cose-kit/dist/node/cjs/cose/Sign.js

**DEPRECATED:** Use [@auth0/cose](https://www.npmjs.com/package/@auth0/cose).

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Signature = exports.Sign = void 0;
const SignatureBase_js_1 = require("./SignatureBase.js");
const COSEBase_js_1 = require("./COSEBase.js");
const headers_js_1 = require("../headers.js");
const sign_js_1 = __importDefault(require("#runtime/sign.js"));
const cbor_js_1 = require("../cbor.js");
const decode_js_1 = require("./decode.js");
const errors = __importStar(require("../util/errors.js"));
class Sign extends COSEBase_js_1.COSEBase {
    constructor(protectedHeaders, unprotectedHeaders, payload, signatures) {
        super(protectedHeaders, unprotectedHeaders);
        this.payload = payload;
        this.signatures = signatures;
    }
    getContentForEncoding() {
        return [
            this.encodedProtectedHeaders,
            this.unprotectedHeaders,
            this.payload,
            this.signatures.map((signature) => [
                signature.protectedHeaders,
                signature.unprotectedHeaders,
                signature.signature
            ]),
        ];
    }
    async verify(key, options) {
        for (const signature of this.signatures) {
            try {
                await signature.verify(key, this.encodedProtectedHeaders, this.payload, options);
                return;
            }
            catch (err) { }
        }
        throw new errors.COSESignatureVerificationFailed();
    }
    async verifyX509(roots, options) {
        for (const signature of this.signatures) {
            try {
                const { publicKey } = await signature.verifyX509Chain(roots);
                await signature.verify(publicKey, this.encodedProtectedHeaders, this.payload, options);
                return;
            }
            catch (err) { }
        }
        throw new errors.COSESignatureVerificationFailed();
    }
    static async sign(bodyProtectedHeader, unprotectedHeaders, payload, signers) {
        const encodedProtectedHeaders = headers_js_1.ProtectedHeaders.from(bodyProtectedHeader).encode();
        const unprotectedHeadersMap = headers_js_1.UnprotectedHeaders.from(unprotectedHeaders).esMap;
        const signatures = await Promise.all(signers.map(async ({ key, protectedHeaders, unprotectedHeaders }) => {
            return Signature.sign(encodedProtectedHeaders, protectedHeaders, unprotectedHeaders, payload, key);
        }));
        return new Sign(encodedProtectedHeaders, unprotectedHeadersMap, payload, signatures);
    }
    static decode(cose) {
        return (0, decode_js_1.decode)(cose, Sign);
    }
}
exports.Sign = Sign;
Sign.tag = 98;
class Signature extends SignatureBase_js_1.SignatureBase {
    constructor(protectedHeaders, unprotectedHeaders, signature) {
        super(protectedHeaders, unprotectedHeaders, signature);
        this.unprotectedHeaders = unprotectedHeaders;
        this.signature = signature;
    }
    static Signature(bodyProtectedHeaders, protectedHeaders, applicationHeaders, payload) {
        return cbor_js_1.encoder.encode([
            'Signature',
            bodyProtectedHeaders || new Uint8Array(),
            protectedHeaders || new Uint8Array(),
            applicationHeaders || new Uint8Array(),
            payload,
        ]);
    }
    async verify(key, bodyProtectedHeaders, payload, options) {
        const toBeSigned = Signature.Signature(bodyProtectedHeaders, this.encodedProtectedHeaders, new Uint8Array(), payload);
        await this.internalVerify(toBeSigned, key, options);
    }
    static async sign(bodyProtectedHeaders, protectedHeaders, unprotectedHeaders, payload, key) {
        const wProtectedHeaders = headers_js_1.ProtectedHeaders.from(protectedHeaders);
        const alg = headers_js_1.AlgorithmNames.get(wProtectedHeaders.get(headers_js_1.Headers.Algorithm));
        const encodedProtectedHeaders = wProtectedHeaders.encode();
        const unprotectedHeadersMapped = headers_js_1.UnprotectedHeaders.from(unprotectedHeaders).esMap;
        const toBeSigned = Signature.Signature(bodyProtectedHeaders, encodedProtectedHeaders, new Uint8Array(), payload);
        if (!alg) {
            throw new Error('The alg header must be set.');
        }
        const signature = await (0, sign_js_1.default)(alg, key, toBeSigned);
        return new Signature(encodedProtectedHeaders, unprotectedHeadersMapped, signature);
    }
}
exports.Signature = Signature;
(0, cbor_js_1.addExtension)({
    Class: Sign,
    tag: Sign.tag,
    encode(instance, encode) {
        return encode(instance.getContentForEncoding());
    },
    decode: (data) => {
        const signatures = data[3].map(signature => new Signature(signature[0], signature[1], signature[2]));
        return new Sign(data[0], data[1], data[2], signatures);
    }
});