Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

http-signature

Package Overview
Dependencies
Maintainers
2
Versions
28
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

http-signature - npm Package Compare versions

Comparing version 0.10.1 to 0.11.0

5

lib/index.js

@@ -1,2 +0,2 @@

// Copyright 2011 Joyent, Inc. All rights reserved.
// Copyright 2015 Joyent, Inc.

@@ -25,3 +25,4 @@ var parser = require('./parser');

verify: verify.verifySignature,
verifySignature: verify.verifySignature
verifySignature: verify.verifySignature,
verifyHMAC: verify.verifyHMAC
};

16

lib/util.js

@@ -249,8 +249,8 @@ // Copyright 2012 Joyent, Inc. All rights reserved.

/**
* Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
*
* The reverse of the above function.
*/
* Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
*
* The reverse of the above function.
*/
pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
assert.equal('string', typeof pem, 'typeof pem');
assert.equal('string', typeof (pem), 'typeof pem');

@@ -293,3 +293,4 @@ // chop off the BEGIN PUBLIC KEY and END PUBLIC KEY portion

var type = new Buffer('ssh-rsa');
var buffer = new Buffer(4 + type.length + 4 + modulus.length + 4 + exponent.length);
var buffer = new Buffer(4 + type.length + 4 + modulus.length +
4 + exponent.length);
var i = 0;

@@ -303,5 +304,6 @@ buffer.writeUInt32BE(type.length, i); i += 4;

var s = type.toString() + ' ' + buffer.toString('base64') + ' ' + (comment || '');
var s = (type.toString() + ' ' + buffer.toString('base64') + ' ' +
(comment || ''));
return s;
}
};

52

lib/verify.js

@@ -1,2 +0,2 @@

// Copyright 2011 Joyent, Inc. All rights reserved.
// Copyright 2015 Joyent, Inc.

@@ -11,18 +11,16 @@ var assert = require('assert-plus');

module.exports = {
/**
* Simply wraps up the node crypto operations for you, and returns
* true or false. You are expected to pass in an object that was
* returned from `parse()`.
* Verify RSA/DSA signature against public key. You are expected to pass in
* an object that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} key either an RSA private key PEM or HMAC secret.
* @param {String} pubkey RSA/DSA private key PEM.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifySignature: function verifySignature(parsedSignature, key) {
verifySignature: function verifySignature(parsedSignature, pubkey) {
assert.object(parsedSignature, 'parsedSignature');
assert.string(key, 'key');
assert.string(pubkey, 'pubkey');
var alg = parsedSignature.algorithm.match(/(HMAC|RSA|DSA)-(\w+)/);
var alg = parsedSignature.algorithm.match(/^(RSA|DSA)-(\w+)/);
if (!alg || alg.length !== 3)

@@ -32,13 +30,29 @@ throw new TypeError('parsedSignature: unsupported algorithm ' +

if (alg[1] === 'HMAC') {
var hmac = crypto.createHmac(alg[2].toUpperCase(), key);
hmac.update(parsedSignature.signingString);
return (hmac.digest('base64') === parsedSignature.params.signature);
} else {
var verify = crypto.createVerify(alg[0]);
verify.update(parsedSignature.signingString);
return verify.verify(key, parsedSignature.params.signature, 'base64');
}
var verify = crypto.createVerify(alg[0]);
verify.update(parsedSignature.signingString);
return verify.verify(pubkey, parsedSignature.params.signature, 'base64');
},
/**
* Verify HMAC against shared secret. You are expected to pass in an object
* that was returned from `parse()`.
*
* @param {Object} parsedSignature the object you got from `parse`.
* @param {String} secret HMAC shared secret.
* @return {Boolean} true if valid, false otherwise.
* @throws {TypeError} if you pass in bad arguments.
*/
verifyHMAC: function verifyHMAC(parsedSignature, secret) {
assert.object(parsedSignature, 'parsedHMAC');
assert.string(secret, 'secret');
var alg = parsedSignature.algorithm.match(/^HMAC-(\w+)/);
if (!alg || alg.length !== 2)
throw new TypeError('parsedSignature: unsupported algorithm ' +
parsedSignature.algorithm);
var hmac = crypto.createHmac(alg[1].toUpperCase(), secret);
hmac.update(parsedSignature.signingString);
return (hmac.digest('base64') === parsedSignature.params.signature);
}
};

5

package.json
{
"name": "http-signature",
"description": "Reference implementation of Joyent's HTTP Signature scheme.",
"version": "0.10.1",
"version": "0.11.0",
"license": "MIT",

@@ -9,3 +9,4 @@ "author": "Joyent, Inc",

"Mark Cavage <mcavage@gmail.com>",
"David I. Lehn <dil@lehn.org>"
"David I. Lehn <dil@lehn.org>",
"Patrick Mooney <patrick.f.mooney@gmail.com>"
],

@@ -12,0 +13,0 @@ "repository": {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc