blob: 40d7c9d5e416ab9c4737f13b96ed5fea76c5c1a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
import { COSEALG, COSEPublicKey } from './cose.ts';
import { isoCrypto } from './iso/index.ts';
import { decodeCredentialPublicKey } from './decodeCredentialPublicKey.ts';
import { convertX509PublicKeyToCOSE } from './convertX509PublicKeyToCOSE.ts';
/**
* Verify an authenticator's signature
*/
export function verifySignature(opts: {
signature: Uint8Array;
data: Uint8Array;
credentialPublicKey?: Uint8Array;
x509Certificate?: Uint8Array;
hashAlgorithm?: COSEALG;
}): Promise<boolean> {
const {
signature,
data,
credentialPublicKey,
x509Certificate,
hashAlgorithm,
} = opts;
if (!x509Certificate && !credentialPublicKey) {
throw new Error('Must declare either "leafCert" or "credentialPublicKey"');
}
if (x509Certificate && credentialPublicKey) {
throw new Error(
'Must not declare both "leafCert" and "credentialPublicKey"',
);
}
let cosePublicKey: COSEPublicKey = new Map();
if (credentialPublicKey) {
cosePublicKey = decodeCredentialPublicKey(credentialPublicKey);
} else if (x509Certificate) {
cosePublicKey = convertX509PublicKeyToCOSE(x509Certificate);
}
return _verifySignatureInternals.stubThis(
isoCrypto.verify({
cosePublicKey,
signature,
data,
shaHashOverride: hashAlgorithm,
}),
);
}
// Make it possible to stub the return value during testing
export const _verifySignatureInternals = {
stubThis: (value: Promise<boolean>) => value,
};
|
