-
-
Notifications
You must be signed in to change notification settings - Fork 299
/
verify.ts
78 lines (74 loc) · 2.38 KB
/
verify.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import { flattenedVerify } from '../flattened/verify.ts'
import type {
GeneralJWSInput,
GeneralVerifyResult,
FlattenedJWSInput,
GetKeyFunction,
JWSHeaderParameters,
KeyLike,
VerifyOptions,
ResolvedKey,
} from '../../types.d.ts'
import { JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.ts'
import isObject from '../../lib/is_object.ts'
/**
* Interface for General JWS Verification dynamic key resolution. No token components have been
* verified at the time of this function call.
*
* @see [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) to verify using a remote JSON Web Key Set.
*/
export interface GeneralVerifyGetKey
extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> {}
/**
* Verifies the signature and format of and afterwards decodes the General JWS.
*
* @param jws General JWS.
* @param key Key to verify the JWS with. See
* {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
* @param options JWS Verify options.
*/
export function generalVerify(
jws: GeneralJWSInput,
key: KeyLike | Uint8Array,
options?: VerifyOptions,
): Promise<GeneralVerifyResult>
/**
* @param jws General JWS.
* @param getKey Function resolving a key to verify the JWS with. See
* {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
* @param options JWS Verify options.
*/
export function generalVerify<T extends KeyLike = KeyLike>(
jws: GeneralJWSInput,
getKey: GeneralVerifyGetKey,
options?: VerifyOptions,
): Promise<GeneralVerifyResult & ResolvedKey<T>>
export async function generalVerify(
jws: GeneralJWSInput,
key: KeyLike | Uint8Array | GeneralVerifyGetKey,
options?: VerifyOptions,
) {
if (!isObject(jws)) {
throw new JWSInvalid('General JWS must be an object')
}
if (!Array.isArray(jws.signatures) || !jws.signatures.every(isObject)) {
throw new JWSInvalid('JWS Signatures missing or incorrect type')
}
for (const signature of jws.signatures) {
try {
return await flattenedVerify(
{
header: signature.header,
payload: jws.payload,
protected: signature.protected,
signature: signature.signature,
},
<Parameters<typeof flattenedVerify>[1]>key,
options,
)
} catch {
//
}
}
throw new JWSSignatureVerificationFailed()
}