implemented ability to sign tokens with random key generated every time

This commit is contained in:
tigerbot 2017-03-06 15:13:29 -07:00
parent 356a2d3131
commit 338f62439a
1 changed files with 55 additions and 34 deletions

View File

@ -3,28 +3,52 @@
var OAUTH3 = exports.OAUTH3 = exports.OAUTH3 || require('./oauth3.core.js').OAUTH3; var OAUTH3 = exports.OAUTH3 = exports.OAUTH3 || require('./oauth3.core.js').OAUTH3;
OAUTH3._base64.btoa = function (b64) { OAUTH3.utils.bufferToBinaryString = function (buf) {
// http://stackoverflow.com/questions/9677985/uncaught-typeerror-illegal-invocation-in-chrome return Array.prototype.map.call(new Uint8Array(buf), function(ch) {
return (exports.btoa || require('btoa'))(b64); return String.fromCharCode(ch);
}).join('');
}; };
OAUTH3._base64.encodeUrlSafe = function (b64) { OAUTH3.utils.binaryStringToBuffer = function (str) {
// Base64 to URL-safe Base64 var buf;
b64 = b64.replace(/\+/g, '-').replace(/\//g, '_');
b64 = b64.replace(/=+/g, ''); if ('undefined' !== typeof Uint8Array) {
return OAUTH3._base64.btoa(b64); buf = new Uint8Array(str.length);
} else {
buf = [];
}
Array.prototype.forEach.call(str, function (ch, ind) {
buf[ind] = ch.charCodeAt(0);
});
return buf;
}; };
OAUTH3.jwt.encode = function (parts) { OAUTH3.crypto = {};
parts.header = parts.header || { alg: 'none', typ: 'jwt' }; OAUTH3.crypto._generateKey = function () {
parts.signature = parts.signature || ''; return window.crypto.subtle.generateKey({name: 'ECDSA', namedCurve: 'P-256'}, true, ['sign', 'verify'])
.catch(function (err) {
console.error('failed to generate ECDSA key', err);
return OAUTH3.PromiseA.reject(err);
});
};
var result = [ OAUTH3.crypto._signPayload = function (payload) {
OAUTH3._base64.encodeUrlSafe(JSON.stringify(parts.header, null)) return OAUTH3.crypto._generateKey().then(function (key) {
, OAUTH3._base64.encodeUrlSafe(JSON.stringify(parts.payload, null)) var header = {type: 'jwt', alg: 'ES256'};
, parts.signature // should already be url-safe base64 var input = [
OAUTH3._base64.encodeUrlSafe(JSON.stringify(header, null))
, OAUTH3._base64.encodeUrlSafe(JSON.stringify(payload, null))
].join('.'); ].join('.');
return result; return window.crypto.subtle.sign(
{name: 'ECDSA', hash: {name: 'SHA-256'}}
, key.privateKey
, OAUTH3.utils.binaryStringToBuffer(input)
).then(function (signature) {
var base64Sig = OAUTH3._base64.encodeUrlSafe(OAUTH3.utils.bufferToBinaryString(signature));
return OAUTH3.PromiseA.resolve(input + '.' + base64Sig);
});
});
}; };
OAUTH3.authn.resourceOwnerPassword = OAUTH3.authz.resourceOwnerPassword = function (directive, opts) { OAUTH3.authn.resourceOwnerPassword = OAUTH3.authz.resourceOwnerPassword = function (directive, opts) {
@ -82,12 +106,8 @@
}; };
OAUTH3._mockToken = function (providerUri, opts) { OAUTH3._mockToken = function (providerUri, opts) {
var accessToken = OAUTH3.jwt.encode({ var payload = { exp: Math.round(Date.now() / 1000) + 900, sub: 'fakeUserId', scp: opts.scope };
header: { alg: 'none' } return OAUTH3.crypto._signPayload(payload).then(function (accessToken) {
, payload: { exp: Math.round(Date.now() / 1000) + 900, sub: 'fakeUserId', scp: opts.scope }
, signature: "fakeSig"
});
return OAUTH3.hooks.session.refresh( return OAUTH3.hooks.session.refresh(
opts.session || { opts.session || {
provider_uri: providerUri provider_uri: providerUri
@ -100,6 +120,7 @@
, scope: opts.scope , scope: opts.scope
} }
); );
});
}; };
}('undefined' !== typeof exports ? exports : window)); }('undefined' !== typeof exports ? exports : window));