-
Notifications
You must be signed in to change notification settings - Fork 12
/
cose_verify.js
63 lines (53 loc) · 1.67 KB
/
cose_verify.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
const cose = require('cose-js')
const fs = require('fs')
const rawHash = require("sha256-uint8array").createHash;
const { PEM, ASN1, Class, Tag } = require('@fidm/asn1')
const { Certificate, PrivateKey } = require('@fidm/x509')
const zlib = require('pako');
var cbor = require('cbor');
const base45 = require('base45-js');
const cert = Certificate.fromPEM(fs.readFileSync('./dsc-worker.pem'))
var bytes = new Uint8Array(cert.raw);
const fingerprint = rawHash().update(cert.raw).digest();
const keyID = fingerprint.slice(0,8)
// Highly ES256 specific - extract the 'X' and 'Y' for verification
//
pk = cert.publicKey.keyRaw
const keyB = Buffer.from(pk.slice(0, 1))
const keyX = Buffer.from(pk.slice(1, 1+32))
const keyY = Buffer.from(pk.slice(33,33+32))
// Read in the Base45
//
const buffer = Buffer.alloc(4_096);
var len = fs.readSync(process.stdin.fd, buffer, 0, buffer.length)
var data = buffer.slice(0,len).toString('ASCII')
// Strip off the HC1 header if present
//
if (data.startsWith('HC1')) {
data = data.substring(3)
if (data.startsWith(':')) {
data = data.substring(1)
} else {
console.log("Warning: unsafe HC1: header - update to v0.0.4");
};
} else {
console.log("Warning: no HC1: header - update to v0.0.4");
};
data = base45.decode(data)
// Zlib magic headers:
// 78 01 - No Compression/low
// 78 9C - Default Compression
// 78 DA - Best Compression
//
if (data[0] == 0x78) {
data = zlib.inflate(data)
}
const verifier = { 'key': { 'x': keyX, 'y': keyY, 'kid': keyID } };
cose.sign.verify(data,verifier)
.then((buf) => {
data = cbor.decode(buf)
data = JSON.stringify(data,null,5)
process.stdout.write(data)
}).catch((error) => {
console.log(error);
});