mirror of
https://github.com/kmc7468/arkvault.git
synced 2025-12-16 23:18:48 +00:00
프론트엔드에서의 암호 키 관련된 변수 이름 리팩토링
This commit is contained in:
static
@@ -5,7 +5,7 @@
|
||||
import { TitleDiv, BottomDiv } from "$lib/components/divs";
|
||||
import { TextInput } from "$lib/components/inputs";
|
||||
import { refreshToken } from "$lib/hooks/callAPI";
|
||||
import { keyPairsStore } from "$lib/stores";
|
||||
import { clientKeyStore } from "$lib/stores";
|
||||
import { requestLogin, requestTokenUpgrade } from "./service";
|
||||
|
||||
let { data } = $props();
|
||||
@@ -19,14 +19,11 @@
|
||||
try {
|
||||
if (!(await requestLogin(email, password))) throw new Error("Failed to login");
|
||||
|
||||
if (
|
||||
$keyPairsStore &&
|
||||
!(await requestTokenUpgrade($keyPairsStore.encKeyPair, $keyPairsStore.sigKeyPair))
|
||||
)
|
||||
if ($clientKeyStore && !(await requestTokenUpgrade($clientKeyStore)))
|
||||
throw new Error("Failed to upgrade token");
|
||||
|
||||
await goto(
|
||||
$keyPairsStore
|
||||
$clientKeyStore
|
||||
? data.redirectPath
|
||||
: "/key/generate?redirect=" + encodeURIComponent(data.redirectPath),
|
||||
);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { exportRSAKeyToBase64 } from "$lib/modules/crypto";
|
||||
import { requestTokenUpgrade as requestTokenUpgradeInternal } from "$lib/services/auth";
|
||||
import { requestClientRegistration } from "$lib/services/key";
|
||||
import type { ClientKeys } from "$lib/stores";
|
||||
|
||||
export const requestLogin = async (email: string, password: string) => {
|
||||
const res = await fetch("/api/auth/login", {
|
||||
@@ -13,33 +14,24 @@ export const requestLogin = async (email: string, password: string) => {
|
||||
return res.ok;
|
||||
};
|
||||
|
||||
export const requestTokenUpgrade = async (encKeyPair: CryptoKeyPair, sigKeyPair: CryptoKeyPair) => {
|
||||
const encPubKeyBase64 = await exportRSAKeyToBase64(encKeyPair.publicKey, "public");
|
||||
const sigPubKeyBase64 = await exportRSAKeyToBase64(sigKeyPair.publicKey, "public");
|
||||
if (
|
||||
await requestTokenUpgradeInternal(
|
||||
encPubKeyBase64,
|
||||
encKeyPair.privateKey,
|
||||
sigPubKeyBase64,
|
||||
sigKeyPair.privateKey,
|
||||
)
|
||||
) {
|
||||
export const requestTokenUpgrade = async ({
|
||||
encryptKey,
|
||||
decryptKey,
|
||||
signKey,
|
||||
verifyKey,
|
||||
}: ClientKeys) => {
|
||||
const encryptKeyBase64 = await exportRSAKeyToBase64(encryptKey, "public");
|
||||
const verifyKeyBase64 = await exportRSAKeyToBase64(verifyKey, "public");
|
||||
if (await requestTokenUpgradeInternal(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (
|
||||
await requestClientRegistration(
|
||||
encPubKeyBase64,
|
||||
encKeyPair.privateKey,
|
||||
sigPubKeyBase64,
|
||||
sigKeyPair.privateKey,
|
||||
)
|
||||
) {
|
||||
if (await requestClientRegistration(encryptKeyBase64, decryptKey, verifyKeyBase64, signKey)) {
|
||||
return await requestTokenUpgradeInternal(
|
||||
encPubKeyBase64,
|
||||
encKeyPair.privateKey,
|
||||
sigPubKeyBase64,
|
||||
sigKeyPair.privateKey,
|
||||
encryptKeyBase64,
|
||||
decryptKey,
|
||||
verifyKeyBase64,
|
||||
signKey,
|
||||
);
|
||||
} else {
|
||||
return false;
|
||||
|
||||
@@ -3,13 +3,13 @@
|
||||
import { goto } from "$app/navigation";
|
||||
import { Button, TextButton } from "$lib/components/buttons";
|
||||
import { BottomDiv } from "$lib/components/divs";
|
||||
import { keyPairsStore } from "$lib/stores";
|
||||
import { clientKeyStore } from "$lib/stores";
|
||||
import BeforeContinueBottomSheet from "./BeforeContinueBottomSheet.svelte";
|
||||
import BeforeContinueModal from "./BeforeContinueModal.svelte";
|
||||
import {
|
||||
makeKeyPairsSaveable,
|
||||
exportClientKeys,
|
||||
requestClientRegistration,
|
||||
storeKeyPairsPersistently,
|
||||
storeClientKeys,
|
||||
requestTokenUpgrade,
|
||||
requestInitialMekRegistration,
|
||||
} from "./service";
|
||||
@@ -22,9 +22,16 @@
|
||||
let isBeforeContinueBottomSheetOpen = $state(false);
|
||||
|
||||
const exportKeyPair = () => {
|
||||
const keyPairsSaveable = makeKeyPairsSaveable(data.encKeyPair, data.sigKeyPair);
|
||||
const keyPairsBlob = new Blob([JSON.stringify(keyPairsSaveable)], { type: "application/json" });
|
||||
saveAs(keyPairsBlob, "arkvalut-key.json");
|
||||
const clientKeysExported = exportClientKeys(
|
||||
data.encryptKeyBase64,
|
||||
data.decryptKeyBase64,
|
||||
data.verifyKeyBase64,
|
||||
data.signKeyBase64,
|
||||
);
|
||||
const clientKeysBlob = new Blob([JSON.stringify(clientKeysExported)], {
|
||||
type: "application/json",
|
||||
});
|
||||
saveAs(clientKeysBlob, "arkvalut-clientkey.json");
|
||||
|
||||
if (!isBeforeContinueBottomSheetOpen) {
|
||||
setTimeout(() => {
|
||||
@@ -34,7 +41,7 @@
|
||||
};
|
||||
|
||||
const registerPubKey = async () => {
|
||||
if (!$keyPairsStore) {
|
||||
if (!$clientKeyStore) {
|
||||
throw new Error("Failed to find key pair");
|
||||
}
|
||||
|
||||
@@ -44,29 +51,27 @@
|
||||
try {
|
||||
if (
|
||||
!(await requestClientRegistration(
|
||||
data.encKeyPair.pubKeyBase64,
|
||||
$keyPairsStore.encKeyPair.privateKey,
|
||||
data.sigKeyPair.pubKeyBase64,
|
||||
$keyPairsStore.sigKeyPair.privateKey,
|
||||
data.encryptKeyBase64,
|
||||
$clientKeyStore.decryptKey,
|
||||
data.verifyKeyBase64,
|
||||
$clientKeyStore.signKey,
|
||||
))
|
||||
)
|
||||
throw new Error("Failed to register public key");
|
||||
throw new Error("Failed to register client");
|
||||
|
||||
await storeKeyPairsPersistently($keyPairsStore.encKeyPair, $keyPairsStore.sigKeyPair);
|
||||
await storeClientKeys($clientKeyStore);
|
||||
|
||||
if (
|
||||
!(await requestTokenUpgrade(
|
||||
data.encKeyPair.pubKeyBase64,
|
||||
$keyPairsStore.encKeyPair.privateKey,
|
||||
data.sigKeyPair.pubKeyBase64,
|
||||
$keyPairsStore.sigKeyPair.privateKey,
|
||||
data.encryptKeyBase64,
|
||||
$clientKeyStore.decryptKey,
|
||||
data.verifyKeyBase64,
|
||||
$clientKeyStore.signKey,
|
||||
))
|
||||
)
|
||||
throw new Error("Failed to upgrade token");
|
||||
|
||||
if (
|
||||
!(await requestInitialMekRegistration(data.mekDraft, $keyPairsStore.encKeyPair.publicKey))
|
||||
)
|
||||
if (!(await requestInitialMekRegistration(data.mekDraft, $clientKeyStore.encryptKey)))
|
||||
throw new Error("Failed to register initial MEK");
|
||||
|
||||
await goto(data.redirectPath);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { callAPI } from "$lib/hooks";
|
||||
import { storeRSAKey } from "$lib/indexedDB";
|
||||
import { encodeToBase64, encryptRSAPlaintext } from "$lib/modules/crypto";
|
||||
import type { ClientKeys } from "$lib/stores";
|
||||
|
||||
export { requestTokenUpgrade } from "$lib/services/auth";
|
||||
export { requestClientRegistration } from "$lib/services/key";
|
||||
@@ -10,44 +11,41 @@ type ExportedKeyPairs = {
|
||||
exportedAt: Date;
|
||||
} & {
|
||||
version: 1;
|
||||
encKeyPair: { pubKey: string; privKey: string };
|
||||
sigKeyPair: { pubKey: string; privKey: string };
|
||||
encryptKey: string;
|
||||
decryptKey: string;
|
||||
verifyKey: string;
|
||||
signKey: string;
|
||||
};
|
||||
|
||||
export const makeKeyPairsSaveable = (
|
||||
encKeyPair: { pubKeyBase64: string; privKeyBase64: string },
|
||||
sigKeyPair: { pubKeyBase64: string; privKeyBase64: string },
|
||||
export const exportClientKeys = (
|
||||
encryptKeyBase64: string,
|
||||
decryptKeyBase64: string,
|
||||
verifyKeyBase64: string,
|
||||
signKeyBase64: string,
|
||||
) => {
|
||||
return {
|
||||
version: 1,
|
||||
generator: "ArkVault",
|
||||
exportedAt: new Date(),
|
||||
encKeyPair: {
|
||||
pubKey: encKeyPair.pubKeyBase64,
|
||||
privKey: encKeyPair.privKeyBase64,
|
||||
},
|
||||
sigKeyPair: {
|
||||
pubKey: sigKeyPair.pubKeyBase64,
|
||||
privKey: sigKeyPair.privKeyBase64,
|
||||
},
|
||||
encryptKey: encryptKeyBase64,
|
||||
decryptKey: decryptKeyBase64,
|
||||
verifyKey: verifyKeyBase64,
|
||||
signKey: signKeyBase64,
|
||||
} satisfies ExportedKeyPairs;
|
||||
};
|
||||
|
||||
export const storeKeyPairsPersistently = async (
|
||||
encKeyPair: CryptoKeyPair,
|
||||
sigKeyPair: CryptoKeyPair,
|
||||
) => {
|
||||
await storeRSAKey(encKeyPair.publicKey, "encrypt");
|
||||
await storeRSAKey(encKeyPair.privateKey, "decrypt");
|
||||
await storeRSAKey(sigKeyPair.publicKey, "verify");
|
||||
await storeRSAKey(sigKeyPair.privateKey, "sign");
|
||||
export const storeClientKeys = async (clientKeys: ClientKeys) => {
|
||||
await storeRSAKey(clientKeys.encryptKey, "encrypt");
|
||||
await storeRSAKey(clientKeys.decryptKey, "decrypt");
|
||||
await storeRSAKey(clientKeys.signKey, "sign");
|
||||
await storeRSAKey(clientKeys.verifyKey, "verify");
|
||||
};
|
||||
|
||||
export const requestInitialMekRegistration = async (
|
||||
mekDraft: ArrayBuffer,
|
||||
publicKey: CryptoKey,
|
||||
encryptKey: CryptoKey,
|
||||
) => {
|
||||
const mekDraftEncrypted = await encryptRSAPlaintext(mekDraft, publicKey);
|
||||
const mekDraftEncrypted = await encryptRSAPlaintext(mekDraft, encryptKey);
|
||||
const res = await callAPI("/api/mek/register/initial", {
|
||||
method: "POST",
|
||||
headers: {
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
import { Button, TextButton } from "$lib/components/buttons";
|
||||
import { TitleDiv, BottomDiv } from "$lib/components/divs";
|
||||
import { gotoStateful } from "$lib/hooks";
|
||||
import { keyPairsStore } from "$lib/stores";
|
||||
import { clientKeyStore } from "$lib/stores";
|
||||
import Order from "./Order.svelte";
|
||||
import { generateKeyPairs, generateMekDraft } from "./service";
|
||||
import { generateClientKeys, generateMekDraft } from "./service";
|
||||
|
||||
import IconKey from "~icons/material-symbols/key";
|
||||
|
||||
@@ -34,19 +34,18 @@
|
||||
const generate = async () => {
|
||||
// TODO: Loading indicator
|
||||
|
||||
const { encKeyPair, sigKeyPair } = await generateKeyPairs();
|
||||
const clientKeys = await generateClientKeys();
|
||||
const { mekDraft } = await generateMekDraft();
|
||||
|
||||
await gotoStateful("/key/export", {
|
||||
...clientKeys,
|
||||
redirectPath: data.redirectPath,
|
||||
encKeyPair,
|
||||
sigKeyPair,
|
||||
mekDraft,
|
||||
});
|
||||
};
|
||||
|
||||
$effect(() => {
|
||||
if ($keyPairsStore) {
|
||||
if ($clientKeyStore) {
|
||||
goto(data.redirectPath);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -8,32 +8,24 @@ import {
|
||||
makeAESKeyNonextractable,
|
||||
exportAESKey,
|
||||
} from "$lib/modules/crypto";
|
||||
import { keyPairsStore, mekStore } from "$lib/stores";
|
||||
import { clientKeyStore, mekStore } from "$lib/stores";
|
||||
|
||||
export const generateKeyPairs = async () => {
|
||||
export const generateClientKeys = async () => {
|
||||
const encKeyPair = await generateRSAEncKeyPair();
|
||||
const sigKeyPair = await generateRSASigKeyPair();
|
||||
|
||||
keyPairsStore.set({
|
||||
encKeyPair: {
|
||||
publicKey: encKeyPair.publicKey,
|
||||
privateKey: await makeRSAEncKeyNonextractable(encKeyPair.privateKey, "private"),
|
||||
},
|
||||
sigKeyPair: {
|
||||
publicKey: sigKeyPair.publicKey,
|
||||
privateKey: await makeRSASigKeyNonextractable(sigKeyPair.privateKey, "private"),
|
||||
},
|
||||
clientKeyStore.set({
|
||||
encryptKey: encKeyPair.publicKey,
|
||||
decryptKey: await makeRSAEncKeyNonextractable(encKeyPair.privateKey, "private"),
|
||||
signKey: await makeRSASigKeyNonextractable(sigKeyPair.privateKey, "private"),
|
||||
verifyKey: sigKeyPair.publicKey,
|
||||
});
|
||||
|
||||
return {
|
||||
encKeyPair: {
|
||||
pubKeyBase64: await exportRSAKeyToBase64(encKeyPair.publicKey, "public"),
|
||||
privKeyBase64: await exportRSAKeyToBase64(encKeyPair.privateKey, "private"),
|
||||
},
|
||||
sigKeyPair: {
|
||||
pubKeyBase64: await exportRSAKeyToBase64(sigKeyPair.publicKey, "public"),
|
||||
privKeyBase64: await exportRSAKeyToBase64(sigKeyPair.privateKey, "private"),
|
||||
},
|
||||
encryptKeyBase64: await exportRSAKeyToBase64(encKeyPair.publicKey, "public"),
|
||||
decryptKeyBase64: await exportRSAKeyToBase64(encKeyPair.privateKey, "private"),
|
||||
signKeyBase64: await exportRSAKeyToBase64(sigKeyPair.privateKey, "private"),
|
||||
verifyKeyBase64: await exportRSAKeyToBase64(sigKeyPair.publicKey, "public"),
|
||||
};
|
||||
};
|
||||
|
||||
@@ -42,7 +34,7 @@ export const generateMekDraft = async () => {
|
||||
const mekSecured = await makeAESKeyNonextractable(mek);
|
||||
|
||||
mekStore.update((meks) => {
|
||||
meks.set(meks.size, mekSecured);
|
||||
meks.set(0, mekSecured);
|
||||
return meks;
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user