lib/cose/sign.rb in cose-0.8.0 vs lib/cose/sign.rb in cose-0.9.0
- old
+ new
@@ -1,20 +1,54 @@
+# frozen_string_literal: true
+
require "cbor"
+require "cose/error"
require "cose/security_message"
require "cose/signature"
module COSE
class Sign < SecurityMessage
+ CONTEXT = "Signature"
+
attr_reader :payload, :signatures
def self.keyword_arguments_for_initialize(decoded)
- { payload: CBOR.decode(decoded[0]), signatures: decoded[1].map { |s| COSE::Signature.deserialize(s) } }
+ { payload: decoded[0], signatures: decoded[1].map { |s| COSE::Signature.from_array(s) } }
end
+ def self.tag
+ 98
+ end
+
def initialize(payload:, signatures:, **keyword_arguments)
super(**keyword_arguments)
@payload = payload
@signatures = signatures
+ end
+
+ def verify(key, external_aad = nil)
+ signature = signatures.detect { |s| s.headers.kid == key.kid }
+
+ if signature
+ signature.algorithm.verify(key, signature.signature, verification_data(signature, external_aad))
+ else
+ raise(COSE::Error, "No signature matches key kid")
+ end
+ end
+
+ private
+
+ def verification_data(signature, external_aad = nil)
+ @verification_data ||=
+ CBOR.encode(
+ [
+ CONTEXT,
+ serialized_map(protected_headers),
+ serialized_map(signature.protected_headers),
+ external_aad || ZERO_LENGTH_BIN_STRING,
+ payload
+ ]
+ )
end
end
end