rfc3230 algo compare with uppercase

Author: tamaina

dist/digest/digest-rfc9530.d.ts

@@ -77,5 +77,5 @@ export declare function verifyRFC9530DigestHeader(request: IncomingRequest, rawB
      * If `varifyAll: false`, it is also used to choose the hash algorithm to verify.
      * (Younger index is preferred.)
      */
-    hashAlgorithms?: RFC9530HashAlgorithm[];
+    algorithms?: RFC9530HashAlgorithm[];
 }, errorLogger?: ((message: any) => any)): Promise<boolean>;

dist/index.cjs

@@ -1619,7 +1619,7 @@ async function verifyRFC3230DigestHeader(request, rawBody, opts = {
   algorithms: ["SHA-256", "SHA-512"]
 }, errorLogger) {
   const failOnNoDigest = typeof opts === "boolean" ? opts : opts.failOnNoDigest;
-  const algorithms = typeof opts === "boolean" ? ["SHA-256", "SHA-512"] : opts.algorithms;
+  const algorithms = typeof opts === "boolean" ? ["SHA-256", "SHA-512"] : opts.algorithms.map((algo2) => algo2.toUpperCase());
   const digestHeader = getHeaderValue(collectHeaders(request), "digest");
   if (!digestHeader) {
     if (failOnNoDigest) {
@@ -1641,12 +1641,13 @@ async function verifyRFC3230DigestHeader(request, rawBody, opts = {
     return false;
   }
   const value = import_rfc46482.base64.parse(match[2]);
-  const algo = match[1];
+  let algo = match[1];
   if (!algo) {
     if (errorLogger)
       errorLogger(`Invalid Digest header algorithm: ${match[1]}`);
     return false;
   }
+  algo = algo.toUpperCase();
   if (!algorithms.includes(algo) && !(algo === "SHA" && algorithms.includes("SHA-1"))) {
     if (errorLogger)
       errorLogger(`Unsupported hash algorithm detected in opts.algorithms: ${algo} (supported: ${algorithms.join(", ")})`);
@@ -1786,7 +1787,7 @@ async function genRFC9530DigestHeader(body, hashAlgorithms = ["SHA-256"], proces
 async function verifyRFC9530DigestHeader(request, rawBody, opts = {
   failOnNoDigest: true,
   verifyAll: true,
-  hashAlgorithms: ["sha-256", "sha-512"]
+  algorithms: ["sha-256", "sha-512"]
 }, errorLogger) {
   const headers = collectHeaders(request);
   const contentDigestHeader = getHeaderValue(headers, "content-digest");
@@ -1811,27 +1812,25 @@ async function verifyRFC9530DigestHeader(request, rawBody, opts = {
       errorLogger("Digest header is empty");
     return false;
   }
-  let hashAlgorithms = (opts.hashAlgorithms || ["sha-256", "sha-512"]).map((v) => v.toLowerCase());
-  if (hashAlgorithms.length === 0) {
+  let acceptableAlgorithms = (opts.algorithms || ["sha-256", "sha-512"]).map((v) => v.toLowerCase());
+  if (acceptableAlgorithms.length === 0) {
     throw new Error("hashAlgorithms is empty");
   }
-  for (const algo of hashAlgorithms) {
-    if (!isSupportedRFC9530HashAlgorithm(algo)) {
-      throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms: ${algo} (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(", ")})`);
-    }
+  if (acceptableAlgorithms.some((algo) => !isSupportedRFC9530HashAlgorithm(algo))) {
+    throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(", ")})`);
   }
   const dictionaryAlgorithms = dictionary.reduce((prev, [k]) => prev.add(k), /* @__PURE__ */ new Set());
-  if (!hashAlgorithms.some((v) => dictionaryAlgorithms.has(v))) {
+  if (!acceptableAlgorithms.some((v) => dictionaryAlgorithms.has(v))) {
     if (errorLogger)
       errorLogger("No supported Content-Digest header algorithm");
     return false;
   }
   if (!opts.verifyAll) {
-    hashAlgorithms = [hashAlgorithms.find((v) => dictionaryAlgorithms.has(v))];
+    acceptableAlgorithms = [acceptableAlgorithms.find((v) => dictionaryAlgorithms.has(v))];
   }
   const results = await Promise.allSettled(
     dictionary.map(([algo, [value]]) => {
-      if (!hashAlgorithms.includes(algo.toLowerCase())) {
+      if (!acceptableAlgorithms.includes(algo.toLowerCase())) {
         return Promise.resolve(null);
       }
       if (!(value instanceof sh.ByteSequence)) {
@@ -1873,7 +1872,7 @@ async function verifyDigestHeader(request, rawBody, opts = {
     return await verifyRFC9530DigestHeader(
       request,
       rawBody,
-      { failOnNoDigest, verifyAll, hashAlgorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) },
+      { failOnNoDigest, verifyAll, algorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) },
       errorLogger
     );
   } else if (headerKeys.has("digest")) {

dist/index.mjs

@@ -1518,7 +1518,7 @@ async function verifyRFC3230DigestHeader(request, rawBody, opts = {
   algorithms: ["SHA-256", "SHA-512"]
 }, errorLogger) {
   const failOnNoDigest = typeof opts === "boolean" ? opts : opts.failOnNoDigest;
-  const algorithms = typeof opts === "boolean" ? ["SHA-256", "SHA-512"] : opts.algorithms;
+  const algorithms = typeof opts === "boolean" ? ["SHA-256", "SHA-512"] : opts.algorithms.map((algo2) => algo2.toUpperCase());
   const digestHeader = getHeaderValue(collectHeaders(request), "digest");
   if (!digestHeader) {
     if (failOnNoDigest) {
@@ -1540,12 +1540,13 @@ async function verifyRFC3230DigestHeader(request, rawBody, opts = {
     return false;
   }
   const value = base642.parse(match[2]);
-  const algo = match[1];
+  let algo = match[1];
   if (!algo) {
     if (errorLogger)
       errorLogger(`Invalid Digest header algorithm: ${match[1]}`);
     return false;
   }
+  algo = algo.toUpperCase();
   if (!algorithms.includes(algo) && !(algo === "SHA" && algorithms.includes("SHA-1"))) {
     if (errorLogger)
       errorLogger(`Unsupported hash algorithm detected in opts.algorithms: ${algo} (supported: ${algorithms.join(", ")})`);
@@ -1685,7 +1686,7 @@ async function genRFC9530DigestHeader(body, hashAlgorithms = ["SHA-256"], proces
 async function verifyRFC9530DigestHeader(request, rawBody, opts = {
   failOnNoDigest: true,
   verifyAll: true,
-  hashAlgorithms: ["sha-256", "sha-512"]
+  algorithms: ["sha-256", "sha-512"]
 }, errorLogger) {
   const headers = collectHeaders(request);
   const contentDigestHeader = getHeaderValue(headers, "content-digest");
@@ -1710,27 +1711,25 @@ async function verifyRFC9530DigestHeader(request, rawBody, opts = {
       errorLogger("Digest header is empty");
     return false;
   }
-  let hashAlgorithms = (opts.hashAlgorithms || ["sha-256", "sha-512"]).map((v) => v.toLowerCase());
-  if (hashAlgorithms.length === 0) {
+  let acceptableAlgorithms = (opts.algorithms || ["sha-256", "sha-512"]).map((v) => v.toLowerCase());
+  if (acceptableAlgorithms.length === 0) {
     throw new Error("hashAlgorithms is empty");
   }
-  for (const algo of hashAlgorithms) {
-    if (!isSupportedRFC9530HashAlgorithm(algo)) {
-      throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms: ${algo} (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(", ")})`);
-    }
+  if (acceptableAlgorithms.some((algo) => !isSupportedRFC9530HashAlgorithm(algo))) {
+    throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(", ")})`);
   }
   const dictionaryAlgorithms = dictionary.reduce((prev, [k]) => prev.add(k), /* @__PURE__ */ new Set());
-  if (!hashAlgorithms.some((v) => dictionaryAlgorithms.has(v))) {
+  if (!acceptableAlgorithms.some((v) => dictionaryAlgorithms.has(v))) {
     if (errorLogger)
       errorLogger("No supported Content-Digest header algorithm");
     return false;
   }
   if (!opts.verifyAll) {
-    hashAlgorithms = [hashAlgorithms.find((v) => dictionaryAlgorithms.has(v))];
+    acceptableAlgorithms = [acceptableAlgorithms.find((v) => dictionaryAlgorithms.has(v))];
   }
   const results = await Promise.allSettled(
     dictionary.map(([algo, [value]]) => {
-      if (!hashAlgorithms.includes(algo.toLowerCase())) {
+      if (!acceptableAlgorithms.includes(algo.toLowerCase())) {
         return Promise.resolve(null);
       }
       if (!(value instanceof sh.ByteSequence)) {
@@ -1772,7 +1771,7 @@ async function verifyDigestHeader(request, rawBody, opts = {
     return await verifyRFC9530DigestHeader(
       request,
       rawBody,
-      { failOnNoDigest, verifyAll, hashAlgorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) },
+      { failOnNoDigest, verifyAll, algorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) },
       errorLogger
     );
   } else if (headerKeys.has("digest")) {

src/digest/digest-rfc3230.ts

@@ -36,7 +36,12 @@ export async function verifyRFC3230DigestHeader(
 	errorLogger?: ((message: any) => any)
 ) {
 	const failOnNoDigest = typeof opts === 'boolean' ? opts : opts.failOnNoDigest;
-	const algorithms = typeof opts === 'boolean' ? ['SHA-256', 'SHA-512'] : opts.algorithms;
+	/**
+	 * UPPERCASED
+	 */
+	const algorithms = typeof opts === 'boolean' ?
+		['SHA-256', 'SHA-512']
+		: opts.algorithms.map((algo) => algo.toUpperCase() as DigestHashAlgorithm);
 	const digestHeader = getHeaderValue(collectHeaders(request), 'digest');
 	if (!digestHeader) {
 		if (failOnNoDigest) {
@@ -58,11 +63,15 @@ export async function verifyRFC3230DigestHeader(
 	}
 	const value = base64.parse(match[2]);
 
-	const algo = match[1] as DigestHashAlgorithm;
+	/**
+	 * UPPERCASED
+	 */
+	let algo = match[1] as DigestHashAlgorithm;
 	if (!algo) {
 		if (errorLogger) errorLogger(`Invalid Digest header algorithm: ${match[1]}`);
 		return false;
 	}
+	algo = algo.toUpperCase() as DigestHashAlgorithm;
 	if (!algorithms.includes(algo) && !(algo === 'SHA' && algorithms.includes('SHA-1'))) {
 		if (errorLogger) errorLogger(`Unsupported hash algorithm detected in opts.algorithms: ${algo} (supported: ${algorithms.join(', ')})`);
 		return false;

src/digest/digest-rfc9530.test.ts

@@ -123,23 +123,23 @@ describe('rfc9530', () => {
 					'content-digest': `sha-256=:${base64Resultes.get('')?.['sha-256']}:, sha-512=:${base64Resultes.get(body)?.['sha-512']}:`,
 				}
 			};
-			expect(await verifyRFC9530DigestHeader(request as any, '', { verifyAll: false, hashAlgorithms: ['sha-256', 'sha-512'] })).toBe(true);
+			expect(await verifyRFC9530DigestHeader(request as any, '', { verifyAll: false, algorithms: ['sha-256', 'sha-512'] })).toBe(true);
 		});
 		test('verify one first algorithm fail', async () => {
 			const request = {
 				headers: {
 					'content-digest': `sha-256=:${base64Resultes.get('')?.['sha-256']}:, sha-512=:${base64Resultes.get(body)?.['sha-512']}:`,
 				}
 			};
-			expect(await verifyRFC9530DigestHeader(request as any, '', { verifyAll: false, hashAlgorithms: ['sha-512', 'sha-256'] })).toBe(false);
+			expect(await verifyRFC9530DigestHeader(request as any, '', { verifyAll: false, algorithms: ['sha-512', 'sha-256'] })).toBe(false);
 		});
 		test('algorithms missmatch must fail', async () => {
 			const request = {
 				headers: {
 					'content-digest': `sha-512=:${base64Resultes.get('')?.['sha-512']}:`,
 				}
 			};
-			expect(await verifyRFC9530DigestHeader(request as any, '', { hashAlgorithms: ['sha-256'] })).toBe(false);
+			expect(await verifyRFC9530DigestHeader(request as any, '', { algorithms: ['sha-256'] })).toBe(false);
 		});
 
 		describe('errors', () => {
@@ -149,16 +149,16 @@ describe('rfc9530', () => {
 						'content-digest': `sha-256=:${base64Resultes.get('')?.['sha-256']}:`,
 					}
 				};
-				expect(verifyRFC9530DigestHeader(request as any, '', { hashAlgorithms: [] })).rejects.toThrow('hashAlgorithms is empty');
+				expect(verifyRFC9530DigestHeader(request as any, '', { algorithms: [] })).rejects.toThrow('hashAlgorithms is empty');
 			});
 			test('algorithm not supported', async () => {
 				const request = {
 					headers: {
 						'content-digest': `sha-256=:${base64Resultes.get('')?.['sha-256']}:`,
 					}
 				};
-				expect(verifyRFC9530DigestHeader(request as any, '', { hashAlgorithms: ['md5'] })).rejects
-					.toThrow('Unsupported hash algorithm detected in opts.hashAlgorithms: md5 (supported: sha-256, sha-512)');
+				expect(verifyRFC9530DigestHeader(request as any, '', { algorithms: ['md5'] })).rejects
+					.toThrow('Unsupported hash algorithm detected in opts.hashAlgorithms (supported: sha-256, sha-512)');
 			});
 		});
 	});

src/digest/digest-rfc9530.ts

@@ -182,11 +182,11 @@ export async function verifyRFC9530DigestHeader(
 		 * If `varifyAll: false`, it is also used to choose the hash algorithm to verify.
 		 * (Younger index is preferred.)
 		 */
-		hashAlgorithms?: RFC9530HashAlgorithm[],
+		algorithms?: RFC9530HashAlgorithm[],
 	} = {
 		failOnNoDigest: true,
 		verifyAll: true,
-		hashAlgorithms: ['sha-256', 'sha-512'],
+		algorithms: ['sha-256', 'sha-512'],
 	},
 	errorLogger?: ((message: any) => any)
 ) {
@@ -200,6 +200,9 @@ export async function verifyRFC9530DigestHeader(
 		return true;
 	}
 
+	/**
+	 * lowercased
+	 */
 	let dictionary: RFC9530DigestHeaderObject;
 	try {
 		dictionary = Array.from(sh.parseDictionary(contentDigestHeader), ([k, v]) => [k.toLowerCase(), v]) as RFC9530DigestHeaderObject;
@@ -213,27 +216,31 @@ export async function verifyRFC9530DigestHeader(
 		return false;
 	}
 
-	let hashAlgorithms = (opts.hashAlgorithms || ['sha-256', 'sha-512']).map(v => v.toLowerCase());
-	if (hashAlgorithms.length === 0) {
+	/**
+	 * lowercased
+	 */
+	let acceptableAlgorithms = (opts.algorithms || ['sha-256', 'sha-512']).map(v => v.toLowerCase());
+	if (acceptableAlgorithms.length === 0) {
 		throw new Error('hashAlgorithms is empty');
 	}
-	for (const algo of hashAlgorithms) {
-		if (!isSupportedRFC9530HashAlgorithm(algo)) {
-			throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms: ${algo} (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(', ')})`);
-		}
+	if (acceptableAlgorithms.some(algo => !isSupportedRFC9530HashAlgorithm(algo))) {
+		throw new Error(`Unsupported hash algorithm detected in opts.hashAlgorithms (supported: ${supportedHashAlgorithmsWithRFC9530AndWebCrypto.join(', ')})`);
 	}
+	/**
+	 * lowercased (from dictionary)
+	 */
 	const dictionaryAlgorithms = dictionary.reduce((prev, [k]) => prev.add(k), new Set<string>());
-	if (!hashAlgorithms.some(v => dictionaryAlgorithms.has(v))) {
+	if (!acceptableAlgorithms.some(v => dictionaryAlgorithms.has(v))) {
 		if (errorLogger) errorLogger('No supported Content-Digest header algorithm');
 		return false;
 	}
 	if (!opts.verifyAll) {
-		hashAlgorithms = [hashAlgorithms.find(v => dictionaryAlgorithms.has(v))!];
+		acceptableAlgorithms = [acceptableAlgorithms.find(v => dictionaryAlgorithms.has(v))!];
 	}
 
 	const results = await Promise.allSettled(
 		dictionary.map(([algo, [value]]) => {
-			if (!hashAlgorithms.includes(algo.toLowerCase() as RFC9530HashAlgorithm)) {
+			if (!acceptableAlgorithms.includes(algo.toLowerCase() as RFC9530HashAlgorithm)) {
 				return Promise.resolve(null);
 			}
 			if (!(value instanceof sh.ByteSequence)) {

src/digest/digest.ts

@@ -39,7 +39,7 @@ export async function verifyDigestHeader(
 	if (headerKeys.has('content-digest')) {
 		return await verifyRFC9530DigestHeader(
 			request, rawBody,
-			{ failOnNoDigest, verifyAll, hashAlgorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) }, errorLogger,
+			{ failOnNoDigest, verifyAll, algorithms: algorithms.map(convertHashAlgorithmFromWebCryptoToRFC9530) }, errorLogger,
 		);
 	} else if (headerKeys.has('digest')) {
 		return await verifyRFC3230DigestHeader(