{"version":3,"sources":["../src/error.ts","../src/index.ts"],"names":["Signature","ErrorCode","Exception","_Signature","data","key","algorithm","digest","dataBuffer","coerceToUint8Array","secret","crypto","Hmac","Sign","error","signature","signBuffer","Verify","jwkAlg","Algorithm"],"mappings":"wTAEO,IAAKA,CAEXA,CAAAA,CAAAA,CAAAA,GAAAA,CAAAA,CAAA,eAAkB,CAAA,oBAAA,CAClBA,EAAA,YAAe,CAAA,iBAAA,CACfA,CAAA,CAAA,OAAA,CAAY,YACZA,CAAAA,CAAAA,CAAA,aAAgB,CAAA,kBAAA,CAChBA,CAAA,CAAA,YAAA,CAAe,iBANJA,CAAAA,CAAAA,CAAAA,EAAAA,CAAAA,EAAA,EASCC,CAAAA,CAAAA,CAAAA,CAAY,CAAE,SAAAC,CAAAA,SAAAA,CAAW,SAAAF,CAAAA,CAAU,CCAzC,CAAA,IAAMG,CAAN,CAAA,MAAMA,CACb,CAaC,OAAO,IAAA,CACNC,CACAC,CAAAA,CAAAA,CACAC,EAAoCH,CAAU,CAAA,SAAA,CAE/C,CACC,GAAK,CAAEC,CAAAA,CACN,MAAM,IAAIF,SAAAA,CAAW,oCAAsC,CAAA,CAC1D,IAAMD,CAAAA,CAAAA,CAAU,UAAU,WAC3B,CAAE,CAEH,CAAA,GAAK,CAAEI,CAAAA,CACN,MAAM,IAAIH,SAAW,CAAA,mCAAA,CAAqC,CACzD,IAAA,CAAMD,CAAU,CAAA,SAAA,CAAU,aAC3B,CAAE,CAAA,CAGH,IAAMM,CAAAA,CAASJ,CAAU,CAAA,YAAA,CAAcG,CAAU,CAAA,CAC3CE,CAAYC,CAAAA,kBAAAA,CAAoBL,CAAK,CAAA,CAE3C,GAAK,CAAEG,EAEN,MAAM,IAAIL,SAAW,CAAA,6BAAA,CAA+B,CACnD,IAAA,CAAMD,CAAU,CAAA,SAAA,CAAU,eAC3B,CAAE,CAGH,CAAA,GAAI,CAGH,GAAKK,EAAU,UAAY,CAAA,IAAK,CAAI,CAAA,CAEnC,IAAII,CAAAA,CAASL,EACb,OAAAK,CAAAA,CAAUA,CAAkB,YAAA,SAAA,CAAYC,CAAO,CAAA,SAAA,CAAU,KAAMD,CAAO,CAAA,CAAIA,CAGzEE,CAAAA,IAAAA,CAAK,MAAQJ,CAAAA,CAAAA,CAAYE,CAAQH,CAAAA,CAAO,CAE1C,CAGA,GAAKD,CAAAA,GAAc,OAAU,CAAA,CAE5B,IAAII,CAASL,CAAAA,CAAAA,CACb,OAAAK,CAAAA,CAAUA,CAAkB,YAAA,SAAA,CAAYC,CAAO,CAAA,SAAA,CAAU,IAAMD,CAAAA,CAAO,CAAIA,CAAAA,CAAAA,CAEnEC,CAAO,CAAA,IAAA,CAAM,KAAMH,CAAYE,CAAAA,CAAO,CAE9C,CAIA,IAAIA,CAAAA,CAASL,CACbK,CAAAA,CAAAA,CAAUA,CAAkB,YAAA,SAAA,CAAYC,CAAO,CAAA,SAAA,CAAU,IAAMD,CAAAA,CAAO,EAAIA,CAC1E,CAAA,IAAMG,CAAOF,CAAAA,CAAAA,CAAO,UAAYJ,CAAAA,CAAO,EAEvC,OAAAM,CAAAA,CAAK,KAAOL,CAAAA,CAAW,CACvBK,CAAAA,CAAAA,CAAK,KAEEA,CAAAA,CAAAA,CAAK,IAAMH,CAAAA,CAAO,CAE1B,CAAA,MAAUI,CAAQ,CAAA,CACjB,MAAM,IAAIZ,SAAW,CAAA,gDAAA,CAAkD,CACtE,IAAA,CAAOD,EAAU,SAAU,CAAA,OAAA,CAC3B,KAAQa,CAAAA,CACT,CAAE,CACH,CAED,CAYA,OAAO,OAAA,CACNC,CACAX,CAAAA,CAAAA,CACAC,CACAC,CAAAA,CAAAA,CAAoCH,EAAU,SAE/C,CAAA,CACC,GAAK,CAAEY,CACN,CAAA,MAAM,IAAIb,SAAAA,CAAW,wBAA0B,CAAA,CAC9C,IAAMD,CAAAA,CAAAA,CAAU,SAAU,CAAA,OAC3B,CAAE,CAEH,CAAA,GAAK,CAAEG,CAAAA,CACN,MAAM,IAAIF,UAAW,mDAAqD,CAAA,CACzE,IAAMD,CAAAA,CAAAA,CAAU,SAAU,CAAA,WAC3B,CAAE,CAEH,CAAA,GAAK,CAAEI,CAAAA,CACN,MAAM,IAAIH,SAAW,CAAA,kCAAA,CAAoC,CACxD,IAAA,CAAMD,CAAU,CAAA,SAAA,CAAU,YAC3B,CAAE,EAGH,IAAMM,CAAAA,CAASJ,CAAU,CAAA,YAAA,CAAcG,CAAU,CAAA,CAEjD,GAAK,CAAEC,CAEN,CAAA,MAAM,IAAIL,SAAAA,CAAW,6BAA+B,CAAA,CACnD,KAAMD,CAAU,CAAA,SAAA,CAAU,eAC3B,CAAE,CAGH,CAAA,IAAMe,CAAaP,CAAAA,kBAAAA,CAAoBM,CAAU,CAAA,CAC3CP,CAAaC,CAAAA,kBAAAA,CAAoBL,CAAK,CAAA,CAE5C,GAAI,CAEH,GAAKE,CAAU,CAAA,UAAA,CAAY,IAAK,CAAA,CAAI,CAEnC,IAAII,CAAAA,CAAUL,CAId,CAAA,GAHAK,CAAWA,CAAAA,CAAAA,YAAkB,UAAYC,CAAO,CAAA,SAAA,CAAU,IAAMD,CAAAA,CAAO,CAAIA,CAAAA,CAAAA,CAGtE,CAFWE,IAAAA,CAAK,OAAS,CAAA,MAAA,CAAO,IAAMI,CAAAA,CAAW,CAAGR,CAAAA,CAAAA,CAAYE,EAAQH,CAAO,CAAA,CAGnF,MAAM,IAAIL,SAAW,CAAA,oBAAA,CAAsB,CAC1C,IAAA,CAAMD,CAAU,CAAA,SAAA,CAAU,YAC3B,CAAE,CAGH,CAAA,OAAO,EAER,CAEA,GAAKK,CAAc,GAAA,OAAA,CAAU,CAE5B,IAAII,CAAUL,CAAAA,CAAAA,CAId,GAHAK,CAAAA,CAAWA,CAAkB,YAAA,SAAA,CAAYC,CAAO,CAAA,SAAA,CAAU,KAAMD,CAAO,CAAA,CAAIA,CAGtE,CAAA,CAFWC,CAAO,CAAA,MAAA,CAAQ,KAAMH,CAAYE,CAAAA,CAAAA,CAAQM,CAAW,CAAA,CAGnE,MAAM,IAAId,UAAW,oBAAsB,CAAA,CAC1C,IAAMD,CAAAA,CAAAA,CAAU,SAAU,CAAA,YAC3B,CAAE,CAAA,CAGH,OAAO,CAAA,CAER,CAGA,IAAIS,CAAUL,CAAAA,CAAAA,CACdK,EAAWA,CAAkB,YAAA,SAAA,CAAYC,CAAO,CAAA,SAAA,CAAU,IAAMD,CAAAA,CAAO,CAAIA,CAAAA,CAAAA,CAC3E,IAAMO,CAAAA,CAASN,CAAO,CAAA,YAAA,CAAcJ,CAAO,CAAA,CAO3C,GALAU,CAAO,CAAA,KAAA,CAAOT,CAAW,CAAA,CACzBS,CAAO,CAAA,GAAA,EAIF,CAAA,CAFWA,CAAO,CAAA,MAAA,CAAQP,CAAQM,CAAAA,CAAW,CAGjD,CAAA,MAAM,IAAId,SAAW,CAAA,oBAAA,CAAsB,CAC1C,IAAA,CAAMD,CAAU,CAAA,SAAA,CAAU,YAC3B,CAAE,CAAA,CAGH,OAAO,CAAA,CACR,CAAUa,MAAAA,CAAAA,CAAQ,CACjB,MAAKZ,SAAAA,CAAU,WAAaY,CAAAA,CAAM,CAC3BA,CAAAA,CAAAA,CAED,IAAIZ,SAAAA,CAAW,iDAAmD,CAAA,CACvE,IAAOD,CAAAA,CAAAA,CAAU,SAAU,CAAA,OAAA,CAC3B,MAAQa,CACT,CAAE,CACH,CAED,CASA,OAAe,YAAcI,CAAAA,CAAAA,CAC7B,CACC,OAAOC,SAAU,CAAA,EAAA,CAAI,CAAE,MAAA,CAAAD,CAAO,CAAE,CAAA,EAAG,IACpC,CACD,CA3Maf,CAAAA,CAAAA,CAEG,SAAmC,CAAA,OAAA,CAFtCA,CAGG,CAAA,UAAA,CAAwB,SAHjC,CAAA,IAAMH,CAANG,CAAAA","file":"index.mjs","sourcesContent":["import { ErrorCode as Exception } from '@alessiofrittoli/exception/code'\n\nexport enum Signature\n{\n\tINVALID_JWKNAME\t= 'ERR:INVALIDJWKNAME',\n\tINVALID_SIGN\t= 'ERR:INVALIDSIGN',\n\tNO_SIGN\t\t\t= 'ERR:NOSIGN',\n\tNO_PRIVATEKEY\t= 'ERR:NOPRIVATEKEY',\n\tNO_PUBLICKEY\t= 'ERR:NOPUBLICKEY',\n}\n\nexport const ErrorCode = { Exception, Signature }\nexport type ErrorCode\t= MergedEnumValue<typeof ErrorCode>","import crypto from 'crypto'\n\nimport { Hmac } from '@alessiofrittoli/crypto-key/Hmac'\nimport { Algorithm } from '@alessiofrittoli/crypto-algorithm'\nimport { Exception } from '@alessiofrittoli/exception'\nimport { coerceToUint8Array, type CoerceToUint8ArrayInput } from '@alessiofrittoli/crypto-buffer/coercion'\n\nimport { ErrorCode } from './error'\nimport type { Sign } from './types'\n\n\nexport class Signature\n{\n\tprivate static Algorithm: Sign.AlgorithmJwkName = 'HS256'\n\tprivate static HashDigest: Sign.Hash = 'SHA-256'\n\n\n\t/**\n\t * Sincronously create a signature with the given data.\n\t * \n\t * @param\tdata\t\tThe data to sign.\n\t * @param\tkey\t\t\tThe private key used for HMAC or the PEM private key for RSA, ECDSA and RSASSA-PSS signing algorithms.\n\t * @param\talgorithm\t( Optional ) The Jwk Algorithm name to use. Default: `HS256`.\n\t * @returns\tThe signature Buffer. Throws a new Exception on failure.\n\t */\n\tstatic sign(\n\t\tdata\t\t: CoerceToUint8ArrayInput,\n\t\tkey\t\t\t: Sign.PrivateKey,\n\t\talgorithm\t: Sign.AlgorithmJwkName = Signature.Algorithm,\n\t): Buffer\n\t{\n\t\tif ( ! data ) {\n\t\t\tthrow new Exception( 'No data to sign has been provided.', {\n\t\t\t\tcode: ErrorCode.Exception.EMPTY_VALUE,\n\t\t\t} )\n\t\t}\n\t\tif ( ! key ) {\n\t\t\tthrow new Exception( 'No Private Key has been provided.', {\n\t\t\t\tcode: ErrorCode.Signature.NO_PRIVATEKEY,\n\t\t\t} )\n\t\t}\n\n\t\tconst digest\t= Signature.jwkAlgToHash( algorithm )\n\t\tconst dataBuffer= coerceToUint8Array( data )\n\n\t\tif ( ! digest ) {\n\t\t\t// if an hash digest couldn't be found, means that an invalid `jwk` algorithm has been provided.\n\t\t\tthrow new Exception( 'Invalid JWK Algorithm name.', {\n\t\t\t\tcode: ErrorCode.Signature.INVALID_JWKNAME,\n\t\t\t} )\n\t\t}\n\n\t\ttry {\n\n\t\t\t/** HMAC SHA signing algorithm */\n\t\t\tif ( algorithm.startsWith( 'HS' ) ) {\n\n\t\t\t\tlet secret\t= key as Sign.PrivateKey<'HMAC'>\n\t\t\t\tsecret\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\t\t\n\t\t\t\treturn (\n\t\t\t\t\tHmac.digest( dataBuffer, secret, digest )\n\t\t\t\t)\n\t\t\t}\n\n\n\t\t\tif ( algorithm === 'EdDSA' ) {\n\n\t\t\t\tlet secret\t= key as Sign.PrivateKey<'EdDSA'>\n\t\t\t\tsecret\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\t\t\n\t\t\t\treturn crypto.sign( null, dataBuffer, secret )\n\n\t\t\t}\n\n\n\t\t\t/** RSASSA/RSASSA-PSS/ECDSA/DSA SHA signing algorithm */\n\t\t\tlet secret\t= key as Sign.PrivateKey<'RSA-PSS' | 'RSASSA-PKCS1-v1_5' | 'ECDSA' | 'DSA'>\n\t\t\tsecret\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\tconst Sign\t= crypto.createSign( digest )\n\n\t\t\tSign.write( dataBuffer )\n\t\t\tSign.end()\n\n\t\t\treturn Sign.sign( secret )\n\t\t\t\n\t\t} catch ( error ) {\n\t\t\tthrow new Exception( 'An error occured while creating the signature.', {\n\t\t\t\tcode\t: ErrorCode.Exception.UNKNOWN,\n\t\t\t\tcause\t: error,\n\t\t\t} )\n\t\t}\n\n\t}\n\n\n\t/**\n\t * Sincronously verify a signature.\n\t * \n\t * @param\tsignature\tThe signature buffer.\n\t * @param\tdata\t\tThe signed data.\n\t * @param\tkey\t\t\tThe public key used for HMAC, or RSA, ECDSA and RSASSA-PSS signing verifications.\n\t * @param\talgorithm\t( Optional ) The Jwk Algorithm name to use. Default: `HS256`.\n\t * @returns\t`true` if signature is valid. Throws a new Exception on failure.\n\t */\n\tstatic isValid(\n\t\tsignature\t: CoerceToUint8ArrayInput,\n\t\tdata\t\t: CoerceToUint8ArrayInput,\n\t\tkey\t\t\t: Sign.PublicKey,\n\t\talgorithm\t: Sign.AlgorithmJwkName = Signature.Algorithm,\n\t): true\n\t{\n\t\tif ( ! signature ) {\n\t\t\tthrow new Exception( 'No signature provided.', {\n\t\t\t\tcode: ErrorCode.Signature.NO_SIGN,\n\t\t\t} )\n\t\t}\n\t\tif ( ! data ) {\n\t\t\tthrow new Exception( 'The signed data is needed for integrity controls.', {\n\t\t\t\tcode: ErrorCode.Exception.EMPTY_VALUE,\n\t\t\t} )\n\t\t}\n\t\tif ( ! key ) {\n\t\t\tthrow new Exception( 'No Public Key has been provided.', {\n\t\t\t\tcode: ErrorCode.Signature.NO_PUBLICKEY,\n\t\t\t} )\n\t\t}\n\n\t\tconst digest = Signature.jwkAlgToHash( algorithm )\n\n\t\tif ( ! digest ) {\n\t\t\t// if an hash digest couldn't be found, means that an invalid `jwk` algorithm has been provided.\n\t\t\tthrow new Exception( 'Invalid JWK Algorithm name.', {\n\t\t\t\tcode: ErrorCode.Signature.INVALID_JWKNAME,\n\t\t\t} )\n\t\t}\n\t\t\n\t\tconst signBuffer\t= coerceToUint8Array( signature )\n\t\tconst dataBuffer\t= coerceToUint8Array( data )\n\n\t\ttry {\n\t\t\t/** HMAC SHA signing algorithm */\n\t\t\tif ( algorithm.startsWith( 'HS' ) ) {\n\n\t\t\t\tlet secret\t\t= key as Sign.PublicKey<'HMAC'>\n\t\t\t\tsecret\t\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\t\tconst isValid\t= Hmac.isValid( Buffer.from( signBuffer ), dataBuffer, secret, digest )\n\n\t\t\t\tif ( ! isValid ) {\n\t\t\t\t\tthrow new Exception( 'Invalid signature.', {\n\t\t\t\t\t\tcode: ErrorCode.Signature.INVALID_SIGN,\n\t\t\t\t\t} )\n\t\t\t\t}\n\n\t\t\t\treturn true\n\n\t\t\t}\n\n\t\t\tif ( algorithm === 'EdDSA' ) {\n\n\t\t\t\tlet secret\t\t= key as Sign.PublicKey<'EdDSA'>\n\t\t\t\tsecret\t\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\t\tconst isValid\t= crypto.verify( null, dataBuffer, secret, signBuffer )\n\n\t\t\t\tif ( ! isValid ) {\n\t\t\t\t\tthrow new Exception( 'Invalid signature.', {\n\t\t\t\t\t\tcode: ErrorCode.Signature.INVALID_SIGN,\n\t\t\t\t\t} )\n\t\t\t\t}\n\t\t\n\t\t\t\treturn true\n\n\t\t\t}\n\n\t\t\t/** RSASSA/RSASSA-PSS/ECDSA/DSA SHA signing algorithm */\n\t\t\tlet secret\t\t= key as Sign.PublicKey<'RSA-PSS' | 'RSASSA-PKCS1-v1_5' | 'ECDSA' | 'DSA'>\n\t\t\tsecret\t\t\t= secret instanceof CryptoKey ? crypto.KeyObject.from( secret ) : secret\n\t\t\tconst Verify\t= crypto.createVerify( digest )\n\n\t\t\tVerify.write( dataBuffer )\n\t\t\tVerify.end()\n\n\t\t\tconst isValid = Verify.verify( secret, signBuffer )\n\n\t\t\tif ( ! isValid ) {\n\t\t\t\tthrow new Exception( 'Invalid signature.', {\n\t\t\t\t\tcode: ErrorCode.Signature.INVALID_SIGN,\n\t\t\t\t} )\n\t\t\t}\n\n\t\t\treturn true\n\t\t} catch ( error ) {\n\t\t\tif ( Exception.isException( error ) ) {\n\t\t\t\tthrow error\n\t\t\t}\n\t\t\tthrow new Exception( 'An error occured while verifying the signature.', {\n\t\t\t\tcode\t: ErrorCode.Exception.UNKNOWN,\n\t\t\t\tcause\t: error,\n\t\t\t} )\n\t\t}\n\n\t}\n\n\n\t/**\n\t * Get the Algorithm digest hash name.\n\t *\n\t * @param\tjwkAlg The Algorithm.\n\t * @returns\tThe corresponding Algorithm digest hash name.\n\t */\n\tprivate static jwkAlgToHash( jwkAlg: Sign.AlgorithmJwkName )\n\t{\n\t\treturn Algorithm.by( { jwkAlg } )?.hash\n\t}\n}"]}