Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
private findKey(keyId: string): IOpenIdMetadataKey {
if (!this.keys) {
return null;
}
for (let i = 0; i < this.keys.length; i++) {
if (this.keys[i].kid === keyId) {
let key = this.keys[i];
if (!key.n || !key.e) {
// Return null for non-RSA keys
return null;
}
let modulus = base64url.toBase64(key.n);
let exponent = key.e;
return { key: getPem(modulus, exponent), endorsements: key.endorsements } as IOpenIdMetadataKey;
}
}
return null;
}
}
private findKey(keyId: string): IOpenIdMetadataKey {
if (!this.keys) {
return null;
}
for (let i = 0; i < this.keys.length; i++) {
if (this.keys[i].kid === keyId) {
let key = this.keys[i];
if (!key.n || !key.e) {
// Return null for non-RSA keys
return null;
}
let modulus = base64url.toBase64(key.n);
let exponent = key.e;
return { key: getPem(modulus, exponent), endorsements: key.endorsements } as IOpenIdMetadataKey;
}
}
return null;
}
}
private findKey(keyId: string): IOpenIdMetadataKey | null {
if (!this.keys) {
return null;
}
for (const key of this.keys) {
if (key.kid === keyId) {
if (!key.n || !key.e) {
// Return null for non-RSA keys
return null;
}
const modulus: any = base64url.toBase64(key.n);
const exponent: string = key.e;
return { key: getPem(modulus, exponent), endorsements: key.endorsements } as IOpenIdMetadataKey;
}
}
return null;
}
}
it('considers Base64 (not URL) encoded tokens invalid', function() {
const token = b64u.toBase64(tokens.hs256.token);
jwt.isToken(token).should.be.false;
return jwt.verify(token, tokens.hs256.secret).should.eventually.be.false;
});
verify (input, signature, publicKey) {
let {bitlength} = this
let base64sig = base64url.toBase64(signature)
let verifier = crypto.createVerify(`RSA-SHA${bitlength}`)
verifier.update(input)
return verifier.verify(publicKey, signature, 'base64')
}
OpenIdMetadata.prototype.findKey = function (keyId) {
if (!this.keys) {
return null;
}
for (var i = 0; i < this.keys.length; i++) {
if (this.keys[i].kid == keyId) {
var key = this.keys[i];
if (!key.n || !key.e) {
return null;
}
var modulus = base64url.toBase64(key.n);
var exponent = key.e;
return { key: getPem(modulus, exponent), endorsements: key.endorsements };
}
}
return null;
};
return OpenIdMetadata;
b64url2b64: function(b64url)
{
return base64url.toBase64(b64url)
},
export function verifyEd25519(
data: string,
signature: string,
authenticators: PublicKey[]
): PublicKey {
const clear: Uint8Array = naclutil.decodeUTF8(data)
const sig: Uint8Array = naclutil.decodeBase64(base64url.toBase64(signature))
const signer: PublicKey = authenticators.find(({ publicKeyBase64 }) =>
nacl.sign.detached.verify(
clear,
sig,
naclutil.decodeBase64(publicKeyBase64)
)
)
if (!signer) throw new Error('Signature invalid for JWT')
return signer
}
CallConnector.prototype.getSecretForKey = function (keyId) {
for (var i = 0; i < cachedKeys.length; i++) {
if (cachedKeys[i].kid == keyId) {
var jwt = cachedKeys[i];
var modulus = base64url.toBase64(jwt.n);
var exponent = jwt.e;
return getPem(modulus, exponent);
}
}
return null;
};
CallConnector.prototype.verifyBotFramework = function (req, res) {