Last active
November 24, 2023 01:11
-
-
Save timkelty/f4270294a3861cefcaf732a02cd17d79 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import {httpbis} from 'http-message-signatures'; | |
function createMyVerifier() { | |
return { | |
id: 'test-key', | |
algs: ['hmac-sha256'], | |
async verify(data, signature, parameters) { | |
const keyData = new TextEncoder().encode('123456789'); | |
const algorithm = { name: 'HMAC', hash: 'SHA-256' }; | |
const key = await crypto.subtle.importKey('raw', keyData, algorithm, false, ['verify']); | |
const encodedData = new TextEncoder().encode(data); | |
return await crypto.subtle.verify('HMAC', key, signature, encodedData); | |
}, | |
}; | |
} | |
(async () => { | |
// an example keystore for looking up keys by ID | |
const keys = new Map(); | |
keys.set('test-key', { | |
id: 'test-key', | |
algs: ['hmac-sha256'], | |
// as with signing, you can provide your own verifier here instead of using the built-in helpers | |
verify: createMyVerifier(), | |
}); | |
// minimal verification | |
const verified = await httpbis.verifyMessage({ | |
// logic for finding a key based on the signature parameters | |
async keyLookup(params) { | |
const keyId = params.keyid; | |
// lookup and return key - note, we could also lookup using the alg too (`params.alg`) | |
// if there is no key, `verifyMessage()` will throw an error | |
return keys.get(keyId); | |
}, | |
}, { | |
method: 'HEAD', | |
url: 'https://spoke-chain-redux-main-396d681a.preview.craftstaging.cloud/', | |
headers: { | |
'host': 'spoke-chain-redux-main-396d681a.preview.craftstaging.cloud', | |
'signature': 'sig=:IrkNB32AXmg1bdgPh9QqzCZRe8hMX+73w/eUN0KWP2c=:', | |
'signature-input': 'sig=("host" "@method");alg="hmac-sha256";keyid="test-key"', | |
}, | |
}); | |
})().catch(console.error); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment