Merge pull request #32 from vaxxnz/fix/invalid_signature

Fix/invalid signature
haxxnz · Nov 10, 2021 · 8cf26c9 · 8cf26c9
2 parents 3e368c3 + bef8fa3
commit 8cf26c9
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,10 @@
-# NZCP.js &emsp; ![npm](https://img.shields.io/npm/v/@vaxxnz/nzcp) ![NPM](https://img.shields.io/npm/l/@vaxxnz/nzcp) ![npm](https://img.shields.io/npm/dw/@vaxxnz/nzcp)
+# NZCP.js &emsp; [![latest version badge]][npm] [![license badge]][license] [![downloads badge]][npm]
+
+[latest version badge]: https://img.shields.io/npm/v/@vaxxnz/nzcp
+[license badge]: https://img.shields.io/npm/l/@vaxxnz/nzcp
+[downloads badge]: https://img.shields.io/npm/dw/@vaxxnz/nzcp
+[npm]: https://www.npmjs.com/package/@vaxxnz/nzcp
+[license]: https://github.com/vaxxnz/nzcp-js/blob/main/LICENSE
 
 A JavaScript implementation of [NZ COVID Pass](https://github.com/minhealthnz/nzcovidpass-spec) verification, New Zealand's proof of COVID-19 vaccination solution, written in TypeScript. All contributions welcome 🥳
 
@@ -16,6 +22,10 @@ npm i @vaxxnz/nzcp
 yarn add @vaxxnz/nzcp
 ```
 
+## Demo
+- [Node.js demo on REPL.it](https://replit.com/@noway1/NZCPjs-demo)
+- [React.js demo on CodeSandbox](https://codesandbox.io/s/nzcpjs-demo-4vjgb?file=/src/App.tsx:0-23)
+
 ## Usage
 
 ```javascript
@@ -85,6 +95,9 @@ Want to help us build a better library? We welcome contributions via [pull reque
 
 ---
 
+## NPM
+[@vaxxnz/nzcp](https://www.npmjs.com/package/@vaxxnz/nzcp)
+
 ## Contribute
 
 ```bash

diff --git a/src/crypto.ts b/src/crypto.ts
@@ -31,7 +31,7 @@ export function validateCOSESignature(
   //     external_aad : bstr,
   //     payload : bstr
   // ]
-  const SigStructure = ["Signature1", protected_, Buffer.alloc(0), payload_];
+  const SigStructure = ["Signature1", Buffer.from(protected_ as Buffer), Buffer.alloc(0), Buffer.from(payload_ as Buffer)];
   const ToBeSigned = cbor.encode(SigStructure);
   const messageHash = sha256.digest(ToBeSigned);
   const signature = {

diff --git a/src/cwt.ts b/src/cwt.ts
@@ -16,10 +16,10 @@ export function parseCWTClaims(
   // The claim key for cti of 7 MUST be used
   const ctiClaimRaw = rawCWTClaims.get(7);
   let jti: string | undefined;
-  if (ctiClaimRaw && ctiClaimRaw instanceof Buffer) {
+  if (ctiClaimRaw) {
     // Section 2.1.1.2
     // CWT Token ID claim MUST be a valid UUID in the form of a URI as specified by [RFC4122]
-    const jtiResult = decodeCtiToJti(ctiClaimRaw);
+    const jtiResult = decodeCtiToJti(ctiClaimRaw as Buffer);
     if (jtiResult.success) {
       jti = jtiResult.jti;
     }