kopia lustrzana https://gitlab.com/rysiekpl/libresilient
signed-integrity: some cleanups (ref. #28)
rodzic
87120097f4
commit
d42b6a11c0
|
@ -122,7 +122,8 @@ describe("plugin: signed-integrity", () => {
|
|||
statusText = "Not Found"
|
||||
// testing invalid base64-encoded data
|
||||
} else if (url == 'https://resilient.is/invalid-base64.json.integrity') {
|
||||
content = 'a' + '.' + payload + '.' + signature
|
||||
// for this test to work correctly the length must be (n*4)+1
|
||||
content = header + '.' + payload + '.' + 'badbase64'
|
||||
// testing "alg: none" on the integrity JWT
|
||||
} else if (url == 'https://resilient.is/alg-none.json.integrity') {
|
||||
content = noneHeader + '.' + payload + '.'
|
||||
|
|
|
@ -117,28 +117,24 @@
|
|||
|
||||
// get the JWT
|
||||
var jwt = await integrityResponse.text()
|
||||
console.log('jwt: ' + jwt)
|
||||
jwt = jwt.split('.')
|
||||
|
||||
// get the key
|
||||
let k = await getJWTPublicKey()
|
||||
|
||||
console.log(`JWT b64urlDecoded:\n- ${b64urlDecode(jwt[0])}\n- ${b64urlDecode(jwt[1])}\n- ${b64urlDecode(jwt[2])}`)
|
||||
|
||||
// reality check: all parts of the JWT should be non-empty
|
||||
if ( (jwt[0].length == 0) || (jwt[1].length == 0) || (jwt[2].length == 0) ) {
|
||||
throw new Error('JWT seems invalid (one or more sections are empty).')
|
||||
}
|
||||
|
||||
// WARNING: this is in neither efficient or clear... but works, and this is a PoC
|
||||
var signature = Uint8Array.from(
|
||||
Array.from(
|
||||
atob(
|
||||
b64urlDecode(jwt[2])
|
||||
)
|
||||
)
|
||||
.map(e=>e.charCodeAt(0))
|
||||
).buffer
|
||||
var signature = atob(b64urlDecode(jwt[2]))
|
||||
signature = Uint8Array
|
||||
.from(
|
||||
Array
|
||||
.from(signature)
|
||||
.map(e=>e.charCodeAt(0))
|
||||
).buffer
|
||||
|
||||
// verify the JWT
|
||||
if (await subtle
|
||||
|
|
Ładowanie…
Reference in New Issue