cose-kit
Version:
This is an early prototype of a RFC8152 COSE library for node.js.
102 lines (101 loc) • 4.41 kB
JavaScript
import { SignatureBase } from './SignatureBase.js';
import { WithHeaders } from './WithHeaders.js';
import verify from "#runtime/verify.js";
import { mapUnprotectedHeaders, encodeProtectedHeaders } from '../headers.js';
import sign from '#runtime/sign.js';
import { encoder, addExtension } from '../cbor.js';
export class Sign extends WithHeaders {
constructor(protectedHeaders, unprotectedHeaders, payload, signatures) {
super(protectedHeaders, unprotectedHeaders);
this.payload = payload;
this.signatures = signatures;
}
getContentForEncoding() {
return [
this.encodedProtectedHeaders,
this.unprotectedHeaders,
this.payload,
this.signatures.map((signature) => [
signature.protectedHeaders,
signature.unprotectedHeaders,
signature.signature
]),
];
}
encode() {
return encoder.encode(this);
}
async verify(keys) {
const results = await Promise.all(this.signatures.map(async (signature, index) => {
const keyToUse = Array.isArray(keys) ? keys[index] : keys;
return signature.verify(keyToUse, this.encodedProtectedHeaders, this.payload);
}));
return results.every(Boolean);
}
async verifyX509(roots) {
const results = await Promise.all(this.signatures.map(async (signature) => {
const { publicKey } = await signature.verifyX509Chain(roots);
return signature.verify(publicKey, this.encodedProtectedHeaders, this.payload);
}));
return results.every(Boolean);
}
static async sign(bodyProtectedHeader, unprotectedHeaders, payload, signers) {
const encodedProtectedHeaders = encodeProtectedHeaders(bodyProtectedHeader);
const unprotectedHeadersMap = mapUnprotectedHeaders(unprotectedHeaders);
const signatures = await Promise.all(signers.map(async ({ key, protectedHeaders, unprotectedHeaders }) => {
return Signature.sign(encodedProtectedHeaders, protectedHeaders, unprotectedHeaders, payload, key);
}));
return new Sign(encodedProtectedHeaders, unprotectedHeadersMap, payload, signatures);
}
}
export class Signature extends SignatureBase {
constructor(protectedHeaders, unprotectedHeaders, signature) {
super(protectedHeaders, unprotectedHeaders, signature);
this.unprotectedHeaders = unprotectedHeaders;
this.signature = signature;
}
static Signature(bodyProtectedHeaders, protectedHeaders, applicationHeaders, payload) {
return encoder.encode([
'Signature',
bodyProtectedHeaders || new Uint8Array(),
protectedHeaders || new Uint8Array(),
applicationHeaders || new Uint8Array(),
payload,
]);
}
async verify(key, bodyProtectedHeaders, payload) {
if (typeof key === 'function') {
key = await key(this);
}
if (!key) {
throw new Error('key not found');
}
const toBeSigned = Signature.Signature(bodyProtectedHeaders, this.encodedProtectedHeaders, new Uint8Array(), payload);
if (!this.algName) {
throw new Error('unknown algorithm: ' + this.alg);
}
return verify(this.algName, key, this.signature, toBeSigned);
}
static async sign(bodyProtectedHeaders, protectedHeaders, unprotectedHeaders, payload, key) {
const { alg } = protectedHeaders;
const encodedProtectedHeaders = encodeProtectedHeaders(protectedHeaders);
const unprotectedHeadersMapped = mapUnprotectedHeaders(unprotectedHeaders);
const toBeSigned = Signature.Signature(bodyProtectedHeaders, encodedProtectedHeaders, new Uint8Array(), payload);
if (!alg) {
throw new Error('The alg header must be set.');
}
const signature = await sign(alg, key, toBeSigned);
return new Signature(encodedProtectedHeaders, unprotectedHeadersMapped, signature);
}
}
addExtension({
Class: Sign,
tag: 98,
encode(instance, encode) {
return encode(instance.getContentForEncoding());
},
decode: (data) => {
const signatures = data[3].map(signature => new Signature(signature[0], signature[1], signature[2]));
return new Sign(data[0], data[1], data[2], signatures);
}
});