Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jose-node-esm-runtime

Package Overview
Dependencies
Maintainers
1
Versions
132
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jose-node-esm-runtime - npm Package Compare versions

Comparing version 3.11.1 to 3.11.2

dist/node/esm/runtime/get_sign_verify_key.js

7

dist/node/esm/jwks/remote.js

@@ -17,2 +17,5 @@ import parseJWK from '../jwk/parse.js';

}
function isJWKLike(key) {
return key && typeof key === 'object';
}
class RemoteJWKSet {

@@ -108,6 +111,6 @@ constructor(url, options) {

!Array.isArray(json.keys) ||
json.keys.some((key) => typeof key !== 'object' || !key)) {
!json.keys.every(isJWKLike)) {
throw new JWKSInvalid('JSON Web Key Set malformed');
}
this._jwks = json;
this._jwks = { keys: json.keys };
this._cooldownStarted = Date.now();

@@ -114,0 +117,0 @@ this._pendingFetch = undefined;

@@ -48,6 +48,6 @@ export const encoder = new TextEncoder();

if (!res) {
res = await digest(buf);
res = await digest('sha256', buf);
}
else {
res = concat(res, await digest(buf));
res = concat(res, await digest('sha256', buf));
}

@@ -54,0 +54,0 @@ }

export default function isObject(input) {
return !!input && input.constructor === Object;
return typeof input === 'object' && !!input && input.constructor === Object;
}

@@ -10,3 +10,6 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';

}
return audOption.some(Set.prototype.has.bind(new Set(audPayload)));
if (Array.isArray(audPayload)) {
return audOption.some(Set.prototype.has.bind(new Set(audPayload)));
}
return false;
};

@@ -30,3 +33,3 @@ export default (protectedHeader, encodedPayload, options = {}) => {

const { issuer } = options;
if (issuer && !(typeof issuer === 'string' ? [issuer] : issuer).includes(payload.iss)) {
if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {
throw new JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed');

@@ -33,0 +36,0 @@ }

@@ -6,3 +6,2 @@ import encrypt from './encrypt.js';

import { encode as base64url } from './base64url.js';
import { isCryptoKey, getKeyObject } from './webcrypto.js';
const generateIv = ivFactory(random);

@@ -12,6 +11,3 @@ export const wrap = async (alg, key, cek, iv) => {

iv || (iv = generateIv(jweAlgorithm));
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key instanceof Uint8Array ? key : key.export(), iv, new Uint8Array(0));
const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));
return { encryptedKey, iv: base64url(iv), tag: base64url(tag) };

@@ -21,6 +17,3 @@ };

const jweAlgorithm = alg.substr(0, 7);
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
return decrypt(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array(0));
return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0));
};

@@ -1,6 +0,6 @@

import { createDecipheriv, createCipheriv, getCiphers } from 'crypto';
import { KeyObject, createDecipheriv, createCipheriv, getCiphers } from 'crypto';
import { JOSENotSupported } from '../util/errors.js';
import { concat } from '../lib/buffer_utils.js';
import getSecretKey from './secret_key.js';
import { isCryptoKey, getKeyObject } from './webcrypto.js';
import { isCryptoKey, getKeyObject as exportCryptoKey } from './webcrypto.js';
function checkKeySize(key, alg) {

@@ -11,2 +11,14 @@ if (key.symmetricKeySize << 3 !== parseInt(alg.substr(1, 3), 10)) {

}
function getKeyObject(key) {
if (key instanceof KeyObject) {
return key;
}
if (key instanceof Uint8Array) {
return getSecretKey(key);
}
if (isCryptoKey(key)) {
return exportCryptoKey(key);
}
throw new TypeError('invalid key input');
}
export const wrap = async (alg, key, cek) => {

@@ -18,12 +30,3 @@ const size = parseInt(alg.substr(1, 3), 10);

}
let keyObject;
if (key instanceof Uint8Array) {
keyObject = getSecretKey(key);
}
else if (isCryptoKey(key)) {
keyObject = getKeyObject(key);
}
else {
keyObject = key;
}
const keyObject = getKeyObject(key);
checkKeySize(keyObject, alg);

@@ -39,12 +42,3 @@ const cipher = createCipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));

}
let keyObject;
if (key instanceof Uint8Array) {
keyObject = getSecretKey(key);
}
else if (isCryptoKey(key)) {
keyObject = getKeyObject(key);
}
else {
keyObject = key;
}
const keyObject = getKeyObject(key);
checkKeySize(keyObject, alg);

@@ -51,0 +45,0 @@ const cipher = createDecipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));

@@ -59,12 +59,19 @@ import { getCiphers, KeyObject, createDecipheriv } from 'crypto';

const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => {
let key;
if (isCryptoKey(cek)) {
cek = getKeyObject(cek);
key = getKeyObject(cek);
}
checkCekLength(enc, cek);
else if (cek instanceof Uint8Array || cek instanceof KeyObject) {
key = cek;
}
else {
throw new TypeError('invalid key input');
}
checkCekLength(enc, key);
checkIvLength(enc, iv);
if (enc.substr(4, 3) === 'CBC') {
return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad);
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad);
}
return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad);
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad);
};
export default decrypt;

@@ -1,6 +0,6 @@

import { diffieHellman, generateKeyPair as generateKeyPairCb, createPublicKey } from 'crypto';
import { KeyObject, diffieHellman, generateKeyPair as generateKeyPairCb, createPublicKey, } from 'crypto';
import { promisify } from 'util';
import * as base64url from './base64url.js';
import getNamedCurve from './get_named_curve.js';
import { encoder, concat, uint32be, lengthAndInput, concatKdf as KDF, } from '../lib/buffer_utils.js';
import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../lib/buffer_utils.js';
import digest from './digest.js';

@@ -10,3 +10,2 @@ import { JOSENotSupported } from '../util/errors.js';

const generateKeyPair = promisify(generateKeyPairCb);
const concatKdf = KDF.bind(undefined, digest.bind(undefined, 'sha256'));
export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => {

@@ -17,7 +16,13 @@ const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));

}
if (!(publicKey instanceof KeyObject)) {
throw new TypeError('invalid key input');
}
if (isCryptoKey(privateKey)) {
privateKey = getKeyObject(privateKey);
}
if (!(privateKey instanceof KeyObject)) {
throw new TypeError('invalid key input');
}
const sharedSecret = diffieHellman({ privateKey, publicKey });
return concatKdf(sharedSecret, keyLength, value);
return concatKdf(digest, sharedSecret, keyLength, value);
};

@@ -28,2 +33,5 @@ export const ephemeralKeyToPublicJWK = function ephemeralKeyToPublicJWK(key) {

}
if (!(key instanceof KeyObject)) {
throw new TypeError('invalid key input');
}
switch (key.asymmetricKeyType) {

@@ -55,2 +63,5 @@ case 'x25519':

}
if (!(key instanceof KeyObject)) {
throw new TypeError('invalid key input');
}
switch (key.asymmetricKeyType) {

@@ -57,0 +68,0 @@ case 'x25519':

@@ -33,12 +33,19 @@ import { KeyObject, createCipheriv } from 'crypto';

const encrypt = async (enc, plaintext, cek, iv, aad) => {
let key;
if (isCryptoKey(cek)) {
cek = getKeyObject(cek);
key = getKeyObject(cek);
}
checkCekLength(enc, cek);
else if (cek instanceof Uint8Array || cek instanceof KeyObject) {
key = cek;
}
else {
throw new TypeError('invalid key input');
}
checkCekLength(enc, key);
checkIvLength(enc, iv);
if (enc.substr(4, 3) === 'CBC') {
return cbcEncrypt(enc, plaintext, cek, iv, aad);
return cbcEncrypt(enc, plaintext, key, iv, aad);
}
return gcmEncrypt(enc, plaintext, cek, iv, aad);
return gcmEncrypt(enc, plaintext, key, iv, aad);
};
export default encrypt;

@@ -1,2 +0,2 @@

import { createPublicKey } from 'crypto';
import { KeyObject, createPublicKey } from 'crypto';
import { JOSENotSupported } from '../util/errors.js';

@@ -25,8 +25,11 @@ import { isCryptoKey, getKeyObject } from './webcrypto.js';

var _a;
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
if (!(key instanceof KeyObject)) {
throw new TypeError('invalid key input');
}
if (key.type === 'secret') {
throw new TypeError('only "private" or "public" key objects can be used for this operation');
}
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
switch (key.asymmetricKeyType) {

@@ -33,0 +36,0 @@ case 'ed25519':

@@ -13,24 +13,28 @@ import { KeyObject, createPublicKey } from 'crypto';

const keyToJWK = (key) => {
let keyObject;
if (isCryptoKey(key)) {
key = getKeyObject(key);
keyObject = getKeyObject(key);
}
if (!(key instanceof KeyObject)) {
throw new TypeError('invalid key argument type');
else if (key instanceof KeyObject) {
keyObject = key;
}
else {
throw new TypeError('invalid key input');
}
if (jwkExportSupported) {
return key.export({ format: 'jwk' });
return keyObject.export({ format: 'jwk' });
}
switch (key.type) {
switch (keyObject.type) {
case 'secret':
return {
kty: 'oct',
k: base64url(key.export()),
k: base64url(keyObject.export()),
};
case 'private':
case 'public': {
switch (key.asymmetricKeyType) {
switch (keyObject.asymmetricKeyType) {
case 'rsa': {
const der = key.export({ format: 'der', type: 'pkcs1' });
const der = keyObject.export({ format: 'der', type: 'pkcs1' });
const dec = new Asn1SequenceDecoder(der);
if (key.type === 'private') {
if (keyObject.type === 'private') {
dec.unsignedInteger();

@@ -41,3 +45,3 @@ }

let jwk;
if (key.type === 'private') {
if (keyObject.type === 'private') {
jwk = {

@@ -56,3 +60,3 @@ d: base64url(dec.unsignedInteger()),

case 'ec': {
const crv = getNamedCurve(key);
const crv = getNamedCurve(keyObject);
let len;

@@ -85,4 +89,4 @@ let offset;

}
if (key.type === 'public') {
const der = key.export({ type: 'spki', format: 'der' });
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {

@@ -95,3 +99,3 @@ kty: 'EC',

}
const der = key.export({ type: 'pkcs8', format: 'der' });
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
if (der.length < 100) {

@@ -101,3 +105,3 @@ offset += correction;

return {
...keyToJWK(createPublicKey(key)),
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(offset, offset + len / 2)),

@@ -108,5 +112,5 @@ };

case 'x25519': {
const crv = getNamedCurve(key);
if (key.type === 'public') {
const der = key.export({ type: 'spki', format: 'der' });
const crv = getNamedCurve(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {

@@ -118,5 +122,5 @@ kty: 'OKP',

}
const der = key.export({ type: 'pkcs8', format: 'der' });
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK(createPublicKey(key)),
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(-32)),

@@ -127,5 +131,5 @@ };

case 'x448': {
const crv = getNamedCurve(key);
if (key.type === 'public') {
const der = key.export({ type: 'spki', format: 'der' });
const crv = getNamedCurve(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {

@@ -137,5 +141,5 @@ kty: 'OKP',

}
const der = key.export({ type: 'pkcs8', format: 'der' });
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK(createPublicKey(key)),
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(crv === 'Ed448' ? -57 : -56)),

@@ -142,0 +146,0 @@ };

@@ -10,2 +10,14 @@ import { promisify } from 'util';

const pbkdf2 = promisify(pbkdf2cb);
function getPassword(key) {
if (key instanceof KeyObject) {
return key.export();
}
if (key instanceof Uint8Array) {
return key;
}
if (isCryptoKey(key)) {
return getKeyObject(key).export();
}
throw new TypeError('invalid key input');
}
export const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => {

@@ -15,12 +27,3 @@ checkP2s(p2s);

const keylen = parseInt(alg.substr(13, 3), 10) >> 3;
let password;
if (isCryptoKey(key)) {
password = getKeyObject(key).export();
}
else if (key instanceof KeyObject) {
password = key.export();
}
else {
password = key;
}
const password = getPassword(key);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`);

@@ -34,14 +37,5 @@ const encryptedKey = await wrap(alg.substr(-6), derivedKey, cek);

const keylen = parseInt(alg.substr(13, 3), 10) >> 3;
let password;
if (isCryptoKey(key)) {
password = getKeyObject(key).export();
}
else if (key instanceof KeyObject) {
password = key.export();
}
else {
password = key;
}
const password = getPassword(key);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`);
return unwrap(alg.substr(-6), derivedKey, encryptedKey);
};

@@ -1,4 +0,4 @@

import { publicEncrypt, constants, privateDecrypt } from 'crypto';
import { KeyObject, publicEncrypt, constants, privateDecrypt } from 'crypto';
import checkModulusLength from './check_modulus_length.js';
import { isCryptoKey, getKeyObject } from './webcrypto.js';
import { isCryptoKey, getKeyObject as exportCryptoKey } from './webcrypto.js';
const checkKey = (key, alg) => {

@@ -37,10 +37,17 @@ if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') {

};
function getKeyObject(key) {
if (key instanceof KeyObject) {
return key;
}
if (isCryptoKey(key)) {
return exportCryptoKey(key);
}
throw new TypeError('invalid key input');
}
export const encrypt = async (alg, key, cek) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
checkKey(key, alg);
return publicEncrypt({ key, oaepHash, padding }, cek);
const keyObject = getKeyObject(key);
checkKey(keyObject, alg);
return publicEncrypt({ key: keyObject, oaepHash, padding }, cek);
};

@@ -50,7 +57,5 @@ export const decrypt = async (alg, key, encryptedKey) => {

const oaepHash = resolveOaepHash(alg);
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
checkKey(key, alg);
return privateDecrypt({ key, oaepHash, padding }, encryptedKey);
const keyObject = getKeyObject(key);
checkKey(keyObject, alg);
return privateDecrypt({ key: keyObject, oaepHash, padding }, encryptedKey);
};

@@ -6,4 +6,3 @@ import * as crypto from 'crypto';

import nodeKey from './node_key.js';
import getSecretKey from './secret_key.js';
import { isCryptoKey, getKeyObject } from './webcrypto.js';
import getSignKey from './get_sign_verify_key.js';
let oneShotSign = crypto.sign;

@@ -14,15 +13,3 @@ if (oneShotSign.length > 3) {

const sign = async (alg, key, data) => {
let keyObject;
if (key instanceof Uint8Array) {
if (!alg.startsWith('HS')) {
throw new TypeError('symmetric keys are only applicable for HMAC-based JWA algorithms');
}
keyObject = getSecretKey(key);
}
else if (isCryptoKey(key)) {
keyObject = getKeyObject(key);
}
else {
keyObject = key;
}
const keyObject = getSignKey(alg, key);
if (alg.startsWith('HS')) {

@@ -29,0 +16,0 @@ const bitlen = parseInt(alg.substr(-3), 10);

@@ -6,3 +6,3 @@ import * as crypto from 'crypto';

import sign from './sign.js';
import { isCryptoKey, getKeyObject } from './webcrypto.js';
import getVerifyKey from './get_sign_verify_key.js';
const [major, minor] = process.version

@@ -29,9 +29,4 @@ .substr(1)

const algorithm = nodeDigest(alg);
if (isCryptoKey(key)) {
key = getKeyObject(key);
}
else if (!(key instanceof crypto.KeyObject)) {
throw new TypeError('invalid key object type provided');
}
const keyInput = nodeKey(alg, key);
const keyObject = getVerifyKey(alg, key);
const keyInput = nodeKey(alg, keyObject);
try {

@@ -38,0 +33,0 @@ return oneShotVerify(algorithm, data, keyInput, signature);

@@ -83,2 +83,3 @@ /// <reference lib="dom"/>

/* eslint-disable jsdoc/check-indentation */
/**

@@ -88,7 +89,11 @@ * KeyLike are platform-specific references to keying material.

* - [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) instances come from
* node's [crypto module](https://nodejs.org/api/crypto.html) (see crypto.generateKeyPair,
* crypto.createPublicKey, crypto.createPrivateKey, crypto.createSecretKey).
* - [CryptoKey](https://www.w3.org/TR/WebCryptoAPI) instances come from
* [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI) (see SubtleCrypto.importKey,
* SubtleCrypto.generateKey, SubtleCrypto.deriveKey, SubtleCrypto.unwrapKey).
* node's [crypto module](https://nodejs.org/api/crypto.html), e.g.:
* - [crypto.generateKeyPair](https://nodejs.org/api/crypto.html#crypto_crypto_generatekeypair_type_options_callback)
* - [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key)
* - [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key)
* - [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding)
* - [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) instances come from
* [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI), e.g.:
* - [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey)
* - [SubtleCrypto.generateKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey)
* - [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array)

@@ -99,2 +104,3 @@ * is used exclusively for symmetric secret representations, a CryptoKey or KeyObject is

export type KeyLike = KeyObject | CryptoKey | Uint8Array
/* eslint-enable */

@@ -239,3 +245,3 @@ /**

*/
[propName: string]: any
[propName: string]: unknown
}

@@ -355,3 +361,3 @@

*/
[propName: string]: any
[propName: string]: unknown
}

@@ -522,3 +528,3 @@

*/
[propName: string]: any
[propName: string]: unknown
}

@@ -525,0 +531,0 @@

{
"name": "jose-node-esm-runtime",
"version": "3.11.1",
"version": "3.11.2",
"description": "(Node.JS ESM Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies",

@@ -5,0 +5,0 @@ "keywords": [

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc