diff --git a/lib/commands/add-lock.js b/lib/commands/add-lock.js index 0a96da9..1263491 100644 --- a/lib/commands/add-lock.js +++ b/lib/commands/add-lock.js @@ -28,48 +28,59 @@ module.exports.handler = (argv) => { persistence().LoadDB() .then(db => { // TODO validate lock definition has all the parameters we need - // TODO: Verify challenge comes from a service we know... - return db.ExtendedPublicKey.findOne({ - where: { - xpub: challenge.xpub - }, - include: [ - { - association: db.ExtendedPublicKey.Key // TODO: update this to wallet + // TODO: validate serviceExtendedPublicKey + const verification = cryptoUtil.verifyChallenge( + registerationMessage.serviceExtendedPublicKey, + challenge + ); + if(verification) { + return db.ExtendedPublicKey.findOne({ + where: { + xpub: challenge.xpub + }, + include: [ + { + association: db.ExtendedPublicKey.Key // TODO: update this to wallet + } + ] + }).then(extendedPublicKey => { + if (extendedPublicKey) { + const encryptedKey = extendedPublicKey.key.encryptedPrivateKey; + const iv = extendedPublicKey.key.iv; + const password = "vanished"; + const walletXpriv = cryptoUtil.decrypt(encryptedKey, password, iv); + + var challengeDerivationPath = `${extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`; + + const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message) + + + // TODO: save lock + return db.Lock.create({ + userIdentifier: registerationMessage.userIdentifier, + url: registerationMessage.url, + serviceExtendedPublicKey: registerationMessage.serviceExtendedPublicKey, + signature: signature.toString('hex'), + message: challenge.message, + extendedPublicKeyId: extendedPublicKey.id + }) + } else { + console.error("Sorry we can't create a lock with xpub: ", challenge.xpub); + return null; + } + }).then(lock => { + if(lock) { + console.log("Lock: ", lock.id); + console.log("Signature: ", lock.signature); + } else { + console.error("Failed to create the lock."); } - ] - }).then(extendedPublicKey => { - if (extendedPublicKey) { - const encryptedKey = extendedPublicKey.key.encryptedPrivateKey; - const password = "vanished"; - const walletXpriv = cryptoUtil.decrypt(encryptedKey, password); - - var challengeDerivationPath = `${extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`; - const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message) - - - // TODO: save lock - return db.Lock.create({ - userIdentifier: registerationMessage.userIdentifier, - url: registerationMessage.url, - signature: signature.toString('hex'), - message: challenge.message, - extendedPublicKeyId: extendedPublicKey.id - }) - } else { - console.error("Sorry we can't create a lock with xpub: ", challenge.xpub); - return null; - } - }).then(lock => { - if(lock) { - console.log("Lock: ", lock.id); - console.log("Signature: ", lock.signature); - } else { - console.error("Failed to create the lock."); - } - - }) + }) + } else { + console.error("Challenge not signed by service"); + } + }) } \ No newline at end of file diff --git a/lib/core/persistence/models/lock.js b/lib/core/persistence/models/lock.js index 00eef0b..427bb4e 100644 --- a/lib/core/persistence/models/lock.js +++ b/lib/core/persistence/models/lock.js @@ -16,6 +16,10 @@ module.exports = function (sequelize, DataTypes, options) { type: DataTypes.STRING, allowNull: false }, + serviceExtendedPublicKey: { + type: DataTypes.STRING, + allowNull: false + }, signature: { // Derivation from the master key... // TODO: Add validation...