diff --git a/lib/jwe/decrypt.js b/lib/jwe/decrypt.js index fa496cb..696486b 100644 --- a/lib/jwe/decrypt.js +++ b/lib/jwe/decrypt.js @@ -94,7 +94,7 @@ function JWEDecrypter(ks, globalOpts) { //combine fields var fields, protect; - promise.then(function(rcptList) { + promise = promise.then(function(rcptList) { if (input.protected) { protect = base64url.decode(input.protected, "utf8"); protect = JSON.parse(protect); diff --git a/lib/jws/verify.js b/lib/jws/verify.js index e5af82a..6eab74f 100644 --- a/lib/jws/verify.js +++ b/lib/jws/verify.js @@ -102,137 +102,139 @@ var JWSVerifier = function(ks, globalOpts) { } protect = Object.keys(protect); - return { + return Promise.resolve({ protected: protect, aad: s.protected || "", header: header, signature: signature - }; + }); }); - var promise = new Promise(function(resolve, reject) { - var processSig = function() { - var sig = sigList.shift(); - if (!sig) { - reject(new Error("no key found")); - return; - } - - sig = merge({}, sig, { - payload: input.payload - }); - var p = Promise.resolve(sig); - // find the key - p = p.then(function(sig) { - var algKey; - // TODO: resolve jku, x5c, x5u - if (sig.header.jwk) { - algKey = JWK.asKey(sig.header.jwk); - } else if (sig.header.x5c) { - algKey = sig.header.x5c[0]; - algKey = new Buffer(algKey, "base64"); - // TODO: callback to validate chain - algKey = JWK.asKey(algKey, "pkix"); - } else { - algKey = Promise.resolve(assumedKey || keystore.get({ - use: "sig", - alg: sig.header.alg, - kid: sig.header.kid - })); + var promise = Promise.all(sigList); + promise = promise.then(function(sigList) { + return new Promise(function(resolve, reject) { + var processSig = function() { + var sig = sigList.shift(); + if (!sig) { + reject(new Error("no key found")); + return; } - return algKey.then(function(k) { - if (!k) { - return Promise.reject(new Error("key does not match")); - } - sig.key = k; - return sig; - }); - }); - // process any prepare-verify handlers - p = p.then(function(sig) { - var processing = []; - handlerKeys.forEach(function(h) { - h = extraHandlers[h]; - var p; - if ("function" === typeof h) { - p = h(sig); - } else if ("object" === typeof h && "function" === typeof h.prepare) { - p = h.prepare(sig); - } - if (p) { - processing.push(Promise.resolve(p)); + sig = merge({}, sig, { + payload: input.payload + }); + var p = Promise.resolve(sig); + // find the key + p = p.then(function(sig) { + var algKey; + // TODO: resolve jku, x5c, x5u + if (sig.header.jwk) { + algKey = JWK.asKey(sig.header.jwk); + } else if (sig.header.x5c) { + algKey = sig.header.x5c[0]; + algKey = new Buffer(algKey, "base64"); + // TODO: callback to validate chain + algKey = JWK.asKey(algKey, "pkix"); + } else { + algKey = Promise.resolve(assumedKey || keystore.get({ + use: "sig", + alg: sig.header.alg, + kid: sig.header.kid + })); } + return algKey.then(function(k) { + if (!k) { + return Promise.reject(new Error("key does not match")); + } + sig.key = k; + return sig; + }); }); - return Promise.all(processing).then(function() { - // don't actually care about individual handler results - // assume {sig} is updated - return sig; + + // process any prepare-verify handlers + p = p.then(function(sig) { + var processing = []; + handlerKeys.forEach(function(h) { + h = extraHandlers[h]; + var p; + if ("function" === typeof h) { + p = h(sig); + } else if ("object" === typeof h && "function" === typeof h.prepare) { + p = h.prepare(sig); + } + if (p) { + processing.push(Promise.resolve(p)); + } + }); + return Promise.all(processing).then(function() { + // don't actually care about individual handler results + // assume {sig} is updated + return sig; + }); }); - }); - // prepare verify inputs - p = p.then(function(sig) { - var aad = sig.aad || "", - payload = sig.payload || ""; - var content = new Buffer(1 + aad.length + payload.length), - pos = 0; - content.write(aad, pos, "ascii"); - pos += aad.length; - content.write(".", pos, "ascii"); - pos++; + // prepare verify inputs + p = p.then(function(sig) { + var aad = sig.aad || "", + payload = sig.payload || ""; + var content = new Buffer(1 + aad.length + payload.length), + pos = 0; + content.write(aad, pos, "ascii"); + pos += aad.length; + content.write(".", pos, "ascii"); + pos++; - if (Buffer.isBuffer(payload)) { - payload.copy(content, pos); - } else { - content.write(payload, pos, "binary"); - } - sig.content = content; - return sig; - }); - - p = p.then(function(sig) { - return sig.key.verify(sig.header.alg, - sig.content, - sig.signature); - }); + if (Buffer.isBuffer(payload)) { + payload.copy(content, pos); + } else { + content.write(payload, pos, "binary"); + } + sig.content = content; + return sig; + }); - p = p.then(function(result) { - var payload = sig.payload; - payload = base64url.decode(payload); - return { - protected: sig.protected, - header: sig.header, - payload: payload, - signature: result.mac, - key: sig.key - }; - }); + p = p.then(function(sig) { + return sig.key.verify(sig.header.alg, + sig.content, + sig.signature); + }); - // process any post-verify handlers - p = p.then(function(jws) { - var processing = []; - handlerKeys.forEach(function(h) { - h = extraHandlers[h]; - var p; - if ("object" === typeof h && "function" === typeof h.complete) { - p = h.complete(jws); - } - if (p) { - processing.push(Promise.resolve(p)); - } + p = p.then(function(result) { + var payload = sig.payload; + payload = base64url.decode(payload); + return { + protected: sig.protected, + header: sig.header, + payload: payload, + signature: result.mac, + key: sig.key + }; }); - return Promise.all(processing).then(function() { - // don't actually care about individual handler results - // assume {jws} is updated - return jws; + + // process any post-verify handlers + p = p.then(function(jws) { + var processing = []; + handlerKeys.forEach(function(h) { + h = extraHandlers[h]; + var p; + if ("object" === typeof h && "function" === typeof h.complete) { + p = h.complete(jws); + } + if (p) { + processing.push(Promise.resolve(p)); + } + }); + return Promise.all(processing).then(function() { + // don't actually care about individual handler results + // assume {jws} is updated + return jws; + }); }); - }); - p.then(resolve, processSig); - }; - processSig(); + p.then(resolve, processSig); + }; + processSig(); + }); }); - return promise; } });