Skip to content

Commit

Permalink
Init.
Browse files Browse the repository at this point in the history
  • Loading branch information
@kinosang
kinosang committed Dec 14, 2019
0 parents commit 2cfe20c
Show file tree
Hide file tree
Showing 5 changed files with 529 additions and 0 deletions.
21 changes: 21 additions & 0 deletions LICENSE
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2018 - 2019 Chino Chang

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
41 changes: 41 additions & 0 deletions README.md
@@ -0,0 +1,41 @@
# RSA/ECDSA Signature Dynamic Value (Paw Extension)

A [Paw Extension](https://paw.cloud/extensions/) to allow insertion of a RSA/ECDSA Signature.

![](screenshot.png)

## Features

* [x] RSA Signature
* [x] MD5withRSA
* [x] SHA1withRSA
* [x] SHA224withRSA
* [x] SHA256withRSA
* [x] SHA384withRSA
* [x] SHA512withRSA
* [x] RIPEMD160withRSA
* [x] ECDSA Signature
* [x] MD5withECDSA
* [x] SHA1withECDSA
* [x] SHA224withECDSA
* [x] SHA256withECDSA
* [x] SHA384withECDSA
* [x] SHA512withECDSA
* [x] RIPEMD160withECDSA
* [x] Plaintext Source
* [x] Request Body
* [x] Body Parameter Filtering
* [x] Body Parameter Re-Sorting
* [x] Specified Message
* [x] Output Encoding
* [x] Base64
* [x] Hex

## License

This Paw Extension is released under the MIT License.

This repository includes a copy of the
[jsrsasign](https://github.com/kjur/jsrsasign) library, which is BSD licensed.

Copyright © 2019 Chino Chang
143 changes: 143 additions & 0 deletions RsaSignatureDynamicValue.js
@@ -0,0 +1,143 @@
/* global InputField registerDynamicValueClass */

const r = require('./jsrsasign.js');

const has = Object.prototype.hasOwnProperty;

const algorithms = {
MD5withRSA: 'RSA MD5',
SHA1withRSA: 'RSA SHA1',
SHA224withRSA: 'RSA SHA224',
SHA256withRSA: 'RSA SHA256',
SHA384withRSA: 'RSA SHA384',
SHA512withRSA: 'RSA SHA512',
RIPEMD160withRSA: 'RSA RIPEMD160',
MD5withECDSA: 'ECDSA MD5',
SHA1withECDSA: 'ECDSA SHA1',
SHA224withECDSA: 'ECDSA SHA224',
SHA256withECDSA: 'ECDSA SHA256',
SHA384withECDSA: 'ECDSA SHA384',
SHA512withECDSA: 'ECDSA SHA512',
RIPEMD160withECDSA: 'ECDSA RIPEMD160',
};

class RsaSignatureDynamicValue {
constructor() {
const filter = body => {
const res = body;

Object.values(this.filters).forEach(f => {
if (f[2] === true) {
delete res[f[0]];
}
});

return res;
};

const queryStringify = (obj, prefix) => {
const pairs = [];

Object.keys(obj).forEach(key => {
if (!has.call(obj, key)) {
return;
}

const value = obj[key];
const enkey = encodeURIComponent(key);
let pair;
if (typeof value === 'object') {
pair = queryStringify(value, prefix ? `${prefix}[${enkey}]` : enkey);
} else {
pair = `${prefix ? `${prefix}[${enkey}]` : enkey}=${encodeURIComponent(value)}`;
}
pairs.push(pair);
});

if (this.sort) {
pairs.sort();
}

return pairs.join('&');
};

this.evaluate = context => {
const request = context.getCurrentRequest();

switch (this.source) {
case 'body':
if (request.jsonBody) {
const body = request.jsonBody;
this.message = JSON.stringify(filter(body));
} else if (request.urlEncodedBody) {
const body = request.urlEncodedBody;
this.message = queryStringify(filter(body));
} else if (request.multipartBody) {
const body = request.multipartBody;
this.message = queryStringify(filter(body));
}
break;
default:
break;
}

const sig = new r.Signature({ alg: this.algorithm });

if (this.algorithm.endsWith('ECDSA')) {
sig.init({d: this.key, curve: this.curve});
} else {
sig.init(this.key);
}

sig.updateString(this.message);
const signature = sig.sign();
if (this.encoding === 'hex') {
return signature;
}

return r.hextob64(signature);
};
this.title = () => 'Signature';
this.text = () => algorithms[this.algorithm];
return this;
}
}

RsaSignatureDynamicValue.identifier = 'me.7in0.PawExtensions.RsaSignatureDynamicValue';
RsaSignatureDynamicValue.title = 'RSA Signature';
RsaSignatureDynamicValue.inputs = [
InputField('source', 'Source', 'Select', {
choices: {
body: 'Request Body',
message: 'Message'
},
defaultValue: 'body'
}),
InputField('filters', 'Body Filters', 'KeyValueList', {
keyName: 'Parameter Key',
valueName: '(Check to ignore)'
}),
InputField('sort', 'Body Re-Sorting', 'Checkbox', { defaultValue: true }),
InputField('message', 'Message', 'String'),
InputField('key', 'Private Key', 'String'),
InputField('algorithm', 'Algorithm', 'Select', {
choices: algorithms,
defaultValue: 'SHA256withRSA'
}),
InputField('curve', 'Curve', 'Select', {
choices: {
secp256r1: 'secp256r1 (= NIST P-256, P-256, prime256v1)',
secp256k1: 'secp256k1',
secp384r1: 'secp384r1 (= NIST P-384, P-384)'
}
}),
InputField('encoding', 'Encoding', 'Select', {
choices: {
hex: 'HEX',
base64: 'BASE64'
},
defaultValue: 'hex'
})
];

registerDynamicValueClass(RsaSignatureDynamicValue);

0 comments on commit 2cfe20c

Please sign in to comment.