feat(signature): verify hash
All checks were successful
Open PR on Staging / audit_and_check (pull_request) Successful in 38s

This commit is contained in:
enes 2024-11-22 16:31:38 +01:00
parent 3255e93121
commit a371e98e9e

View File

@ -15,14 +15,9 @@ export const SignatureStrategy: MarkStrategy = {
render: MarkRenderSignature, render: MarkRenderSignature,
encryptAndUpload: async (value, encryptionKey) => { encryptAndUpload: async (value, encryptionKey) => {
// Value is the stringified signature object // Value is the stringified signature object
// Encode it as text to the arrayBuffer // Encode it to the arrayBuffer
const encoder = new TextEncoder() const encoder = new TextEncoder()
const uint8Array = encoder.encode(value) const uint8Array = encoder.encode(value)
const hash = await getHash(uint8Array)
if (!hash) {
throw new Error("Can't get file hash.")
}
if (!encryptionKey) { if (!encryptionKey) {
throw new Error('Signature requires an encryption key') throw new Error('Signature requires an encryption key')
@ -34,6 +29,11 @@ export const SignatureStrategy: MarkStrategy = {
encryptionKey encryptionKey
) )
const hash = await getHash(encryptedArrayBuffer)
if (!hash) {
throw new Error("Can't get encrypted file hash.")
}
// Create the encrypted json file from array buffer and hash // Create the encrypted json file from array buffer and hash
const file = new File([encryptedArrayBuffer], `${hash}.json`) const file = new File([encryptedArrayBuffer], `${hash}.json`)
@ -51,7 +51,7 @@ export const SignatureStrategy: MarkStrategy = {
} }
} }
} else { } else {
// Handle offline? // TOOD: offline
} }
return value return value
@ -65,6 +65,15 @@ export const SignatureStrategy: MarkStrategy = {
responseType: 'arraybuffer' responseType: 'arraybuffer'
}) })
// Verify hash
const parts = value.split('/')
const urlHash = parts[parts.length - 1]
const hash = await getHash(encryptedArrayBuffer.data)
if (hash !== urlHash) {
// TODO: handle hash verification failing
throw new Error('Unable to verify signature')
}
const arrayBuffer = await decryptArrayBuffer( const arrayBuffer = await decryptArrayBuffer(
encryptedArrayBuffer.data, encryptedArrayBuffer.data,
encryptionKey encryptionKey
@ -76,11 +85,11 @@ export const SignatureStrategy: MarkStrategy = {
if (arrayBuffer) { if (arrayBuffer) {
// decode json // decode json
const decoder = new TextDecoder() const decoder = new TextDecoder()
const value = decoder.decode(arrayBuffer) const json = decoder.decode(arrayBuffer)
return value return json
} }
// Handle offline? // TOOD: offline
return value return value
} }
} }