npm - @keeper-security/keeperapi - Versions diffs - 16.0.1 → 16.0.4 - Mend

@keeper-security/keeperapi 16.0.1 → 16.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/src/endpoint.ts ADDED Viewed

@@ -0,0 +1,350 @@
+import {KeeperCommand, KeeperHttpResponse} from './commands'
+import {KeeperError} from './configuration'
+import {Authentication, Push, SsoCloud} from './proto'
+import {platform} from './platform'
+import {
+    generateTransmissionKey,
+    getKeeperUrl,
+    isTwoFactorResultCode,
+    normal64,
+    normal64Bytes,
+    webSafe64FromBytes
+} from './utils'
+import {
+    deviceMessage,
+    preLoginMessage,
+    registerDeviceMessage,
+    registerDeviceInRegionMessage,
+    RestMessage,
+    ssoCloudRequestMessage,
+    updateDeviceMessage
+} from './restMessages'
+import {ClientConfigurationInternal, TransmissionKey} from './configuration';
+import ApiRequestPayload = Authentication.ApiRequestPayload;
+import ApiRequest = Authentication.ApiRequest;
+import IDeviceResponse = Authentication.IDeviceResponse;
+import IPreLoginResponse = Authentication.IPreLoginResponse;
+import WssClientResponse = Push.WssClientResponse;
+import WssConnectionRequest = Push.WssConnectionRequest;
+import SsoCloudResponse = SsoCloud.SsoCloudResponse;
+export class KeeperEndpoint {
+    private transmissionKey: TransmissionKey
+    public deviceToken: Uint8Array
+    public clientVersion
+    private onsitePrivateKey: Uint8Array | null = null
+    private onsitePublicKey: Uint8Array | null = null
+    constructor(private options: ClientConfigurationInternal) {
+        if (options.deviceToken) {
+            this.deviceToken = options.deviceToken
+            this.transmissionKey = generateTransmissionKey(1)
+        } else {
+            this.transmissionKey = generateTransmissionKey(options.deviceConfig.transmissionKeyId || 1)
+        }
+    }
+    private getUrl(forPath: string): string {
+        return getKeeperUrl(this.options.host, forPath)
+    }
+    async getDeviceToken(): Promise<IDeviceResponse> {
+        return this.executeRest(deviceMessage({
+            clientVersion: this.clientVersion,
+            deviceName: 'JS Keeper API'
+        }))
+    }
+    async getPreLogin(username: string): Promise<IPreLoginResponse> {
+        if (!this.deviceToken) {
+            console.log('Obtaining device token...')
+            let deviceResponse = await this.getDeviceToken()
+            this.deviceToken = deviceResponse.encryptedDeviceToken
+            if (this.options.onDeviceToken) {
+                this.options.onDeviceToken(this.deviceToken)
+            }
+        }
+        while (true) {
+            try {
+                return await this.executeRest(preLoginMessage({
+                    authRequest: {
+                        clientVersion: this.clientVersion,
+                        username: username,
+                        encryptedDeviceToken: this.deviceToken
+                    },
+                    loginType: Authentication.LoginType.NORMAL
+                }))
+            } catch (e) {
+                if (!(e instanceof Error))
+                    throw(e)
+                let errorObj = JSON.parse(e.message)
+                if (errorObj.error === 'region_redirect') {
+                    this.options.host = errorObj.region_host
+                    console.log(`Redirecting to ${this.options.host}`)
+                } else {
+                    throw(e)
+                }
+            }
+        }
+    }
+    async registerDevice() {
+        // Case 1 new device, no edt no keys - call registration with pub key
+        // Case 2 existing device on 14, edt but no keys - call device update
+        // Case 3 existing device on 15+, has edt and keys - skip registration
+        const deviceConfig = this.options.deviceConfig
+        if (deviceConfig.deviceToken && deviceConfig.privateKey && deviceConfig.publicKey) {  // Case 1
+            return
+        }
+        const ecdh = await platform.generateECKeyPair()
+        deviceConfig.publicKey = ecdh.publicKey
+        deviceConfig.privateKey = ecdh.privateKey
+        if (deviceConfig.deviceToken) {
+            const devUpdMsg = updateDeviceMessage({
+                encryptedDeviceToken: deviceConfig.deviceToken,
+                clientVersion: this.options.clientVersion,
+                deviceName: deviceConfig.deviceName,
+                devicePublicKey: deviceConfig.publicKey,
+            })
+            await this.executeRest(devUpdMsg)
+        } else {
+            const devRegMsg = registerDeviceMessage({
+                clientVersion: this.options.clientVersion,
+                deviceName: deviceConfig.deviceName,
+                devicePublicKey: deviceConfig.publicKey,
+            })
+            const devRegResp = await this.executeRest(devRegMsg)
+            console.log(devRegResp)
+            deviceConfig.deviceToken = devRegResp.encryptedDeviceToken || null
+        }
+        if (this.options.onDeviceConfig) {
+            this.options.onDeviceConfig(deviceConfig, this.options.host);
+        }
+    }
+    async executeRest<TIn, TOut>(message: RestMessage<TIn, TOut>, sessionToken?: string): Promise<TOut> {
+        while (true) {
+            let request = await this.prepareRequest(message.toBytes(), sessionToken)
+            console.log("Calling REST URL:", this.getUrl(message.path));
+            let response = await platform.post(this.getUrl(message.path), request)
+            if (!response.data || response.data.length === 0 && response.statusCode === 200) {
+                return
+            }
+            console.log("Response code:", response.statusCode);
+            try {
+                let decrypted = await platform.aesGcmDecrypt(response.data, this.transmissionKey.key)
+                return message.fromBytes(decrypted)
+            } catch {
+                const errorMessage = platform.bytesToString(response.data.slice(0, 1000))
+                try {
+                    const errorObj: KeeperError = JSON.parse(errorMessage)
+                    switch (errorObj.error) {
+                        case 'key':
+                            this.updateTransmissionKey(errorObj.key_id)
+                            continue
+                        case 'region_redirect':
+                            this.options.host = errorObj.region_host
+                            if (this.options.onRegionChanged) {
+                                this.options.onRegionChanged(this.options.host);
+                            }
+                            continue
+                        case 'device_not_registered': {
+                            if (this.options.deviceConfig.deviceToken) {
+                                await this.executeRest(registerDeviceInRegionMessage({
+                                    clientVersion: this.options.clientVersion,
+                                    deviceName: this.options.deviceConfig.deviceName,
+                                    devicePublicKey: this.options.deviceConfig.publicKey,
+                                    encryptedDeviceToken: this.options.deviceConfig.deviceToken
+                                }))
+                                continue
+                            }
+                        }
+                    }
+                    if (this.options.onCommandFailure) {
+                        this.options.onCommandFailure({ ...errorObj, ...{ path: message.path } })
+                    }
+                } catch {
+                }
+                throw(new Error(errorMessage))
+            }
+        }
+    }
+    async executeV2Command<T>(command: KeeperCommand): Promise<T> {
+        command.client_version = this.clientVersion
+        let requestBytes = await this.prepareRequest(command)
+        let response = await platform.post(this.getUrl('vault/execute_v2_command'), requestBytes)
+        let decrypted
+        try {
+            decrypted = await platform.aesGcmDecrypt(response.data, this.transmissionKey.key)
+        } catch (e) {
+            let error = platform.bytesToString(response.data)
+            throw(`Unable to decrypt response: ${error}`)
+        }
+        let json = JSON.parse(platform.bytesToString(decrypted))
+        if (json.result !== 'success' && !isTwoFactorResultCode(json.result_code)) {
+            throw(json)
+        }
+        return json as T
+    }
+    async get(path: string): Promise<KeeperHttpResponse> {
+        return platform.get(this.getUrl(path), {})
+    }
+    public updateTransmissionKey(keyNumber: number) {
+        this.transmissionKey = generateTransmissionKey(keyNumber)
+        this.options.deviceConfig.transmissionKeyId = keyNumber
+        if (this.options.onDeviceConfig) {
+            this.options.onDeviceConfig(this.options.deviceConfig, this.options.host);
+        }
+    }
+    public async prepareRequest(payload: Uint8Array | KeeperCommand, sessionToken?: string): Promise<Uint8Array> {
+        return prepareApiRequest(payload, this.transmissionKey, sessionToken)
+    }
+    async decryptPushMessage(pushMessageData: Uint8Array): Promise<WssClientResponse> {
+        const decryptedPushMessage = await platform.aesGcmDecrypt(pushMessageData, this.transmissionKey.key)
+        return WssClientResponse.decode(decryptedPushMessage)
+    }
+    async getPushConnectionRequest(messageSessionUid: Uint8Array) {
+        return getPushConnectionRequest(messageSessionUid, this.options.deviceConfig.deviceToken, this.transmissionKey)
+    }
+    getTransmissionKey(): TransmissionKey {
+        return this.transmissionKey;
+    }
+    public async prepareSsoPayload(messageSessionUid: Uint8Array, username: string = '', idpSessionId = ''): Promise<string> {
+        const payload = ssoCloudRequestMessage({
+            "embedded": true,
+            "clientVersion": this.clientVersion,
+            "dest": "vault",
+            "forceLogin": false,
+            "messageSessionUid": messageSessionUid,
+            "idpSessionId": idpSessionId,
+            "username": username
+        }).toBytes()
+        const request = await prepareApiRequest(payload, this.transmissionKey)
+        return webSafe64FromBytes(request)
+    }
+    public async decryptCloudSsoResponse(token: string): Promise<SsoCloudResponse> {
+        return decryptCloudSsoResponse(token, this.getTransmissionKey().key)
+    }
+    public async getOnsitePublicKey(): Promise<string> {
+        if (!this.onsitePublicKey || !this.onsitePrivateKey) {
+            const {privateKey, publicKey} = await platform.generateRSAKeyPair()
+            this.onsitePrivateKey = privateKey
+            this.onsitePublicKey = publicKey
+        }
+        return webSafe64FromBytes(this.onsitePublicKey)
+    }
+    public decryptOnsiteSsoPassword(password: string): string {
+        const encryptedPasswordBytes = normal64Bytes(password)
+        const decryptedPassword = platform.privateDecrypt(encryptedPasswordBytes, this.onsitePrivateKey)
+        return platform.bytesToString(decryptedPassword)
+    }
+}
+export async function getPushConnectionRequest(messageSessionUid: Uint8Array, encryptedDeviceToken: Uint8Array, transmissionKey: TransmissionKey) {
+    const connectionRequest = WssConnectionRequest.create({
+        messageSessionUid: messageSessionUid,
+        encryptedDeviceToken: encryptedDeviceToken,
+        deviceTimeStamp: new Date().getTime()
+    })
+    const connectionRequestBytes = WssConnectionRequest.encode(connectionRequest).finish()
+    const apiRequest = await prepareApiRequest(connectionRequestBytes, transmissionKey)
+    return webSafe64FromBytes(apiRequest)
+}
+export async function prepareApiRequest(payload: Uint8Array | KeeperCommand, transmissionKey: TransmissionKey, sessionToken?: string): Promise<Uint8Array> {
+    const requestPayload = ApiRequestPayload.create()
+    if (payload) {
+        requestPayload.payload = payload instanceof Uint8Array
+            ? payload
+            : Buffer.from(JSON.stringify(payload))
+    }
+    if (sessionToken) {
+        requestPayload.encryptedSessionToken = normal64Bytes(sessionToken);
+    }
+    let requestPayloadBytes = ApiRequestPayload.encode(requestPayload).finish()
+    let encryptedRequestPayload = await platform.aesGcmEncrypt(requestPayloadBytes, transmissionKey.key)
+    let apiRequest = ApiRequest.create({
+        encryptedTransmissionKey: transmissionKey.encryptedKey,
+        encryptedPayload: encryptedRequestPayload,
+        publicKeyId: transmissionKey.publicKeyId,
+        locale: 'en_US'
+    })
+    return ApiRequest.encode(apiRequest).finish()
+}
+export async function decryptCloudSsoResponse(cloudResponseToken: string, key: Uint8Array): Promise<SsoCloudResponse> {
+    const decryptedData = await platform.aesGcmDecrypt(normal64Bytes(cloudResponseToken), key);
+    return SsoCloudResponse.decode(decryptedData);
+}
+export enum KeeperEnvironment {
+    Prod = 'keepersecurity.com',
+    QA = 'qa.keepersecurity.com',
+    DEV = 'dev.keepersecurity.com',
+    DEV2 = 'dev2.keepersecurity.com',
+    LOCAL = 'local.keepersecurity.com',
+    Prod_EU = 'keepersecurity.eu',
+    QA_EU = 'qa.keepersecurity.eu',
+    DEV_EU = 'dev.keepersecurity.eu',
+}
+interface KeeperKeys {
+    der: string[],
+    pem: string[]
+}
+let keys =
+    {
+        der: {
+            key1: 'MIIBCgKCAQEA9Z/CZzxiNUz8+npqI4V10+zW3AL7+M4UQDdd/17759Xzm0MOEfHOOsOgZxxNK1DEsbyCTCE05fd3Hz1mn1uGjXvm5HnN2mL/3TOVxyLU6VwH9EDInnj4DNMFifs69il3KlviT3llRgPCcjF4xrF8d4SR0/N3eqS1f9CBJPNEKEH+am5Xb/FqAlOUoXkILF0UYxA/jNLoWBSq+1W58e4xDI0p0GuP0lN8f97HBtfB7ijbtF+VxIXtxRy+4jA49zK+CQrGmWqIm5DzZcBvUtVGZ3UXd6LeMXMJOifvuCneGC2T2uB6G2g5yD54+onmKIETyNX0LtpR1MsZmKLgru5ugwIDAQAB',
+            key2: 'MIIBCgKCAQEAkOpym7xC3sSysw5DAidLoVF7JUgnvXejbieDWmEiD-DQOKxzfQqYHoFfeeix__bx3wMW3I8cAc8zwZ1JO8hyB2ON732JE2Zp301GAUMnAK_rBhQWmYKP_-uXSKeTJPiuaW9PVG0oRJ4MEdS-t1vIA4eDPhI1EexHaY3P2wHKoV8twcGvdWUZB5gxEpMbx5CuvEXptnXEJlxKou3TZu9uwJIo0pgqVLUgRpW1RSRipgutpUslBnQ72Bdbsry0KKVTlcPsudAnnWUtsMJNgmyQbESPm-aVv-GzdVUFvWKpKkAxDpNArPMf0xt8VL2frw2LDe5_n9IMFogUiSYt156_mQIDAQAB',
+            key3: 'MIIBCgKCAQEAyvxCWbLvtMRmq57oFg3mY4DWfkb1dir7b29E8UcwcKDcCsGTqoIhubU2pO46TVUXmFgC4E-Zlxt-9F-YA-MY7i_5GrDvySwAy4nbDhRL6Z0kz-rqUirgm9WWsP9v-X_BwzARqq83HNBuzAjf3UHgYDsKmCCarVAzRplZdT3Q5rnNiYPYSHzwfUhKEAyXk71UdtleD-bsMAmwnuYHLhDHiT279An_Ta93c9MTqa_Tq2Eirl_NXn1RdtbNohmMXldAH-C8uIh3Sz8erS4hZFSdUG1WlDsKpyRouNPQ3diorbO88wEAgpHjXkOLj63d1fYJBFG0yfu73U80aEZehQkSawIDAQAB',
+            key4: 'MIIBCgKCAQEA0TVoXLpgluaqw3P011zFPSIzWhUMBqXT-Ocjy8NKjJbdrbs53eRFKk1waeB3hNn5JEKNVSNbUIe-MjacB9P34iCfKtdnrdDB8JXx0nIbIPzLtcJC4HCYASpjX_TVXrU9BgeCE3NUtnIxjHDy8PCbJyAS_Pv299Q_wpLWnkkjq70ZJ2_fX-ObbQaZHwsWKbRZ_5sD6rLfxNACTGI_jo9-vVug6AdNq96J7nUdYV1cG-INQwJJKMcAbKQcLrml8CMPc2mmf0KQ5MbS_KSbLXHUF-81AsZVHfQRSuigOStQKxgSGL5osY4NrEcODbEXtkuDrKNMsZYhijKiUHBj9vvgKwIDAQAB',
+            key5: 'MIIBCgKCAQEAueOWC26w-HlOLW7s88WeWkXpjxK4mkjqngIzwbjnsU9145R51HvsILvjXJNdAuueVDHj3OOtQjfUM6eMMLr-3kaPv68y4FNusvB49uKc5ETI0HtHmHFSn9qAZvC7dQHSpYqC2TeCus-xKeUciQ5AmSfwpNtwzM6Oh2TO45zAqSA-QBSk_uv9TJu0e1W1AlNmizQtHX6je-mvqZCVHkzGFSQWQ8DBL9dHjviI2mmWfL_egAVVhBgTFXRHg5OmJbbPoHj217Yh-kHYA8IWEAHylboH6CVBdrNL4Na0fracQVTm-nOWdM95dKk3fH-KJYk_SmwB47ndWACLLi5epLl9vwIDAQAB',
+            key6: 'MIIBCgKCAQEA2PJRM7-4R97rHwY_zCkFA8B3llawb6gF7oAZCpxprl6KB5z2cqLAvUfEOBtnr7RIturX04p3ThnwaFnAR7ADVZWBGOYuAyaLzGHDI5mvs8D-NewG9vw8qRkTT7Mb8fuOHC6-_lTp9AF2OA2H4QYiT1vt43KbuD0Y2CCVrOTKzDMXG8msl_JvAKt4axY9RGUtBbv0NmpkBCjLZri5AaTMgjLdu8XBXCqoLx7qZL-Bwiv4njw-ZAI4jIszJTdGzMtoQ0zL7LBj_TDUBI4Qhf2bZTZlUSL3xeDWOKmd8Frksw3oKyJ17oCQK-EGau6EaJRGyasBXl8uOEWmYYgqOWirNwIDAQAB'
+        },
+        pem: {
+            key1: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Z/CZzxiNUz8+npqI4V1\n0+zW3AL7+M4UQDdd/17759Xzm0MOEfHOOsOgZxxNK1DEsbyCTCE05fd3Hz1mn1uG\njXvm5HnN2mL/3TOVxyLU6VwH9EDInnj4DNMFifs69il3KlviT3llRgPCcjF4xrF8\nd4SR0/N3eqS1f9CBJPNEKEH+am5Xb/FqAlOUoXkILF0UYxA/jNLoWBSq+1W58e4x\nDI0p0GuP0lN8f97HBtfB7ijbtF+VxIXtxRy+4jA49zK+CQrGmWqIm5DzZcBvUtVG\nZ3UXd6LeMXMJOifvuCneGC2T2uB6G2g5yD54+onmKIETyNX0LtpR1MsZmKLgru5u\ngwIDAQAB\n-----END PUBLIC KEY-----\n',
+            key2: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOpym7xC3sSysw5DAidL\noVF7JUgnvXejbieDWmEiD+DQOKxzfQqYHoFfeeix//bx3wMW3I8cAc8zwZ1JO8hy\nB2ON732JE2Zp301GAUMnAK/rBhQWmYKP/+uXSKeTJPiuaW9PVG0oRJ4MEdS+t1vI\nA4eDPhI1EexHaY3P2wHKoV8twcGvdWUZB5gxEpMbx5CuvEXptnXEJlxKou3TZu9u\nwJIo0pgqVLUgRpW1RSRipgutpUslBnQ72Bdbsry0KKVTlcPsudAnnWUtsMJNgmyQ\nbESPm+aVv+GzdVUFvWKpKkAxDpNArPMf0xt8VL2frw2LDe5/n9IMFogUiSYt156/\nmQIDAQAB\n-----END PUBLIC KEY-----\n',
+            key3: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvxCWbLvtMRmq57oFg3m\nY4DWfkb1dir7b29E8UcwcKDcCsGTqoIhubU2pO46TVUXmFgC4E+Zlxt+9F+YA+MY\n7i/5GrDvySwAy4nbDhRL6Z0kz+rqUirgm9WWsP9v+X/BwzARqq83HNBuzAjf3UHg\nYDsKmCCarVAzRplZdT3Q5rnNiYPYSHzwfUhKEAyXk71UdtleD+bsMAmwnuYHLhDH\niT279An/Ta93c9MTqa/Tq2Eirl/NXn1RdtbNohmMXldAH+C8uIh3Sz8erS4hZFSd\nUG1WlDsKpyRouNPQ3diorbO88wEAgpHjXkOLj63d1fYJBFG0yfu73U80aEZehQkS\nawIDAQAB\n-----END PUBLIC KEY-----\n',
+            key4: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TVoXLpgluaqw3P011zF\nPSIzWhUMBqXT+Ocjy8NKjJbdrbs53eRFKk1waeB3hNn5JEKNVSNbUIe+MjacB9P3\n4iCfKtdnrdDB8JXx0nIbIPzLtcJC4HCYASpjX/TVXrU9BgeCE3NUtnIxjHDy8PCb\nJyAS/Pv299Q/wpLWnkkjq70ZJ2/fX+ObbQaZHwsWKbRZ/5sD6rLfxNACTGI/jo9+\nvVug6AdNq96J7nUdYV1cG+INQwJJKMcAbKQcLrml8CMPc2mmf0KQ5MbS/KSbLXHU\nF+81AsZVHfQRSuigOStQKxgSGL5osY4NrEcODbEXtkuDrKNMsZYhijKiUHBj9vvg\nKwIDAQAB\n-----END PUBLIC KEY-----\n',
+            key5: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueOWC26w+HlOLW7s88We\nWkXpjxK4mkjqngIzwbjnsU9145R51HvsILvjXJNdAuueVDHj3OOtQjfUM6eMMLr+\n3kaPv68y4FNusvB49uKc5ETI0HtHmHFSn9qAZvC7dQHSpYqC2TeCus+xKeUciQ5A\nmSfwpNtwzM6Oh2TO45zAqSA+QBSk/uv9TJu0e1W1AlNmizQtHX6je+mvqZCVHkzG\nFSQWQ8DBL9dHjviI2mmWfL/egAVVhBgTFXRHg5OmJbbPoHj217Yh+kHYA8IWEAHy\nlboH6CVBdrNL4Na0fracQVTm+nOWdM95dKk3fH+KJYk/SmwB47ndWACLLi5epLl9\nvwIDAQAB\n-----END PUBLIC KEY-----\n',
+            key6: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PJRM7+4R97rHwY/zCkF\nA8B3llawb6gF7oAZCpxprl6KB5z2cqLAvUfEOBtnr7RIturX04p3ThnwaFnAR7AD\nVZWBGOYuAyaLzGHDI5mvs8D+NewG9vw8qRkTT7Mb8fuOHC6+/lTp9AF2OA2H4QYi\nT1vt43KbuD0Y2CCVrOTKzDMXG8msl/JvAKt4axY9RGUtBbv0NmpkBCjLZri5AaTM\ngjLdu8XBXCqoLx7qZL+Bwiv4njw+ZAI4jIszJTdGzMtoQ0zL7LBj/TDUBI4Qhf2b\nZTZlUSL3xeDWOKmd8Frksw3oKyJ17oCQK+EGau6EaJRGyasBXl8uOEWmYYgqOWir\nNwIDAQAB\n-----END PUBLIC KEY-----\n'
+        }
+    }
+let _keeperKeys: KeeperKeys = {
+    der: [], pem: []
+}
+for (let key in keys.der) {
+    _keeperKeys.der.push(normal64(keys.der[key]))
+}
+for (let key in keys.pem) {
+    _keeperKeys.pem.push(keys.pem[key])
+}
+export const keeperKeys: KeeperKeys = _keeperKeys

package/src/node/index.ts ADDED Viewed

@@ -0,0 +1,17 @@
+export * from "../endpoint";
+export * from "../auth";
+export * from "../vendorContext";
+export * from "../vendorModel";
+export * from "../vault";
+export * from "../company";
+export * from "../configuration";
+export * from "../commands";
+export * from "../restMessages";
+export * from "../utils";
+export * from "../platform";
+export * from "../proto";
+import {connectPlatform} from "../platform";
+import {nodePlatform} from "./platform";
+connectPlatform(nodePlatform);

package/src/node/platform.ts ADDED Viewed

@@ -0,0 +1,283 @@
+import * as crypto from "crypto";
+import {createECDH} from "crypto";
+import * as https from "https";
+import * as FormData from "form-data"
+import * as NodeRSA from 'node-rsa';
+import * as WebSocket from 'faye-websocket'
+import {KeyWrapper, Platform} from "../platform";
+import {RSA_PKCS1_PADDING} from "constants";
+import {KeeperHttpResponse} from "../commands";
+import {keeperKeys} from "../endpoint";
+import {SocketProxy, socketSendMessage} from '../auth'
+export const nodePlatform: Platform = class {
+    static keys = keeperKeys.pem;
+    static getRandomBytes(length: number): Uint8Array {
+        return crypto.randomBytes(length);
+    }
+    static bytesToBase64(data: Uint8Array): string {
+        return Buffer.from(data).toString("base64");
+    }
+    static base64ToBytes(data: string): Uint8Array {
+        return Buffer.from(data, "base64");
+    }
+    static bytesToString(data: Uint8Array): string {
+        return Buffer.from(data).toString();
+    }
+    static stringToBytes(data: string): Uint8Array {
+        return Buffer.from(data);
+    }
+    static wrapPassword(password: Uint8Array): KeyWrapper {
+        return KeyWrapper.create(password)
+    }
+    static unWrapPassword(password: KeyWrapper): Uint8Array {
+        return password.getKey()
+    }
+    static async generateRSAKeyPair(): Promise<{ privateKey: Uint8Array; publicKey: Uint8Array}> {
+        const rsaKeys = new NodeRSA({b: 2048});
+        const rsaPublicKey: Buffer = rsaKeys.exportKey('public-der');
+        const rsaPrivateKey: Buffer = rsaKeys.exportKey('private-der');
+        return Promise.resolve({
+            privateKey: rsaPrivateKey,
+            publicKey: rsaPublicKey
+        })
+    }
+    static async generateECKeyPair(): Promise<{ privateKey: Uint8Array; publicKey: Uint8Array }> {
+        const ecdh = createECDH('prime256v1')
+        ecdh.generateKeys()
+        return Promise.resolve({
+            privateKey: ecdh.getPrivateKey(),
+            publicKey: ecdh.getPublicKey()
+        })
+    }
+    static publicEncrypt(data: Uint8Array, key: string): Uint8Array {
+        let publicKey = key[0] === '-'  // PEM or DER?
+            ? key
+            : crypto.createPublicKey({
+                key: Buffer.from(key, 'base64'),
+                type: 'pkcs1',
+                format: 'der'
+            })
+        return crypto.publicEncrypt({
+            key: publicKey,
+            padding: RSA_PKCS1_PADDING
+        }, data)
+    }
+    static async publicEncryptEC(data: Uint8Array, key: Uint8Array, id?: Uint8Array): Promise<Uint8Array> {
+        const ecdh = createECDH('prime256v1')
+        ecdh.generateKeys()
+        const ephemeralPublicKey = ecdh.getPublicKey()
+        const sharedSecret = ecdh.computeSecret(key)
+        const sharedSecretCombined = Buffer.concat([sharedSecret, id || new Uint8Array()])
+        const symmetricKey = crypto.createHash("SHA256").update(sharedSecretCombined).digest()
+        const encryptedData = await this.aesGcmEncrypt(data, symmetricKey)
+        return Buffer.concat([ephemeralPublicKey, encryptedData])
+    }
+    static privateDecrypt(data: Uint8Array, key: Uint8Array): Uint8Array {
+        return crypto.privateDecrypt({
+            key: crypto.createPrivateKey({
+                key: Buffer.from(key),
+                type: 'pkcs1',
+                format: 'der',
+            }),
+            padding: RSA_PKCS1_PADDING
+        }, data);
+    }
+    static async privateDecryptEC(data: Uint8Array, privateKey: Uint8Array, publicKey?: Uint8Array, id?: Uint8Array): Promise<Uint8Array> {
+        const ecdh = createECDH('prime256v1')
+        ecdh.setPrivateKey(privateKey)
+        const publicKeyLength = 65
+        const ephemeralPublicKey = data.slice(0, publicKeyLength)
+        const sharedSecret = ecdh.computeSecret(ephemeralPublicKey)
+        const sharedSecretCombined = Buffer.concat([sharedSecret, id || new Uint8Array()])
+        const symmetricKey = crypto.createHash("SHA256").update(sharedSecretCombined).digest()
+        const encryptedData = data.slice(publicKeyLength)
+        return await this.aesGcmDecrypt(encryptedData, symmetricKey)
+    }
+    static privateSign(data: Uint8Array, key: string): Promise<Uint8Array> {
+        return Promise.resolve(crypto
+            .createSign("SHA256")
+            .update(data)
+            .sign(key));
+    }
+    static aesGcmEncrypt(data: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
+        let iv = crypto.randomBytes(12);
+        let cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+        let encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        let result = Buffer.concat([iv, encrypted, tag]);
+        return Promise.resolve(result);
+    }
+    static aesGcmDecrypt(data: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
+        let iv = data.subarray(0, 12);
+        let encrypted = data.subarray(12, data.length - 16);
+        let tag = data.subarray(data.length - 16);
+        let cipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+        cipher.setAuthTag(tag);
+        return Promise.resolve(Buffer.concat([cipher.update(encrypted), cipher.final()]));
+    }
+    static async aesCbcEncrypt(data: Uint8Array, key: Uint8Array, usePadding: boolean): Promise<Uint8Array> {
+        let iv = crypto.randomBytes(16);
+        let cipher = crypto
+            .createCipheriv("aes-256-cbc", key, iv)
+            .setAutoPadding(usePadding);
+        let encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+        return Buffer.concat([iv, encrypted]);
+    }
+    static async aesCbcDecrypt(data: Uint8Array, key: Uint8Array, usePadding: boolean): Promise<Uint8Array> {
+        let iv = data.subarray(0, 16);
+        let encrypted = data.subarray(16);
+        let cipher = crypto
+            .createDecipheriv("aes-256-cbc", key, iv)
+            .setAutoPadding(usePadding);
+        return Buffer.concat([cipher.update(encrypted), cipher.final()]);
+    }
+    static deriveKey(password: KeyWrapper, saltBytes: Uint8Array, iterations: number): Promise<Uint8Array> {
+        return Promise.resolve(crypto.pbkdf2Sync(password.getKey(), saltBytes, iterations, 32, 'SHA256'));
+    }
+    static deriveKeyV2(domain: string, password: KeyWrapper, saltBytes: Uint8Array, iterations: number): Promise<Uint8Array> {
+        const bytes = crypto.pbkdf2Sync(Buffer.of(...Buffer.from(domain), ...nodePlatform.unWrapPassword(password.getKey())), saltBytes, iterations, 64, 'SHA512')
+        const reducedBytes = crypto.createHmac("SHA256", bytes).update(Buffer.from(domain)).digest()
+        return Promise.resolve(reducedBytes);
+    }
+    static calcAuthVerifier(key: Uint8Array): Promise<Uint8Array> {
+        return Promise.resolve(crypto.createHash("SHA256").update(key).digest());
+    }
+    static get(
+      url: string,
+      headers?: {[key: string]: string}
+    ): Promise<KeeperHttpResponse> {
+        return new Promise<KeeperHttpResponse>((resolve, reject) => {
+            let get = https.request(url, {
+                method: "get",
+                headers: {
+                    "User-Agent": `Node/${process.version}`,
+                    ...headers
+                }
+            }, (res) => {
+                this.fetchData(res, resolve);
+            });
+            get.on('error', reject)
+            get.end();
+        })
+    }
+    static post(
+      url: string,
+      request: Uint8Array | string,
+      headers?: {[key: string]: string}
+    ): Promise<KeeperHttpResponse> {
+        return new Promise<KeeperHttpResponse>((resolve, reject) => {
+            let post = https.request(url, {
+                method: "post",
+                headers: {
+                    "Content-Type": "application/octet-stream",
+                    "Content-Length": request.length,
+                    "User-Agent": `Node/${process.version}`,
+                    ...headers,
+                },
+            }, (res) => {
+                this.fetchData(res, resolve)
+            });
+            post.on('error', reject)
+            post.write(request);
+            post.end();
+        })
+    }
+    static fileUpload(
+      url: string,
+      uploadParameters: {[key: string]: string},
+      data: Uint8Array
+    ): Promise<any> {
+        return new Promise<any>((resolve, reject) => {
+            const form = new FormData()
+            for (const key in uploadParameters) {
+                form.append(key, uploadParameters[key]);
+            }
+            form.append('file', data)
+            let post = https.request(url, {
+                method: "post",
+                headers: form.getHeaders()
+            });
+            form.pipe(post)
+            post.on('error', reject)
+            post.on('response', function (res: any) {
+                resolve({
+                    headers: res.headers,
+                    statusCode: res.statusCode,
+                    statusMessage: res.statusMessage
+                })
+            })
+        })
+    }
+    private static fetchData(res, resolve) {
+        let retVal = {
+            statusCode: res.statusCode,
+            headers: res.headers,
+            data: null
+        };
+        res.on("data", data => {
+            retVal.data = retVal.data
+                ? Buffer.concat([retVal.data, data])
+                : data
+        });
+        res.on("end", () => {
+            resolve(retVal);
+        });
+    }
+    static createWebsocket(url: string): SocketProxy {
+        const socket = new WebSocket.Client(url)
+        let createdSocket;
+        return createdSocket = {
+            onOpen: (callback: () => void) => {
+                socket.on('open', callback)
+            },
+            close: () => {
+                socket.close()
+            },
+            onClose: (callback: (e:Event) => void) => {
+                socket.on('close', callback)
+            },
+            onError: (callback: (err: Error) => void) => {
+                socket.on('error', callback)
+            },
+            onMessage: (callback: (e: Uint8Array) => void) => {
+                socket.on('message', (e: MessageEvent) => {
+                    callback(e.data)
+                })
+            },
+            send: (message => {
+                socketSendMessage(message, socket, createdSocket)
+            }),
+            messageQueue: [],
+        }
+    }
+};