const persistence = require("../persistence/persistence"); const cryptoUtil = require("../cryptoUtil"); const postSignature = require("./post-signature"); module.exports.authenticate = function(challenge, authenticationRequest, argv) { persistence().LoadDB() .then(db => { const url = argv.url || authenticationRequest.url; const userIdentifier = argv.userIdentifier || authenticationRequest.userIdentifier; // TODO validate lock definition has all the parameters we need // TODO: validate serviceExtendedPublicKey console.log("Looking for"); console.log("url: ", url); console.log("userIdentifier: ", userIdentifier); return db.Lock.findOne({ where: { url: url, userIdentifier: userIdentifier }, include: [ { association: db.Lock.ExtendedPublicKey, require: true, include: [ { association: db.ExtendedPublicKey.Key, // TODO rename key to wallet required: true } ] } ] }) .then(lock => { if(lock) { // Sign the message with the key that corresponds with this lock... const verification = cryptoUtil.verifyChallenge( lock.serviceExtendedPublicKey, challenge ); if (verification) { const encryptedKey = lock.extendedPublicKey.key.encryptedPrivateKey; const iv = lock.extendedPublicKey.key.iv; const password = "vanished"; const walletXpriv = cryptoUtil.decrypt(encryptedKey, password, iv); var challengeDerivationPath = `${lock.extendedPublicKey.derivationPath}/${challenge.derivationPath.split("c/")[1]}`; const signature = cryptoUtil.signMessage(walletXpriv, challengeDerivationPath, challenge.message).toString('hex'); console.log("Signature: ", signature); if(argv.p) { postSignature.postSignature(authenticationRequest.responseEndpoint, { id: challenge.id, signature: signature }) } } else { console.error("Challenge not signed by registered service."); } } else { console.error("Failed to find a lock with these parameters"); } }) }) }