From ca63b3fac77ce282ab56a2b2d51eacdb18791979 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20Gonz=C3=A1lez=20Fern=C3=A1ndez?= Date: Fri, 21 Aug 2015 11:59:13 +0200 Subject: [PATCH 1/2] Update jws library to version 3.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 81ba746..6448e93 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "dataurl": "~0.1.0", "request": "~2.14.0", "async": "~0.2.5", - "jws": "0.2.2", + "jws": "~3.1.0", "deep-equal": "0.0.0" }, "devDependencies": { From 88da7456f5555810ff3650bc8f32064c46e5b1db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luis=20Gonz=C3=A1lez=20Fern=C3=A1ndez?= Date: Fri, 21 Aug 2015 12:02:02 +0200 Subject: [PATCH 2/2] Passing algorithm parameter to jws.verify() function, that is mandatory. --- index.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index 680f139..356f6cb 100644 --- a/index.js +++ b/index.js @@ -388,6 +388,7 @@ function unpackJWS(signature, callback) { const payload = jsonParse(parts.payload); if (!payload) return callback(makeError('jws-payload-parse')); + payload.header = parts.header; // adding header information return callback(null, payload) } @@ -457,9 +458,10 @@ function fullValidateSignedAssertion(signature, callback) { return getLinkedResources(structures, callback); }, function verifySignature(resources, callback) { + algorithm = data.structures.assertion.header.alg; data.resources = resources; const publicKey = resources['assertion.verify.url']; - if (!jws.verify(signature, publicKey)) + if (!jws.verify(signature, algorithm, publicKey)) return callback(makeError('verify-signature')) return callback(null, resources); },