jose-node-esm-runtime
Advanced tools
Comparing version 3.19.0 to 3.20.0
@@ -12,4 +12,4 @@ import { importJWK } from '../key/import.js'; | ||
} | ||
const key = (await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true)); | ||
if (key.type !== 'public') { | ||
const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true); | ||
if (key instanceof Uint8Array || key.type !== 'public') { | ||
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key'); | ||
@@ -16,0 +16,0 @@ } |
import fetchJwks from '../runtime/fetch_jwks.js'; | ||
import parseJWK from '../jwk/parse.js'; | ||
import { importJWK } from '../key/import.js'; | ||
import { JWKSInvalid, JOSENotSupported, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, } from '../util/errors.js'; | ||
import isObject from '../lib/is_object.js'; | ||
function getKtyFromAlg(alg) { | ||
switch (alg.substr(0, 2)) { | ||
switch (typeof alg === 'string' && alg.substr(0, 2)) { | ||
case 'RS': | ||
@@ -35,3 +35,3 @@ case 'PS': | ||
coolingDown() { | ||
if (typeof this._cooldownStarted === 'undefined') { | ||
if (!this._cooldownStarted) { | ||
return false; | ||
@@ -60,3 +60,3 @@ } | ||
if (candidate && protectedHeader.alg === 'EdDSA') { | ||
candidate = ['Ed25519', 'Ed448'].includes(jwk.crv); | ||
candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448'; | ||
} | ||
@@ -93,9 +93,6 @@ if (candidate) { | ||
} | ||
if (!this._cached.has(jwk)) { | ||
this._cached.set(jwk, {}); | ||
} | ||
const cached = this._cached.get(jwk); | ||
const cached = this._cached.get(jwk) || this._cached.set(jwk, {}).get(jwk); | ||
if (cached[protectedHeader.alg] === undefined) { | ||
const keyObject = (await parseJWK({ ...jwk, alg: protectedHeader.alg, ext: true })); | ||
if (keyObject.type !== 'public') { | ||
const keyObject = await importJWK({ ...jwk, ext: true }, protectedHeader.alg); | ||
if (keyObject instanceof Uint8Array || keyObject.type !== 'public') { | ||
throw new JWKSInvalid('JSON Web Key Set members must be public keys'); | ||
@@ -102,0 +99,0 @@ } |
import CompactEncrypt from '../jwe/compact/encrypt.js'; | ||
import { encoder } from '../lib/buffer_utils.js'; | ||
import ProduceJWT from '../lib/jwt_producer.js'; | ||
import { ProduceJWT } from './produce.js'; | ||
class EncryptJWT extends ProduceJWT { | ||
@@ -5,0 +5,0 @@ setProtectedHeader(protectedHeader) { |
import CompactSign from '../jws/compact/sign.js'; | ||
import { JWTInvalid } from '../util/errors.js'; | ||
import { encoder } from '../lib/buffer_utils.js'; | ||
import ProduceJWT from '../lib/jwt_producer.js'; | ||
import { ProduceJWT } from './produce.js'; | ||
class SignJWT extends ProduceJWT { | ||
@@ -6,0 +6,0 @@ setProtectedHeader(protectedHeader) { |
@@ -5,3 +5,3 @@ import * as base64url from '../runtime/base64url.js'; | ||
import jwtPayload from '../lib/jwt_claims_set.js'; | ||
import ProduceJWT from '../lib/jwt_producer.js'; | ||
import { ProduceJWT } from './produce.js'; | ||
class UnsecuredJWT extends ProduceJWT { | ||
@@ -8,0 +8,0 @@ encode() { |
import invalidKeyInput from '../runtime/invalid_key_input.js'; | ||
const checkKeyType = (alg, key, usage) => { | ||
if (!(key instanceof Uint8Array) && !(key === null || key === void 0 ? void 0 : key.type)) { | ||
throw new TypeError(invalidKeyInput(key, 'KeyObject', 'CryptoKey', 'Uint8Array')); | ||
import isKeyLike, { types } from '../runtime/is_key_like.js'; | ||
const symmetricTypeCheck = (key) => { | ||
if (key instanceof Uint8Array) | ||
return; | ||
if (!isKeyLike(key)) { | ||
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); | ||
} | ||
if (alg.startsWith('HS') || | ||
alg === 'dir' || | ||
alg.startsWith('PBES2') || | ||
alg.match(/^A\d{3}(?:GCM)?KW$/)) { | ||
if (key instanceof Uint8Array || key.type === 'secret') { | ||
return; | ||
} | ||
throw new TypeError('CryptoKey or KeyObject instances for symmetric algorithms must be of type "secret"'); | ||
if (key.type !== 'secret') { | ||
throw new TypeError(`${types.join(' or ')} instances for symmetric algorithms must be of type "secret"`); | ||
} | ||
if (key instanceof Uint8Array) { | ||
throw new TypeError(invalidKeyInput(key, 'KeyObject', 'CryptoKey')); | ||
}; | ||
const asymmetricTypeCheck = (key, usage) => { | ||
if (!isKeyLike(key)) { | ||
throw new TypeError(invalidKeyInput(key, ...types)); | ||
} | ||
if (key.type === 'secret') { | ||
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithms must not be of type "secret"'); | ||
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithms must not be of type "secret"`); | ||
} | ||
if (usage === 'sign' && key.type === 'public') { | ||
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm signing must be of type "private"'); | ||
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm signing must be of type "private"`); | ||
} | ||
if (usage === 'decrypt' && key.type === 'public') { | ||
throw new TypeError('CryptoKey or KeyObject instances for asymmetric algorithm decryption must be of type "private"'); | ||
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm decryption must be of type "private"`); | ||
} | ||
if (key.algorithm && usage === 'verify' && key.type === 'private') { | ||
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm verifying must be of type "public"`); | ||
} | ||
if (key.algorithm && usage === 'encrypt' && key.type === 'private') { | ||
throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm encryption must be of type "public"`); | ||
} | ||
}; | ||
const checkKeyType = (alg, key, usage) => { | ||
const symmetric = alg.startsWith('HS') || | ||
alg === 'dir' || | ||
alg.startsWith('PBES2') || | ||
/^A\d{3}(?:GCM)?KW$/.test(alg); | ||
if (symmetric) { | ||
symmetricTypeCheck(key); | ||
} | ||
else { | ||
asymmetricTypeCheck(key, usage); | ||
} | ||
}; | ||
export default checkKeyType; |
@@ -11,12 +11,3 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
import checkKeyType from './check_key_type.js'; | ||
function assertEnryptedKey(encryptedKey) { | ||
if (!encryptedKey) { | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
} | ||
} | ||
function assertHeaderParameter(joseHeader, parameter, name) { | ||
if (joseHeader[parameter] === undefined) { | ||
throw new JWEInvalid(`JOSE Header ${name} (${parameter}) missing`); | ||
} | ||
} | ||
import isObject from './is_object.js'; | ||
async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) { | ||
@@ -26,32 +17,35 @@ checkKeyType(alg, key, 'decrypt'); | ||
case 'dir': { | ||
if (encryptedKey !== undefined) { | ||
if (encryptedKey !== undefined) | ||
throw new JWEInvalid('Encountered unexpected JWE Encrypted Key'); | ||
} | ||
return key; | ||
} | ||
case 'ECDH-ES': | ||
if (encryptedKey !== undefined) { | ||
if (encryptedKey !== undefined) | ||
throw new JWEInvalid('Encountered unexpected JWE Encrypted Key'); | ||
} | ||
case 'ECDH-ES+A128KW': | ||
case 'ECDH-ES+A192KW': | ||
case 'ECDH-ES+A256KW': { | ||
assertHeaderParameter(joseHeader, 'epk', 'Ephemeral Public Key'); | ||
if (!ECDH.ecdhAllowed(key)) { | ||
if (!isObject(joseHeader.epk)) | ||
throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`); | ||
if (!ECDH.ecdhAllowed(key)) | ||
throw new JOSENotSupported('ECDH-ES with the provided key is not allowed or not supported by your javascript runtime'); | ||
} | ||
const epk = await importJWK(joseHeader.epk, alg); | ||
let partyUInfo; | ||
let partyVInfo; | ||
if (joseHeader.apu !== undefined) | ||
if (joseHeader.apu !== undefined) { | ||
if (typeof joseHeader.apu !== 'string') | ||
throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`); | ||
partyUInfo = base64url(joseHeader.apu); | ||
if (joseHeader.apv !== undefined) | ||
} | ||
if (joseHeader.apv !== undefined) { | ||
if (typeof joseHeader.apv !== 'string') | ||
throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`); | ||
partyVInfo = base64url(joseHeader.apv); | ||
} | ||
const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, parseInt(alg.substr(-5, 3), 10) || cekLengths.get(joseHeader.enc), partyUInfo, partyVInfo); | ||
if (alg === 'ECDH-ES') { | ||
if (alg === 'ECDH-ES') | ||
return sharedSecret; | ||
} | ||
assertEnryptedKey(encryptedKey); | ||
const kwAlg = alg.substr(-6); | ||
return aesKw(kwAlg, sharedSecret, encryptedKey); | ||
if (encryptedKey === undefined) | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
return aesKw(alg.substr(-6), sharedSecret, encryptedKey); | ||
} | ||
@@ -63,3 +57,4 @@ case 'RSA1_5': | ||
case 'RSA-OAEP-512': { | ||
assertEnryptedKey(encryptedKey); | ||
if (encryptedKey === undefined) | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
return rsaEs(alg, key, encryptedKey); | ||
@@ -70,8 +65,9 @@ } | ||
case 'PBES2-HS512+A256KW': { | ||
assertEnryptedKey(encryptedKey); | ||
assertHeaderParameter(joseHeader, 'p2c', 'PBES2 Count'); | ||
assertHeaderParameter(joseHeader, 'p2s', 'PBES2 Salt'); | ||
const { p2c } = joseHeader; | ||
const p2s = base64url(joseHeader.p2s); | ||
return pbes2Kw(alg, key, encryptedKey, p2c, p2s); | ||
if (encryptedKey === undefined) | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
if (typeof joseHeader.p2c !== 'number') | ||
throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`); | ||
if (typeof joseHeader.p2s !== 'string') | ||
throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`); | ||
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s)); | ||
} | ||
@@ -81,3 +77,4 @@ case 'A128KW': | ||
case 'A256KW': { | ||
assertEnryptedKey(encryptedKey); | ||
if (encryptedKey === undefined) | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
return aesKw(alg, key, encryptedKey); | ||
@@ -88,5 +85,8 @@ } | ||
case 'A256GCMKW': { | ||
assertEnryptedKey(encryptedKey); | ||
assertHeaderParameter(joseHeader, 'iv', 'Initialization Vector'); | ||
assertHeaderParameter(joseHeader, 'tag', 'Authentication Tag'); | ||
if (encryptedKey === undefined) | ||
throw new JWEInvalid('JWE Encrypted Key missing'); | ||
if (typeof joseHeader.iv !== 'string') | ||
throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`); | ||
if (typeof joseHeader.tag !== 'string') | ||
throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`); | ||
const iv = base64url(joseHeader.iv); | ||
@@ -93,0 +93,0 @@ const tag = base64url(joseHeader.tag); |
@@ -10,3 +10,3 @@ import random from '../runtime/random.js'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
import { fromKeyLike } from '../jwk/from_key_like.js'; | ||
import { exportJWK } from '../key/export.js'; | ||
import checkKeyType from './check_key_type.js'; | ||
@@ -34,3 +34,3 @@ const generateCek = cekFactory(random); | ||
ephemeralKey || (ephemeralKey = await ECDH.generateEpk(key)); | ||
const { x, y, crv, kty } = await fromKeyLike(ephemeralKey); | ||
const { x, y, crv, kty } = await exportJWK(ephemeralKey); | ||
const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, parseInt(alg.substr(-5, 3), 10) || cekLengths.get(enc), apu, apv); | ||
@@ -37,0 +37,0 @@ parameters = { epk: { x, y, crv, kty } }; |
import { get as http } from 'http'; | ||
import { get as https } from 'https'; | ||
import { once } from 'events'; | ||
import { JOSEError } from '../util/errors.js'; | ||
import { JOSEError, JWKSTimeout } from '../util/errors.js'; | ||
import { concat, decoder } from '../lib/buffer_utils.js'; | ||
@@ -19,3 +19,7 @@ const protocols = { | ||
}); | ||
const [response] = await once(req, 'response'); | ||
const [response] = (await Promise.race([once(req, 'response'), once(req, 'timeout')])); | ||
if (!response) { | ||
req.destroy(); | ||
throw new JWKSTimeout(); | ||
} | ||
if (response.statusCode !== 200) { | ||
@@ -22,0 +26,0 @@ throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response'); |
export class JOSEError extends Error { | ||
constructor(message) { | ||
var _a; | ||
super(message); | ||
this.code = JOSEError.code; | ||
this.name = this.constructor.name; | ||
if (Error.captureStackTrace) { | ||
Error.captureStackTrace(this, this.constructor); | ||
} | ||
(_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor); | ||
} | ||
@@ -94,2 +93,10 @@ } | ||
JWKSMultipleMatchingKeys.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS'; | ||
export class JWKSTimeout extends JOSEError { | ||
constructor() { | ||
super(...arguments); | ||
this.code = JWKSTimeout.code; | ||
this.message = 'request timed out'; | ||
} | ||
} | ||
JWKSTimeout.code = 'ERR_JWKS_TIMEOUT'; | ||
export class JWSSignatureVerificationFailed extends JOSEError { | ||
@@ -96,0 +103,0 @@ constructor() { |
import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types'; | ||
export interface CompactDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
} | ||
declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike, options?: DecryptOptions): Promise<CompactDecryptResult>; | ||
declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<CompactDecryptResult>; | ||
declare function compactDecrypt(jwe: string | Uint8Array, getKey: CompactDecryptGetKey, options?: DecryptOptions): Promise<CompactDecryptResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { compactDecrypt }; |
@@ -9,3 +9,3 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters, EncryptOptions } from '../../types'; | ||
setKeyManagementParameters(parameters: JWEKeyManagementHeaderParameters): this; | ||
encrypt(key: KeyLike, options?: EncryptOptions): Promise<string>; | ||
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string>; | ||
} | ||
@@ -12,0 +12,0 @@ export { CompactEncrypt }; |
import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> { | ||
} | ||
declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike, options?: DecryptOptions): Promise<FlattenedDecryptResult>; | ||
declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<FlattenedDecryptResult>; | ||
declare function flattenedDecrypt(jwe: FlattenedJWE, getKey: FlattenedDecryptGetKey, options?: DecryptOptions): Promise<FlattenedDecryptResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { flattenedDecrypt }; |
@@ -19,3 +19,3 @@ import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types'; | ||
setInitializationVector(iv: Uint8Array): this; | ||
encrypt(key: KeyLike, options?: EncryptOptions): Promise<FlattenedJWE>; | ||
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<FlattenedJWE>; | ||
} | ||
@@ -22,0 +22,0 @@ export { FlattenedEncrypt }; |
import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types'; | ||
export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
} | ||
declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike, options?: DecryptOptions): Promise<GeneralDecryptResult>; | ||
declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<GeneralDecryptResult>; | ||
declare function generalDecrypt(jwe: GeneralJWE, getKey: GeneralDecryptGetKey, options?: DecryptOptions): Promise<GeneralDecryptResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { generalDecrypt }; |
@@ -1,5 +0,4 @@ | ||
/// <reference types="node" /> | ||
import type { KeyObject, FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
declare function EmbeddedJWK(protectedHeader: JWSHeaderParameters, token: FlattenedJWSInput): Promise<CryptoKey | KeyObject>; | ||
import type { FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
declare function EmbeddedJWK(protectedHeader: JWSHeaderParameters, token: FlattenedJWSInput): Promise<import("../types.d").KeyLike>; | ||
export { EmbeddedJWK }; | ||
export default EmbeddedJWK; |
import type { JWK, KeyLike } from '../types'; | ||
declare function fromKeyLike(key: KeyLike): Promise<JWK>; | ||
declare function fromKeyLike(key: KeyLike | Uint8Array): Promise<JWK>; | ||
export { fromKeyLike }; | ||
export default fromKeyLike; | ||
export type { KeyLike, JWK }; |
import type { JWK, KeyLike } from '../types'; | ||
declare function parseJwk(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike>; | ||
declare function parseJwk(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>; | ||
export { parseJwk }; | ||
export default parseJwk; | ||
export type { KeyLike, JWK }; |
@@ -6,3 +6,3 @@ import type { JWSHeaderParameters, KeyLike, SignOptions } from '../../types'; | ||
setProtectedHeader(protectedHeader: JWSHeaderParameters): this; | ||
sign(key: KeyLike, options?: SignOptions): Promise<string>; | ||
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<string>; | ||
} | ||
@@ -9,0 +9,0 @@ export { CompactSign }; |
import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
export interface CompactVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> { | ||
} | ||
declare function compactVerify(jws: string | Uint8Array, key: KeyLike, options?: VerifyOptions): Promise<CompactVerifyResult>; | ||
declare function compactVerify(jws: string | Uint8Array, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<CompactVerifyResult>; | ||
declare function compactVerify(jws: string | Uint8Array, getKey: CompactVerifyGetKey, options?: VerifyOptions): Promise<CompactVerifyResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { compactVerify }; |
@@ -9,3 +9,3 @@ import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): this; | ||
sign(key: KeyLike, options?: SignOptions): Promise<FlattenedJWS>; | ||
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<FlattenedJWS>; | ||
} | ||
@@ -12,0 +12,0 @@ export { FlattenedSign }; |
import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
export interface FlattenedVerifyGetKey extends GetKeyFunction<JWSHeaderParameters | undefined, FlattenedJWSInput> { | ||
} | ||
declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike, options?: VerifyOptions): Promise<FlattenedVerifyResult>; | ||
declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<FlattenedVerifyResult>; | ||
declare function flattenedVerify(jws: FlattenedJWSInput, getKey: FlattenedVerifyGetKey, options?: VerifyOptions): Promise<FlattenedVerifyResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { flattenedVerify }; |
@@ -10,3 +10,3 @@ import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
constructor(payload: Uint8Array); | ||
addSignature(key: KeyLike, options?: SignOptions): Signature; | ||
addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature; | ||
sign(): Promise<GeneralJWS>; | ||
@@ -13,0 +13,0 @@ } |
import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
export interface GeneralVerifyGetKey extends GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput> { | ||
} | ||
declare function generalVerify(jws: GeneralJWSInput, key: KeyLike, options?: VerifyOptions): Promise<GeneralVerifyResult>; | ||
declare function generalVerify(jws: GeneralJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<GeneralVerifyResult>; | ||
declare function generalVerify(jws: GeneralJWSInput, getKey: GeneralVerifyGetKey, options?: VerifyOptions): Promise<GeneralVerifyResult & ResolvedKey>; | ||
@@ -6,0 +6,0 @@ export { generalVerify }; |
@@ -6,3 +6,3 @@ import type { KeyLike, DecryptOptions, JWTPayload, JWTClaimVerificationOptions, GetKeyFunction, JWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types'; | ||
} | ||
declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike, options?: JWTDecryptOptions): Promise<JWTDecryptResult>; | ||
declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>; | ||
declare function jwtDecrypt(jwt: string | Uint8Array, getKey: JWTDecryptGetKey, options?: JWTDecryptOptions): Promise<JWTDecryptResult & ResolvedKey>; | ||
@@ -9,0 +9,0 @@ export { jwtDecrypt }; |
import type { EncryptOptions, JWEHeaderParameters, JWEKeyManagementHeaderParameters, JWTPayload, KeyLike } from '../types'; | ||
import ProduceJWT from '../lib/jwt_producer'; | ||
import { ProduceJWT } from './produce'; | ||
declare class EncryptJWT extends ProduceJWT { | ||
@@ -18,3 +18,3 @@ private _cek; | ||
replicateAudienceAsHeader(): this; | ||
encrypt(key: KeyLike, options?: EncryptOptions): Promise<string>; | ||
encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string>; | ||
} | ||
@@ -21,0 +21,0 @@ export { EncryptJWT }; |
import type { JWSHeaderParameters, JWTPayload, KeyLike, SignOptions } from '../types'; | ||
import ProduceJWT from '../lib/jwt_producer'; | ||
import { ProduceJWT } from './produce'; | ||
declare class SignJWT extends ProduceJWT { | ||
private _protectedHeader; | ||
setProtectedHeader(protectedHeader: JWSHeaderParameters): this; | ||
sign(key: KeyLike, options?: SignOptions): Promise<string>; | ||
sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise<string>; | ||
} | ||
@@ -8,0 +8,0 @@ export { SignJWT }; |
import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types'; | ||
import ProduceJWT from '../lib/jwt_producer'; | ||
import { ProduceJWT } from './produce'; | ||
interface UnsecuredResult { | ||
@@ -4,0 +4,0 @@ payload: JWTPayload; |
@@ -6,3 +6,3 @@ import type { KeyLike, VerifyOptions, JWTPayload, JWTClaimVerificationOptions, JWSHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types'; | ||
} | ||
declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike, options?: JWTVerifyOptions): Promise<JWTVerifyResult>; | ||
declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>; | ||
declare function jwtVerify(jwt: string | Uint8Array, getKey: JWTVerifyGetKey, options?: JWTVerifyOptions): Promise<JWTVerifyResult & ResolvedKey>; | ||
@@ -9,0 +9,0 @@ export { jwtVerify }; |
import type { JWK, KeyLike } from '../types'; | ||
export declare function exportSPKI(key: Exclude<KeyLike, Uint8Array>): Promise<string>; | ||
export declare function exportPKCS8(key: Exclude<KeyLike, Uint8Array>): Promise<string>; | ||
export declare function exportJWK(key: KeyLike): Promise<JWK>; | ||
export declare function exportSPKI(key: KeyLike): Promise<string>; | ||
export declare function exportPKCS8(key: KeyLike): Promise<string>; | ||
export declare function exportJWK(key: KeyLike | Uint8Array): Promise<JWK>; | ||
export type { KeyLike, JWK }; |
@@ -8,3 +8,3 @@ import type { JWK, KeyLike } from '../types'; | ||
export declare function importPKCS8(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<Exclude<KeyLike, Uint8Array>>; | ||
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike>; | ||
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>; | ||
export type { KeyLike, JWK }; |
@@ -1,5 +0,98 @@ | ||
/// <reference lib="dom"/> | ||
import type { KeyObject } from 'crypto' | ||
export type { KeyObject } | ||
export type KeyLike = KeyObject | CryptoKey | Uint8Array | ||
/** | ||
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. | ||
* These are instances of | ||
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and additionally | ||
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) | ||
* in Node.js runtime. | ||
* [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array) | ||
* instances are also accepted as symmetric secret representation only. | ||
* | ||
* [jose/key/import](../modules/key_import.md#readme) functions can be used to import PEM, | ||
* or JWK formatted asymmetric keys and certificates to these runtime-specific representations. | ||
* | ||
* In Node.js the | ||
* [Buffer](https://nodejs.org/api/buffer.html#buffer_buffer) class is a subclass of Uint8Array | ||
* and so Buffer can be provided for symmetric secrets as well. | ||
* | ||
* --- | ||
* | ||
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) is a representation of a | ||
* key/secret available in the Node.js runtime. | ||
* In addition to the import functions of this library you may use the | ||
* runtime APIs | ||
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key), | ||
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key), and | ||
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding) | ||
* to obtain a KeyObject from your existing key material. | ||
* | ||
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a | ||
* key/secret available in the Browser and Deno runtimes. | ||
* In addition to the import functions of this library you may use the | ||
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) API | ||
* to obtain a CryptoKey from your existing key material. | ||
* | ||
* --- | ||
* | ||
* @example Import a PEM-encoded SPKI Public Key | ||
* ```js | ||
* import { importSPKI } from 'jose/key/import' | ||
* | ||
* const algorithm = 'ES256' | ||
* const spki = `-----BEGIN PUBLIC KEY----- | ||
* MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFlHHWfLk0gLBbsLTcuCrbCqoHqmM | ||
* YJepMC+Q+Dd6RBmBiA41evUsNMwLeN+PNFqib+xwi9JkJ8qhZkq8Y/IzGg== | ||
* -----END PUBLIC KEY-----` | ||
* const ecPublicKey = await importSPKI(spki, algorithm) | ||
* ``` | ||
* | ||
* @example Import a X.509 Certificate | ||
* ```js | ||
* import { importX509 } from 'jose/key/import' | ||
* | ||
* const algorithm = 'ES256' | ||
* const x509 = `-----BEGIN CERTIFICATE----- | ||
* MIIBXjCCAQSgAwIBAgIGAXvykuMKMAoGCCqGSM49BAMCMDYxNDAyBgNVBAMMK3Np | ||
* QXBNOXpBdk1VaXhXVWVGaGtjZXg1NjJRRzFyQUhXaV96UlFQTVpQaG8wHhcNMjEw | ||
* OTE3MDcwNTE3WhcNMjIwNzE0MDcwNTE3WjA2MTQwMgYDVQQDDCtzaUFwTTl6QXZN | ||
* VWl4V1VlRmhrY2V4NTYyUUcxckFIV2lfelJRUE1aUGhvMFkwEwYHKoZIzj0CAQYI | ||
* KoZIzj0DAQcDQgAE8PbPvCv5D5xBFHEZlBp/q5OEUymq7RIgWIi7tkl9aGSpYE35 | ||
* UH+kBKDnphJO3odpPZ5gvgKs2nwRWcrDnUjYLDAKBggqhkjOPQQDAgNIADBFAiEA | ||
* 1yyMTRe66MhEXID9+uVub7woMkNYd0LhSHwKSPMUUTkCIFQGsfm1ecXOpeGOufAh | ||
* v+A1QWZMuTWqYt+uh/YSRNDn | ||
* -----END CERTIFICATE-----` | ||
* const ecPublicKey = await importX509(x509, algorithm) | ||
* ``` | ||
* | ||
* @example Import a PEM-encoded PKCS8 Private Key | ||
* ```js | ||
* import { importPKCS8 } from 'jose/key/import' | ||
* | ||
* const algorithm = 'ES256' | ||
* const pkcs8 = `-----BEGIN PRIVATE KEY----- | ||
* MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiyvo0X+VQ0yIrOaN | ||
* nlrnUclopnvuuMfoc8HHly3505OhRANCAAQWUcdZ8uTSAsFuwtNy4KtsKqgeqYxg | ||
* l6kwL5D4N3pEGYGIDjV69Sw0zAt43480WqJv7HCL0mQnyqFmSrxj8jMa | ||
* -----END PRIVATE KEY-----` | ||
* const ecPrivateKey = await importPKCS8(pkcs8, algorithm) | ||
* ``` | ||
* | ||
* @example Import a JSON Web Key (JWK) | ||
* ```js | ||
* import { importJWK } from 'jose/key/import' | ||
* | ||
* const ecPublicKey = await importJWK({ | ||
* crv: 'P-256', | ||
* kty: 'EC', | ||
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo' | ||
* }, 'ES256') | ||
* | ||
* const rsaPublicKey = await importJWK({ | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
* }, 'PS256') | ||
* ``` | ||
*/ | ||
export type KeyLike = { type: string } | ||
export interface JWK { | ||
@@ -36,3 +129,3 @@ alg?: string | ||
export interface GetKeyFunction<T, T2> { | ||
(protectedHeader: T, token: T2): Promise<KeyLike> | ||
(protectedHeader: T, token: T2): Promise<KeyLike | Uint8Array> | ||
} | ||
@@ -174,3 +267,3 @@ export interface FlattenedJWSInput { | ||
export interface ResolvedKey { | ||
key: KeyLike | ||
key: KeyLike | Uint8Array | ||
} |
@@ -56,2 +56,7 @@ export declare class JOSEError extends Error { | ||
} | ||
export declare class JWKSTimeout extends JOSEError { | ||
static code: string; | ||
code: string; | ||
message: string; | ||
} | ||
export declare class JWSSignatureVerificationFailed extends JOSEError { | ||
@@ -58,0 +63,0 @@ static code: string; |
import type { KeyLike } from '../types'; | ||
export interface GenerateKeyPairResult { | ||
privateKey: Exclude<KeyLike, Uint8Array>; | ||
publicKey: Exclude<KeyLike, Uint8Array>; | ||
privateKey: KeyLike; | ||
publicKey: KeyLike; | ||
} | ||
@@ -6,0 +6,0 @@ export interface GenerateKeyPairOptions { |
@@ -5,4 +5,4 @@ import type { KeyLike } from '../types'; | ||
} | ||
declare function generateSecret(alg: string, options?: GenerateSecretOptions): Promise<KeyLike>; | ||
declare function generateSecret(alg: string, options?: GenerateSecretOptions): Promise<KeyLike | Uint8Array>; | ||
export { generateSecret }; | ||
export default generateSecret; |
{ | ||
"name": "jose-node-esm-runtime", | ||
"version": "3.19.0", | ||
"version": "3.20.0", | ||
"description": "(Node.JS ESM Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies", | ||
@@ -92,6 +92,4 @@ "keywords": [ | ||
"!dist/node/webcrypto/**/*", | ||
"!dist/types/**/*.i.d.ts", | ||
"!dist/types/runtime/*", | ||
"!dist/types/lib/*", | ||
"dist/types/lib/jwt_producer.d.ts", | ||
"!dist/browser/**/*", | ||
@@ -98,0 +96,0 @@ "!dist/node/cjs/**/*", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
168773
115
4247