New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
jose-node-cjs-runtime
Advanced tools
jose-node-cjs-runtime - npm Package Compare versions
Comparing version 3.13.0 to 3.14.0
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.fromKeyLike = void 0; | ||
| const base64url_js_1 = require("../runtime/base64url.js"); | ||
| const key_to_jwk_js_1 = require("../runtime/key_to_jwk.js"); | ||
| async function fromKeyLike(key) { | ||
| if (key instanceof Uint8Array) { | ||
| return { | ||
| kty: 'oct', | ||
| k: base64url_js_1.encode(key), | ||
| }; | ||
| } | ||
| return key_to_jwk_js_1.default(key); | ||
@@ -14,0 +7,0 @@ } |
@@ -53,3 +53,3 @@ "use strict"; | ||
| } | ||
| check_key_type_js_1.default(alg, key); | ||
| check_key_type_js_1.default(alg, key, 'sign'); | ||
| let payload = this._payload; | ||
@@ -56,0 +56,0 @@ if (b64) { |
@@ -74,3 +74,3 @@ "use strict"; | ||
| } | ||
| check_key_type_js_1.default(alg, key); | ||
| check_key_type_js_1.default(alg, key, 'verify'); | ||
| const data = buffer_utils_js_1.concat(buffer_utils_js_1.encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), buffer_utils_js_1.encoder.encode('.'), typeof jws.payload === 'string' ? buffer_utils_js_1.encoder.encode(jws.payload) : jws.payload); | ||
@@ -77,0 +77,0 @@ const signature = base64url_js_1.decode(jws.signature); |
@@ -17,3 +17,5 @@ "use strict"; | ||
| sig.setProtectedHeader(this._protectedHeader); | ||
| if (((_a = this._protectedHeader.crit) === null || _a === void 0 ? void 0 : _a.includes('b64')) && this._protectedHeader.b64 === false) { | ||
| if (Array.isArray((_a = this._protectedHeader) === null || _a === void 0 ? void 0 : _a.crit) && | ||
| this._protectedHeader.crit.includes('b64') && | ||
| this._protectedHeader.b64 === false) { | ||
| throw new errors_js_1.JWTInvalid('JWTs MUST NOT use unencoded payload'); | ||
@@ -20,0 +22,0 @@ } |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const checkKeyType = (alg, key) => { | ||
| const invalid_key_input_js_1 = require("../runtime/invalid_key_input.js"); | ||
| const checkKeyType = (alg, key, usage) => { | ||
| if (!(key instanceof Uint8Array) && !(key === null || key === void 0 ? void 0 : key.type)) { | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
| if (alg.startsWith('HS') || | ||
| alg === 'dir' || | ||
| alg.startsWith('PBES2') || | ||
| alg.match(/^A\d{3}(?:GCM)KW$/)) { | ||
| alg.match(/^A\d{3}(?:GCM)?KW$/)) { | ||
| if (key instanceof Uint8Array || key.type === 'secret') { | ||
@@ -14,3 +18,3 @@ return; | ||
| if (key instanceof Uint8Array) { | ||
| throw new TypeError('CryptoKey or KeyObject instances must be used for asymmetric algorithms'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey')); | ||
| } | ||
@@ -20,3 +24,9 @@ if (key.type === 'secret') { | ||
| } | ||
| if (usage === 'sign' && key.type === 'public') { | ||
| throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm signing must be of type "private"'); | ||
| } | ||
| if (usage === 'decrypt' && key.type === 'public') { | ||
| throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm decryption must be of type "private"'); | ||
| } | ||
| }; | ||
| exports.default = checkKeyType; |
@@ -12,2 +12,3 @@ "use strict"; | ||
| const parse_js_1 = require("../jwk/parse.js"); | ||
| const check_key_type_js_1 = require("./check_key_type.js"); | ||
| function assertEnryptedKey(encryptedKey) { | ||
@@ -24,2 +25,3 @@ if (!encryptedKey) { | ||
| async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) { | ||
| check_key_type_js_1.default(alg, key, 'decrypt'); | ||
| switch (alg) { | ||
@@ -26,0 +28,0 @@ case 'dir': { |
@@ -13,2 +13,3 @@ "use strict"; | ||
| const from_key_like_js_1 = require("../jwk/from_key_like.js"); | ||
| const check_key_type_js_1 = require("./check_key_type.js"); | ||
| const generateCek = cek_js_1.default(random_js_1.default); | ||
@@ -19,2 +20,3 @@ async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) { | ||
| let cek; | ||
| check_key_type_js_1.default(alg, key, 'encrypt'); | ||
| switch (alg) { | ||
@@ -21,0 +23,0 @@ case 'dir': { |
@@ -59,3 +59,3 @@ "use strict"; | ||
| default: | ||
| throw new TypeError('invalid clockTolerance option type'); | ||
| throw new TypeError('Invalid clockTolerance option type'); | ||
| } | ||
@@ -62,0 +62,0 @@ const { currentDate } = options; |
@@ -12,3 +12,3 @@ "use strict"; | ||
| if (!matched) { | ||
| throw new TypeError('invalid time period format'); | ||
| throw new TypeError('Invalid time period format'); | ||
| } | ||
@@ -15,0 +15,0 @@ const value = parseFloat(matched[1]); |
@@ -10,2 +10,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| function checkKeySize(key, alg) { | ||
@@ -26,3 +27,3 @@ if (key.symmetricKeySize << 3 !== parseInt(alg.substr(1, 3), 10)) { | ||
| } | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
@@ -29,0 +30,0 @@ const wrap = async (alg, key, cek) => { |
@@ -12,2 +12,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -74,3 +75,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| else { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(cek, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
@@ -77,0 +78,0 @@ check_cek_length_js_1.default(enc, key); |
@@ -12,2 +12,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| const generateKeyPair = util_1.promisify(crypto_1.generateKeyPair); | ||
@@ -20,3 +21,3 @@ const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| if (!is_key_object_js_1.default(publicKey)) { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(publicKey, 'KeyObject', 'CryptoKey')); | ||
| } | ||
@@ -27,3 +28,3 @@ if (webcrypto_js_1.isCryptoKey(privateKey)) { | ||
| if (!is_key_object_js_1.default(privateKey)) { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(privateKey, 'KeyObject', 'CryptoKey')); | ||
| } | ||
@@ -39,3 +40,3 @@ const sharedSecret = crypto_1.diffieHellman({ privateKey, publicKey }); | ||
| if (!is_key_object_js_1.default(key)) { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey')); | ||
| } | ||
@@ -42,0 +43,0 @@ switch (key.asymmetricKeyType) { |
@@ -10,2 +10,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -45,3 +46,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| else { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(cek, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
@@ -48,0 +49,0 @@ check_cek_length_js_1.default(enc, key); |
@@ -54,3 +54,3 @@ "use strict"; | ||
| if (typeof modulusLength !== 'number' || modulusLength < 2048) { | ||
| throw new errors_js_1.JOSENotSupported('invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used'); | ||
| throw new errors_js_1.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used'); | ||
| } | ||
@@ -81,3 +81,3 @@ const keypair = await generate('rsa', { | ||
| default: | ||
| throw new errors_js_1.JOSENotSupported('invalid or unsupported crv option provided, supported values are Ed25519 and Ed448'); | ||
| throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448'); | ||
| } | ||
@@ -100,3 +100,3 @@ } | ||
| default: | ||
| throw new errors_js_1.JOSENotSupported('invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448'); | ||
| throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448'); | ||
| } | ||
@@ -103,0 +103,0 @@ default: |
@@ -8,2 +8,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); | ||
@@ -34,6 +35,6 @@ const p384 = Buffer.from([43, 129, 4, 0, 34]); | ||
| if (!is_key_object_js_1.default(key)) { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey')); | ||
| } | ||
| if (key.type === 'secret') { | ||
| throw new TypeError('only "private" or "public" key objects can be used for this operation'); | ||
| throw new TypeError('only "private" or "public" type keys can be used for this operation'); | ||
| } | ||
@@ -83,3 +84,3 @@ switch (key.asymmetricKeyType) { | ||
| default: | ||
| throw new TypeError('invalid key asymmetric key type for this operation'); | ||
| throw new TypeError('Invalid asymmetric key type for this operation'); | ||
| } | ||
@@ -86,0 +87,0 @@ }; |
@@ -6,17 +6,18 @@ "use strict"; | ||
| const secret_key_js_1 = require("./secret_key.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| function getSignVerifyKey(alg, key, usage) { | ||
| if (key instanceof crypto.KeyObject) { | ||
| return key; | ||
| } | ||
| if (key instanceof Uint8Array) { | ||
| if (!alg.startsWith('HS')) { | ||
| throw new TypeError('symmetric keys are only applicable for HMAC-based JWA algorithms'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey')); | ||
| } | ||
| return secret_key_js_1.default(key); | ||
| } | ||
| if (key instanceof crypto.KeyObject) { | ||
| return key; | ||
| } | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| return webcrypto_js_1.getKeyObject(key, alg, new Set([usage])); | ||
| } | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
| exports.default = getSignVerifyKey; |
@@ -17,6 +17,4 @@ "use strict"; | ||
| return jwk.d | ||
| ? | ||
| crypto_1.createPrivateKey({ format: 'jwk', key: jwk }) | ||
| : | ||
| crypto_1.createPublicKey({ format: 'jwk', key: jwk }); | ||
| ? crypto_1.createPrivateKey({ format: 'jwk', key: jwk }) | ||
| : crypto_1.createPublicKey({ format: 'jwk', key: jwk }); | ||
| } | ||
@@ -23,0 +21,0 @@ switch (jwk.kty) { |
@@ -10,2 +10,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| const [major, minor] = process.version | ||
@@ -27,4 +28,10 @@ .substr(1) | ||
| } | ||
| else if (key instanceof Uint8Array) { | ||
| return { | ||
| kty: 'oct', | ||
| k: base64url_js_1.encode(key), | ||
| }; | ||
| } | ||
| else { | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
@@ -31,0 +38,0 @@ if (jwkExportSupported) { |
@@ -16,4 +16,4 @@ "use strict"; | ||
| case 'EdDSA': | ||
| if (key.type === 'secret' || !['ed25519', 'ed448'].includes(key.asymmetricKeyType)) { | ||
| throw new TypeError('invalid key type or asymmetric key type for this operation'); | ||
| if (!['ed25519', 'ed448'].includes(key.asymmetricKeyType)) { | ||
| throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448'); | ||
| } | ||
@@ -24,4 +24,4 @@ return key; | ||
| case 'RS512': | ||
| if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('invalid key type or asymmetric key type for this operation'); | ||
| if (key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa'); | ||
| } | ||
@@ -33,4 +33,4 @@ check_modulus_length_js_1.default(key, alg); | ||
| case 'PS512': | ||
| if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('invalid key type or asymmetric key type for this operation'); | ||
| if (key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa'); | ||
| } | ||
@@ -46,10 +46,13 @@ check_modulus_length_js_1.default(key, alg); | ||
| case 'ES384': | ||
| case 'ES512': | ||
| if (key.type === 'secret' || key.asymmetricKeyType !== 'ec') { | ||
| throw new TypeError('invalid key type or asymmetric key type for this operation'); | ||
| case 'ES512': { | ||
| if (key.asymmetricKeyType !== 'ec') { | ||
| throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec'); | ||
| } | ||
| if (ecCurveAlgMap.get(alg) !== get_named_curve_js_1.default(key)) { | ||
| throw new TypeError('invalid key curve for the algorithm'); | ||
| const actual = get_named_curve_js_1.default(key); | ||
| const expected = ecCurveAlgMap.get(alg); | ||
| if (actual !== expected) { | ||
| throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`); | ||
| } | ||
| return { dsaEncoding: 'ieee-p1363', key }; | ||
| } | ||
| default: | ||
@@ -56,0 +59,0 @@ throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`); |
@@ -13,2 +13,3 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| const pbkdf2 = util_1.promisify(crypto_1.pbkdf2); | ||
@@ -25,3 +26,3 @@ function getPassword(key, alg) { | ||
| } | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
| } | ||
@@ -28,0 +29,0 @@ const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => { |
@@ -8,5 +8,6 @@ "use strict"; | ||
| const is_key_object_js_1 = require("./is_key_object.js"); | ||
| const invalid_key_input_js_1 = require("./invalid_key_input.js"); | ||
| const checkKey = (key, alg) => { | ||
| if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('invalid key type or asymmetric key type for this operation'); | ||
| if (key.asymmetricKeyType !== 'rsa') { | ||
| throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa'); | ||
| } | ||
@@ -49,3 +50,3 @@ check_modulus_length_js_1.default(key, alg); | ||
| } | ||
| throw new TypeError('invalid key input'); | ||
| throw new TypeError(invalid_key_input_js_1.default(key, 'KeyObject', 'CryptoKey')); | ||
| } | ||
@@ -52,0 +53,0 @@ const encrypt = async (alg, key, cek) => { |
@@ -40,57 +40,84 @@ "use strict"; | ||
| } | ||
| if (usage && !key.usages.find(Set.prototype.has.bind(usage))) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| } | ||
| switch (alg) { | ||
| case 'HS256': | ||
| case 'HS384': | ||
| case 'HS512': | ||
| if (key.algorithm.name !== 'HMAC' || | ||
| getHashLength(key.algorithm.hash) !== parseInt(alg.substr(2), 10)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'HS512': { | ||
| if (key.algorithm.name !== 'HMAC') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be HMAC.`); | ||
| } | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'RS256': | ||
| case 'RS384': | ||
| case 'RS512': | ||
| if (key.algorithm.name !== 'RSASSA-PKCS1-v1_5' || | ||
| getHashLength(key.algorithm.hash) !== parseInt(alg.substr(2), 10)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'RS512': { | ||
| if (key.algorithm.name !== 'RSASSA-PKCS1-v1_5') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSASSA-PKCS1-v1_5.`); | ||
| } | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'PS256': | ||
| case 'PS384': | ||
| case 'PS512': | ||
| if (key.algorithm.name !== 'RSA-PSS' || | ||
| getHashLength(key.algorithm.hash) !== parseInt(alg.substr(2), 10)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'PS512': { | ||
| if (key.algorithm.name !== 'RSA-PSS') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSA-PSS.`); | ||
| } | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'ES256': | ||
| case 'ES384': | ||
| case 'ES512': | ||
| if (key.algorithm.name !== 'ECDSA' || | ||
| key.algorithm.namedCurve !== getNamedCurve(alg)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'ES512': { | ||
| if (key.algorithm.name !== 'ECDSA') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be ECDSA.`); | ||
| } | ||
| const expected = getNamedCurve(alg); | ||
| const actual = key.algorithm.namedCurve; | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.namedCurve must be ${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'A128GCM': | ||
| case 'A192GCM': | ||
| case 'A256GCM': | ||
| if (key.algorithm.name !== 'AES-GCM' || | ||
| key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'A256GCM': { | ||
| if (key.algorithm.name !== 'AES-GCM') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be AES-GCM.`); | ||
| } | ||
| const expected = parseInt(alg.substr(1, 3), 10); | ||
| const actual = key.algorithm.length; | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.length must be ${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'A128KW': | ||
| case 'A192KW': | ||
| case 'A256KW': | ||
| if (key.algorithm.name !== 'AES-KW' || | ||
| key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'A256KW': { | ||
| if (key.algorithm.name !== 'AES-KW') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be AES-KW.`); | ||
| } | ||
| const expected = parseInt(alg.substr(1, 3), 10); | ||
| const actual = key.algorithm.length; | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.length must be ${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| case 'ECDH-ES': | ||
| if (key.algorithm.name !== 'ECDH') { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be ECDH.`); | ||
| } | ||
@@ -102,3 +129,3 @@ break; | ||
| if (key.algorithm.name !== 'PBKDF2') { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be PBKDF2.`); | ||
| } | ||
@@ -109,14 +136,33 @@ break; | ||
| case 'RSA-OAEP-384': | ||
| case 'RSA-OAEP-512': | ||
| if (key.algorithm.name !== 'RSA-OAEP' || | ||
| getHashLength(key.algorithm.hash) !== | ||
| (parseInt(alg.substr(9), 10) || 1)) { | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| case 'RSA-OAEP-512': { | ||
| if (key.algorithm.name !== 'RSA-OAEP') { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSA-OAEP.`); | ||
| } | ||
| const expected = parseInt(alg.substr(9), 10) || 1; | ||
| const actual = getHashLength(key.algorithm.hash); | ||
| if (actual !== expected) { | ||
| throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
| } | ||
| break; | ||
| } | ||
| default: | ||
| throw new TypeError('CryptoKey does not support this operation'); | ||
| } | ||
| if (usage && !key.usages.find(Set.prototype.has.bind(usage))) { | ||
| const usages = [...usage]; | ||
| let msg = 'CryptoKey does not support this operation, its usages must include '; | ||
| if (usages.length > 2) { | ||
| const last = usages.pop(); | ||
| msg += `one of ${usages.join(', ')}, or ${last}.`; | ||
| } | ||
| else if (usages.length === 2) { | ||
| msg += `one of ${usages[0]} or ${usages[1]}.`; | ||
| } | ||
| else { | ||
| msg += ` ${usages[0]}.`; | ||
| } | ||
| throw new TypeError(msg); | ||
| } | ||
| return crypto.KeyObject.from(key); | ||
| } | ||
| exports.getKeyObject = getKeyObject; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult } from '../../types.d'; | ||
| import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult } from '../../types'; | ||
| export interface CompactDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters, EncryptOptions } from '../../types.d'; | ||
| import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters, EncryptOptions } from '../../types'; | ||
| declare class CompactEncrypt { | ||
@@ -3,0 +3,0 @@ private _flattened; |
@@ -1,2 +0,2 @@ | ||
| import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction } from '../../types.d'; | ||
| import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction } from '../../types'; | ||
| export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types.d'; | ||
| import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types'; | ||
| declare class FlattenedEncrypt { | ||
@@ -3,0 +3,0 @@ private _plaintext; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult } from '../../types.d'; | ||
| import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult } from '../../types'; | ||
| export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
@@ -3,0 +3,0 @@ } |
| /// <reference types="node" /> | ||
| import type { KeyObject } from 'crypto'; | ||
| import type { FlattenedJWSInput, JWSHeaderParameters } from '../types.d'; | ||
| import type { FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
| declare function EmbeddedJWK(protectedHeader: JWSHeaderParameters, token: FlattenedJWSInput): Promise<CryptoKey | KeyObject>; | ||
| export { EmbeddedJWK }; | ||
| export default EmbeddedJWK; |
@@ -1,2 +0,2 @@ | ||
| import type { JWK, KeyLike } from '../types.d'; | ||
| import type { JWK, KeyLike } from '../types'; | ||
| declare function fromKeyLike(key: KeyLike): Promise<JWK>; | ||
@@ -3,0 +3,0 @@ export { fromKeyLike }; |
@@ -1,2 +0,2 @@ | ||
| import type { JWK, KeyLike } from '../types.d'; | ||
| import type { JWK, KeyLike } from '../types'; | ||
| declare function parseJwk(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike>; | ||
@@ -3,0 +3,0 @@ export { parseJwk }; |
@@ -1,2 +0,2 @@ | ||
| import type { JWK } from '../types.d'; | ||
| import type { JWK } from '../types'; | ||
| declare function calculateThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; | ||
@@ -3,0 +3,0 @@ export { calculateThumbprint }; |
| /// <reference types="node" /> | ||
| import type * as http from 'http'; | ||
| import type * as https from 'https'; | ||
| import type { JWSHeaderParameters, FlattenedJWSInput, GetKeyFunction } from '../types.d'; | ||
| import type { JWSHeaderParameters, FlattenedJWSInput, GetKeyFunction } from '../types'; | ||
| export interface RemoteJWKSetOptions { | ||
@@ -6,0 +6,0 @@ timeoutDuration?: number; |
@@ -1,2 +0,2 @@ | ||
| import type { JWSHeaderParameters, KeyLike, SignOptions } from '../../types.d'; | ||
| import type { JWSHeaderParameters, KeyLike, SignOptions } from '../../types'; | ||
| declare class CompactSign { | ||
@@ -3,0 +3,0 @@ private _flattened; |
@@ -1,2 +0,2 @@ | ||
| import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions } from '../../types.d'; | ||
| import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions } from '../../types'; | ||
| export interface CompactVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types.d'; | ||
| import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
| declare class FlattenedSign { | ||
@@ -3,0 +3,0 @@ private _payload; |
@@ -1,2 +0,2 @@ | ||
| import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction } from '../../types.d'; | ||
| import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction } from '../../types'; | ||
| export interface FlattenedVerifyGetKey extends GetKeyFunction<JWSHeaderParameters | undefined, FlattenedJWSInput> { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types.d'; | ||
| import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
| export interface Signature { | ||
@@ -3,0 +3,0 @@ setProtectedHeader(protectedHeader: JWSHeaderParameters): Signature; |
@@ -1,2 +0,2 @@ | ||
| import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions } from '../../types.d'; | ||
| import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions } from '../../types'; | ||
| export interface GeneralVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, DecryptOptions, JWTPayload, JWTClaimVerificationOptions, GetKeyFunction, JWEHeaderParameters, FlattenedJWE, JWTDecryptResult } from '../types.d'; | ||
| import type { KeyLike, DecryptOptions, JWTPayload, JWTClaimVerificationOptions, GetKeyFunction, JWEHeaderParameters, FlattenedJWE, JWTDecryptResult } from '../types'; | ||
| interface JWTDecryptOptions extends DecryptOptions, JWTClaimVerificationOptions { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,3 +0,3 @@ | ||
| import type { EncryptOptions, JWEHeaderParameters, JWEKeyManagementHeaderParameters, JWTPayload, KeyLike } from '../types.d'; | ||
| import ProduceJWT from '../lib/jwt_producer.js'; | ||
| import type { EncryptOptions, JWEHeaderParameters, JWEKeyManagementHeaderParameters, JWTPayload, KeyLike } from '../types'; | ||
| import ProduceJWT from '../lib/jwt_producer'; | ||
| declare class EncryptJWT extends ProduceJWT { | ||
@@ -4,0 +4,0 @@ private _cek; |
@@ -1,3 +0,3 @@ | ||
| import type { JWSHeaderParameters, JWTPayload, KeyLike, SignOptions } from '../types.d'; | ||
| import ProduceJWT from '../lib/jwt_producer.js'; | ||
| import type { JWSHeaderParameters, JWTPayload, KeyLike, SignOptions } from '../types'; | ||
| import ProduceJWT from '../lib/jwt_producer'; | ||
| declare class SignJWT extends ProduceJWT { | ||
@@ -4,0 +4,0 @@ private _protectedHeader; |
@@ -1,3 +0,3 @@ | ||
| import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types.d'; | ||
| import ProduceJWT from '../lib/jwt_producer.js'; | ||
| import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types'; | ||
| import ProduceJWT from '../lib/jwt_producer'; | ||
| interface UnsecuredResult { | ||
@@ -4,0 +4,0 @@ payload: JWTPayload; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike, VerifyOptions, JWTPayload, JWTClaimVerificationOptions, JWSHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult } from '../types.d'; | ||
| import type { KeyLike, VerifyOptions, JWTPayload, JWTClaimVerificationOptions, JWSHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult } from '../types'; | ||
| interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions { | ||
@@ -3,0 +3,0 @@ } |
@@ -1,2 +0,2 @@ | ||
| import type { JWTPayload } from '../types.d'; | ||
| import type { JWTPayload } from '../types'; | ||
| export default class ProduceJWT { | ||
@@ -3,0 +3,0 @@ protected _payload: JWTPayload; |
@@ -31,2 +31,3 @@ /// <reference lib="dom"/> | ||
| x5u?: string | ||
| [propName: string]: unknown | ||
| } | ||
@@ -60,2 +61,3 @@ export interface GetKeyFunction<T, T2> { | ||
| x5u?: string | ||
| jku?: string | ||
| jwk?: Pick<JWK, 'kty' | 'crv' | 'x' | 'y' | 'e' | 'n'> | ||
@@ -62,0 +64,0 @@ typ?: string |
@@ -1,2 +0,2 @@ | ||
| import type { JWSHeaderParameters, JWEHeaderParameters } from '../types.d'; | ||
| import type { JWSHeaderParameters, JWEHeaderParameters } from '../types'; | ||
| export declare type ProtectedHeaderParameters = JWSHeaderParameters & JWEHeaderParameters; | ||
@@ -3,0 +3,0 @@ declare function decodeProtectedHeader(token: string | object): ProtectedHeaderParameters; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike } from '../types.js'; | ||
| import type { KeyLike } from '../types'; | ||
| export interface GenerateKeyPairOptions { | ||
@@ -3,0 +3,0 @@ crv?: string; |
@@ -1,2 +0,2 @@ | ||
| import type { KeyLike } from '../types.d'; | ||
| import type { KeyLike } from '../types'; | ||
| export interface GenerateSecretOptions { | ||
@@ -3,0 +3,0 @@ extractable?: boolean; |
| { | ||
| "name": "jose-node-cjs-runtime", | ||
| "version": "3.13.0", | ||
| "version": "3.14.0", | ||
| "description": "(Node.JS CJS Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.48%
167365
- Number of package files
- increased by0.94%
107
- Lines of code
- increased by2.79%
4087
No dependency changes