Comparing version 1.3.0 to 1.3.1
{ | ||
"name": "fast-jwt", | ||
"version": "1.3.0", | ||
"version": "1.3.1", | ||
"description": "Fast JSON Web Token implementation", | ||
@@ -5,0 +5,0 @@ "author": "NearForm Ltd", |
@@ -45,3 +45,3 @@ # fast-jwt | ||
If the `key` is a passphrase protected private key, then it must be an object with the following structure: | ||
If the `key` is a passphrase protected private key, the `algorithm` option must be provided and must be either a `RS*` or `ES*` encoded key and the `key` option must be an object with the following structure: | ||
```js | ||
@@ -48,0 +48,0 @@ { |
@@ -103,3 +103,3 @@ 'use strict' | ||
function performDetectPrivateKeyAlgoritm(key) { | ||
function performDetectPrivateKeyAlgorithm(key) { | ||
if (key.includes(publicKeyPemMatcher)) { | ||
@@ -120,4 +120,3 @@ throw new TokenError(TokenError.codes.invalidKey, 'Public keys are not supported for signing.') | ||
switch (pemData[1]) { | ||
case 'RSA': // pkcs1 format - Can only be RSA or an ENCRYPTED (RSA) key | ||
case 'ENCRYPTED': | ||
case 'RSA': // pkcs1 format - Can only be RSA key | ||
return 'RS256' | ||
@@ -128,2 +127,4 @@ case 'EC': // sec1 format - Can only be a EC key | ||
break | ||
case 'ENCRYPTED': // Can be either RSA or EC key - we'll used the supplied algorithm | ||
return 'ENCRYPTED' | ||
default: | ||
@@ -192,3 +193,3 @@ // pkcs8 | ||
function detectPrivateKeyAlgorithm(key) { | ||
function detectPrivateKeyAlgorithm(key, providedAlgorithm) { | ||
if (key instanceof Buffer) { | ||
@@ -211,10 +212,10 @@ key = key.toString('utf-8') | ||
try { | ||
return cacheSet(privateKeysCache, key, performDetectPrivateKeyAlgoritm(key)) | ||
const detectedAlgorithm = performDetectPrivateKeyAlgorithm(key) | ||
if (detectedAlgorithm === 'ENCRYPTED') { | ||
return cacheSet(privateKeysCache, key, providedAlgorithm) | ||
} | ||
return cacheSet(privateKeysCache, key, detectedAlgorithm) | ||
} catch (e) { | ||
throw cacheSet( | ||
privateKeysCache, | ||
key, | ||
null, | ||
TokenError.wrap(e, TokenError.codes.invalidKey, 'Unsupported PEM private key.') | ||
) | ||
throw cacheSet(privateKeysCache, key, null, TokenError.wrap(e, TokenError.codes.invalidKey, 'Unsupported PEM private key.')) | ||
} | ||
@@ -221,0 +222,0 @@ } |
@@ -28,8 +28,9 @@ 'use strict' | ||
// If the key is passphrase encrypted (actual === "ENCRYPTED") only RS and ES algos are supported | ||
if (expectedType === 'RS' || expectedType === 'PS') { | ||
// RS and PS use same keys | ||
valid = actualType === 'RS' | ||
valid = actualType === 'RS' || (expectedType === 'RS' && actual === 'ENCRYPTED') | ||
} else if (expectedType === 'ES' || expectedType === 'Ed') { | ||
// ES and Ed must match | ||
valid = expectedType === actualType | ||
valid = expectedType === actualType || (expectedType === 'ES' && actual === 'ENCRYPTED') | ||
} | ||
@@ -148,3 +149,3 @@ | ||
// Detect the private key - If the algorithm was known, just verify they match, otherwise assign it | ||
const availableAlgorithm = detectPrivateKeyAlgorithm(currentKey) | ||
const availableAlgorithm = detectPrivateKeyAlgorithm(currentKey, algorithm) | ||
@@ -210,3 +211,3 @@ if (algorithm) { | ||
const keyType = typeof key | ||
const isKeyPasswordProtected = (keyType === 'object') && key && key.key && key.passphrase | ||
const isKeyPasswordProtected = keyType === 'object' && key && key.key && key.passphrase | ||
@@ -220,3 +221,6 @@ if (algorithm === 'none') { | ||
} | ||
} else if (!key || (keyType !== 'string' && !(key instanceof Buffer) && keyType !== 'function' && !isKeyPasswordProtected)) { | ||
} else if ( | ||
!key || | ||
(keyType !== 'string' && !(key instanceof Buffer) && keyType !== 'function' && !isKeyPasswordProtected) | ||
) { | ||
throw new TokenError( | ||
@@ -226,2 +230,7 @@ TokenError.codes.invalidOption, | ||
) | ||
} else if (isKeyPasswordProtected && !algorithm) { | ||
throw new TokenError( | ||
TokenError.codes.invalidAlgorithm, | ||
'When using password protected key you must provide the algorithm option.' | ||
) | ||
} | ||
@@ -232,3 +241,3 @@ | ||
// Detect the private key - If the algorithm was known, just verify they match, otherwise assign it | ||
const availableAlgorithm = detectPrivateKeyAlgorithm(isKeyPasswordProtected ? key.key : key) | ||
const availableAlgorithm = detectPrivateKeyAlgorithm(isKeyPasswordProtected ? key.key : key, algorithm) | ||
@@ -285,3 +294,5 @@ if (algorithm) { | ||
const fpo = { jti, aud, iss, sub, nonce } | ||
const fixedPayload = Object.keys(fpo).reduce((obj, key) => { return (fpo[key] !== undefined) ? Object.assign(obj, { [key]: fpo[key] }) : obj }, {}) | ||
const fixedPayload = Object.keys(fpo).reduce((obj, key) => { | ||
return fpo[key] !== undefined ? Object.assign(obj, { [key]: fpo[key] }) : obj | ||
}, {}) | ||
@@ -288,0 +299,0 @@ // Return the signer |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
84127
12
1183