├── .gitignore ├── LICENSE ├── README.md ├── app ├── app.js ├── controllers │ ├── confirm.js │ ├── loggedIn.js │ ├── register.js │ └── signIn.js ├── factories │ └── utils.js ├── services │ └── AuthService.js └── views │ ├── confirm.html │ ├── loggedIn.html │ ├── register.html │ └── signIn.html ├── bower.json ├── img └── arch_diagram.png ├── index.html └── lib ├── aws-variables.js ├── cognito ├── amazon-cognito-identity.min.js ├── amazon-cognito-identity.min.js.map ├── aws-cognito-sdk.min.js └── aws-cognito-sdk.min.js.map ├── jsbn ├── LICENSE ├── jsbn.js └── jsbn2.js └── sjcl ├── LICENSE.txt └── sjcl.js /.gitignore: -------------------------------------------------------------------------------- 1 | # See http://help.github.com/ignore-files/ for more about ignoring files. 2 | 3 | # dependencies 4 | /bower_components 5 | 6 | # IDEs and editors 7 | /.idea 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | Copyright 2016 Amazon Web Services 177 | 178 | Licensed under the Apache License, Version 2.0 (the "License"); 179 | you may not use this file except in compliance with the License. 180 | You may obtain a copy of the License at 181 | 182 | http://www.apache.org/licenses/LICENSE-2.0 183 | 184 | Unless required by applicable law or agreed to in writing, software 185 | distributed under the License is distributed on an "AS IS" BASIS, 186 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 187 | See the License for the specific language governing permissions and 188 | limitations under the License. 189 | 190 | Note: Other license terms may apply to certain, identified software files 191 | contained within or distributed with the accompanying software if such terms 192 | are included in the directory containing the accompanying software. 193 | Such other license terms will then apply in lieu of the terms 194 | of the software license above. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Building fine-grained authorization using Amazon Cognito User Pools groups 2 | 3 | **This Angular.js application** is a reference web app that allows users to explore the use of groups in Amazon Cognito User Pools, together with Amazon Cognito Federated Identities identity pools, to obtain temporary IAM credentials in your web app. 4 | The IAM credentials map to privileges that a user obtains after successfully authenticating with a user pool. Those privileges are determined by the role that is mapped to the user pool group that the user belongs to. 5 | User pools provide flexibility. You can use them to implement granular authorization architectures for authenticated users. 6 | The project code is released under the Apache 2.0 license. 7 | Please feel free to make use of the code in this project, and spread the word. 8 | We hope you enjoy it, and we certainly welcome all feedback, pull requests and other contributions! 9 | 10 | 11 | ## Architecture diagram 12 | ![Amazon Cognito Authentication flow](https://d2908q01vomqb2.cloudfront.net/0a57cb53ba59c46fc4b692527a38a87c78d84028/2017/07/19/CognitoDiagram.png) 13 | 14 | ## AWS services used 15 | 16 | This sample is built using the following AWS services: 17 | 18 | * [AWS Cognito](https://aws.amazon.com/cognito/) - Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. With Amazon Cognito, you also have the options to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. Furthermore, AWS Cognito supports User Groups that let to create collections of users to manage their permissions or to represent different types of users. 19 | * [Amazon DynamoDB](https://aws.amazon.com/dynamodb/) - Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. 20 | 21 | ## Get started 22 | 23 | #### Instructions to install dependencies and populate constants 24 | 25 | * Run `bower install` from the root of your directory once you clone this project. 26 | * Navigate to `lib/aws-variables.js` and populate your own details. More detailed instructions can be found in the [Building fine-grained authorization using Amazon Cognito User Pools groups](https://aws.amazon.com/blogs/mobile/building-fine-grained-authorization-using-amazon-cognito-user-pools-groups/) blog. 27 | -------------------------------------------------------------------------------- /app/app.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | 11 | angular.module('cognitoBlog', ['ngRoute','cognitoBlog.authService','cognitoBlog.login','cognitoBlog.register', 'cognitoBlog.confirm', 'cognitoBlog.loggedIn']) 12 | 13 | .config(function($routeProvider) { 14 | $routeProvider 15 | .when("/", { 16 | templateUrl : "app/views/signIn.html", 17 | controller:"signInController" 18 | }) 19 | .when("/register", { 20 | templateUrl : "app/views/register.html", 21 | controller:"registerController" 22 | }) 23 | .when("/confirm", { 24 | templateUrl : "app/views/confirm.html", 25 | controller:"confirmController" 26 | }) 27 | .when("/loggedIn", { 28 | templateUrl : "app/views/loggedIn.html", 29 | controller:"loggedInController" 30 | }) 31 | }); -------------------------------------------------------------------------------- /app/controllers/confirm.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | angular.module('cognitoBlog.confirm', ['cognitoBlog.authService']) 11 | .controller('confirmController', function($scope, $location, authService) { 12 | 13 | //calling the confirm method from AuthService in order to confirm the user 14 | $scope.confirmAccount = function(newuser, isValid) { 15 | console.log(newuser); 16 | if (isValid) { 17 | newuser.username = newuser.email.replace("@", "_").replace(".", "_"); 18 | console.log("Confirmation code " + newuser.confirmCode); 19 | 20 | authService.confirm(newuser).then(function(){ 21 | $location.path('/'); 22 | }, function(msg) { 23 | $scope.errormessage = "An unexpected error has occurred. Please try again."; 24 | $scope.$apply(); 25 | return; 26 | }); 27 | 28 | } else { 29 | $scope.errormessage = "There are still invalid fields."; 30 | $scope.$apply(); 31 | } 32 | }; 33 | }); -------------------------------------------------------------------------------- /app/controllers/loggedIn.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | angular.module('cognitoBlog.loggedIn', ['cognitoBlog.authService']) 11 | .controller('loggedInController', function($scope, $location, authService) { 12 | 13 | 14 | //calling the isAuthenticated method from AuthService in order to add the user to DynamoDB table if not exists already 15 | if (true) { 16 | authService.isAuthenticated().then(function(result) { 17 | console.log(result); 18 | 19 | }, function(msg) { 20 | console.log(msg); 21 | $scope.errormessage = "Unable to access DynamoDB"; 22 | 23 | if ($scope.$$phase != '$digest') { 24 | $scope.$apply(); 25 | } 26 | return; 27 | }); 28 | } else { 29 | $scope.errormessage = "Some error happened"; 30 | 31 | }; 32 | 33 | 34 | $scope.status=""; 35 | 36 | //calling the updateItemDynamo method from AuthService in order to update the Status attribute for a given user 37 | $scope.replaceDynamoDBItem = function(isValid, status) { 38 | 39 | if (isValid) { 40 | authService.updateItemDynamo(status).then(function(result) { 41 | console.log(result); 42 | }, function(msg) { 43 | console.log(msg); 44 | $scope.errormessage = "Unable to access DynamoDB"; 45 | 46 | if ($scope.$$phase != '$digest') { 47 | $scope.$apply(); 48 | } 49 | return; 50 | }); 51 | } else { 52 | $scope.errormessage = "Some error happened"; 53 | 54 | } 55 | }; 56 | 57 | //calling the scanDynamoDB method from the AuthService in order to scan the Dynamo DB items 58 | $scope.scanDynamoDBItems = function(isValid) { 59 | 60 | if (isValid) { 61 | 62 | authService.scanDynamoDB().then(function(result) { 63 | console.log(result); 64 | 65 | }, function(msg) { 66 | console.log(msg); 67 | $scope.errormessage = "Unable to access DynamoDB"; 68 | 69 | if ($scope.$$phase != '$digest') { 70 | $scope.$apply(); 71 | } 72 | return; 73 | }); 74 | } else { 75 | $scope.errormessage = "Some error happened"; 76 | 77 | } 78 | }; 79 | 80 | $scope.logout = function() { 81 | authService.logOut(); 82 | $location.path('/'); 83 | } 84 | 85 | 86 | }); 87 | 88 | 89 | -------------------------------------------------------------------------------- /app/controllers/register.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | angular.module('cognitoBlog.register', ['cognitoBlog.authService']) 11 | .controller('registerController', function($scope, $location, authService) { 12 | 13 | $scope.errormessage=""; 14 | 15 | 16 | //calling the signup method from AuthService to register a user 17 | $scope.register = function(newuser, isValid) { 18 | console.log(newuser); 19 | 20 | if (isValid) { 21 | 22 | authService.signup(newuser).then(function() { 23 | 24 | $location.path('/confirm'); 25 | }, function(msg) { 26 | $scope.errormessage = "An unexpected error has occurred. Please try again."; 27 | 28 | $scope.$apply(); 29 | return; 30 | }); 31 | 32 | } else { 33 | $scope.errormessage = "There are still invalid fields."; 34 | 35 | $scope.$apply(); 36 | } 37 | } 38 | 39 | }); 40 | 41 | 42 | -------------------------------------------------------------------------------- /app/controllers/signIn.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | 11 | angular.module('cognitoBlog.login', ['cognitoBlog.authService']) 12 | .controller('signInController', function($scope, $location, authService) { 13 | 14 | $scope.changeView = function(view){ 15 | $location.path(view); // path not hash 16 | }; 17 | 18 | //calling the signin method from AuthService to sign in the user to the application 19 | $scope.login = function(user, isValid) { 20 | 21 | if (isValid) { 22 | authService.signin(user).then(function(result) { 23 | console.log('Id Token: ' + result.getIdToken().getJwtToken()); 24 | $location.path('/loggedIn'); 25 | }, function(msg) { 26 | console.log(msg); 27 | if ($scope.$$phase != '$digest') { 28 | $scope.$apply(); 29 | } 30 | return; 31 | }); 32 | } else { 33 | console.log("Probably you have provided invalid login fields"); 34 | 35 | } 36 | }; 37 | 38 | 39 | }); 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /app/factories/utils.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | 11 | angular.module('cognitoBlog.utils', []) 12 | 13 | .factory('$_', function() { 14 | return window._; // assumes underscore has already been loaded on the page 15 | }) 16 | 17 | .factory('$localstorage', ['$window', function($window) { 18 | return { 19 | set: function(key, value) { 20 | $window.localStorage[key] = value; 21 | }, 22 | get: function(key, defaultValue) { 23 | return $window.localStorage[key] || defaultValue; 24 | }, 25 | setObject: function(key, value) { 26 | $window.localStorage[key] = JSON.stringify(value); 27 | }, 28 | getObject: function(key) { 29 | return JSON.parse($window.localStorage[key] || '{}'); 30 | } 31 | } 32 | }]); 33 | -------------------------------------------------------------------------------- /app/services/AuthService.js: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 6 | 7 | http://aws.amazon.com/apache2.0/ 8 | 9 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 10 | */ 11 | 12 | angular.module('cognitoBlog.authService', ['cognitoBlog.utils']) 13 | .service('authService', function($q, $_, $localstorage) { 14 | 15 | this.signup = function(newuser) { 16 | var deferred = $q.defer(); 17 | 18 | newuser.username = newuser.email.replace("@", "_").replace(".", "_"); 19 | 20 | var poolData = { 21 | UserPoolId: YOUR_USER_POOL_ID, 22 | ClientId: YOUR_USER_POOL_CLIENT_ID, 23 | Paranoia: 8 24 | }; 25 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData); 26 | 27 | var attributeList = []; 28 | 29 | var dataEmail = { 30 | Name: 'email', 31 | Value: newuser.email 32 | }; 33 | 34 | var dataName = { 35 | Name: 'name', 36 | Value: newuser.name 37 | }; 38 | 39 | var attributeEmail = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataEmail); 40 | var attributeName = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserAttribute(dataName); 41 | 42 | attributeList.push(attributeEmail); 43 | attributeList.push(attributeName); 44 | 45 | console.log("Submitting " + newuser.name); 46 | userPool.signUp(newuser.username, newuser.password, attributeList, null, function(err, result) { 47 | if (err) { 48 | console.log(err); 49 | deferred.reject(err.message); 50 | } else { 51 | deferred.resolve(result.user); 52 | } 53 | }); 54 | 55 | return deferred.promise; 56 | 57 | }; 58 | 59 | this.confirm = function(newuser) { 60 | var deferred = $q.defer(); 61 | 62 | var poolData = { 63 | UserPoolId: YOUR_USER_POOL_ID, 64 | ClientId: YOUR_USER_POOL_CLIENT_ID, 65 | Paranoia: 8 66 | }; 67 | 68 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData); 69 | var userData = { 70 | Username: newuser.username, 71 | Pool: userPool 72 | }; 73 | 74 | var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData); 75 | cognitoUser.confirmRegistration(newuser.confirmCode, true, function(err, result) { 76 | if (err) { 77 | console.log(err); 78 | deferred.reject(err); 79 | } 80 | deferred.resolve(); 81 | }); 82 | 83 | return deferred.promise; 84 | }; 85 | 86 | this.signin = function(user) { 87 | var deferred = $q.defer(); 88 | 89 | var authenticationData = { 90 | Username: user.email, 91 | Password: user.password 92 | }; 93 | 94 | var authenticationDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails( 95 | authenticationData); 96 | var poolData = { 97 | UserPoolId: YOUR_USER_POOL_ID, 98 | ClientId: YOUR_USER_POOL_CLIENT_ID, 99 | Paranoia: 8 100 | }; 101 | 102 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData); 103 | var userData = { 104 | Username: user.email, 105 | Pool: userPool 106 | }; 107 | 108 | var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData); 109 | 110 | try { 111 | cognitoUser.authenticateUser(authenticationDetails, { 112 | onSuccess: function(result) { 113 | console.log(cognitoUser) 114 | //console.log('access token + ' + result.getIdToken().getJwtToken()); 115 | $localstorage.set('username', cognitoUser.getUsername()); 116 | deferred.resolve(result); 117 | }, 118 | 119 | onFailure: function(err) { 120 | deferred.reject(err); 121 | } 122 | 123 | }); 124 | } catch (e) { 125 | console.log(e); 126 | deferred.reject(e); 127 | } 128 | 129 | return deferred.promise; 130 | 131 | }; 132 | 133 | this.isAuthenticated = function() { 134 | var deferred = $q.defer(); 135 | var data = { 136 | UserPoolId: YOUR_USER_POOL_ID, 137 | ClientId: YOUR_USER_POOL_CLIENT_ID, 138 | Paranoia: 8 139 | }; 140 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 141 | var cognitoUser = userPool.getCurrentUser(); 142 | 143 | try { 144 | if (cognitoUser != null) { 145 | cognitoUser.getSession(function(err, session) { 146 | if (err) { 147 | deferred.resolve(false); 148 | } 149 | 150 | deferred.resolve(true); 151 | 152 | console.log('session validity: ' + session.isValid()); 153 | 154 | console.log('session token: ' + session.getIdToken().getJwtToken()); 155 | 156 | var paramsCredentials = { 157 | IdentityPoolId : IDENTITY_POOL_ID, 158 | Logins : {} 159 | }; 160 | 161 | //passing dynamically the user pool id along with some constants 162 | paramsCredentials.Logins[YOUR_USER_POOL_ID_IDP] = session.getIdToken().getJwtToken(); 163 | 164 | AWS.config.region = 'eu-west-1'; 165 | AWS.config.credentials = new AWS.CognitoIdentityCredentials(paramsCredentials); 166 | 167 | AWS.config.credentials.clearCachedId(); 168 | AWS.config.credentials.get(function(err){ 169 | if (!err) { 170 | var id = AWS.config.credentials.identityId; 171 | console.log('Cognito Identity ID '+ id); 172 | 173 | // Instantiate aws sdk service objects now that the credentials have been updated 174 | var docClient = new AWS.DynamoDB.DocumentClient({ region: 'eu-west-1' }); 175 | 176 | var params = { 177 | TableName: ddbTable, 178 | Item:{userid: id} 179 | }; 180 | 181 | var paramsQuery = { 182 | TableName : ddbTable, 183 | KeyConditionExpression: "userid = :id", 184 | ExpressionAttributeValues: { 185 | ":id":id 186 | } 187 | }; 188 | 189 | //Query the table to identify if the user is in the table already. If the user is not in the table add his Cognito id as the hash key 190 | docClient.query(paramsQuery, function(err, data) { 191 | if (err) { 192 | console.error("Unable to query. Error:", JSON.stringify(err, null, 2)); 193 | } else { 194 | console.log("Query succeeded."); 195 | if( data.Items.length == 0) { 196 | console.log("User first time sign in - adding to table."); 197 | docClient.put(params, function (err, data) { 198 | if (err) console.log(err); 199 | else console.log(data); 200 | }); 201 | }else{ 202 | console.log("User exists in the table already."); 203 | } 204 | 205 | } 206 | }); 207 | 208 | 209 | 210 | } 211 | }); 212 | }); 213 | } else { 214 | deferred.resolve(false); 215 | } 216 | } catch (e) { 217 | console.log(e); 218 | deferred.resolve(false); 219 | } 220 | 221 | return deferred.promise; 222 | 223 | }; 224 | 225 | this.updateItemDynamo = function(status) { 226 | var deferred = $q.defer(); 227 | var data = { 228 | UserPoolId: YOUR_USER_POOL_ID, 229 | ClientId: YOUR_USER_POOL_CLIENT_ID, 230 | Paranoia: 8 231 | }; 232 | 233 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 234 | var cognitoUser = userPool.getCurrentUser(); 235 | 236 | 237 | try { 238 | if (cognitoUser != null) { 239 | cognitoUser.getSession(function(err, session) { 240 | if (err) { 241 | deferred.resolve(false); 242 | } 243 | 244 | deferred.resolve(true); 245 | 246 | console.log('session validity: ' + session.isValid()); 247 | 248 | console.log('session token: ' + session.getIdToken().getJwtToken()); 249 | 250 | var paramsCredentials = { 251 | IdentityPoolId : IDENTITY_POOL_ID, 252 | Logins : {} 253 | }; 254 | 255 | //passing dynamically the user pool id along with some constants 256 | paramsCredentials.Logins[YOUR_USER_POOL_ID_IDP] = session.getIdToken().getJwtToken(); 257 | 258 | AWS.config.region = 'eu-west-1'; 259 | AWS.config.credentials = new AWS.CognitoIdentityCredentials(paramsCredentials); 260 | 261 | 262 | AWS.config.credentials.get(function(err){ 263 | 264 | if (!err) { 265 | var id = AWS.config.credentials.identityId; 266 | console.log('Cognito Identity ID '+ id); 267 | 268 | // Instantiate aws sdk service objects now that the credentials have been updated 269 | var docClient = new AWS.DynamoDB.DocumentClient({ region: 'eu-west-1' }); 270 | //var ddbTable = 'CognitoBlog'; 271 | 272 | var params = { 273 | TableName: ddbTable, 274 | Item:{userid:id, status:status} 275 | }; 276 | 277 | docClient.put(params, function(err, data) { 278 | if (err) console.log(err); 279 | else console.log(data); 280 | }); 281 | } 282 | }); 283 | }); 284 | } else { 285 | deferred.resolve(false); 286 | } 287 | } catch (e) { 288 | console.log(e); 289 | deferred.resolve(false); 290 | } 291 | 292 | return deferred.promise; 293 | 294 | }; 295 | 296 | 297 | this.scanDynamoDB = function() { 298 | var deferred = $q.defer(); 299 | var data = { 300 | UserPoolId: YOUR_USER_POOL_ID, 301 | ClientId: YOUR_USER_POOL_CLIENT_ID, 302 | Paranoia: 8 303 | }; 304 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 305 | var cognitoUser = userPool.getCurrentUser(); 306 | 307 | try { 308 | if (cognitoUser != null) { 309 | cognitoUser.getSession(function(err, session) { 310 | if (err) { 311 | deferred.resolve(false); 312 | } 313 | 314 | deferred.resolve(true); 315 | 316 | console.log('session validity: ' + session.isValid()); 317 | 318 | console.log('session token: ' + session.getIdToken().getJwtToken()); 319 | 320 | var paramsCredentials = { 321 | IdentityPoolId : IDENTITY_POOL_ID, 322 | Logins : {} 323 | }; 324 | 325 | //passing dynamically the user pool id along with some constants 326 | paramsCredentials.Logins[YOUR_USER_POOL_ID_IDP] = session.getIdToken().getJwtToken(); 327 | 328 | AWS.config.region = 'eu-west-1'; 329 | AWS.config.credentials = new AWS.CognitoIdentityCredentials(paramsCredentials); 330 | 331 | AWS.config.credentials.get(function(err){ 332 | if (!err) { 333 | 334 | // Instantiate aws sdk service objects now that the credentials have been updated 335 | var docClient = new AWS.DynamoDB.DocumentClient({ region: 'eu-west-1' }); 336 | 337 | var params = { 338 | TableName: ddbTable 339 | }; 340 | 341 | docClient.scan(params, function(err, data) { 342 | if (err) console.log(err); 343 | else console.log(data); 344 | }); 345 | 346 | } 347 | }); 348 | 349 | 350 | 351 | 352 | }); 353 | } else { 354 | deferred.resolve(false); 355 | } 356 | } catch (e) { 357 | console.log(e); 358 | deferred.resolve(false); 359 | } 360 | 361 | return deferred.promise; 362 | 363 | }; 364 | 365 | this.logOut = function() { 366 | 367 | try { 368 | var data = { 369 | UserPoolId: YOUR_USER_POOL_ID, 370 | ClientId: YOUR_USER_POOL_CLIENT_ID, 371 | Paranoia: 8 372 | }; 373 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 374 | var cognitoUser = userPool.getCurrentUser(); 375 | 376 | if (cognitoUser != null) { 377 | cognitoUser.signOut(); 378 | return true; 379 | } else { 380 | return false; 381 | } 382 | } catch (e) { 383 | console.log(e); 384 | return false; 385 | } 386 | 387 | }; 388 | 389 | this.getUserAccessToken = function() { 390 | var deferred = $q.defer(); 391 | 392 | var data = { 393 | UserPoolId: YOUR_USER_POOL_ID, 394 | ClientId: YOUR_USER_POOL_CLIENT_ID, 395 | Paranoia: 8 396 | }; 397 | 398 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 399 | var cognitoUser = userPool.getCurrentUser(); 400 | 401 | if (cognitoUser != null) { 402 | 403 | cognitoUser.getSession(function(err, session) { 404 | if (err) { 405 | console.log(err); 406 | deferred.reject(err); 407 | } 408 | deferred.resolve(session.idToken); 409 | }); 410 | 411 | } else { 412 | deferred.reject(); 413 | } 414 | 415 | return deferred.promise; 416 | }; 417 | 418 | this.getUserAccessTokenWithUsername = function() { 419 | var deferred = $q.defer(); 420 | 421 | var data = { 422 | UserPoolId: YOUR_USER_POOL_ID, 423 | ClientId: YOUR_USER_POOL_CLIENT_ID, 424 | Paranoia: 8 425 | }; 426 | 427 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 428 | var cognitoUser = userPool.getCurrentUser(); 429 | 430 | if (cognitoUser != null) { 431 | 432 | cognitoUser.getSession(function(err, session) { 433 | if (err) { 434 | console.log(err); 435 | deferred.reject(err); 436 | } 437 | deferred.resolve({ 438 | token: session.idToken, 439 | username: cognitoUser.username 440 | }); 441 | }); 442 | 443 | } else { 444 | deferred.reject(); 445 | } 446 | 447 | return deferred.promise; 448 | }; 449 | 450 | this.getUserInfo = function() { 451 | var deferred = $q.defer(); 452 | 453 | var userinfo = { 454 | email: "", 455 | name: "", 456 | username: "" 457 | }; 458 | var data = { 459 | UserPoolId: YOUR_USER_POOL_ID, 460 | ClientId: YOUR_USER_POOL_CLIENT_ID, 461 | Paranoia: 8 462 | }; 463 | 464 | var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(data); 465 | var cognitoUser = userPool.getCurrentUser(); 466 | 467 | if (cognitoUser != null) { 468 | 469 | cognitoUser.getSession(function(err, session) { 470 | if (err) { 471 | console.log(err); 472 | deferred.reject(err); 473 | } 474 | 475 | cognitoUser.getUserAttributes(function(err, result) { 476 | if (err) { 477 | console.log(err); 478 | deferred.reject(err); 479 | } 480 | 481 | var nm = $_.where(result, { 482 | Name: "name" 483 | }); 484 | if (nm.length > 0) { 485 | userinfo.name = nm[0].Value; 486 | } 487 | 488 | var em = $_.where(result, { 489 | Name: "email" 490 | }); 491 | if (em.length > 0) { 492 | userinfo.email = em[0].Value; 493 | } 494 | 495 | userinfo.username = cognitoUser.getUsername(); 496 | 497 | deferred.resolve(userinfo); 498 | 499 | }); 500 | }); 501 | } else { 502 | deferred.reject(); 503 | } 504 | 505 | return deferred.promise; 506 | 507 | } 508 | }); 509 | 510 | -------------------------------------------------------------------------------- /app/views/confirm.html: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 | 14 |
15 |

Confirm Your Account

16 |
17 |
18 |
19 |
20 |
21 | 22 |
23 |
24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 |
-------------------------------------------------------------------------------- /app/views/loggedIn.html: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 |
14 |

You are logged in

15 | 16 | 17 |

18 | 19 |



20 | 21 | 22 | 23 |
-------------------------------------------------------------------------------- /app/views/register.html: -------------------------------------------------------------------------------- 1 | 10 | 11 |
12 |

Register

13 |
14 |
15 |
16 | 17 |
18 |
19 | 20 |
21 |
22 | 23 |
24 |
25 | 26 |
27 |
28 | -------------------------------------------------------------------------------- /app/views/signIn.html: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 |
13 |

Sign In

14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 |

25 | 26 |
-------------------------------------------------------------------------------- /bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cognitoFineGrainedAuth", 3 | "description": "Dependencies for Cognito User Pools group blog", 4 | "main": "", 5 | "license": "MIT", 6 | "homepage": "", 7 | "ignore": [ 8 | "**/.*", 9 | "node_modules", 10 | "bower_components", 11 | "test", 12 | "tests" 13 | ], 14 | "dependencies": { 15 | "angular": "^1.6.5", 16 | "bootstrap": "^3.3.7", 17 | "jquery": "^3.2.1", 18 | "aws-sdk": "aws-sdk-js#^2.92.0", 19 | "angular-route": "^1.6.5", 20 | "underscore": "^1.8.3" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /img/arch_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/amazon-archives/aws-mobile-angular-cognito-sample/d12e5eb19d6e875ef564e044a228e2501c4b712a/img/arch_diagram.png -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | Amazon Cognito Authorisation Blog 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 |
53 | 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /lib/aws-variables.js: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 5 | 6 | http://aws.amazon.com/apache2.0/ 7 | 8 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 9 | */ 10 | 11 | var YOUR_USER_POOL_ID = ''; 12 | var YOUR_USER_POOL_CLIENT_ID = ''; 13 | var IDENTITY_POOL_ID = ''; 14 | var ddbTable = 'replace_with_your_DynamoDB_table'; 15 | var YOUR_USER_POOL_ID_IDP = 'cognito-idp.eu-west-1.amazonaws.com/replace_with_your_user_pool_id' -------------------------------------------------------------------------------- /lib/cognito/amazon-cognito-identity.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Copyright 2016 Amazon.com, 3 | * Inc. or its affiliates. All Rights Reserved. 4 | * 5 | * Licensed under the Amazon Software License (the "License"). 6 | * You may not use this file except in compliance with the 7 | * License. A copy of the License is located at 8 | * 9 | * http://aws.amazon.com/asl/ 10 | * 11 | * or in the "license" file accompanying this file. This file is 12 | * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | * CONDITIONS OF ANY KIND, express or implied. See the License 14 | * for the specific language governing permissions and 15 | * limitations under the License. 16 | */ 17 | !function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("sjcl"),require("aws-sdk/clients/cognitoidentityserviceprovider"),require("jsbn")):"function"==typeof define&&define.amd?define(["sjcl","aws-sdk/clients/cognitoidentityserviceprovider","jsbn"],t):"object"==typeof exports?exports.AmazonCognitoIdentity=t(require("sjcl"),require("aws-sdk/clients/cognitoidentityserviceprovider"),require("jsbn")):e.AmazonCognitoIdentity=t(e.sjcl,e.AWSCognito.CognitoIdentityServiceProvider,e)}(this,function(e,t,n){return function(e){function t(i){if(n[i])return n[i].exports;var s=n[i]={exports:{},id:i,loaded:!1};return e[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var n={};return t.m=e,t.c=n,t.p="",t(0)}([function(e,t,n){"use strict";function i(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t["default"]=e,t}function s(e){return e&&e.__esModule?e:{"default":e}}Object.defineProperty(t,"__esModule",{value:!0});var r=n(14);Object.keys(r).forEach(function(e){"default"!==e&&"__esModule"!==e&&Object.defineProperty(t,e,{enumerable:!0,get:function(){return r[e]}})});var o=n(10),a=s(o),u=i(r);Object.keys(u).forEach(function(e){a["default"][e]=u[e]})},function(t,n){t.exports=e},function(e,t,n){"use strict";function i(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t["default"]=e,t}function s(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0});var r=function(){function e(e,t){for(var n=0;n0&&void 0!==arguments[0]?arguments[0]:{},n=t.AccessToken;s(this,e),this.jwtToken=n||""}return r(e,[{key:"getJwtToken",value:function(){return this.jwtToken}},{key:"getExpiration",value:function(){var e=this.jwtToken.split(".")[1],t=JSON.parse(a.codec.utf8String.fromBits(a.codec.base64url.toBits(e)));return t.exp}}]),e}();t["default"]=u},function(e,t,n){"use strict";function i(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t["default"]=e,t}function s(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0});var r=function(){function e(e,t){for(var n=0;n0&&void 0!==arguments[0]?arguments[0]:{},n=t.IdToken;s(this,e),this.jwtToken=n||""}return r(e,[{key:"getJwtToken",value:function(){return this.jwtToken}},{key:"getExpiration",value:function(){var e=this.jwtToken.split(".")[1],t=JSON.parse(a.codec.utf8String.fromBits(a.codec.base64url.toBits(e)));return t.exp}}]),e}();t["default"]=u},function(e,t){"use strict";function n(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0});var i=function(){function e(e,t){for(var n=0;n0&&void 0!==arguments[0]?arguments[0]:{},i=t.RefreshToken;n(this,e),this.token=i||""}return i(e,[{key:"getToken",value:function(){return this.token}}]),e}();t["default"]=s},function(e,t,n){"use strict";function i(e){return e&&e.__esModule?e:{"default":e}}function s(e){if(e&&e.__esModule)return e;var t={};if(null!=e)for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t["default"]=e,t}function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0});var o=function(){function e(e,t){for(var n=0;n0&&void 0!==arguments[0]?arguments[0]:{},i=t.Name,s=t.Value;n(this,e),this.Name=i||"",this.Value=s||""}return i(e,[{key:"getValue",value:function(){return this.Value}},{key:"setValue",value:function(e){return this.Value=e,this}},{key:"getName",value:function(){return this.Name}},{key:"setName",value:function(e){return this.Name=e,this}},{key:"toString",value:function(){return JSON.stringify(this)}},{key:"toJSON",value:function(){return{Name:this.Name,Value:this.Value}}}]),e}();t["default"]=s},function(e,t){"use strict";function n(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}Object.defineProperty(t,"__esModule",{value:!0});var i=function(){function e(e,t){for(var n=0;n0&&void 0!==arguments[0]?arguments[0]:{},i=t.IdToken,s=t.RefreshToken,r=t.AccessToken;if(n(this,e),null==r||null==i)throw new Error("Id token and Access Token must be present.");this.idToken=i,this.refreshToken=s,this.accessToken=r}return i(e,[{key:"getIdToken",value:function(){return this.idToken}},{key:"getRefreshToken",value:function(){return this.refreshToken}},{key:"getAccessToken",value:function(){return this.accessToken}},{key:"isValid",value:function(){var e=Math.floor(new Date/1e3);return e= 0) { 35 | var v = x*this[i++]+w[j]+c; 36 | c = Math.floor(v/0x4000000); 37 | w[j++] = v&0x3ffffff; 38 | } 39 | return c; 40 | } 41 | // am2 avoids a big mult-and-extract completely. 42 | // Max digit bits should be <= 30 because we do bitwise ops 43 | // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) 44 | function am2(i,x,w,j,c,n) { 45 | var xl = x&0x7fff, xh = x>>15; 46 | while(--n >= 0) { 47 | var l = this[i]&0x7fff; 48 | var h = this[i++]>>15; 49 | var m = xh*l+h*xl; 50 | l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff); 51 | c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); 52 | w[j++] = l&0x3fffffff; 53 | } 54 | return c; 55 | } 56 | // Alternately, set max digit bits to 28 since some 57 | // browsers slow down when dealing with 32-bit numbers. 58 | function am3(i,x,w,j,c,n) { 59 | var xl = x&0x3fff, xh = x>>14; 60 | while(--n >= 0) { 61 | var l = this[i]&0x3fff; 62 | var h = this[i++]>>14; 63 | var m = xh*l+h*xl; 64 | l = xl*l+((m&0x3fff)<<14)+w[j]+c; 65 | c = (l>>28)+(m>>14)+xh*h; 66 | w[j++] = l&0xfffffff; 67 | } 68 | return c; 69 | } 70 | if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { 71 | BigInteger.prototype.am = am2; 72 | dbits = 30; 73 | } 74 | else if(j_lm && (navigator.appName != "Netscape")) { 75 | BigInteger.prototype.am = am1; 76 | dbits = 26; 77 | } 78 | else { // Mozilla/Netscape seems to prefer am3 79 | BigInteger.prototype.am = am3; 80 | dbits = 28; 81 | } 82 | 83 | BigInteger.prototype.DB = dbits; 84 | BigInteger.prototype.DM = ((1<= 0; --i) r[i] = this[i]; 112 | r.t = this.t; 113 | r.s = this.s; 114 | } 115 | 116 | // (protected) set from integer value x, -DV <= x < DV 117 | function bnpFromInt(x) { 118 | this.t = 1; 119 | this.s = (x<0)?-1:0; 120 | if(x > 0) this[0] = x; 121 | else if(x < -1) this[0] = x+DV; 122 | else this.t = 0; 123 | } 124 | 125 | // return bigint initialized to value 126 | function nbv(i) { var r = nbi(); r.fromInt(i); return r; } 127 | 128 | // (protected) set from string and radix 129 | function bnpFromString(s,b) { 130 | var k; 131 | if(b == 16) k = 4; 132 | else if(b == 8) k = 3; 133 | else if(b == 256) k = 8; // byte array 134 | else if(b == 2) k = 1; 135 | else if(b == 32) k = 5; 136 | else if(b == 4) k = 2; 137 | else { this.fromRadix(s,b); return; } 138 | this.t = 0; 139 | this.s = 0; 140 | var i = s.length, mi = false, sh = 0; 141 | while(--i >= 0) { 142 | var x = (k==8)?s[i]&0xff:intAt(s,i); 143 | if(x < 0) { 144 | if(s.charAt(i) == "-") mi = true; 145 | continue; 146 | } 147 | mi = false; 148 | if(sh == 0) 149 | this[this.t++] = x; 150 | else if(sh+k > this.DB) { 151 | this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<>(this.DB-sh)); 153 | } 154 | else 155 | this[this.t-1] |= x<= this.DB) sh -= this.DB; 158 | } 159 | if(k == 8 && (s[0]&0x80) != 0) { 160 | this.s = -1; 161 | if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)< 0 && this[this.t-1] == c) --this.t; 171 | } 172 | 173 | // (public) return string representation in given radix 174 | function bnToString(b) { 175 | if(this.s < 0) return "-"+this.negate().toString(b); 176 | var k; 177 | if(b == 16) k = 4; 178 | else if(b == 8) k = 3; 179 | else if(b == 2) k = 1; 180 | else if(b == 32) k = 5; 181 | else if(b == 4) k = 2; 182 | else return this.toRadix(b); 183 | var km = (1< 0) { 186 | if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); } 187 | while(i >= 0) { 188 | if(p < k) { 189 | d = (this[i]&((1<>(p+=this.DB-k); 191 | } 192 | else { 193 | d = (this[i]>>(p-=k))&km; 194 | if(p <= 0) { p += this.DB; --i; } 195 | } 196 | if(d > 0) m = true; 197 | if(m) r += int2char(d); 198 | } 199 | } 200 | return m?r:"0"; 201 | } 202 | 203 | // (public) -this 204 | function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; } 205 | 206 | // (public) |this| 207 | function bnAbs() { return (this.s<0)?this.negate():this; } 208 | 209 | // (public) return + if this > a, - if this < a, 0 if equal 210 | function bnCompareTo(a) { 211 | var r = this.s-a.s; 212 | if(r != 0) return r; 213 | var i = this.t; 214 | r = i-a.t; 215 | if(r != 0) return (this.s<0)?-r:r; 216 | while(--i >= 0) if((r=this[i]-a[i]) != 0) return r; 217 | return 0; 218 | } 219 | 220 | // returns bit length of the integer x 221 | function nbits(x) { 222 | var r = 1, t; 223 | if((t=x>>>16) != 0) { x = t; r += 16; } 224 | if((t=x>>8) != 0) { x = t; r += 8; } 225 | if((t=x>>4) != 0) { x = t; r += 4; } 226 | if((t=x>>2) != 0) { x = t; r += 2; } 227 | if((t=x>>1) != 0) { x = t; r += 1; } 228 | return r; 229 | } 230 | 231 | // (public) return the number of bits in "this" 232 | function bnBitLength() { 233 | if(this.t <= 0) return 0; 234 | return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM)); 235 | } 236 | 237 | // (protected) r = this << n*DB 238 | function bnpDLShiftTo(n,r) { 239 | var i; 240 | for(i = this.t-1; i >= 0; --i) r[i+n] = this[i]; 241 | for(i = n-1; i >= 0; --i) r[i] = 0; 242 | r.t = this.t+n; 243 | r.s = this.s; 244 | } 245 | 246 | // (protected) r = this >> n*DB 247 | function bnpDRShiftTo(n,r) { 248 | for(var i = n; i < this.t; ++i) r[i-n] = this[i]; 249 | r.t = Math.max(this.t-n,0); 250 | r.s = this.s; 251 | } 252 | 253 | // (protected) r = this << n 254 | function bnpLShiftTo(n,r) { 255 | var bs = n%this.DB; 256 | var cbs = this.DB-bs; 257 | var bm = (1<= 0; --i) { 260 | r[i+ds+1] = (this[i]>>cbs)|c; 261 | c = (this[i]&bm)<= 0; --i) r[i] = 0; 264 | r[ds] = c; 265 | r.t = this.t+ds+1; 266 | r.s = this.s; 267 | r.clamp(); 268 | } 269 | 270 | // (protected) r = this >> n 271 | function bnpRShiftTo(n,r) { 272 | r.s = this.s; 273 | var ds = Math.floor(n/this.DB); 274 | if(ds >= this.t) { r.t = 0; return; } 275 | var bs = n%this.DB; 276 | var cbs = this.DB-bs; 277 | var bm = (1<>bs; 279 | for(var i = ds+1; i < this.t; ++i) { 280 | r[i-ds-1] |= (this[i]&bm)<>bs; 282 | } 283 | if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<>= this.DB; 295 | } 296 | if(a.t < this.t) { 297 | c -= a.s; 298 | while(i < this.t) { 299 | c += this[i]; 300 | r[i++] = c&this.DM; 301 | c >>= this.DB; 302 | } 303 | c += this.s; 304 | } 305 | else { 306 | c += this.s; 307 | while(i < a.t) { 308 | c -= a[i]; 309 | r[i++] = c&this.DM; 310 | c >>= this.DB; 311 | } 312 | c -= a.s; 313 | } 314 | r.s = (c<0)?-1:0; 315 | if(c < -1) r[i++] = this.DV+c; 316 | else if(c > 0) r[i++] = c; 317 | r.t = i; 318 | r.clamp(); 319 | } 320 | 321 | // (protected) r = this * a, r != this,a (HAC 14.12) 322 | // "this" should be the larger one if appropriate. 323 | function bnpMultiplyTo(a,r) { 324 | var x = this.abs(), y = a.abs(); 325 | var i = x.t; 326 | r.t = i+y.t; 327 | while(--i >= 0) r[i] = 0; 328 | for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t); 329 | r.s = 0; 330 | r.clamp(); 331 | if(this.s != a.s) BigInteger.ZERO.subTo(r,r); 332 | } 333 | 334 | // (protected) r = this^2, r != this (HAC 14.16) 335 | function bnpSquareTo(r) { 336 | var x = this.abs(); 337 | var i = r.t = 2*x.t; 338 | while(--i >= 0) r[i] = 0; 339 | for(i = 0; i < x.t-1; ++i) { 340 | var c = x.am(i,x[i],r,2*i,0,1); 341 | if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) { 342 | r[i+x.t] -= x.DV; 343 | r[i+x.t+1] = 1; 344 | } 345 | } 346 | if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1); 347 | r.s = 0; 348 | r.clamp(); 349 | } 350 | 351 | // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) 352 | // r != q, this != m. q or r may be null. 353 | function bnpDivRemTo(m,q,r) { 354 | var pm = m.abs(); 355 | if(pm.t <= 0) return; 356 | var pt = this.abs(); 357 | if(pt.t < pm.t) { 358 | if(q != null) q.fromInt(0); 359 | if(r != null) this.copyTo(r); 360 | return; 361 | } 362 | if(r == null) r = nbi(); 363 | var y = nbi(), ts = this.s, ms = m.s; 364 | var nsh = this.DB-nbits(pm[pm.t-1]); // normalize modulus 365 | if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } 366 | else { pm.copyTo(y); pt.copyTo(r); } 367 | var ys = y.t; 368 | var y0 = y[ys-1]; 369 | if(y0 == 0) return; 370 | var yt = y0*(1<1)?y[ys-2]>>this.F2:0); 371 | var d1 = this.FV/yt, d2 = (1<= 0) { 375 | r[r.t++] = 1; 376 | r.subTo(t,r); 377 | } 378 | BigInteger.ONE.dlShiftTo(ys,t); 379 | t.subTo(y,y); // "negative" y so we can replace sub with am later 380 | while(y.t < ys) y[y.t++] = 0; 381 | while(--j >= 0) { 382 | // Estimate quotient digit 383 | var qd = (r[--i]==y0)?this.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2); 384 | if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out 385 | y.dlShiftTo(j,t); 386 | r.subTo(t,r); 387 | while(r[i] < --qd) r.subTo(t,r); 388 | } 389 | } 390 | if(q != null) { 391 | r.drShiftTo(ys,q); 392 | if(ts != ms) BigInteger.ZERO.subTo(q,q); 393 | } 394 | r.t = ys; 395 | r.clamp(); 396 | if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder 397 | if(ts < 0) BigInteger.ZERO.subTo(r,r); 398 | } 399 | 400 | // (public) this mod a 401 | function bnMod(a) { 402 | var r = nbi(); 403 | this.abs().divRemTo(a,null,r); 404 | if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r); 405 | return r; 406 | } 407 | 408 | // Modular reduction using "classic" algorithm 409 | function Classic(m) { this.m = m; } 410 | function cConvert(x) { 411 | if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); 412 | else return x; 413 | } 414 | function cRevert(x) { return x; } 415 | function cReduce(x) { x.divRemTo(this.m,null,x); } 416 | function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } 417 | function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); } 418 | 419 | Classic.prototype.convert = cConvert; 420 | Classic.prototype.revert = cRevert; 421 | Classic.prototype.reduce = cReduce; 422 | Classic.prototype.mulTo = cMulTo; 423 | Classic.prototype.sqrTo = cSqrTo; 424 | 425 | // (protected) return "-1/this % 2^DB"; useful for Mont. reduction 426 | // justification: 427 | // xy == 1 (mod m) 428 | // xy = 1+km 429 | // xy(2-xy) = (1+km)(1-km) 430 | // x[y(2-xy)] = 1-k^2m^2 431 | // x[y(2-xy)] == 1 (mod m^2) 432 | // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 433 | // should reduce x and y(2-xy) by m^2 at each step to keep size bounded. 434 | // JS multiply "overflows" differently from C/C++, so care is needed here. 435 | function bnpInvDigit() { 436 | if(this.t < 1) return 0; 437 | var x = this[0]; 438 | if((x&1) == 0) return 0; 439 | var y = x&3; // y == 1/x mod 2^2 440 | y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4 441 | y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8 442 | y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16 443 | // last step - calculate inverse mod DV directly; 444 | // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints 445 | y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits 446 | // we really want the negative inverse, and -DV < y < DV 447 | return (y>0)?this.DV-y:-y; 448 | } 449 | 450 | // Montgomery reduction 451 | function Montgomery(m) { 452 | this.m = m; 453 | this.mp = m.invDigit(); 454 | this.mpl = this.mp&0x7fff; 455 | this.mph = this.mp>>15; 456 | this.um = (1<<(m.DB-15))-1; 457 | this.mt2 = 2*m.t; 458 | } 459 | 460 | // xR mod m 461 | function montConvert(x) { 462 | var r = nbi(); 463 | x.abs().dlShiftTo(this.m.t,r); 464 | r.divRemTo(this.m,null,r); 465 | if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r); 466 | return r; 467 | } 468 | 469 | // x/R mod m 470 | function montRevert(x) { 471 | var r = nbi(); 472 | x.copyTo(r); 473 | this.reduce(r); 474 | return r; 475 | } 476 | 477 | // x = x/R mod m (HAC 14.32) 478 | function montReduce(x) { 479 | while(x.t <= this.mt2) // pad x so am has enough room later 480 | x[x.t++] = 0; 481 | for(var i = 0; i < this.m.t; ++i) { 482 | // faster way of calculating u0 = x[i]*mp mod DV 483 | var j = x[i]&0x7fff; 484 | var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM; 485 | // use am to combine the multiply-shift-add into one call 486 | j = i+this.m.t; 487 | x[j] += this.m.am(0,u0,x,i,0,this.m.t); 488 | // propagate carry 489 | while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; } 490 | } 491 | x.clamp(); 492 | x.drShiftTo(this.m.t,x); 493 | if(x.compareTo(this.m) >= 0) x.subTo(this.m,x); 494 | } 495 | 496 | // r = "x^2/R mod m"; x != r 497 | function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); } 498 | 499 | // r = "xy/R mod m"; x,y != r 500 | function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } 501 | 502 | Montgomery.prototype.convert = montConvert; 503 | Montgomery.prototype.revert = montRevert; 504 | Montgomery.prototype.reduce = montReduce; 505 | Montgomery.prototype.mulTo = montMulTo; 506 | Montgomery.prototype.sqrTo = montSqrTo; 507 | 508 | // (protected) true iff this is even 509 | function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; } 510 | 511 | // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) 512 | function bnpExp(e,z) { 513 | if(e > 0xffffffff || e < 1) return BigInteger.ONE; 514 | var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1; 515 | g.copyTo(r); 516 | while(--i >= 0) { 517 | z.sqrTo(r,r2); 518 | if((e&(1< 0) z.mulTo(r2,g,r); 519 | else { var t = r; r = r2; r2 = t; } 520 | } 521 | return z.revert(r); 522 | } 523 | 524 | // (public) this^e % m, 0 <= e < 2^32 525 | function bnModPowInt(e,m) { 526 | var z; 527 | if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); 528 | return this.exp(e,z); 529 | } 530 | 531 | // protected 532 | BigInteger.prototype.copyTo = bnpCopyTo; 533 | BigInteger.prototype.fromInt = bnpFromInt; 534 | BigInteger.prototype.fromString = bnpFromString; 535 | BigInteger.prototype.clamp = bnpClamp; 536 | BigInteger.prototype.dlShiftTo = bnpDLShiftTo; 537 | BigInteger.prototype.drShiftTo = bnpDRShiftTo; 538 | BigInteger.prototype.lShiftTo = bnpLShiftTo; 539 | BigInteger.prototype.rShiftTo = bnpRShiftTo; 540 | BigInteger.prototype.subTo = bnpSubTo; 541 | BigInteger.prototype.multiplyTo = bnpMultiplyTo; 542 | BigInteger.prototype.squareTo = bnpSquareTo; 543 | BigInteger.prototype.divRemTo = bnpDivRemTo; 544 | BigInteger.prototype.invDigit = bnpInvDigit; 545 | BigInteger.prototype.isEven = bnpIsEven; 546 | BigInteger.prototype.exp = bnpExp; 547 | 548 | // public 549 | BigInteger.prototype.toString = bnToString; 550 | BigInteger.prototype.negate = bnNegate; 551 | BigInteger.prototype.abs = bnAbs; 552 | BigInteger.prototype.compareTo = bnCompareTo; 553 | BigInteger.prototype.bitLength = bnBitLength; 554 | BigInteger.prototype.mod = bnMod; 555 | BigInteger.prototype.modPowInt = bnModPowInt; 556 | 557 | // "constants" 558 | BigInteger.ZERO = nbv(0); 559 | BigInteger.ONE = nbv(1); 560 | -------------------------------------------------------------------------------- /lib/jsbn/jsbn2.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2005-2009 Tom Wu 2 | // All Rights Reserved. 3 | // See "LICENSE" for details. 4 | 5 | // Extended JavaScript BN functions, required for RSA private ops. 6 | 7 | // Version 1.1: new BigInteger("0", 10) returns "proper" zero 8 | // Version 1.2: square() API, isProbablePrime fix 9 | 10 | // (public) 11 | function bnClone() { var r = nbi(); this.copyTo(r); return r; } 12 | 13 | // (public) return value as integer 14 | function bnIntValue() { 15 | if(this.s < 0) { 16 | if(this.t == 1) return this[0]-this.DV; 17 | else if(this.t == 0) return -1; 18 | } 19 | else if(this.t == 1) return this[0]; 20 | else if(this.t == 0) return 0; 21 | // assumes 16 < DB < 32 22 | return ((this[1]&((1<<(32-this.DB))-1))<>24; } 27 | 28 | // (public) return value as short (assumes DB>=16) 29 | function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; } 30 | 31 | // (protected) return x s.t. r^x < DV 32 | function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); } 33 | 34 | // (public) 0 if this == 0, 1 if this > 0 35 | function bnSigNum() { 36 | if(this.s < 0) return -1; 37 | else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; 38 | else return 1; 39 | } 40 | 41 | // (protected) convert to radix string 42 | function bnpToRadix(b) { 43 | if(b == null) b = 10; 44 | if(this.signum() == 0 || b < 2 || b > 36) return "0"; 45 | var cs = this.chunkSize(b); 46 | var a = Math.pow(b,cs); 47 | var d = nbv(a), y = nbi(), z = nbi(), r = ""; 48 | this.divRemTo(d,y,z); 49 | while(y.signum() > 0) { 50 | r = (a+z.intValue()).toString(b).substr(1) + r; 51 | y.divRemTo(d,y,z); 52 | } 53 | return z.intValue().toString(b) + r; 54 | } 55 | 56 | // (protected) convert from radix string 57 | function bnpFromRadix(s,b) { 58 | this.fromInt(0); 59 | if(b == null) b = 10; 60 | var cs = this.chunkSize(b); 61 | var d = Math.pow(b,cs), mi = false, j = 0, w = 0; 62 | for(var i = 0; i < s.length; ++i) { 63 | var x = intAt(s,i); 64 | if(x < 0) { 65 | if(s.charAt(i) == "-" && this.signum() == 0) mi = true; 66 | continue; 67 | } 68 | w = b*w+x; 69 | if(++j >= cs) { 70 | this.dMultiply(d); 71 | this.dAddOffset(w,0); 72 | j = 0; 73 | w = 0; 74 | } 75 | } 76 | if(j > 0) { 77 | this.dMultiply(Math.pow(b,j)); 78 | this.dAddOffset(w,0); 79 | } 80 | if(mi) BigInteger.ZERO.subTo(this,this); 81 | } 82 | 83 | // (protected) alternate constructor 84 | function bnpFromNumber(a,b,c) { 85 | if("number" == typeof b) { 86 | // new BigInteger(int,int,RNG) 87 | if(a < 2) this.fromInt(1); 88 | else { 89 | this.fromNumber(a,c); 90 | if(!this.testBit(a-1)) // force MSB set 91 | this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this); 92 | if(this.isEven()) this.dAddOffset(1,0); // force odd 93 | while(!this.isProbablePrime(b)) { 94 | this.dAddOffset(2,0); 95 | if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this); 96 | } 97 | } 98 | } 99 | else { 100 | // new BigInteger(int,RNG) 101 | var x = new Array(), t = a&7; 102 | x.length = (a>>3)+1; 103 | b.nextBytes(x); 104 | if(t > 0) x[0] &= ((1< 0) { 115 | if(p < this.DB && (d = this[i]>>p) != (this.s&this.DM)>>p) 116 | r[k++] = d|(this.s<<(this.DB-p)); 117 | while(i >= 0) { 118 | if(p < 8) { 119 | d = (this[i]&((1<>(p+=this.DB-8); 121 | } 122 | else { 123 | d = (this[i]>>(p-=8))&0xff; 124 | if(p <= 0) { p += this.DB; --i; } 125 | } 126 | if((d&0x80) != 0) d |= -256; 127 | if(k == 0 && (this.s&0x80) != (d&0x80)) ++k; 128 | if(k > 0 || d != this.s) r[k++] = d; 129 | } 130 | } 131 | return r; 132 | } 133 | 134 | function bnEquals(a) { return(this.compareTo(a)==0); } 135 | function bnMin(a) { return(this.compareTo(a)<0)?this:a; } 136 | function bnMax(a) { return(this.compareTo(a)>0)?this:a; } 137 | 138 | // (protected) r = this op a (bitwise) 139 | function bnpBitwiseTo(a,op,r) { 140 | var i, f, m = Math.min(a.t,this.t); 141 | for(i = 0; i < m; ++i) r[i] = op(this[i],a[i]); 142 | if(a.t < this.t) { 143 | f = a.s&this.DM; 144 | for(i = m; i < this.t; ++i) r[i] = op(this[i],f); 145 | r.t = this.t; 146 | } 147 | else { 148 | f = this.s&this.DM; 149 | for(i = m; i < a.t; ++i) r[i] = op(f,a[i]); 150 | r.t = a.t; 151 | } 152 | r.s = op(this.s,a.s); 153 | r.clamp(); 154 | } 155 | 156 | // (public) this & a 157 | function op_and(x,y) { return x&y; } 158 | function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; } 159 | 160 | // (public) this | a 161 | function op_or(x,y) { return x|y; } 162 | function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; } 163 | 164 | // (public) this ^ a 165 | function op_xor(x,y) { return x^y; } 166 | function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; } 167 | 168 | // (public) this & ~a 169 | function op_andnot(x,y) { return x&~y; } 170 | function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; } 171 | 172 | // (public) ~this 173 | function bnNot() { 174 | var r = nbi(); 175 | for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i]; 176 | r.t = this.t; 177 | r.s = ~this.s; 178 | return r; 179 | } 180 | 181 | // (public) this << n 182 | function bnShiftLeft(n) { 183 | var r = nbi(); 184 | if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r); 185 | return r; 186 | } 187 | 188 | // (public) this >> n 189 | function bnShiftRight(n) { 190 | var r = nbi(); 191 | if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r); 192 | return r; 193 | } 194 | 195 | // return index of lowest 1-bit in x, x < 2^31 196 | function lbit(x) { 197 | if(x == 0) return -1; 198 | var r = 0; 199 | if((x&0xffff) == 0) { x >>= 16; r += 16; } 200 | if((x&0xff) == 0) { x >>= 8; r += 8; } 201 | if((x&0xf) == 0) { x >>= 4; r += 4; } 202 | if((x&3) == 0) { x >>= 2; r += 2; } 203 | if((x&1) == 0) ++r; 204 | return r; 205 | } 206 | 207 | // (public) returns index of lowest 1-bit (or -1 if none) 208 | function bnGetLowestSetBit() { 209 | for(var i = 0; i < this.t; ++i) 210 | if(this[i] != 0) return i*this.DB+lbit(this[i]); 211 | if(this.s < 0) return this.t*this.DB; 212 | return -1; 213 | } 214 | 215 | // return number of 1 bits in x 216 | function cbit(x) { 217 | var r = 0; 218 | while(x != 0) { x &= x-1; ++r; } 219 | return r; 220 | } 221 | 222 | // (public) return number of set bits 223 | function bnBitCount() { 224 | var r = 0, x = this.s&this.DM; 225 | for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x); 226 | return r; 227 | } 228 | 229 | // (public) true iff nth bit is set 230 | function bnTestBit(n) { 231 | var j = Math.floor(n/this.DB); 232 | if(j >= this.t) return(this.s!=0); 233 | return((this[j]&(1<<(n%this.DB)))!=0); 234 | } 235 | 236 | // (protected) this op (1<>= this.DB; 259 | } 260 | if(a.t < this.t) { 261 | c += a.s; 262 | while(i < this.t) { 263 | c += this[i]; 264 | r[i++] = c&this.DM; 265 | c >>= this.DB; 266 | } 267 | c += this.s; 268 | } 269 | else { 270 | c += this.s; 271 | while(i < a.t) { 272 | c += a[i]; 273 | r[i++] = c&this.DM; 274 | c >>= this.DB; 275 | } 276 | c += a.s; 277 | } 278 | r.s = (c<0)?-1:0; 279 | if(c > 0) r[i++] = c; 280 | else if(c < -1) r[i++] = this.DV+c; 281 | r.t = i; 282 | r.clamp(); 283 | } 284 | 285 | // (public) this + a 286 | function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; } 287 | 288 | // (public) this - a 289 | function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; } 290 | 291 | // (public) this * a 292 | function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; } 293 | 294 | // (public) this^2 295 | function bnSquare() { var r = nbi(); this.squareTo(r); return r; } 296 | 297 | // (public) this / a 298 | function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; } 299 | 300 | // (public) this % a 301 | function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; } 302 | 303 | // (public) [this/a,this%a] 304 | function bnDivideAndRemainder(a) { 305 | var q = nbi(), r = nbi(); 306 | this.divRemTo(a,q,r); 307 | return new Array(q,r); 308 | } 309 | 310 | // (protected) this *= n, this >= 0, 1 < n < DV 311 | function bnpDMultiply(n) { 312 | this[this.t] = this.am(0,n-1,this,0,0,this.t); 313 | ++this.t; 314 | this.clamp(); 315 | } 316 | 317 | // (protected) this += n << w words, this >= 0 318 | function bnpDAddOffset(n,w) { 319 | if(n == 0) return; 320 | while(this.t <= w) this[this.t++] = 0; 321 | this[w] += n; 322 | while(this[w] >= this.DV) { 323 | this[w] -= this.DV; 324 | if(++w >= this.t) this[this.t++] = 0; 325 | ++this[w]; 326 | } 327 | } 328 | 329 | // A "null" reducer 330 | function NullExp() {} 331 | function nNop(x) { return x; } 332 | function nMulTo(x,y,r) { x.multiplyTo(y,r); } 333 | function nSqrTo(x,r) { x.squareTo(r); } 334 | 335 | NullExp.prototype.convert = nNop; 336 | NullExp.prototype.revert = nNop; 337 | NullExp.prototype.mulTo = nMulTo; 338 | NullExp.prototype.sqrTo = nSqrTo; 339 | 340 | // (public) this^e 341 | function bnPow(e) { return this.exp(e,new NullExp()); } 342 | 343 | // (protected) r = lower n words of "this * a", a.t <= n 344 | // "this" should be the larger one if appropriate. 345 | function bnpMultiplyLowerTo(a,n,r) { 346 | var i = Math.min(this.t+a.t,n); 347 | r.s = 0; // assumes a,this >= 0 348 | r.t = i; 349 | while(i > 0) r[--i] = 0; 350 | var j; 351 | for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t); 352 | for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i); 353 | r.clamp(); 354 | } 355 | 356 | // (protected) r = "this * a" without lower n words, n > 0 357 | // "this" should be the larger one if appropriate. 358 | function bnpMultiplyUpperTo(a,n,r) { 359 | --n; 360 | var i = r.t = this.t+a.t-n; 361 | r.s = 0; // assumes a,this >= 0 362 | while(--i >= 0) r[i] = 0; 363 | for(i = Math.max(n-this.t,0); i < a.t; ++i) 364 | r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n); 365 | r.clamp(); 366 | r.drShiftTo(1,r); 367 | } 368 | 369 | // Barrett modular reduction 370 | function Barrett(m) { 371 | // setup Barrett 372 | this.r2 = nbi(); 373 | this.q3 = nbi(); 374 | BigInteger.ONE.dlShiftTo(2*m.t,this.r2); 375 | this.mu = this.r2.divide(m); 376 | this.m = m; 377 | } 378 | 379 | function barrettConvert(x) { 380 | if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m); 381 | else if(x.compareTo(this.m) < 0) return x; 382 | else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } 383 | } 384 | 385 | function barrettRevert(x) { return x; } 386 | 387 | // x = x mod m (HAC 14.42) 388 | function barrettReduce(x) { 389 | x.drShiftTo(this.m.t-1,this.r2); 390 | if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); } 391 | this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3); 392 | this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2); 393 | while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1); 394 | x.subTo(this.r2,x); 395 | while(x.compareTo(this.m) >= 0) x.subTo(this.m,x); 396 | } 397 | 398 | // r = x^2 mod m; x != r 399 | function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); } 400 | 401 | // r = x*y mod m; x,y != r 402 | function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } 403 | 404 | Barrett.prototype.convert = barrettConvert; 405 | Barrett.prototype.revert = barrettRevert; 406 | Barrett.prototype.reduce = barrettReduce; 407 | Barrett.prototype.mulTo = barrettMulTo; 408 | Barrett.prototype.sqrTo = barrettSqrTo; 409 | 410 | // (public) this^e % m (HAC 14.85) 411 | function bnModPow(e,m) { 412 | var i = e.bitLength(), k, r = nbv(1), z; 413 | if(i <= 0) return r; 414 | else if(i < 18) k = 1; 415 | else if(i < 48) k = 3; 416 | else if(i < 144) k = 4; 417 | else if(i < 768) k = 5; 418 | else k = 6; 419 | if(i < 8) 420 | z = new Classic(m); 421 | else if(m.isEven()) 422 | z = new Barrett(m); 423 | else 424 | z = new Montgomery(m); 425 | 426 | // precomputation 427 | var g = new Array(), n = 3, k1 = k-1, km = (1< 1) { 430 | var g2 = nbi(); 431 | z.sqrTo(g[1],g2); 432 | while(n <= km) { 433 | g[n] = nbi(); 434 | z.mulTo(g2,g[n-2],g[n]); 435 | n += 2; 436 | } 437 | } 438 | 439 | var j = e.t-1, w, is1 = true, r2 = nbi(), t; 440 | i = nbits(e[j])-1; 441 | while(j >= 0) { 442 | if(i >= k1) w = (e[j]>>(i-k1))&km; 443 | else { 444 | w = (e[j]&((1<<(i+1))-1))<<(k1-i); 445 | if(j > 0) w |= e[j-1]>>(this.DB+i-k1); 446 | } 447 | 448 | n = k; 449 | while((w&1) == 0) { w >>= 1; --n; } 450 | if((i -= n) < 0) { i += this.DB; --j; } 451 | if(is1) { // ret == 1, don't bother squaring or multiplying it 452 | g[w].copyTo(r); 453 | is1 = false; 454 | } 455 | else { 456 | while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; } 457 | if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; } 458 | z.mulTo(r2,g[w],r); 459 | } 460 | 461 | while(j >= 0 && (e[j]&(1< 0) { 478 | x.rShiftTo(g,x); 479 | y.rShiftTo(g,y); 480 | } 481 | while(x.signum() > 0) { 482 | if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x); 483 | if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y); 484 | if(x.compareTo(y) >= 0) { 485 | x.subTo(y,x); 486 | x.rShiftTo(1,x); 487 | } 488 | else { 489 | y.subTo(x,y); 490 | y.rShiftTo(1,y); 491 | } 492 | } 493 | if(g > 0) y.lShiftTo(g,y); 494 | return y; 495 | } 496 | 497 | // (protected) this % n, n < 2^26 498 | function bnpModInt(n) { 499 | if(n <= 0) return 0; 500 | var d = this.DV%n, r = (this.s<0)?n-1:0; 501 | if(this.t > 0) 502 | if(d == 0) r = this[0]%n; 503 | else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n; 504 | return r; 505 | } 506 | 507 | // (public) 1/this % m (HAC 14.61) 508 | function bnModInverse(m) { 509 | var ac = m.isEven(); 510 | if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; 511 | var u = m.clone(), v = this.clone(); 512 | var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); 513 | while(u.signum() != 0) { 514 | while(u.isEven()) { 515 | u.rShiftTo(1,u); 516 | if(ac) { 517 | if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); } 518 | a.rShiftTo(1,a); 519 | } 520 | else if(!b.isEven()) b.subTo(m,b); 521 | b.rShiftTo(1,b); 522 | } 523 | while(v.isEven()) { 524 | v.rShiftTo(1,v); 525 | if(ac) { 526 | if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); } 527 | c.rShiftTo(1,c); 528 | } 529 | else if(!d.isEven()) d.subTo(m,d); 530 | d.rShiftTo(1,d); 531 | } 532 | if(u.compareTo(v) >= 0) { 533 | u.subTo(v,u); 534 | if(ac) a.subTo(c,a); 535 | b.subTo(d,b); 536 | } 537 | else { 538 | v.subTo(u,v); 539 | if(ac) c.subTo(a,c); 540 | d.subTo(b,d); 541 | } 542 | } 543 | if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; 544 | if(d.compareTo(m) >= 0) return d.subtract(m); 545 | if(d.signum() < 0) d.addTo(m,d); else return d; 546 | if(d.signum() < 0) return d.add(m); else return d; 547 | } 548 | 549 | var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997]; 550 | var lplim = (1<<26)/lowprimes[lowprimes.length-1]; 551 | 552 | // (public) test primality with certainty >= 1-.5^t 553 | function bnIsProbablePrime(t) { 554 | var i, x = this.abs(); 555 | if(x.t == 1 && x[0] <= lowprimes[lowprimes.length-1]) { 556 | for(i = 0; i < lowprimes.length; ++i) 557 | if(x[0] == lowprimes[i]) return true; 558 | return false; 559 | } 560 | if(x.isEven()) return false; 561 | i = 1; 562 | while(i < lowprimes.length) { 563 | var m = lowprimes[i], j = i+1; 564 | while(j < lowprimes.length && m < lplim) m *= lowprimes[j++]; 565 | m = x.modInt(m); 566 | while(i < j) if(m%lowprimes[i++] == 0) return false; 567 | } 568 | return x.millerRabin(t); 569 | } 570 | 571 | // (protected) true if probably prime (HAC 4.24, Miller-Rabin) 572 | function bnpMillerRabin(t) { 573 | var n1 = this.subtract(BigInteger.ONE); 574 | var k = n1.getLowestSetBit(); 575 | if(k <= 0) return false; 576 | var r = n1.shiftRight(k); 577 | t = (t+1)>>1; 578 | if(t > lowprimes.length) t = lowprimes.length; 579 | var a = nbi(); 580 | for(var i = 0; i < t; ++i) { 581 | //Pick bases at random, instead of starting at 2 582 | a.fromInt(lowprimes[Math.floor(Math.random()*lowprimes.length)]); 583 | var y = a.modPow(r,this); 584 | if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { 585 | var j = 1; 586 | while(j++ < k && y.compareTo(n1) != 0) { 587 | y = y.modPowInt(2,this); 588 | if(y.compareTo(BigInteger.ONE) == 0) return false; 589 | } 590 | if(y.compareTo(n1) != 0) return false; 591 | } 592 | } 593 | return true; 594 | } 595 | 596 | // protected 597 | BigInteger.prototype.chunkSize = bnpChunkSize; 598 | BigInteger.prototype.toRadix = bnpToRadix; 599 | BigInteger.prototype.fromRadix = bnpFromRadix; 600 | BigInteger.prototype.fromNumber = bnpFromNumber; 601 | BigInteger.prototype.bitwiseTo = bnpBitwiseTo; 602 | BigInteger.prototype.changeBit = bnpChangeBit; 603 | BigInteger.prototype.addTo = bnpAddTo; 604 | BigInteger.prototype.dMultiply = bnpDMultiply; 605 | BigInteger.prototype.dAddOffset = bnpDAddOffset; 606 | BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; 607 | BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; 608 | BigInteger.prototype.modInt = bnpModInt; 609 | BigInteger.prototype.millerRabin = bnpMillerRabin; 610 | 611 | // public 612 | BigInteger.prototype.clone = bnClone; 613 | BigInteger.prototype.intValue = bnIntValue; 614 | BigInteger.prototype.byteValue = bnByteValue; 615 | BigInteger.prototype.shortValue = bnShortValue; 616 | BigInteger.prototype.signum = bnSigNum; 617 | BigInteger.prototype.toByteArray = bnToByteArray; 618 | BigInteger.prototype.equals = bnEquals; 619 | BigInteger.prototype.min = bnMin; 620 | BigInteger.prototype.max = bnMax; 621 | BigInteger.prototype.and = bnAnd; 622 | BigInteger.prototype.or = bnOr; 623 | BigInteger.prototype.xor = bnXor; 624 | BigInteger.prototype.andNot = bnAndNot; 625 | BigInteger.prototype.not = bnNot; 626 | BigInteger.prototype.shiftLeft = bnShiftLeft; 627 | BigInteger.prototype.shiftRight = bnShiftRight; 628 | BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; 629 | BigInteger.prototype.bitCount = bnBitCount; 630 | BigInteger.prototype.testBit = bnTestBit; 631 | BigInteger.prototype.setBit = bnSetBit; 632 | BigInteger.prototype.clearBit = bnClearBit; 633 | BigInteger.prototype.flipBit = bnFlipBit; 634 | BigInteger.prototype.add = bnAdd; 635 | BigInteger.prototype.subtract = bnSubtract; 636 | BigInteger.prototype.multiply = bnMultiply; 637 | BigInteger.prototype.divide = bnDivide; 638 | BigInteger.prototype.remainder = bnRemainder; 639 | BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; 640 | BigInteger.prototype.modPow = bnModPow; 641 | BigInteger.prototype.modInverse = bnModInverse; 642 | BigInteger.prototype.pow = bnPow; 643 | BigInteger.prototype.gcd = bnGCD; 644 | BigInteger.prototype.isProbablePrime = bnIsProbablePrime; 645 | 646 | // JSBN-specific extension 647 | BigInteger.prototype.square = bnSquare; 648 | 649 | // BigInteger interfaces not implemented in jsbn: 650 | 651 | // BigInteger(int signum, byte[] magnitude) 652 | // double doubleValue() 653 | // float floatValue() 654 | // int hashCode() 655 | // long longValue() 656 | // static BigInteger valueOf(long val) 657 | -------------------------------------------------------------------------------- /lib/sjcl/LICENSE.txt: -------------------------------------------------------------------------------- 1 | SJCL is open. You can use, modify and redistribute it under a BSD 2 | license or under the GNU GPL, version 2.0. 3 | 4 | --------------------------------------------------------------------- 5 | 6 | http://opensource.org/licenses/BSD-2-Clause 7 | 8 | Copyright (c) 2009-2015, Emily Stark, Mike Hamburg and Dan Boneh at 9 | Stanford University. All rights reserved. 10 | 11 | Redistribution and use in source and binary forms, with or without 12 | modification, are permitted provided that the following conditions are 13 | met: 14 | 15 | 1. Redistributions of source code must retain the above copyright 16 | notice, this list of conditions and the following disclaimer. 17 | 18 | 2. Redistributions in binary form must reproduce the above copyright 19 | notice, this list of conditions and the following disclaimer in the 20 | documentation and/or other materials provided with the distribution. 21 | 22 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 23 | IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 26 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 27 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 28 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 | 34 | --------------------------------------------------------------------- 35 | 36 | http://opensource.org/licenses/GPL-2.0 37 | 38 | The Stanford Javascript Crypto Library (hosted here on GitHub) is a 39 | project by the Stanford Computer Security Lab to build a secure, 40 | powerful, fast, small, easy-to-use, cross-browser library for 41 | cryptography in Javascript. 42 | 43 | Copyright (c) 2009-2015, Emily Stark, Mike Hamburg and Dan Boneh at 44 | Stanford University. 45 | 46 | This program is free software; you can redistribute it and/or modify it 47 | under the terms of the GNU General Public License as published by the 48 | Free Software Foundation; either version 2 of the License, or (at your 49 | option) any later version. 50 | 51 | This program is distributed in the hope that it will be useful, but 52 | WITHOUT ANY WARRANTY; without even the implied warranty of 53 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 54 | Public License for more details. 55 | 56 | You should have received a copy of the GNU General Public License along 57 | with this program; if not, write to the Free Software Foundation, Inc., 58 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -------------------------------------------------------------------------------- /lib/sjcl/sjcl.js: -------------------------------------------------------------------------------- 1 | "use strict";var sjcl={cipher:{},hash:{},keyexchange:{},mode:{},misc:{},codec:{},exception:{corrupt:function(a){this.toString=function(){return"CORRUPT: "+this.message};this.message=a},invalid:function(a){this.toString=function(){return"INVALID: "+this.message};this.message=a},bug:function(a){this.toString=function(){return"BUG: "+this.message};this.message=a},notReady:function(a){this.toString=function(){return"NOT READY: "+this.message};this.message=a}}}; 2 | sjcl.cipher.aes=function(a){this.s[0][0][0]||this.O();var b,c,d,e,f=this.s[0][4],g=this.s[1];b=a.length;var h=1;if(4!==b&&6!==b&&8!==b)throw new sjcl.exception.invalid("invalid aes key size");this.b=[d=a.slice(0),e=[]];for(a=b;a<4*b+28;a++){c=d[a-1];if(0===a%b||8===b&&4===a%b)c=f[c>>>24]<<24^f[c>>16&255]<<16^f[c>>8&255]<<8^f[c&255],0===a%b&&(c=c<<8^c>>>24^h<<24,h=h<<1^283*(h>>7));d[a]=d[a-b]^c}for(b=0;a;b++,a--)c=d[b&3?a:a-4],e[b]=4>=a||4>b?c:g[0][f[c>>>24]]^g[1][f[c>>16&255]]^g[2][f[c>>8&255]]^g[3][f[c& 3 | 255]]}; 4 | sjcl.cipher.aes.prototype={encrypt:function(a){return t(this,a,0)},decrypt:function(a){return t(this,a,1)},s:[[[],[],[],[],[]],[[],[],[],[],[]]],O:function(){var a=this.s[0],b=this.s[1],c=a[4],d=b[4],e,f,g,h=[],k=[],l,n,m,p;for(e=0;0x100>e;e++)k[(h[e]=e<<1^283*(e>>7))^e]=e;for(f=g=0;!c[f];f^=l||1,g=k[g]||1)for(m=g^g<<1^g<<2^g<<3^g<<4,m=m>>8^m&255^99,c[f]=m,d[m]=f,n=h[e=h[l=h[f]]],p=0x1010101*n^0x10001*e^0x101*l^0x1010100*f,n=0x101*h[m]^0x1010100*m,e=0;4>e;e++)a[e][f]=n=n<<24^n>>>8,b[e][m]=p=p<<24^p>>>8;for(e= 5 | 0;5>e;e++)a[e]=a[e].slice(0),b[e]=b[e].slice(0)}}; 6 | function t(a,b,c){if(4!==b.length)throw new sjcl.exception.invalid("invalid aes block size");var d=a.b[c],e=b[0]^d[0],f=b[c?3:1]^d[1],g=b[2]^d[2];b=b[c?1:3]^d[3];var h,k,l,n=d.length/4-2,m,p=4,r=[0,0,0,0];h=a.s[c];a=h[0];var q=h[1],v=h[2],w=h[3],x=h[4];for(m=0;m>>24]^q[f>>16&255]^v[g>>8&255]^w[b&255]^d[p],k=a[f>>>24]^q[g>>16&255]^v[b>>8&255]^w[e&255]^d[p+1],l=a[g>>>24]^q[b>>16&255]^v[e>>8&255]^w[f&255]^d[p+2],b=a[b>>>24]^q[e>>16&255]^v[f>>8&255]^w[g&255]^d[p+3],p+=4,e=h,f=k,g=l;for(m= 7 | 0;4>m;m++)r[c?3&-m:m]=x[e>>>24]<<24^x[f>>16&255]<<16^x[g>>8&255]<<8^x[b&255]^d[p++],h=e,e=f,f=g,g=b,b=h;return r} 8 | sjcl.bitArray={bitSlice:function(a,b,c){a=sjcl.bitArray.$(a.slice(b/32),32-(b&31)).slice(1);return void 0===c?a:sjcl.bitArray.clamp(a,c-b)},extract:function(a,b,c){var d=Math.floor(-b-c&31);return((b+c-1^b)&-32?a[b/32|0]<<32-d^a[b/32+1|0]>>>d:a[b/32|0]>>>d)&(1<>b-1,1));return a},partial:function(a,b,c){return 32===a?b:(c?b|0:b<<32-a)+0x10000000000*a},getPartial:function(a){return Math.round(a/0x10000000000)||32},equal:function(a,b){if(sjcl.bitArray.bitLength(a)!==sjcl.bitArray.bitLength(b))return!1;var c=0,d;for(d=0;d>>b),c=a[e]<<32-b;e=a.length?a[a.length-1]:0;a=sjcl.bitArray.getPartial(e);d.push(sjcl.bitArray.partial(b+a&31,32>>24|c>>>8&0xff00|(c&0xff00)<<8|c<<24;return a}}; 11 | sjcl.codec.utf8String={fromBits:function(a){var b="",c=sjcl.bitArray.bitLength(a),d,e;for(d=0;d>>24),e<<=8;return decodeURIComponent(escape(b))},toBits:function(a){a=unescape(encodeURIComponent(a));var b=[],c,d=0;for(c=0;c>>g)>>>e),gn){if(!b)try{return sjcl.codec.base32hex.toBits(a)}catch(p){}throw new sjcl.exception.invalid("this isn't "+m+"!");}h>e?(h-=e,f.push(l^n>>>h),l=n<>>e)>>>26),6>e?(g=a[c]<<6-e,e+=26,c++):(g<<=6,e-=6);for(;d.length&3&&!b;)d+="=";return d},toBits:function(a,b){a=a.replace(/\s|=/g,"");var c=[],d,e=0,f=sjcl.codec.base64.B,g=0,h;b&&(f=f.substr(0,62)+"-_");for(d=0;dh)throw new sjcl.exception.invalid("this isn't base64!");26>>e),g=h<<32-e):(e+=6,g^=h<<32-e)}e&56&&c.push(sjcl.bitArray.partial(e&56,g,1));return c}};sjcl.codec.base64url={fromBits:function(a){return sjcl.codec.base64.fromBits(a,1,1)},toBits:function(a){return sjcl.codec.base64.toBits(a,1)}};sjcl.hash.sha256=function(a){this.b[0]||this.O();a?(this.F=a.F.slice(0),this.A=a.A.slice(0),this.l=a.l):this.reset()};sjcl.hash.sha256.hash=function(a){return(new sjcl.hash.sha256).update(a).finalize()}; 18 | sjcl.hash.sha256.prototype={blockSize:512,reset:function(){this.F=this.Y.slice(0);this.A=[];this.l=0;return this},update:function(a){"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));var b,c=this.A=sjcl.bitArray.concat(this.A,a);b=this.l;a=this.l=b+sjcl.bitArray.bitLength(a);if(0x1fffffffffffffb;c++){e=!0;for(d=2;d*d<=c;d++)if(0===c%d){e= 20 | !1;break}e&&(8>b&&(this.Y[b]=a(Math.pow(c,.5))),this.b[b]=a(Math.pow(c,1/3)),b++)}}}; 21 | function u(a,b){var c,d,e,f=a.F,g=a.b,h=f[0],k=f[1],l=f[2],n=f[3],m=f[4],p=f[5],r=f[6],q=f[7];for(c=0;64>c;c++)16>c?d=b[c]:(d=b[c+1&15],e=b[c+14&15],d=b[c&15]=(d>>>7^d>>>18^d>>>3^d<<25^d<<14)+(e>>>17^e>>>19^e>>>10^e<<15^e<<13)+b[c&15]+b[c+9&15]|0),d=d+q+(m>>>6^m>>>11^m>>>25^m<<26^m<<21^m<<7)+(r^m&(p^r))+g[c],q=r,r=p,p=m,m=n+d|0,n=l,l=k,k=h,h=d+(k&l^n&(k^l))+(k>>>2^k>>>13^k>>>22^k<<30^k<<19^k<<10)|0;f[0]=f[0]+h|0;f[1]=f[1]+k|0;f[2]=f[2]+l|0;f[3]=f[3]+n|0;f[4]=f[4]+m|0;f[5]=f[5]+p|0;f[6]=f[6]+r|0;f[7]= 22 | f[7]+q|0} 23 | sjcl.mode.ccm={name:"ccm",G:[],listenProgress:function(a){sjcl.mode.ccm.G.push(a)},unListenProgress:function(a){a=sjcl.mode.ccm.G.indexOf(a);-1k)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(f=2;4>f&&l>>>8*f;f++);f<15-k&&(f=15-k);c=h.clamp(c, 24 | 8*(15-f));b=sjcl.mode.ccm.V(a,b,c,d,e,f);g=sjcl.mode.ccm.C(a,g,c,b,e,f);return h.concat(g.data,g.tag)},decrypt:function(a,b,c,d,e){e=e||64;d=d||[];var f=sjcl.bitArray,g=f.bitLength(c)/8,h=f.bitLength(b),k=f.clamp(b,h-e),l=f.bitSlice(b,h-e),h=(h-e)/8;if(7>g)throw new sjcl.exception.invalid("ccm: iv must be at least 7 bytes");for(b=2;4>b&&h>>>8*b;b++);b<15-g&&(b=15-g);c=f.clamp(c,8*(15-b));k=sjcl.mode.ccm.C(a,k,c,l,e,b);a=sjcl.mode.ccm.V(a,k.data,c,d,e,b);if(!f.equal(k.tag,a))throw new sjcl.exception.corrupt("ccm: tag doesn't match"); 25 | return k.data},na:function(a,b,c,d,e,f){var g=[],h=sjcl.bitArray,k=h.i;d=[h.partial(8,(b.length?64:0)|d-2<<2|f-1)];d=h.concat(d,c);d[3]|=e;d=a.encrypt(d);if(b.length)for(c=h.bitLength(b)/8,65279>=c?g=[h.partial(16,c)]:0xffffffff>=c&&(g=h.concat([h.partial(16,65534)],[c])),g=h.concat(g,b),b=0;be||16n&&(sjcl.mode.ccm.fa(g/ 27 | k),n+=m),c[3]++,e=a.encrypt(c),b[g]^=e[0],b[g+1]^=e[1],b[g+2]^=e[2],b[g+3]^=e[3];return{tag:d,data:h.clamp(b,l)}}}; 28 | sjcl.mode.ocb2={name:"ocb2",encrypt:function(a,b,c,d,e,f){if(128!==sjcl.bitArray.bitLength(c))throw new sjcl.exception.invalid("ocb iv must be 128 bits");var g,h=sjcl.mode.ocb2.S,k=sjcl.bitArray,l=k.i,n=[0,0,0,0];c=h(a.encrypt(c));var m,p=[];d=d||[];e=e||64;for(g=0;g+4e.bitLength(c)&&(h=f(h,d(h)),c=e.concat(c,[-2147483648,0,0,0]));g=f(g,c); 31 | return a.encrypt(f(d(f(h,d(h))),g))},S:function(a){return[a[0]<<1^a[1]>>>31,a[1]<<1^a[2]>>>31,a[2]<<1^a[3]>>>31,a[3]<<1^135*(a[0]>>>31)]}}; 32 | sjcl.mode.gcm={name:"gcm",encrypt:function(a,b,c,d,e){var f=b.slice(0);b=sjcl.bitArray;d=d||[];a=sjcl.mode.gcm.C(!0,a,f,d,c,e||128);return b.concat(a.data,a.tag)},decrypt:function(a,b,c,d,e){var f=b.slice(0),g=sjcl.bitArray,h=g.bitLength(f);e=e||128;d=d||[];e<=h?(b=g.bitSlice(f,h-e),f=g.bitSlice(f,0,h-e)):(b=f,f=[]);a=sjcl.mode.gcm.C(!1,a,f,d,c,e);if(!g.equal(a.tag,b))throw new sjcl.exception.corrupt("gcm: tag doesn't match");return a.data},ka:function(a,b){var c,d,e,f,g,h=sjcl.bitArray.i;e=[0,0, 33 | 0,0];f=b.slice(0);for(c=0;128>c;c++){(d=0!==(a[Math.floor(c/32)]&1<<31-c%32))&&(e=h(e,f));g=0!==(f[3]&1);for(d=3;0>>1|(f[d-1]&1)<<31;f[0]>>>=1;g&&(f[0]^=-0x1f000000)}return e},j:function(a,b,c){var d,e=c.length;b=b.slice(0);for(d=0;de&&(a=b.hash(a));for(d=0;dd||0>c)throw new sjcl.exception.invalid("invalid params to pbkdf2");"string"===typeof a&&(a=sjcl.codec.utf8String.toBits(a));"string"===typeof b&&(b=sjcl.codec.utf8String.toBits(b));e=e||sjcl.misc.hmac;a=new e(a);var f,g,h,k,l=[],n=sjcl.bitArray;for(k=1;32*l.length<(d||1);k++){e=f=a.encrypt(n.concat(b,[k]));for(g=1;gg;g++)e.push(0x100000000*Math.random()|0);for(g=0;g=1<this.o&&(this.o= 40 | f);this.P++;this.b=sjcl.hash.sha256.hash(this.b.concat(e));this.L=new sjcl.cipher.aes(this.b);for(d=0;4>d&&(this.h[d]=this.h[d]+1|0,!this.h[d]);d++);}for(d=0;d>>1;this.c[g].update([d,this.N++,2,b,f,a.length].concat(a))}break;case "string":void 0===b&&(b=a.length);this.c[g].update([d,this.N++,3,b,f,a.length]);this.c[g].update(a);break;default:k=1}if(k)throw new sjcl.exception.bug("random: addEntropy only supports number, array of numbers or string");this.m[g]+=b;this.f+=b;h===this.u&&(this.isReady()!==this.u&&A("seeded",Math.max(this.o,this.f)),A("progress",this.getProgress()))}, 43 | isReady:function(a){a=this.T[void 0!==a?a:this.M];return this.o&&this.o>=a?this.m[0]>this.ba&&(new Date).valueOf()>this.Z?this.J|this.I:this.I:this.f>=a?this.J|this.u:this.u},getProgress:function(a){a=this.T[a?a:this.M];return this.o>=a?1:this.f>a?1:this.f/a},startCollectors:function(){if(!this.D){this.a={loadTimeCollector:B(this,this.ma),mouseCollector:B(this,this.oa),keyboardCollector:B(this,this.la),accelerometerCollector:B(this,this.ea),touchCollector:B(this,this.qa)};if(window.addEventListener)window.addEventListener("load", 44 | this.a.loadTimeCollector,!1),window.addEventListener("mousemove",this.a.mouseCollector,!1),window.addEventListener("keypress",this.a.keyboardCollector,!1),window.addEventListener("devicemotion",this.a.accelerometerCollector,!1),window.addEventListener("touchmove",this.a.touchCollector,!1);else if(document.attachEvent)document.attachEvent("onload",this.a.loadTimeCollector),document.attachEvent("onmousemove",this.a.mouseCollector),document.attachEvent("keypress",this.a.keyboardCollector);else throw new sjcl.exception.bug("can't attach event"); 45 | this.D=!0}},stopCollectors:function(){this.D&&(window.removeEventListener?(window.removeEventListener("load",this.a.loadTimeCollector,!1),window.removeEventListener("mousemove",this.a.mouseCollector,!1),window.removeEventListener("keypress",this.a.keyboardCollector,!1),window.removeEventListener("devicemotion",this.a.accelerometerCollector,!1),window.removeEventListener("touchmove",this.a.touchCollector,!1)):document.detachEvent&&(document.detachEvent("onload",this.a.loadTimeCollector),document.detachEvent("onmousemove", 46 | this.a.mouseCollector),document.detachEvent("keypress",this.a.keyboardCollector)),this.D=!1)},addEventListener:function(a,b){this.K[a][this.ga++]=b},removeEventListener:function(a,b){var c,d,e=this.K[a],f=[];for(d in e)e.hasOwnProperty(d)&&e[d]===b&&f.push(d);for(c=0;cb&&(a.h[b]=a.h[b]+1|0,!a.h[b]);b++);return a.L.encrypt(a.h)} 49 | function B(a,b){return function(){b.apply(a,arguments)}}sjcl.random=new sjcl.prng(6); 50 | a:try{var D,E,F,G;if(G="undefined"!==typeof module&&module.exports){var H;try{H=require("crypto")}catch(a){H=null}G=E=H}if(G&&E.randomBytes)D=E.randomBytes(128),D=new Uint32Array((new Uint8Array(D)).buffer),sjcl.random.addEntropy(D,1024,"crypto['randomBytes']");else if("undefined"!==typeof window&&"undefined"!==typeof Uint32Array){F=new Uint32Array(32);if(window.crypto&&window.crypto.getRandomValues)window.crypto.getRandomValues(F);else if(window.msCrypto&&window.msCrypto.getRandomValues)window.msCrypto.getRandomValues(F); 51 | else break a;sjcl.random.addEntropy(F,1024,"crypto['getRandomValues']")}}catch(a){"undefined"!==typeof window&&window.console&&(console.log("There was an error collecting entropy from the browser:"),console.log(a))} 52 | sjcl.json={defaults:{v:1,iter:1E4,ks:128,ts:64,mode:"ccm",adata:"",cipher:"aes"},ja:function(a,b,c,d){c=c||{};d=d||{};var e=sjcl.json,f=e.g({iv:sjcl.random.randomWords(4,0)},e.defaults),g;e.g(f,c);c=f.adata;"string"===typeof f.salt&&(f.salt=sjcl.codec.base64.toBits(f.salt));"string"===typeof f.iv&&(f.iv=sjcl.codec.base64.toBits(f.iv));if(!sjcl.mode[f.mode]||!sjcl.cipher[f.cipher]||"string"===typeof a&&100>=f.iter||64!==f.ts&&96!==f.ts&&128!==f.ts||128!==f.ks&&192!==f.ks&&0x100!==f.ks||2>f.iv.length|| 53 | 4=b.iter||64!==b.ts&&96!==b.ts&&128!==b.ts||128!==b.ks&&192!==b.ks&&0x100!==b.ks||!b.iv||2>b.iv.length||4