-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
62 lines (61 loc) · 2.42 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
globalThis.Buffer ??= (await import("node:buffer")).Buffer; // For Deno
import bundleIsolatedWebApp from "./wbn-bundle.js";
import { WebBundleId } from "wbn-sign-webcrypto";
import * as fs from "node:fs";
import * as path from "node:path";
import * as crypto from "node:crypto";
const { webcrypto } = crypto;
const algorithm = { name: "Ed25519" };
const decoder = new TextDecoder();
fs.writeFileSync("./assets/script.js", `resizeTo(400,300); console.log("Signed Web Bundle for Isolated Web App using ${navigator.userAgent}")`);
const privateKey = fs.readFileSync("./privateKey.json");
const publicKey = fs.readFileSync("./publicKey.json");
// https://github.com/tQsW/webcrypto-curve25519/blob/master/explainer.md
const cryptoKey = {
privateKey: await webcrypto.subtle.importKey(
"jwk",
JSON.parse(decoder.decode(privateKey)),
algorithm.name,
true,
["sign"],
),
publicKey: await webcrypto.subtle.importKey(
"jwk",
JSON.parse(decoder.decode(publicKey)),
algorithm.name,
true,
["verify"],
),
};
const { fileName, source } = await bundleIsolatedWebApp({
baseURL: await new WebBundleId(
cryptoKey.publicKey,
).serializeWithIsolatedWebAppOrigin(),
static: { dir: "assets" },
formatVersion: "b2",
output: "signed.swbn",
integrityBlockSign: {
isIwa: true,
// https://github.com/GoogleChromeLabs/webbundle-plugins/blob/d251f6efbdb41cf8d37b9b7c696fd5c795cdc231/packages/rollup-plugin-webbundle/test/test.js#L408
// wbn-sign/lib/signers/node-crypto-signing-strategy.js
strategy: new (class CustomSigningStrategy {
async sign(data) {
return new Uint8Array(
await webcrypto.subtle.sign(algorithm, cryptoKey.privateKey, data),
);
}
async getPublicKey() {
return cryptoKey.publicKey;
}
})(),
},
headerOverride: {
"cross-origin-embedder-policy": "require-corp",
"cross-origin-opener-policy": "same-origin",
"cross-origin-resource-policy": "same-origin",
"content-security-policy":
"base-uri 'none'; default-src 'self'; object-src 'none'; frame-src 'self' https: blob: data:; connect-src 'self' https: wss:; script-src 'self' 'wasm-unsafe-eval'; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; font-src 'self' blob: data:; style-src 'self' 'unsafe-inline'; require-trusted-types-for 'script';",
},
});
fs.writeFileSync(fileName, source);
console.log(`${fileName}, ${source.byteLength} bytes.`);