Merge branch 'dev/ssl-pinning'

Gruntfile.js

@@ -116,7 +116,7 @@ module.exports = function(grunt) {
             },
             app: {
                 files: ['src/*.js', 'src/**/*.html', 'src/**/*.json', 'src/img/**/*', 'src/font/**/*'],
-                tasks: ['copy:app', 'copy:tpl', 'copy:img', 'copy:font', 'manifest-dev']
+                tasks: ['copy:app', 'copy:ca', 'copy:tpl', 'copy:img', 'copy:font', 'manifest-dev']
             }
         },
         copy: {
@@ -190,6 +190,12 @@ module.exports = function(grunt) {
                 src: ['*'],
                 dest: 'dist/tpl/'
             },
+            ca: {
+                expand: true,
+                cwd: 'src/ca/',
+                src: ['*'],
+                dest: 'dist/ca/'
+            },
             app: {
                 expand: true,
                 cwd: 'src/',

src/ca/Google_Internet_Authority_G2.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
+EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
+bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
+VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
+h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
+ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
+EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
+DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
+qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
+VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
+K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
+KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
+ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
+BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
+/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
+zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
+HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
+WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
+yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
+-----END CERTIFICATE-----

src/js/app-controller.js

@@ -152,48 +152,72 @@ define(function(require) {
      * Instanciate the mail email data access object and its dependencies. Login to imap on init.
      */
     self.init = function(userId, token, callback) {
-        var auth, imapOptions, smtpOptions,
+        var auth, imapOptions, smtpOptions, certificate,
             lawnchairDao, restDao, pubkeyDao,
-            keychain, imapClient, smtpClient, pgp, userStorage;
+            keychain, imapClient, smtpClient, pgp, userStorage, xhr;
 
-        // create mail credentials objects for imap/smtp
+        // fetch pinned local ssl certificate
-        auth = {
+        xhr = new XMLHttpRequest();
-            XOAuth2: {
+        xhr.open('GET', '/ca/Google_Internet_Authority_G2.pem');
-                user: userId,
+        xhr.onload = function() {
-                clientId: config.gmail.clientId,
+            if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText) {
-                accessToken: token
+                certificate = xhr.responseText;
+                setupDaos();
+            } else {
+                callback({
+                    errMsg: 'Could not fetch pinned certificate!'
+                });
             }
         };
-        imapOptions = {
+        xhr.onerror = function() {
-            secure: config.gmail.imap.secure,
+            callback({
-            port: config.gmail.imap.port,
+                errMsg: 'Could not fetch pinned certificate!'
-            host: config.gmail.imap.host,
+            });
-            auth: auth
-        };
-        smtpOptions = {
-            secure: config.gmail.smtp.secure,
-            port: config.gmail.smtp.port,
-            host: config.gmail.smtp.host,
-            auth: auth
         };
+        xhr.send();
 
-        // init objects and inject dependencies
+        function setupDaos() {
-        restDao = new RestDAO();
+            // create mail credentials objects for imap/smtp
-        pubkeyDao = new PublicKeyDAO(restDao);
+            auth = {
-        lawnchairDao = new LawnchairDAO();
+                XOAuth2: {
-        keychain = new KeychainDAO(lawnchairDao, pubkeyDao);
+                    user: userId,
-        imapClient = new ImapClient(imapOptions);
+                    clientId: config.gmail.clientId,
-        smtpClient = new SmtpClient(smtpOptions);
+                    accessToken: token
-        pgp = new PGP();
+                }
-        userStorage = new DeviceStorageDAO(lawnchairDao);
+            };
-        self._emailDao = new EmailDAO(keychain, imapClient, smtpClient, pgp, userStorage);
+            imapOptions = {
+                secure: config.gmail.imap.secure,
+                port: config.gmail.imap.port,
+                host: config.gmail.imap.host,
+                auth: auth,
+                ca: [certificate]
+            };
+            smtpOptions = {
+                secure: config.gmail.smtp.secure,
+                port: config.gmail.smtp.port,
+                host: config.gmail.smtp.host,
+                auth: auth
+            };
 
-        // init email dao
+            // init objects and inject dependencies
-        var account = {
+            restDao = new RestDAO();
-            emailAddress: userId,
+            pubkeyDao = new PublicKeyDAO(restDao);
-            asymKeySize: config.asymKeySize
+            lawnchairDao = new LawnchairDAO();
-        };
+            keychain = new KeychainDAO(lawnchairDao, pubkeyDao);
-        self._emailDao.init(account, callback);
+            imapClient = new ImapClient(imapOptions);
+            smtpClient = new SmtpClient(smtpOptions);
+            pgp = new PGP();
+            userStorage = new DeviceStorageDAO(lawnchairDao);
+            self._emailDao = new EmailDAO(keychain, imapClient, smtpClient, pgp, userStorage);
+
+            // init email dao
+            var account = {
+                emailAddress: userId,
+                asymKeySize: config.asymKeySize
+            };
+
+            self._emailDao.init(account, callback);
+        }
     };
 
     return self;