hd-auth/hd-auth-wallet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: hd-auth:a05e1ba48e4b7ec41bcdecb62dcf0d9e4fe3e86b
Branches Tags
hd-auth:master
..
compare: hd-auth:385a4cedbba477fa3816daf628b4690b812ac0cb
Branches Tags
hd-auth:master

No commits in common. "a05e1ba48e4b7ec41bcdecb62dcf0d9e4fe3e86b" and "385a4cedbba477fa3816daf628b4690b812ac0cb" have entirely different histories.
a05e1ba48e ... 385a4cedbb

4 changed files with 5 additions and 184 deletions
Show Stats Expand all files Collapse all files

10
lib/commands/authenticate-challenge.js
View File

@ -12,8 +12,8 @@ module.exports.builder = (yargs) => {
describe: 'challenge that needs to be signed', describe: 'challenge that needs to be signed',
type: 'string' type: 'string'
}) })
.option('url', { .option('domain-url', {
describe: 'override url belong to the service making the challenge', describe: 'override domain url belong to the service making the challenge',
type: 'string' type: 'string'
}) })
.option('user-identifier', { .option('user-identifier', {
@ -28,17 +28,17 @@ module.exports.handler = (argv) => {
const challenge = JSON.parse(argv.challenge); const challenge = JSON.parse(argv.challenge);
// TODO get userIdentifier and domainUrl from challenge // TODO get userIdentifier and domainUrl from challenge
const loginRequest = JSON.parse(challenge.message); const loginRequest = JSON.parse(challenge.message);
const url = argv.url || loginRequest.url; const domainUrl = argv.domainUrl || loginRequest.domainUrl;
const userIdentifier = argv.userIdentifier || loginRequest.userIdentifier; const userIdentifier = argv.userIdentifier || loginRequest.userIdentifier;
persistence().LoadDB() persistence().LoadDB()
.then(db => { .then(db => {
console.log("Looking for"); console.log("Looking for");
console.log("url: ", url); console.log("url: ", domainUrl);
console.log("userIdentifier: ", userIdentifier); console.log("userIdentifier: ", userIdentifier);
return db.Lock.findOne({ return db.Lock.findOne({
where: { where: {
url: url, url: domainUrl,
userIdentifier: userIdentifier userIdentifier: userIdentifier
}, },
include: [ include: [

57
lib/commands/sign.js
View File

@ -1,57 +0,0 @@
const registrationLogic = require('../core/logic/register');
const authenticationLogic = require('../core/logic/authentication');
module.exports.description = "Sign message/challenge."
module.exports.builder = (yargs) => {
return yargs
.usage(`Usage: $0 sign [options]`)
.help(false)
.version(false)
.option('challenge', {
describe: 'Challenge to sign',
type: 'string'
})
.demandOption(['challenge'])
.argv;
}
module.exports.handler = (argv) => {
console.log("Sign challenge.");
const challengeArgument = argv["challenge"].js || argv["challenge"];
const challenge = JSON.parse(challengeArgument);
// Parse Action
try {
const request = JSON.parse(challenge.message);
if(request.action != undefined) {
switch(request.action) {
case "register":
// Ask user if they want to register with service
registrationLogic.registration(challenge, request);
break;
case "authenticate":
// Ask user if they want to authenticate with service
authenticationLogic.authenticate(challenge, request, argv)
break;
default:
// Tell user that action is unsupported
// ask if they want to sign regardless if they want to continue any way.
break;
}
} else {
// No action provided... should just sign
console.log("No action required.");
}
// TODO: Validate lock-definition is of the correct format...
} catch(e) {
// Should just be signed...
console.error("challenge.messsage isn't json Object")
}
}

60
lib/core/logic/authentication.js
View File

@ -1,60 +0,0 @@
const persistence = require("../persistence/persistence");
const cryptoUtil = require("../cryptoUtil");
module.exports.authenticate = function(challenge, authenticationRequest, argv) {
persistence().LoadDB()
.then(db => {
const url = argv.url || authenticationRequest.url;
const userIdentifier = argv.userIdentifier || authenticationRequest.userIdentifier;
// TODO validate lock definition has all the parameters we need
// TODO: validate serviceExtendedPublicKey
console.log("Looking for");
console.log("url: ", url);
console.log("userIdentifier: ", userIdentifier);
return db.Lock.findOne({
where: {
url: url,
userIdentifier: userIdentifier
},
include: [
{
association: db.Lock.ExtendedPublicKey,
require: true,
include: [
{
association: db.ExtendedPublicKey.Key, // TODO rename key to wallet
required: true
}
]
}
]
})
.then(lock => {
if(lock) {
// Sign the message with the key that corresponds with this lock...
const verification = cryptoUtil.verifyChallenge(
lock.serviceExtendedPublicKey,
challenge
);
if (verification) {
const encryptedKey = lock.extendedPublicKey.key.encryptedPrivateKey;
const iv = lock.extendedPublicKey.key.iv;
const password = "vanished";
const walletXpriv = cryptoUtil.decrypt(encryptedKey, password, iv);
var challengeDerivationPath = `${lock.extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`;
const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message)
console.log("Signature: ", signature.toString('hex'));
} else {
console.error("Challenge not signed by registered service.");
}
} else {
console.error("Failed to find a lock with these parameters");
}
})
})
}

62
lib/core/logic/register.js
View File

@ -1,62 +0,0 @@
const persistence = require("../persistence/persistence");
const cryptoUtil = require("../cryptoUtil");
module.exports.registration = function(challenge, registerationRequest) {
persistence().LoadDB()
.then(db => {
// TODO validate lock definition has all the parameters we need
// TODO: validate serviceExtendedPublicKey
const verification = cryptoUtil.verifyChallenge(
registerationRequest.serviceExtendedPublicKey,
challenge
);
if(verification) {
return db.ExtendedPublicKey.findOne({
where: {
xpub: challenge.xpub
},
include: [
{
association: db.ExtendedPublicKey.Key // TODO: update this to wallet
}
]
}).then(extendedPublicKey => {
if (extendedPublicKey) {
const encryptedKey = extendedPublicKey.key.encryptedPrivateKey;
const iv = extendedPublicKey.key.iv;
const password = "vanished";
const walletXpriv = cryptoUtil.decrypt(encryptedKey, password, iv);
var challengeDerivationPath = `${extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`;
const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message)
// TODO: save lock
return db.Lock.create({
userIdentifier: registerationRequest.userIdentifier,
url: registerationRequest.url,
serviceExtendedPublicKey: registerationRequest.serviceExtendedPublicKey,
signature: signature.toString('hex'),
message: challenge.message,
extendedPublicKeyId: extendedPublicKey.id
})
} else {
console.error("Sorry we can't create a lock with xpub: ", challenge.xpub);
return null;
}
}).then(lock => {
if(lock) {
console.log("Lock: ", lock.id);
console.log("Signature: ", lock.signature);
} else {
console.error("Failed to create the lock.");
}
})
} else {
console.error("Challenge not signed by service");
}
})
}