t1c.dev / rocksky
forked from rocksky.app/rocksky
A decentralized music tracking and discovery platform built on AT Protocol 🎵
fork atom

feat: enhance JoseKey with improved hashing and signature verification methods

tsiry-sandratraina.com 5b1cf08f 8abda74e

+22 -4
+22 -4
apps/api/jose-key.js
··· 1 + "use strict"; 1 2 Object.defineProperty(exports, "__esModule", { value: true }); 2 3 exports.JoseKey = void 0; 3 4 const jose_1 = require("jose"); 4 5 const jwk_1 = require("@atproto/jwk"); 5 6 const util_1 = require("./util"); 6 7 const secp = require("@noble/secp256k1"); 8 + const crypto = require("node:crypto"); 9 + 10 + secp.utils.sha256Sync = (message) => { 11 + return new Uint8Array(crypto.createHash('sha256').update(message).digest()); 12 + }; 13 + secp.utils.hmacSha256Sync = (key, ...messages) => { 14 + const hmac = crypto.createHmac('sha256', key); 15 + messages.map(m => hmac.update(m)); 16 + return new Uint8Array(hmac.digest()); 17 + }; 18 + 7 19 const { JOSEError } = jose_1.errors; 8 20 9 21 function base64urlEncode(buffer) { ··· 15 27 } 16 28 17 29 function sha256(data) { 18 - const crypto = require('node:crypto'); 19 - return new Uint8Array(crypto.createHash('sha256').update(data).digest()); 30 + return secp.utils.sha256Sync(data); 20 31 } 21 32 22 33 async function signES256K(payload, header, privateKeyJwk) { ··· 64 75 throw new Error('Invalid signature'); 65 76 } 66 77 78 + // Parse header and payload 67 79 const header = JSON.parse(new TextDecoder().decode(base64urlDecode(encodedHeader))); 68 80 const payload = JSON.parse(new TextDecoder().decode(base64urlDecode(encodedPayload))); 69 81 82 + // Validate claims if options provided 70 83 if (options) { 71 84 const now = Math.floor(Date.now() / 1000); 72 85 ··· 105 118 * take the opportunity to ensure that the `alg` is compatible with this key. 106 119 */ 107 120 async getKeyObj(alg) { 121 + console.log('>> io le alg', alg); 108 122 if (!this.algorithms.includes(alg)) { 109 123 throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`); 110 124 } ··· 230 244 } 231 245 } 232 246 233 - static async generateKeyPair(allowedAlgos = ['ES256'], options) { 247 + static async generateKeyPair(allowedAlgos, options) { 248 + if (allowedAlgos === undefined) allowedAlgos = ['ES256']; 249 + 234 250 if (!allowedAlgos.length) { 235 251 throw new jwk_1.JwkError('No algorithms provided for key generation'); 236 252 } ··· 278 294 }); 279 295 } 280 296 281 - static async generate(allowedAlgos = ['ES256'], kid, options) { 297 + static async generate(allowedAlgos, kid, options) { 298 + if (allowedAlgos === undefined) allowedAlgos = ['ES256']; 299 + 282 300 const kp = await this.generateKeyPair(allowedAlgos, { 283 301 ...options, 284 302 extractable: true,