Ignore delimiter on multihash

Author: adamkecskes-bene

lib/httpDigest.js

@@ -78,11 +78,10 @@ function _createMultihash({digest}) {
 function _parseHeaderValue(headerValue) {
   const [key, digest] = headerValue.split(/=(.+)/);
 
-  // Unwrap in case the base64-encoded digest bytes are wrapped in colons
-  const encodedDigest = digest?.replace(/^:(.*):$/, '$1');
-
+  let encodedDigest;
   let algorithm;
   if(key === 'mh') {
+    encodedDigest = digest;
     // if `encodedDigest` starts with `uEi`, then it is a base64url-encoded
     // sha-256 multihash
     if(encodedDigest.startsWith('uEi')) {
@@ -92,6 +91,9 @@ function _parseHeaderValue(headerValue) {
         `Only base64url-encoded, sha-256 multihash is supported.`);
     }
   } else {
+    // Unwrap in case the base64-encoded digest bytes are wrapped in colons
+    encodedDigest = digest?.replace(/^:(.*):$/, '$1');
+
     algorithm = key.replace('-', '').toLowerCase();
     if(algorithm !== 'sha256') {
       throw new Error(`Algorithm "${algorithm}" is not supported.`);

test/unit/httpDigest.spec.js

@@ -158,6 +158,22 @@ describe('http-signature-digest', () => {
       should.exist(verifyResult);
       verifyResult.verified.should.equal(true);
     });
+    it('should verify false if a multihash digest is wrapped in colons',
+      async () => {
+        const data = '{"hello":"world"}';
+        const headerValue =
+          `mh=:uEiCTojlxqRTl6svwqNJRVM2jCcPBxy-7mRTUfGDzy2gViA:`;
+        let verifyResult;
+        let err;
+        try {
+          verifyResult = await verifyHeaderValue({data, headerValue});
+        } catch(e) {
+          err = e;
+        }
+        should.not.exist(err);
+        should.exist(verifyResult);
+        verifyResult.verified.should.equal(false);
+      });
     it('should verify false if verifying bad data object', async () => {
       const data = {hello: 'world'};
       const headerValue = await createHeaderValue(