UNPKG

cose-kit

Version:

This is an early prototype of a RFC8152 COSE library for node.js.

github.com/jfromaniello/cose-kit

jfromaniello/cose-kit

63 lines (62 loc) 2.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SignatureBase = void 0; const jose_1 = require("jose"); const pkijs_js_1 = require("#runtime/pkijs.js"); const base64_js_1 = require("#runtime/base64.js"); const errors_js_1 = require("../util/errors.js"); const cert_js_1 = require("../util/cert.js"); const headers_js_1 = require("../headers.js"); const WithHeaders_js_1 = require("./WithHeaders.js"); class SignatureBase extends WithHeaders_js_1.WithHeaders { constructor(protectedHeaders, unprotectedHeaders, signature) { super(protectedHeaders, unprotectedHeaders); this.signature = signature; } get alg() { return this.protectedHeaders.get(headers_js_1.headers.alg) || this.unprotectedHeaders.get(headers_js_1.headers.alg); } get algName() { var _a; return this.alg ? (_a = headers_js_1.algs.get(this.alg)) === null || _a === void 0 ? void 0 : _a.name : undefined; } get kid() { return this.protectedHeaders.get(headers_js_1.headers.kid) || this.unprotectedHeaders.get(headers_js_1.headers.kid); } get x5bag() { const x5bag = this.protectedHeaders.get(headers_js_1.headers.x5bag) || this.unprotectedHeaders.get(headers_js_1.headers.x5bag); if (!x5bag) { return; } return Array.isArray(x5bag) ? x5bag : [x5bag]; } get x5chain() { const x5chain = this.protectedHeaders.get(headers_js_1.headers.x5chain) || this.unprotectedHeaders.get(headers_js_1.headers.x5chain); if (!x5chain) { return; } return Array.isArray(x5chain) ? x5chain : [x5chain]; } async verifyX509Chain(caRoots) { const { x5chain } = this; if (!x5chain || x5chain.length === 0) { throw new errors_js_1.X509NoMatchingCertificate(); } const chainEngine = new pkijs_js_1.pkijs.CertificateChainValidationEngine({ certs: x5chain.map((c) => pkijs_js_1.pkijs.Certificate.fromBER(c)), trustedCerts: caRoots.map((c) => pkijs_js_1.pkijs.Certificate.fromBER((0, base64_js_1.decodeBase64)((0, cert_js_1.pemToCert)(c)))), }); const chain = await chainEngine.verify(); if (!chain.result) { throw new errors_js_1.X509InvalidCertificateChain(chain.resultMessage); } const x509Cert = (0, cert_js_1.certToPEM)(x5chain[0]); const publicKey = await (0, jose_1.importX509)(x509Cert, this.algName); return { publicKey, raw: x5chain[0] }; } } exports.SignatureBase = SignatureBase;