1 | const {
|
2 | createSign,
|
3 | createVerify,
|
4 | constants
|
5 | } = require('crypto')
|
6 |
|
7 | const { KEYOBJECT } = require('../help/consts')
|
8 | const resolveNodeAlg = require('../help/node_alg')
|
9 | const { asInput } = require('../help/key_object')
|
10 |
|
11 | const sign = (nodeAlg, { [KEYOBJECT]: keyObject }, payload) => {
|
12 | const key = asInput(keyObject, false)
|
13 | return createSign(nodeAlg).update(payload).sign({
|
14 | key,
|
15 | padding: constants.RSA_PKCS1_PSS_PADDING,
|
16 | saltLength: constants.RSA_PSS_SALTLEN_DIGEST
|
17 | })
|
18 | }
|
19 |
|
20 | const verify = (nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature) => {
|
21 | const key = asInput(keyObject, true)
|
22 | return createVerify(nodeAlg).update(payload).verify({
|
23 | key,
|
24 | padding: constants.RSA_PKCS1_PSS_PADDING,
|
25 | saltLength: constants.RSA_PSS_SALTLEN_DIGEST
|
26 | }, signature)
|
27 | }
|
28 |
|
29 | const LENGTHS = {
|
30 | PS256: 528,
|
31 | PS384: 784,
|
32 | PS512: 1040
|
33 | }
|
34 |
|
35 | module.exports = (JWA, JWK) => {
|
36 | ['PS256', 'PS384', 'PS512'].forEach((jwaAlg) => {
|
37 | const nodeAlg = resolveNodeAlg(jwaAlg)
|
38 | JWA.sign.set(jwaAlg, sign.bind(undefined, nodeAlg))
|
39 | JWA.verify.set(jwaAlg, verify.bind(undefined, nodeAlg))
|
40 | JWK.RSA.sign[jwaAlg] = key => key.private && JWK.RSA.verify[jwaAlg](key)
|
41 | JWK.RSA.verify[jwaAlg] = key => (key.use === 'sig' || key.use === undefined) && key.length >= LENGTHS[jwaAlg]
|
42 | })
|
43 | }
|