golemfactory · evik42 · Apr 7, 2023 · Apr 7, 2023
diff --git a/examples/js/.gitignore b/examples/js/.gitignore
@@ -0,0 +1 @@
+node_modules
diff --git a/examples/js/README.md b/examples/js/README.md
@@ -0,0 +1,8 @@
+To use this example install dependencies via `npm install`.
+
+Verifying a certificate signature (just the signature, not the certificate chain) can be accomplished by running the program:  
+`node . certificate-path` where certificate path is the path to a Golem certificate json.
+
+Example:  
+`node . ../../tests/resources/certificate/happy_path.signed.json` - this should print that the signature is valid  
+`node . ../../tests/resources/certificate/invalid_signature.signed.json` - this should print that the verification failed
diff --git a/examples/js/index.js b/examples/js/index.js
@@ -0,0 +1,28 @@
+const fs = require('fs');
+const canonicalize = require('canonicalize');
+const elliptic = require('elliptic');
+
+const filename = process.argv[process.argv.length - 1];
+console.log("Reading certificate from file " + filename);
+
+const certificate_data = fs.readFileSync(filename);
+const certificate = JSON.parse(certificate_data);
+const signing_certificate = certificate.signature.signer === "self" ? certificate : certificate.signature.signer;
+
+if (certificate.signature.algorithm.hash !== "sha512"
+    || certificate.signature.algorithm.encryption !== "EdDSA"
+    || signing_certificate.certificate.publicKey.parameters.scheme !== "Ed25519") {
+    console.log("Unsupported signature type");
+    process.exit(1);
+}
+
+const encoder = new TextEncoder();
+const signed_bytes = encoder.encode(canonicalize(certificate.certificate)); // encode the string into bytes with UTF-8 encoding
+
+const result = elliptic.eddsa('ed25519').verify(signed_bytes, certificate.signature.value, signing_certificate.certificate.publicKey.key);
+
+if (result) {
+    console.log("The signature is valid.");
+} else {
+    console.log("Signature verification failed.");
+}
diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json
diff --git a/examples/js/package.json b/examples/js/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "golem-certificate",
+  "version": "0.1.0",
+  "description": "Example to verify golem-certificate signature",
+  "main": "index.js",
+  "bin": {
+    "golem-certificate": "index.js"
+  },
+  "author": "evik (https://github.com/evik42)",
+  "license": "GPLv3",
+  "dependencies": {
+    "canonicalize": "^2.0.0",
+    "elliptic": "^6.5.4"
+  }
+}
diff --git a/tests/resources/certificate/invalid_signature.signed.json b/tests/resources/certificate/invalid_signature.signed.json
@@ -19,7 +19,7 @@
     },
     "publicKey": {
       "algorithm": "EdDSA",
-      "key": "c6cd286a2474d13ffc8dcd417a446df461751a78dec46d039603ca53a373ac52",
+      "key": "c6cd286a2474d13ffc8dcd417a446df461751a78dec46d039603ca53a373ac53",
       "parameters": {
         "scheme": "Ed25519"
       }
@@ -30,7 +30,7 @@
       "hash": "sha512",
       "encryption": "EdDSA"
     },
-    "value": "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
+    "value": "839a2d43d22690338f4fb282e7bcc790e7352dc99e42dc603d43e51e4e09f2c709f1b9f1f4c90b446107440f8ab13345fbbd1d64337acf70b2777be9a522be0b",
     "signer": {
       "$schema": "https://golem.network/schemas/v1/certificate.schema.json",
       "certificate": {