Comparing version 3.3.2 to 3.3.3
{ | ||
"name": "fast-jwt", | ||
"version": "3.3.2", | ||
"version": "3.3.3", | ||
"description": "Fast JSON Web Token implementation", | ||
@@ -5,0 +5,0 @@ "author": "NearForm Ltd", |
@@ -29,3 +29,3 @@ 'use strict' | ||
const privateKeyPemMatcher = /^-----BEGIN(?: (RSA|EC|ENCRYPTED))? PRIVATE KEY-----/ | ||
const publicKeyPemMatcher = /^-----BEGIN( RSA)? PUBLIC KEY-----/ | ||
const publicKeyPemMatcher = /^-----BEGIN(?: (RSA))? PUBLIC KEY-----/ | ||
const publicKeyX509CertMatcher = '-----BEGIN CERTIFICATE-----' | ||
@@ -159,5 +159,10 @@ const privateKeysCache = new Cache(1000) | ||
function performDetectPublicKeyAlgorithms(key) { | ||
const publicKeyPemMatch = key.match(publicKeyPemMatcher) | ||
if (key.match(privateKeyPemMatcher)) { | ||
throw new TokenError(TokenError.codes.invalidKey, 'Private keys are not supported for verifying.') | ||
} else if (!key.match(publicKeyPemMatcher) && !key.includes(publicKeyX509CertMatcher)) { | ||
} else if (publicKeyPemMatch && publicKeyPemMatch[1] === 'RSA') { | ||
// pkcs1 format - Can only be RSA key | ||
return rsaAlgorithms | ||
} else if (!publicKeyPemMatch && !key.includes(publicKeyX509CertMatcher)) { | ||
// Not a PEM, assume a plain secret | ||
@@ -164,0 +169,0 @@ return hsAlgorithms |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
90851
1311