Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jose-node-esm-runtime

Package Overview
Dependencies
Maintainers
1
Versions
132
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jose-node-esm-runtime - npm Package Compare versions

Comparing version 3.19.0 to 3.20.0

dist/node/esm/jwt/produce.js

4

dist/node/esm/jwk/embedded.js

@@ -12,4 +12,4 @@ import { importJWK } from '../key/import.js';

}
const key = (await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true));
if (key.type !== 'public') {
const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true);
if (key instanceof Uint8Array || key.type !== 'public') {
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key');

@@ -16,0 +16,0 @@ }

import fetchJwks from '../runtime/fetch_jwks.js';
import parseJWK from '../jwk/parse.js';
import { importJWK } from '../key/import.js';
import { JWKSInvalid, JOSENotSupported, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, } from '../util/errors.js';
import isObject from '../lib/is_object.js';
function getKtyFromAlg(alg) {
switch (alg.substr(0, 2)) {
switch (typeof alg === 'string' && alg.substr(0, 2)) {
case 'RS':

@@ -35,3 +35,3 @@ case 'PS':

coolingDown() {
if (typeof this._cooldownStarted === 'undefined') {
if (!this._cooldownStarted) {
return false;

@@ -60,3 +60,3 @@ }

if (candidate && protectedHeader.alg === 'EdDSA') {
candidate = ['Ed25519', 'Ed448'].includes(jwk.crv);
candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';
}

@@ -93,9 +93,6 @@ if (candidate) {

}
if (!this._cached.has(jwk)) {
this._cached.set(jwk, {});
}
const cached = this._cached.get(jwk);
const cached = this._cached.get(jwk) || this._cached.set(jwk, {}).get(jwk);
if (cached[protectedHeader.alg] === undefined) {
const keyObject = (await parseJWK({ ...jwk, alg: protectedHeader.alg, ext: true }));
if (keyObject.type !== 'public') {
const keyObject = await importJWK({ ...jwk, ext: true }, protectedHeader.alg);
if (keyObject instanceof Uint8Array || keyObject.type !== 'public') {
throw new JWKSInvalid('JSON Web Key Set members must be public keys');

@@ -102,0 +99,0 @@ }

import CompactEncrypt from '../jwe/compact/encrypt.js';
import { encoder } from '../lib/buffer_utils.js';
import ProduceJWT from '../lib/jwt_producer.js';
import { ProduceJWT } from './produce.js';
class EncryptJWT extends ProduceJWT {

@@ -5,0 +5,0 @@ setProtectedHeader(protectedHeader) {

import CompactSign from '../jws/compact/sign.js';
import { JWTInvalid } from '../util/errors.js';
import { encoder } from '../lib/buffer_utils.js';
import ProduceJWT from '../lib/jwt_producer.js';
import { ProduceJWT } from './produce.js';
class SignJWT extends ProduceJWT {

@@ -6,0 +6,0 @@ setProtectedHeader(protectedHeader) {

@@ -5,3 +5,3 @@ import * as base64url from '../runtime/base64url.js';

import jwtPayload from '../lib/jwt_claims_set.js';
import ProduceJWT from '../lib/jwt_producer.js';
import { ProduceJWT } from './produce.js';
class UnsecuredJWT extends ProduceJWT {

@@ -8,0 +8,0 @@ encode() {

import invalidKeyInput from '../runtime/invalid_key_input.js';
const checkKeyType = (alg, key, usage) => {
if (!(key instanceof Uint8Array) && !(key === null || key === void 0 ? void 0 : key.type)) {
throw new TypeError(invalidKeyInput(key, 'KeyObject', 'CryptoKey', 'Uint8Array'));
import isKeyLike, { types } from '../runtime/is_key_like.js';
const symmetricTypeCheck = (key) => {
if (key instanceof Uint8Array)
return;
if (!isKeyLike(key)) {
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));
}
if (alg.startsWith('HS') ||
alg === 'dir' ||
alg.startsWith('PBES2') ||
alg.match(/^A\d{3}(?:GCM)?KW$/)) {
if (key instanceof Uint8Array || key.type === 'secret') {
return;
}
throw new TypeError('CryptoKey or KeyObject instances for symmetric algorithms must be of type "secret"');
if (key.type !== 'secret') {
throw new TypeError(`${types.join(' or ')} instances for symmetric algorithms must be of type "secret"`);
}
if (key instanceof Uint8Array) {
throw new TypeError(invalidKeyInput(key, 'KeyObject', 'CryptoKey'));
};
const asymmetricTypeCheck = (key, usage) => {
if (!isKeyLike(key)) {
throw new TypeError(invalidKeyInput(key, ...types));
}
if (key.type === 'secret') {
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithms must not be of type "secret"');
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithms must not be of type "secret"`);
}
if (usage === 'sign' && key.type === 'public') {
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm signing must be of type "private"');
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm signing must be of type "private"`);
}
if (usage === 'decrypt' && key.type === 'public') {
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm decryption must be of type "private"');
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm decryption must be of type "private"`);
}
if (key.algorithm && usage === 'verify' && key.type === 'private') {
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm verifying must be of type "public"`);
}
if (key.algorithm && usage === 'encrypt' && key.type === 'private') {
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm encryption must be of type "public"`);
}
};
const checkKeyType = (alg, key, usage) => {
const symmetric = alg.startsWith('HS') ||
alg === 'dir' ||
alg.startsWith('PBES2') ||
/^A\d{3}(?:GCM)?KW$/.test(alg);
if (symmetric) {
symmetricTypeCheck(key);
}
else {
asymmetricTypeCheck(key, usage);
}
};
export default checkKeyType;

@@ -11,12 +11,3 @@ import { unwrap as aesKw } from '../runtime/aeskw.js';

import checkKeyType from './check_key_type.js';
function assertEnryptedKey(encryptedKey) {
if (!encryptedKey) {
throw new JWEInvalid('JWE Encrypted Key missing');
}
}
function assertHeaderParameter(joseHeader, parameter, name) {
if (joseHeader[parameter] === undefined) {
throw new JWEInvalid(`JOSE Header ${name} (${parameter}) missing`);
}
}
import isObject from './is_object.js';
async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {

@@ -26,32 +17,35 @@ checkKeyType(alg, key, 'decrypt');

case 'dir': {
if (encryptedKey !== undefined) {
if (encryptedKey !== undefined)
throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
}
return key;
}
case 'ECDH-ES':
if (encryptedKey !== undefined) {
if (encryptedKey !== undefined)
throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
}
case 'ECDH-ES+A128KW':
case 'ECDH-ES+A192KW':
case 'ECDH-ES+A256KW': {
assertHeaderParameter(joseHeader, 'epk', 'Ephemeral Public Key');
if (!ECDH.ecdhAllowed(key)) {
if (!isObject(joseHeader.epk))
throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`);
if (!ECDH.ecdhAllowed(key))
throw new JOSENotSupported('ECDH-ES with the provided key is not allowed or not supported by your javascript runtime');
}
const epk = await importJWK(joseHeader.epk, alg);
let partyUInfo;
let partyVInfo;
if (joseHeader.apu !== undefined)
if (joseHeader.apu !== undefined) {
if (typeof joseHeader.apu !== 'string')
throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
partyUInfo = base64url(joseHeader.apu);
if (joseHeader.apv !== undefined)
}
if (joseHeader.apv !== undefined) {
if (typeof joseHeader.apv !== 'string')
throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
partyVInfo = base64url(joseHeader.apv);
}
const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, parseInt(alg.substr(-5, 3), 10) || cekLengths.get(joseHeader.enc), partyUInfo, partyVInfo);
if (alg === 'ECDH-ES') {
if (alg === 'ECDH-ES')
return sharedSecret;
}
assertEnryptedKey(encryptedKey);
const kwAlg = alg.substr(-6);
return aesKw(kwAlg, sharedSecret, encryptedKey);
if (encryptedKey === undefined)
throw new JWEInvalid('JWE Encrypted Key missing');
return aesKw(alg.substr(-6), sharedSecret, encryptedKey);
}

@@ -63,3 +57,4 @@ case 'RSA1_5':

case 'RSA-OAEP-512': {
assertEnryptedKey(encryptedKey);
if (encryptedKey === undefined)
throw new JWEInvalid('JWE Encrypted Key missing');
return rsaEs(alg, key, encryptedKey);

@@ -70,8 +65,9 @@ }

case 'PBES2-HS512+A256KW': {
assertEnryptedKey(encryptedKey);
assertHeaderParameter(joseHeader, 'p2c', 'PBES2 Count');
assertHeaderParameter(joseHeader, 'p2s', 'PBES2 Salt');
const { p2c } = joseHeader;
const p2s = base64url(joseHeader.p2s);
return pbes2Kw(alg, key, encryptedKey, p2c, p2s);
if (encryptedKey === undefined)
throw new JWEInvalid('JWE Encrypted Key missing');
if (typeof joseHeader.p2c !== 'number')
throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
if (typeof joseHeader.p2s !== 'string')
throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s));
}

@@ -81,3 +77,4 @@ case 'A128KW':

case 'A256KW': {
assertEnryptedKey(encryptedKey);
if (encryptedKey === undefined)
throw new JWEInvalid('JWE Encrypted Key missing');
return aesKw(alg, key, encryptedKey);

@@ -88,5 +85,8 @@ }

case 'A256GCMKW': {
assertEnryptedKey(encryptedKey);
assertHeaderParameter(joseHeader, 'iv', 'Initialization Vector');
assertHeaderParameter(joseHeader, 'tag', 'Authentication Tag');
if (encryptedKey === undefined)
throw new JWEInvalid('JWE Encrypted Key missing');
if (typeof joseHeader.iv !== 'string')
throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`);
if (typeof joseHeader.tag !== 'string')
throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
const iv = base64url(joseHeader.iv);

@@ -93,0 +93,0 @@ const tag = base64url(joseHeader.tag);

@@ -10,3 +10,3 @@ import random from '../runtime/random.js';

import { JOSENotSupported } from '../util/errors.js';
import { fromKeyLike } from '../jwk/from_key_like.js';
import { exportJWK } from '../key/export.js';
import checkKeyType from './check_key_type.js';

@@ -34,3 +34,3 @@ const generateCek = cekFactory(random);

ephemeralKey || (ephemeralKey = await ECDH.generateEpk(key));
const { x, y, crv, kty } = await fromKeyLike(ephemeralKey);
const { x, y, crv, kty } = await exportJWK(ephemeralKey);
const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, parseInt(alg.substr(-5, 3), 10) || cekLengths.get(enc), apu, apv);

@@ -37,0 +37,0 @@ parameters = { epk: { x, y, crv, kty } };

import { get as http } from 'http';
import { get as https } from 'https';
import { once } from 'events';
import { JOSEError } from '../util/errors.js';
import { JOSEError, JWKSTimeout } from '../util/errors.js';
import { concat, decoder } from '../lib/buffer_utils.js';

@@ -19,3 +19,7 @@ const protocols = {

});
const [response] = await once(req, 'response');
const [response] = (await Promise.race([once(req, 'response'), once(req, 'timeout')]));
if (!response) {
req.destroy();
throw new JWKSTimeout();
}
if (response.statusCode !== 200) {

@@ -22,0 +26,0 @@ throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');

export class JOSEError extends Error {
constructor(message) {
var _a;
super(message);
this.code = JOSEError.code;
this.name = this.constructor.name;
if (Error.captureStackTrace) {
Error.captureStackTrace(this, this.constructor);
}
(_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);
}

@@ -94,2 +93,10 @@ }

JWKSMultipleMatchingKeys.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';
export class JWKSTimeout extends JOSEError {
constructor() {
super(...arguments);
this.code = JWKSTimeout.code;
this.message = 'request timed out';
}
}
JWKSTimeout.code = 'ERR_JWKS_TIMEOUT';
export class JWSSignatureVerificationFailed extends JOSEError {

@@ -96,0 +103,0 @@ constructor() {

import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types';
export interface CompactDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> {
}
declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike, options?: DecryptOptions): Promise<CompactDecryptResult>;
declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<CompactDecryptResult>;
declare function compactDecrypt(jwe: string | Uint8Array, getKey: CompactDecryptGetKey, options?: DecryptOptions): Promise<CompactDecryptResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { compactDecrypt };

@@ -9,3 +9,3 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters, EncryptOptions } from '../../types';

setKeyManagementParameters(parameters: JWEKeyManagementHeaderParameters): this;
encrypt(key: KeyLike, options?: EncryptOptions): Promise<string>;
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string>;
}

@@ -12,0 +12,0 @@ export { CompactEncrypt };

import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types';
export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> {
}
declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike, options?: DecryptOptions): Promise<FlattenedDecryptResult>;
declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<FlattenedDecryptResult>;
declare function flattenedDecrypt(jwe: FlattenedJWE, getKey: FlattenedDecryptGetKey, options?: DecryptOptions): Promise<FlattenedDecryptResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { flattenedDecrypt };

@@ -19,3 +19,3 @@ import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types';

setInitializationVector(iv: Uint8Array): this;
encrypt(key: KeyLike, options?: EncryptOptions): Promise<FlattenedJWE>;
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<FlattenedJWE>;
}

@@ -22,0 +22,0 @@ export { FlattenedEncrypt };

import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types';
export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> {
}
declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike, options?: DecryptOptions): Promise<GeneralDecryptResult>;
declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<GeneralDecryptResult>;
declare function generalDecrypt(jwe: GeneralJWE, getKey: GeneralDecryptGetKey, options?: DecryptOptions): Promise<GeneralDecryptResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { generalDecrypt };

@@ -1,5 +0,4 @@

/// <reference types="node" />
import type { KeyObject, FlattenedJWSInput, JWSHeaderParameters } from '../types';
declare function EmbeddedJWK(protectedHeader: JWSHeaderParameters, token: FlattenedJWSInput): Promise<CryptoKey | KeyObject>;
import type { FlattenedJWSInput, JWSHeaderParameters } from '../types';
declare function EmbeddedJWK(protectedHeader: JWSHeaderParameters, token: FlattenedJWSInput): Promise<import("../types.d").KeyLike>;
export { EmbeddedJWK };
export default EmbeddedJWK;
import type { JWK, KeyLike } from '../types';
declare function fromKeyLike(key: KeyLike): Promise<JWK>;
declare function fromKeyLike(key: KeyLike | Uint8Array): Promise<JWK>;
export { fromKeyLike };
export default fromKeyLike;
export type { KeyLike, JWK };
import type { JWK, KeyLike } from '../types';
declare function parseJwk(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike>;
declare function parseJwk(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>;
export { parseJwk };
export default parseJwk;
export type { KeyLike, JWK };

@@ -6,3 +6,3 @@ import type { JWSHeaderParameters, KeyLike, SignOptions } from '../../types';

setProtectedHeader(protectedHeader: JWSHeaderParameters): this;
sign(key: KeyLike, options?: SignOptions): Promise<string>;
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<string>;
}

@@ -9,0 +9,0 @@ export { CompactSign };

import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types';
export interface CompactVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> {
}
declare function compactVerify(jws: string | Uint8Array, key: KeyLike, options?: VerifyOptions): Promise<CompactVerifyResult>;
declare function compactVerify(jws: string | Uint8Array, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<CompactVerifyResult>;
declare function compactVerify(jws: string | Uint8Array, getKey: CompactVerifyGetKey, options?: VerifyOptions): Promise<CompactVerifyResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { compactVerify };

@@ -9,3 +9,3 @@ import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types';

setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): this;
sign(key: KeyLike, options?: SignOptions): Promise<FlattenedJWS>;
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<FlattenedJWS>;
}

@@ -12,0 +12,0 @@ export { FlattenedSign };

import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types';
export interface FlattenedVerifyGetKey extends GetKeyFunction<JWSHeaderParameters | undefined, FlattenedJWSInput> {
}
declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike, options?: VerifyOptions): Promise<FlattenedVerifyResult>;
declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<FlattenedVerifyResult>;
declare function flattenedVerify(jws: FlattenedJWSInput, getKey: FlattenedVerifyGetKey, options?: VerifyOptions): Promise<FlattenedVerifyResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { flattenedVerify };

@@ -10,3 +10,3 @@ import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types';

constructor(payload: Uint8Array);
addSignature(key: KeyLike, options?: SignOptions): Signature;
addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature;
sign(): Promise<GeneralJWS>;

@@ -13,0 +13,0 @@ }

import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types';
export interface GeneralVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> {
}
declare function generalVerify(jws: GeneralJWSInput, key: KeyLike, options?: VerifyOptions): Promise<GeneralVerifyResult>;
declare function generalVerify(jws: GeneralJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<GeneralVerifyResult>;
declare function generalVerify(jws: GeneralJWSInput, getKey: GeneralVerifyGetKey, options?: VerifyOptions): Promise<GeneralVerifyResult & ResolvedKey>;

@@ -6,0 +6,0 @@ export { generalVerify };

@@ -6,3 +6,3 @@ import type { KeyLike, DecryptOptions, JWTPayload, JWTClaimVerificationOptions, GetKeyFunction, JWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types';

}
declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike, options?: JWTDecryptOptions): Promise<JWTDecryptResult>;
declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>;
declare function jwtDecrypt(jwt: string | Uint8Array, getKey: JWTDecryptGetKey, options?: JWTDecryptOptions): Promise<JWTDecryptResult & ResolvedKey>;

@@ -9,0 +9,0 @@ export { jwtDecrypt };

import type { EncryptOptions, JWEHeaderParameters, JWEKeyManagementHeaderParameters, JWTPayload, KeyLike } from '../types';
import ProduceJWT from '../lib/jwt_producer';
import { ProduceJWT } from './produce';
declare class EncryptJWT extends ProduceJWT {

@@ -18,3 +18,3 @@ private _cek;

replicateAudienceAsHeader(): this;
encrypt(key: KeyLike, options?: EncryptOptions): Promise<string>;
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string>;
}

@@ -21,0 +21,0 @@ export { EncryptJWT };

import type { JWSHeaderParameters, JWTPayload, KeyLike, SignOptions } from '../types';
import ProduceJWT from '../lib/jwt_producer';
import { ProduceJWT } from './produce';
declare class SignJWT extends ProduceJWT {
private _protectedHeader;
setProtectedHeader(protectedHeader: JWSHeaderParameters): this;
sign(key: KeyLike, options?: SignOptions): Promise<string>;
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<string>;
}

@@ -8,0 +8,0 @@ export { SignJWT };

import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types';
import ProduceJWT from '../lib/jwt_producer';
import { ProduceJWT } from './produce';
interface UnsecuredResult {

@@ -4,0 +4,0 @@ payload: JWTPayload;

@@ -6,3 +6,3 @@ import type { KeyLike, VerifyOptions, JWTPayload, JWTClaimVerificationOptions, JWSHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types';

}
declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike, options?: JWTVerifyOptions): Promise<JWTVerifyResult>;
declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>;
declare function jwtVerify(jwt: string | Uint8Array, getKey: JWTVerifyGetKey, options?: JWTVerifyOptions): Promise<JWTVerifyResult & ResolvedKey>;

@@ -9,0 +9,0 @@ export { jwtVerify };

import type { JWK, KeyLike } from '../types';
export declare function exportSPKI(key: Exclude<KeyLike, Uint8Array>): Promise<string>;
export declare function exportPKCS8(key: Exclude<KeyLike, Uint8Array>): Promise<string>;
export declare function exportJWK(key: KeyLike): Promise<JWK>;
export declare function exportSPKI(key: KeyLike): Promise<string>;
export declare function exportPKCS8(key: KeyLike): Promise<string>;
export declare function exportJWK(key: KeyLike | Uint8Array): Promise<JWK>;
export type { KeyLike, JWK };

@@ -8,3 +8,3 @@ import type { JWK, KeyLike } from '../types';

export declare function importPKCS8(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<Exclude<KeyLike, Uint8Array>>;
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike>;
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>;
export type { KeyLike, JWK };

@@ -1,5 +0,98 @@

/// <reference lib="dom"/>
import type { KeyObject } from 'crypto'
export type { KeyObject }
export type KeyLike = KeyObject | CryptoKey | Uint8Array
/**
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets.
* These are instances of
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and additionally
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject)
* in Node.js runtime.
* [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array)
* instances are also accepted as symmetric secret representation only.
*
* [jose/key/import](../modules/key_import.md#readme) functions can be used to import PEM,
* or JWK formatted asymmetric keys and certificates to these runtime-specific representations.
*
* In Node.js the
* [Buffer](https://nodejs.org/api/buffer.html#buffer_buffer) class is a subclass of Uint8Array
* and so Buffer can be provided for symmetric secrets as well.
*
* ---
*
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) is a representation of a
* key/secret available in the Node.js runtime.
* In addition to the import functions of this library you may use the
* runtime APIs
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key),
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key), and
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding)
* to obtain a KeyObject from your existing key material.
*
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a
* key/secret available in the Browser and Deno runtimes.
* In addition to the import functions of this library you may use the
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) API
* to obtain a CryptoKey from your existing key material.
*
* ---
*
* @example Import a PEM-encoded SPKI Public Key
* ```js
* import { importSPKI } from 'jose/key/import'
*
* const algorithm = 'ES256'
* const spki = `-----BEGIN PUBLIC KEY-----
* MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFlHHWfLk0gLBbsLTcuCrbCqoHqmM
* YJepMC+Q+Dd6RBmBiA41evUsNMwLeN+PNFqib+xwi9JkJ8qhZkq8Y/IzGg==
* -----END PUBLIC KEY-----`
* const ecPublicKey = await importSPKI(spki, algorithm)
* ```
*
* @example Import a X.509 Certificate
* ```js
* import { importX509 } from 'jose/key/import'
*
* const algorithm = 'ES256'
* const x509 = `-----BEGIN CERTIFICATE-----
* MIIBXjCCAQSgAwIBAgIGAXvykuMKMAoGCCqGSM49BAMCMDYxNDAyBgNVBAMMK3Np
* QXBNOXpBdk1VaXhXVWVGaGtjZXg1NjJRRzFyQUhXaV96UlFQTVpQaG8wHhcNMjEw
* OTE3MDcwNTE3WhcNMjIwNzE0MDcwNTE3WjA2MTQwMgYDVQQDDCtzaUFwTTl6QXZN
* VWl4V1VlRmhrY2V4NTYyUUcxckFIV2lfelJRUE1aUGhvMFkwEwYHKoZIzj0CAQYI
* KoZIzj0DAQcDQgAE8PbPvCv5D5xBFHEZlBp/q5OEUymq7RIgWIi7tkl9aGSpYE35
* UH+kBKDnphJO3odpPZ5gvgKs2nwRWcrDnUjYLDAKBggqhkjOPQQDAgNIADBFAiEA
* 1yyMTRe66MhEXID9+uVub7woMkNYd0LhSHwKSPMUUTkCIFQGsfm1ecXOpeGOufAh
* v+A1QWZMuTWqYt+uh/YSRNDn
* -----END CERTIFICATE-----`
* const ecPublicKey = await importX509(x509, algorithm)
* ```
*
* @example Import a PEM-encoded PKCS8 Private Key
* ```js
* import { importPKCS8 } from 'jose/key/import'
*
* const algorithm = 'ES256'
* const pkcs8 = `-----BEGIN PRIVATE KEY-----
* MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiyvo0X+VQ0yIrOaN
* nlrnUclopnvuuMfoc8HHly3505OhRANCAAQWUcdZ8uTSAsFuwtNy4KtsKqgeqYxg
* l6kwL5D4N3pEGYGIDjV69Sw0zAt43480WqJv7HCL0mQnyqFmSrxj8jMa
* -----END PRIVATE KEY-----`
* const ecPrivateKey = await importPKCS8(pkcs8, algorithm)
* ```
*
* @example Import a JSON Web Key (JWK)
* ```js
* import { importJWK } from 'jose/key/import'
*
* const ecPublicKey = await importJWK({
* crv: 'P-256',
* kty: 'EC',
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo'
* }, 'ES256')
*
* const rsaPublicKey = await importJWK({
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ'
* }, 'PS256')
* ```
*/
export type KeyLike = { type: string }
export interface JWK {

@@ -36,3 +129,3 @@ alg?: string

export interface GetKeyFunction<T, T2> {
(protectedHeader: T, token: T2): Promise<KeyLike>
(protectedHeader: T, token: T2): Promise<KeyLike | Uint8Array>
}

@@ -174,3 +267,3 @@ export interface FlattenedJWSInput {

export interface ResolvedKey {
key: KeyLike
key: KeyLike | Uint8Array
}

@@ -56,2 +56,7 @@ export declare class JOSEError extends Error {

}
export declare class JWKSTimeout extends JOSEError {
static code: string;
code: string;
message: string;
}
export declare class JWSSignatureVerificationFailed extends JOSEError {

@@ -58,0 +63,0 @@ static code: string;

import type { KeyLike } from '../types';
export interface GenerateKeyPairResult {
privateKey: Exclude<KeyLike, Uint8Array>;
publicKey: Exclude<KeyLike, Uint8Array>;
privateKey: KeyLike;
publicKey: KeyLike;
}

@@ -6,0 +6,0 @@ export interface GenerateKeyPairOptions {

@@ -5,4 +5,4 @@ import type { KeyLike } from '../types';

}
declare function generateSecret(alg: string, options?: GenerateSecretOptions): Promise<KeyLike>;
declare function generateSecret(alg: string, options?: GenerateSecretOptions): Promise<KeyLike | Uint8Array>;
export { generateSecret };
export default generateSecret;
{
"name": "jose-node-esm-runtime",
"version": "3.19.0",
"version": "3.20.0",
"description": "(Node.JS ESM Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies",

@@ -92,6 +92,4 @@ "keywords": [

"!dist/node/webcrypto/**/*",
"!dist/types/**/*.i.d.ts",
"!dist/types/runtime/*",
"!dist/types/lib/*",
"dist/types/lib/jwt_producer.d.ts",
"!dist/browser/**/*",

@@ -98,0 +96,0 @@ "!dist/node/cjs/**/*",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc