summaryrefslogtreecommitdiff
path: root/frontend/beta/js
authorMichael Krelin <hacker@klever.net>2014-06-30 18:20:13 (UTC)
committer Michael Krelin <hacker@klever.net>2014-06-30 18:20:13 (UTC)
commitc392fe28606eefa0c814e5c25d641f5ffe623186 (patch) (unidiff)
treeda03fe13ca09fadbebbad9b5d38750757270bae8 /frontend/beta/js
parentd341307d346dee62ee36b27f0f93b8f000748a96 (diff)
parent6dd16d9359e3a4dc306802588b09acd43947a606 (diff)
downloadclipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.zip
clipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.tar.gz
clipperz-c392fe28606eefa0c814e5c25d641f5ffe623186.tar.bz2
Merge remote-tracking branch 'github/master' into nmaster
Diffstat (limited to 'frontend/beta/js') (more/less context) (show whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/Base.js28
-rw-r--r--frontend/beta/js/Clipperz/Crypto/PRNG.js126
-rw-r--r--frontend/beta/js/Clipperz/Crypto/SRP.js57
-rw-r--r--frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js2
-rw-r--r--frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js4
-rw-r--r--frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js22
-rw-r--r--frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js2
-rw-r--r--frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js39
8 files changed, 159 insertions, 121 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js
index cf40314..1c6faa1 100644
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -237,24 +237,52 @@ MochiKit.Base.update(Clipperz.Base, {
237 237
238 if (Clipperz.Base.objectType(aValue) == 'string') { 238 if (Clipperz.Base.objectType(aValue) == 'string') {
239 result = aValue; 239 result = aValue;
240 result = result.replace(/</img,"&lt;"); 240 result = result.replace(/</img,"&lt;");
241 result = result.replace(/>/img,"&gt;"); 241 result = result.replace(/>/img,"&gt;");
242 } else { 242 } else {
243 result = aValue; 243 result = aValue;
244 } 244 }
245 245
246 return result; 246 return result;
247 }, 247 },
248 248
249 'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
250
251 'sanitizeUrl': function(aValue) {
252 varresult;
253
254 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
255 result = aValue.replace(this.javascriptInjectionPattern, '');
256 console.log("sanitized url", aValue, result);
257 } else {
258 result = aValue;
259 }
260
261 return result;
262 },
263
264 'sanitizeFavicon': function(aValue) {
265 varresult;
266
267 if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
268 result = aValue.replace(this.javascriptInjectionPattern, '');
269 console.log("sanitized favicon", aValue, result);
270 } else {
271 result = aValue;
272 }
273
274 return result;
275 },
276
249 //------------------------------------------------------------------------- 277 //-------------------------------------------------------------------------
250 278
251 'exception': { 279 'exception': {
252 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"), 280 'AbstractMethod': new MochiKit.Base.NamedError("Clipperz.Base.exception.AbstractMethod"),
253 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"), 281 'UnknownType': new MochiKit.Base.NamedError("Clipperz.Base.exception.UnknownType"),
254 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue") 282 'VulnerabilityIssue':new MochiKit.Base.NamedError("Clipperz.Base.exception.VulnerabilityIssue")
255 }, 283 },
256 284
257 //------------------------------------------------------------------------- 285 //-------------------------------------------------------------------------
258 __syntaxFix__: "syntax fix" 286 __syntaxFix__: "syntax fix"
259 287
260}); 288});
diff --git a/frontend/beta/js/Clipperz/Crypto/PRNG.js b/frontend/beta/js/Clipperz/Crypto/PRNG.js
index b5c3f8a..6fdeca4 100644
--- a/frontend/beta/js/Clipperz/Crypto/PRNG.js
+++ b/frontend/beta/js/Clipperz/Crypto/PRNG.js
@@ -188,30 +188,24 @@ Clipperz.Crypto.PRNG.TimeRandomnessSource.prototype = MochiKit.Base.update(new C
188 188
189 this.updateGeneratorWithValue(entropyByte); 189 this.updateGeneratorWithValue(entropyByte);
190 setTimeout(this.collectEntropy, intervalTime); 190 setTimeout(this.collectEntropy, intervalTime);
191 }, 191 },
192 192
193 //------------------------------------------------------------------------- 193 //-------------------------------------------------------------------------
194 194
195 'numberOfRandomBits': function() { 195 'numberOfRandomBits': function() {
196 return 5; 196 return 5;
197 }, 197 },
198 198
199 //------------------------------------------------------------------------- 199 //-------------------------------------------------------------------------
200
201 'pollingFrequency': function() {
202 return 10;
203 },
204
205 //-------------------------------------------------------------------------
206 __syntaxFix__: "syntax fix" 200 __syntaxFix__: "syntax fix"
207}); 201});
208 202
209//***************************************************************************** 203//*****************************************************************************
210 204
211Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) { 205Clipperz.Crypto.PRNG.MouseRandomnessSource = function(args) {
212 args = args || {}; 206 args = args || {};
213 207
214 Clipperz.Crypto.PRNG.RandomnessSource.call(this, args); 208 Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
215 209
216 this._numberOfBitsToCollectAtEachEvent = 4; 210 this._numberOfBitsToCollectAtEachEvent = 4;
217 this._randomBitsCollector = 0; 211 this._randomBitsCollector = 0;
@@ -236,30 +230,30 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new
236 return this._randomBitsCollector; 230 return this._randomBitsCollector;
237 }, 231 },
238 232
239 'setRandomBitsCollector': function(aValue) { 233 'setRandomBitsCollector': function(aValue) {
240 this._randomBitsCollector = aValue; 234 this._randomBitsCollector = aValue;
241 }, 235 },
242 236
243 'appendRandomBitsToRandomBitsCollector': function(aValue) { 237 'appendRandomBitsToRandomBitsCollector': function(aValue) {
244 var collectedBits; 238 var collectedBits;
245 var numberOfRandomBitsCollected; 239 var numberOfRandomBitsCollected;
246 240
247 numberOfRandomBitsCollected = this.numberOfRandomBitsCollected(); 241 numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
248 collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected); 242 collectedBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
249 this.setRandomBitsCollector(collectetBits); 243 this.setRandomBitsCollector(collectedBits);
250 numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent(); 244 numberOfRandomBitsCollected += this.numberOfBitsToCollectAtEachEvent();
251 245
252 if (numberOfRandomBitsCollected == 8) { 246 if (numberOfRandomBitsCollected == 8) {
253 this.updateGeneratorWithValue(collectetBits); 247 this.updateGeneratorWithValue(collectedBits);
254 numberOfRandomBitsCollected = 0; 248 numberOfRandomBitsCollected = 0;
255 this.setRandomBitsCollector(0); 249 this.setRandomBitsCollector(0);
256 } 250 }
257 251
258 this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected) 252 this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected)
259 }, 253 },
260 254
261 //------------------------------------------------------------------------- 255 //-------------------------------------------------------------------------
262 256
263 'numberOfRandomBitsCollected': function() { 257 'numberOfRandomBitsCollected': function() {
264 return this._numberOfRandomBitsCollected; 258 return this._numberOfRandomBitsCollected;
265 }, 259 },
@@ -280,111 +274,69 @@ Clipperz.Crypto.PRNG.MouseRandomnessSource.prototype = MochiKit.Base.update(new
280 mouseLocation = anEvent.mouse().client; 274 mouseLocation = anEvent.mouse().client;
281 randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask); 275 randomBit = ((mouseLocation.x ^ mouseLocation.y) & mask);
282 this.appendRandomBitsToRandomBitsCollector(randomBit) 276 this.appendRandomBitsToRandomBitsCollector(randomBit)
283 }, 277 },
284 278
285 //------------------------------------------------------------------------- 279 //-------------------------------------------------------------------------
286 280
287 'numberOfRandomBits': function() { 281 'numberOfRandomBits': function() {
288 return 1; 282 return 1;
289 }, 283 },
290 284
291 //------------------------------------------------------------------------- 285 //-------------------------------------------------------------------------
292
293 'pollingFrequency': function() {
294 return 10;
295 },
296
297 //-------------------------------------------------------------------------
298 __syntaxFix__: "syntax fix" 286 __syntaxFix__: "syntax fix"
299}); 287});
300 288
301//***************************************************************************** 289//*****************************************************************************
302 290
303Clipperz.Crypto.PRNG.KeyboardRandomnessSource = function(args) { 291Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource = function(args) {
304 args = args || {}; 292 args = args || {};
305 Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
306 293
307 this._randomBitsCollector = 0; 294 this._intervalTime = args.intervalTime || 1000;
308 this._numberOfRandomBitsCollected = 0; 295 this._browserCrypto = args.browserCrypto;
309 296
310 MochiKit.Signal.connect(document, 'onkeypress', this, 'collectEntropy'); 297 Clipperz.Crypto.PRNG.RandomnessSource.call(this, args);
311 298
299 this.collectEntropy();
312 return this; 300 return this;
313} 301}
314 302
315Clipperz.Crypto.PRNG.KeyboardRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, { 303Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource.prototype = MochiKit.Base.update(new Clipperz.Crypto.PRNG.RandomnessSource, {
316
317 //-------------------------------------------------------------------------
318
319 'randomBitsCollector': function() {
320 return this._randomBitsCollector;
321 },
322
323 'setRandomBitsCollector': function(aValue) {
324 this._randomBitsCollector = aValue;
325 },
326
327 'appendRandomBitToRandomBitsCollector': function(aValue) {
328 var collectedBits;
329 var numberOfRandomBitsCollected;
330
331 numberOfRandomBitsCollected = this.numberOfRandomBitsCollected();
332 collectetBits = this.randomBitsCollector() | (aValue << numberOfRandomBitsCollected);
333 this.setRandomBitsCollector(collectetBits);
334 numberOfRandomBitsCollected ++;
335
336 if (numberOfRandomBitsCollected == 8) {
337 this.updateGeneratorWithValue(collectetBits);
338 numberOfRandomBitsCollected = 0;
339 this.setRandomBitsCollector(0);
340 }
341
342 this.setNumberOfRandomBitsCollected(numberOfRandomBitsCollected)
343 },
344
345 //-------------------------------------------------------------------------
346 304
347 'numberOfRandomBitsCollected': function() { 305 'intervalTime': function() {
348 return this._numberOfRandomBitsCollected; 306 return this._intervalTime;
349 }, 307 },
350 308
351 'setNumberOfRandomBitsCollected': function(aValue) { 309 'browserCrypto': function () {
352 this._numberOfRandomBitsCollected = aValue; 310 return this._browserCrypto;
353 }, 311 },
354 312
355 //------------------------------------------------------------------------- 313 //-------------------------------------------------------------------------
356 314
357 'collectEntropy': function(anEvent) { 315 'collectEntropy': function() {
358/* 316 varbytesToCollect;
359 var mouseLocation;
360 var randomBit;
361
362 mouseLocation = anEvent.mouse().client;
363
364 randomBit = ((mouseLocation.x ^ mouseLocation.y) & 0x1);
365 this.appendRandomBitToRandomBitsCollector(randomBit);
366*/
367 },
368
369 //-------------------------------------------------------------------------
370 317
371 'numberOfRandomBits': function() { 318 if (this.boostMode() == true) {
372 return 1; 319 bytesToCollect = 64;
373 }, 320 } else {
321 bytesToCollect = 8;
322 }
374 323
375 //------------------------------------------------------------------------- 324 var randomValuesArray = new Uint8Array(bytesToCollect);
325 this.browserCrypto().getRandomValues(randomValuesArray);
326 for (var i = 0; i < randomValuesArray.length; i++) {
327 this.updateGeneratorWithValue(randomValuesArray[i]);
328 }
376 329
377 'pollingFrequency': function() { 330 setTimeout(this.collectEntropy, this.intervalTime());
378 return 10;
379 }, 331 },
380 332
381 //------------------------------------------------------------------------- 333 //-------------------------------------------------------------------------
382 __syntaxFix__: "syntax fix" 334 __syntaxFix__: "syntax fix"
383}); 335});
384 336
385//############################################################################# 337//#############################################################################
386 338
387Clipperz.Crypto.PRNG.Fortuna = function(args) { 339Clipperz.Crypto.PRNG.Fortuna = function(args) {
388 vari,c; 340 vari,c;
389 341
390 args = args || {}; 342 args = args || {};
@@ -598,61 +550,55 @@ MochiKit.Logging.logWarning("Fortuna generator has not enough entropy, yet!");
598 this.randomnessSources().push(aRandomnessSource); 550 this.randomnessSources().push(aRandomnessSource);
599 551
600 if (this.isReadyToGenerateRandomValues() == false) { 552 if (this.isReadyToGenerateRandomValues() == false) {
601 aRandomnessSource.setBoostMode(true); 553 aRandomnessSource.setBoostMode(true);
602 } 554 }
603 }, 555 },
604 556
605 //------------------------------------------------------------------------- 557 //-------------------------------------------------------------------------
606 558
607 'deferredEntropyCollection': function(aValue) { 559 'deferredEntropyCollection': function(aValue) {
608 var result; 560 var result;
609 561
610//MochiKit.Logging.logDebug(">>> PRNG.deferredEntropyCollection");
611 562
612 if (this.isReadyToGenerateRandomValues()) { 563 if (this.isReadyToGenerateRandomValues()) {
613//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 1");
614 result = aValue; 564 result = aValue;
615 } else { 565 } else {
616//MochiKit.Logging.logDebug("--- PRNG.deferredEntropyCollection - 2");
617 var deferredResult; 566 var deferredResult;
618 567
619 Clipperz.NotificationCenter.notify(this, 'updatedProgressState', 'collectingEntropy', true); 568 Clipperz.NotificationCenter.notify(this, 'updatedProgressState', 'collectingEntropy', true);
620 569
621 deferredResult = new MochiKit.Async.Deferred(); 570 deferredResult = new MochiKit.Async.Deferred();
622 // deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.1 - PRNG.deferredEntropyCollection - 1: " + res); return res;});
623 deferredResult.addCallback(MochiKit.Base.partial(MochiKit.Async.succeed, aValue)); 571 deferredResult.addCallback(MochiKit.Base.partial(MochiKit.Async.succeed, aValue));
624 // deferredResult.addBoth(function(res) {MochiKit.Logging.logDebug("1.2.2 - PRNG.deferredEntropyCollection - 2: " + res); return res;});
625 MochiKit.Signal.connect(this, 572 MochiKit.Signal.connect(this,
626 'readyToGenerateRandomBytes', 573 'readyToGenerateRandomBytes',
627 deferredResult, 574 deferredResult,
628 'callback'); 575 'callback');
629 576
630 result = deferredResult; 577 result = deferredResult;
631 } 578 }
632//MochiKit.Logging.logDebug("<<< PRNG.deferredEntropyCollection - result: " + result);
633 579
634 return result; 580 return result;
635 }, 581 },
636 582
637 //------------------------------------------------------------------------- 583 //-------------------------------------------------------------------------
638 584
639 'fastEntropyAccumulationForTestingPurpose': function() { 585 'fastEntropyAccumulationForTestingPurpose': function() {
640 while (! this.isReadyToGenerateRandomValues()) { 586 while (! this.isReadyToGenerateRandomValues()) {
641 this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256)); 587 this.addRandomByte(Math.floor(Math.random() * 32), Math.floor(Math.random() * 32), Math.floor(Math.random() * 256));
642 } 588 }
643 }, 589 },
644 590
645 //------------------------------------------------------------------------- 591 //-------------------------------------------------------------------------
646 592/*
647 'dump': function(appendToDoc) { 593 'dump': function(appendToDoc) {
648 var tbl; 594 var tbl;
649 var i,c; 595 var i,c;
650 596
651 tbl = document.createElement("table"); 597 tbl = document.createElement("table");
652 tbl.border = 0; 598 tbl.border = 0;
653 with (tbl.style) { 599 with (tbl.style) {
654 border = "1px solid lightgrey"; 600 border = "1px solid lightgrey";
655 fontFamily = 'Helvetica, Arial, sans-serif'; 601 fontFamily = 'Helvetica, Arial, sans-serif';
656 fontSize = '8pt'; 602 fontSize = '8pt';
657 //borderCollapse = "collapse"; 603 //borderCollapse = "collapse";
658 } 604 }
@@ -740,25 +686,25 @@ MochiKit.Logging.logWarning("Fortuna generator has not enough entropy, yet!");
740 padding = "10px"; 686 padding = "10px";
741 } 687 }
742 if (document.getElementById(ne.id)) { 688 if (document.getElementById(ne.id)) {
743 MochiKit.DOM.swapDOM(ne.id, ne); 689 MochiKit.DOM.swapDOM(ne.id, ne);
744 } else { 690 } else {
745 document.body.appendChild(ne); 691 document.body.appendChild(ne);
746 } 692 }
747 ne.appendChild(tbl); 693 ne.appendChild(tbl);
748 } 694 }
749 695
750 return tbl; 696 return tbl;
751 }, 697 },
752 698*/
753 //----------------------------------------------------------------------------- 699 //-----------------------------------------------------------------------------
754 __syntaxFix__: "syntax fix" 700 __syntaxFix__: "syntax fix"
755}); 701});
756 702
757//############################################################################# 703//#############################################################################
758 704
759Clipperz.Crypto.PRNG.Random = function(args) { 705Clipperz.Crypto.PRNG.Random = function(args) {
760 args = args || {}; 706 args = args || {};
761 //MochiKit.Base.bindMethods(this); 707 //MochiKit.Base.bindMethods(this);
762 708
763 return this; 709 return this;
764} 710}
@@ -815,34 +761,44 @@ Clipperz.Crypto.PRNG.defaultRandomGenerator = function() {
815 // MouseRandomnessSource 761 // MouseRandomnessSource
816 // 762 //
817 //............................................................. 763 //.............................................................
818 { 764 {
819 varnewRandomnessSource; 765 varnewRandomnessSource;
820 766
821 newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource(); 767 newRandomnessSource = new Clipperz.Crypto.PRNG.MouseRandomnessSource();
822 _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); 768 _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
823 } 769 }
824 770
825 //............................................................. 771 //.............................................................
826 // 772 //
827 // KeyboardRandomnessSource 773 // CryptoRandomRandomnessSource
828 // 774 //
829 //............................................................. 775 //.............................................................
830 { 776 {
831 varnewRandomnessSource; 777 varnewRandomnessSource;
778 varbrowserCrypto;
832 779
833 newRandomnessSource = new Clipperz.Crypto.PRNG.KeyboardRandomnessSource(); 780 if (window.crypto && window.crypto.getRandomValues) {
834 _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource); 781 browserCrypto = window.crypto;
782 } else if (window.msCrypto && window.msCrypto.getRandomValues) {
783 browserCrypto = window.msCrypto;
784 } else {
785 browserCrypto = null;
835 } 786 }
836 787
788 if (browserCrypto != null) {
789 newRandomnessSource = new Clipperz.Crypto.PRNG.CryptoRandomRandomnessSource({'browserCrypto':browserCrypto});
790 _clipperz_crypt_prng_defaultPRNG.addRandomnessSource(newRandomnessSource);
791 }
792 }
837 } 793 }
838 794
839 return _clipperz_crypt_prng_defaultPRNG; 795 return _clipperz_crypt_prng_defaultPRNG;
840}; 796};
841 797
842//############################################################################# 798//#############################################################################
843 799
844Clipperz.Crypto.PRNG.exception = { 800Clipperz.Crypto.PRNG.exception = {
845 NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy") 801 NotEnoughEntropy: new MochiKit.Base.NamedError("Clipperz.Crypto.PRNG.exception.NotEnoughEntropy")
846}; 802};
847 803
848 804
diff --git a/frontend/beta/js/Clipperz/Crypto/SRP.js b/frontend/beta/js/Clipperz/Crypto/SRP.js
index 8cc80ba..8c522ad 100644
--- a/frontend/beta/js/Clipperz/Crypto/SRP.js
+++ b/frontend/beta/js/Clipperz/Crypto/SRP.js
@@ -35,44 +35,55 @@ try { if (typeof(Clipperz.Crypto.PRNG) == 'undefined') { throw ""; }} catch (e)
35 35
36if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; } 36if (typeof(Clipperz.Crypto.SRP) == 'undefined') { Clipperz.Crypto.SRP = {}; }
37 37
38Clipperz.Crypto.SRP.VERSION = "0.1"; 38Clipperz.Crypto.SRP.VERSION = "0.1";
39Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP"; 39Clipperz.Crypto.SRP.NAME = "Clipperz.Crypto.SRP";
40 40
41//############################################################################# 41//#############################################################################
42 42
43MochiKit.Base.update(Clipperz.Crypto.SRP, { 43MochiKit.Base.update(Clipperz.Crypto.SRP, {
44 44
45 '_n': null, 45 '_n': null,
46 '_g': null, 46 '_g': null,
47 '_k': null,
48
47 //------------------------------------------------------------------------- 49 //-------------------------------------------------------------------------
48 50
49 'n': function() { 51 'n': function() {
50 if (Clipperz.Crypto.SRP._n == null) { 52 if (Clipperz.Crypto.SRP._n == null) {
51 Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16); 53 Clipperz.Crypto.SRP._n = new Clipperz.Crypto.BigInt("115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3", 16);
52 } 54 }
53 55
54 return Clipperz.Crypto.SRP._n; 56 return Clipperz.Crypto.SRP._n;
55 }, 57 },
56 58
57 //------------------------------------------------------------------------- 59 //-------------------------------------------------------------------------
58 60
59 'g': function() { 61 'g': function() {
60 if (Clipperz.Crypto.SRP._g == null) { 62 if (Clipperz.Crypto.SRP._g == null) {
61 Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); //eventually 5 (as suggested on the Diffi-Helmann documentation) 63 Clipperz.Crypto.SRP._g = new Clipperz.Crypto.BigInt(2); //eventually 5 (as suggested on the Diffi-Helmann documentation)
62 } 64 }
63 65
64 return Clipperz.Crypto.SRP._g; 66 return Clipperz.Crypto.SRP._g;
65 }, 67 },
66 68
69 'k': function() {
70 if (Clipperz.Crypto.SRP._k == null) {
71 // Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt(this.stringHash(this.n().asString() + this.g().asString()), 16);
72 Clipperz.Crypto.SRP._k = new Clipperz.Crypto.BigInt("64398bff522814e306a97cb9bfc4364b7eed16a8c17c5208a40a2bad2933c8e", 16);
73 }
74
75 return Clipperz.Crypto.SRP._k;
76 },
77
67 //----------------------------------------------------------------------------- 78 //-----------------------------------------------------------------------------
68 79
69 'exception': { 80 'exception': {
70 'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue") 81 'InvalidValue': new MochiKit.Base.NamedError("Clipperz.Crypto.SRP.exception.InvalidValue")
71 }, 82 },
72 83
73 //------------------------------------------------------------------------- 84 //-------------------------------------------------------------------------
74 __syntaxFix__: "syntax fix" 85 __syntaxFix__: "syntax fix"
75 86
76}); 87});
77 88
78//############################################################################# 89//#############################################################################
@@ -120,146 +131,154 @@ Clipperz.Crypto.SRP.Connection.prototype = MochiKit.Base.update(null, {
120 //------------------------------------------------------------------------- 131 //-------------------------------------------------------------------------
121 132
122 'P': function () { 133 'P': function () {
123 return this._P; 134 return this._P;
124 }, 135 },
125 136
126 //------------------------------------------------------------------------- 137 //-------------------------------------------------------------------------
127 138
128 'a': function () { 139 'a': function () {
129 if (this._a == null) { 140 if (this._a == null) {
130 this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16); 141 this._a = new Clipperz.Crypto.BigInt(Clipperz.Crypto.PRNG.defaultRandomGenerator().getRandomBytes(32).toHexString().substring(2), 16);
131 // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10); 142 // this._a = new Clipperz.Crypto.BigInt("37532428169486597638072888476611365392249575518156687476805936694442691012367", 10);
132//MochiKit.Logging.logDebug("SRP a: " + this._a);
133 } 143 }
134 144
135 return this._a; 145 return this._a;
136 }, 146 },
137 147
138 //------------------------------------------------------------------------- 148 //-------------------------------------------------------------------------
139 149
140 'A': function () { 150 'A': function () {
141 if (this._A == null) { 151 if (this._A == null) {
142 //Warning: this value should be strictly greater than zero: how should we perform this check? 152 //Warning: this value should be strictly greater than zero
143 this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n()); 153 this._A = Clipperz.Crypto.SRP.g().powerModule(this.a(), Clipperz.Crypto.SRP.n());
144 154 if (this._A.equals(0) || negative(this._A)) {
145 if (this._A.equals(0)) {
146MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0."); 155MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'A' to 0.");
147 throw Clipperz.Crypto.SRP.exception.InvalidValue; 156 throw Clipperz.Crypto.SRP.exception.InvalidValue;
148 } 157 }
149//MochiKit.Logging.logDebug("SRP A: " + this._A);
150 } 158 }
151 159
152 return this._A; 160 return this._A;
153 }, 161 },
154 162
155 //------------------------------------------------------------------------- 163 //-------------------------------------------------------------------------
156 164
157 's': function () { 165 's': function () {
158 return this._s; 166 return this._s;
159//MochiKit.Logging.logDebug("SRP s: " + this._S);
160 }, 167 },
161 168
162 'set_s': function(aValue) { 169 'set_s': function(aValue) {
163 this._s = aValue; 170 this._s = aValue;
164 }, 171 },
165 172
166 //------------------------------------------------------------------------- 173 //-------------------------------------------------------------------------
167 174
168 'B': function () { 175 'B': function () {
169 return this._B; 176 return this._B;
170 }, 177 },
171 178
172 'set_B': function(aValue) { 179 'set_B': function(aValue) {
173 //Warning: this value should be strictly greater than zero: how should we perform this check? 180 //Warning: this value should be strictly greater than zero
174 if (! aValue.equals(0)) {
175 this._B = aValue; 181 this._B = aValue;
176//MochiKit.Logging.logDebug("SRP B: " + this._B); 182 if (this._B.equals(0) || negative(this._B)) {
177 } else {
178MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0."); 183MochiKit.Logging.logError("Clipperz.Crypto.SRP.Connection: trying to set 'B' to 0.");
179 throw Clipperz.Crypto.SRP.exception.InvalidValue; 184 throw Clipperz.Crypto.SRP.exception.InvalidValue;
180 } 185 }
181 }, 186 },
182 187
183 //------------------------------------------------------------------------- 188 //-------------------------------------------------------------------------
184 189
185 'x': function () { 190 'x': function () {
186 if (this._x == null) { 191 if (this._x == null) {
187 this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16); 192 this._x = new Clipperz.Crypto.BigInt(this.stringHash(this.s().asString(16, 64) + this.P()), 16);
188//MochiKit.Logging.logDebug("SRP x: " + this._x);
189 } 193 }
190 194
191 return this._x; 195 return this._x;
192 }, 196 },
193 197
194 //------------------------------------------------------------------------- 198 //-------------------------------------------------------------------------
195 199
196 'u': function () { 200 'u': function () {
197 if (this._u == null) { 201 if (this._u == null) {
198 this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.B().asString()), 16); 202 this._u = new Clipperz.Crypto.BigInt(this.stringHash(this.A().asString() + this.B().asString()), 16);
199//MochiKit.Logging.logDebug("SRP u: " + this._u);
200 } 203 }
201 204
202 return this._u; 205 return this._u;
203 }, 206 },
204 207
205 //------------------------------------------------------------------------- 208 //-------------------------------------------------------------------------
206 209
207 'S': function () { 210 'S': function () {
208 if (this._S == null) { 211 if (this._S == null) {
209 var bigint; 212 var bigint;
210 varsrp; 213 varsrp;
211 214
212 bigint = Clipperz.Crypto.BigInt; 215 bigint = Clipperz.Crypto.BigInt;
213 srp = Clipperz.Crypto.SRP; 216 srp = Clipperz.Crypto.SRP;
214 217
215 this._S =bigint.powerModule( 218 this._S =bigint.powerModule(
216 bigint.subtract(this.B(), bigint.powerModule(srp.g(), this.x(), srp.n())), 219 bigint.subtract(
220 this.B(),
221 bigint.multiply(
222 Clipperz.Crypto.SRP.k(),
223 bigint.powerModule(srp.g(), this.x(), srp.n())
224 )
225 ),
217 bigint.add(this.a(), bigint.multiply(this.u(), this.x())), 226 bigint.add(this.a(), bigint.multiply(this.u(), this.x())),
218 srp.n() 227 srp.n()
219 ) 228 )
220//MochiKit.Logging.logDebug("SRP S: " + this._S);
221 } 229 }
222 230
223 return this._S; 231 return this._S;
224 }, 232 },
225 233
226 //------------------------------------------------------------------------- 234 //-------------------------------------------------------------------------
227 235
228 'K': function () { 236 'K': function () {
229 if (this._K == null) { 237 if (this._K == null) {
230 this._K = this.stringHash(this.S().asString()); 238 this._K = this.stringHash(this.S().asString());
231//MochiKit.Logging.logDebug("SRP K: " + this._K);
232 } 239 }
233 240
234 return this._K; 241 return this._K;
235 }, 242 },
236 243
237 //------------------------------------------------------------------------- 244 //-------------------------------------------------------------------------
238 245
239 'M1': function () { 246 'M1': function () {
240 if (this._M1 == null) { 247 if (this._M1 == null) {
241 this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K()); 248 // this._M1 = this.stringHash(this.A().asString(10) + this.B().asString(10) + this.K());
242//MochiKit.Logging.logDebug("SRP M1: " + this._M1); 249
250 //http://srp.stanford.edu/design.html
251 //User -> Host: M = H(H(N) xor H(g), H(I), s, A, B, K)
252
253 this._M1 = this.stringHash(
254 "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
255 this.stringHash(this.C()) +
256 this.s().asString() +
257 this.A().asString() +
258 this.B().asString() +
259 this.K()
260 );
261//console.log("M1", this._M1);
243 } 262 }
244 263
245 return this._M1; 264 return this._M1;
246 }, 265 },
247 266
248 //------------------------------------------------------------------------- 267 //-------------------------------------------------------------------------
249 268
250 'M2': function () { 269 'M2': function () {
251 if (this._M2 == null) { 270 if (this._M2 == null) {
252 this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K()); 271 this._M2 = this.stringHash(this.A().asString(10) + this.M1() + this.K());
253//MochiKit.Logging.logDebug("SRP M2: " + this._M2); 272//console.log("M2", this._M2);
254 } 273 }
255 274
256 return this._M2; 275 return this._M2;
257 }, 276 },
258 277
259 //========================================================================= 278 //=========================================================================
260 279
261 'serverSideCredentialsWithSalt': function(aSalt) { 280 'serverSideCredentialsWithSalt': function(aSalt) {
262 var result; 281 var result;
263 var s, x, v; 282 var s, x, v;
264 283
265 s = aSalt; 284 s = aSalt;
diff --git a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
index 2295d3f..369b9ce 100644
--- a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
+++ b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js
@@ -129,25 +129,25 @@ Clipperz.PM.BookmarkletProcessor.prototype = MochiKit.Base.update(null, {
129 }, this.fields()) 129 }, this.fields())
130 } 130 }
131 131
132 return this._editableFields; 132 return this._editableFields;
133 }, 133 },
134 134
135 //------------------------------------------------------------------------- 135 //-------------------------------------------------------------------------
136 136
137 'hostname': function() { 137 'hostname': function() {
138 if (this._hostname == null) { 138 if (this._hostname == null) {
139 var actionUrl; 139 var actionUrl;
140 140
141 actionUrl = this.configuration()['form']['attributes']['action']; 141 actionUrl = Clipperz.Base.sanitizeUrl(this.configuration()['form']['attributes']['action']);
142//MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl); 142//MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl);
143 this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); 143 this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1');
144 } 144 }
145 145
146 return this._hostname; 146 return this._hostname;
147 }, 147 },
148 148
149 'favicon': function() { 149 'favicon': function() {
150 if (this._favicon == null) { 150 if (this._favicon == null) {
151 this._favicon = "http://" + this.hostname() + "/favicon.ico"; 151 this._favicon = "http://" + this.hostname() + "/favicon.ico";
152//MochiKit.Logging.logDebug("+++ favicon: " + this._favicon); 152//MochiKit.Logging.logDebug("+++ favicon: " + this._favicon);
153 } 153 }
diff --git a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
index 0e4640e..a5a4697 100644
--- a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
+++ b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js
@@ -91,25 +91,25 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C
91 varresult; 91 varresult;
92 var option; 92 var option;
93 varrecordFieldKey; 93 varrecordFieldKey;
94 varrecordFields; 94 varrecordFields;
95 95
96//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.recordFieldOptions"); 96//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.recordFieldOptions");
97 recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields(); 97 recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields();
98 result = []; 98 result = [];
99 option = {tag:'option', value:null, html:'---'}; 99 option = {tag:'option', value:null, html:'---'};
100 result.push(option); 100 result.push(option);
101 for (recordFieldKey in recordFields) { 101 for (recordFieldKey in recordFields) {
102 //TODO: remove the value: field and replace it with element.dom.value = <some value> 102 //TODO: remove the value: field and replace it with element.dom.value = <some value>
103 option = {tag:'option', value:recordFieldKey, html:recordFields[recordFieldKey].label()} 103 option = {tag:'option', value:recordFieldKey, html:Clipperz.Base.sanitizeString(recordFields[recordFieldKey].label())}
104 if (recordFieldKey == this.directLoginBinding().fieldKey()) { 104 if (recordFieldKey == this.directLoginBinding().fieldKey()) {
105 option['selected'] = true; 105 option['selected'] = true;
106 } 106 }
107 result.push(option); 107 result.push(option);
108 } 108 }
109//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions"); 109//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions");
110 110
111 return result; 111 return result;
112 }, 112 },
113 113
114 //------------------------------------------------------------------------- 114 //-------------------------------------------------------------------------
115 115
@@ -141,25 +141,25 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C
141 141
142 this.getElement('editModeBox').show(); 142 this.getElement('editModeBox').show();
143//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateEditMode"); 143//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateEditMode");
144 }, 144 },
145 145
146 //------------------------------------------------------------------------- 146 //-------------------------------------------------------------------------
147 147
148 'updateViewMode': function() { 148 'updateViewMode': function() {
149//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode"); 149//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode");
150 this.getElement('editModeBox').hide(); 150 this.getElement('editModeBox').hide();
151 this.getElement('viewModeBox').show(); 151 this.getElement('viewModeBox').show();
152 152
153 this.getElement('viewValue').update(this.directLoginBinding().field().label()); 153 this.getElement('viewValue').update(Clipperz.Base.sanitizeString(this.directLoginBinding().field().label()));
154//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode"); 154//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode");
155 }, 155 },
156 156
157 //------------------------------------------------------------------------- 157 //-------------------------------------------------------------------------
158 158
159 'synchronizeComponentValues': function() { 159 'synchronizeComponentValues': function() {
160//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.synchronizeComponentValues") 160//MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.synchronizeComponentValues")
161//MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.synchronizeComponentValues - 1 - " + this.getId('select')); 161//MochiKit.Logging.logDebug("--- DirectLoginBindingComponent.synchronizeComponentValues - 1 - " + this.getId('select'));
162 this.directLoginBinding().setFieldKey(this.getDom('select').value); 162 this.directLoginBinding().setFieldKey(this.getDom('select').value);
163//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.synchronizeComponentValues"); 163//MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.synchronizeComponentValues");
164 }, 164 },
165 165
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
index c0cfa3c..56d9d59 100644
--- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
+++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
@@ -29,25 +29,25 @@ if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {};
29//############################################################################# 29//#############################################################################
30 30
31Clipperz.PM.DataModel.DirectLogin = function(args) { 31Clipperz.PM.DataModel.DirectLogin = function(args) {
32//MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin"); 32//MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin");
33//console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args); 33//console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args);
34//console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData)); 34//console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData));
35 args = args || {}; 35 args = args || {};
36 36
37//MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); 37//MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args)));
38 this._record = args.record || null; 38 this._record = args.record || null;
39 this._label = args.label || "unnamed record" 39 this._label = args.label || "unnamed record"
40 this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); 40 this._reference = args.reference || Clipperz.PM.Crypto.randomKey();
41 this._favicon = args.favicon || null; 41 this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null;
42 this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; 42 this._bookmarkletVersion = args.bookmarkletVersion || "0.1";
43 43
44 this._directLoginInputs = null; 44 this._directLoginInputs = null;
45 45
46 this._formValues = args.formValues || {}; 46 this._formValues = args.formValues || {};
47 this.setFormData(args.formData || null); 47 this.setFormData(args.formData || null);
48//console.log("=== formData: %o", this.formData()); 48//console.log("=== formData: %o", this.formData());
49 49
50 if (args.legacyBindingData == null) { 50 if (args.legacyBindingData == null) {
51 this.setBindingData(args.bindingData || null); 51 this.setBindingData(args.bindingData || null);
52 } else { 52 } else {
53 this.setLegacyBindingData(args.legacyBindingData); 53 this.setLegacyBindingData(args.legacyBindingData);
@@ -93,27 +93,27 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
93 93
94 'setLabel': function(aValue) { 94 'setLabel': function(aValue) {
95 this._label = aValue; 95 this._label = aValue;
96 }, 96 },
97 97
98 //------------------------------------------------------------------------- 98 //-------------------------------------------------------------------------
99 99
100 'favicon': function() { 100 'favicon': function() {
101 if (this._favicon == null) { 101 if (this._favicon == null) {
102 varactionUrl; 102 varactionUrl;
103 var hostname; 103 var hostname;
104 104
105 actionUrl = this.formData()['attributes']['action']; 105 actionUrl = this.action();
106 hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); 106 hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1');
107 this._favicon = "http://" + hostname + "/favicon.ico"; 107 this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico");
108 } 108 }
109 109
110 return this._favicon; 110 return this._favicon;
111 }, 111 },
112 112
113 //------------------------------------------------------------------------- 113 //-------------------------------------------------------------------------
114 114
115 'fixedFavicon': function() { 115 'fixedFavicon': function() {
116 var result; 116 var result;
117 117
118 if (this._fixedFavicon == null) { 118 if (this._fixedFavicon == null) {
119 result = this.favicon(); 119 result = this.favicon();
@@ -128,24 +128,32 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
128 } 128 }
129 } else { 129 } else {
130 result = this._fixedFavicon; 130 result = this._fixedFavicon;
131 } 131 }
132 132
133 return result; 133 return result;
134 }, 134 },
135 135
136 'setFixedFavicon': function(aValue) { 136 'setFixedFavicon': function(aValue) {
137 this._fixedFavicon = aValue; 137 this._fixedFavicon = aValue;
138 }, 138 },
139 139
140 'action': function () {
141 varresult;
142
143 result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']);
144
145 return result;
146 },
147
140 //------------------------------------------------------------------------- 148 //-------------------------------------------------------------------------
141 149
142 'bookmarkletVersion': function() { 150 'bookmarkletVersion': function() {
143 return this._bookmarkletVersion; 151 return this._bookmarkletVersion;
144 }, 152 },
145 153
146 'setBookmarkletVersion': function(aValue) { 154 'setBookmarkletVersion': function(aValue) {
147 this._bookmarkletVersion = aValue; 155 this._bookmarkletVersion = aValue;
148 }, 156 },
149 157
150 //------------------------------------------------------------------------- 158 //-------------------------------------------------------------------------
151 159
@@ -433,25 +441,25 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
433 MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { 441 MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() {
434 var formElement; 442 var formElement;
435 varformSubmitFunction; 443 varformSubmitFunction;
436 var submitButtons; 444 var submitButtons;
437 445
438//MochiKit.Logging.logDebug("### runDirectLogin - 3"); 446//MochiKit.Logging.logDebug("### runDirectLogin - 3");
439 // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') 447 // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>')
440//MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); 448//MochiKit.Logging.logDebug("### runDirectLogin - 3.1");
441 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); 449 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ..."));
442//MochiKit.Logging.logDebug("### runDirectLogin - 4"); 450//MochiKit.Logging.logDebug("### runDirectLogin - 4");
443//console.log(this.formData()['attributes']); 451//console.log(this.formData()['attributes']);
444 formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, {'method':this.formData()['attributes']['method'], 452 formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, {'method':this.formData()['attributes']['method'],
445 'action':this.formData()['attributes']['action']})); 453 'action': this.action()}));
446//MochiKit.Logging.logDebug("### runDirectLogin - 5"); 454//MochiKit.Logging.logDebug("### runDirectLogin - 5");
447 formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); 455 formSubmitFunction = MochiKit.Base.method(formElement, 'submit');
448//MochiKit.Logging.logDebug("### runDirectLogin - 6"); 456//MochiKit.Logging.logDebug("### runDirectLogin - 6");
449 457
450 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, 458 MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body,
451 MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) 459 MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement)
452 ); 460 );
453//MochiKit.Logging.logDebug("### runDirectLogin - 7"); 461//MochiKit.Logging.logDebug("### runDirectLogin - 7");
454 MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map(MochiKit.Base.methodcaller("formConfiguration"), 462 MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map(MochiKit.Base.methodcaller("formConfiguration"),
455 this.directLoginInputs())); 463 this.directLoginInputs()));
456//MochiKit.Logging.logDebug("### runDirectLogin - 8"); 464//MochiKit.Logging.logDebug("### runDirectLogin - 8");
457 465
@@ -478,27 +486,27 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
478 } 486 }
479 487
480 }, this)); 488 }, this));
481 }, 489 },
482 490
483 //------------------------------------------------------------------------- 491 //-------------------------------------------------------------------------
484 492
485 'runDirectLogin': function(aNewWindow) { 493 'runDirectLogin': function(aNewWindow) {
486 varnewWindow; 494 varnewWindow;
487 495
488//console.log("formData.attributes", this.formData()['attributes']); 496//console.log("formData.attributes", this.formData()['attributes']);
489 // if (/^javascript/.test(this.formData()['attributes']['action'])) { 497 // if (/^javascript/.test(this.formData()['attributes']['action'])) {
490 if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && 498 if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) &&
491 (this.formData()['attributes']['type'] != 'http_auth')) 499 (this.formData()['attributes']['type'] != 'http_auth')
492 { 500 ) {
493 var messageBoxConfiguration; 501 var messageBoxConfiguration;
494 502
495 if (typeof(aNewWindow) != 'undefined') { 503 if (typeof(aNewWindow) != 'undefined') {
496 aNewWindow.close(); 504 aNewWindow.close();
497 } 505 }
498 506
499 messageBoxConfiguration = {}; 507 messageBoxConfiguration = {};
500 messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title']; 508 messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title'];
501 messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message']; 509 messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message'];
502 messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv"); 510 messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv");
503 messageBoxConfiguration.progress = false; 511 messageBoxConfiguration.progress = false;
504 messageBoxConfiguration.closable = false; 512 messageBoxConfiguration.closable = false;
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
index 236d7c9..ba302da 100644
--- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
+++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js
@@ -38,25 +38,25 @@ Clipperz.PM.DataModel.DirectLoginReference = function(args) {
38 if (args.directLogin != null) { 38 if (args.directLogin != null) {
39 this._reference = args.directLogin.reference(); 39 this._reference = args.directLogin.reference();
40 this._recordReference = args.directLogin.record().reference(); 40 this._recordReference = args.directLogin.record().reference();
41 this._label = args.directLogin.label(); 41 this._label = args.directLogin.label();
42 this._favicon = args.directLogin.favicon() || null; 42 this._favicon = args.directLogin.favicon() || null;
43 43
44 this._directLogin = args.directLogin; 44 this._directLogin = args.directLogin;
45 this._record = args.directLogin.record(); 45 this._record = args.directLogin.record();
46 } else { 46 } else {
47 this._reference = args.reference; 47 this._reference = args.reference;
48 this._recordReference = args.record; 48 this._recordReference = args.record;
49 this._label = args.label; 49 this._label = args.label;
50 this._favicon = args.favicon || null; 50 this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null;
51 51
52 this._directLogin = null; 52 this._directLogin = null;
53 this._record = null; 53 this._record = null;
54 } 54 }
55 55
56 this._fixedFavicon = null; 56 this._fixedFavicon = null;
57 57
58 return this; 58 return this;
59} 59}
60 60
61Clipperz.PM.DataModel.DirectLoginReference.prototype = MochiKit.Base.update(null, { 61Clipperz.PM.DataModel.DirectLoginReference.prototype = MochiKit.Base.update(null, {
62 62
diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
index 1a5caff..b0b9b63 100644
--- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
+++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js
@@ -28,24 +28,25 @@ try { if (typeof(Clipperz.PM.Proxy.Offline) == 'undefined') { throw ""; }} catch
28//============================================================================= 28//=============================================================================
29 29
30Clipperz.PM.Proxy.Offline.DataStore = function(args) { 30Clipperz.PM.Proxy.Offline.DataStore = function(args) {
31 args = args || {}; 31 args = args || {};
32 32
33 this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null); 33 this._data = args.data || (typeof(_clipperz_dump_data_) != 'undefined' ? _clipperz_dump_data_ : null);
34 this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); 34 this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly);
35 this._shouldPayTolls = args.shouldPayTolls || false; 35 this._shouldPayTolls = args.shouldPayTolls || false;
36 36
37 this._tolls = {}; 37 this._tolls = {};
38 this._connections = {}; 38 this._connections = {};
39 39
40 this._C = null;
40 this._b = null; 41 this._b = null;
41 this._B = null; 42 this._B = null;
42 this._A = null; 43 this._A = null;
43 this._userData = null; 44 this._userData = null;
44 45
45 return this; 46 return this;
46} 47}
47 48
48//Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, { 49//Clipperz.Base.extend(Clipperz.PM.Proxy.Offline.DataStore, Object, {
49Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { 50Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, {
50 51
51 //------------------------------------------------------------------------- 52 //-------------------------------------------------------------------------
@@ -135,24 +136,34 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, {
135//console.log("this._data", resultData); 136//console.log("this._data", resultData);
136 this._data = resultData; 137 this._data = resultData;
137 }, this)); 138 }, this));
138 139
139 deferredResult.callback(); 140 deferredResult.callback();
140//Clipperz.log("<<< Proxy.Test.setupWithData"); 141//Clipperz.log("<<< Proxy.Test.setupWithData");
141 142
142 return deferredResult; 143 return deferredResult;
143 }, 144 },
144 145
145 //========================================================================= 146 //=========================================================================
146 147
148 'C': function() {
149 return this._C;
150 },
151
152 'set_C': function(aValue) {
153 this._C = aValue;
154 },
155
156 //-------------------------------------------------------------------------
157
147 'b': function() { 158 'b': function() {
148 return this._b; 159 return this._b;
149 }, 160 },
150 161
151 'set_b': function(aValue) { 162 'set_b': function(aValue) {
152 this._b = aValue; 163 this._b = aValue;
153 }, 164 },
154 165
155 //------------------------------------------------------------------------- 166 //-------------------------------------------------------------------------
156 167
157 'B': function() { 168 'B': function() {
158 return this._B; 169 return this._B;
@@ -331,50 +342,66 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, {
331 var b, B, v; 342 var b, B, v;
332 343
333//console.log(">>> Proxy.Offline.DataStore._handshake.connect", someParameters); 344//console.log(">>> Proxy.Offline.DataStore._handshake.connect", someParameters);
334 userData = this.data()['users'][someParameters.parameters.C]; 345 userData = this.data()['users'][someParameters.parameters.C];
335 346
336 if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) { 347 if ((typeof(userData) != 'undefined') && (userData['version'] == someParameters.version)) {
337 this.setUserData(userData); 348 this.setUserData(userData);
338 } else { 349 } else {
339 this.setUserData(this.data()['users']['catchAllUser']); 350 this.setUserData(this.data()['users']['catchAllUser']);
340 } 351 }
341 352
342 randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); 353 randomBytes = Clipperz.Crypto.Base.generateRandomSeed();
354 this.set_C(someParameters.parameters.C);
343 this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); 355 this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16));
344 v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); 356 v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16);
345 this.set_B(v.add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); 357 this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n())));
346 358
347 this.set_A(someParameters.parameters.A); 359 this.set_A(someParameters.parameters.A);
348 360
349 result['s'] = this.userData()['s']; 361 result['s'] = this.userData()['s'];
350 result['B'] = this.B().asString(16); 362 result['B'] = this.B().asString(16);
351 363
352 nextTollRequestType = 'CONNECT'; 364 nextTollRequestType = 'CONNECT';
353 } else if (someParameters.message == "credentialCheck") { 365 } else if (someParameters.message == "credentialCheck") {
354 var v, u, S, A, K, M1; 366 var v, u, s, S, A, K, M1;
367 var stringHash = function (aValue) {
368 return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2);
369 };
355 370
356//console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); 371//console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters);
357 v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); 372 v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16);
358 u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(this.B().asString(10))).toHexString(), 16);
359 A = new Clipperz.Crypto.BigInt(this.A(), 16); 373 A = new Clipperz.Crypto.BigInt(this.A(), 16);
374 u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16);
375 s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16);
360 S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); 376 S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n());
361 377
362 K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); 378 K = stringHash(S.asString(10));
363 379
364 M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10) + K)).toHexString().slice(2); 380 M1 = stringHash(
381 "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" +
382 stringHash(this.C()) +
383 s.asString(10) +
384 A.asString(10) +
385 this.B().asString(10) +
386 K
387 );
365 if (someParameters.parameters.M1 == M1) { 388 if (someParameters.parameters.M1 == M1) {
366 var M2; 389 var M2;
367 390
368 M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); 391 M2 = stringHash(
392 A.asString(10) +
393 someParameters.parameters.M1 +
394 K
395 );
369 result['M2'] = M2; 396 result['M2'] = M2;
370 } else { 397 } else {
371 throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); 398 throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error");
372 } 399 }
373 400
374 nextTollRequestType = 'MESSAGE'; 401 nextTollRequestType = 'MESSAGE';
375 } else if (someParameters.message == "oneTimePassword") { 402 } else if (someParameters.message == "oneTimePassword") {
376 var otpData; 403 var otpData;
377 404
378//console.log("HANDSHAKE WITH OTP", someParameters.parameters.oneTimePasswordKey); 405//console.log("HANDSHAKE WITH OTP", someParameters.parameters.oneTimePasswordKey);
379//console.log("someParameters", someParameters); 406//console.log("someParameters", someParameters);
380//console.log("data.OTP", Clipperz.Base.serializeJSON(this.data()['onetimePasswords'])); 407//console.log("data.OTP", Clipperz.Base.serializeJSON(this.data()['onetimePasswords']));