Tools/SSL-Sniffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed Key generation and update signing logic

Browse Source
This commit is contained in:
CnF-Gris 2025-06-30 20:05:49 +00:00
parent f55cc48656
commit 5f89985939
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/lib/utils/jtw-utils.ts
View File

@ -1,9 +1,11 @@
import * as jose from "jose"; import * as jose from "jose";
import { loadFile } from "./filesystem-utils"; import { loadFile } from "./filesystem-utils";
import { SERVER_PRIVATE_KEY_PATH, SERVER_PUBLIC_KEY_PATH } from "./constants"; import { SERVER_PRIVATE_KEY_PATH, SERVER_PUBLIC_KEY_PATH } from "./constants";
import { openSSLInit } from "./openssl-utils";
import { logger } from "./logger";
export class JoseSingleton { export class JoseApp {
private static initialized = false private static initialized = false
@ -12,16 +14,20 @@ export class JoseSingleton {
public static async init() { public static async init() {
JoseSingleton.assureNotInitialized() JoseApp.assureNotInitialized()
JoseSingleton.privateKey = await JoseSingleton.loadPrivateKey() await openSSLInit()
JoseSingleton.publicKey = await JoseSingleton.loadPublicKey()
JoseApp.privateKey = await JoseApp.loadPrivateKey()
JoseApp.publicKey = await JoseApp.loadPublicKey()
JoseApp.initialized = true
} }
private static async loadPrivateKey() { private static async loadPrivateKey() {
JoseSingleton.assureNotInitialized() JoseApp.assureNotInitialized()
const privateKeyFile = await loadFile(SERVER_PRIVATE_KEY_PATH) const privateKeyFile = await loadFile(SERVER_PRIVATE_KEY_PATH)
return await jose.importPKCS8( return await jose.importPKCS8(
@ -33,10 +39,10 @@ export class JoseSingleton {
private static async loadPublicKey() { private static async loadPublicKey() {
JoseSingleton.assureNotInitialized() JoseApp.assureNotInitialized()
const publicKeyFile = await loadFile(SERVER_PUBLIC_KEY_PATH) const publicKeyFile = await loadFile(SERVER_PUBLIC_KEY_PATH)
return await jose.importPKCS8( return await jose.importSPKI(
await publicKeyFile.text(), await publicKeyFile.text(),
"ES512" "ES512"
) )
@ -45,7 +51,7 @@ export class JoseSingleton {
public static async signObject(object: any) { public static async signObject(object: any) {
JoseSingleton.assureInitialized() JoseApp.assureInitialized()
const payload = new TextEncoder().encode( const payload = new TextEncoder().encode(
JSON.stringify(object) JSON.stringify(object)
@ -55,26 +61,29 @@ export class JoseSingleton {
payload payload
).setProtectedHeader({ ).setProtectedHeader({
alg: "ES512" alg: "ES512"
}).sign(JoseSingleton.privateKey) }).sign(JoseApp.privateKey)
} }
public static async verifyObject(jwt: string) { public static async verifyObject(jwt: string) {
JoseSingleton.assureInitialized() JoseApp.assureInitialized()
let _payload: Uint8Array let _payload: Uint8Array
try { try {
const { payload, protectedHeader } = await jose.compactVerify( const { payload, protectedHeader } = await jose.compactVerify(
jwt, jwt,
JoseSingleton.publicKey JoseApp.publicKey
) )
_payload = payload _payload = payload
} catch { } catch(err) {
logger.debug(`Error: ${err}`, "JOSE Verify")
return null return null
} }
logger.debug(`Payload: ${new TextDecoder().decode(_payload)}`, "JOSE Verify")
return JSON.parse( return JSON.parse(
new TextDecoder().decode(_payload) new TextDecoder().decode(_payload)
) )
@ -83,7 +92,7 @@ export class JoseSingleton {
private static assureInitialized() { private static assureInitialized() {
if (!JoseSingleton.initialized) { if (!JoseApp.initialized) {
// UGLY: Be specific // UGLY: Be specific
throw new Error("JoseSingleton hasn't been initialized") throw new Error("JoseSingleton hasn't been initialized")
} }
@ -92,7 +101,7 @@ export class JoseSingleton {
private static assureNotInitialized() { private static assureNotInitialized() {
if (JoseSingleton.initialized) { if (JoseApp.initialized) {
// UGLY: Be specific // UGLY: Be specific
throw new Error("JoseSingleton has already been initialized") throw new Error("JoseSingleton has already been initialized")
} }

8
src/lib/utils/openssl-utils.ts
View File

@ -12,10 +12,10 @@ export async function openSSLInit() {
export async function openSSLCreatePrivateKey() { export async function openSSLCreatePrivateKey() {
// UGLY: may be refactored to output only the private key // UGLY: may be refactored to output only the private key
const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout`.text() const outputPromise = $`openssl ecparam -genkey -name secp521r1 -noout | openssl pkcs8 -topk8 -nocrypt`.text()
const filePromise = loadFile(SERVER_PRIVATE_KEY_PATH, true) const filePromise = loadFile(SERVER_PRIVATE_KEY_PATH, true)
const [output, file] = await Promise.all([ const [output, file] = await Promise.all([
outputPromise, outputPromise,
filePromise filePromise
@ -34,7 +34,7 @@ export async function openSSLCreatePublicKey() {
throw new Error("You must generate the private key before attempting to generate the public one") throw new Error("You must generate the private key before attempting to generate the public one")
} }
const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text() const outputPromise = $`openssl ec -in ${SERVER_PRIVATE_KEY_PATH} -pubout `.text()
const filePromise = loadFile(SERVER_PUBLIC_KEY_PATH, true) const filePromise = loadFile(SERVER_PUBLIC_KEY_PATH, true)
const [output, file] = await Promise.all([ const [output, file] = await Promise.all([