jinaga
Version:
Data management for web and mobile applications.
43 lines • 1.9 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyEnvelopes = void 0;
const node_forge_1 = require("node-forge");
const hash_1 = require("../fact/hash");
const trace_1 = require("../util/trace");
function verifyEnvelopes(envelopes) {
// Cache public keys to avoid parsing them multiple times
const publicKeyCache = {};
for (const envelope of envelopes) {
for (const signature of envelope.signatures) {
if (!publicKeyCache[signature.publicKey]) {
publicKeyCache[signature.publicKey] = node_forge_1.pki.publicKeyFromPem(signature.publicKey);
}
}
}
return envelopes.every(e => verifySignatures(e, publicKeyCache));
}
exports.verifyEnvelopes = verifyEnvelopes;
function verifySignatures(envelope, publicKeyCache) {
const canonicalString = (0, hash_1.canonicalizeFact)(envelope.fact.fields, envelope.fact.predecessors);
const encodedString = node_forge_1.util.encodeUtf8(canonicalString);
const digest = node_forge_1.md.sha512.create().update(encodedString);
const digestBytes = digest.digest().getBytes();
const hash = node_forge_1.util.encode64(digestBytes);
if (envelope.fact.hash !== hash) {
trace_1.Trace.error(`Hash does not match. "${envelope.fact.hash}" !== "${hash}"\nFact: ${canonicalString}`);
return false;
}
return envelope.signatures.every(s => verifySignature(s, digestBytes, publicKeyCache));
}
function verifySignature(signature, digestBytes, publicKeyCache) {
const publicKey = publicKeyCache[signature.publicKey];
const signatureBytes = node_forge_1.util.decode64(signature.signature);
try {
return publicKey.verify(digestBytes, signatureBytes);
}
catch (e) {
trace_1.Trace.error(`Failed to verify signature. ${e}`);
return false;
}
}
//# sourceMappingURL=verify.js.map