5 changed files with 37 additions and 29 deletions
Split View
Diff Options
-
+24 -18src/main/java/planetrenox/controller/FormController.java
-
+5 -3src/main/java/planetrenox/encryption/AES256_GCM.java
-
+4 -2src/main/java/planetrenox/encryption/BCryptSHA256.java
-
+2 -1src/main/java/planetrenox/mongodb/Dungeon.java
-
+2 -5src/main/resources/static/js/main.js
+ 24
- 18
src/main/java/planetrenox/controller/FormController.java
View File
| @@ -1,5 +1,6 @@ | |||
| package planetrenox.controller; | |||
| import lombok.NonNull; | |||
| import org.springframework.beans.factory.annotation.Autowired; | |||
| import org.springframework.web.bind.annotation.*; | |||
| import planetrenox.encryption.AES256_GCM; | |||
| @@ -21,15 +22,16 @@ public class FormController | |||
| * "DOCUMENT_TYPE": "DECRYPT_SUCCESS" || "DECRYPT_FAILURE" | |||
| */ | |||
| @PostMapping(path = "/", params = {"name", "password"}) | |||
| public Map<String, Object> login(@RequestParam("name") String name, @RequestParam("password") String password) | |||
| public Map<String, Object> login | |||
| (@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password) | |||
| { | |||
| Map<String, Object> loginDocument = RequestValidation.validateLogin(name, password); | |||
| if ((boolean) loginDocument.get("INVALID")) return loginDocument; // Validation Failed | |||
| else // Validation Successful | |||
| { | |||
| name = (String) loginDocument.get("CLEAN_NAME"); | |||
| final String sanitizedName = (String) loginDocument.get("CLEAN_NAME"); | |||
| loginDocument.clear(); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(name); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName); | |||
| if (dungeon == null) // New User | |||
| { | |||
| loginDocument.put("DOCUMENT_TYPE", "NEW_USER"); | |||
| @@ -57,20 +59,21 @@ public class FormController | |||
| * "DOCUMENT_TYPE": "DECRYPT_FAILURE" | |||
| */ | |||
| @PostMapping(path = "/", params = {"name", "password", "text", "tabs"}) | |||
| public Map<String, Object> save(@RequestParam("name") String name, @RequestParam("password") String password, @RequestParam("text") String text, @RequestParam("tabs") int tabs) | |||
| public Map<String, Object> save | |||
| (@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password, @NonNull @RequestParam("text") final String text, @NonNull @RequestParam("tabs") final int tabs) | |||
| { | |||
| Map<String, Object> saveDocument = RequestValidation.validateSave(name, password, text, tabs); | |||
| if ((boolean) saveDocument.get("INVALID")) return saveDocument; // Validation Failed | |||
| else // Validation Successful | |||
| { | |||
| name = (String) saveDocument.get("CLEAN_NAME"); | |||
| text = (String) saveDocument.get("CLEAN_TEXT"); | |||
| final String sanitizedName = (String) saveDocument.get("CLEAN_NAME"); | |||
| final String sanitizedText = (String) saveDocument.get("CLEAN_TEXT"); | |||
| saveDocument.clear(); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(name); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName); | |||
| if (dungeon == null) // New User | |||
| { | |||
| saveDocument.put("DOCUMENT_TYPE", "SAVED"); | |||
| dungeon = new Dungeon(name, AES256_GCM.encrypt(text, password), new java.util.HashMap<>(Map.of( | |||
| dungeon = new Dungeon(sanitizedName, AES256_GCM.encrypt(sanitizedText, password), new java.util.HashMap<>(Map.of( | |||
| "TAB_COUNT", Integer.toString(tabs), | |||
| "TYPE", "FREE" | |||
| ))); | |||
| @@ -84,7 +87,7 @@ public class FormController | |||
| } else // Password Correct - Saved | |||
| { | |||
| saveDocument.put("DOCUMENT_TYPE", "SAVED"); | |||
| dungeon.setEncryptionData(AES256_GCM.encrypt(text, password)); | |||
| dungeon.setEncryptionData(AES256_GCM.encrypt(sanitizedText, password)); | |||
| Map<String, String> meta = dungeon.getMeta(); | |||
| meta.put("TAB_COUNT", Integer.toString(tabs)); | |||
| dungeon.setMeta(meta); | |||
| @@ -96,9 +99,12 @@ public class FormController | |||
| } | |||
| @PostMapping(path = "/", params = {"name", "password", "delete"}) | |||
| public void delete(@RequestParam("name") String name, @RequestParam("password") String password) | |||
| public void delete | |||
| (@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password) | |||
| { | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(name); | |||
| Map<String, Object> deleteDocument = RequestValidation.validateLogin(name, password); | |||
| final String sanitizedName = (String) deleteDocument.get("CLEAN_NAME"); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName); | |||
| if (dungeon != null) | |||
| { | |||
| dungeon.setCleartext(AES256_GCM.decrypt(dungeon.getEncryptionData(), password)); | |||
| @@ -109,17 +115,18 @@ public class FormController | |||
| } | |||
| } | |||
| @PostMapping(path = "/", params = {"name", "password", "text", "tabs, newpassword"}) | |||
| public Map<String, Object> reset(@RequestParam("name") String name, @RequestParam("password") String password, @RequestParam("text") String text, @RequestParam("tabs") int tabs, @RequestParam("newpassword") String newPassword) | |||
| @PostMapping(path = "/", params = {"name", "password", "text", "tabs", "newpassword"}) | |||
| public Map<String, Object> reset | |||
| (@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password, @NonNull @RequestParam("text") final String text, @NonNull @RequestParam("tabs") final int tabs, @NonNull @RequestParam("newpassword") final String newPassword) | |||
| { | |||
| Map<String, Object> saveDocument = RequestValidation.validateReset(name, password, text, tabs, newPassword); | |||
| if ((boolean) saveDocument.get("INVALID")) return saveDocument; // Validation Failed | |||
| else // Validation Successful | |||
| { | |||
| name = (String) saveDocument.get("CLEAN_NAME"); | |||
| text = (String) saveDocument.get("CLEAN_TEXT"); | |||
| final String sanitizedName = (String) saveDocument.get("CLEAN_NAME"); | |||
| final String sanitizedText = (String) saveDocument.get("CLEAN_TEXT"); | |||
| saveDocument.clear(); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(name); | |||
| Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName); | |||
| if (dungeon != null) | |||
| { | |||
| if (AES256_GCM.decrypt(dungeon.getEncryptionData(), password) == null) // DECRYPT FAILURE | |||
| @@ -128,7 +135,7 @@ public class FormController | |||
| } else // Password Correct | |||
| { | |||
| saveDocument.put("DOCUMENT_TYPE", "SAVED"); | |||
| dungeon.setEncryptionData(AES256_GCM.encrypt(text, newPassword)); | |||
| dungeon.setEncryptionData(AES256_GCM.encrypt(sanitizedText, newPassword)); | |||
| Map<String, String> meta = dungeon.getMeta(); | |||
| meta.put("TAB_COUNT", Integer.toString(tabs)); | |||
| dungeon.setMeta(meta); | |||
| @@ -138,5 +145,4 @@ public class FormController | |||
| return saveDocument; | |||
| } | |||
| } | |||
| } | |||
+ 5
- 3
src/main/java/planetrenox/encryption/AES256_GCM.java
View File
| @@ -3,6 +3,8 @@ | |||
| package planetrenox.encryption; | |||
| import lombok.NonNull; | |||
| import javax.crypto.*; | |||
| import java.nio.charset.StandardCharsets; | |||
| import java.security.InvalidAlgorithmParameterException; | |||
| @@ -23,7 +25,7 @@ public class AES256_GCM | |||
| private AES256_GCM(){} | |||
| public static byte[] encrypt(String cleartext, String clearPass) | |||
| public static byte[] encrypt(@NonNull final String cleartext, @NonNull final String clearPass) | |||
| { | |||
| byte[] shaltAndBaltAndNonceAndCipher = null; | |||
| @@ -63,7 +65,7 @@ public class AES256_GCM | |||
| } // encrypt. | |||
| public static String decrypt(byte[] shaltAndBaltAndNonceAndCipher, String clearPass) | |||
| public static String decrypt(@NonNull final byte[] shaltAndBaltAndNonceAndCipher, @NonNull final String clearPass) | |||
| { | |||
| String decryptedText = null; | |||
| @@ -72,7 +74,7 @@ public class AES256_GCM | |||
| byte[] shaltAndBalt = new byte[SHALT_LENGTH + BALT_LENGTH]; | |||
| System.arraycopy(shaltAndBaltAndNonceAndCipher, 0, shaltAndBalt, 0, SHALT_LENGTH); | |||
| System.arraycopy(shaltAndBaltAndNonceAndCipher, SHALT_LENGTH, shaltAndBalt, SHALT_LENGTH, BALT_LENGTH); | |||
| final SecretKeySpec key = new SecretKeySpec(BCryptSHA256.initHashWithShalt(clearPass, shaltAndBalt), "AES"); | |||
| final SecretKeySpec key = new SecretKeySpec(BCryptSHA256.initHashWithShaltAndBalt(clearPass, shaltAndBalt), "AES"); | |||
| final Cipher aesCipherInstance = Cipher.getInstance("AES/GCM/NoPadding"); | |||
| final GCMParameterSpec params = new GCMParameterSpec(GCM_TAG_LENGTH, shaltAndBaltAndNonceAndCipher, SHALT_LENGTH + BALT_LENGTH, NONCE_LENGTH); | |||
| aesCipherInstance.init(Cipher.DECRYPT_MODE, key, params); | |||
+ 4
- 2
src/main/java/planetrenox/encryption/BCryptSHA256.java
View File
| @@ -3,6 +3,8 @@ | |||
| package planetrenox.encryption; | |||
| import lombok.NonNull; | |||
| import java.math.BigInteger; | |||
| import java.nio.charset.StandardCharsets; | |||
| import java.security.MessageDigest; | |||
| @@ -20,7 +22,7 @@ public class BCryptSHA256 | |||
| private BCryptSHA256(){} | |||
| // SHA-256(BCrypt(SHA-256))) | |||
| public static byte[] initHash(String clearPass) | |||
| public static byte[] initHash(@NonNull final String clearPass) | |||
| { | |||
| byte[] derivedShaltAndBaltAndHashByte = new byte[SHALT_LENGTH + BALT_LENGTH + HASH_LENGTH]; | |||
| @@ -54,7 +56,7 @@ public class BCryptSHA256 | |||
| } // initHash. | |||
| public static byte[] initHashWithShalt(String clearPass, byte[] shaltAndBalt) | |||
| public static byte[] initHashWithShaltAndBalt(@NonNull final String clearPass, @NonNull final byte[] shaltAndBalt) | |||
| { | |||
| byte[] derivedHashByte = new byte[32]; | |||
+ 2
- 1
src/main/java/planetrenox/mongodb/Dungeon.java
View File
| @@ -1,6 +1,7 @@ | |||
| package planetrenox.mongodb; | |||
| import lombok.Getter; | |||
| import lombok.NonNull; | |||
| import lombok.Setter; | |||
| import org.springframework.data.annotation.Id; | |||
| import org.springframework.data.annotation.Transient; | |||
| @@ -19,7 +20,7 @@ public class Dungeon | |||
| @Getter @Setter private Map<String, String> meta = new HashMap<>(); | |||
| @Transient @Getter @Setter String cleartext; | |||
| public Dungeon(String name, byte[] encryptionData, Map<String, String> meta) | |||
| public Dungeon(@NonNull String name, @NonNull byte[] encryptionData, @NonNull Map<String, String> meta) | |||
| { | |||
| this.name = name; | |||
| this.creationDate = new Date(); | |||
+ 2
- 5
src/main/resources/static/js/main.js
View File
| @@ -67,17 +67,15 @@ function initValidateSave() { // TODO not allowing saves straight from the form | |||
| if (resettingPass) sessionStorage.setItem("oldpassword", sessionStorage.getItem(name)); | |||
| tabContent.set(currentTabID, document.getElementById("textarea").value); | |||
| tabContent.forEach(combineTabsLocalEvent); | |||
| function combineTabsLocalEvent(values) { | |||
| tabTitleCount++; | |||
| if (values !== "" && values != null) { | |||
| tabCount++; | |||
| empty = false; | |||
| text += values + "|textdungeon-tab|"; | |||
| document.getElementById("tab" + tabTitleCount).textContent = values.substring(0, 10); | |||
| document.getElementById("tab" + tabTitleCount).textContent = values.substring(0, 10); // setting tab titles | |||
| } | |||
| } | |||
| if (document.getElementById("password-form").value === "") // logged in user | |||
| password = sessionStorage.getItem(name); | |||
| else | |||
| @@ -207,9 +205,8 @@ function saveLocalEvent(name, password, text, tabCount) { | |||
| xmlrequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8"); | |||
| if (resettingPass) | |||
| xmlrequest.send("name=" + name + "&password=" + sessionStorage.getItem("oldpassword") + "&text=" + text + "&tabs=" + tabCount + "&newpassword=" + password); | |||
| else { | |||
| else | |||
| xmlrequest.send("name=" + name + "&password=" + password + "&text=" + text + "&tabs=" + tabCount); | |||
| } | |||
| xmlrequest.onload = function () { | |||
| saveResponseLocalEvent(xmlrequest.response); | |||
| } | |||