@authduo/authduo
Version:
Free User-sovereign Authentication for the World
65 lines (52 loc) • 1.51 kB
text/typescript
import {Hex} from "@benev/slate"
import {Token} from "./jwt/token.js"
import {PubkeyData} from "./types.js"
import {CryptoConstants} from "./crypto-constants.js"
import {TokenPayload, TokenVerifyOptions, TokenVerifyError} from "./jwt/types.js"
export class Pubkey {
constructor(
public readonly thumbprint: string,
public readonly publicKey: CryptoKey,
) {}
static async fromData(data: PubkeyData) {
const extractable = true
const publicBuffer = Hex.bytes(data.publicKey).buffer
const thumbprint = Hex.string(
new Uint8Array(
await crypto.subtle.digest(CryptoConstants.algos.thumbprint, publicBuffer)
)
)
if (data.thumbprint !== thumbprint)
throw new TokenVerifyError("incorrect thumbprint")
const publicKey = await crypto.subtle.importKey(
CryptoConstants.formats.public,
publicBuffer,
CryptoConstants.algos.generate,
extractable,
["verify"],
)
return new this(thumbprint, publicKey)
}
async toData(): Promise<PubkeyData> {
const publicBuffer = await crypto.subtle
.exportKey(CryptoConstants.formats.public, this.publicKey)
const thumbprint = Hex.string(
new Uint8Array(
await crypto.subtle.digest(
CryptoConstants.algos.thumbprint,
publicBuffer,
)
)
)
return {
thumbprint,
publicKey: Hex.string(new Uint8Array(publicBuffer)),
}
}
async verify<P extends TokenPayload>(
token: string,
options: TokenVerifyOptions = {},
) {
return await Token.verify<P>(this.publicKey, token, options)
}
}