From 3c49cc4c9a9279ab0b1387865d7899fdf8e8fde8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kat=20March=C3=A1n?= <kzm@sykosomatic.org>
Date: Tue, 6 Feb 2018 15:25:05 -0800
Subject: [PATCH] feat(match): add integrity.match()

---
 index.js          | 29 ++++++++++++++++-------------
 test/integrity.js | 27 +++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/index.js b/index.js
index 853ee7f..ba1bb6d 100644
--- a/index.js
+++ b/index.js
@@ -93,6 +93,19 @@ class Integrity {
   hexDigest () {
     return parse(this, {single: true}).hexDigest()
   }
+  match (integrity, opts) {
+    const other = parse(integrity, opts)
+    const algo = other.pickAlgorithm(opts)
+    return (
+      this[algo] &&
+      other[algo] &&
+      this[algo].find(hash =>
+        other[algo].find(otherhash =>
+          hash.digest === otherhash.digest
+        )
+      )
+    ) || false
+  }
   pickAlgorithm (opts) {
     const pickAlgorithm = (opts && opts.pickAlgorithm) || getPrioritizedHash
     const keys = Object.keys(this)
@@ -205,9 +218,8 @@ function checkData (data, sri, opts) {
   sri = parse(sri, opts)
   if (!Object.keys(sri).length) { return false }
   const algorithm = sri.pickAlgorithm(opts)
-  const digests = sri[algorithm] || []
   const digest = crypto.createHash(algorithm).update(data).digest('base64')
-  return digests.find(hash => hash.digest === digest) || false
+  return parse({algorithm, digest}).match(sri, opts)
 }
 
 module.exports.checkStream = checkStream
@@ -254,17 +266,8 @@ function integrityStream (opts) {
     const newSri = parse(hashes.map((h, i) => {
       return `${algorithms[i]}-${h.digest('base64')}${optString}`
     }).join(' '), opts)
-    const match = (
-      // Integrity verification mode
-      opts.integrity &&
-      newSri[algorithm] &&
-      digests &&
-      digests.find(hash => {
-        return newSri[algorithm].find(newhash => {
-          return hash.digest === newhash.digest
-        })
-      })
-    )
+    // Integrity verification mode
+    const match = goodSri && newSri.match(sri, opts)
     if (typeof opts.size === 'number' && streamSize !== opts.size) {
       const err = new Error(`stream size mismatch when checking ${sri}.\n  Wanted: ${opts.size}\n  Found: ${streamSize}`)
       err.code = 'EBADSIZE'
diff --git a/test/integrity.js b/test/integrity.js
index 9db0737..9546004 100644
--- a/test/integrity.js
+++ b/test/integrity.js
@@ -78,6 +78,33 @@ test('concat()', t => {
   t.done()
 })
 
+test('match()', t => {
+  const sri = ssri.parse('sha1-foo sha512-bar')
+  t.similar(sri.match('sha1-foo'), {
+    algorithm: 'sha1',
+    digest: 'foo'
+  }, 'returns the matching hash')
+  t.similar(sri.match(ssri.parse('sha1-foo')), {
+    algorithm: 'sha1',
+    digest: 'foo'
+  }, 'accepts other Integrity objects')
+  t.similar(sri.match(ssri.parse('sha1-foo')), {
+    algorithm: 'sha1',
+    digest: 'foo'
+  }, 'accepts other Hash objects')
+  t.similar(sri.match({digest: 'foo', algorithm: 'sha1'}), {
+    algorithm: 'sha1',
+    digest: 'foo'
+  }, 'accepts Hash-like objects')
+  t.similar(sri.match('sha1-bar sha512-bar'), {
+    algorithm: 'sha512',
+    digest: 'bar'
+  }, 'returns the strongest match')
+  t.notOk(sri.match('sha512-foo'), 'falsy when match fails')
+  t.notOk(sri.match('sha384-foo'), 'falsy when match fails')
+  t.done()
+})
+
 test('pickAlgorithm()', t => {
   const sri = ssri.parse('sha1-foo sha512-bar sha384-baz')
   t.equal(sri.pickAlgorithm(), 'sha512', 'picked best algorithm')