feat: KeyPair Persist (#104)

Author: rentallect

src/channel/channel.js

@@ -900,7 +900,7 @@ module.exports = class ZitiChannel {
     let contentType = contentTypeView[0];
 
     let sequenceView = new Int32Array(buffer, 8, 1);
-    this._ctx.logger.debug("recv <- contentType[%o] seq[%o]", contentType, sequenceView[0]);
+    this._ctx.logger.trace("recv <- contentType[%o] seq[%o]", contentType, sequenceView[0]);
 
     let responseSequence = sequenceView[0];
 
@@ -1002,16 +1002,23 @@ module.exports = class ZitiChannel {
               len = 2000;
             }
             this._ctx.logger.trace("recv <- unencrypted_data (first 2000): %s", m1.substring(0, len));
-          } catch (e) { /* nop */ }
+
+            //
+            let dbgStr = m1.substring(0, len);
+            this._ctx.logger.trace("recv <- data (first 2000): %s", dbgStr);
+
+          } catch (e) {   }
 
           bodyView = unencrypted_data.message;
         } else {
+          /* debug...
           let len = bodyView.length;
           if (len > 2000) {
             len = 2000;
           }
           let dbgStr = String.fromCharCode.apply(null, bodyView).substring(0, len);
-          this._ctx.logger.trace("recv <- data (first 2000): %s", dbgStr);
+          this._ctx.logger.debug("recv <- data (first 2000): %s", dbgStr);
+          */
 
           //temp debugging
           // if (dbgStr.includes("var openMe = (window.parent")) {

src/client.js

@@ -77,23 +77,25 @@ class ZitiClient {
 
       CookieInterceptor.write.use( function ( cookie ) {
 
+        let name = cookie.substring(0, cookie.indexOf("="));
+        let value = cookie.substring(cookie.indexOf("=") + 1);
+        let cookie_value = value.substring(0, value.indexOf(";"));
+
+        sendMessageToServiceworker( { command: 'setCookie', name: name, value: cookie_value}  );
+
         (async function() { // we use an IIFE because we need to run some await calls, and we cannot make
                             // our write.use() an async func because it will then return a Promise,
                             // which would cause Cookie storage in the browser to get corrupted.
 
           console.log('=====> CookieInterceptor sees write of Cookie: ', cookie);
 
           const release = await ziti._cookiemutex.acquire();
-  
           let zitiCookies = await ls.getWithExpiry(zitiConstants.get().ZITI_COOKIES);
           if (isNull(zitiCookies)) {
             zitiCookies = {}
           }
           // console.log('=====> CookieInterceptor ZITI_COOKIES (before): ', zitiCookies);
 
-          let name = cookie.substring(0, cookie.indexOf("="));
-          let value = cookie.substring(cookie.indexOf("=") + 1);
-          let cookie_value = value.substring(0, value.indexOf(";"));
           if (cookie_value !== ''){
             let parts = value.split(";");
             let cookiePath;
@@ -113,10 +115,10 @@ class ZitiClient {
             }
 
             zitiCookies[name] = cookie_value;
+       
+            await ls.setWithExpiry(zitiConstants.get().ZITI_COOKIES, zitiCookies, new Date(8640000000000000));
 
             // console.log('=====> CookieInterceptor ZITI_COOKIES (after): ', zitiCookies);
-    
-            await ls.setWithExpiry(zitiConstants.get().ZITI_COOKIES, zitiCookies, new Date(8640000000000000));
           }
 
           release();
@@ -348,8 +350,11 @@ class ZitiClient {
 
     return new Promise( async (resolve, reject) => {
 
-      console.log('js-sdk fetchFromServiceWorker() entered');
-
+    //   console.log('js-sdk fetchFromServiceWorker() entered', url);
+    //   for (var pair of opts.headers.entries()) {
+    //     console.log('js-sdk fetchFromServiceWorker() header ', pair[0]+ ': '+ pair[1]);
+    //  }
+     
       await ziti._serviceWorkerMutexWithTimeout.runExclusive(async () => {
 
         console.log('js-sdk fetchFromServiceWorker() acquired ziti._mutex');
@@ -688,6 +693,7 @@ zitiFetch = async ( url, opts ) => {
   // We only want to intercept fetch requests that target the Ziti HTTP Agent
   var regex = new RegExp( zitiConfig.httpAgent.self.host, 'g' );
   var regexSlash = new RegExp( /^\//, 'g' );
+  var regexDotSlash = new RegExp( /^\.\//, 'g' );
 
   if (url.match( regex )) { // the request is targeting the Ziti HTTP Agent
 
@@ -758,10 +764,49 @@ zitiFetch = async ( url, opts ) => {
     });
 
     let newUrl;
-    if (document.baseURI === zitiConfig.httpAgent.self.host) {
+    let baseURIUrl = new URL( document.baseURI );
+    if (baseURIUrl.hostname === zitiConfig.httpAgent.self.host) {
       newUrl = new URL( 'https://' + zitiConfig.httpAgent.target.host + ':' + zitiConfig.httpAgent.target.port + url );
     } else {
-      newUrl = new URL( document.baseURI + url );
+      let baseURI = document.baseURI.replace(/\.\/$/, '');
+      newUrl = new URL( baseURI + url );
+    }
+    ziti._ctx.logger.debug( 'zitiFetch: transformed URL: ', newUrl.toString());
+
+    serviceName = await ziti._ctx.shouldRouteOverZiti( newUrl );
+
+    if (isUndefined(serviceName)) { // If we have no serviceConfig associated with the hostname:port, do not intercept
+      ziti._ctx.logger.warn('zitiFetch(): no associated serviceConfig, bypassing intercept of [%s]', url);
+      return window.realFetch(url, opts);
+    }  
+
+    url = newUrl.toString();
+
+  } else if (url.match( regexDotSlash )) { // the request starts with a slash
+
+    await ziti._clientMutexNoTimeout.runExclusive(async () => {
+
+      let isExpired = await ziti._ctx.isIdentityCertExpired();
+
+      if (isExpired) {
+        let updb = new ZitiUPDB(ZitiUPDB.prototype);
+        await updb.init( { ctx: ziti._ctx, logger: ziti._ctx.logger } );
+        await updb.awaitCredentialsAndAPISession();
+      }
+    })
+    .catch(( err ) => {
+      ziti._ctx.logger.error(err);
+      throw err;
+    });
+
+    let newUrl;
+    let baseURIUrl = new URL( document.baseURI );
+    if (baseURIUrl.hostname === zitiConfig.httpAgent.self.host) {
+      let slashUrl = url.replace('./', '/');
+      newUrl = new URL( 'https://' + zitiConfig.httpAgent.target.host + ':' + zitiConfig.httpAgent.target.port + slashUrl );
+    } else {
+      let baseURI = document.baseURI.replace(/\/$/, '');
+      newUrl = new URL( baseURI + url );
     }
     ziti._ctx.logger.debug( 'zitiFetch: transformed URL: ', newUrl.toString());
 
@@ -1113,7 +1158,7 @@ _onMessage_setControllerApi = async ( event ) => {
   pki.generateKeyPair();  // initiate keypair calculation
 }
 _onMessage_generateKeyPair = async ( event ) => {
-  _internal_generateKeyPair();
+  // _internal_generateKeyPair();
   _sendResponse( event, 'OK' );
 }
 
@@ -1245,6 +1290,36 @@ _onMessage_isIdentityPresent = async ( event ) => {
 
       await updb.init( { ctx: ziti._ctx, logger: ziti._ctx.logger } );
 
+      let haveKeypair = await updb._haveKeypair();
+
+      if (!haveKeypair) {
+
+        let keypairPresent = await updb.awaitKeypair( zitiConstants.get().ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_FS );
+        ziti._ctx.logger.debug('_onMessage_promptForZitiCredsNoWait: awaitKeypair returned [%o]', keypairPresent);
+
+        if (keypairPresent == zitiConstants.get().ZITI_IDENTITY_PUBLIC_KEY_FILE_NOT_FOUND ||  keypairPresent ==  zitiConstants.get().ZITI_IDENTITY_PRIVATE_KEY_FILE_NOT_FOUND) {
+
+          // If keypair not in FS or IDB, then initiate keypair generation
+          _internal_generateKeyPair();
+
+          // Do not proceed until we have a keypair (this will render a dialog to the user informing them of status)
+          let pki = new ZitiPKI(ZitiPKI.prototype);
+          await pki.init( { ctx: ziti._ctx, logger: ziti._ctx.logger } );
+          await pki.awaitKeyPairGenerationComplete(); // await completion of keypair calculation
+  
+          keypairPresent = await updb.awaitKeypair( zitiConstants.get().ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_IDB );
+          ziti._ctx.logger.debug('_onMessage_promptForZitiCredsNoWait: awaitKeypair returned [%o]', keypairPresent);
+
+          if (keypairPresent !== zitiConstants.get().ZITI_IDENTITY_KEYPAIR_FOUND) {
+            throw new Error('should not happen');
+          } else {
+
+            ziti._ctx.logger.debug('_onMessage_promptForZitiCredsNoWait: now have the keypair we need, so proceeding to obtain creds');
+
+          }
+        }
+      }
+
       let haveCreds = await updb._haveCreds();
 
       if (!haveCreds) {
@@ -1317,6 +1392,21 @@ _onMessage_purgeCert = async ( event ) => {
 }
 
 
+/**
+ * 
+ */
+ _onMessage_getCookies = async ( event ) => {
+  console.log('JS SDK _onMessage_getCookies entered');
+  // if (ziti._cookiemutex.isLocked()) {
+    // ziti._cookiemutex.waitForUnlock();
+  // }
+  // let zitiCookies = await ls.getWithExpiry(zitiConstants.get().ZITI_COOKIES);
+  // console.log('JS SDK _onMessage_getCookies returning: ', zitiCookies);
+  // _sendResponse( event, zitiCookies );
+  _sendResponse( event, 'nop OK' );
+}
+
+
 /**
  * 
  */
@@ -1372,6 +1462,7 @@ if (!zitiConfig.serviceWorker.active) {
         else if (event.data.command === 'promptForZitiCreds')   { _onMessage_promptForZitiCreds( event ); }
         else if (event.data.command === 'promptForZitiCredsNoWait')   { _onMessage_promptForZitiCredsNoWait( event ); }
         else if (event.data.command === 'purgeCert')            { _onMessage_purgeCert( event ); }
+        else if (event.data.command === 'getCookies')           { _onMessage_getCookies( event ); }
 
         else if (event.data.command === 'nop')                  { _onMessage_nop( event ); }
 
@@ -1384,6 +1475,18 @@ if (!zitiConfig.serviceWorker.active) {
      */
     navigator.serviceWorker.startMessages();
 
+    // Kiosk mode?
+    if (window.opener) {
+      // wait for messages from opener
+      window.addEventListener( 'message', function( e ) {
+        this.window.kioskZitiUserName = e.data.username;
+        this.window.kioskZitiPassword = e.data.password;
+      });
+
+      // tell the opener we are waiting
+      window.opener.postMessage( 'inited', '*' );
+    }
+
 
   } else {
     console.error("The current browser doesn't support service workers");

src/constants.js

@@ -47,6 +47,18 @@ const ZITI_CONSTANTS =
      */
     'ZITI_IDENTITY_CERT':   'ZITI_IDENTITY_CERT',
 
+    /**
+     * The Identity public key (generated locally during enrollment)
+     */
+    'ZITI_IDENTITY_PUBLIC_KEY_FILENAME':    'ZITI_BROWZER_PUBLIC_KEY.pem',
+    'ZITI_IDENTITY_PRIVATE_KEY_FILENAME':   'ZITI_BROWZER_PRIVATE_KEY.pem',
+    'ZITI_IDENTITY_PUBLIC_KEY_FILE_NOT_FOUND':      'ZITI_IDENTITY_PUBLIC_KEY_FILE_NOT_FOUND',
+    'ZITI_IDENTITY_PRIVATE_KEY_FILE_NOT_FOUND':      'ZITI_IDENTITY_PRIVATE_KEY_FILE_NOT_FOUND',
+    'ZITI_IDENTITY_KEYPAIR_FOUND':      'ZITI_IDENTITY_KEYPAIR_FOUND',
+    'ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_FS':      'ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_FS',
+    'ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_IDB':      'ZITI_IDENTITY_KEYPAIR_OBTAIN_FROM_IDB',
+
+
     /**
      * The Identity public key (generated locally during enrollment)
      */

src/http/request.js

@@ -257,7 +257,9 @@ limitations under the License.
 	 }
 
 	 // Obtain all Cookie KV pairs from the Ziti Cookie cache
+	 const release = await ziti._cookiemutex.acquire();
 	 let zitiCookies = await ls.getWithExpiry(zitiConstants.get().ZITI_COOKIES);
+	 release();
 	 if (!isNull(zitiCookies)) {
 		 for (const cookie in zitiCookies) {
 			 if (zitiCookies.hasOwnProperty(cookie)) {
@@ -354,4 +356,4 @@ limitations under the License.
 	 redirect: { enumerable: true },
 	 clone: { enumerable: true },
  });
- 
+ 

src/http/ziti-websocket-wrapper.js

@@ -973,14 +973,14 @@ function sendAfterClose(websocket, data, cb) {
    * @private
    */
   function receiverOnMessage(data) {
-    if (typeof data === 'string') {
-      ziti._ctx.logger.info('ZitiWebSocketWrapper.receiverOnMessage() entered, emitting STRING: %o', data);
+    // if (typeof data === 'string') {
+      // ziti._ctx.logger.info('ZitiWebSocketWrapper.receiverOnMessage() entered, emitting STRING: %o', data);
       this[kWebSocket].emit('message', data);
-    } else {
-      let blob = new Blob(data);
-      ziti._ctx.logger.info('ZitiWebSocketWrapper.receiverOnMessage() entered, emitting BLOB: %o', blob);
-      this[kWebSocket].emit('message', blob);
-    }
+    // } else {
+      // let blob = new Blob([new Uint8Array(data, 0, data.byteLength)]);
+      // ziti._ctx.logger.info('ZitiWebSocketWrapper.receiverOnMessage() entered, emitting BLOB: %o', blob);
+      // this[kWebSocket].emit('message', blob);
+    // }
   }
 
   /**

src/pki/pki.js

@@ -259,7 +259,7 @@ ZitiPKI.prototype.generateKeyPair = async function() {
  * @params  {nothing}   
  * @returns {nothing}   
  */
- ZitiPKI.prototype.awaitKeyPairGenerationComplete = async function() {
+ ZitiPKI.prototype.awaitKeyPairGenerationComplete = async function( bypassRenderingOfUI ) {
 
   let self = this;
 
@@ -274,34 +274,39 @@ ZitiPKI.prototype.generateKeyPair = async function() {
 
     if (typeof window !== 'undefined') {
 
-      identityModalCSS.inject();
-      keypairModalHTML.inject();
-      MicroModal.init({
-        onShow: modal => console.info(`${modal.id} is shown`), // [1]
-        onClose: modal => console.info(`${modal.id} is hidden`), // [2]
-        openTrigger: 'ziti-data-micromodal-trigger', // [3]
-        closeTrigger: 'data-custom-close', // [4]
-        openClass: 'is-open', // [5]
-        disableScroll: true, // [6]
-        disableFocus: false, // [7]
-        awaitOpenAnimation: false, // [8]
-        awaitCloseAnimation: true, // [9]
-        debugMode: false // [10]
-      });
-    
-      MicroModal.show('ziti-keypair-modal');
+      if (bypassRenderingOfUI) {
+        self.logger.info('bypassRenderingOfUI');
+      } else {
+
+        identityModalCSS.inject();
+        keypairModalHTML.inject();
+        MicroModal.init({
+          onShow: modal => console.info(`${modal.id} is shown`), // [1]
+          onClose: modal => console.info(`${modal.id} is hidden`), // [2]
+          openTrigger: 'ziti-data-micromodal-trigger', // [3]
+          closeTrigger: 'data-custom-close', // [4]
+          openClass: 'is-open', // [5]
+          disableScroll: true, // [6]
+          disableFocus: false, // [7]
+          awaitOpenAnimation: false, // [8]
+          awaitCloseAnimation: true, // [9]
+          debugMode: false // [10]
+        });
+      
+        MicroModal.show('ziti-keypair-modal');
 
-      modalMsg.setMessage('Please do not close this browser window.');
+        modalMsg.setMessage('Please do not close this browser window.');
 
-      modalMsg.setProgress('Zero-Trust KeyPair creation in progress.');
+        modalMsg.setProgress('Zero-Trust KeyPair creation in progress.');
+      }
     }
 
 
     (async function waitForKeyPairGenerationComplete() {
       let haveKeys = await self._haveKeypair();
       if (haveKeys) {
         MicroModal.close('ziti-keypair-modal');
-        return resolve();
+        return resolve(true);
       }
       setTimeout(waitForKeyPairGenerationComplete, 200);
     })();      

src/ui/identity_modal/keypair_generation_html.js

@@ -35,10 +35,12 @@ exports.inject = () => {
                         <h2 class="modal__title" id="modal-1-title">
                             <img src="https://ziti-logo.s3.amazonaws.com/ziti-logo_avatar.png" width=25 >
                             <span>
-                                Zero-Trust KeyPair Creation
+                                Zero-Trust KeyPair Generation
                             </span>
                         </h2>
                     </header>
+                    <h2 class="form-signin-heading">No KeyPair found in selected folder.<br/><br/>New KeyPair will be generated now.</h2>
+                    <span style="padding-top: 5px;">&nbsp;</span>
                     <div style="text-align: center; padding-top: 15px;">
                         <span id="ziti-keypair-error" style="color: #e80853; font-weight: 800; font-size: 0.9em;"></span> 
                     </div>    

src/ui/identity_modal/updb_prompt_html.js

@@ -45,9 +45,9 @@ exports.inject = () => {
                     </header>
 
                     <h2 class="form-signin-heading">Please Login</h2>
-                    <input id="ziti-login-username" type="text" class="form-control" name="username" placeholder="Username" required="do it 1" autofocus="" />
+                    <input id="ziti-login-username" type="text" class="form-control" name="username" placeholder="Ziti Username" required="do it 1" autofocus="" />
                     <span style="padding-top: 5px;">&nbsp;</span>
-                    <input id="ziti-login-password" type="password" class="form-control" style="padding-top: 5px;" name="password" placeholder="Password" required="do it 2"/>      
+                    <input id="ziti-login-password" type="password" class="form-control" style="padding-top: 5px;" name="password" placeholder="Ziti Password" required="do it 2"/>      
                     <button id="ziti-login-button" class="btn btn-lg btn-primary btn-block form-signin-button" type="submit">Authenticate</button>   
                 </form>
             </div>