-
-
Notifications
You must be signed in to change notification settings - Fork 300
/
sign.ts
163 lines (139 loc) · 4.24 KB
/
sign.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import FlattenedSign from '../flattened/sign.js'
import { JWSInvalid } from '../../util/errors.js'
import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types.d'
export interface Signature {
/**
* Sets the JWS Protected Header on the Signature object.
*
* @param protectedHeader JWS Protected Header.
*/
setProtectedHeader(protectedHeader: JWSHeaderParameters): Signature
/**
* Sets the JWS Unprotected Header on the Signature object.
*
* @param unprotectedHeader JWS Unprotected Header.
*/
setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): Signature
}
interface SignatureReference {
protectedHeader?: JWSHeaderParameters
unprotectedHeader?: JWSHeaderParameters
options?: SignOptions
key: KeyLike
}
const signatureRef: WeakMap<IndividualSignature, SignatureReference> = new WeakMap()
class IndividualSignature implements Signature {
setProtectedHeader(protectedHeader: JWSHeaderParameters) {
if (this._protectedHeader) {
throw new TypeError('setProtectedHeader can only be called once')
}
this._protectedHeader = protectedHeader
return this
}
setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters) {
if (this._unprotectedHeader) {
throw new TypeError('setUnprotectedHeader can only be called once')
}
this._unprotectedHeader = unprotectedHeader
return this
}
private set _protectedHeader(value: JWSHeaderParameters) {
signatureRef.get(this)!.protectedHeader = value
}
private get _protectedHeader(): JWSHeaderParameters {
return signatureRef.get(this)!.protectedHeader!
}
private set _unprotectedHeader(value: JWSHeaderParameters) {
signatureRef.get(this)!.unprotectedHeader = value
}
private get _unprotectedHeader(): JWSHeaderParameters {
return signatureRef.get(this)!.unprotectedHeader!
}
}
/**
* The GeneralSign class is a utility for creating General JWS objects.
*
* @example ESM import
* ```js
* import { GeneralSign } from 'jose/jws/general/sign'
* ```
*
* @example CJS import
* ```js
* const { GeneralSign } = require('jose/jws/general/sign')
* ```
*
* @example Deno import
* ```js
* import { GeneralSign } from 'https://deno.land/x/jose@VERSION/jws/general/sign.ts'
* ```
*
* @example Usage
* ```js
* const encoder = new TextEncoder()
*
* const sign = new GeneralSign(encoder.encode('It’s a dangerous business, Frodo, going out your door.'))
*
* sign
* .addSignature(ecPrivateKey)
* .setProtectedHeader({ alg: 'ES256' })
*
* sign
* .addSignature(rsaPrivateKey)
* .setProtectedHeader({ alg: 'PS256' })
*
* const jws = await sign.sign()
* ```
*/
class GeneralSign {
private _payload: Uint8Array
private _signatures: IndividualSignature[] = []
/**
* @param payload Binary representation of the payload to sign.
*/
constructor(payload: Uint8Array) {
this._payload = payload
}
addSignature(key: KeyLike, options?: SignOptions): Signature {
const signature = new IndividualSignature()
signatureRef.set(signature, { key, options })
this._signatures.push(signature)
return signature
}
/**
* Signs and resolves the value of the General JWS object.
*/
async sign(): Promise<GeneralJWS> {
if (!this._signatures.length) {
throw new JWSInvalid('at least one signature must be added')
}
const jws: GeneralJWS = {
signatures: [],
payload: '',
}
let payloads = new Set()
await Promise.all(
this._signatures.map(async (sig) => {
const { protectedHeader, unprotectedHeader, options, key } = signatureRef.get(sig)!
const flattened = new FlattenedSign(this._payload)
if (protectedHeader) {
flattened.setProtectedHeader(protectedHeader)
}
if (unprotectedHeader) {
flattened.setUnprotectedHeader(unprotectedHeader)
}
const { payload, ...rest } = await flattened.sign(key, options)
payloads.add(payload)
jws.payload = payload
jws.signatures.push(rest)
}),
)
if (payloads.size !== 1) {
throw new JWSInvalid('inconsistent use of JWS Unencoded Payload Option (RFC7797)')
}
return jws
}
}
export { GeneralSign }
export default GeneralSign
export type { KeyLike, GeneralJWS, JWSHeaderParameters }