修改后台权限
This commit is contained in:
yoyuzh
110
node_modules/jose/dist/webapi/jws/flattened/verify.js
generated
vendored
Normal file
110
node_modules/jose/dist/webapi/jws/flattened/verify.js
generated
vendored
Normal file
@@ -0,0 +1,110 @@
|
||||
import { decode as b64u } from '../../util/base64url.js';
|
||||
import { verify } from '../../lib/signing.js';
|
||||
import { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';
|
||||
import { concat, encoder, decoder, encode } from '../../lib/buffer_utils.js';
|
||||
import { decodeBase64url } from '../../lib/helpers.js';
|
||||
import { isDisjoint } from '../../lib/type_checks.js';
|
||||
import { isObject } from '../../lib/type_checks.js';
|
||||
import { checkKeyType } from '../../lib/check_key_type.js';
|
||||
import { validateCrit } from '../../lib/validate_crit.js';
|
||||
import { validateAlgorithms } from '../../lib/validate_algorithms.js';
|
||||
import { normalizeKey } from '../../lib/normalize_key.js';
|
||||
export async function flattenedVerify(jws, key, options) {
|
||||
if (!isObject(jws)) {
|
||||
throw new JWSInvalid('Flattened JWS must be an object');
|
||||
}
|
||||
if (jws.protected === undefined && jws.header === undefined) {
|
||||
throw new JWSInvalid('Flattened JWS must have either of the "protected" or "header" members');
|
||||
}
|
||||
if (jws.protected !== undefined && typeof jws.protected !== 'string') {
|
||||
throw new JWSInvalid('JWS Protected Header incorrect type');
|
||||
}
|
||||
if (jws.payload === undefined) {
|
||||
throw new JWSInvalid('JWS Payload missing');
|
||||
}
|
||||
if (typeof jws.signature !== 'string') {
|
||||
throw new JWSInvalid('JWS Signature missing or incorrect type');
|
||||
}
|
||||
if (jws.header !== undefined && !isObject(jws.header)) {
|
||||
throw new JWSInvalid('JWS Unprotected Header incorrect type');
|
||||
}
|
||||
let parsedProt = {};
|
||||
if (jws.protected) {
|
||||
try {
|
||||
const protectedHeader = b64u(jws.protected);
|
||||
parsedProt = JSON.parse(decoder.decode(protectedHeader));
|
||||
}
|
||||
catch {
|
||||
throw new JWSInvalid('JWS Protected Header is invalid');
|
||||
}
|
||||
}
|
||||
if (!isDisjoint(parsedProt, jws.header)) {
|
||||
throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');
|
||||
}
|
||||
const joseHeader = {
|
||||
...parsedProt,
|
||||
...jws.header,
|
||||
};
|
||||
const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader);
|
||||
let b64 = true;
|
||||
if (extensions.has('b64')) {
|
||||
b64 = parsedProt.b64;
|
||||
if (typeof b64 !== 'boolean') {
|
||||
throw new JWSInvalid('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
||||
}
|
||||
}
|
||||
const { alg } = joseHeader;
|
||||
if (typeof alg !== 'string' || !alg) {
|
||||
throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
||||
}
|
||||
const algorithms = options && validateAlgorithms('algorithms', options.algorithms);
|
||||
if (algorithms && !algorithms.has(alg)) {
|
||||
throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed');
|
||||
}
|
||||
if (b64) {
|
||||
if (typeof jws.payload !== 'string') {
|
||||
throw new JWSInvalid('JWS Payload must be a string');
|
||||
}
|
||||
}
|
||||
else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {
|
||||
throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');
|
||||
}
|
||||
let resolvedKey = false;
|
||||
if (typeof key === 'function') {
|
||||
key = await key(parsedProt, jws);
|
||||
resolvedKey = true;
|
||||
}
|
||||
checkKeyType(alg, key, 'verify');
|
||||
const data = concat(jws.protected !== undefined ? encode(jws.protected) : new Uint8Array(), encode('.'), typeof jws.payload === 'string'
|
||||
? b64
|
||||
? encode(jws.payload)
|
||||
: encoder.encode(jws.payload)
|
||||
: jws.payload);
|
||||
const signature = decodeBase64url(jws.signature, 'signature', JWSInvalid);
|
||||
const k = await normalizeKey(key, alg);
|
||||
const verified = await verify(alg, k, signature, data);
|
||||
if (!verified) {
|
||||
throw new JWSSignatureVerificationFailed();
|
||||
}
|
||||
let payload;
|
||||
if (b64) {
|
||||
payload = decodeBase64url(jws.payload, 'payload', JWSInvalid);
|
||||
}
|
||||
else if (typeof jws.payload === 'string') {
|
||||
payload = encoder.encode(jws.payload);
|
||||
}
|
||||
else {
|
||||
payload = jws.payload;
|
||||
}
|
||||
const result = { payload };
|
||||
if (jws.protected !== undefined) {
|
||||
result.protectedHeader = parsedProt;
|
||||
}
|
||||
if (jws.header !== undefined) {
|
||||
result.unprotectedHeader = jws.header;
|
||||
}
|
||||
if (resolvedKey) {
|
||||
return { ...result, key: k };
|
||||
}
|
||||
return result;
|
||||
}
|
||||
Reference in New Issue
Block a user