
|
return decipher.output.toString('utf8');
|
||||||
|
} else {
|
||||||
|
return decipher.output.getBytes();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async decryptFromBytes(encBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
|
||||||
|
if (!encBuf) {
|
||||||
|
throw new Error('no encBuf.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const encBytes = new Uint8Array(encBuf);
|
||||||
|
const encType = encBytes[0];
|
||||||
|
let ctBytes: Uint8Array = null;
|
||||||
|
let ivBytes: Uint8Array = null;
|
||||||
|
let macBytes: Uint8Array = null;
|
||||||
|
|
||||||
|
switch (encType) {
|
||||||
|
case EncryptionType.AesCbc128_HmacSha256_B64:
|
||||||
|
case EncryptionType.AesCbc256_HmacSha256_B64:
|
||||||
|
if (encBytes.length <= 49) { // 1 + 16 + 32 + ctLength
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
ivBytes = encBytes.slice(1, 17);
|
||||||
|
macBytes = encBytes.slice(17, 49);
|
||||||
|
ctBytes = encBytes.slice(49);
|
||||||
|
break;
|
||||||
|
case EncryptionType.AesCbc256_B64:
|
||||||
|
if (encBytes.length <= 17) { // 1 + 16 + ctLength
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
ivBytes = encBytes.slice(1, 17);
|
||||||
|
ctBytes = encBytes.slice(17);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return await this.aesDecryptWC(encType, ctBytes.buffer, ivBytes.buffer, macBytes ? macBytes.buffer : null, key);
|
||||||
|
}
|
||||||
|
|
||||||
|
async rsaDecrypt(encValue: string): Promise<string> {
|
||||||
|
const headerPieces = encValue.split('.');
|
||||||
|
let encType: EncryptionType = null;
|
||||||
|
let encPieces: string[];
|
||||||
|
|
||||||
|
if (headerPieces.length === 1) {
|
||||||
|
encType = EncryptionType.Rsa2048_OaepSha256_B64;
|
||||||
|
encPieces = [headerPieces[0]];
|
||||||
|
} else if (headerPieces.length === 2) {
|
||||||
|
try {
|
||||||
|
encType = parseInt(headerPieces[0], null);
|
||||||
|
encPieces = headerPieces[1].split('|');
|
||||||
|
} catch (e) { }
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (encType) {
|
||||||
|
case EncryptionType.Rsa2048_OaepSha256_B64:
|
||||||
|
case EncryptionType.Rsa2048_OaepSha1_B64:
|
||||||
|
if (encPieces.length !== 1) {
|
||||||
|
throw new Error('Invalid cipher format.');
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
|
||||||
|
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
|
||||||
|
if (encPieces.length !== 2) {
|
||||||
|
throw new Error('Invalid cipher format.');
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new Error('encType unavailable.');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (encPieces == null || encPieces.length <= 0) {
|
||||||
|
throw new Error('encPieces unavailable.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const key = await this.getEncKey();
|
||||||
|
if (key != null && key.macKey != null && encPieces.length > 1) {
|
||||||
|
const ctBytes: string = forge.util.decode64(encPieces[0]);
|
||||||
|
const macBytes: string = forge.util.decode64(encPieces[1]);
|
||||||
|
const computedMacBytes = await this.computeMac(ctBytes, key.macKey, false);
|
||||||
|
const macsEqual = await this.macsEqual(key.macKey, macBytes, computedMacBytes);
|
||||||
|
if (!macsEqual) {
|
||||||
|
throw new Error('MAC failed.');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const privateKeyBytes = await this.getPrivateKey();
|
||||||
|
if (!privateKeyBytes) {
|
||||||
|
throw new Error('No private key.');
|
||||||
|
}
|
||||||
|
|
||||||
|
let rsaAlgorithm: any = null;
|
||||||
|
switch (encType) {
|
||||||
|
case EncryptionType.Rsa2048_OaepSha256_B64:
|
||||||
|
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
|
||||||
|
rsaAlgorithm = {
|
||||||
|
name: 'RSA-OAEP',
|
||||||
|
hash: { name: 'SHA-256' },
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
case EncryptionType.Rsa2048_OaepSha1_B64:
|
||||||
|
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
|
||||||
|
rsaAlgorithm = {
|
||||||
|
name: 'RSA-OAEP',
|
||||||
|
hash: { name: 'SHA-1' },
|
||||||
|
};
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new Error('encType unavailable.');
|
||||||
|
}
|
||||||
|
|
||||||
|
const privateKey = await Subtle.importKey('pkcs8', privateKeyBytes, rsaAlgorithm, false, ['decrypt']);
|
||||||
|
const ctArr = UtilsService.fromB64ToArray(encPieces[0]);
|
||||||
|
const decBytes = await Subtle.decrypt(rsaAlgorithm, privateKey, ctArr.buffer);
|
||||||
|
const b64DecValue = UtilsService.fromBufferToB64(decBytes);
|
||||||
|
return b64DecValue;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Helpers
|
||||||
|
|
||||||
|
private async aesEncrypt(plainValue: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
|
||||||
|
const obj = new EncryptedObject();
|
||||||
|
obj.key = await this.getKeyForEncryption(key);
|
||||||
|
const keyBuf = obj.key.getBuffers();
|
||||||
|
|
||||||
|
obj.iv = new Uint8Array(16);
|
||||||
|
Crypto.getRandomValues(obj.iv);
|
||||||
|
|
||||||
|
const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['encrypt']);
|
||||||
|
const encValue = await Subtle.encrypt({ name: 'AES-CBC', iv: obj.iv }, encKey, plainValue);
|
||||||
|
obj.ct = new Uint8Array(encValue);
|
||||||
|
|
||||||
|
if (keyBuf.macKey) {
|
||||||
|
const data = new Uint8Array(obj.iv.length + obj.ct.length);
|
||||||
|
data.set(obj.iv, 0);
|
||||||
|
data.set(obj.ct, obj.iv.length);
|
||||||
|
const mac = await this.computeMacWC(data.buffer, keyBuf.macKey);
|
||||||
|
obj.mac = new Uint8Array(mac);
|
||||||
|
}
|
||||||
|
|
||||||
|
return obj;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async aesDecrypt(encType: EncryptionType, ctBytes: string, ivBytes: string, macBytes: string,
|
||||||
|
key: SymmetricCryptoKey): Promise<any> {
|
||||||
|
const keyForEnc = await this.getKeyForEncryption(key);
|
||||||
|
const theKey = this.resolveLegacyKey(encType, keyForEnc);
|
||||||
|
|
||||||
|
if (encType !== theKey.encType) {
|
||||||
|
// tslint:disable-next-line
|
||||||
|
console.error('encType unavailable.');
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (theKey.macKey != null && macBytes != null) {
|
||||||
|
const computedMacBytes = this.computeMac(ivBytes + ctBytes, theKey.macKey, false);
|
||||||
|
if (!this.macsEqual(theKey.macKey, computedMacBytes, macBytes)) {
|
||||||
|
// tslint:disable-next-line
|
||||||
|
console.error('MAC failed.');
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const ctBuffer = (forge as any).util.createBuffer(ctBytes);
|
||||||
|
const decipher = (forge as any).cipher.createDecipher('AES-CBC', theKey.encKey);
|
||||||
|
decipher.start({ iv: ivBytes });
|
||||||
|
decipher.update(ctBuffer);
|
||||||
|
decipher.finish();
|
||||||
|
|
||||||
|
return decipher;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async aesDecryptWC(encType: EncryptionType, ctBuf: ArrayBuffer, ivBuf: ArrayBuffer,
|
||||||
|
macBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
|
||||||
|
const theKey = await this.getKeyForEncryption(key);
|
||||||
|
const keyBuf = theKey.getBuffers();
|
||||||
|
const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['decrypt']);
|
||||||
|
if (!keyBuf.macKey || !macBuf) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const data = new Uint8Array(ivBuf.byteLength + ctBuf.byteLength);
|
||||||
|
data.set(new Uint8Array(ivBuf), 0);
|
||||||
|
data.set(new Uint8Array(ctBuf), ivBuf.byteLength);
|
||||||
|
const computedMacBuf = await this.computeMacWC(data.buffer, keyBuf.macKey);
|
||||||
|
if (computedMacBuf === null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
const macsMatch = await this.macsEqualWC(keyBuf.macKey, macBuf, computedMacBuf);
|
||||||
|
if (macsMatch === false) {
|
||||||
|
// tslint:disable-next-line
|
||||||
|
console.error('MAC failed.');
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return await Subtle.decrypt({ name: 'AES-CBC', iv: ivBuf }, encKey, ctBuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
private computeMac(dataBytes: string, macKey: string, b64Output: boolean): string {
|
||||||
|
const hmac = (forge as any).hmac.create();
|
||||||
|
hmac.start('sha256', macKey);
|
||||||
|
hmac.update(dataBytes);
|
||||||
|
const mac = hmac.digest();
|
||||||
|
return b64Output ? forge.util.encode64(mac.getBytes()) : mac.getBytes();
|
||||||
|
}
|
||||||
|
|
||||||
|
private async computeMacWC(dataBuf: ArrayBuffer, macKeyBuf: ArrayBuffer): Promise<ArrayBuffer> {
|
||||||
|
const key = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
|
||||||
|
return await Subtle.sign(SigningAlgorithm, key, dataBuf);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
|
||||||
|
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
|
||||||
|
private macsEqual(macKey: string, mac1: string, mac2: string): boolean {
|
||||||
|
const hmac = (forge as any).hmac.create();
|
||||||
|
|
||||||
|
hmac.start('sha256', macKey);
|
||||||
|
hmac.update(mac1);
|
||||||
|
const mac1Bytes = hmac.digest().getBytes();
|
||||||
|
|
||||||
|
hmac.start(null, null);
|
||||||
|
hmac.update(mac2);
|
||||||
|
const mac2Bytes = hmac.digest().getBytes();
|
||||||
|
|
||||||
|
return mac1Bytes === mac2Bytes;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async macsEqualWC(macKeyBuf: ArrayBuffer, mac1Buf: ArrayBuffer, mac2Buf: ArrayBuffer): Promise<boolean> {
|
||||||
|
const macKey = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
|
||||||
|
const mac1 = await Subtle.sign(SigningAlgorithm, macKey, mac1Buf);
|
||||||
|
const mac2 = await Subtle.sign(SigningAlgorithm, macKey, mac2Buf);
|
||||||
|
|
||||||
|
if (mac1.byteLength !== mac2.byteLength) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const arr1 = new Uint8Array(mac1);
|
||||||
|
const arr2 = new Uint8Array(mac2);
|
||||||
|
|
||||||
|
for (let i = 0; i < arr2.length; i++) {
|
||||||
|
if (arr1[i] !== arr2[i]) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async getKeyForEncryption(key?: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
|
||||||
|
if (key) {
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
|
||||||
|
const encKey = await this.getEncKey();
|
||||||
|
return encKey || (await this.getKey());
|
||||||
|
}
|
||||||
|
|
||||||
|
private resolveLegacyKey(encType: EncryptionType, key: SymmetricCryptoKey): SymmetricCryptoKey {
|
||||||
|
if (encType === EncryptionType.AesCbc128_HmacSha256_B64 &&
|
||||||
|
key.encType === EncryptionType.AesCbc256_B64) {
|
||||||
|
// Old encrypt-then-mac scheme, make a new key
|
||||||
|
this.legacyEtmKey = this.legacyEtmKey ||
|
||||||
|
new SymmetricCryptoKey(key.key, false, EncryptionType.AesCbc128_HmacSha256_B64);
|
||||||
|
return this.legacyEtmKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
return key;
|
||||||
|
}
|
||||||
|
}
|
@ -1 +1,3 @@
|
|||||||
|
export { ConstantsService } from './crypto.service';
|
||||||
|
export { CryptoService } from './crypto.service';
|
||||||
export { UtilsService } from './utils.service';
|
export { UtilsService } from './utils.service';
|
||||||
|
@ -12,11 +12,7 @@
|
|||||||
"outDir": "dist/es",
|
"outDir": "dist/es",
|
||||||
"typeRoots": [
|
"typeRoots": [
|
||||||
"node_modules/@types"
|
"node_modules/@types"
|
||||||
],
|
]
|
||||||
"forceConsistentCasingInFileNames": true,
|
|
||||||
"noFallthroughCasesInSwitch": true,
|
|
||||||
"noUnusedLocals": true,
|
|
||||||
"noUnusedParameters": true
|
|
||||||
},
|
},
|
||||||
"include": [
|
"include": [
|
||||||
"src"
|
"src"
|
||||||
|
Loading…
Reference in New Issue
Block a user