diff options
Diffstat (limited to 'packages/exchange-backoffice-ui/src/account.ts')
| -rw-r--r-- | packages/exchange-backoffice-ui/src/account.ts | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/packages/exchange-backoffice-ui/src/account.ts b/packages/exchange-backoffice-ui/src/account.ts index 1e770794a..019c0bb43 100644 --- a/packages/exchange-backoffice-ui/src/account.ts +++ b/packages/exchange-backoffice-ui/src/account.ts @@ -7,28 +7,33 @@ import { decodeCrock, encodeCrock } from "@gnu-taler/taler-util"; * * @returns session id as string */ -export function createNewSessionId(): string { +export function createSalt(): string { const salt = crypto.getRandomValues(new Uint8Array(8)); const iv = crypto.getRandomValues(new Uint8Array(12)); return encodeCrock(salt.buffer) + "-" + encodeCrock(iv.buffer); } +export interface Account { + accountId: string; + secret: CryptoKey; +} + /** * Restore previous session and unlock account * - * @param sessionId string from which crypto params will be derived - * @param accountId secured private key + * @param salt string from which crypto params will be derived + * @param key secured private key * @param password password for the private key * @returns */ export async function unlockAccount( - sessionId: string, - accountId: string, + salt: string, + key: string, password: string, -) { - const key = str2ab(window.atob(accountId)); +): Promise<Account> { + const rawKey = str2ab(window.atob(key)); - const privateKey = await recoverWithPassword(key, sessionId, password); + const privateKey = await recoverWithPassword(rawKey, salt, password); const publicKey = await getPublicFromPrivate(privateKey); @@ -36,9 +41,9 @@ export async function unlockAccount( throw new Error(String(e)); }); - const pub = btoa(ab2str(pubRaw)); + const accountId = btoa(ab2str(pubRaw)); - return { accountId, pub }; + return { accountId, secret: privateKey }; } /** @@ -49,12 +54,13 @@ export async function unlockAccount( * @param password * @returns */ -export async function createNewAccount(sessionId: string, password: string) { - const { privateKey, publicKey } = await createPair(); +export async function createNewAccount(password: string) { + const { privateKey } = await createPair(); + const salt = createSalt(); const protectedPrivKey = await protectWithPassword( privateKey, - sessionId, + salt, password, ); @@ -64,14 +70,14 @@ export async function createNewAccount(sessionId: string, password: string) { // throw new Error(String(e)); // }); - const pubRaw = await crypto.subtle.exportKey("spki", publicKey).catch((e) => { - throw new Error(String(e)); - }); + // const pubRaw = await crypto.subtle.exportKey("spki", publicKey).catch((e) => { + // throw new Error(String(e)); + // }); - const pub = btoa(ab2str(pubRaw)); + // const pub = btoa(ab2str(pubRaw)); const protectedPriv = btoa(ab2str(protectedPrivKey)); - return { accountId: protectedPriv, pub }; + return { accountId: protectedPriv, salt }; } const rsaAlgorithm: RsaHashedKeyGenParams = { @@ -97,7 +103,7 @@ async function protectWithPassword( sessionId: string, password: string, ): Promise<ArrayBuffer> { - const { salt, initVector: iv } = getCryptoPArameters(sessionId); + const { salt, initVector: iv } = getCryptoParameters(sessionId); const passwordAsKey = await crypto.subtle .importKey("raw", textEncoder.encode(password), { name: "PBKDF2" }, false, [ "deriveBits", @@ -139,7 +145,7 @@ async function recoverWithPassword( sessionId: string, password: string, ): Promise<CryptoKey> { - const { salt, initVector: iv } = getCryptoPArameters(sessionId); + const { salt, initVector: iv } = getCryptoParameters(sessionId); const master = await crypto.subtle .importKey("raw", textEncoder.encode(password), { name: "PBKDF2" }, false, [ @@ -231,7 +237,7 @@ function str2ab(str: string) { return buf; } -function getCryptoPArameters(sessionId: string): { +function getCryptoParameters(sessionId: string): { salt: Uint8Array; initVector: Uint8Array; } { |