42 lines
1.4 KiB
JavaScript
42 lines
1.4 KiB
JavaScript
// Copyright 2011 Joyent, Inc. All rights reserved.
|
|
|
|
var assert = require('assert-plus');
|
|
var crypto = require('crypto');
|
|
|
|
|
|
|
|
///--- Exported API
|
|
|
|
module.exports = {
|
|
|
|
/**
|
|
* Simply wraps up the node crypto operations for you, and returns
|
|
* true or false. You are expected to pass in an object that was
|
|
* returned from `parse()`.
|
|
*
|
|
* @param {Object} parsedSignature the object you got from `parse`.
|
|
* @param {String} key either an RSA private key PEM or HMAC secret.
|
|
* @return {Boolean} true if valid, false otherwise.
|
|
* @throws {TypeError} if you pass in bad arguments.
|
|
*/
|
|
verifySignature: function verifySignature(parsedSignature, key) {
|
|
assert.object(parsedSignature, 'parsedSignature');
|
|
assert.string(key, 'key');
|
|
|
|
var alg = parsedSignature.algorithm.match(/(HMAC|RSA|DSA)-(\w+)/);
|
|
if (!alg || alg.length !== 3)
|
|
throw new TypeError('parsedSignature: unsupported algorithm ' +
|
|
parsedSignature.algorithm);
|
|
|
|
if (alg[1] === 'HMAC') {
|
|
var hmac = crypto.createHmac(alg[2].toUpperCase(), key);
|
|
hmac.update(parsedSignature.signingString);
|
|
return (hmac.digest('base64') === parsedSignature.params.signature);
|
|
} else {
|
|
var verify = crypto.createVerify(alg[0]);
|
|
verify.update(parsedSignature.signingString);
|
|
return verify.verify(key, parsedSignature.params.signature, 'base64');
|
|
}
|
|
}
|
|
|
|
};
|