1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# frozen_string_literal: true
require "cbor"
require "cose/error"
require "cose/security_message"
require "cose/signature"
module COSE
class Sign < SecurityMessage
CONTEXT = "Signature"
attr_reader :payload, :signatures
def self.keyword_arguments_for_initialize(decoded)
{ payload: decoded[0], signatures: decoded[1].map { |s| COSE::Signature.from_array(s) } }
end
def self.tag
98
end
def initialize(payload:, signatures:, **keyword_arguments)
super(**keyword_arguments)
@payload = payload
@signatures = signatures
end
def verify(key, external_aad = nil)
signature = signatures.detect { |s| s.headers.kid == key.kid }
if signature
signature.algorithm.verify(key, signature.signature, verification_data(signature, external_aad))
else
raise(COSE::Error, "No signature matches key kid")
end
end
private
def verification_data(signature, external_aad = nil)
@verification_data ||=
CBOR.encode(
[
CONTEXT,
serialized_map(protected_headers),
serialized_map(signature.protected_headers),
external_aad || ZERO_LENGTH_BIN_STRING,
payload
]
)
end
end
end
|
