|
1 | 1 | import { test, expect, describe } from "@jest/globals"; |
2 | | -import { ApiKeyStamper } from "@turnkey/api-key-stamper"; |
3 | 2 | import { uint8ArrayFromHexString } from "@turnkey/encoding"; |
| 3 | +import { p256 } from "@noble/curves/p256"; |
| 4 | +import { sha256 } from "@noble/hashes/sha256"; |
4 | 5 | import { |
5 | 6 | getPublicKey, |
6 | 7 | generateP256KeyPair, |
@@ -198,27 +199,23 @@ describe("Turnkey Crypto Primitives", () => { |
198 | 199 | test("verifyRequestStamp", async () => { |
199 | 200 | const { publicKey: apiPublicKey, privateKey: apiPrivateKey } = |
200 | 201 | generateP256KeyPair(); |
201 | | - const apiKeyStamper = new ApiKeyStamper({ |
202 | | - apiPublicKey, |
203 | | - apiPrivateKey, |
204 | | - }); |
205 | 202 |
|
206 | 203 | // we create a sample request payload |
207 | 204 | const requestBody = JSON.stringify({ |
208 | 205 | organizationId: "00000000-00000000-00000000-00000000", |
209 | 206 | timestampMs: Date.now().toString(), |
210 | 207 | }); |
211 | 208 |
|
212 | | - // we stamp the request payload to get the signature |
213 | | - const { stampHeaderValue } = await apiKeyStamper.stamp(requestBody); |
214 | | - |
215 | | - const decodedStampContents = atob(stampHeaderValue); |
216 | | - const parsedStampContents = JSON.parse(decodedStampContents); |
217 | | - const signature = parsedStampContents.signature; |
| 209 | + // we manually create a signature using @noble/curves directly |
| 210 | + // to avoid a circular dependency with ApiKeyStamper |
| 211 | + const messageHash = sha256(new TextEncoder().encode(requestBody)); |
| 212 | + const privateKeyBytes = uint8ArrayFromHexString(apiPrivateKey); |
| 213 | + const signatureBytes = p256.sign(messageHash, privateKeyBytes).toDERHex(); |
218 | 214 |
|
| 215 | + // we verify the signature |
219 | 216 | const verified = await verifyStampSignature( |
220 | 217 | apiPublicKey, |
221 | | - signature, |
| 218 | + signatureBytes, |
222 | 219 | requestBody, |
223 | 220 | ); |
224 | 221 |
|
|
0 commit comments