| 1 | const { createHmac } = require('crypto')
|
| 2 |
|
| 3 | const { KEYOBJECT } = require('../help/consts')
|
| 4 | const timingSafeEqual = require('../help/timing_safe_equal')
|
| 5 | const resolveNodeAlg = require('../help/node_alg')
|
| 6 | const { asInput } = require('../help/key_object')
|
| 7 |
|
| 8 | const sign = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload) => {
|
| 9 | const hmac = createHmac(hmacAlg, asInput(keyObject, false))
|
| 10 | hmac.update(payload)
|
| 11 | return hmac.digest()
|
| 12 | }
|
| 13 |
|
| 14 | const verify = (jwaAlg, hmacAlg, key, payload, signature) => {
|
| 15 | const expected = sign(jwaAlg, hmacAlg, key, payload)
|
| 16 | const actual = signature
|
| 17 |
|
| 18 | return timingSafeEqual(actual, expected)
|
| 19 | }
|
| 20 |
|
| 21 | module.exports = (JWA, JWK) => {
|
| 22 | ['HS256', 'HS384', 'HS512'].forEach((jwaAlg) => {
|
| 23 | const hmacAlg = resolveNodeAlg(jwaAlg)
|
| 24 | JWA.sign.set(jwaAlg, sign.bind(undefined, jwaAlg, hmacAlg))
|
| 25 | JWA.verify.set(jwaAlg, verify.bind(undefined, jwaAlg, hmacAlg))
|
| 26 | JWK.oct.sign[jwaAlg] = JWK.oct.verify[jwaAlg] = key => key.use === 'sig' || key.use === undefined
|
| 27 | })
|
| 28 | }
|