Switch to jwt verify

This fixes #1
OADA · Apr 10, 2015 · e4dadd4 · e4dadd4
1 parent e118dcb
commit e4dadd4
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 27 deletions.
diff --git a/index.js b/index.js
@@ -19,6 +19,7 @@ var Promise = require('bluebird');
 var request = Promise.promisifyAll(require('superagent'));
 var jwku = Promise.promisifyAll(require('jwks-utils'));
 var jws = require('jws');
+var jwt = require('jsonwebtoken');
 var jwk2pem = require('pem-jwk').jwk2pem;
 
 var TRUSTED_LIST_URI = 'http://oada.github.io/oada-trusted-lists/' +
@@ -51,12 +52,8 @@ module.exports = function(sig, options, callback) {
         return jwku.jwkForSignatureAsync(sig, trusted && jku, options);
     });
 
-    return Promise.join(decoded, trusted, jwk, function(decoded, trusted, jwk) {
-        if (jws.verify(sig, 'RS256', jwk2pem(jwk))) {
-            return [trusted, decoded.payload];
-        } else {
-            throw new Error('Invalid signature');
-        }
+    return Promise.join(trusted, jwk, function(trusted, jwk) {
+        return [trusted, jwt.verify(sig, jwk2pem(jwk))];
     }).nodeify(callback, {spread: true});
 };
 

diff --git a/package.json b/package.json
@@ -42,6 +42,7 @@
   },
   "dependencies": {
     "bluebird": "^2.9.24",
+    "jsonwebtoken": "^5.0.0",
     "jwks-utils": "^1.0.0",
     "jws": "^3.0.0",
     "pem-jwk": "^1.5.1",

diff --git a/test/oada-trusted-jws.test.js b/test/oada-trusted-jws.test.js
@@ -22,7 +22,7 @@ var Promise = require('bluebird');
 var expect = chai.expect;
 var nock = require('nock');
 var url = require('url');
-var jws = require('jws');
+var jwt = require('jsonwebtoken');
 var jwk2pem = require('pem-jwk').jwk2pem;
 
 // Good enough?
@@ -64,34 +64,35 @@ describe('oada-trusted-jws', function() {
     });
 
     it('should error for invalid signature', function() {
-        sig = jws.sign({
-            header: {
-                kid: privJwk.kid,
-                jku: TEST_ROOT,
-                alg: 'HS256'
-            },
-            payload: payload,
-            secret: 'FOO'
-        });
+        sig = jwt.sign(
+            payload,
+            'FOO',
+            {
+                algorithm: 'HS256',
+                header: {
+                    kid: privJwk.kid,
+                    jku: TEST_ROOT
+                }
+            });
 
-        return expect(check(sig))
-            .to.eventually.be.rejectedWith('Invalid signature');
+        return expect(check(sig)).to.eventually.be.rejected;
     });
 
     ['trusted', 'untrusted'].forEach(function(trust) {
         describe('for ' + trust + ' signature', function() {
             var trusted = trust === 'trusted';
 
             before(function genSig() {
-                sig = jws.sign({
-                    header: {
-                        kid: privJwk.kid,
-                        jku: TEST_ROOT + trust,
-                        alg: 'RS256'
-                    },
-                    payload: payload,
-                    secret: jwk2pem(privJwk)
-                });
+                sig = jwt.sign(
+                    payload,
+                    jwk2pem(privJwk),
+                    {
+                        algorithm: 'RS256',
+                        header: {
+                            kid: privJwk.kid,
+                            jku: TEST_ROOT + trust
+                        },
+                    });
             });
 
             it('should return trusted ' + trusted, function() {