changed jwt.verify to not directly use WebCrypto

This commit is contained in:
tigerbot 2017-03-20 18:18:47 -06:00
parent 695df45a1d
commit 06411918a7
1 changed files with 3 additions and 12 deletions

View File

@ -213,21 +213,12 @@
return { header: jsons[0], payload: jsons[1] };
}
, verify: function (str, pubKey) {
var parts = str.split(/\./g);
, verify: function (jwk, token) {
var parts = token.split(/\./g);
var data = OAUTH3._binStr.binStrToBuffer(parts.slice(0, 2).join('.'));
var signature = OAUTH3._base64.urlSafeToBuffer(parts[2]);
var keyPromise;
if (pubKey instanceof OAUTH3._browser.window.CryptoKey) {
keyPromise = OAUTH3.PromiseA.resolve(pubKey);
} else {
keyPromise = OAUTH3._browser.window.crypto.subtle.importKey('jwk', pubKey, {name: 'ECDSA', namedCurve: pubKey.crv}, false, ['verify']);
}
return keyPromise.then(function (key) {
return OAUTH3._browser.window.crypto.subtle.verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, signature, data);
});
return OAUTH3.crypto.core.verify(jwk, data, signature);
}
, freshness: function (tokenMeta, staletime, _now) {
staletime = staletime || (15 * 60);