https://src.bluestatic.org / skeletonkey.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update appcache version.
[skeletonkey.git] / core.js
1 /* Copyright (c) 2012 Robert Sesek <http://robert.sesek.com>
2 *
3 * Permission is hereby granted, free of charge, to any person obtaining a copy
4 * of this software and associated documentation files (the "Software"), to
5 * deal in the Software without restriction, including without limitation the
6 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
7 * sell copies of the Software, and to permit persons to whom the Software is
8 * furnished to do so, subject to the following conditions:
9 *
10 * The above copyright notice and this permission notice shall be included in
11 * all copies or substantial portions of the Software.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
18 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
19 * DEALINGS IN THE SOFTWARE.
20 */
21
22 (function main() {
23 document.addEventListener('DOMContentLoaded', function() {
24 var controller = new SkeletonKey(document);
25 });
26 })();
27
28 /**
29 * SkeletonKey is view controller for generating secure passwords.
30 *
31 * @param {HTMLDocument} doc The document on which to operate.
32 */
33 var SkeletonKey = SkeletonKey || function(doc) {
34 this._master = doc.getElementById('master');
35 this._sitekey = doc.getElementById('sitekey');
36 this._username = doc.getElementById('username');
37 this._password = doc.getElementById('password');
38 this._generateButton = doc.getElementById('generate');
39
40 // If this is an extension, use defaults until the Chrome settings are loaded.
41 var win = null;
42 if (!this._isChromeExtension())
43 win = window;
44 this._options = new SkeletonKeyOptions(null, win);
45
46
47 this._init();
48 };
49
50 /**
51 * The number of iterations to perform in PBKDF2.
52 * @const {int}
53 */
54 SkeletonKey.prototype.ITERATIONS = 1000;
55 /**
56 * The size of the key, in bytes.
57 * @const {int}
58 */
59 SkeletonKey.prototype.KEYSIZE = 256/32;
60
61 /**
62 * Initializes event handlers for the page.
63 * @private
64 */
65 SkeletonKey.prototype._init = function() {
66 this._generateButton.onclick = this._onGenerate.bind(this);
67
68 this._master.onkeyup = this._nextFieldInterceptor.bind(this);
69 this._sitekey.onkeyup = this._nextFieldInterceptor.bind(this);
70 this._username.onkeyup = this._nextFieldInterceptor.bind(this);
71
72 if (!this._isTouchDevice()) {
73 this._password.onmousedown = this._selectPassword.bind(this);
74 this._password.onmouseup = function(e) {
75 e.preventDefault();
76 e.stopPropagation();
77 };
78 }
79
80 if (this._isChromeExtension()) {
81 this._initChromeExtension();
82 } else {
83 // Chrome extensions will get the first field focused automatically, so only
84 // do it explicitly for hosted pages.
85 this._master.focus();
86 }
87 };
88
89 /**
90 * Event handler for generating a new password.
91 * @param {Event} e
92 * @private
93 */
94 SkeletonKey.prototype._onGenerate = function(e) {
95 var salt = this._username.value + '@' + this._sitekey.value;
96
97 // |key| is a WordArray of 32-bit words.
98 var key = CryptoJS.PBKDF2(this._master.value, salt,
99 {keySize: this.KEYSIZE, iterations: this.ITERATIONS});
100
101 var hexString = key.toString();
102 hexString = this._capitalizeKey(hexString);
103
104 var maxLength = this._options.getMaximumPasswordLength();
105 if (hexString.length > maxLength)
106 hexString = hexString.substr(0, maxLength);
107
108 this._password.innerText = hexString;
109 this._selectPassword();
110 };
111
112 /**
113 * Takes a HEX string and returns a mixed-case string.
114 * @param {string} key
115 * @return string
116 * @private
117 */
118 SkeletonKey.prototype._capitalizeKey = function(key) {
119 // |key| is too long for a decent password, so try and use the second half of
120 // it as the basis for capitalizing the key.
121 var capsSource = null;
122 var keyLength = key.length;
123 if (keyLength / 2 <= this._options.getMinimumPasswordLength()) {
124 capsSouce = key.substr(0, keyLength - this._options.getMinimumPasswordLength());
125 } else {
126 capsSource = key.substr(keyLength / 2);
127 }
128
129 if (!capsSource || capsSource.length < 1) {
130 return key;
131 }
132
133 key = key.substr(0, capsSource.length);
134 var capsSourceLength = capsSource.length;
135
136 var j = 0;
137 var newKey = "";
138 for (var i = 0; i < key.length; i++) {
139 var c = key.charCodeAt(i);
140 // If this is not a lowercase letter or there's no more source, skip.
141 if (c < 0x61 || c > 0x7A || j >= capsSourceLength) {
142 newKey += key[i];
143 continue;
144 }
145
146 var makeCap = capsSource.charCodeAt(j++) % 2;
147 if (makeCap)
148 newKey += String.fromCharCode(c - 0x20);
149 else
150 newKey += key[i];
151 }
152
153 return newKey;
154 };
155
156 /**
157 * Checks if the given key event is from the enter key and moves onto the next
158 * field or generates the password.
159 * @param {Event} e
160 * @private
161 */
162 SkeletonKey.prototype._nextFieldInterceptor = function(e) {
163 if (e.keyCode != 0xD)
164 return;
165
166 if (this._master.value == "") {
167 this._master.focus();
168 } else if (this._sitekey.value == "") {
169 this._sitekey.focus();
170 } else if (this._username.value == "") {
171 this._username.focus();
172 } else {
173 this._generateButton.click();
174 }
175 };
176
177 /**
178 * Selects the contents of the generated password.
179 * @private
180 */
181 SkeletonKey.prototype._selectPassword = function() {
182 this._generateButton.blur();
183
184 // Touch devices do not bring up the edit controls (for copy) for
185 // pre-selected text.
186 if (this._isTouchDevice())
187 return;
188
189 var range = document.createRange();
190 range.selectNode(this._password.firstChild); // Select #text node.
191
192 var selection = window.getSelection();
193 selection.removeAllRanges();
194 selection.addRange(range);
195 };
196
197 /**
198 * Initalizes the Chrome extension pieces if running inside chrome.
199 * @private
200 */
201 SkeletonKey.prototype._initChromeExtension = function() {
202 var query = {
203 "active": true,
204 "currentWindow": true
205 };
206 chrome.tabs.query(query, function (tabs) {
207 console.log(tabs);
208 if (tabs == null || tabs.length != 1)
209 return;
210
211 var url = tabs[0].url;
212 if (url == null || url == "")
213 return;
214
215 // Use a link to clevely parse the URL into the hostname.
216 var parser = document.createElement("a");
217 parser.href = url;
218 var hostname = parser.hostname.split(".");
219
220 // Filter out common subdomains and TLDs to keep the siteky short and
221 // memorable.
222 ["www", "login", "account", "accounts"].forEach(function(subdomain) {
223 if (hostname[0] == subdomain) {
224 hostname.shift();
225 return;
226 }
227 });
228
229 ["com", "net", "org", "edu", "info"].forEach(function(tld) {
230 if (hostname[hostname.length - 1] == tld) {
231 hostname.pop();
232 return;
233 }
234 });
235
236 this._sitekey.value = hostname.join(".");
237 }.bind(this));
238 };
239
240 /**
241 * Checks if SkeletonKey is running as a Chrome extension.
242 * @returns {bool}
243 * @private
244 */
245 SkeletonKey.prototype._isChromeExtension = function() {
246 return typeof chrome !== 'undefined' && typeof chrome.tabs !== 'undefined';
247 };
248
249 /**
250 * Checks if SkeletonKey is running on a touch device.
251 * @returns {bool}
252 * @private
253 */
254 SkeletonKey.prototype._isTouchDevice = function() {
255 return typeof document.createTouch === 'function';
256 }
A Chrome extension that uses PBKDF2 hashing to generate cryptographically secure passwords.