verify method
Implementation
bool verify(Map<String, dynamic> publicKeyJwk) {
var crv = publicKeyJwk['crv'];
if (crv == null) throw Exception('Jwk without crv parameter');
bool valid = true;
for (var s in signatures) {
var alg = s.protected!['alg'];
if (alg == null) {
throw Exception('alg property must be present');
} else if (alg == JwsSignatureAlgorithm.edDsa.value) {
if (crv != 'Ed25519') throw Exception('wrong curve for algorithm $alg');
var publicKey =
ed.PublicKey(base64Decode(addPaddingToBase64(publicKeyJwk['x'])));
var encodedHeader = removePaddingFromBase64(
base64UrlEncode(utf8.encode(jsonEncode(s.protected))));
valid = ed.verify(
publicKey,
ascii.encode(
'$encodedHeader.${_base64Payload ?? removePaddingFromBase64(base64UrlEncode(utf8.encode(payload.toString())))}'),
base64Decode(addPaddingToBase64(s.signature)));
} else if (alg == JwsSignatureAlgorithm.es256.value) {
if (crv != 'P-256') throw Exception('wrong curve for algorithm $alg');
var pubKey = EcPublicKey(
xCoordinate: bytesToUnsignedInt(
base64Decode(addPaddingToBase64(publicKeyJwk['x']))),
yCoordinate: bytesToUnsignedInt(
base64Decode(addPaddingToBase64(publicKeyJwk['y']))),
curve: curves.p256);
var verifier = pubKey.createVerifier(algorithms.signing.ecdsa.sha256);
var encodedHeader = removePaddingFromBase64(
base64UrlEncode(utf8.encode(jsonEncode(s.protected))));
valid = verifier.verify(
ascii.encode(
'$encodedHeader.${_base64Payload ?? removePaddingFromBase64(base64UrlEncode(utf8.encode(payload.toString())))}'),
Signature(base64Decode(addPaddingToBase64(s.signature))));
} else if (alg == JwsSignatureAlgorithm.es256k.value) {
if (crv != 'secp256k1') {
throw Exception('wrong curve for algorithm $alg');
}
var pubKey = EcPublicKey(
xCoordinate: bytesToUnsignedInt(
base64Decode(addPaddingToBase64(publicKeyJwk['x']))),
yCoordinate: bytesToUnsignedInt(
base64Decode(addPaddingToBase64(publicKeyJwk['y']))),
curve: curves.p256k);
var verifier = pubKey.createVerifier(algorithms.signing.ecdsa.sha256);
var encodedHeader = removePaddingFromBase64(
base64UrlEncode(utf8.encode(jsonEncode(s.protected))));
valid = verifier.verify(
ascii.encode(
'$encodedHeader.${_base64Payload ?? removePaddingFromBase64(base64UrlEncode(utf8.encode(payload.toString())))}'),
Signature(base64Decode(addPaddingToBase64(s.signature))));
} else {
throw UnimplementedError('Other signing algorithms are not supported');
}
}
return valid;
}