@binsky/passman-client-ts 0.1.0-7

package/lib/Service/CredentialFilterService.js

@@ -0,0 +1,209 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialFilterService = exports.FILTERS = void 0;
+const core_1 = require("@zxcvbn-ts/core");
+const zxcvbnEnPackage = __importStar(require("@zxcvbn-ts/language-en"));
+const zxcvbnCommonPackage = __importStar(require("@zxcvbn-ts/language-common"));
+var FILTERS;
+(function (FILTERS) {
+    FILTERS[FILTERS["SHOW_ALL"] = 0] = "SHOW_ALL";
+    FILTERS[FILTERS["COMPROMISED"] = 1] = "COMPROMISED";
+    FILTERS[FILTERS["STRENGTH_LOW"] = 2] = "STRENGTH_LOW";
+    FILTERS[FILTERS["STRENGTH_MEDIUM"] = 3] = "STRENGTH_MEDIUM";
+    FILTERS[FILTERS["STRENGTH_GOOD"] = 4] = "STRENGTH_GOOD";
+    FILTERS[FILTERS["EXPIRED"] = 5] = "EXPIRED";
+    FILTERS[FILTERS["DELETED"] = 6] = "DELETED";
+    FILTERS[FILTERS["ENCRYPTION_BROKEN"] = 7] = "ENCRYPTION_BROKEN"; // use FILTERS.ENCRYPTION_BROKEN only when you really know what you are doing
+})(FILTERS || (exports.FILTERS = FILTERS = {}));
+class CredentialFilterService {
+    static getFilteredCredentials = (allCredentials, filter, additionalFilterText = undefined) => {
+        let filtered = [];
+        for (const credential of allCredentials) {
+            if (filter === FILTERS.ENCRYPTION_BROKEN) {
+                // do not care about other major categories (like hidden / deleted / text) for this filter option
+                if (credential.hasUnspecifiedEncryptionError()) {
+                    filtered.push(credential);
+                }
+                continue;
+            }
+            if (CredentialFilterService.isHidden(credential)) {
+                // hidden credentials are never shown in the list
+                // matches usually only the (required) first test credential
+                continue;
+            }
+            const additionalTextFilterEnabled = additionalFilterText !== undefined && additionalFilterText !== '';
+            // filter text if possible, otherwise ignore filter and proceed
+            if (!additionalTextFilterEnabled || (additionalTextFilterEnabled && CredentialFilterService.matchesFilterText(credential, additionalFilterText))) {
+                if (filter === FILTERS.DELETED) {
+                    // deleted credentials will not match any other category
+                    if (CredentialFilterService.isDeleted(credential)) {
+                        filtered.push(credential);
+                    }
+                }
+                else {
+                    if (CredentialFilterService.isDeleted(credential)) {
+                        // deleted credentials will not match any other category
+                        continue;
+                    }
+                    if (filter === FILTERS.SHOW_ALL) {
+                        filtered.push(credential);
+                    }
+                    else if (filter === FILTERS.COMPROMISED) {
+                        if (CredentialFilterService.isCompromised(credential)) {
+                            filtered.push(credential);
+                        }
+                    }
+                    else if (filter === FILTERS.STRENGTH_LOW) {
+                        if (CredentialFilterService.hasLowStrength(credential)) {
+                            filtered.push(credential);
+                        }
+                    }
+                    else if (filter === FILTERS.STRENGTH_MEDIUM) {
+                        if (CredentialFilterService.hasMediumStrength(credential)) {
+                            filtered.push(credential);
+                        }
+                    }
+                    else if (filter === FILTERS.STRENGTH_GOOD) {
+                        if (CredentialFilterService.hasGoodStrength(credential)) {
+                            filtered.push(credential);
+                        }
+                    }
+                    else if (filter === FILTERS.EXPIRED) {
+                        if (CredentialFilterService.isExpired(credential)) {
+                            filtered.push(credential);
+                        }
+                    }
+                }
+            }
+        }
+        return filtered;
+    };
+    static getFilterStats = (allCredentials) => {
+        const stats = {
+            allVisible: 0,
+            compromised: 0,
+            strengthLow: 0,
+            strengthMedium: 0,
+            strengthGood: 0,
+            expired: 0,
+            deleted: 0,
+            encryptionBroken: 0
+        };
+        const options = {
+            translations: zxcvbnEnPackage.translations,
+            graphs: zxcvbnCommonPackage.adjacencyGraphs,
+            dictionary: {}, // do not use dictionaries for a faster evaluation
+        };
+        core_1.zxcvbnOptions.setOptions(options);
+        const now = Date.now();
+        for (const credential of allCredentials) {
+            if (!CredentialFilterService.isHidden(credential)) {
+                if (CredentialFilterService.isDeleted(credential)) {
+                    stats.deleted++;
+                }
+                else {
+                    stats.allVisible++;
+                    if (CredentialFilterService.isCompromised(credential)) {
+                        stats.compromised++;
+                    }
+                    if (CredentialFilterService.isExpired(credential, now)) {
+                        stats.expired++;
+                    }
+                    if (credential.password != null) {
+                        // do not categorize credential by strength if it has no primary password set
+                        // zxcvbn will fail for credential.password = null
+                        const zxcvbnResult = (0, core_1.zxcvbn)(credential.password);
+                        if (zxcvbnResult.score >= 3) {
+                            stats.strengthGood++;
+                        }
+                        else if (zxcvbnResult.score == 2) {
+                            stats.strengthMedium++;
+                        }
+                        else {
+                            // use strength low also as fallback, if zxcvbnResult is < 0
+                            stats.strengthLow++;
+                        }
+                    }
+                }
+            }
+            // count all types of credentials (also hidden), if its encryption is broken
+            if (credential.hasUnspecifiedEncryptionError()) {
+                stats.encryptionBroken++;
+            }
+        }
+        return stats;
+    };
+    static isHidden(credential) {
+        return credential.hidden;
+    }
+    static isDeleted(credential) {
+        return credential.delete_time !== null && credential.delete_time > 0;
+    }
+    static isCompromised(credential) {
+        return credential.compromised !== null && credential.compromised != false;
+    }
+    static isExpired(credential, now = undefined) {
+        if (now === undefined) {
+            now = Date.now();
+        }
+        return credential.expire_time !== 0 && credential.expire_time * 1000 <= now;
+    }
+    static hasLowStrength(credential) {
+        if (credential.password == null) {
+            // do not categorize credential by strength if it has no primary password set
+            return false;
+        }
+        const zxcvbnResult = (0, core_1.zxcvbn)(credential.password);
+        return zxcvbnResult.score <= 1;
+    }
+    static hasMediumStrength(credential) {
+        if (credential.password == null) {
+            // do not categorize credential by strength if it has no primary password set
+            return false;
+        }
+        const zxcvbnResult = (0, core_1.zxcvbn)(credential.password);
+        return zxcvbnResult.score == 2;
+    }
+    static hasGoodStrength(credential) {
+        if (credential.password == null) {
+            // do not categorize credential by strength if it has no primary password set
+            return false;
+        }
+        const zxcvbnResult = (0, core_1.zxcvbn)(credential.password);
+        return zxcvbnResult.score >= 3;
+    }
+    static matchesFilterText(credential, filterText) {
+        filterText = filterText.toLowerCase();
+        if (credential.label != null && credential.label.toLowerCase().indexOf(filterText) > -1) {
+            return true;
+        }
+        else if (credential.description != null && credential.description.toLowerCase().indexOf(filterText) > -1) {
+            return true;
+        }
+        return false;
+    }
+}
+exports.CredentialFilterService = CredentialFilterService;

package/lib/Service/CustomMathsService.d.ts

@@ -0,0 +1,7 @@
+export declare class CustomMathsService {
+    static round: (num: any, digits: number) => string;
+    static calculateFromByte: (byte: any, roundDigits?: number) => string;
+    static byteToGb: (byte: any, roundDigits?: number) => string;
+    static byteToMb: (byte: any, roundDigits?: number) => string;
+    static getSecureRandomInt(min: any, max: any): any;
+}

package/lib/Service/CustomMathsService.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustomMathsService = void 0;
+class CustomMathsService {
+    static round = (num, digits) => {
+        return parseFloat(num).toFixed(digits);
+    };
+    static calculateFromByte = (byte, roundDigits = 2) => {
+        byte = parseFloat(byte);
+        let result = '';
+        if (byte < 1024) {
+            result = this.round(byte, roundDigits) + ' Byte';
+        }
+        else if (byte >= 1024 && byte < Math.pow(1024, 2)) {
+            result = this.round(byte / 1024, roundDigits) + ' KB';
+        }
+        else if (byte >= Math.pow(1024, 2) && byte < Math.pow(1024, 3)) {
+            result = this.round(byte / Math.pow(1024, 2), roundDigits) + ' MB';
+        }
+        else if (byte >= Math.pow(1024, 3) && byte < Math.pow(1024, 4)) {
+            result = this.round(byte / Math.pow(1024, 3), roundDigits) + ' GB';
+        }
+        else if (byte >= Math.pow(1024, 4) && byte < Math.pow(1024, 5)) {
+            result = this.round(byte / Math.pow(1024, 4), roundDigits) + ' TB';
+        }
+        else if (byte >= Math.pow(1024, 5) && byte < Math.pow(1024, 6)) {
+            result = this.round(byte / Math.pow(1024, 5), roundDigits) + ' PB';
+        }
+        else if (byte >= Math.pow(1024, 6) && byte < Math.pow(1024, 7)) {
+            result = this.round(byte / Math.pow(1024, 6), roundDigits) + ' EB';
+        }
+        return result;
+    };
+    static byteToGb = (byte, roundDigits = 2) => {
+        return this.round(byte / Math.pow(1024, 3), roundDigits);
+    };
+    static byteToMb = (byte, roundDigits = 2) => {
+        return this.round(byte / Math.pow(1024, 2), roundDigits);
+    };
+    static getSecureRandomInt(min, max) {
+        // Create byte array and fill with 1 random number
+        let byteArray = new Uint8Array(1);
+        window.crypto.getRandomValues(byteArray);
+        const range = max - min + 1;
+        const max_range = 256;
+        if (byteArray[0] >= Math.floor(max_range / range) * range) {
+            return this.getSecureRandomInt(min, max);
+        }
+        return min + (byteArray[0] % range);
+    }
+}
+exports.CustomMathsService = CustomMathsService;

package/lib/Service/DefaultLoggingService.d.ts

@@ -0,0 +1,10 @@
+import type { LoggingHandlerInterface } from "../Interfaces/LoggingHandlerInterface";
+export declare class DefaultLoggingService implements LoggingHandlerInterface {
+    onDebug(message: string): void;
+    onInfo(message: string): void;
+    onSuccess(message: string): void;
+    onWarning(message: string): void;
+    onError(message: string): void;
+    anyError(error: any): void;
+    onThrow(error: Error): void;
+}

package/lib/Service/DefaultLoggingService.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultLoggingService = void 0;
+class DefaultLoggingService {
+    onDebug(message) {
+        console.debug(message);
+    }
+    onInfo(message) {
+        console.info(message);
+    }
+    onSuccess(message) {
+        console.log(message);
+    }
+    onWarning(message) {
+        console.warn(message);
+    }
+    onError(message) {
+        console.error(message);
+    }
+    anyError(error) {
+        console.error(error);
+    }
+    onThrow(error) {
+        throw error;
+    }
+}
+exports.DefaultLoggingService = DefaultLoggingService;

package/lib/Service/DownloadService.d.ts

@@ -0,0 +1,12 @@
+export declare class DownloadService {
+    private static defaultMime;
+    /**
+     * This download script will only work for web browsers
+     * @param data
+     * @param strFileName
+     * @param strMimeType
+     */
+    static download(data: any, strFileName: any, strMimeType: any): boolean | XMLHttpRequest;
+    private static dataUrlToBlob;
+    private static saver;
+}

package/lib/Service/DownloadService.js

@@ -0,0 +1,121 @@
+"use strict";
+/*
+    Based on download.js v4.2, by dandavis; 2008-2016. [CCBY2] https://github.com/rndme/download
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DownloadService = void 0;
+class DownloadService {
+    static defaultMime = "application/octet-stream";
+    /**
+     * This download script will only work for web browsers
+     * @param data
+     * @param strFileName
+     * @param strMimeType
+     */
+    static download(data, strFileName, strMimeType) {
+        let mimeType = strMimeType || DownloadService.defaultMime;
+        let payload = data;
+        let url = !strFileName && !strMimeType && payload;
+        let anchor = document.createElement("a");
+        let fileName = strFileName || "download";
+        let blob;
+        let reader;
+        if (String(this) === "true") { //reverse arguments, allowing download.bind(true, "text/xml", "export.xml") to act as a callback
+            payload = [payload, mimeType];
+            mimeType = payload[0];
+            payload = payload[1];
+        }
+        if (url && url.length < 2048) { // if no filename and no mime, assume a url was passed as the only argument
+            fileName = url.split("/").pop().split("?")[0];
+            anchor.href = url; // assign href prop to temp anchor
+            if (anchor.href.indexOf(url) !== -1) { // if the browser determines that it's a potentially valid url path:
+                var ajax = new XMLHttpRequest();
+                ajax.open("GET", url, true);
+                ajax.responseType = 'blob';
+                ajax.onload = function (e) {
+                    DownloadService.download(e.target.response, fileName, DownloadService.defaultMime);
+                };
+                setTimeout(function () {
+                    ajax.send();
+                }, 0); // allows setting custom ajax headers using the return:
+                return ajax;
+            } // end if valid url?
+        } // end if url?
+        //go ahead and download dataURLs right away
+        if (/^data:([\w+-]+\/[\w+.-]+)?[,;]/.test(payload)) {
+            if (payload.length > (1024 * 1024 * 1.999)) {
+                payload = DownloadService.dataUrlToBlob(payload);
+                mimeType = payload.type || DownloadService.defaultMime;
+            }
+            else {
+                return DownloadService.saver(payload, fileName, anchor);
+            }
+        }
+        blob = new Blob([payload], { type: mimeType });
+        if (self.URL) { // simple fast and modern way using Blob and URL:
+            DownloadService.saver(self.URL.createObjectURL(blob), fileName, anchor, true);
+        }
+        else {
+            // handle non-Blob()+non-URL browsers:
+            /*if (typeof blob === "string" || blob.constructor === toString) {
+                try {
+                    return DownloadService.saver("data:" + mimeType + ";base64," + self.btoa(blob), fileName, anchor);
+                } catch (y) {
+                    return DownloadService.saver("data:" + mimeType + "," + encodeURIComponent(blob), fileName, anchor);
+                }
+            }*/
+            // Blob but not URL support:
+            reader = new FileReader();
+            reader.onload = function (e) {
+                DownloadService.saver(this.result, fileName, anchor);
+            };
+            reader.readAsDataURL(blob);
+        }
+        return true;
+    }
+    ;
+    static dataUrlToBlob(strUrl) {
+        var parts = strUrl.split(/[:;,]/), type = parts[1], decoder = parts[2] == "base64" ? atob : decodeURIComponent, binData = decoder(parts.pop()), mx = binData.length, i = 0, uiArr = new Uint8Array(mx);
+        for (i; i < mx; ++i)
+            uiArr[i] = binData.charCodeAt(i);
+        return new Blob([uiArr], { type: type });
+    }
+    static saver(url, fileName, anchor, winMode = false) {
+        if ('download' in anchor) { //html5 A[download]
+            var element = document.createElement('a');
+            element.setAttribute('href', url);
+            element.setAttribute('download', fileName);
+            element.style.display = 'none';
+            document.body.appendChild(element);
+            element.click();
+            document.body.removeChild(element);
+            if (winMode === true) {
+                setTimeout(function () {
+                    self.URL.revokeObjectURL(element.href);
+                }, 250);
+            }
+            return true;
+        }
+        // handle non-a[download] safari as best we can:
+        if (/(Version)\/(\d+)\.(\d+)(?:\.(\d+))?.*Safari\//.test(navigator.userAgent)) {
+            url = url.replace(/^data:([\w\/\-\+\.]+)/, DownloadService.defaultMime);
+            if (!window.open(url)) { // popup blocked, offer direct download:
+                if (confirm("Displaying New Document\n\nUse Save As... to download, then click back to return to this page.")) {
+                    location.href = url;
+                }
+            }
+            return true;
+        }
+        //do iframe dataURL download (old ch+FF):
+        var f = document.createElement("iframe");
+        document.body.appendChild(f);
+        if (!winMode) { // force a mime that will download:
+            url = "data:" + url.replace(/^data:([\w\/\-\+\.]+)/, DownloadService.defaultMime);
+        }
+        f.src = url;
+        setTimeout(function () {
+            document.body.removeChild(f);
+        }, 333);
+    }
+}
+exports.DownloadService = DownloadService;

package/lib/Service/OTPService.d.ts

@@ -0,0 +1,22 @@
+import { Secret } from "otpauth";
+import { OTPConfigInterface } from "../Interfaces/Credential/OTPConfigInterface";
+export declare class OTPService {
+    static mergeDefaultOTPConfig: (otp: OTPConfigInterface) => void;
+    static getSecretString: (secret: undefined | string | Secret) => string | undefined;
+    static getDataUrlFromCurrentOTPValues: (otp: OTPConfigInterface) => string;
+    /**
+     * Updates otp.qr_uri with a new QR code and data url based on the raw otp values.
+     * @param otp
+     */
+    static updateQRFromCurrentOTPValues: (otp: OTPConfigInterface) => void;
+    /**
+     * Returns the current token of the given OTP configuration.
+     * @param otp
+     */
+    static updateOTP: (otp: OTPConfigInterface) => string;
+    /**
+     * Parse input file asynchronous as QR code, extract the TOTP values and return the IOTPConfig, that's built from it.
+     * @param input
+     */
+    static parseOTPQrCodeFromInputFileData: (input: string | File | any) => Promise<OTPConfigInterface>;
+}

package/lib/Service/OTPService.js

@@ -0,0 +1,134 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OTPService = void 0;
+const OTPAuth = __importStar(require("otpauth"));
+const qrcode_generator_1 = __importDefault(require("qrcode-generator"));
+const qrcode_parser_1 = __importDefault(require("qrcode-parser"));
+class OTPService {
+    static mergeDefaultOTPConfig = (otp) => {
+        const defaults = {
+            algorithm: "SHA1",
+            period: 30,
+            digits: 6,
+        };
+        for (const key in defaults) {
+            if (otp[key] === undefined || otp[key] == null) {
+                otp[key] = defaults[key];
+            }
+        }
+    };
+    static getSecretString = (secret) => {
+        if (typeof secret == "object") {
+            return secret.utf8;
+        }
+        return secret;
+    };
+    static getDataUrlFromCurrentOTPValues = (otp) => {
+        const totp = new OTPAuth.TOTP({
+            issuer: otp.issuer,
+            label: otp.label,
+            algorithm: otp.algorithm,
+            digits: otp.digits,
+            period: otp.period,
+            secret: otp.secret
+        });
+        return decodeURIComponent(totp.toString());
+    };
+    /**
+     * Updates otp.qr_uri with a new QR code and data url based on the raw otp values.
+     * @param otp
+     */
+    static updateQRFromCurrentOTPValues = (otp) => {
+        if (otp.qr_uri === undefined) {
+            otp.qr_uri = {};
+        }
+        const typeNumberAutoDetect = 0;
+        const errorCorrectionLevel = 'L'; // L = 7%
+        const qr = (0, qrcode_generator_1.default)(typeNumberAutoDetect, errorCorrectionLevel);
+        otp.qr_uri.qrData = OTPService.getDataUrlFromCurrentOTPValues(otp);
+        qr.addData(otp.qr_uri.qrData);
+        qr.make();
+        const cellSize = 4;
+        const padding = 0;
+        const canvas = document.createElement("canvas");
+        canvas.width = canvas.height = qr.getModuleCount() * cellSize + padding * 2;
+        const context = canvas.getContext("2d");
+        qr.renderTo2dContext(context, cellSize);
+        otp.qr_uri.image = canvas.toDataURL("image/png");
+        canvas.remove();
+    };
+    /**
+     * Returns the current token of the given OTP configuration.
+     * @param otp
+     */
+    static updateOTP = (otp) => {
+        if (!otp || !otp.secret || otp.secret === "") {
+            return;
+        }
+        if (typeof otp.secret == "string" && otp.secret.includes(' ')) {
+            otp.secret = otp.secret.replaceAll(' ', '');
+        }
+        OTPService.mergeDefaultOTPConfig(otp);
+        const totp = new OTPAuth.TOTP({
+            issuer: otp.issuer,
+            label: otp.label,
+            algorithm: otp.algorithm,
+            digits: otp.digits,
+            period: otp.period,
+            secret: otp.secret
+        });
+        return totp.generate();
+    };
+    /**
+     * Parse input file asynchronous as QR code, extract the TOTP values and return the IOTPConfig, that's built from it.
+     * @param input
+     */
+    static parseOTPQrCodeFromInputFileData = async (input) => {
+        return await (0, qrcode_parser_1.default)(input).then((otpUrl) => {
+            const uri = new URL(otpUrl);
+            const type = (uri.href.indexOf('totp/') !== -1) ? 'totp' : 'hotp';
+            const label = uri.pathname.replace('//' + type + '/', '');
+            const otp = {
+                type: type,
+                label: decodeURIComponent(label),
+                qr_uri: {
+                    qrData: decodeURIComponent(otpUrl),
+                    image: input
+                },
+                issuer: uri.searchParams.get('issuer'),
+                secret: uri.searchParams.get('secret'),
+                algorithm: uri.searchParams.get('algorithm') ? uri.searchParams.get('algorithm') : "SHA1",
+                period: uri.searchParams.get('period') ? parseInt(uri.searchParams.get('period')) : 30,
+                digits: uri.searchParams.get('digits') ? parseInt(uri.searchParams.get('digits')) : 6,
+            };
+            return otp;
+        });
+    };
+}
+exports.OTPService = OTPService;

package/lib/Service/PassmanCrypto.d.ts

@@ -0,0 +1,10 @@
+import { GenerateKeypairResponseInterface } from "../Interfaces/PassmanCrypto/GenerateKeypairResponseInterface";
+import { RSAKeypairInterface } from "../Interfaces/PassmanCrypto/RSAKeypairInterface";
+import { PEMRSAKeypairInterface } from "../Interfaces/PassmanCrypto/PEMRSAKeypairInterface";
+export declare class PassmanCrypto {
+    static generateRSAKeypair: (keyLength?: number) => Promise<GenerateKeypairResponseInterface>;
+    static rsaKeyPairToPEM: (keypair: RSAKeypairInterface) => PEMRSAKeypairInterface;
+    private static readonly sjcl_encryption_config;
+    static encryptString: (plainText: string, key: string) => string;
+    static decryptString: (b64EncCiphertext: string, key: string) => string;
+}

package/lib/Service/PassmanCrypto.js

@@ -0,0 +1,57 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PassmanCrypto = void 0;
+const node_forge_1 = __importDefault(require("node-forge"));
+const sjcl_1 = __importDefault(require("sjcl"));
+class PassmanCrypto {
+    static generateRSAKeypair = (keyLength = 2048) => {
+        return new Promise(function (resolve, reject) {
+            // generate an RSA key pair asynchronously (uses web workers if available)
+            // use workers: -1 to run a fast core estimator to optimize # of workers
+            node_forge_1.default.pki.rsa.generateKeyPair({
+                bits: keyLength,
+                workers: 2
+            }, (error, keypair) => {
+                resolve({ error, keypair });
+            });
+        });
+    };
+    static rsaKeyPairToPEM = (keypair) => {
+        return {
+            privateKey: node_forge_1.default.pki.privateKeyToPem(keypair.privateKey),
+            publicKey: node_forge_1.default.pki.publicKeyToPem(keypair.publicKey)
+        };
+    };
+    static sjcl_encryption_config = {
+        adata: "",
+        iter: 1000,
+        ks: 256,
+        mode: 'ccm',
+        ts: 64,
+        //salt: [],
+        //iv: []
+    };
+    static encryptString = (plainText, key) => {
+        // todo: think about replacing aes-ccm from sjcl with the more modern and faster aes-gcm from forge
+        // see https://crypto.stackexchange.com/questions/6842/how-to-choose-between-aes-ccm-and-aes-gcm-for-storage-volume-encryption
+        // see https://github.com/digitalbazaar/forge#cipher
+        // todo: try to use aes-ccm from jscrypto instead of the very outdated sjcl
+        // see https://github.com/Hinaser/jscrypto/blob/master/API.md#aes
+        let rp = {};
+        const ct = sjcl_1.default.encrypt(key, plainText, PassmanCrypto.sjcl_encryption_config, rp);
+        return window.btoa(ct);
+    };
+    static decryptString = (b64EncCiphertext, key) => {
+        const ciphertext = window.atob(b64EncCiphertext);
+        try {
+            return sjcl_1.default.decrypt(key, ciphertext);
+        }
+        catch (e) {
+            throw e;
+        }
+    };
+}
+exports.PassmanCrypto = PassmanCrypto;