summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatthew Miller <matthew@millerti.me>2022-12-18 09:08:08 -0800
committerMatthew Miller <matthew@millerti.me>2022-12-18 09:08:08 -0800
commitbd7b45580e501d89b15fecb83d3234dd95bf362e (patch)
treee485b2ba8e4509ca6708ae0e01c53f5d97cdb021
parent491e6dcd0b34162b391f3b6fb0dd4d7c8d18949f (diff)
Update MetadaService to use new verifyJWT()
Diffstat
-rw-r--r--packages/server/src/services/metadataService.ts11
1 files changed, 3 insertions, 8 deletions
diff --git a/packages/server/src/services/metadataService.ts b/packages/server/src/services/metadataService.ts
index c532f11..8176fe5 100644
--- a/packages/server/src/services/metadataService.ts
+++ b/packages/server/src/services/metadataService.ts
@@ -1,5 +1,4 @@
import fetch from 'cross-fetch';
-import { KJUR } from 'jsrsasign';
import { validateCertificatePath } from '../helpers/validateCertificatePath';
import { convertCertBufferToPEM } from '../helpers/convertCertBufferToPEM';
@@ -12,8 +11,10 @@ import type {
} from '../metadata/mdsTypes';
import { SettingsService } from '../services/settingsService';
import { getLogger } from '../helpers/logging';
+import { convertPEMToBytes } from '../helpers/convertPEMToBytes';
import { parseJWT } from '../metadata/parseJWT';
+import { verifyJWT } from '../metadata/verifyJWT';
// Cached MDS APIs from which BLOBs are downloaded
type CachedMDS = {
@@ -234,13 +235,7 @@ export class BaseMetadataService {
// Verify the BLOB JWT signature
const leafCert = headerCertsPEM[0];
- const verified = KJUR.jws.JWS.verifyJWT(data, leafCert, {
- alg: [header.alg],
- // Empty values to appease TypeScript and this library's subtly mis-typed @types definitions
- aud: [],
- iss: [],
- sub: [],
- });
+ const verified = await verifyJWT(data, convertPEMToBytes(leafCert));
if (!verified) {
// From FIDO MDS docs: "The FIDO Server SHOULD ignore the file if the signature is invalid."
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-23 03:59:03 +0000