-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdomtegrity-server.js
115 lines (84 loc) · 3.21 KB
/
domtegrity-server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
var fs = require('fs');
var https = require('https');
var express = require('express');
var crypto = require('crypto');
var bodyParser = require('body-parser');
var app = express();
var urlencodedParser = bodyParser.urlencoded({
extended: false
});
var options = {
key: fs.readFileSync('Certificates/server-key.pem'),
cert: fs.readFileSync('Certificates/server-cert.pem'),
ca: fs.readFileSync('Certificates/ca-cert.pem'),
requestCert: true, // ask for a client cert
rejectUnauthorized: false, // act on unauthorized clients at the app level
};
app.use(express.static('Client'));
var tlsSessionTokenStore = {};
var tlsSessionServerSideData = {};
var test = {};
var pageServer = https.createServer(options, app);
pageServer.listen(8080);
var WebSocketServer = require('ws').Server
, wss = new WebSocketServer({server: pageServer});
wss.on('connection', function(socket) {
var sessionID = socket.upgradeReq.socket.getSession().toString('hex');
var p1 = new Promise(
function(resolve, reject) {
const pKey = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
tlsSessionTokenStore[sessionID] = {
"private": pKey,
"iv": iv
};
tlsSessionServerSideData[sessionID] = {
time: new Date(),
decide: false
}
resolve(JSON.stringify(tlsSessionTokenStore[sessionID]));
});
p1.then(
function(val) {
socket.send(val);
}
)
.catch(
function(reason) {
console.log("The Promise is rejected becuase of " + reason);
}
);
socket.on('message', function(signature) {
const hmac = crypto.createHmac('sha256', tlsSessionTokenStore[sessionID].private);
// This is the test PID... you might use other PIDs in your page.
var pid = '2222222222222222211'+(fs.readFileSync("Client/index.html").toString()).replace(/["']+/g, '').replace(/[\n\r]+/g, '').replace(/\s{1,50}/g, '').trim();
hmac.update(pid);
var temp = hmac.digest();
var timeNow = new Date();
var reason = "";
if (!tlsSessionServerSideData[sessionID].decide) {
if (timeNow.getTime() < (tlsSessionServerSideData[sessionID].time.getTime() + 1200000)) {
if (temp.toString("hex") == signature.toString("hex")) {
decision = "accept";
} else {
decision = "reject";
reason = "The signature was inccorect!";
}
} else {
decision = "reject";
reason = "Request time bound from your browser is expired!";
}
} else {
decision = "reject";
reason = "There was another request from your browser!";
}
tlsSessionServerSideData[sessionID].decide = true;
/* ---> If you want, you can encrypt the server decision and send it to the client (not necessary and adds no security to the current protocol)
socket.emit("final", {
"content": crypted,
"reason": reason
});
*/
console.log(decision);
});
});