keypairs.js/lib/browser/keypairs.js


								'use strict';


								var Keypairs = module.exports;


								Keypairs._sign = function (opts, payload) {

									return Keypairs._import(opts).then(function (privkey) {

										if ('string' === typeof payload) {

											payload = new TextEncoder().encode(payload);

										}


										return window.crypto.subtle

											.sign(

												{

													name: Keypairs._getName(opts),

													hash: { name: 'SHA-' + Keypairs._getBits(opts) }

												},

												privkey,

												payload

											)

											.then(function (signature) {

												signature = new Uint8Array(signature); // ArrayBuffer -> u8

												// This will come back into play for CSRs, but not for JOSE

												if ('EC' === opts.jwk.kty && /x509|asn1/i.test(opts.format)) {

													return Keypairs._ecdsaJoseSigToAsn1Sig(signature);

												} else {

													// jose/jws/jwt

													return signature;

												}

											});

									});

								};


								Keypairs._import = function (opts) {

									return Promise.resolve().then(function () {

										var ops;

										// all private keys just happen to have a 'd'

										if (opts.jwk.d) {

											ops = ['sign'];

										} else {

											ops = ['verify'];

										}

										// gotta mark it as extractable, as if it matters

										opts.jwk.ext = true;

										opts.jwk.key_ops = ops;


										return window.crypto.subtle

											.importKey(

												'jwk',

												opts.jwk,

												{

													name: Keypairs._getName(opts),

													namedCurve: opts.jwk.crv,

													hash: { name: 'SHA-' + Keypairs._getBits(opts) }

												},

												true,

												ops

											)

											.then(function (privkey) {

												delete opts.jwk.ext;

												return privkey;

											});

									});

								};


								// ECDSA JOSE / JWS / JWT signatures differ from "normal" ASN1/X509 ECDSA signatures

								// https://tools.ietf.org/html/rfc7518#section-3.4

								Keypairs._ecdsaJoseSigToAsn1Sig = function (bufsig) {

									// it's easier to do the manipulation in the browser with an array

									bufsig = Array.from(bufsig);

									var hlen = bufsig.length / 2; // should be even

									var r = bufsig.slice(0, hlen);

									var s = bufsig.slice(hlen);

									// unpad positive ints less than 32 bytes wide

									while (!r[0]) {

										r = r.slice(1);

									}

									while (!s[0]) {

										s = s.slice(1);

									}

									// pad (or re-pad) ambiguously non-negative BigInts, up to 33 bytes wide

									if (0x80 & r[0]) {

										r.unshift(0);

									}

									if (0x80 & s[0]) {

										s.unshift(0);

									}


									var len = 2 + r.length + 2 + s.length;

									var head = [0x30];

									// hard code 0x80 + 1 because it won't be longer than

									// two SHA512 plus two pad bytes (130 bytes <= 256)

									if (len >= 0x80) {

										head.push(0x81);

									}

									head.push(len);


									return Uint8Array.from(

										head.concat([0x02, r.length], r, [0x02, s.length], s)

									);

								};


								Keypairs._getName = function (opts) {

									if (/EC/i.test(opts.jwk.kty)) {

										return 'ECDSA';

									} else {

										return 'RSASSA-PKCS1-v1_5';

									}

								};