New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
jose-browser-runtime
Advanced tools
jose-browser-runtime - npm Package Compare versions
Comparing version 4.15.4 to 5.0.0
@@ -26,8 +26,6 @@ export { compactDecrypt } from './jwe/compact/decrypt.js'; | ||
| export { decodeJwt } from './util/decode_jwt.js'; | ||
| import * as errors_1 from './util/errors.js'; | ||
| export { errors_1 as errors }; | ||
| export * as errors from './util/errors.js'; | ||
| export { generateKeyPair } from './key/generate_key_pair.js'; | ||
| export { generateSecret } from './key/generate_secret.js'; | ||
| import * as base64url_1 from './util/base64url.js'; | ||
| export { base64url_1 as base64url }; | ||
| export * as base64url from './util/base64url.js'; | ||
| export { default as cryptoRuntime } from './util/runtime.js'; |
| import { decode as base64url } from '../../runtime/base64url.js'; | ||
| import decrypt from '../../runtime/decrypt.js'; | ||
| import { inflate } from '../../runtime/zlib.js'; | ||
| import { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js'; | ||
@@ -13,3 +12,2 @@ import isDisjoint from '../../lib/is_disjoint.js'; | ||
| export async function flattenedDecrypt(jwe, key, options) { | ||
| var _a; | ||
| if (!isObject(jwe)) { | ||
@@ -51,3 +49,3 @@ throw new JWEInvalid('Flattened JWE must be an object'); | ||
| } | ||
| catch (_b) { | ||
| catch { | ||
| throw new JWEInvalid('JWE Protected Header is invalid'); | ||
@@ -64,10 +62,5 @@ } | ||
| }; | ||
| validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader); | ||
| validateCrit(JWEInvalid, new Map(), options?.crit, parsedProt, joseHeader); | ||
| if (joseHeader.zip !== undefined) { | ||
| if (!parsedProt || !parsedProt.zip) { | ||
| throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected'); | ||
| } | ||
| if (joseHeader.zip !== 'DEF') { | ||
| throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value'); | ||
| } | ||
| throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.'); | ||
| } | ||
@@ -84,7 +77,8 @@ const { alg, enc } = joseHeader; | ||
| validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms); | ||
| if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) { | ||
| throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed'); | ||
| if ((keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) || | ||
| (!keyManagementAlgorithms && alg.startsWith('PBES2'))) { | ||
| throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed'); | ||
| } | ||
| if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) { | ||
| throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter not allowed'); | ||
| throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter value not allowed'); | ||
| } | ||
@@ -96,3 +90,3 @@ let encryptedKey; | ||
| } | ||
| catch (_c) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the encrypted_key'); | ||
@@ -121,3 +115,3 @@ } | ||
| } | ||
| catch (_d) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the iv'); | ||
@@ -128,6 +122,6 @@ } | ||
| } | ||
| catch (_e) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the tag'); | ||
| } | ||
| const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : ''); | ||
| const protectedHeader = encoder.encode(jwe.protected ?? ''); | ||
| let additionalData; | ||
@@ -144,9 +138,6 @@ if (jwe.aad !== undefined) { | ||
| } | ||
| catch (_f) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the ciphertext'); | ||
| } | ||
| let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData); | ||
| if (joseHeader.zip === 'DEF') { | ||
| plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext); | ||
| } | ||
| const result = { plaintext }; | ||
@@ -160,3 +151,3 @@ if (jwe.protected !== undefined) { | ||
| } | ||
| catch (_g) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the aad'); | ||
@@ -163,0 +154,0 @@ } |
| import { encode as base64url } from '../../runtime/base64url.js'; | ||
| import encrypt from '../../runtime/encrypt.js'; | ||
| import { deflate } from '../../runtime/zlib.js'; | ||
| import generateIv from '../../lib/iv.js'; | ||
@@ -76,10 +75,5 @@ import encryptKeyManagement from '../../lib/encrypt_key_management.js'; | ||
| }; | ||
| validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader); | ||
| validateCrit(JWEInvalid, new Map(), options?.crit, this._protectedHeader, joseHeader); | ||
| if (joseHeader.zip !== undefined) { | ||
| if (!this._protectedHeader || !this._protectedHeader.zip) { | ||
| throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected'); | ||
| } | ||
| if (joseHeader.zip !== 'DEF') { | ||
| throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value'); | ||
| } | ||
| throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.'); | ||
| } | ||
@@ -144,12 +138,3 @@ const { alg, enc } = joseHeader; | ||
| } | ||
| let ciphertext; | ||
| let tag; | ||
| if (joseHeader.zip === 'DEF') { | ||
| const deflated = await ((options === null || options === void 0 ? void 0 : options.deflateRaw) || deflate)(this._plaintext); | ||
| ({ ciphertext, tag } = await encrypt(enc, deflated, cek, this._iv, additionalData)); | ||
| } | ||
| else { | ||
| ; | ||
| ({ ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData)); | ||
| } | ||
| const { ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData); | ||
| const jwe = { | ||
@@ -156,0 +141,0 @@ ciphertext: base64url(ciphertext), |
@@ -27,3 +27,3 @@ import { flattenedDecrypt } from '../flattened/decrypt.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| } | ||
@@ -30,0 +30,0 @@ } |
| import { FlattenedEncrypt, unprotected } from '../flattened/encrypt.js'; | ||
| import { JWEInvalid } from '../../util/errors.js'; | ||
| import { JOSENotSupported, JWEInvalid } from '../../util/errors.js'; | ||
| import generateCek from '../../lib/cek.js'; | ||
@@ -37,3 +37,3 @@ import isDisjoint from '../../lib/is_disjoint.js'; | ||
| addRecipient(key, options) { | ||
| const recipient = new IndividualRecipient(this, key, { crit: options === null || options === void 0 ? void 0 : options.crit }); | ||
| const recipient = new IndividualRecipient(this, key, { crit: options?.crit }); | ||
| this._recipients.push(recipient); | ||
@@ -60,8 +60,6 @@ return recipient; | ||
| } | ||
| async encrypt(options) { | ||
| var _a, _b, _c; | ||
| async encrypt() { | ||
| if (!this._recipients.length) { | ||
| throw new JWEInvalid('at least one recipient must be added'); | ||
| } | ||
| options = { deflateRaw: options === null || options === void 0 ? void 0 : options.deflateRaw }; | ||
| if (this._recipients.length === 1) { | ||
@@ -74,3 +72,3 @@ const [recipient] = this._recipients; | ||
| .setUnprotectedHeader(recipient.unprotectedHeader) | ||
| .encrypt(recipient.key, { ...recipient.options, ...options }); | ||
| .encrypt(recipient.key, { ...recipient.options }); | ||
| let jwe = { | ||
@@ -123,5 +121,3 @@ ciphertext: flattened.ciphertext, | ||
| if (joseHeader.zip !== undefined) { | ||
| if (!this._protectedHeader || !this._protectedHeader.zip) { | ||
| throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected'); | ||
| } | ||
| throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.'); | ||
| } | ||
@@ -156,3 +152,2 @@ } | ||
| ...recipient.options, | ||
| ...options, | ||
| [unprotected]: true, | ||
@@ -174,5 +169,5 @@ }); | ||
| } | ||
| const { encryptedKey, parameters } = await encryptKeyManagement(((_a = recipient.unprotectedHeader) === null || _a === void 0 ? void 0 : _a.alg) || | ||
| ((_b = this._protectedHeader) === null || _b === void 0 ? void 0 : _b.alg) || | ||
| ((_c = this._unprotectedHeader) === null || _c === void 0 ? void 0 : _c.alg), enc, recipient.key, cek, { p2c }); | ||
| const { encryptedKey, parameters } = await encryptKeyManagement(recipient.unprotectedHeader?.alg || | ||
| this._protectedHeader?.alg || | ||
| this._unprotectedHeader?.alg, enc, recipient.key, cek, { p2c }); | ||
| target.encrypted_key = base64url(encryptedKey); | ||
@@ -179,0 +174,0 @@ if (recipient.unprotectedHeader || parameters) |
@@ -7,3 +7,3 @@ import { importJWK } from '../key/import.js'; | ||
| ...protectedHeader, | ||
| ...token === null || token === void 0 ? void 0 : token.header, | ||
| ...token?.header, | ||
| }; | ||
@@ -13,3 +13,3 @@ if (!isObject(joseHeader.jwk)) { | ||
| } | ||
| const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true); | ||
| const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg); | ||
| if (key instanceof Uint8Array || key.type !== 'public') { | ||
@@ -16,0 +16,0 @@ throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key'); |
@@ -15,3 +15,3 @@ import digest from '../runtime/digest.js'; | ||
| } | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| digestAlgorithm ?? (digestAlgorithm = 'sha256'); | ||
| if (digestAlgorithm !== 'sha256' && | ||
@@ -51,5 +51,5 @@ digestAlgorithm !== 'sha384' && | ||
| export async function calculateJwkThumbprintUri(jwk, digestAlgorithm) { | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| digestAlgorithm ?? (digestAlgorithm = 'sha256'); | ||
| const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
| return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
| } |
@@ -41,3 +41,3 @@ import { importJWK } from '../key/import.js'; | ||
| async getKey(protectedHeader, token) { | ||
| const { alg, kid } = { ...protectedHeader, ...token === null || token === void 0 ? void 0 : token.header }; | ||
| const { alg, kid } = { ...protectedHeader, ...token?.header }; | ||
| const kty = getKtyFromAlg(alg); | ||
@@ -91,3 +91,3 @@ const candidates = this._jwks.keys.filter((jwk) => { | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| continue; | ||
@@ -94,0 +94,0 @@ } |
@@ -17,8 +17,8 @@ import fetchJwks from '../runtime/fetch_jwks.js'; | ||
| this._url = new URL(url.href); | ||
| this._options = { agent: options === null || options === void 0 ? void 0 : options.agent, headers: options === null || options === void 0 ? void 0 : options.headers }; | ||
| this._options = { agent: options?.agent, headers: options?.headers }; | ||
| this._timeoutDuration = | ||
| typeof (options === null || options === void 0 ? void 0 : options.timeoutDuration) === 'number' ? options === null || options === void 0 ? void 0 : options.timeoutDuration : 5000; | ||
| typeof options?.timeoutDuration === 'number' ? options?.timeoutDuration : 5000; | ||
| this._cooldownDuration = | ||
| typeof (options === null || options === void 0 ? void 0 : options.cooldownDuration) === 'number' ? options === null || options === void 0 ? void 0 : options.cooldownDuration : 30000; | ||
| this._cacheMaxAge = typeof (options === null || options === void 0 ? void 0 : options.cacheMaxAge) === 'number' ? options === null || options === void 0 ? void 0 : options.cacheMaxAge : 600000; | ||
| typeof options?.cooldownDuration === 'number' ? options?.cooldownDuration : 30000; | ||
| this._cacheMaxAge = typeof options?.cacheMaxAge === 'number' ? options?.cacheMaxAge : 600000; | ||
| } | ||
@@ -25,0 +25,0 @@ coolingDown() { |
@@ -40,3 +40,3 @@ import { encode as base64url } from '../../runtime/base64url.js'; | ||
| }; | ||
| const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader); | ||
| const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, this._protectedHeader, joseHeader); | ||
| let b64 = true; | ||
@@ -43,0 +43,0 @@ if (extensions.has('b64')) { |
@@ -11,3 +11,2 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
| export async function flattenedVerify(jws, key, options) { | ||
| var _a; | ||
| if (!isObject(jws)) { | ||
@@ -37,3 +36,3 @@ throw new JWSInvalid('Flattened JWS must be an object'); | ||
| } | ||
| catch (_b) { | ||
| catch { | ||
| throw new JWSInvalid('JWS Protected Header is invalid'); | ||
@@ -49,3 +48,3 @@ } | ||
| }; | ||
| const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader); | ||
| const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader); | ||
| let b64 = true; | ||
@@ -64,3 +63,3 @@ if (extensions.has('b64')) { | ||
| if (algorithms && !algorithms.has(alg)) { | ||
| throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed'); | ||
| throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed'); | ||
| } | ||
@@ -81,3 +80,3 @@ if (b64) { | ||
| checkKeyType(alg, key, 'verify'); | ||
| const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload); | ||
| const data = concat(encoder.encode(jws.protected ?? ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload); | ||
| let signature; | ||
@@ -87,3 +86,3 @@ try { | ||
| } | ||
| catch (_c) { | ||
| catch { | ||
| throw new JWSInvalid('Failed to base64url decode the signature'); | ||
@@ -100,3 +99,3 @@ } | ||
| } | ||
| catch (_d) { | ||
| catch { | ||
| throw new JWSInvalid('Failed to base64url decode the payload'); | ||
@@ -103,0 +102,0 @@ } |
@@ -20,3 +20,3 @@ import { flattenedVerify } from '../flattened/verify.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| } | ||
@@ -23,0 +23,0 @@ } |
| import epoch from '../lib/epoch.js'; | ||
| import isObject from '../lib/is_object.js'; | ||
| import secs from '../lib/secs.js'; | ||
| function validateInput(label, input) { | ||
| if (!Number.isFinite(input)) { | ||
| throw new TypeError(`Invalid ${label} input`); | ||
| } | ||
| return input; | ||
| } | ||
| export class ProduceJWT { | ||
| constructor(payload) { | ||
| constructor(payload = {}) { | ||
| if (!isObject(payload)) { | ||
@@ -29,4 +35,7 @@ throw new TypeError('JWT Claims Set MUST be an object'); | ||
| if (typeof input === 'number') { | ||
| this._payload = { ...this._payload, nbf: input }; | ||
| this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) }; | ||
| } | ||
| else if (input instanceof Date) { | ||
| this._payload = { ...this._payload, nbf: validateInput('setNotBefore', epoch(input)) }; | ||
| } | ||
| else { | ||
@@ -39,4 +48,7 @@ this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) }; | ||
| if (typeof input === 'number') { | ||
| this._payload = { ...this._payload, exp: input }; | ||
| this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) }; | ||
| } | ||
| else if (input instanceof Date) { | ||
| this._payload = { ...this._payload, exp: validateInput('setExpirationTime', epoch(input)) }; | ||
| } | ||
| else { | ||
@@ -51,4 +63,7 @@ this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) }; | ||
| } | ||
| else if (input instanceof Date) { | ||
| this._payload = { ...this._payload, iat: validateInput('setIssuedAt', epoch(input)) }; | ||
| } | ||
| else { | ||
| this._payload = { ...this._payload, iat: input }; | ||
| this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) }; | ||
| } | ||
@@ -55,0 +70,0 @@ return this; |
@@ -11,6 +11,5 @@ import { CompactSign } from '../jws/compact/sign.js'; | ||
| async sign(key, options) { | ||
| var _a; | ||
| const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload))); | ||
| sig.setProtectedHeader(this._protectedHeader); | ||
| if (Array.isArray((_a = this._protectedHeader) === null || _a === void 0 ? void 0 : _a.crit) && | ||
| if (Array.isArray(this._protectedHeader?.crit) && | ||
| this._protectedHeader.crit.includes('b64') && | ||
@@ -17,0 +16,0 @@ this._protectedHeader.b64 === false) { |
@@ -26,3 +26,3 @@ import * as base64url from '../runtime/base64url.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new JWTInvalid('Invalid Unsecured JWT'); | ||
@@ -29,0 +29,0 @@ } |
@@ -5,5 +5,4 @@ import { compactVerify } from '../jws/compact/verify.js'; | ||
| export async function jwtVerify(jwt, key, options) { | ||
| var _a; | ||
| const verified = await compactVerify(jwt, key, options); | ||
| if (((_a = verified.protectedHeader.crit) === null || _a === void 0 ? void 0 : _a.includes('b64')) && verified.protectedHeader.b64 === false) { | ||
| if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) { | ||
| throw new JWTInvalid('JWTs MUST NOT use unencoded payload'); | ||
@@ -10,0 +9,0 @@ } |
@@ -24,4 +24,3 @@ import { decode as decodeBase64URL } from '../runtime/base64url.js'; | ||
| } | ||
| export async function importJWK(jwk, alg, octAsKeyObject) { | ||
| var _a; | ||
| export async function importJWK(jwk, alg) { | ||
| if (!isObject(jwk)) { | ||
@@ -36,6 +35,2 @@ throw new TypeError('JWK must be an object'); | ||
| } | ||
| octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : (octAsKeyObject = jwk.ext !== true); | ||
| if (octAsKeyObject) { | ||
| return asKeyObject({ ...jwk, alg, ext: (_a = jwk.ext) !== null && _a !== void 0 ? _a : false }); | ||
| } | ||
| return decodeBase64URL(jwk.k); | ||
@@ -42,0 +37,0 @@ case 'RSA': |
@@ -39,3 +39,3 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the apu'); | ||
@@ -50,3 +50,3 @@ } | ||
| } | ||
| catch (_b) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the apv'); | ||
@@ -78,3 +78,3 @@ } | ||
| throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`); | ||
| const p2cLimit = (options === null || options === void 0 ? void 0 : options.maxPBES2Count) || 10000; | ||
| const p2cLimit = options?.maxPBES2Count || 10000; | ||
| if (joseHeader.p2c > p2cLimit) | ||
@@ -88,3 +88,3 @@ throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`); | ||
| } | ||
| catch (_c) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the p2s'); | ||
@@ -114,3 +114,3 @@ } | ||
| } | ||
| catch (_d) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the iv'); | ||
@@ -122,3 +122,3 @@ } | ||
| } | ||
| catch (_e) { | ||
| catch { | ||
| throw new JWEInvalid('Failed to base64url decode the tag'); | ||
@@ -125,0 +125,0 @@ } |
@@ -27,3 +27,3 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| } | ||
@@ -30,0 +30,0 @@ if (!isObject(payload)) { |
@@ -59,3 +59,2 @@ import crypto, { isCryptoKey } from './webcrypto.js'; | ||
| const genericImport = async (replace, keyFormat, pem, alg, options) => { | ||
| var _a; | ||
| let algorithm; | ||
@@ -118,3 +117,3 @@ let keyUsages; | ||
| } | ||
| return crypto.subtle.importKey(keyFormat, keyData, algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages); | ||
| return crypto.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? false, keyUsages); | ||
| }; | ||
@@ -121,0 +120,0 @@ export const fromPKCS8 = (pem, alg, options) => { |
@@ -34,5 +34,5 @@ import { encoder, decoder } from '../lib/buffer_utils.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new TypeError('The input to be decoded is not correctly encoded.'); | ||
| } | ||
| }; |
@@ -26,3 +26,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| } | ||
@@ -36,3 +36,3 @@ if (!macCheckPassed) { | ||
| } | ||
| catch (_b) { | ||
| catch { | ||
| } | ||
@@ -61,3 +61,3 @@ if (!plaintext) { | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new JWEDecryptionFailed(); | ||
@@ -64,0 +64,0 @@ } |
@@ -30,3 +30,3 @@ import { JOSEError, JWKSTimeout } from '../util/errors.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON'); | ||
@@ -33,0 +33,0 @@ } |
@@ -5,3 +5,2 @@ import crypto from './webcrypto.js'; | ||
| export async function generateSecret(alg, options) { | ||
| var _a; | ||
| let length; | ||
@@ -43,7 +42,6 @@ let algorithm; | ||
| } | ||
| return crypto.subtle.generateKey(algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages); | ||
| return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages); | ||
| } | ||
| function getModulusLengthOption(options) { | ||
| var _a; | ||
| const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048; | ||
| const modulusLength = options?.modulusLength ?? 2048; | ||
| if (typeof modulusLength !== 'number' || modulusLength < 2048) { | ||
@@ -55,3 +53,2 @@ throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used'); | ||
| export async function generateKeyPair(alg, options) { | ||
| var _a, _b, _c; | ||
| let algorithm; | ||
@@ -108,3 +105,3 @@ let keyUsages; | ||
| keyUsages = ['sign', 'verify']; | ||
| const crv = (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : 'Ed25519'; | ||
| const crv = options?.crv ?? 'Ed25519'; | ||
| switch (crv) { | ||
@@ -124,3 +121,3 @@ case 'Ed25519': | ||
| keyUsages = ['deriveKey', 'deriveBits']; | ||
| const crv = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : 'P-256'; | ||
| const crv = options?.crv ?? 'P-256'; | ||
| switch (crv) { | ||
@@ -145,3 +142,3 @@ case 'P-256': | ||
| } | ||
| return (crypto.subtle.generateKey(algorithm, (_c = options === null || options === void 0 ? void 0 : options.extractable) !== null && _c !== void 0 ? _c : false, keyUsages)); | ||
| return (crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages)); | ||
| } |
| import crypto from './webcrypto.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
| import { decode as base64url } from './base64url.js'; | ||
| function subtleMapping(jwk) { | ||
@@ -8,40 +7,2 @@ let algorithm; | ||
| switch (jwk.kty) { | ||
| case 'oct': { | ||
| switch (jwk.alg) { | ||
| case 'HS256': | ||
| case 'HS384': | ||
| case 'HS512': | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.slice(-3)}` }; | ||
| keyUsages = ['sign', 'verify']; | ||
| break; | ||
| case 'A128CBC-HS256': | ||
| case 'A192CBC-HS384': | ||
| case 'A256CBC-HS512': | ||
| throw new JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`); | ||
| case 'A128GCM': | ||
| case 'A192GCM': | ||
| case 'A256GCM': | ||
| case 'A128GCMKW': | ||
| case 'A192GCMKW': | ||
| case 'A256GCMKW': | ||
| algorithm = { name: 'AES-GCM' }; | ||
| keyUsages = ['encrypt', 'decrypt']; | ||
| break; | ||
| case 'A128KW': | ||
| case 'A192KW': | ||
| case 'A256KW': | ||
| algorithm = { name: 'AES-KW' }; | ||
| keyUsages = ['wrapKey', 'unwrapKey']; | ||
| break; | ||
| case 'PBES2-HS256+A128KW': | ||
| case 'PBES2-HS384+A192KW': | ||
| case 'PBES2-HS512+A256KW': | ||
| algorithm = { name: 'PBKDF2' }; | ||
| keyUsages = ['deriveBits']; | ||
| break; | ||
| default: | ||
| throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); | ||
| } | ||
| break; | ||
| } | ||
| case 'RSA': { | ||
@@ -126,3 +87,2 @@ switch (jwk.alg) { | ||
| const parse = async (jwk) => { | ||
| var _a, _b; | ||
| if (!jwk.alg) { | ||
@@ -134,8 +94,5 @@ throw new TypeError('"alg" argument is required when "jwk.alg" is not present'); | ||
| algorithm, | ||
| (_a = jwk.ext) !== null && _a !== void 0 ? _a : false, | ||
| (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages, | ||
| jwk.ext ?? false, | ||
| jwk.key_ops ?? keyUsages, | ||
| ]; | ||
| if (algorithm.name === 'PBKDF2') { | ||
| return crypto.subtle.importKey('raw', base64url(jwk.k), ...rest); | ||
| } | ||
| const keyData = { ...jwk }; | ||
@@ -142,0 +99,0 @@ delete keyData.alg; |
@@ -12,3 +12,3 @@ import subtleAlgorithm from './subtle_dsa.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| return false; | ||
@@ -15,0 +15,0 @@ } |
@@ -19,3 +19,3 @@ import { decode as base64url } from './base64url.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new JWTInvalid('Failed to base64url decode the payload'); | ||
@@ -27,3 +27,3 @@ } | ||
| } | ||
| catch (_b) { | ||
| catch { | ||
| throw new JWTInvalid('Failed to parse the decoded payload as JSON'); | ||
@@ -30,0 +30,0 @@ } |
@@ -31,5 +31,5 @@ import { decode as base64url } from './base64url.js'; | ||
| } | ||
| catch (_a) { | ||
| catch { | ||
| throw new TypeError('Invalid Token or Protected Header formatting'); | ||
| } | ||
| } |
@@ -6,7 +6,6 @@ export class JOSEError extends Error { | ||
| constructor(message) { | ||
| var _a; | ||
| super(message); | ||
| this.code = 'ERR_JOSE_GENERIC'; | ||
| this.name = this.constructor.name; | ||
| (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor); | ||
| Error.captureStackTrace?.(this, this.constructor); | ||
| } | ||
@@ -13,0 +12,0 @@ } |
@@ -13,3 +13,3 @@ # `jose` API Documentation | ||
| ```js | ||
| import * as jose from 'https://deno.land/x/jose@v4.15.4/index.ts' | ||
| import * as jose from 'https://deno.land/x/jose@v5.0.0/index.ts' | ||
| ``` | ||
@@ -21,9 +21,9 @@ | ||
| - [Signing](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwt_sign.SignJWT.md) using the `SignJWT` class | ||
| - [Verification & JWT Claims Set Validation](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwt_verify.jwtVerify.md) using the `jwtVerify` function | ||
| - [Using a remote JWKS](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwks_remote.createRemoteJWKSet.md) | ||
| - [Using a local JWKS](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwks_local.createLocalJWKSet.md) | ||
| - [Signing](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwt_sign.SignJWT.md) using the `SignJWT` class | ||
| - [Verification & JWT Claims Set Validation](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwt_verify.jwtVerify.md) using the `jwtVerify` function | ||
| - [Using a remote JWKS](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwks_remote.createRemoteJWKSet.md) | ||
| - [Using a local JWKS](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwks_local.createLocalJWKSet.md) | ||
| - Utility functions | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v4.15.4/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
| - [Decoding JWT Claims Set](https://github.com/panva/jose/blob/v4.15.4/docs/functions/util_decode_jwt.decodeJwt.md) prior to its validation | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v5.0.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
| - [Decoding JWT Claims Set](https://github.com/panva/jose/blob/v5.0.0/docs/functions/util_decode_jwt.decodeJwt.md) prior to its validation | ||
@@ -34,6 +34,6 @@ ### Encrypted JSON Web Tokens | ||
| - [Encryption](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwt_encrypt.EncryptJWT.md) using the `EncryptJWT` class | ||
| - [Decryption & JWT Claims Set Validation](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwt_decrypt.jwtDecrypt.md) using the `jwtDecrypt` function | ||
| - [Encryption](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwt_encrypt.EncryptJWT.md) using the `EncryptJWT` class | ||
| - [Decryption & JWT Claims Set Validation](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwt_decrypt.jwtDecrypt.md) using the `jwtDecrypt` function | ||
| - Utility functions | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v4.15.4/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v5.0.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
@@ -45,13 +45,13 @@ ### Key Utilities | ||
| - Key Import Functions | ||
| - [JWK Import](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_import.importJWK.md) | ||
| - [Public Key Import (SPKI)](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_import.importSPKI.md) | ||
| - [Public Key Import (X.509 Certificate)](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_import.importX509.md) | ||
| - [Private Key Import (PKCS #8)](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_import.importPKCS8.md) | ||
| - [JWK Import](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_import.importJWK.md) | ||
| - [Public Key Import (SPKI)](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_import.importSPKI.md) | ||
| - [Public Key Import (X.509 Certificate)](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_import.importX509.md) | ||
| - [Private Key Import (PKCS #8)](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_import.importPKCS8.md) | ||
| - Key and Secret Generation Functions | ||
| - [Asymmetric Key Pair Generation](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_generate_key_pair.generateKeyPair.md) | ||
| - [Symmetric Secret Generation](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_generate_secret.generateSecret.md) | ||
| - [Asymmetric Key Pair Generation](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_generate_key_pair.generateKeyPair.md) | ||
| - [Symmetric Secret Generation](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_generate_secret.generateSecret.md) | ||
| - Key Export Functions | ||
| - [JWK Export](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_export.exportJWK.md) | ||
| - [Private Key Export](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_export.exportPKCS8.md) | ||
| - [Public Key Export](https://github.com/panva/jose/blob/v4.15.4/docs/functions/key_export.exportSPKI.md) | ||
| - [JWK Export](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_export.exportJWK.md) | ||
| - [Private Key Export](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_export.exportPKCS8.md) | ||
| - [Public Key Export](https://github.com/panva/jose/blob/v5.0.0/docs/functions/key_export.exportSPKI.md) | ||
@@ -62,8 +62,8 @@ ### JSON Web Signature (JWS) | ||
| - Signing - [Compact](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jws_compact_sign.CompactSign.md), [Flattened JSON](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jws_flattened_sign.FlattenedSign.md), [General JSON](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jws_general_sign.GeneralSign.md) | ||
| - Verification - [Compact](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jws_compact_verify.compactVerify.md), [Flattened JSON](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jws_flattened_verify.flattenedVerify.md), [General JSON](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jws_general_verify.generalVerify.md) | ||
| - [Verify using a remote JWKS](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwks_remote.createRemoteJWKSet.md) | ||
| - [Verify using a local JWKS](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwks_local.createLocalJWKSet.md) | ||
| - Signing - [Compact](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jws_compact_sign.CompactSign.md), [Flattened JSON](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jws_flattened_sign.FlattenedSign.md), [General JSON](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jws_general_sign.GeneralSign.md) | ||
| - Verification - [Compact](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jws_compact_verify.compactVerify.md), [Flattened JSON](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jws_flattened_verify.flattenedVerify.md), [General JSON](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jws_general_verify.generalVerify.md) | ||
| - [Verify using a remote JWKS](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwks_remote.createRemoteJWKSet.md) | ||
| - [Verify using a local JWKS](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwks_local.createLocalJWKSet.md) | ||
| - Utility functions | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v4.15.4/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v5.0.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
@@ -74,6 +74,6 @@ ### JSON Web Encryption (JWE) | ||
| - Encryption - [Compact](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwe_compact_encrypt.CompactEncrypt.md), [Flattened JSON](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md), [General JSON](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwe_general_encrypt.GeneralEncrypt.md) | ||
| - Decryption - [Compact](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwe_compact_decrypt.compactDecrypt.md), [Flattened JSON](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md), [General JSON](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwe_general_decrypt.generalDecrypt.md) | ||
| - Encryption - [Compact](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwe_compact_encrypt.CompactEncrypt.md), [Flattened JSON](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md), [General JSON](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwe_general_encrypt.GeneralEncrypt.md) | ||
| - Decryption - [Compact](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwe_compact_decrypt.compactDecrypt.md), [Flattened JSON](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md), [General JSON](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwe_general_decrypt.generalDecrypt.md) | ||
| - Utility functions | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v4.15.4/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
| - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v5.0.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md) | ||
@@ -84,6 +84,6 @@ ### Other | ||
| - [Calculating JWK Thumbprint](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwk_thumbprint.calculateJwkThumbprint.md) | ||
| - [Calculating JWK Thumbprint URI](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwk_thumbprint.calculateJwkThumbprintUri.md) | ||
| - [Verification using a JWK Embedded in a JWS Header](https://github.com/panva/jose/blob/v4.15.4/docs/functions/jwk_embedded.EmbeddedJWK.md) | ||
| - [Unsecured JWT](https://github.com/panva/jose/blob/v4.15.4/docs/classes/jwt_unsecured.UnsecuredJWT.md) | ||
| - [JOSE Errors](https://github.com/panva/jose/blob/v4.15.4/docs/modules/util_errors.md) | ||
| - [Calculating JWK Thumbprint](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwk_thumbprint.calculateJwkThumbprint.md) | ||
| - [Calculating JWK Thumbprint URI](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwk_thumbprint.calculateJwkThumbprintUri.md) | ||
| - [Verification using a JWK Embedded in a JWS Header](https://github.com/panva/jose/blob/v5.0.0/docs/functions/jwk_embedded.EmbeddedJWK.md) | ||
| - [Unsecured JWT](https://github.com/panva/jose/blob/v5.0.0/docs/classes/jwt_unsecured.UnsecuredJWT.md) | ||
| - [JOSE Errors](https://github.com/panva/jose/blob/v5.0.0/docs/modules/util_errors.md) |
@@ -47,3 +47,3 @@ export { compactDecrypt } from './jwe/compact/decrypt'; | ||
| export * as base64url from './util/base64url'; | ||
| export type { KeyLike, JWK, FlattenedJWSInput, GeneralJWSInput, FlattenedJWS, GeneralJWS, JoseHeaderParameters, JWSHeaderParameters, JWEKeyManagementHeaderParameters, FlattenedJWE, GeneralJWE, JWEHeaderParameters, CritOption, DeflateOption, DecryptOptions, EncryptOptions, JWTClaimVerificationOptions, VerifyOptions, SignOptions, JWTPayload, DeflateFunction, InflateFunction, FlattenedDecryptResult, GeneralDecryptResult, CompactDecryptResult, FlattenedVerifyResult, GeneralVerifyResult, CompactVerifyResult, JWTVerifyResult, JWTDecryptResult, ResolvedKey, CompactJWEHeaderParameters, CompactJWSHeaderParameters, JWTHeaderParameters, JSONWebKeySet, CryptoRuntime, GetKeyFunction, } from './types'; | ||
| export type { KeyLike, JWK, FlattenedJWSInput, GeneralJWSInput, FlattenedJWS, GeneralJWS, JoseHeaderParameters, JWSHeaderParameters, JWEKeyManagementHeaderParameters, FlattenedJWE, GeneralJWE, JWEHeaderParameters, CritOption, DecryptOptions, EncryptOptions, JWTClaimVerificationOptions, VerifyOptions, SignOptions, JWTPayload, FlattenedDecryptResult, GeneralDecryptResult, CompactDecryptResult, FlattenedVerifyResult, GeneralVerifyResult, CompactVerifyResult, JWTVerifyResult, JWTDecryptResult, ResolvedKey, CompactJWEHeaderParameters, CompactJWSHeaderParameters, JWTHeaderParameters, JSONWebKeySet, CryptoRuntime, GetKeyFunction, } from './types'; | ||
| export { default as cryptoRuntime } from './util/runtime'; |
@@ -23,2 +23,2 @@ import type { KeyLike, DecryptOptions, CompactJWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function compactDecrypt<T extends KeyLike = KeyLike>(jwe: string | Uint8Array, getKey: CompactDecryptGetKey, options?: DecryptOptions): Promise<CompactDecryptResult & ResolvedKey<T>>; | ||
| export declare function compactDecrypt<KeyLikeType extends KeyLike = KeyLike>(jwe: string | Uint8Array, getKey: CompactDecryptGetKey, options?: DecryptOptions): Promise<CompactDecryptResult & ResolvedKey<KeyLikeType>>; |
@@ -23,2 +23,2 @@ import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function flattenedDecrypt<T extends KeyLike = KeyLike>(jwe: FlattenedJWE, getKey: FlattenedDecryptGetKey, options?: DecryptOptions): Promise<FlattenedDecryptResult & ResolvedKey<T>>; | ||
| export declare function flattenedDecrypt<KeyLikeType extends KeyLike = KeyLike>(jwe: FlattenedJWE, getKey: FlattenedDecryptGetKey, options?: DecryptOptions): Promise<FlattenedDecryptResult & ResolvedKey<KeyLikeType>>; |
@@ -23,2 +23,2 @@ import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function generalDecrypt<T extends KeyLike = KeyLike>(jwe: GeneralJWE, getKey: GeneralDecryptGetKey, options?: DecryptOptions): Promise<GeneralDecryptResult & ResolvedKey<T>>; | ||
| export declare function generalDecrypt<KeyLikeType extends KeyLike = KeyLike>(jwe: GeneralJWE, getKey: GeneralDecryptGetKey, options?: DecryptOptions): Promise<GeneralDecryptResult & ResolvedKey<KeyLikeType>>; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, GeneralJWE, JWEHeaderParameters, CritOption, DeflateOption } from '../../types'; | ||
| import type { KeyLike, GeneralJWE, JWEHeaderParameters, CritOption } from '../../types'; | ||
| export interface Recipient { | ||
@@ -54,8 +54,4 @@ /** | ||
| setAdditionalAuthenticatedData(aad: Uint8Array): this; | ||
| /** | ||
| * Encrypts and resolves the value of the General JWE object. | ||
| * | ||
| * @param options JWE Encryption options. | ||
| */ | ||
| encrypt(options?: DeflateOption): Promise<GeneralJWE>; | ||
| /** Encrypts and resolves the value of the General JWE object. */ | ||
| encrypt(): Promise<GeneralJWE>; | ||
| } |
@@ -9,2 +9,2 @@ import type { KeyLike, FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
| */ | ||
| export declare function EmbeddedJWK<T extends KeyLike = KeyLike>(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<T>; | ||
| export declare function EmbeddedJWK<KeyLikeType extends KeyLike = KeyLike>(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<KeyLikeType>; |
@@ -5,7 +5,7 @@ import type { KeyLike, JWSHeaderParameters, JSONWebKeySet, FlattenedJWSInput } from '../types'; | ||
| /** @private */ | ||
| export declare class LocalJWKSet<T extends KeyLike = KeyLike> { | ||
| export declare class LocalJWKSet<KeyLikeType extends KeyLike = KeyLike> { | ||
| protected _jwks?: JSONWebKeySet; | ||
| private _cached; | ||
| constructor(jwks: unknown); | ||
| getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<T>; | ||
| getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<KeyLikeType>; | ||
| } | ||
@@ -27,2 +27,2 @@ /** | ||
| */ | ||
| export declare function createLocalJWKSet<T extends KeyLike = KeyLike>(jwks: JSONWebKeySet): (protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput) => Promise<T>; | ||
| export declare function createLocalJWKSet<KeyLikeType extends KeyLike = KeyLike>(jwks: JSONWebKeySet): (protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput) => Promise<KeyLikeType>; |
@@ -49,2 +49,2 @@ import type { KeyLike, JWSHeaderParameters, FlattenedJWSInput } from '../types'; | ||
| */ | ||
| export declare function createRemoteJWKSet<T extends KeyLike = KeyLike>(url: URL, options?: RemoteJWKSetOptions): (protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput) => Promise<T>; | ||
| export declare function createRemoteJWKSet<KeyLikeType extends KeyLike = KeyLike>(url: URL, options?: RemoteJWKSetOptions): (protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput) => Promise<KeyLikeType>; |
@@ -25,2 +25,2 @@ import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, CompactJWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function compactVerify<T extends KeyLike = KeyLike>(jws: string | Uint8Array, getKey: CompactVerifyGetKey, options?: VerifyOptions): Promise<CompactVerifyResult & ResolvedKey<T>>; | ||
| export declare function compactVerify<KeyLikeType extends KeyLike = KeyLike>(jws: string | Uint8Array, getKey: CompactVerifyGetKey, options?: VerifyOptions): Promise<CompactVerifyResult & ResolvedKey<KeyLikeType>>; |
@@ -25,2 +25,2 @@ import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function flattenedVerify<T extends KeyLike = KeyLike>(jws: FlattenedJWSInput, getKey: FlattenedVerifyGetKey, options?: VerifyOptions): Promise<FlattenedVerifyResult & ResolvedKey<T>>; | ||
| export declare function flattenedVerify<KeyLikeType extends KeyLike = KeyLike>(jws: FlattenedJWSInput, getKey: FlattenedVerifyGetKey, options?: VerifyOptions): Promise<FlattenedVerifyResult & ResolvedKey<KeyLikeType>>; |
@@ -25,2 +25,2 @@ import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
| */ | ||
| export declare function generalVerify<T extends KeyLike = KeyLike>(jws: GeneralJWSInput, getKey: GeneralVerifyGetKey, options?: VerifyOptions): Promise<GeneralVerifyResult & ResolvedKey<T>>; | ||
| export declare function generalVerify<KeyLikeType extends KeyLike = KeyLike>(jws: GeneralJWSInput, getKey: GeneralVerifyGetKey, options?: VerifyOptions): Promise<GeneralVerifyResult & ResolvedKey<KeyLikeType>>; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, DecryptOptions, JWTClaimVerificationOptions, GetKeyFunction, CompactJWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types'; | ||
| import type { JWTPayload, KeyLike, DecryptOptions, JWTClaimVerificationOptions, GetKeyFunction, CompactJWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types'; | ||
| /** Combination of JWE Decryption options and JWT Claims Set verification options. */ | ||
@@ -20,3 +20,3 @@ export interface JWTDecryptOptions extends DecryptOptions, JWTClaimVerificationOptions { | ||
| */ | ||
| export declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>; | ||
| export declare function jwtDecrypt<PayloadType = JWTPayload>(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult<PayloadType>>; | ||
| /** | ||
@@ -28,2 +28,2 @@ * @param jwt JSON Web Token value (encoded as JWE). | ||
| */ | ||
| export declare function jwtDecrypt<T extends KeyLike = KeyLike>(jwt: string | Uint8Array, getKey: JWTDecryptGetKey, options?: JWTDecryptOptions): Promise<JWTDecryptResult & ResolvedKey<T>>; | ||
| export declare function jwtDecrypt<PayloadType = JWTPayload, KeyLikeType extends KeyLike = KeyLike>(jwt: string | Uint8Array, getKey: JWTDecryptGetKey, options?: JWTDecryptOptions): Promise<JWTDecryptResult<PayloadType> & ResolvedKey<KeyLikeType>>; |
@@ -5,6 +5,6 @@ import type { JWTPayload } from '../types'; | ||
| protected _payload: JWTPayload; | ||
| /** @param payload The JWT Claims Set object. */ | ||
| constructor(payload: JWTPayload); | ||
| /** @param payload The JWT Claims Set object. Defaults to an empty object. */ | ||
| constructor(payload?: JWTPayload); | ||
| /** | ||
| * Set "iss" (Issuer) Claim. | ||
| * Set the "iss" (Issuer) Claim. | ||
| * | ||
@@ -15,3 +15,3 @@ * @param issuer "Issuer" Claim value to set on the JWT Claims Set. | ||
| /** | ||
| * Set "sub" (Subject) Claim. | ||
| * Set the "sub" (Subject) Claim. | ||
| * | ||
@@ -22,3 +22,3 @@ * @param subject "sub" (Subject) Claim value to set on the JWT Claims Set. | ||
| /** | ||
| * Set "aud" (Audience) Claim. | ||
| * Set the "aud" (Audience) Claim. | ||
| * | ||
@@ -29,3 +29,3 @@ * @param audience "aud" (Audience) Claim value to set on the JWT Claims Set. | ||
| /** | ||
| * Set "jti" (JWT ID) Claim. | ||
| * Set the "jti" (JWT ID) Claim. | ||
| * | ||
@@ -36,3 +36,3 @@ * @param jwtId "jti" (JWT ID) Claim value to set on the JWT Claims Set. | ||
| /** | ||
| * Set "nbf" (Not Before) Claim. | ||
| * Set the "nbf" (Not Before) Claim. | ||
| * | ||
@@ -43,5 +43,5 @@ * @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. When number is passed | ||
| */ | ||
| setNotBefore(input: number | string): this; | ||
| setNotBefore(input: number | string | Date): this; | ||
| /** | ||
| * Set "exp" (Expiration Time) Claim. | ||
| * Set the "exp" (Expiration Time) Claim. | ||
| * | ||
@@ -52,5 +52,5 @@ * @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. When number is | ||
| */ | ||
| setExpirationTime(input: number | string): this; | ||
| setExpirationTime(input: number | string | Date): this; | ||
| /** | ||
| * Set "iat" (Issued At) Claim. | ||
| * Set the "iat" (Issued At) Claim. | ||
| * | ||
@@ -60,3 +60,3 @@ * @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. Default is current | ||
| */ | ||
| setIssuedAt(input?: number): this; | ||
| setIssuedAt(input?: number | Date): this; | ||
| } |
| import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types'; | ||
| import { ProduceJWT } from './produce'; | ||
| export interface UnsecuredResult { | ||
| payload: JWTPayload; | ||
| export interface UnsecuredResult<PayloadType = JWTPayload> { | ||
| payload: PayloadType & JWTPayload; | ||
| header: JWSHeaderParameters; | ||
@@ -20,3 +20,3 @@ } | ||
| */ | ||
| static decode(jwt: string, options?: JWTClaimVerificationOptions): UnsecuredResult; | ||
| static decode<PayloadType = JWTPayload>(jwt: string, options?: JWTClaimVerificationOptions): UnsecuredResult<PayloadType>; | ||
| } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types'; | ||
| import type { JWTPayload, KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types'; | ||
| /** Combination of JWS Verification options and JWT Claims Set verification options. */ | ||
@@ -22,3 +22,3 @@ export interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions { | ||
| */ | ||
| export declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>; | ||
| export declare function jwtVerify<PayloadType = JWTPayload>(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult<PayloadType>>; | ||
| /** | ||
@@ -30,2 +30,2 @@ * @param jwt JSON Web Token value (encoded as JWS). | ||
| */ | ||
| export declare function jwtVerify<T extends KeyLike = KeyLike>(jwt: string | Uint8Array, getKey: JWTVerifyGetKey, options?: JWTVerifyOptions): Promise<JWTVerifyResult & ResolvedKey<T>>; | ||
| export declare function jwtVerify<PayloadType = JWTPayload, KeyLikeType extends KeyLike = KeyLike>(jwt: string | Uint8Array, getKey: JWTVerifyGetKey, options?: JWTVerifyOptions): Promise<JWTVerifyResult<PayloadType> & ResolvedKey<KeyLikeType>>; |
| import type { KeyLike } from '../types'; | ||
| export interface GenerateKeyPairResult<T extends KeyLike = KeyLike> { | ||
| export interface GenerateKeyPairResult<KeyLikeType extends KeyLike = KeyLike> { | ||
| /** The generated Private Key. */ | ||
| privateKey: T; | ||
| privateKey: KeyLikeType; | ||
| /** Public Key corresponding to the generated Private Key. */ | ||
| publicKey: T; | ||
| publicKey: KeyLikeType; | ||
| } | ||
@@ -23,2 +23,3 @@ export interface GenerateKeyPairOptions { | ||
| * `extractable` argument. Default is false. | ||
| * | ||
| */ | ||
@@ -32,3 +33,4 @@ extractable?: boolean; | ||
| * Note: Under Web Crypto API runtime the `privateKey` is generated with `extractable` set to | ||
| * `false` by default. | ||
| * `false` by default. See {@link GenerateKeyPairOptions.extractable} to generate an extractable | ||
| * `privateKey`. | ||
| * | ||
@@ -38,2 +40,2 @@ * @param alg JWA Algorithm Identifier to be used with the generated key pair. | ||
| */ | ||
| export declare function generateKeyPair<T extends KeyLike = KeyLike>(alg: string, options?: GenerateKeyPairOptions): Promise<GenerateKeyPairResult<T>>; | ||
| export declare function generateKeyPair<KeyLikeType extends KeyLike = KeyLike>(alg: string, options?: GenerateKeyPairOptions): Promise<GenerateKeyPairResult<KeyLikeType>>; |
@@ -19,2 +19,2 @@ import type { KeyLike } from '../types'; | ||
| */ | ||
| export declare function generateSecret<T extends KeyLike = KeyLike>(alg: string, options?: GenerateSecretOptions): Promise<T | Uint8Array>; | ||
| export declare function generateSecret<KeyLikeType extends KeyLike = KeyLike>(alg: string, options?: GenerateSecretOptions): Promise<KeyLikeType | Uint8Array>; |
@@ -19,3 +19,3 @@ import type { JWK, KeyLike } from '../types'; | ||
| */ | ||
| export declare function importSPKI<T extends KeyLike = KeyLike>(spki: string, alg: string, options?: PEMImportOptions): Promise<T>; | ||
| export declare function importSPKI<KeyLikeType extends KeyLike = KeyLike>(spki: string, alg: string, options?: PEMImportOptions): Promise<KeyLikeType>; | ||
| /** | ||
@@ -30,3 +30,3 @@ * Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation | ||
| */ | ||
| export declare function importX509<T extends KeyLike = KeyLike>(x509: string, alg: string, options?: PEMImportOptions): Promise<T>; | ||
| export declare function importX509<KeyLikeType extends KeyLike = KeyLike>(x509: string, alg: string, options?: PEMImportOptions): Promise<KeyLikeType>; | ||
| /** | ||
@@ -41,3 +41,3 @@ * Imports a PEM-encoded PKCS#8 string as a runtime-specific private key representation (KeyObject | ||
| */ | ||
| export declare function importPKCS8<T extends KeyLike = KeyLike>(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<T>; | ||
| export declare function importPKCS8<KeyLikeType extends KeyLike = KeyLike>(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<KeyLikeType>; | ||
| /** | ||
@@ -54,5 +54,3 @@ * Imports a JWK to a runtime-specific key representation (KeyLike). Either JWK "alg" (Algorithm) | ||
| * {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}. | ||
| * @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or CryptoKey. Default | ||
| * is true unless JWK "ext" (Extractable) is true. | ||
| */ | ||
| export declare function importJWK<T extends KeyLike = KeyLike>(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<T | Uint8Array>; | ||
| export declare function importJWK<KeyLikeType extends KeyLike = KeyLike>(jwk: JWK, alg?: string): Promise<KeyLikeType | Uint8Array>; |
@@ -307,3 +307,3 @@ /** | ||
| /** | ||
| * JWE "zip" (Compression Algorithm) Header Parameter. | ||
| * JWE "zip" (Compression Algorithm) Header Parameter. This parameter is not supported anymore. | ||
| * | ||
@@ -348,3 +348,7 @@ * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| export interface DecryptOptions extends CritOption { | ||
| /** A list of accepted JWE "alg" (Algorithm) Header Parameter values. */ | ||
| /** | ||
| * A list of accepted JWE "alg" (Algorithm) Header Parameter values. By default all "alg" | ||
| * (Algorithm) Header Parameter values applicable for the used key/secret are allowed except for | ||
| * all PBES2 Key Management Algorithms, these need to be explicitly allowed using this option. | ||
| */ | ||
| keyManagementAlgorithms?: string[] | ||
@@ -359,8 +363,2 @@ | ||
| /** | ||
| * In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs | ||
| * with compressed plaintext. | ||
| */ | ||
| inflateRaw?: InflateFunction | ||
| /** | ||
| * (PBES2 Key Management Algorithms only) Maximum allowed "p2c" (PBES2 Count) Header Parameter | ||
@@ -373,13 +371,4 @@ * value. The PBKDF2 iteration count defines the algorithm's computational expense. By default | ||
| /** JWE Deflate option. */ | ||
| export interface DeflateOption { | ||
| /** | ||
| * In a browser runtime you have to provide an implementation for Deflate Raw when you will be | ||
| * producing JWEs with compressed plaintext. | ||
| */ | ||
| deflateRaw?: DeflateFunction | ||
| } | ||
| /** JWE Encryption options. */ | ||
| export interface EncryptOptions extends CritOption, DeflateOption {} | ||
| export interface EncryptOptions extends CritOption {} | ||
@@ -498,28 +487,2 @@ /** JWT Claims Set verification options. */ | ||
| /** | ||
| * Deflate Raw implementation, e.g. promisified | ||
| * {@link https://nodejs.org/api/zlib.html#zlibdeflaterawbuffer-options-callback zlib.deflateRaw}. | ||
| * | ||
| * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| * data often reveals information about the plaintext. | ||
| * | ||
| * @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
| */ | ||
| export interface DeflateFunction { | ||
| (input: Uint8Array): Promise<Uint8Array> | ||
| } | ||
| /** | ||
| * Inflate Raw implementation, e.g. promisified | ||
| * {@link https://nodejs.org/api/zlib.html#zlibinflaterawbuffer-options-callback zlib.inflateRaw}. | ||
| * | ||
| * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| * data often reveals information about the plaintext. | ||
| * | ||
| * @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
| */ | ||
| export interface InflateFunction { | ||
| (input: Uint8Array): Promise<Uint8Array> | ||
| } | ||
| export interface FlattenedDecryptResult { | ||
@@ -573,5 +536,5 @@ /** JWE AAD. */ | ||
| export interface JWTVerifyResult { | ||
| export interface JWTVerifyResult<PayloadType = JWTPayload> { | ||
| /** JWT Claims Set. */ | ||
| payload: JWTPayload | ||
| payload: PayloadType & JWTPayload | ||
@@ -582,5 +545,5 @@ /** JWS Protected Header. */ | ||
| export interface JWTDecryptResult { | ||
| export interface JWTDecryptResult<PayloadType = JWTPayload> { | ||
| /** JWT Claims Set. */ | ||
| payload: JWTPayload | ||
| payload: PayloadType & JWTPayload | ||
@@ -591,5 +554,5 @@ /** JWE Protected Header. */ | ||
| export interface ResolvedKey<T extends KeyLike = KeyLike> { | ||
| export interface ResolvedKey<KeyLikeType extends KeyLike = KeyLike> { | ||
| /** Key resolved from the key resolver function. */ | ||
| key: T | Uint8Array | ||
| key: KeyLikeType | Uint8Array | ||
| } | ||
@@ -596,0 +559,0 @@ |
| { | ||
| "name": "jose-browser-runtime", | ||
| "version": "4.15.4", | ||
| "version": "5.0.0", | ||
| "homepage": "https://github.com/panva/jose", | ||
@@ -5,0 +5,0 @@ "repository": "panva/jose", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Fixed alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Improved metrics
- Number of medium maintenance alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-2.78%
568271
- Number of package files
- decreased by-0.85%
117
- Lines of code
- decreased by-2.12%
12098
No dependency changes