(t, alg)
| 89 | testRSAenc.title = (title, alg) => `${alg} requires key modulusLength to be 2048 bits or larger` |
| 90 | |
| 91 | async function testECDSASigEncoding(t, alg) { |
| 92 | const { privateKey, publicKey } = await generateKeyPair(alg, { extractable: true }) |
| 93 | |
| 94 | const jws = await new FlattenedSign(t.context.payload) |
| 95 | .setProtectedHeader({ alg }) |
| 96 | .sign(privateKey) |
| 97 | |
| 98 | const derEncodedSignature = base64url.encode( |
| 99 | crypto.sign(`sha${alg.slice(2, 5)}`, Buffer.from('foo'), await exportPKCS8(privateKey)), |
| 100 | ) |
| 101 | |
| 102 | await t.throwsAsync(flattenedVerify({ ...jws, signature: derEncodedSignature }, publicKey), { |
| 103 | message: 'signature verification failed', |
| 104 | code: 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED', |
| 105 | }) |
| 106 | } |
| 107 | testECDSASigEncoding.title = (title, alg) => `${alg} swallows invalid signature encoding errors` |
| 108 | |
| 109 | test(testRSAsig, 'RS256') |
nothing calls this directly
no test coverage detected
searching dependent graphs…