UNPKG

signify-ts

Version:

Signing at the edge for KERI, ACDC, and KERIA

github.com/WebOfTrust/signify-ts

125 lines (116 loc) 3.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import { Signer } from './signer'; import { Verfer } from './verfer'; import { desiginput, HEADER_SIG_INPUT, HEADER_SIG_TIME, normalize, siginput, } from './httping'; import { Signage, signature, designature } from '../end/ending'; import { Cigar } from './cigar'; import { Siger } from './siger'; export class Authenticater { static DefaultFields = [ '@method', '@path', 'signify-resource', HEADER_SIG_TIME.toLowerCase(), ]; private _verfer: Verfer; private readonly _csig: Signer; constructor(csig: Signer, verfer: Verfer) { this._csig = csig; this._verfer = verfer; } verify(headers: Headers, method: string, path: string): boolean { const siginput = headers.get(HEADER_SIG_INPUT); if (siginput == null) { return false; } const signature = headers.get('Signature'); if (signature == null) { return false; } let inputs = desiginput(siginput); inputs = inputs.filter((input) => input.name == 'signify'); if (inputs.length == 0) { return false; } inputs.forEach((input) => { const items = new Array<string>(); input.fields!.forEach((field: string) => { if (field.startsWith('@')) { if (field == '@method') { items.push(`"${field}": ${method}`); } else if (field == '@path') { items.push(`"${field}": ${path}`); } } else { if (headers.has(field)) { const value = normalize(headers.get(field) as string); items.push(`"${field}": ${value}`); } } }); const values = new Array<string>(); values.push(`(${input.fields!.join(' ')})`); values.push(`created=${input.created}`); if (input.expires != undefined) { values.push(`expires=${input.expires}`); } if (input.nonce != undefined) { values.push(`nonce=${input.nonce}`); } if (input.keyid != undefined) { values.push(`keyid=${input.keyid}`); } if (input.context != undefined) { values.push(`context=${input.context}`); } if (input.alg != undefined) { values.push(`alg=${input.alg}`); } const params = values.join(';'); items.push(`"@signature-params: ${params}"`); const ser = items.join('\n'); const signage = designature(signature!); const markers = signage[0].markers as Map<string, Siger | Cigar>; const cig = markers.get(input.name); if (!cig || !this._verfer.verify(cig.raw, ser)) { throw new Error(`Signature for ${input.keyid} invalid.`); } }); return true; } sign( headers: Headers, method: string, path: string, fields?: Array<string> ): Headers { if (fields == undefined) { fields = Authenticater.DefaultFields; } const [header, sig] = siginput(this._csig, { name: 'signify', method, path, headers, fields, alg: 'ed25519', keyid: this._csig.verfer.qb64, }); header.forEach((value, key) => { headers.append(key, value); }); const markers = new Map<string, Siger | Cigar>(); markers.set('signify', sig); const signage = new Signage(markers, false); const signed = signature([signage]); signed.forEach((value, key) => { headers.append(key, value); }); return headers; } }