0.0.0-alpha.9

misskey-dev · Mar 1, 2024 · d931d52 · d931d52
1 parent 4a8d584
commit d931d52
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 26 deletions.
diff --git a/dist/index.cjs b/dist/index.cjs
@@ -38,7 +38,6 @@ __export(src_exports, {
   SignatureHeaderClockInvalidError: () => SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError: () => SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError: () => SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError: () => SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew: () => checkClockSkew,
   detectAndVerifyAlgorithm: () => detectAndVerifyAlgorithm,
   digestHeaderRegEx: () => digestHeaderRegEx,
@@ -578,18 +577,18 @@ function verifyDigestHeader(request, rawBody, failOnNoDigest = true, errorLogger
 }
 
 // src/shared/verify.ts
-var SignatureMissmatchWithProvidedAlgorithmError = class extends Error {
-  constructor(providedAlgorithm, detectedAlgorithm, realKeyType) {
-    super(`Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`);
-  }
-};
-function detectAndVerifyAlgorithm(algorithm, publicKey) {
+function buildErrorMessage(providedAlgorithm, detectedAlgorithm, realKeyType) {
+  return `Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`;
+}
+function detectAndVerifyAlgorithm(algorithm, publicKey, errorLogger) {
   algorithm = algorithm?.toLowerCase();
   const realKeyType = publicKey.asymmetricKeyType;
   if (algorithm && algorithm !== "hs2019" && realKeyType) {
     const providedKeyAlgorithm = algorithm.split("-")[0];
     if (providedKeyAlgorithm !== realKeyType.toLowerCase() && !(providedKeyAlgorithm === "ecdsa" && realKeyType === "ec")) {
-      throw new SignatureMissmatchWithProvidedAlgorithmError(algorithm, providedKeyAlgorithm, realKeyType);
+      if (errorLogger)
+        errorLogger(buildErrorMessage(providedKeyAlgorithm, realKeyType, realKeyType));
+      return null;
     }
   }
   if (algorithm === "ed25519" || algorithm === "ed25519-sha512" || realKeyType === "ed25519") {
@@ -622,7 +621,9 @@ function detectAndVerifyAlgorithm(algorithm, publicKey) {
       hashAlg: algoSplitted.length === 1 ? null : algoSplitted[algoSplitted.length - 1]
     };
   }
-  throw new Error("Algorithm not found");
+  if (errorLogger)
+    errorLogger("Algorithm is not detected");
+  return null;
 }
 
 // src/draft/verify.ts
@@ -631,6 +632,8 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   const publicKey = crypto4.createPublicKey(publicKeyPem);
   try {
     const detected = detectAndVerifyAlgorithm(parsed.params.algorithm, publicKey);
+    if (!detected)
+      return false;
     return crypto4.verify(detected.hashAlg, Buffer.from(parsed.signingString), publicKey, Buffer.from(parsed.params.signature, "base64"));
   } catch (e) {
     if (errorLogger)
@@ -648,7 +651,6 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew,
   detectAndVerifyAlgorithm,
   digestHeaderRegEx,

diff --git a/dist/index.mjs b/dist/index.mjs
@@ -505,18 +505,18 @@ function verifyDigestHeader(request, rawBody, failOnNoDigest = true, errorLogger
 }
 
 // src/shared/verify.ts
-var SignatureMissmatchWithProvidedAlgorithmError = class extends Error {
-  constructor(providedAlgorithm, detectedAlgorithm, realKeyType) {
-    super(`Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`);
-  }
-};
-function detectAndVerifyAlgorithm(algorithm, publicKey) {
+function buildErrorMessage(providedAlgorithm, detectedAlgorithm, realKeyType) {
+  return `Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`;
+}
+function detectAndVerifyAlgorithm(algorithm, publicKey, errorLogger) {
   algorithm = algorithm?.toLowerCase();
   const realKeyType = publicKey.asymmetricKeyType;
   if (algorithm && algorithm !== "hs2019" && realKeyType) {
     const providedKeyAlgorithm = algorithm.split("-")[0];
     if (providedKeyAlgorithm !== realKeyType.toLowerCase() && !(providedKeyAlgorithm === "ecdsa" && realKeyType === "ec")) {
-      throw new SignatureMissmatchWithProvidedAlgorithmError(algorithm, providedKeyAlgorithm, realKeyType);
+      if (errorLogger)
+        errorLogger(buildErrorMessage(providedKeyAlgorithm, realKeyType, realKeyType));
+      return null;
     }
   }
   if (algorithm === "ed25519" || algorithm === "ed25519-sha512" || realKeyType === "ed25519") {
@@ -549,7 +549,9 @@ function detectAndVerifyAlgorithm(algorithm, publicKey) {
       hashAlg: algoSplitted.length === 1 ? null : algoSplitted[algoSplitted.length - 1]
     };
   }
-  throw new Error("Algorithm not found");
+  if (errorLogger)
+    errorLogger("Algorithm is not detected");
+  return null;
 }
 
 // src/draft/verify.ts
@@ -558,6 +560,8 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   const publicKey = crypto4.createPublicKey(publicKeyPem);
   try {
     const detected = detectAndVerifyAlgorithm(parsed.params.algorithm, publicKey);
+    if (!detected)
+      return false;
     return crypto4.verify(detected.hashAlg, Buffer.from(parsed.signingString), publicKey, Buffer.from(parsed.params.signature, "base64"));
   } catch (e) {
     if (errorLogger)
@@ -574,7 +578,6 @@ export {
   SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew,
   detectAndVerifyAlgorithm,
   digestHeaderRegEx,

diff --git a/dist/shared/verify.d.ts b/dist/shared/verify.d.ts
@@ -1,16 +1,13 @@
 /// <reference types="node" />
 import * as crypto from 'node:crypto';
 import type { SignatureHashAlgorithm } from '../types.js';
-export declare class SignatureMissmatchWithProvidedAlgorithmError extends Error {
-    constructor(providedAlgorithm: string, detectedAlgorithm: string, realKeyType: string);
-}
 /**
  * ヘッダーのアルゴリズムから鍵とハッシュアルゴリズムを認識する
  * 提供されたアルゴリズムと呼び出しの公開鍵の種類が一致しない場合はエラーを投げる
  * @param algorithm ヘッダーのアルゴリズム
- * @param key 実際の公開鍵
+ * @param publicKey 実際の公開鍵
  */
-export declare function detectAndVerifyAlgorithm(algorithm: string | undefined, publicKey: crypto.KeyObject): {
+export declare function detectAndVerifyAlgorithm(algorithm: string | undefined, publicKey: crypto.KeyObject, errorLogger?: ((message: any) => any)): {
     keyAlg: crypto.KeyType;
     hashAlg: SignatureHashAlgorithm | null;
-};
+} | null;
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@misskey-dev/node-http-message-signatures",
-  "version": "0.0.0-alpha.8",
+  "version": "0.0.0-alpha.9",
   "description": "",
   "type": "module",
   "keywords": [