diff --git a/src/lib/utils/jtw-utils.ts b/src/lib/utils/jtw-utils.ts index 5eb5853..efc4e47 100644 --- a/src/lib/utils/jtw-utils.ts +++ b/src/lib/utils/jtw-utils.ts @@ -1,9 +1,11 @@ import * as jose from "jose"; import { loadFile } from "./filesystem-utils"; import { SERVER_PRIVATE_KEY_PATH, SERVER_PUBLIC_KEY_PATH } from "./constants"; +import { openSSLInit } from "./openssl-utils"; +import { logger } from "./logger"; -export class JoseSingleton { +export class JoseApp { private static initialized = false @@ -12,16 +14,20 @@ export class JoseSingleton { public static async init() { - JoseSingleton.assureNotInitialized() + JoseApp.assureNotInitialized() - JoseSingleton.privateKey = await JoseSingleton.loadPrivateKey() - JoseSingleton.publicKey = await JoseSingleton.loadPublicKey() + await openSSLInit() + + JoseApp.privateKey = await JoseApp.loadPrivateKey() + JoseApp.publicKey = await JoseApp.loadPublicKey() + + JoseApp.initialized = true } private static async loadPrivateKey() { - JoseSingleton.assureNotInitialized() + JoseApp.assureNotInitialized() const privateKeyFile = await loadFile(SERVER_PRIVATE_KEY_PATH) return await jose.importPKCS8( @@ -33,10 +39,10 @@ export class JoseSingleton { private static async loadPublicKey() { - JoseSingleton.assureNotInitialized() + JoseApp.assureNotInitialized() const publicKeyFile = await loadFile(SERVER_PUBLIC_KEY_PATH) - return await jose.importPKCS8( + return await jose.importSPKI( await publicKeyFile.text(), "ES512" ) @@ -45,7 +51,7 @@ export class JoseSingleton { public static async signObject(object: any) { - JoseSingleton.assureInitialized() + JoseApp.assureInitialized() const payload = new TextEncoder().encode( JSON.stringify(object) @@ -55,26 +61,29 @@ export class JoseSingleton { payload ).setProtectedHeader({ alg: "ES512" - }).sign(JoseSingleton.privateKey) + }).sign(JoseApp.privateKey) } public static async verifyObject(jwt: string) { - JoseSingleton.assureInitialized() + JoseApp.assureInitialized() let _payload: Uint8Array try { const { payload, protectedHeader } = await jose.compactVerify( jwt, - JoseSingleton.publicKey + JoseApp.publicKey ) _payload = payload - } catch { + } catch(err) { + logger.debug(`Error: ${err}`, "JOSE Verify") return null } + logger.debug(`Payload: ${new TextDecoder().decode(_payload)}`, "JOSE Verify") + return JSON.parse( new TextDecoder().decode(_payload) ) @@ -83,7 +92,7 @@ export class JoseSingleton { private static assureInitialized() { - if (!JoseSingleton.initialized) { + if (!JoseApp.initialized) { // UGLY: Be specific throw new Error("JoseSingleton hasn't been initialized") } @@ -92,7 +101,7 @@ export class JoseSingleton { private static assureNotInitialized() { - if (JoseSingleton.initialized) { + if (JoseApp.initialized) { // UGLY: Be specific throw new Error("JoseSingleton has already been initialized") } diff --git a/src/lib/utils/openssl-utils.ts b/src/lib/utils/openssl-utils.ts index 117e6b6..3382b59 100644 --- a/src/lib/utils/openssl-utils.ts +++ b/src/lib/utils/openssl-utils.ts @@ -12,10 +12,10 @@ export async function openSSLInit() { export async function openSSLCreatePrivateKey() { // UGLY: may be refactored to output only the private key - - const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout`.text() + + const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout | openssl pkcs8 -topk8 -nocrypt`.text() const filePromise = loadFile(SERVER_PRIVATE_KEY_PATH, true) - + const [output, file] = await Promise.all([ outputPromise, filePromise @@ -34,7 +34,7 @@ export async function openSSLCreatePublicKey() { throw new Error("You must generate the private key before attempting to generate the public one") } - const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text() + const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text() const filePromise = loadFile(SERVER_PUBLIC_KEY_PATH, true) const [output, file] = await Promise.all([