Merge pull request #428 from dodok8/dodok8-issue-399

Author: dahlia

deno.json

@@ -107,5 +107,10 @@
         "check-all"
       ]
     }
+  },
+  "test": {
+    "include": [
+      "./packages"
+    ]
   }
 }

packages/fedify/src/runtime/key.ts

@@ -27,7 +27,7 @@ const algorithms: Record<
  */
 export async function importSpki(pem: string): Promise<CryptoKey> {
   pem = pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "");
-  let spki: Uint8Array;
+  let spki: Uint8Array<ArrayBuffer>;
   try {
     spki = decodeBase64(pem);
   } catch (_) {
@@ -110,7 +110,11 @@ export async function importMultibaseKey(key: string): Promise<CryptoKey> {
       format: "der",
       type: "pkcs1",
     });
-    const spki = keyObject.export({ type: "spki", format: "der" }).buffer;
+    const exported = keyObject.export({ type: "spki", format: "der" });
+    const spki = exported instanceof Uint8Array
+      ? exported
+      : new Uint8Array(exported);
+
     return await crypto.subtle.importKey(
       "spki",
       new Uint8Array(spki),
@@ -121,7 +125,7 @@ export async function importMultibaseKey(key: string): Promise<CryptoKey> {
   } else if (code === 0xed) { // ed25519-pub
     return await crypto.subtle.importKey(
       "raw",
-      content,
+      content.slice(),
       "Ed25519",
       true,
       ["verify"],

packages/fedify/src/sig/http.test.ts

@@ -671,7 +671,7 @@ test("verifyRequest() [rfc9421] manual POST verification", async () => {
   const signatureVerified = await crypto.subtle.verify(
     "RSASSA-PKCS1-v1_5",
     rsaPublicKey2.publicKey,
-    parsedSignature.sig1,
+    parsedSignature.sig1.slice(),
     new TextEncoder().encode(signatureBase),
   );
 

packages/fedify/src/sig/http.ts

@@ -1196,7 +1196,7 @@ async function verifyRequestRfc9421(
       const verified = await crypto.subtle.verify(
         algorithm,
         key.publicKey,
-        sigBytes,
+        sigBytes.slice(),
         signatureBaseBytes,
       );
 

packages/fedify/src/sig/ld.ts

@@ -313,7 +313,7 @@ export async function verifySignature(
   const verified = await crypto.subtle.verify(
     "RSASSA-PKCS1-v1_5",
     key.publicKey,
-    signature,
+    signature.slice(),
     messageBytes,
   );
   if (verified) return key;
@@ -339,7 +339,7 @@ export async function verifySignature(
     const verified = await crypto.subtle.verify(
       "RSASSA-PKCS1-v1_5",
       key.publicKey,
-      signature,
+      signature.slice(),
       messageBytes,
     );
     return verified ? key : null;

packages/fedify/src/sig/proof.ts

@@ -352,7 +352,7 @@ async function verifyProofInternal(
   const verified = await crypto.subtle.verify(
     "Ed25519",
     publicKey.publicKey,
-    proof.proofValue,
+    proof.proofValue.slice(),
     digest,
   );
   if (!verified) {