source: trip-planner-front/node_modules/http-signature/lib/verify.js@ fa375fe

Last change on this file since fa375fe was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago

initial commit

  • Property mode set to 100644
File size: 3.0 KB
Line 
1// Copyright 2015 Joyent, Inc.
2
3var assert = require('assert-plus');
4var crypto = require('crypto');
5var sshpk = require('sshpk');
6var utils = require('./utils');
7
8var HASH_ALGOS = utils.HASH_ALGOS;
9var PK_ALGOS = utils.PK_ALGOS;
10var InvalidAlgorithmError = utils.InvalidAlgorithmError;
11var HttpSignatureError = utils.HttpSignatureError;
12var validateAlgorithm = utils.validateAlgorithm;
13
14///--- Exported API
15
16module.exports = {
17 /**
18 * Verify RSA/DSA signature against public key. You are expected to pass in
19 * an object that was returned from `parse()`.
20 *
21 * @param {Object} parsedSignature the object you got from `parse`.
22 * @param {String} pubkey RSA/DSA private key PEM.
23 * @return {Boolean} true if valid, false otherwise.
24 * @throws {TypeError} if you pass in bad arguments.
25 * @throws {InvalidAlgorithmError}
26 */
27 verifySignature: function verifySignature(parsedSignature, pubkey) {
28 assert.object(parsedSignature, 'parsedSignature');
29 if (typeof (pubkey) === 'string' || Buffer.isBuffer(pubkey))
30 pubkey = sshpk.parseKey(pubkey);
31 assert.ok(sshpk.Key.isKey(pubkey, [1, 1]), 'pubkey must be a sshpk.Key');
32
33 var alg = validateAlgorithm(parsedSignature.algorithm);
34 if (alg[0] === 'hmac' || alg[0] !== pubkey.type)
35 return (false);
36
37 var v = pubkey.createVerify(alg[1]);
38 v.update(parsedSignature.signingString);
39 return (v.verify(parsedSignature.params.signature, 'base64'));
40 },
41
42 /**
43 * Verify HMAC against shared secret. You are expected to pass in an object
44 * that was returned from `parse()`.
45 *
46 * @param {Object} parsedSignature the object you got from `parse`.
47 * @param {String} secret HMAC shared secret.
48 * @return {Boolean} true if valid, false otherwise.
49 * @throws {TypeError} if you pass in bad arguments.
50 * @throws {InvalidAlgorithmError}
51 */
52 verifyHMAC: function verifyHMAC(parsedSignature, secret) {
53 assert.object(parsedSignature, 'parsedHMAC');
54 assert.string(secret, 'secret');
55
56 var alg = validateAlgorithm(parsedSignature.algorithm);
57 if (alg[0] !== 'hmac')
58 return (false);
59
60 var hashAlg = alg[1].toUpperCase();
61
62 var hmac = crypto.createHmac(hashAlg, secret);
63 hmac.update(parsedSignature.signingString);
64
65 /*
66 * Now double-hash to avoid leaking timing information - there's
67 * no easy constant-time compare in JS, so we use this approach
68 * instead. See for more info:
69 * https://www.isecpartners.com/blog/2011/february/double-hmac-
70 * verification.aspx
71 */
72 var h1 = crypto.createHmac(hashAlg, secret);
73 h1.update(hmac.digest());
74 h1 = h1.digest();
75 var h2 = crypto.createHmac(hashAlg, secret);
76 h2.update(new Buffer(parsedSignature.params.signature, 'base64'));
77 h2 = h2.digest();
78
79 /* Node 0.8 returns strings from .digest(). */
80 if (typeof (h1) === 'string')
81 return (h1 === h2);
82 /* And node 0.10 lacks the .equals() method on Buffers. */
83 if (Buffer.isBuffer(h1) && !h1.equals)
84 return (h1.toString('binary') === h2.toString('binary'));
85
86 return (h1.equals(h2));
87 }
88};
Note: See TracBrowser for help on using the repository browser.