blob: f6ad0c2b17cb8a1256c65f4efec7d33cd22f391f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
// Copyright 2015 Joyent, Inc.
var assert = require('assert-plus');
var crypto = require('crypto');
///--- Exported API
module.exports = {
/**
* Verify RSA/DSA signature against public key. You are expected to pass in
* an object that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} pubkey RSA/DSA private key PEM.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifySignature: function verifySignature(parsedSignature, pubkey) {
assert.object(parsedSignature, 'parsedSignature');
assert.string(pubkey, 'pubkey');
var alg = parsedSignature.algorithm.match(/^(RSA|DSA)-(\w+)/);
if (!alg || alg.length !== 3)
throw new TypeError('parsedSignature: unsupported algorithm ' +
parsedSignature.algorithm);
var verify = crypto.createVerify(alg[0]);
verify.update(parsedSignature.signingString);
return verify.verify(pubkey, parsedSignature.params.signature, 'base64');
},
/**
* Verify HMAC against shared secret. You are expected to pass in an object
* that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} secret HMAC shared secret.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifyHMAC: function verifyHMAC(parsedSignature, secret) {
assert.object(parsedSignature, 'parsedHMAC');
assert.string(secret, 'secret');
var alg = parsedSignature.algorithm.match(/^HMAC-(\w+)/);
if (!alg || alg.length !== 2)
throw new TypeError('parsedSignature: unsupported algorithm ' +
parsedSignature.algorithm);
var hmac = crypto.createHmac(alg[1].toUpperCase(), secret);
hmac.update(parsedSignature.signingString);
return (hmac.digest('base64') === parsedSignature.params.signature);
}
};
|