UNPKG

cose-kit

Version:

**DEPRECATED:** Use [@auth0/cose](https://www.npmjs.com/package/@auth0/cose).

github.com/jfromaniello/cose-kit

jfromaniello/cose-kit

56 lines (55 loc) 2.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import { KeyLike } from 'jose'; import { Algorithms } from '../headers.js'; import { COSEBase } from './COSEBase.js'; import { COSEVerifyGetKey } from '../jwks/local.js'; export type VerifyOptions = { externalAAD?: Uint8Array; detachedPayload?: Uint8Array; algorithms?: Algorithms[]; }; export declare class SignatureBase extends COSEBase { readonly signature: Uint8Array; constructor(protectedHeaders: Uint8Array | Map<number, unknown>, unprotectedHeaders: Map<number, unknown>, signature: Uint8Array); /** This parameter is used to indicate the algorithm used for the security processing. This parameter MUST be authenticated where the ability to do so exists. This support is provided by AEAD algorithms or construction (COSE_Sign, COSE_Sign0, COSE_Mac, and COSE_Mac0). This authentication can be done either by placing the header in the protected header bucket or as part of the externally supplied data. The value is taken from the "COSE Algorithms" registry (see Section 16.4). */ get alg(): Algorithms | undefined; get algName(): string | undefined; /** This parameter identifies one piece of data that can be used as input to find the needed cryptographic key. The value of this parameter can be matched against the 'kid' member in a COSE_Key structure. Other methods of key distribution can define an equivalent field to be matched. Applications MUST NOT assume that 'kid' values are unique. There may be more than one key with the same 'kid' value, so all of the keys associated with this 'kid' may need to be checked. The internal structure of 'kid' values is not defined and cannot be relied on by applications. Key identifier values are hints about which key to use. This is not a security-critical field. For this reason, it can be placed in the unprotected headers bucket. */ get kid(): Uint8Array | undefined; get x5bag(): Uint8Array[] | undefined; get x5chain(): Uint8Array[] | undefined; /** * Verify the x5chain content of a message with a given list of certificate authorities. * Returns the publicKey for message validation and * the raw x5chain certificate for further processing. * * @param caRoots the list of certificate authorities in pem format * @returns {Promise<{ publicKey: KeyLike, raw: Uint8Array }> */ verifyX509Chain(caRoots: string[]): Promise<{ publicKey: KeyLike; raw: Uint8Array; }>; protected internalVerify(payload: Uint8Array, key: KeyLike | Uint8Array | COSEVerifyGetKey, options?: VerifyOptions): Promise<void>; }