Name: js-handler/node_modules/restify/node_modules/http-signature/lib/verify.js 
1:
// Copyright 2011 Joyent, Inc.  All rights reserved.
2:
 
3:
var assert = require('assert-plus');
4:
var crypto = require('crypto');
5:
 
6:
 
7:
 
8:
///--- Exported API
9:
 
10:
module.exports = {
11:
 
12:
  /**
13:
   * Simply wraps up the node crypto operations for you, and returns
14:
   * true or false.  You are expected to pass in an object that was
15:
   * returned from `parse()`.
16:
   *
17:
   * @param {Object} parsedSignature the object you got from `parse`.
18:
   * @param {String} key either an RSA private key PEM or HMAC secret.
19:
   * @return {Boolean} true if valid, false otherwise.
20:
   * @throws {TypeError} if you pass in bad arguments.
21:
   */
22:
  verifySignature: function verifySignature(parsedSignature, key) {
23:
    assert.object(parsedSignature, 'parsedSignature');
24:
    assert.string(key, 'key');
25:
 
26:
    var alg = parsedSignature.algorithm.match(/(HMAC|RSA|DSA)-(\w+)/);
27:
    if (!alg || alg.length !== 3)
28:
      throw new TypeError('parsedSignature: unsupported algorithm ' +
29:
                          parsedSignature.algorithm);
30:
 
31:
    if (alg[1] === 'HMAC') {
32:
      var hmac = crypto.createHmac(alg[2].toUpperCase(), key);
33:
      hmac.update(parsedSignature.signingString);
34:
      return (hmac.digest('base64') === parsedSignature.params.signature);
35:
    } else {
36:
      var verify = crypto.createVerify(alg[0]);
37:
      verify.update(parsedSignature.signingString);
38:
      return verify.verify(key, parsedSignature.params.signature, 'base64');
39:
    }
40:
  }
41:
 
42:
};