2016-03-25 07:04:46 -04:00
|
|
|
crypto = require('crypto')
|
2019-12-04 05:03:10 -05:00
|
|
|
async = require('async')
|
2016-03-25 07:04:46 -04:00
|
|
|
|
|
|
|
|
ALGORITHM = 'aes-256-ctr'
|
|
|
|
|
|
2019-12-04 05:03:10 -05:00
|
|
|
keyFn = (password, salt, keyLength, callback)->
|
|
|
|
|
return crypto.pbkdf2(password, salt, 10000, keyLength, 'sha1', callback)
|
2016-03-25 07:04:46 -04:00
|
|
|
|
2016-03-25 10:33:38 -04:00
|
|
|
class AccessTokenEncryptor
|
|
|
|
|
|
|
|
|
|
constructor: (settings) ->
|
2016-03-25 07:04:46 -04:00
|
|
|
|
2016-03-25 10:33:38 -04:00
|
|
|
@settings = settings
|
2019-12-04 05:03:10 -05:00
|
|
|
@cipherLabel = "2019.1"
|
2016-03-25 10:33:38 -04:00
|
|
|
|
|
|
|
|
@cipherPassword = @settings.cipherPasswords[@cipherLabel]
|
|
|
|
|
throw Error("cipherPassword not set") if not @cipherPassword?
|
|
|
|
|
throw Error("cipherPassword too short") if @cipherPassword.length < 16
|
|
|
|
|
|
|
|
|
|
encryptJson: (json, callback) ->
|
2016-03-25 07:04:46 -04:00
|
|
|
string = JSON.stringify(json)
|
2019-12-04 05:03:10 -05:00
|
|
|
async.parallel [
|
|
|
|
|
(cb) -> crypto.randomBytes(16, cb)
|
|
|
|
|
(cb) -> crypto.randomBytes(16, cb)
|
|
|
|
|
], (err, results) =>
|
2016-03-25 07:04:46 -04:00
|
|
|
if err?
|
|
|
|
|
return callback(err)
|
2019-12-04 05:03:10 -05:00
|
|
|
|
|
|
|
|
salt = results[0]
|
|
|
|
|
iv = results[1]
|
|
|
|
|
|
2019-12-05 03:57:19 -05:00
|
|
|
keyFn @cipherPassword, salt, 32, (err, key) =>
|
2019-12-04 05:03:10 -05:00
|
|
|
if err?
|
|
|
|
|
logger.err err:err, "error getting Fn key"
|
|
|
|
|
return callback(err)
|
|
|
|
|
|
|
|
|
|
cipher = crypto.createCipheriv(ALGORITHM, key, iv)
|
|
|
|
|
crypted = cipher.update(string, 'utf8', 'base64') + cipher.final('base64')
|
|
|
|
|
|
|
|
|
|
callback(null, "#{@cipherLabel}:#{salt.toString('hex')}:#{crypted}:#{iv.toString('hex')}")
|
2016-03-25 07:04:46 -04:00
|
|
|
|
2016-03-25 10:33:38 -04:00
|
|
|
decryptToJson: (encryptedJson, callback) ->
|
2019-12-04 05:03:10 -05:00
|
|
|
[label, salt, cipherText, iv] = encryptedJson.split(':', 4)
|
|
|
|
|
|
2016-03-25 10:33:38 -04:00
|
|
|
password = @settings.cipherPasswords[label]
|
2016-03-25 07:04:46 -04:00
|
|
|
return callback(new Error("invalid password")) if not password? or password.length < 16
|
2019-12-04 05:03:10 -05:00
|
|
|
|
|
|
|
|
keyLength = if label == "2019.1" then 32 else 64
|
|
|
|
|
keyFn password, Buffer.from(salt, 'hex'), keyLength, (err, key) =>
|
2016-03-25 07:04:46 -04:00
|
|
|
if err?
|
|
|
|
|
logger.err err:err, "error getting Fn key"
|
|
|
|
|
return callback(err)
|
2019-12-04 05:03:10 -05:00
|
|
|
|
|
|
|
|
decipher = if label == "2019.1"
|
|
|
|
|
crypto.createDecipheriv(ALGORITHM, key, Buffer.from(iv, 'hex'))
|
|
|
|
|
else
|
|
|
|
|
crypto.createDecipher(ALGORITHM, key)
|
|
|
|
|
|
2016-03-25 07:04:46 -04:00
|
|
|
dec = decipher.update(cipherText, 'base64', 'utf8') + decipher.final('utf8')
|
|
|
|
|
try
|
|
|
|
|
json = JSON.parse(dec)
|
|
|
|
|
catch e
|
|
|
|
|
return callback(new Error("error decrypting token"))
|
|
|
|
|
callback(null, json)
|
2016-03-25 10:33:38 -04:00
|
|
|
|
|
|
|
|
module.exports = AccessTokenEncryptor
|
