Tools/SSL-Sniffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed Key generation and update signing logic

Browse Source
This commit is contained in:
CnF-Gris 2025-06-30 20:05:49 +00:00
parent f55cc48656
commit 5f89985939
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/lib/utils/jtw-utils.ts
View File

@ -1,9 +1,11 @@
import * as jose from "jose";
import { loadFile } from "./filesystem-utils";
import { SERVER_PRIVATE_KEY_PATH, SERVER_PUBLIC_KEY_PATH } from "./constants";
import { openSSLInit } from "./openssl-utils";
import { logger } from "./logger";
export class JoseSingleton {
export class JoseApp {
private static initialized = false
@ -12,16 +14,20 @@ export class JoseSingleton {
public static async init() {
JoseSingleton.assureNotInitialized()
JoseApp.assureNotInitialized()
JoseSingleton.privateKey = await JoseSingleton.loadPrivateKey()
JoseSingleton.publicKey = await JoseSingleton.loadPublicKey()
await openSSLInit()
JoseApp.privateKey = await JoseApp.loadPrivateKey()
JoseApp.publicKey = await JoseApp.loadPublicKey()
JoseApp.initialized = true
}
private static async loadPrivateKey() {
JoseSingleton.assureNotInitialized()
JoseApp.assureNotInitialized()
const privateKeyFile = await loadFile(SERVER_PRIVATE_KEY_PATH)
return await jose.importPKCS8(
@ -33,10 +39,10 @@ export class JoseSingleton {
private static async loadPublicKey() {
JoseSingleton.assureNotInitialized()
JoseApp.assureNotInitialized()
const publicKeyFile = await loadFile(SERVER_PUBLIC_KEY_PATH)
return await jose.importPKCS8(
return await jose.importSPKI(
await publicKeyFile.text(),
"ES512"
)
@ -45,7 +51,7 @@ export class JoseSingleton {
public static async signObject(object: any) {
JoseSingleton.assureInitialized()
JoseApp.assureInitialized()
const payload = new TextEncoder().encode(
JSON.stringify(object)
@ -55,26 +61,29 @@ export class JoseSingleton {
payload
).setProtectedHeader({
alg: "ES512"
}).sign(JoseSingleton.privateKey)
}).sign(JoseApp.privateKey)
}
public static async verifyObject(jwt: string) {
JoseSingleton.assureInitialized()
JoseApp.assureInitialized()
let _payload: Uint8Array
try {
const { payload, protectedHeader } = await jose.compactVerify(
jwt,
JoseSingleton.publicKey
JoseApp.publicKey
)
_payload = payload
} catch {
} catch(err) {
logger.debug(`Error: ${err}`, "JOSE Verify")
return null
}
logger.debug(`Payload: ${new TextDecoder().decode(_payload)}`, "JOSE Verify")
return JSON.parse(
new TextDecoder().decode(_payload)
)
@ -83,7 +92,7 @@ export class JoseSingleton {
private static assureInitialized() {
if (!JoseSingleton.initialized) {
if (!JoseApp.initialized) {
// UGLY: Be specific
throw new Error("JoseSingleton hasn't been initialized")
}
@ -92,7 +101,7 @@ export class JoseSingleton {
private static assureNotInitialized() {
if (JoseSingleton.initialized) {
if (JoseApp.initialized) {
// UGLY: Be specific
throw new Error("JoseSingleton has already been initialized")
}

8
src/lib/utils/openssl-utils.ts
View File

@ -12,10 +12,10 @@ export async function openSSLInit() {
export async function openSSLCreatePrivateKey() {
// UGLY: may be refactored to output only the private key
const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout`.text()
const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout | openssl pkcs8 -topk8 -nocrypt`.text()
const filePromise = loadFile(SERVER_PRIVATE_KEY_PATH, true)
const [output, file] = await Promise.all([
outputPromise,
filePromise
@ -34,7 +34,7 @@ export async function openSSLCreatePublicKey() {
throw new Error("You must generate the private key before attempting to generate the public one")
}
const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text()
const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text()
const filePromise = loadFile(SERVER_PUBLIC_KEY_PATH, true)
const [output, file] = await Promise.all([