http-message-signatures
Version:
HTTP message signature implementation
125 lines • 5.05 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.createVerifier = exports.createSigner = void 0;
const crypto_1 = require("crypto");
const constants_1 = require("constants");
const errors_1 = require("../errors");
/**
* A helper method for easier consumption of the library.
*
* Consumers of the library can use this function to create a signer "out of the box" using a PEM
* file they have access to.
*
* @todo - read the key and determine its type automatically to make usage even easier
*/
function createSigner(key, alg, id) {
const signer = { alg };
switch (alg) {
case 'hmac-sha256':
signer.sign = async (data) => (0, crypto_1.createHmac)('sha256', key).update(data).digest();
break;
case 'rsa-pss-sha512':
signer.sign = async (data) => (0, crypto_1.createSign)('sha512').update(data).sign({
key,
padding: constants_1.RSA_PKCS1_PSS_PADDING,
});
break;
case 'rsa-v1_5-sha256':
signer.sign = async (data) => (0, crypto_1.createSign)('sha256').update(data).sign({
key,
padding: constants_1.RSA_PKCS1_PADDING,
});
break;
case 'rsa-v1_5-sha1':
// this is legacy for cavage
signer.sign = async (data) => (0, crypto_1.createSign)('sha1').update(data).sign({
key,
padding: constants_1.RSA_PKCS1_PADDING,
});
break;
case 'ecdsa-p256-sha256':
signer.sign = async (data) => (0, crypto_1.createSign)('sha256').update(data).sign({
key: key,
dsaEncoding: 'ieee-p1363',
});
break;
case 'ecdsa-p384-sha384':
signer.sign = async (data) => (0, crypto_1.createSign)('sha384').update(data).sign({
key: key,
dsaEncoding: 'ieee-p1363',
});
break;
case 'ed25519':
signer.sign = async (data) => (0, crypto_1.sign)(null, data, key);
// signer.sign = async (data: Buffer) => createSign('ed25519').update(data).sign(key as KeyLike);
break;
default:
throw new errors_1.UnknownAlgorithmError(`Unsupported signing algorithm ${alg}`);
}
if (id) {
signer.id = id;
}
return signer;
}
exports.createSigner = createSigner;
/**
* A helper method for easier consumption of the library.
*
* Consumers of the library can use this function to create a verifier "out of the box" using a PEM
* file they have access to.
*
* Verifiers are a little trickier as they will need to be produced "on demand" and the consumer will
* need to implement some logic for looking up keys by id (or other aspects of the request if no keyid
* is supplied) and then returning a validator
*
* @todo - attempt to look up algorithm automatically
*/
function createVerifier(key, alg) {
let verifier;
switch (alg) {
case 'hmac-sha256':
verifier = async (data, signature) => {
const expected = (0, crypto_1.createHmac)('sha256', key).update(data).digest();
return signature.length === expected.length && (0, crypto_1.timingSafeEqual)(signature, expected);
};
break;
case 'rsa-pss-sha512':
verifier = async (data, signature) => (0, crypto_1.createVerify)('sha512').update(data).verify({
key,
padding: constants_1.RSA_PKCS1_PSS_PADDING,
}, signature);
break;
case 'rsa-v1_5-sha1':
verifier = async (data, signature) => (0, crypto_1.createVerify)('sha1').update(data).verify({
key,
padding: constants_1.RSA_PKCS1_PADDING,
}, signature);
break;
case 'rsa-v1_5-sha256':
verifier = async (data, signature) => (0, crypto_1.createVerify)('sha256').update(data).verify({
key,
padding: constants_1.RSA_PKCS1_PADDING,
}, signature);
break;
case 'ecdsa-p256-sha256':
verifier = async (data, signature) => (0, crypto_1.createVerify)('sha256').update(data).verify({
key: key,
dsaEncoding: 'ieee-p1363',
}, signature);
break;
case 'ecdsa-p384-sha384':
verifier = async (data, signature) => (0, crypto_1.createVerify)('sha384').update(data).verify({
key: key,
dsaEncoding: 'ieee-p1363',
}, signature);
break;
case 'ed25519':
verifier = async (data, signature) => (0, crypto_1.verify)(null, data, key, signature);
break;
default:
throw new errors_1.UnknownAlgorithmError(`Unsupported signing algorithm ${alg}`);
}
return Object.assign(verifier, { alg });
}
exports.createVerifier = createVerifier;
//# sourceMappingURL=index.js.map