feat: create a self signed x.509 certificate in tests

Signed-off-by: Berend Sliedrecht <[email protected]>
animo · Jun 13, 2024 · c78b336 · c78b336
1 parent f2a1d0b
commit c78b336
Show file tree

Hide file tree

Showing 12 changed files with 397 additions and 21 deletions.
diff --git a/package.json b/package.json
@@ -23,11 +23,17 @@
   },
   "dependencies": {
     "@hyperledger/aries-askar-shared": "^0.2.1",
+    "@noble/hashes": "^1.4.0",
+    "@peculiar/asn1-ecc": "^2.3.8",
+    "@peculiar/asn1-schema": "^2.3.8",
+    "@peculiar/asn1-x509": "^2.3.8",
     "webcrypto-core": "^1.8.0"
   },
   "devDependencies": {
     "@biomejs/biome": "1.8.1",
     "@hyperledger/aries-askar-nodejs": "^0.2.1",
+    "@peculiar/x509": "^1.11.0",
+    "@types/node": "^20.14.2",
     "tsx": "^4.15.2",
     "typescript": "~5.4.5"
   }

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/EcdsaProvider.ts b/src/EcdsaProvider.ts
@@ -1,26 +1,72 @@
+import { AsnConvert } from '@peculiar/asn1-schema'
+import { SubjectPublicKeyInfo } from '@peculiar/asn1-x509'
+import { ecdsaWithSHA256 } from '@peculiar/asn1-ecc'
 import * as core from 'webcrypto-core'
-import { askarKeyGenerate, askarKeySign, askarKeyVerify } from './askar'
-import type { CryptoKeyPair } from './types'
+import { askarKeyGenerate, askarKeyGetPublicBytes, askarKeySign, askarKeyVerify } from './askar'
+import type { CryptoKeyPair, EcKeyGenParams, EcdsaParams, JsonWebKey, KeyFormat, KeyUsage } from './types'
 
-export class Ed25519Provider extends core.Ed25519Provider {
-  public async onSign(_algorithm: string, key: core.CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {
-    return askarKeySign(key, data)
+export class EcdsaProvider extends core.EcdsaProvider {
+  public async onSign(algorithm: EcdsaParams, key: core.CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {
+    if (algorithm.hash.name !== 'SHA-256') {
+      throw new Error(`Invalid hashing algorithm. Expected: 'SHA-256', received: ${algorithm.hash.name}`)
+    }
+
+    const signature = askarKeySign(key, data)
+
+    return signature
   }
 
   public async onVerify(
-    _algorithm: string,
+    algorithm: EcdsaParams,
     key: core.CryptoKey,
     signature: ArrayBuffer,
     data: ArrayBuffer
   ): Promise<boolean> {
-    return askarKeyVerify(key, data, signature)
+    if (algorithm.hash.name !== 'SHA-256') {
+      throw new Error(`Invalid hashing algorithm. Expected: 'SHA-256', received: ${algorithm.hash.name}`)
+    }
+
+    const isValid = askarKeyVerify(key, data, signature)
+
+    return isValid
   }
 
   public async onGenerateKey(
-    algorithm: { name: string },
+    algorithm: EcKeyGenParams,
     _extractable: boolean,
-    _keyUsages: string[]
+    _keyUsages: KeyUsage[]
   ): Promise<CryptoKeyPair> {
-    return askarKeyGenerate(algorithm.name)
+    const key = askarKeyGenerate(algorithm.namedCurve)
+
+    return key
+  }
+
+  public async onExportKey(format: KeyFormat, key: core.CryptoKey): Promise<JsonWebKey | ArrayBuffer> {
+    switch (format.toLowerCase()) {
+      case 'pkcs8':
+      case 'spki': {
+        const publicKeyInfo = new SubjectPublicKeyInfo({
+          algorithm: ecdsaWithSHA256,
+          subjectPublicKey: askarKeyGetPublicBytes(key).buffer,
+        })
+
+        const derEncoded = AsnConvert.serialize(publicKeyInfo)
+        return derEncoded
+      }
+      case 'raw':
+        return askarKeyGetPublicBytes(key).buffer
+      default:
+        throw new Error(`Not supported format: ${format}`)
+    }
+  }
+
+  onImportKey(
+    _format: unknown,
+    _keyData: unknown,
+    _algorithm: unknown,
+    _extractable: boolean,
+    _keyUsages: KeyUsage[]
+  ): Promise<core.CryptoKey> {
+    throw new Error('onImportKey not implemented.')
   }
 }