fix(typescript): allow sign results to be passed to verify

panva · Aug 20, 2021 · 59aa96d · 59aa96d
1 parent 8e9b24b
commit 59aa96d
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 18 deletions.
diff --git a/src/jws/flattened/sign.ts b/src/jws/flattened/sign.ts
@@ -137,6 +137,7 @@ class FlattenedSign {
 
  const jws: FlattenedJWS = {
  signature: base64url(signature),
+ payload: '',
  }
 
  if (b64) {

diff --git a/src/jws/general/sign.ts b/src/jws/general/sign.ts
@@ -122,10 +122,12 @@ class GeneralSign {
 
  const jws: GeneralJWS = {
  signatures: [],
+ payload: '',
  }
 
+ let payloads = new Set()
  await Promise.all(
- this._signatures.map(async (sig, i) => {
+ this._signatures.map(async (sig) => {
  const { protectedHeader, unprotectedHeader, options, key } = signatureRef.get(sig)!
  const flattened = new FlattenedSign(this._payload)
 
@@ -138,19 +140,14 @@ class GeneralSign {
  }
 
  const { payload, ...rest } = await flattened.sign(key, options)
-
- if ('payload' in jws && jws.payload !== payload) {
- throw new JWSInvalid(`index ${i} signature produced a different payload`)
- } else {
- jws.payload = payload
- }
-
+ payloads.add(payload)
+ jws.payload = payload
  jws.signatures.push(rest)
  }),
  )
 
- if ('payload' in jws && jws.payload === undefined) {
- delete jws.payload
+ if (payloads.size !== 1) {
+ throw new JWSInvalid('inconsistent use of JWS Unencoded Payload Option (RFC7797)')
  }
 
  return jws

diff --git a/src/types.d.ts b/src/types.d.ts
@@ -210,22 +210,22 @@ export interface GeneralJWSInput {
 }
 
 /**
- * Flattened JWS definition. Payload is an optional return property, it
- * is not returned when JWS Unencoded Payload Option
+ * Flattened JWS definition. Payload is returned as an empty
+ * string when JWS Unencoded Payload Option
  * [RFC7797](https://tools.ietf.org/html/rfc7797) is used.
  */
 export interface FlattenedJWS extends Partial<FlattenedJWSInput> {
- payload?: string
+ payload: string
  signature: string
 }
 
 /**
- * General JWS definition. Payload is an optional return property, it
- * is not returned when JWS Unencoded Payload Option
+ * General JWS definition. Payload is returned as an empty
+ * string when JWS Unencoded Payload Option
  * [RFC7797](https://tools.ietf.org/html/rfc7797) is used.
  */
 export interface GeneralJWS {
- payload?: string
+ payload: string
  signatures: Omit<FlattenedJWSInput, 'payload'>[]
 }
 

diff --git a/test/jws/general.test.mjs b/test/jws/general.test.mjs
@@ -51,7 +51,7 @@ Promise.all([
 
  const generalJws = await sig.sign();
 
- t.false('payload' in generalJws);
+ t.is(generalJws.payload, '');
  t.is(generalJws.signatures.length, 2);
  });
 
@@ -80,7 +80,7 @@ Promise.all([
  );
 
  await t.throwsAsync(sig.sign(), {
- message: /index \d signature produced a different payload/,
+ message: 'inconsistent use of JWS Unencoded Payload Option (RFC7797)',
  code: 'ERR_JWS_INVALID',
  });
  });

diff --git a/test/jws/unencoded.test.mjs b/test/jws/unencoded.test.mjs
@@ -12,6 +12,7 @@ Promise.all([import(`${root}/jws/flattened/sign`), import(`${root}/jws/flattened
  .sign(new Uint8Array(32));
 
  t.deepEqual(jws, {
+ payload: '',
  protected: 'eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19',
  signature: 'VklKdp4tVYD61VNPDBTqxqdEQcUL3JK-D4dGXu9NvWs',
  });