Comparing version 1.1.6 to 1.2.0
29
index.js
@@ -7,3 +7,3 @@ var bufferEqual = require('buffer-equal-constant-time'); | ||
var MSG_INVALID_ALGORITHM = '"%s" is not a valid algorithm.\n Supported algorithms are:\n "HS256", "HS384", "HS512", "RS256", "RS384", "RS512" and "none".' | ||
var MSG_INVALID_ALGORITHM = '"%s" is not a valid algorithm.\n Supported algorithms are:\n "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".' | ||
var MSG_INVALID_SECRET = 'secret must be a string or buffer'; | ||
@@ -94,2 +94,25 @@ var MSG_INVALID_VERIFIER_KEY = 'key must be a string or a buffer'; | ||
function createPSSKeySigner(bits) { | ||
return function sign(thing, privateKey) { | ||
if (!bufferOrString(privateKey) && !(typeof privateKey === 'object')) | ||
throw typeError(MSG_INVALID_SIGNER_KEY); | ||
thing = normalizeInput(thing); | ||
var signer = crypto.createSign('RSA-SHA' + bits); | ||
var sig = (signer.update(thing), signer.sign({key: privateKey, padding: crypto.constants.RSA_PKCS1_PSS_PADDING}, 'base64')); | ||
return fromBase64(sig); | ||
} | ||
} | ||
function createPSSKeyVerifier(bits) { | ||
return function verify(thing, signature, publicKey) { | ||
if (!bufferOrString(publicKey)) | ||
throw typeError(MSG_INVALID_VERIFIER_KEY); | ||
thing = normalizeInput(thing); | ||
signature = toBase64(signature); | ||
var verifier = crypto.createVerify('RSA-SHA' + bits); | ||
verifier.update(thing); | ||
return verifier.verify({key: publicKey, padding: crypto.constants.RSA_PKCS1_PSS_PADDING}, signature, 'base64'); | ||
} | ||
} | ||
function createECDSASigner(bits) { | ||
@@ -129,2 +152,3 @@ var inner = createKeySigner(bits); | ||
rs: createKeySigner, | ||
ps: createPSSKeySigner, | ||
es: createECDSASigner, | ||
@@ -136,6 +160,7 @@ none: createNoneSigner, | ||
rs: createKeyVerifier, | ||
ps: createPSSKeyVerifier, | ||
es: createECDSAVerifer, | ||
none: createNoneVerifier, | ||
} | ||
var match = algorithm.match(/^(RS|ES|HS)(256|384|512)$|^(none)$/i); | ||
var match = algorithm.match(/^(RS|PS|ES|HS)(256|384|512)$|^(none)$/i); | ||
if (!match) | ||
@@ -142,0 +167,0 @@ throw typeError(MSG_INVALID_ALGORITHM, algorithm); |
{ | ||
"name": "jwa", | ||
"version": "1.1.6", | ||
"version": "1.2.0", | ||
"description": "JWA implementation (supports all JWS algorithms)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -1,2 +0,2 @@ | ||
# node-jwa [![Build Status](https://travis-ci.org/brianloveswords/node-jwa.png?branch=master)](https://travis-ci.org/brianloveswords/node-jwa) | ||
# node-jwa [![Build Status](https://travis-ci.org/brianloveswords/node-jwa.svg?branch=master)](https://travis-ci.org/brianloveswords/node-jwa) | ||
@@ -18,2 +18,5 @@ A | ||
RS512 | RSASSA using SHA-512 hash algorithm | ||
PS256 | RSASSA-PSS using SHA-256 hash algorithm | ||
PS384 | RSASSA-PSS using SHA-384 hash algorithm | ||
PS512 | RSASSA-PSS using SHA-512 hash algorithm | ||
ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm | ||
@@ -24,2 +27,4 @@ ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm | ||
Please note that PS* only works on Node 6.12+ (excluding 7.x). | ||
# Requirements | ||
@@ -69,3 +74,3 @@ | ||
buffer. For ECDSA and RSA, the value should be a string representing a | ||
PEM encoded **private** key. | ||
PEM encoded **private** key. | ||
@@ -72,0 +77,0 @@ Output [base64url](http://en.wikipedia.org/wiki/Base64#URL_applications) |
12367
151
151