1 | const { createHmac } = require('crypto')
|
2 |
|
3 | const { KEYOBJECT } = require('../help/consts')
|
4 | const timingSafeEqual = require('../help/timing_safe_equal')
|
5 | const resolveNodeAlg = require('../help/node_alg')
|
6 | const { asInput } = require('../help/key_object')
|
7 |
|
8 | const sign = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload) => {
|
9 | const hmac = createHmac(hmacAlg, asInput(keyObject, false))
|
10 | hmac.update(payload)
|
11 | return hmac.digest()
|
12 | }
|
13 |
|
14 | const verify = (jwaAlg, hmacAlg, key, payload, signature) => {
|
15 | const expected = sign(jwaAlg, hmacAlg, key, payload)
|
16 | const actual = signature
|
17 |
|
18 | return timingSafeEqual(actual, expected)
|
19 | }
|
20 |
|
21 | module.exports = (JWA, JWK) => {
|
22 | ['HS256', 'HS384', 'HS512'].forEach((jwaAlg) => {
|
23 | const hmacAlg = resolveNodeAlg(jwaAlg)
|
24 | JWA.sign.set(jwaAlg, sign.bind(undefined, jwaAlg, hmacAlg))
|
25 | JWA.verify.set(jwaAlg, verify.bind(undefined, jwaAlg, hmacAlg))
|
26 | JWK.oct.sign[jwaAlg] = JWK.oct.verify[jwaAlg] = key => key.use === 'sig' || key.use === undefined
|
27 | })
|
28 | }
|