pchainho
commented
7 years ago For now, we have disabled mutual authentication in Node
Open vitormsilva opened 7 years ago
pchainho
commented
7 years ago For now, we have disabled mutual authentication in Node
vitormsilva
commented
7 years ago We have the following problem..
When we did a unsubscribe from browser <-> browser all the process finish with success.
When we did a unsubscribe from browser <-> nodejs we receive the following responses of events:
Browser unsubscribe:
Nodejs receive:
--- Policy Engine ---
{ type: 'unsubscribe',
from: 'runtime://localhost/51233043-488e-2b45-3a53-9a8709fa145e/sm',
to: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription',
body:
{ resource: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967',
auth: false,
via: 'msg-node.localhost/protostub/5126' },
id: 8 }
[StorageManager] - get capabilities
Capability node is available? true
connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription-RCV: { type: 'unsubscribe',
from: 'runtime://localhost/51233043-488e-2b45-3a53-9a8709fa145e/sm',
to: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967/subscription',
body:
{ resource: 'connection://localhost/537f5bae-2882-4fdb-aa68-5ad432f32967',
auth: false,
via: 'msg-node.localhost/protostub/5126' },
id: 8 }And we don't have the unsubscribe process completed.
So, we think, this problem is related with disabling the mutual authentication.
jboulmal
commented
7 years ago Besides, an error happens on for NodeHyperty running on Nodejs-Runtime at the handshake phase.
--- Policy Engine ---
{ type: 'handshake',
to: 'hyperty://localhost/d0bc6e81-b2b5-4684-98e6-756b087ca6b5',
from: 'hyperty://localhost/b8f6bd3d-5552-4736-8072-5639160688e8',
body:
{ handshakePhase: 'senderHello',
value: 'NTEsNTEsNTMsNTUsMTA5LDE3Miw3OCwyMjMsMjQsMTM3LDIzNiwyNTAsMTkzLDIzNCwzNCw0NywxNjIsMjE4LDI1MCw1NywxMDQsMjMxLDU0LDgsOTYsMjU0LDEwMiwxNjQsMTM4LDE2MSwyMjMsMTcz',
identity:
{ userProfile: [Object],
idp: 'google.com',
assertion: 'eyJ0b2tlbklEIjoiZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkltVXlabU01WldRMU0yVXdNR1kzT1dZMk5qUmhZVFpqWlRFM1pHWTJNV1ZsTnpSbE5tTTBNRGNpZlEuZXlKcGMzTWlPaUpvZEhSd2N6b3ZMMkZqWTI5MWJuUnpMbWR2YjJkc1pTNWpiMjBpTENKcFlYUWlPakUwT0RVeU5qWXhOalVzSW1WNGNDSTZNVFE0TlRJMk9UYzJOU3dpWVhSZmFHRnphQ0k2SW1OWFIwaE9UbmR3VEV4blVFOTJUMDFLWjJSUVgzY2lMQ0poZFdRaU9pSTRNRGd6TWprMU5qWXdNVEl0ZEhGeU9IRnZhREV4TVRrME1tZGtNbXRuTURBM2REQnpPR1l5TnpkeWIya3VZWEJ3Y3k1bmIyOW5iR1YxYzJWeVkyOXVkR1Z1ZEM1amIyMGlMQ0p6ZFdJaU9pSXhNVEU1TXpReU16TTJNekkxTWpBd056YzNORE1pTENKbGJXRnBiRjkyWlhKcFptbGxaQ0k2ZEhKMVpTd2lZWHB3SWpvaU9EQTRNekk1TlRZMk1ERXlMWFJ4Y2poeGIyZ3hNVEU1TkRKblpESnJaekF3TjNRd2N6aG1NamMzY205cExtRndjSE11WjI5dloyeGxkWE5sY21OdmJuUmxiblF1WTI5dElpd2libTl1WTJVaU9pSk9SR2R6VFZSTmQweEVSWE5OZWxGelRrUm5jMDFVVFhOT2FYYzFURVJSZVV4RVJYcE9RM2N6VFdsM2VFMTZVWE5OYWxFelRFUkZla3hFUlhOTlUzZDRURVJWYzAxRGQzcE1SRVY2VFVOM2VFeEVSVEZNUkVGelRrUm5jMDFVVFhkTVJFVnpUVlJCYzAxcGQzaE5la0Z6VFZOM2VFeEVRWE5OYWtsNlRFUkZlVTE1ZDNoT2FsRnpUbmwzZUU5VVozTk5WRlV4VEVScmVreEVSWHBPYVhjMVRsTjNlVTVVVlhOT2VrVnpUV3BSYzA1VVZYTk5WRWw1VEVSRk1rMXBkM2hPYWxWelRrUkpjMDFxVFRGTVJFa3dURVJKZVU5RGQzbE5SRWx6VDBSUmMwMVVaM2hNUkVVeVRYbDNlRTFFVlhOTmFrVTFURVJuZVV4RVNYcE5VM2Q1VGtSWmMwMVVaekZNUkVVelRWTjNOVTU1ZDNsTmVtTnpUV3BCTWt4RVNYbE5hWGQ0VGtSbmMwNXFaM05OYWtWNFRFUkZkMDFUZDNsTlJFRnpUMFJKYzA1VVkzTk5ha0YzVEVSWk5FeEVaM05QVTNkNFQwUnJjMDFVVlRGTVJFVjNUbE4zZWsxVGQzaE5lbU56VFZSQmVVeEVTVEZOVTNkNFQxUkpjMDFxUVROTVJFbDVUa04zZVUxVVVYTk9ha2x6VFdwUk1reEVSVEZOYVhjd1QxTjNlRTVFU1hOTmVrRnpUbXByYzAxNlRYTk5WRkV3VEVSSk1FMURkM2hPUkZWelRXcFZNVXhFWnpGTVJHTTFURVJGTUV4RVJYbE5hWGQ1VFVSamMwMXFRWHBNUkVWNVRVTjNlRTE2WjNOTmFsVXdURVJGTWs1NWQzbE5lbWR6VFZSRk1VeEVTWGROVTNkNVRXcFJjMDlVUlhOTmFrMXpUMFJyYzA1RVdYTk9la1Z6VFZSWmMwNXFUWE5QUkZGelRWUkpNRXhFUlhkTlUzY3lUME4zZUU5VVNYTk5ha2w1VEVSamVreEVWWE5OYWtFeVRFUkZlRTVEZHpCTmVYY3pUVk4zZUUxVVVYTk5WRTE0VEVSRmVrNXBkM2xQUTNkNFRsUlZjMDlVUlhOUFJGVnpUVlJGZDB4RVRYZE1SRVY0VDFOM2VVMVVUWE5OZW1OelRWUm5lVXhFU1hkT1UzY3pURVJKZWsxRGQzbE9WRlZ6VFZSQmVreEVUVE5NUkdzd1RFUkZlRTVUZHpCT2FYY3pUWGwzTWs5VGR6Tk9lWGQ0VDBSUmMwNTZSWE5PYW10elRWUnJOVXhFU1hsT2VYY3dUWGwzZVUxNmEzTk5WRlYzVEVSRmVrMURkM2xOZWxGelRXcE5NVXhFWTNwTVJGRXdURVJGZUUxcGQzbE5hbEZ6VGxSVmMwNVVXWE5OVkd0M1RFUkZORTFEZHpSUFUzZDRUbnBSYzAxVWF6Vk1SRTAwVEVSRmVFNTVkM2hOVkdkelRXcEJla3hFUlRKT1UzZDVUV3BaYzAxcWEzTk9lWGQ1VFdwcmMwMXFTWHBNUkdzd1RFUkZNazFUZHpOUFUzZDRUbnBGYzAxVVkzZE1SRWwzVDFOM2VVOURkM2hQVkUxelRWUlJOVXhFUlhkTmVYZDVUVlJWYzA5VVVYTk9lbEZ6VFZSck5VeEVSVEZOUTNjMFRXbDNlVTFxWTNOTlZGazBURVJWZWt4RVNURk5VM2Q1VFdwcmMwMVVhelZNUkVWM1RsTjNlazU1ZDNoUFZGVnpUV3BCTkV4RVJUTk9hWGN4VDFOM2VVMTZhM05OYWxGM1RFUkplVTVwZHpGUFUzZDVUa1JCYzAxVVNUQk1SRVV3VDFOM2VVMURkM2hQVkZWelRXcFZlVXhFVFhkTVJFVjRUVU4zTkUxRGR6Sk5hWGQ1VFhwamMwNXFTWE5OYWxFMVRFUkplazFUZDNsTmVsRnpUV3BSZWt4RVJUTlBVM2Q1VGtSbmMwMVVVWGRNUkVVeFRtbDNlazVUZDNoTmVrVnpUVlJqZWt4RVJYZE9hWGQ1VFdwSmMwMXFSVEZNUkVsNlRrTjNlVTFxU1hOTlZGVjRURVJGZWsxRGQzaE9lbU56VFZScmVFeEVSVEZQVTNkNFRFUkplazFEZDNoT2VrVnpUVlJWTTB4RVNUVk1SRVY1VG5sM01rNXBkM2xOYWtGelRWUnJNVXhFUlROTmFYYzFUWGwzZVUxVVkzTk5WRTF6VFdwRk5VeEVhelZNUkVVeFRsTjNlRTFFVlhOTmVYZDVUWHBuYzAxVVZUUk1SRVV3VFhsM2VFNXFhM05OVkVGM1RFUmpNVXhFWnpGTVJFVXdUVU4zTUUxRGR6UlBRM2MwVGtOM2VFNTZSWE5OYWsxM1RFUkZNazU1ZDNsTVJFMXpUVk4zZDB4RVJUMGlMQ0psYldGcGJDSTZJbTl3Wlc1cFpIUmxjM1F4TUVCbmJXRnBiQzVqYjIwaUxDSnVZVzFsSWpvaWRHVnpkQ0JQY0dWdVNVUWlMQ0p3YVdOMGRYSmxJam9pYUhSMGNITTZMeTlzYURNdVoyOXZaMnhsZFhObGNtTnZiblJsYm5RdVkyOXRMeTFYWVVOeWFsWk5UVll0VVM5QlFVRkJRVUZCUVVGQlNTOUJRVUZCUVVGQlFVRkJjeTg0VDJ4V2NVTndVMEk1WXk5ek9UWXRZeTl3YUc5MGJ5NXFjR2NpTENKbmFYWmxibDl1WVcxbElqb2lkR1Z6ZENJc0ltWmhiV2xzZVY5dVlXMWxJam9pVDNCbGJrbEVJaXdpYkc5allXeGxJam9pWlc0dFIwSWlmUS5HaFBtcmJhalcwcDhGY0toMERWa3RoQjlub2xKcExXMW9Ha0hFMWNpZmxXaGhJY1lBMUdmeHVzUVZTSXVBQW52dnhGU29JMHZucm1EQWpVWXZvdlpvTmoyNjlNNEFxTGxtdGIxS3kwTW1pdWQxdko5ZWZzV0xFU0JNMGtPVkQtejRlOFIwTEVNaHlIZVNObmgyNG9PX0dIVWsydVk0MXNTOW5EeWswOWNnU2pMNWc5SHFuN0VKNG5NenJyQlN1Z0VfWkJOOTN6RUM1NGNnNHpReXlUQVBhTDNmc3hvS29vNnlaNnJ4TzcxNWlaX1Q1MllzVDBkVjREOHlXMEllLWdQYmdSQmx1eVNLRWIzZ1diNXIwalNva1NuQzR0b3lHV0FKUzhSZ1ZiNTMwMThUQ0RNT1hfZ0lkZnFSb2YzSzFZWmJNeVhDZTZlSTBFcUdKdHdXMEhjSnciLCJ0b2tlbklESlNPTiI6eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJpYXQiOiIxNDg1MjY2MTY1IiwiZXhwIjoiMTQ4NTI2OTc2NSIsImF0X2hhc2giOiJjV0dITk53cExMZ1BPdk9NSmdkUF93IiwiYXVkIjoiODA4MzI5NTY2MDEyLXRxcjhxb2gxMTE5NDJnZDJrZzAwN3QwczhmMjc3cm9pLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTExOTM0MjMzNjMyNTIwMDc3NzQzIiwiZW1haWxfdmVyaWZpZWQiOiJ0cnVlIiwiYXpwIjoiODA4MzI5NTY2MDEyLXRxcjhxb2gxMTE5NDJnZDJrZzAwN3QwczhmMjc3cm9pLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwibm9uY2UiOiJORGdzTVRNd0xERXNNelFzTkRnc01UTXNOaXc1TERReUxERXpOQ3czTWl3eE16UXNNalEzTERFekxERXNNU3d4TERVc01Dd3pMREV6TUN3eExERTFMREFzTkRnc01UTXdMREVzTVRBc01pd3hNekFzTVN3eExEQXNNakl6TERFeU15d3hOalFzTnl3eE9UZ3NNVFUxTERrekxERXpOaXc1TlN3eU5UVXNOekVzTWpRc05UVXNNVEl5TERFMk1pd3hOalVzTkRJc01qTTFMREkwTERJeU9Dd3lNRElzT0RRc01UZ3hMREUyTXl3eE1EVXNNakU1TERneUxESXpNU3d5TkRZc01UZzFMREUzTVN3NU55d3lNemNzTWpBMkxESXlNaXd4TkRnc05qZ3NNakV4TERFd01Td3lNREFzT0RJc05UY3NNakF3TERZNExEZ3NPU3d4T0Rrc01UVTFMREV3TlN3ek1Td3hNemNzTVRBeUxESTFNU3d4T1RJc01qQTNMREl5TkN3eU1UUXNOaklzTWpRMkxERTFNaXcwT1N3eE5ESXNNekFzTmprc016TXNNVFEwTERJME1Dd3hORFVzTWpVMUxEZzFMRGM1TERFMExERXlNaXd5TURjc01qQXpMREV5TUN3eE16Z3NNalUwTERFMk55d3lNemdzTVRFMUxESXdNU3d5TWpRc09URXNNak1zT0Rrc05EWXNOekVzTVRZc05qTXNPRFFzTVRJMExERXdNU3cyT0N3eE9USXNNakl5TERjekxEVXNNakEyTERFeE5DdzBNeXczTVN3eE1UUXNNVE14TERFek5pd3lPQ3d4TlRVc09URXNPRFVzTVRFd0xETXdMREV4T1N3eU1UTXNNemNzTVRneUxESXdOU3czTERJek1Dd3lOVFVzTVRBekxETTNMRGswTERFeE5TdzBOaXczTXl3Mk9TdzNOeXd4T0RRc056RXNOamtzTVRrNUxESXlOeXcwTXl3eU16a3NNVFV3TERFek1Dd3lNelFzTWpNMUxEY3pMRFEwTERFeE1pd3lNalFzTlRVc05UWXNNVGt3TERFNE1DdzRPU3d4TnpRc01UazVMRE00TERFeE55d3hNVGdzTWpBekxERTJOU3d5TWpZc01qa3NOeXd5TWprc01qSXpMRGswTERFMk1TdzNPU3d4TnpFc01UY3dMREl3T1N3eU9Dd3hPVE1zTVRRNUxERXdNeXd5TVRVc09UUXNOelFzTVRrNUxERTFNQ3c0TWl3eU1qY3NNVFk0TERVekxESTFNU3d5TWprc01UazVMREV3TlN3ek55d3hPVFVzTWpBNExERTNOaXcxT1N3eU16a3NNalF3TERJeU5pdzFPU3d5TkRBc01USTBMREUwT1N3eU1Dd3hPVFVzTWpVeUxETXdMREV4TUN3NE1DdzJNaXd5TXpjc05qSXNNalE1TERJek1Td3lNelFzTWpRekxERTNPU3d5TkRnc01UUXdMREUxTml3ek5Td3hNekVzTVRjekxERXdOaXd5TWpJc01qRTFMREl6TkN3eU1qSXNNVFV4TERFek1Dd3hOemNzTVRreExERTFPU3d4TERJek1Dd3hOekVzTVRVM0xESTVMREV5Tnl3Mk5pd3lNakFzTVRrMUxERTNNaXc1TXl3eU1UY3NNVE1zTWpFNUxEazVMREUxTlN3eE1EVXNNeXd5TXpnc01UVTRMREUwTXl3eE5qa3NNVEF3TERjMUxEZzFMREUwTUN3ME1DdzRPQ3c0TkN3eE56RXNNak13TERFMk55d3lMRE1zTVN3d0xERT0iLCJlbWFpbCI6Im9wZW5pZHRlc3QxMEBnbWFpbC5jb20iLCJuYW1lIjoidGVzdCBPcGVuSUQiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy1XYUNyalZNTVYtUS9BQUFBQUFBQUFBSS9BQUFBQUFBQUFBcy84T2xWcUNwU0I5Yy9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoidGVzdCIsImZhbWlseV9uYW1lIjoiT3BlbklEIiwibG9jYWxlIjoiZW4tR0IiLCJhbGciOiJSUzI1NiIsImtpZCI6ImUyZmM5ZWQ1M2UwMGY3OWY2NjRhYTZjZTE3ZGY2MWVlNzRlNmM0MDcifX0=' },
auth: false,
via: 'msg-node.localhost/protostub/125' },
id: 10 }
decrypt message
TypeError: Cannot read property 'private' of undefined
at IdentityModule._newChatCrypto (/home/jamal/Desktop/jamal-dev/testDevelop/dev-runtime-nodejs/dist/runtime-core/identity/IdentityModule.js:1588:39)
at ~/dev-runtime-nodejs/dist/runtime-core/identity/IdentityModule.js:882:34
at ~/dev-runtime-nodejs/dist/runtime-core/identity/IdentityModule.js:922:15
at new Promise (~/dev-runtime-nodejs/node_modules/indexeddbshim/dist/indexeddbshim-node.js:4733:7)
at IdentityModule.decryptMessage (~/dev-runtime-nodejs/dist/runtime-core/identity/IdentityModule.js:848:14)
at ~/dev-runtime-nodejs/dist/runtime-core/policy/context/RuntimeCoreCtx.js:76:28
at new Promise (~/dev-runtime-nodejs/node_modules/indexeddbshim/dist/indexeddbshim-node.js:4733:7)
at RuntimeCoreCtx.prepareForEvaluation (~/dev-runtime-nodejs/dist/runtime-core/policy/context/RuntimeCoreCtx.js:71:14)
at ~/dev-runtime-nodejs/dist/runtime-core/policy/PEP.js:97:27
at ~/dev-runtime-nodejs/dist/runtime-core/policy/PEP.js:124:13For precision :
Reporter on Browser-Runtime
Observer on Nodejs-Runtime
tiagolb
commented
7 years ago @jboulmal This is the error I'm getting also. I have followed @vitormsilva suggestion of implementing the node-webcrypto-ossl library with the appropriate extension to the runtimeFactory. But this error is not directly related to that.
What happens is that the nodejs user is fake and as such it is not authenticated in the same way the browser user is authenticated. This means that the internal structures such as the user's keyPair is not complete. As such, when the decrypt tries to decrypt the message it cannot read the private property of the undefined keyPair.
jboulmal
commented
7 years ago But @tiagolb I don't have this issue in case :
Reporter on Runtime Node
Observer on Browser-RuntimeAs temporary fix! could you disable authentication for Observer Hyperty on Runtime Node ? This will help us to progress in the development of Group communication in reTHINK.
tiagolb
commented
7 years ago @jboulmal What I'm going to try is to change Nodejs' fake user profile to have a generated keyPair each time do this error doesn't occur. I'll keep you updated.
jboulmal
commented
7 years ago @tiagolb Have you pushed your updates, so that I can't debug from my side concurrently ? P.S : which version of node you're on ?
tiagolb
commented
7 years ago @jboulmal I haven't yet because I have found another problem connected to the runtime-core. My node version is 7.4
jboulmal
commented
7 years ago I thought you're on an old version!
tiagolb
commented
7 years ago @jboulmal It seems the IDM does some encoding here which doesn't work with Nodejs. I'm trying to find an alternative which works for the nodejs environment.
What I mean by this not working with Nodejs is that in Nodejs there's no TextEncoder/TextDecoder class available.
tiagolb
commented
7 years ago @jboulmal @vitormsilva
I solved the underlying issue of the encoding process.
But further down the execution I receive a Response timeout! in Nodejs and the browser console lights up with some errors. I don't believe these errors are directly related to this issue (mutual authentication), but I may be wrong...
I'll leave the logs here:
Do you want me to push the changes I've made under a different branch so you can take a look at this problem?
jboulmal
commented
7 years ago @tiagolb @vitormsilva , please @tiagolb push them in separate branch, and tell us how to replicate your test may be on slack!
tiagolb
commented
7 years ago @jboulmal I pushed the changes made to runtime-core in a branch called issue149. I'd like to do the same for the changes made to the runtime-nodejs but I don't have permissions to do so.
Anyway, I've been discussing with @vitormsilva and we realized that this problem is still related to the Mutual Authentication issue.
{ type: 'handshake',
to: 'hyperty://localhost/c6c0f3f4-305c-4a8d-96d7-fff2fa22f34e',
from: 'hyperty://localhost/03e93016-cf4b-40ca-8f4d-dd1ddee5cd8d',
body:
{ handshakePhase: 'receiverHello',
value: 'MTUwMIpS4hQkgds21rVkHxpriggqg9wXnsYqEzUtgBk=' },
id: 5 }As you can see, the value attribute is still encrypted, and it shouldn't be. I'll keep working on this.
jboulmal
commented
7 years ago @tiagolb Thanks for the feedbacks and updates! Ask @pchainho about the permission. You shouldn't have been denied!
tiagolb
commented
7 years ago @jboulmal Can you give me permission? @pchainho isn't available to give the permission right now. Thanks
tiagolb
commented
7 years ago @jboulmal @vitormsilva I'm also having a Response timeout! message when trying out the browser <-> browser scenario. And according to the code in IDM, I think the value attribute of the example given above should actually be that way (as shown).
jboulmal
commented
7 years ago @tiagolb I'm afraid I don't have the authorization to give or deny permissions. I can't do it!
I think @pchainho has the access rights for the section settings of the repo!
tiagolb
commented
7 years ago @jboulmal I pushed my changes to both the dev-runtime-core and dev-runtime-nodejs repositories. The branch I created is called issue149. For everything else (msg-node, hyperty-toolkit and registry-domain) I have used the develop branch.
Can you run my code and report the errors you get?
tiagolb
commented
7 years ago I've disabled mutual authentication in runtime-core branch mutualAuthDisabled
Next I'll try these options (suggested by @pchainho ): 1) create an identity for an idp in which there exists a functional idp proxy (eg. google) 2) create a fake idp proxy for nodejs identities - this fake idP proxy does not connect to any IDP
jboulmal
commented
7 years ago It has been unblocked by disabling mutual authentication in runtime-core temporarily.
tiagolb
commented
7 years ago I'm trying to follow the second approach of creating an idP proxy for nodejs identities which doesn't connect to any idP. I have a token in this idP proxy which is answered back when the idP proxy is queried.
But I'm having difficulties getting the idP proxy to work. I've adapted this idp Proxy template and added it to the resources directory of the hyperty-toolkit. I've encoded it accordingly and it seems the idP proxy isn't registered yet.
tiagolb
commented
7 years ago I'm adopting a new strategy regarding this issue. The code is implemented in such a way that the IDM manages the nodejs interaction differently (it specifies the generateAssertion methodology for instance, although incorrectly). What I am to do, in order to accelerate the progress of this issue is to, instead of defining a new IdP Proxy for nodejs, adapt the specific nodejs implementation and hardcode the authentication code of an identity (using the google.com IdP) after the login opening process. This allows the other hyperty to connect to the google IdP normally and validate the assertion.
After this issue is resolved I'll go back and update the code to normalize the management process of identities in nodejs.
tiagolb
commented
7 years ago This issue is currently delayed because of #160
tiagolb
commented
7 years ago The mutual authentication process of nodejs is working. By this I mean that nodejs validates the assertion generated by a browser hyperty and sends a valid assertion to that same hyperty.
But I'm having a problem regarding differences between webcrypto and the crypto library in nodejs. I'm getting this error when the key exchange process happens between the two hyperties, specifically when a key is decrypted using RSA:
Error: NativeError: Error: 139958325520128:error:04065084:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data too large for modulus:../deps/openssl/openssl/crypto/rsa/rsa_eay.c:528:
at new WebCryptoError (/home/tiago/Documents/reTHINK/2REPOS/dev-runtime-nodejs/node_modules/webcrypto-core/dist/webcrypto-core.js:38:21)
at /home/tiago/Documents/reTHINK/2REPOS/dev-runtime-nodejs/node_modules/node-webcrypto-ossl/buildjs/crypto/rsa.js:322:28Generally this error happens because the content being decrypted is to large. But this error is not happening in the browser.
pchainho
commented
7 years ago A reference I found that may help: http://people.ischool.berkeley.edu/~nick/signal-protocol-js/
lopes120
commented
7 years ago To test NodeJS, the branch issue149 must be used on the dev-runtime-core, dev-runtime-nodejs and dev-protostubs repositories.
When we have a reporter running on nodejs and an observer running on browser we have problems related with the Mutual Authentication.
We found some possible causes and all need to be fixed:
the nodejs fake user here, doesn't follow the same structure like the OIDC from google.
The Mutual Authentication process have a direct dependency from WebCrypto, which is not available on nodejs, and seems is not compatible with the WebCrypto, solutions: