From d931d52b2dd1599c78ad65c740dfc834b0daa9d2 Mon Sep 17 00:00:00 2001
From: tamaina <tamaina@hotmail.co.jp>
Date: Fri, 1 Mar 2024 14:45:20 +0000
Subject: [PATCH] 0.0.0-alpha.9

---
 dist/index.cjs          | 22 ++++++++++++----------
 dist/index.mjs          | 21 ++++++++++++---------
 dist/shared/verify.d.ts |  9 +++------
 package.json            |  2 +-
 4 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/dist/index.cjs b/dist/index.cjs
index dbb920d..9fbc0a9 100644
--- a/dist/index.cjs
+++ b/dist/index.cjs
@@ -38,7 +38,6 @@ __export(src_exports, {
   SignatureHeaderClockInvalidError: () => SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError: () => SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError: () => SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError: () => SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew: () => checkClockSkew,
   detectAndVerifyAlgorithm: () => detectAndVerifyAlgorithm,
   digestHeaderRegEx: () => digestHeaderRegEx,
@@ -578,18 +577,18 @@ function verifyDigestHeader(request, rawBody, failOnNoDigest = true, errorLogger
 }
 
 // src/shared/verify.ts
-var SignatureMissmatchWithProvidedAlgorithmError = class extends Error {
-  constructor(providedAlgorithm, detectedAlgorithm, realKeyType) {
-    super(`Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`);
-  }
-};
-function detectAndVerifyAlgorithm(algorithm, publicKey) {
+function buildErrorMessage(providedAlgorithm, detectedAlgorithm, realKeyType) {
+  return `Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`;
+}
+function detectAndVerifyAlgorithm(algorithm, publicKey, errorLogger) {
   algorithm = algorithm?.toLowerCase();
   const realKeyType = publicKey.asymmetricKeyType;
   if (algorithm && algorithm !== "hs2019" && realKeyType) {
     const providedKeyAlgorithm = algorithm.split("-")[0];
     if (providedKeyAlgorithm !== realKeyType.toLowerCase() && !(providedKeyAlgorithm === "ecdsa" && realKeyType === "ec")) {
-      throw new SignatureMissmatchWithProvidedAlgorithmError(algorithm, providedKeyAlgorithm, realKeyType);
+      if (errorLogger)
+        errorLogger(buildErrorMessage(providedKeyAlgorithm, realKeyType, realKeyType));
+      return null;
     }
   }
   if (algorithm === "ed25519" || algorithm === "ed25519-sha512" || realKeyType === "ed25519") {
@@ -622,7 +621,9 @@ function detectAndVerifyAlgorithm(algorithm, publicKey) {
       hashAlg: algoSplitted.length === 1 ? null : algoSplitted[algoSplitted.length - 1]
     };
   }
-  throw new Error("Algorithm not found");
+  if (errorLogger)
+    errorLogger("Algorithm is not detected");
+  return null;
 }
 
 // src/draft/verify.ts
@@ -631,6 +632,8 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   const publicKey = crypto4.createPublicKey(publicKeyPem);
   try {
     const detected = detectAndVerifyAlgorithm(parsed.params.algorithm, publicKey);
+    if (!detected)
+      return false;
     return crypto4.verify(detected.hashAlg, Buffer.from(parsed.signingString), publicKey, Buffer.from(parsed.params.signature, "base64"));
   } catch (e) {
     if (errorLogger)
@@ -648,7 +651,6 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew,
   detectAndVerifyAlgorithm,
   digestHeaderRegEx,
diff --git a/dist/index.mjs b/dist/index.mjs
index 0d7b30c..2faca38 100644
--- a/dist/index.mjs
+++ b/dist/index.mjs
@@ -505,18 +505,18 @@ function verifyDigestHeader(request, rawBody, failOnNoDigest = true, errorLogger
 }
 
 // src/shared/verify.ts
-var SignatureMissmatchWithProvidedAlgorithmError = class extends Error {
-  constructor(providedAlgorithm, detectedAlgorithm, realKeyType) {
-    super(`Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`);
-  }
-};
-function detectAndVerifyAlgorithm(algorithm, publicKey) {
+function buildErrorMessage(providedAlgorithm, detectedAlgorithm, realKeyType) {
+  return `Provided algorithm does not match the public key type: provided=${detectedAlgorithm}(${providedAlgorithm}}, real=${realKeyType}`;
+}
+function detectAndVerifyAlgorithm(algorithm, publicKey, errorLogger) {
   algorithm = algorithm?.toLowerCase();
   const realKeyType = publicKey.asymmetricKeyType;
   if (algorithm && algorithm !== "hs2019" && realKeyType) {
     const providedKeyAlgorithm = algorithm.split("-")[0];
     if (providedKeyAlgorithm !== realKeyType.toLowerCase() && !(providedKeyAlgorithm === "ecdsa" && realKeyType === "ec")) {
-      throw new SignatureMissmatchWithProvidedAlgorithmError(algorithm, providedKeyAlgorithm, realKeyType);
+      if (errorLogger)
+        errorLogger(buildErrorMessage(providedKeyAlgorithm, realKeyType, realKeyType));
+      return null;
     }
   }
   if (algorithm === "ed25519" || algorithm === "ed25519-sha512" || realKeyType === "ed25519") {
@@ -549,7 +549,9 @@ function detectAndVerifyAlgorithm(algorithm, publicKey) {
       hashAlg: algoSplitted.length === 1 ? null : algoSplitted[algoSplitted.length - 1]
     };
   }
-  throw new Error("Algorithm not found");
+  if (errorLogger)
+    errorLogger("Algorithm is not detected");
+  return null;
 }
 
 // src/draft/verify.ts
@@ -558,6 +560,8 @@ function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   const publicKey = crypto4.createPublicKey(publicKeyPem);
   try {
     const detected = detectAndVerifyAlgorithm(parsed.params.algorithm, publicKey);
+    if (!detected)
+      return false;
     return crypto4.verify(detected.hashAlg, Buffer.from(parsed.signingString), publicKey, Buffer.from(parsed.params.signature, "base64"));
   } catch (e) {
     if (errorLogger)
@@ -574,7 +578,6 @@ export {
   SignatureHeaderClockInvalidError,
   SignatureHeaderContentLackedError,
   SignatureHeaderNotFoundError,
-  SignatureMissmatchWithProvidedAlgorithmError,
   checkClockSkew,
   detectAndVerifyAlgorithm,
   digestHeaderRegEx,
diff --git a/dist/shared/verify.d.ts b/dist/shared/verify.d.ts
index 443eaf1..efebc4e 100644
--- a/dist/shared/verify.d.ts
+++ b/dist/shared/verify.d.ts
@@ -1,16 +1,13 @@
 /// <reference types="node" />
 import * as crypto from 'node:crypto';
 import type { SignatureHashAlgorithm } from '../types.js';
-export declare class SignatureMissmatchWithProvidedAlgorithmError extends Error {
-    constructor(providedAlgorithm: string, detectedAlgorithm: string, realKeyType: string);
-}
 /**
  * ヘッダーのアルゴリズムから鍵とハッシュアルゴリズムを認識する
  * 提供されたアルゴリズムと呼び出しの公開鍵の種類が一致しない場合はエラーを投げる
  * @param algorithm ヘッダーのアルゴリズム
- * @param key 実際の公開鍵
+ * @param publicKey 実際の公開鍵
  */
-export declare function detectAndVerifyAlgorithm(algorithm: string | undefined, publicKey: crypto.KeyObject): {
+export declare function detectAndVerifyAlgorithm(algorithm: string | undefined, publicKey: crypto.KeyObject, errorLogger?: ((message: any) => any)): {
     keyAlg: crypto.KeyType;
     hashAlg: SignatureHashAlgorithm | null;
-};
+} | null;
diff --git a/package.json b/package.json
index 7b85423..d68123b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@misskey-dev/node-http-message-signatures",
-  "version": "0.0.0-alpha.8",
+  "version": "0.0.0-alpha.9",
   "description": "",
   "type": "module",
   "keywords": [