diff --git a/Gruntfile.js b/Gruntfile.js index 7e1135d..b66701f 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -116,7 +116,7 @@ module.exports = function(grunt) { }, app: { files: ['src/*.js', 'src/**/*.html', 'src/**/*.json', 'src/img/**/*', 'src/font/**/*'], - tasks: ['copy:app', 'copy:tpl', 'copy:img', 'copy:font', 'manifest-dev'] + tasks: ['copy:app', 'copy:ca', 'copy:tpl', 'copy:img', 'copy:font', 'manifest-dev'] } }, copy: { @@ -190,6 +190,12 @@ module.exports = function(grunt) { src: ['*'], dest: 'dist/tpl/' }, + ca: { + expand: true, + cwd: 'src/ca/', + src: ['*'], + dest: 'dist/ca/' + }, app: { expand: true, cwd: 'src/', diff --git a/src/ca/Google_Internet_Authority_G2.pem b/src/ca/Google_Internet_Authority_G2.pem new file mode 100644 index 0000000..6de7922 --- /dev/null +++ b/src/ca/Google_Internet_Authority_G2.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG +EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy +bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP +VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv +h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE +ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ +EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC +DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 +qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD +VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g +K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI +KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n +ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB +BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY +/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ +zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza +HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto +WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 +yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx +-----END CERTIFICATE----- diff --git a/src/js/app-controller.js b/src/js/app-controller.js index 0497b35..513d112 100644 --- a/src/js/app-controller.js +++ b/src/js/app-controller.js @@ -152,48 +152,72 @@ define(function(require) { * Instanciate the mail email data access object and its dependencies. Login to imap on init. */ self.init = function(userId, token, callback) { - var auth, imapOptions, smtpOptions, + var auth, imapOptions, smtpOptions, certificate, lawnchairDao, restDao, pubkeyDao, - keychain, imapClient, smtpClient, pgp, userStorage; + keychain, imapClient, smtpClient, pgp, userStorage, xhr; - // create mail credentials objects for imap/smtp - auth = { - XOAuth2: { - user: userId, - clientId: config.gmail.clientId, - accessToken: token + // fetch pinned local ssl certificate + xhr = new XMLHttpRequest(); + xhr.open('GET', '/ca/Google_Internet_Authority_G2.pem'); + xhr.onload = function() { + if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText) { + certificate = xhr.responseText; + setupDaos(); + } else { + callback({ + errMsg: 'Could not fetch pinned certificate!' + }); } }; - imapOptions = { - secure: config.gmail.imap.secure, - port: config.gmail.imap.port, - host: config.gmail.imap.host, - auth: auth - }; - smtpOptions = { - secure: config.gmail.smtp.secure, - port: config.gmail.smtp.port, - host: config.gmail.smtp.host, - auth: auth + xhr.onerror = function() { + callback({ + errMsg: 'Could not fetch pinned certificate!' + }); }; + xhr.send(); - // init objects and inject dependencies - restDao = new RestDAO(); - pubkeyDao = new PublicKeyDAO(restDao); - lawnchairDao = new LawnchairDAO(); - keychain = new KeychainDAO(lawnchairDao, pubkeyDao); - imapClient = new ImapClient(imapOptions); - smtpClient = new SmtpClient(smtpOptions); - pgp = new PGP(); - userStorage = new DeviceStorageDAO(lawnchairDao); - self._emailDao = new EmailDAO(keychain, imapClient, smtpClient, pgp, userStorage); + function setupDaos() { + // create mail credentials objects for imap/smtp + auth = { + XOAuth2: { + user: userId, + clientId: config.gmail.clientId, + accessToken: token + } + }; + imapOptions = { + secure: config.gmail.imap.secure, + port: config.gmail.imap.port, + host: config.gmail.imap.host, + auth: auth, + ca: [certificate] + }; + smtpOptions = { + secure: config.gmail.smtp.secure, + port: config.gmail.smtp.port, + host: config.gmail.smtp.host, + auth: auth + }; - // init email dao - var account = { - emailAddress: userId, - asymKeySize: config.asymKeySize - }; - self._emailDao.init(account, callback); + // init objects and inject dependencies + restDao = new RestDAO(); + pubkeyDao = new PublicKeyDAO(restDao); + lawnchairDao = new LawnchairDAO(); + keychain = new KeychainDAO(lawnchairDao, pubkeyDao); + imapClient = new ImapClient(imapOptions); + smtpClient = new SmtpClient(smtpOptions); + pgp = new PGP(); + userStorage = new DeviceStorageDAO(lawnchairDao); + self._emailDao = new EmailDAO(keychain, imapClient, smtpClient, pgp, userStorage); + + // init email dao + var account = { + emailAddress: userId, + asymKeySize: config.asymKeySize + }; + + self._emailDao.init(account, callback); + } }; return self;