append device registration params to hub url

src/main/java/org/cryptomator/ui/keyloading/hub/RegisterDeviceController.java

@@ -1,7 +1,6 @@
 package org.cryptomator.ui.keyloading.hub;
 
 import com.google.common.io.BaseEncoding;
-import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.UserInteractionLock;
 import org.cryptomator.ui.keyloading.KeyLoading;
@@ -9,11 +8,14 @@ import org.cryptomator.ui.keyloading.KeyLoadingScoped;
 
 import javax.inject.Inject;
 import javafx.application.Application;
-import javafx.event.Event;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
 import javafx.stage.WindowEvent;
+import java.nio.charset.StandardCharsets;
 import java.security.KeyPair;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Objects;
 import java.util.concurrent.atomic.AtomicReference;
 
@@ -25,22 +27,25 @@ public class RegisterDeviceController implements FxController {
 	private final HubConfig hubConfig;
 	private final KeyPair keyPair;
 	private final UserInteractionLock<HubKeyLoadingModule.HubLoadingResult> result;
+	private final String verificationCode;
 
 	@Inject
-	public RegisterDeviceController(Application application, @KeyLoading Stage window, HubConfig hubConfig, AtomicReference<KeyPair> keyPairRef, UserInteractionLock<HubKeyLoadingModule.HubLoadingResult> result) {
+	public RegisterDeviceController(Application application, SecureRandom csprng, @KeyLoading Stage window, HubConfig hubConfig, AtomicReference<KeyPair> keyPairRef, UserInteractionLock<HubKeyLoadingModule.HubLoadingResult> result) {
 		this.application = application;
 		this.window = window;
 		this.hubConfig = hubConfig;
 		this.keyPair = Objects.requireNonNull(keyPairRef.get());
 		this.result = result;
 		this.window.addEventHandler(WindowEvent.WINDOW_HIDING, this::windowClosed);
+		this.verificationCode = String.format("%06d", csprng.nextInt(1_000_000));
 	}
 
 	@FXML
 	public void browse() {
 		var deviceKey = BaseEncoding.base64Url().omitPadding().encode(keyPair.getPublic().getEncoded());
-		var url = hubConfig.deviceRegistrationUrl + "?device_key=" + deviceKey;
-		// TODO append further params (including hmac of shown verification code)
+		var deviceId = "desktop-app"; // TODO use actual device id
+		var hash = computeVerificationHash(deviceId + deviceKey + verificationCode);
+		var url = hubConfig.deviceRegistrationUrl + "?device_key=" + deviceKey + "&device_id=" + deviceId + "&verification_hash=" + hash;
 		application.getHostServices().showDocument(url);
 	}
 
@@ -56,4 +61,20 @@ public class RegisterDeviceController implements FxController {
 		}
 	}
 
+	private static String computeVerificationHash(String input) {
+		try {
+			var digest = MessageDigest.getInstance("SHA-256");
+			digest.update(StandardCharsets.UTF_8.encode(input));
+			return BaseEncoding.base64Url().omitPadding().encode(digest.digest());
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("Every implementation of the Java platform is required to support SHA-256.");
+		}
+	}
+
+	/* Getter */
+
+	public String getVerificationCode() {
+		return verificationCode;
+	}
+
 }

src/main/resources/fxml/hub_register_device.fxml

@@ -8,6 +8,8 @@
 <?import javafx.scene.layout.HBox?>
 <?import javafx.scene.layout.VBox?>
 <?import javafx.scene.control.Hyperlink?>
+<?import javafx.scene.text.TextFlow?>
+<?import javafx.scene.text.Text?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.keyloading.hub.RegisterDeviceController"
@@ -25,7 +27,12 @@
 			</ImageView>
 
 			<VBox spacing="12">
-				<Hyperlink text="TODO: Register Device" onAction="#browse"/>
+				<TextFlow styleClass="text-flow">
+					<Text text="TODO: Please click on "/>
+					<Hyperlink styleClass="hyperlink-underline" text="TODO: Register Device" onAction="#browse"/>
+					<Text text=" and enter this device verification code: "/>
+					<Text text="${controller.verificationCode}"/>
+				</TextFlow>
 			</VBox>
 		</HBox>