Skip to content

Commit

Permalink
Fix signature verification
Browse files Browse the repository at this point in the history
  • Loading branch information
@artemlos
artemlos committed Mar 28, 2019
1 parent a95640d commit 7ba7297
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 19 deletions.
29 changes: 29 additions & 0 deletions internal/HelperMethods.js
View file
@@ -0,0 +1,29 @@
module.exports = class HelperMethods {

/**
* Verify that a response obtained from Key.Activate has not been tampered with.
* @param {object} response
* @param {string} rsaPubKey
*/
static VerifySignature(response, rsaPubKey) {
const NodeRSA = require('node-rsa');
const key = new NodeRSA();
var pubKey = HelperMethods.GetPublicKeyParams(rsaPubKey);
key.importKey({ n: pubKey.modulus, e: pubKey.exponent }, 'components-public');
return key.verify(Buffer.from(response["licenseKey"], "base64"), Buffer.from(response["signature"], "base64"));
}

/**
* Returns a dictionary with the modulus and exponent obtained from an RSA Public key string.
*/
static GetPublicKeyParams(str) {

var modulus_str = str.substring(str.indexOf('<Modulus>')+8, str.indexOf('</Modulus>'));
var exponent_str = str.substring(str.indexOf('<Exponent>')+9, str.indexOf('</Exponent>'));

return {
modulus: new Buffer.from(modulus_str, 'base64'),
exponent: new Buffer.from(exponent_str, 'base64')
}
}
}
5 changes: 5 additions & 0 deletions main.js
View file
@@ -0,0 +1,5 @@
const key = require('./methods/Key.js');

module.exports = {
Key : key
}
13 changes: 11 additions & 2 deletions methods/Key.js
View file
@@ -1,7 +1,8 @@
const request = require('request');
const helpers = require('../internal/HelperMethods.js');

module.exports = class Key {
static Activate(token, ProductId, Key, MachineCode = "", FieldsToReturn = 0, Metadata=false, FloatingTimeInterval = 0, MaxOverdraft = 0) {
static Activate(token, RSAPubKey, ProductId, Key, MachineCode = "", FieldsToReturn = 0, Metadata=false, FloatingTimeInterval = 0, MaxOverdraft = 0) {

return new Promise((resolve, reject) => {
request(`https://app.cryptolens.io/api/key/Activate?token=${token}&productId=${ProductId}&Key=${Key}&machineCode=${MachineCode}&fieldsToReturn=${FieldsToReturn}&Metadata=${Metadata}&FloatingTimeInterval=${FloatingTimeInterval}&MaxOverdraft=${MaxOverdraft}&Sign=true&SignMethod=1`, { json: true }, (err, res, body) => {
Expand All @@ -11,8 +12,16 @@ module.exports = class Key {
console.warn(body.message);
}
resolve(null);
} else {
if(helpers.VerifySignature(body, RSAPubKey)) {
var license = JSON.parse(Buffer.from(body["licenseKey"], "base64").toString("utf-8"));
license.RawResponse = body;
resolve(license);
} else{
console.warn("Signature verification failed.");
resolve(null);
}
}
resolve(body);
});
});

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Expand Up @@ -2,7 +2,7 @@
"name": "cryptolens",
"version": "1.0.0",
"description": "Client API for NodeJS to access Cryptolens Software Licensing API",
"main": "index.js",
"main": "main.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
Expand Down
20 changes: 4 additions & 16 deletions test.js
View file
@@ -1,20 +1,8 @@
var Key = require("./methods/Key.js")
const helpers = require('./internal/HelperMethods.js');

var result = Key.Activate(token="WyIzMjkwIiwiQUFab0Y4Wmk0ckt1U2l1U2Rya3FXREF5TFlzTnNMcDZiQlNIb3hSSSJd", ProductId=3349, Key="GEBNC-WZZJD-VJIHG-GCMVD", MachineCode="test");
var RSAPubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
var result = Key.Activate(token="WyIzMjkwIiwiQUFab0Y4Wmk0ckt1U2l1U2Rya3FXREF5TFlzTnNMcDZiQlNIb3hSSSJd", RSAPubKey, ProductId=3349, Key="GEBNC-WZZJD-VJIHG-GCMVD", MachineCode="test");

//result.then(function(s) {console.log(s)});
result.then((s)=> console.log(s));

const modulus = new Buffer.from("sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==", 'base64');
const exponent = new Buffer.from('AQAB', 'base64');
let data = Buffer.from("eyJQcm9kdWN0SWQiOjMzNDksIklEIjo1LCJLZXkiOiJHRUJOQy1XWlpKRC1WSklIRy1HQ01WRCIsIkNyZWF0ZWQiOjE0NDA2MzM2MDAsIkV4cGlyZXMiOjE1MzQ3MjMyMDAsIlBlcmlvZCI6NTAsIkYxIjp0cnVlLCJGMiI6ZmFsc2UsIkYzIjpmYWxzZSwiRjQiOmZhbHNlLCJGNSI6dHJ1ZSwiRjYiOmZhbHNlLCJGNyI6ZmFsc2UsIkY4IjpmYWxzZSwiTm90ZXMiOm51bGwsIkJsb2NrIjpmYWxzZSwiR2xvYmFsSWQiOjI0OTY3LCJDdXN0b21lciI6bnVsbCwiQWN0aXZhdGVkTWFjaGluZXMiOlt7Ik1pZCI6IiIsIklQIjoiMjE5LjEzNy42NS4xMTAiLCJUaW1lIjoxNTUzNTc3NTM5fSx7Ik1pZCI6IjFEQzgyMkZBQTgyMUMyRjkzNzU2MjM3RThCNzQwOUVGOUMwQzk5MzUxQkQyRkY3QjhFOEVBQTZGOUM0QzM1NDgiLCJJUCI6IjE3Ni45My4xOTYuMTAzIiwiVGltZSI6MTU1MzUzMDY0Mn0seyJNaWQiOiIyRkU2MjBDOUM2MkY2QThCQkQxN0YyQUY0OUUxMjQzNEI3QzJDRkM2N0ZEMkY0OEMyQ0IwOTA4OTNDNEI0Njk0IiwiSVAiOiI2Mi45Ny4yNDIuNTgiLCJUaW1lIjoxNTUxNDM2OTAwfSx7Ik1pZCI6IjYwQzdDQzhCNDY5MzA4OTUzMDJBODY3QTU2QTE2OTg4MzBCNUIwOTU5RDBGNjZDMDVCNUYyNzAwOEJFQjMxQzAiLCJJUCI6IjIxOS4xMzcuNjUuMTEwIiwiVGltZSI6MTU1MzU3NjcwMn0seyJNaWQiOiJCNzk2MzA1MjQwQUMwOTU0N0U2RkM3QUVENjIwOTNFRUYwRDc2RDdDODlFM0M2MDcwQThDOUVCNDA0QUE3Q0FDIiwiSVAiOiI4NC4yNTEuMjE0LjI0IiwiVGltZSI6MTU1MDMxMDQ5N30seyJNaWQiOiJGNzFCQkM4Q0QyMUIyNkE0MDUwNUNERjY3ODg2QkZGODVDRjdDMEEwNkE0NTQxQzU3NzRFMDFGMzkzQkVBRUYzIiwiSVAiOiI4NS4yMjkuMjQ1LjIzNiIsIlRpbWUiOjE1NTA0NzkyNzJ9LHsiTWlkIjoidGVzdCIsIklQIjoiODUuMjI5LjI0NS4yMzYiLCJUaW1lIjoxNTQ5ODczMzM2fV0sIlRyaWFsQWN0aXZhdGlvbiI6ZmFsc2UsIk1heE5vT2ZNYWNoaW5lcyI6MTAsIkFsbG93ZWRNYWNoaW5lcyI6IiIsIkRhdGFPYmplY3RzIjpbeyJJZCI6MTc4OCwiTmFtZSI6InRlc3QiLCJTdHJpbmdWYWx1ZSI6InRlc3QiLCJJbnRWYWx1ZSI6M30seyJJZCI6MTc5NCwiTmFtZSI6InVzYWdlY291bnQiLCJTdHJpbmdWYWx1ZSI6IiIsIkludFZhbHVlIjowfSx7IklkIjoxODI0LCJOYW1lIjoidGVzdCIsIlN0cmluZ1ZhbHVlIjoidGVzdCIsIkludFZhbHVlIjozfSx7IklkIjoxODI1LCJOYW1lIjoidGVzdCIsIlN0cmluZ1ZhbHVlIjoidGVzdCIsIkludFZhbHVlIjozfSx7IklkIjoxODMzLCJOYW1lIjoidGVzdDIiLCJTdHJpbmdWYWx1ZSI6InRlc3QiLCJJbnRWYWx1ZSI6M30seyJJZCI6MTgzNiwiTmFtZSI6InRlc3QyIiwiU3RyaW5nVmFsdWUiOiJ0ZXN0IiwiSW50VmFsdWUiOjN9LHsiSWQiOjE4NDIsIk5hbWUiOiJ0ZXN0MiIsIlN0cmluZ1ZhbHVlIjoidGVzdCIsIkludFZhbHVlIjozfSx7IklkIjoxODU2LCJOYW1lIjoidGVzdDIiLCJTdHJpbmdWYWx1ZSI6InRlc3QiLCJJbnRWYWx1ZSI6M31dLCJTaWduRGF0ZSI6MTU1Mzc2ODYwMX0=", 'base64');
let sig = Buffer.from("g5G7n1ThdEz9/NPxaFEibqxopKiBOoHGrC5gqT9oyjkHAMK5AzcqPJt2Mgy7Aivw+233eDEYMe4OGkeP4dE+XJQmNqJiMaJINVhOHtJvXD/5Aumtv14w1abC2cYkkcE+1b0lXRiDDGPhEdV3bER1dvw4rxRaMQy6Dn7t9lbZa5wOJomA5NUjRMKkvBAZ84TRMUbhaqWkVu09qBdLqLOQYUwMpbhzkMkr8NPk5AA2IlZaxf6kfIG7f81EvRpGR1qBJATdYHnNhKn8rWRuHCtje9RgoVlcflIiKnKmnutLAlZECI5cflkCKelHZduifK0dQEOFKYk5Vsc6nBlYEr1IAg==", 'base64');

/*const crypto = require('crypto');
var key = crypto.createPublicKey({key: data, format:"der", type: "pkcs1"});*/

const NodeRSA = require('node-rsa');
const key = new NodeRSA();
key.importKey({ n: modulus, e: exponent }, 'components-public');

console.log(key.verify(data, sig));

0 comments on commit 7ba7297

Please sign in to comment.