UNPKG

@xevolab/jades

Version:

JAdES Digital Signatures compatible with the ETSI TS 119 182-1 Standard

github.com/Xevolab/jades

Xevolab/jades

107 lines (106 loc) 3.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/* * Author : Francesco * Created at: 2023-06-02 20:33 * Edited by : Francesco * Edited at : 2024-06-30 15:04 * * Copyright (c) 2023 Xevolab S.R.L. */ import { sign, constants } from 'crypto'; /** * Returns the digest algorithm for the given signature algorithm. * * @param {string} alg The signature algorithm * * @return {string} The digest algorithm to be used */ export function digestAlg(alg) { switch (alg) { case 'PS256': case 'RS256': case 'ES256': return 'sha256'; case 'PS384': case 'RS384': case 'ES384': return 'sha384'; case 'PS512': case 'RS512': case 'ES512': return 'sha512'; default: throw new Error("alg ".concat(alg, " is not supported")); } } /** * Returns the key object for the given signature algorithm, adding necessary properties if needed * * @param {SignAlg} alg The signature algorithm * @param {KeyObject} key The key object * * @return {KeyObject} The modified (if needed) key object */ function keyForAlg(alg, key) { if (alg.startsWith('RS')) { if (key.asymmetricKeyType !== 'rsa') throw new TypeError("invalid key for alg ".concat(alg, ", must be a private RSA key")); } else if (alg.startsWith('ES')) { if (key.asymmetricKeyType !== 'ec') throw new TypeError("invalid key for alg ".concat(alg, ", must be a private EC key")); return { dsaEncoding: 'ieee-p1363', key: key }; } else if (alg.startsWith('PS')) { if (key.asymmetricKeyType !== 'rsa') throw new TypeError("invalid key for alg ".concat(alg, ", must be a private RSA key")); return { padding: constants.RSA_PKCS1_PSS_PADDING, saltLength: constants.RSA_PSS_SALTLEN_DIGEST, key: key }; } else { throw new TypeError("alg ".concat(alg, " is not supported")); } return key; } /** * Throw an error if the key is not valid for the given algorithm. * * @param {SignAlg} alg The signature algorithm * @param {KeyObject} key The key object * * @return {void} */ export function checkKeyType(alg, key) { var _a; keyForAlg(alg, key); // RS and PS keys must have at least 2048 modulus bits if (alg.startsWith('RS') || alg.startsWith('PS')) { if (!key.asymmetricKeyDetails || !key.asymmetricKeyDetails.modulusLength || ((_a = key.asymmetricKeyDetails) === null || _a === void 0 ? void 0 : _a.modulusLength) < 2048) throw new TypeError("invalid key for alg ".concat(alg, ", must have at least 2048 modulus bits")); } // ES keys must be P-256, P-384 or P-521 based on the algorithm name if (alg.startsWith('ES')) { if (!key.asymmetricKeyDetails || !key.asymmetricKeyDetails.namedCurve) throw new TypeError("invalid key for alg ".concat(alg, ", must have a namedCurve property")); var curve = key.asymmetricKeyDetails.namedCurve; var curveNames = { prime256v1: 'P-256', secp384r1: 'P-384', secp521r1: 'P-521' }; var expectedCurve = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' }; if (curveNames[curve] !== expectedCurve[alg]) throw new TypeError("invalid key for alg ".concat(alg, ", must be a ").concat(expectedCurve[alg], " key")); } } var calculateSignature = function (alg, key, data) { // return jwa(alg).sign(data, key.export({ format: 'pem', type: 'pkcs1' }).toString('ascii')); return sign(digestAlg(alg), data, keyForAlg(alg, key)); }; export default calculateSignature;