UNPKG

snowflake-sdk

Version:
42 lines 1.95 kB
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.RSASSAPSSParamsEntity = exports.HASH_OID_TO_NAME = void 0; exports.parseRSASSAPSSParams = parseRSASSAPSSParams; const asn1_js_1 = __importDefault(require("asn1.js")); const asn1_js_rfc5280_1 = __importDefault(require("asn1.js-rfc5280")); const oids_1 = require("./oids"); exports.HASH_OID_TO_NAME = { [oids_1.ALGORITHM_OID.SHA256]: 'sha256', [oids_1.ALGORITHM_OID.SHA384]: 'sha384', [oids_1.ALGORITHM_OID.SHA512]: 'sha512', }; const HASH_DIGEST_LENGTH = { sha256: 32, sha384: 48, sha512: 64, }; exports.RSASSAPSSParamsEntity = asn1_js_1.default.define('RSASSAPSSParams', function () { this.seq().obj(this.key('hashAlgorithm').explicit(0).optional().use(asn1_js_rfc5280_1.default.AlgorithmIdentifier), // Intentionally ignoring maskGenAlgorithm; // Node crypto.verify only works when MGF1 hash matches the signature hash algorithm this.key('saltLength').explicit(2).optional().int()); }); function parseRSASSAPSSParams(parametersBuffer) { if (!parametersBuffer) { throw new Error('RSASSA-PSS signature algorithm is missing parameters buffer'); } const params = exports.RSASSAPSSParamsEntity.decode(parametersBuffer, 'der'); const hashOid = params.hashAlgorithm ? params.hashAlgorithm.algorithm.join('.') : null; const hashAlgorithm = hashOid ? exports.HASH_OID_TO_NAME[hashOid] : null; if (!hashAlgorithm) { throw new Error(`RSASSA-PSS unsupported hashAlgorithm OID: ${hashOid} (only SHA-256, SHA-384, and SHA-512 are supported)`); } return { hashAlgorithm, saltLength: params.saltLength != null ? params.saltLength.toNumber() : HASH_DIGEST_LENGTH[hashAlgorithm], }; } //# sourceMappingURL=rsassa_pss_parser.js.map