Remove legacy code, update algorithms and signers/verifiers

dhensby · Sep 29, 2022 · 8739d7d · 8739d7d
1 parent 2b40f4e
commit 8739d7d
Show file tree

Hide file tree

Showing 16 changed files with 1,012 additions and 1,462 deletions.
diff --git a/src/algorithm/index.ts b/src/algorithm/index.ts
@@ -11,54 +11,66 @@ import {
     VerifyPublicKeyInput,
 } from 'crypto';
 import { RSA_PKCS1_PADDING, RSA_PKCS1_PSS_PADDING } from 'constants';
+import { SigningKey, Algorithm, Verifier } from '../types';
 
-export type Algorithm = 'rsa-v1_5-sha256' | 'ecdsa-p256-sha256' | 'hmac-sha256' | 'rsa-pss-sha512' | string;
-
-export interface Signer {
-    (data: BinaryLike): Promise<Buffer>,
-    alg: Algorithm,
-}
-
-export interface Verifier {
-    (data: BinaryLike, signature: BinaryLike): Promise<boolean>,
-    alg: Algorithm,
-}
-
-export function createSigner(alg: Algorithm, key: BinaryLike | KeyLike | SignKeyObjectInput | SignPrivateKeyInput): Signer {
-    let signer;
+/**
+ * A helper method for easier consumption of the library.
+ *
+ * Consumers of the library can use this function to create a signer "out of the box" using a PEM
+ * file they have access to.
+ *
+ * @todo - read the key and determine its type automatically to make usage even easier
+ */
+export function createSigner(key: BinaryLike | KeyLike | SignKeyObjectInput | SignPrivateKeyInput, alg: Algorithm, id?: string): SigningKey {
+    const signer = { alg } as SigningKey;
     switch (alg) {
         case 'hmac-sha256':
-            signer = async (data: BinaryLike) => createHmac('sha256', key as BinaryLike).update(data).digest();
+            signer.sign = async (data: BinaryLike) => createHmac('sha256', key as BinaryLike).update(data).digest();
             break;
         case 'rsa-pss-sha512':
-            signer = async (data: BinaryLike) => createSign('sha512').update(data).sign({
+            signer.sign = async (data: BinaryLike) => createSign('sha512').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PSS_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'rsa-v1_5-sha256':
-            signer = async (data: BinaryLike) => createSign('sha256').update(data).sign({
+            signer.sign = async (data: BinaryLike) => createSign('sha256').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'rsa-v1_5-sha1':
             // this is legacy for cavage
-            signer = async (data: BinaryLike) => createSign('sha1').update(data).sign({
+            signer.sign = async (data: BinaryLike) => createSign('sha1').update(data).sign({
                 key,
                 padding: RSA_PKCS1_PADDING,
             } as SignPrivateKeyInput);
             break;
         case 'ecdsa-p256-sha256':
-            signer = async (data: BinaryLike) => createSign('sha256').update(data).sign(key as KeyLike);
+            signer.sign = async (data: BinaryLike) => createSign('sha256').update(data).sign(key as KeyLike);
             break;
         default:
             throw new Error(`Unsupported signing algorithm ${alg}`);
     }
-    return Object.assign(signer, { alg });
+    if (id) {
+        signer.id = id;
+    }
+    return signer;
 }
 
-export function createVerifier(alg: Algorithm, key: BinaryLike | KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput): Verifier {
+/**
+ * A helper method for easier consumption of the library.
+ *
+ * Consumers of the library can use this function to create a verifier "out of the box" using a PEM
+ * file they have access to.
+ *
+ * Verifiers are a little trickier as they will need to be produced "on demand" and the consumer will
+ * need to implement some logic for looking up keys by id (or other aspects of the request if no keyid
+ * is supplied) and then returning a validator
+ *
+ * @todo - attempt to look up algorithm automatically
+ */
+export function createVerifier(key: BinaryLike | KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput, alg: Algorithm): Verifier {
     let verifier;
     switch (alg) {
         case 'hmac-sha256':
@@ -74,6 +86,12 @@ export function createVerifier(alg: Algorithm, key: BinaryLike | KeyLike | Verif
                 padding: RSA_PKCS1_PSS_PADDING,
             } as VerifyPublicKeyInput, Buffer.from(signature));
             break;
+        case 'rsa-v1_5-sha1':
+            verifier = async (data: BinaryLike, signature: BinaryLike) => createVerify('sha1').update(data).verify({
+                key,
+                padding: RSA_PKCS1_PADDING,
+            } as VerifyPublicKeyInput, Buffer.from(signature));
+            break;
         case 'rsa-v1_5-sha256':
             verifier = async (data: BinaryLike, signature: BinaryLike) => createVerify('sha256').update(data).verify({
                 key,