UNPKG

@jc-lab/jose

Version:

JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies

github.com/jc-lab/jose

jc-lab/jose

34 lines (26 loc) 1.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
const { strict: assert } = require('assert') const { createHmac } = require('crypto') const { KEYOBJECT } = require('../help/consts') const timingSafeEqual = require('../help/timing_safe_equal') const resolveNodeAlg = require('../help/node_alg') const sign = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload) => { const hmac = createHmac(hmacAlg, keyObject.asInput ? keyObject.asInput() : keyObject) hmac.update(payload) return hmac.digest() } const verify = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload, signature) => { const hmac = createHmac(hmacAlg, keyObject.asInput ? keyObject.asInput() : keyObject) hmac.update(payload) const expected = hmac.digest() const actual = signature return timingSafeEqual(actual, expected) } module.exports = (JWA) => { ['HS256', 'HS384', 'HS512'].forEach((jwaAlg) => { const hmacAlg = resolveNodeAlg(jwaAlg) assert(!JWA.sign.has(jwaAlg), `sign alg ${jwaAlg} already registered`) assert(!JWA.verify.has(jwaAlg), `verify alg ${jwaAlg} already registered`) JWA.sign.set(jwaAlg, sign.bind(undefined, jwaAlg, hmacAlg)) JWA.verify.set(jwaAlg, verify.bind(undefined, jwaAlg, hmacAlg)) }) }