jose - npm Package Compare versions

Comparing version 1.26.1 to 1.27.0

CHANGELOG.md

@@ -5,2 +5,11 @@ # Change Log
 
+# [1.27.0](https://github.com/panva/jose/compare/v1.26.1...v1.27.0) (2020-05-05)
+
+
+### Features
+
+* add opt-in objects to verify using embedded JWS Header public keys ([7c1cab1](https://github.com/panva/jose/commit/7c1cab196edc409ec6cc4741bdf7e06c5aaf5dab))
+
+
+
 ## [1.26.1](https://github.com/panva/jose/compare/v1.26.0...v1.26.1) (2020-04-27)
@@ -7,0 +16,0 @@

lib/help/key_object.js

@@ -33,3 +33,3 @@ /* global BigInt */
   const pemToDer = pem => Buffer.from(pem.replace(/(?:-----(?:BEGIN|END)(?: (?:RSA|EC))? (?:PRIVATE|PUBLIC) KEY-----|\s)/g, ''), 'base64')
-  const derToPem = (der, label) => `-----BEGIN ${label}-----${EOL}${der.toString('base64').match(/.{1,64}/g).join(EOL)}${EOL}-----END ${label}-----`
+  const derToPem = (der, label) => `-----BEGIN ${label}-----${EOL}${(der.toString('base64').match(/.{1,64}/g) || []).join(EOL)}${EOL}-----END ${label}-----`
   const unsupported = (input) => {
@@ -36,0 +36,0 @@ const label = typeof input === 'string' ? input : `OID ${input.join('.')}`

lib/help/key_utils.js

@@ -13,3 +13,3 @@ /* global BigInt */
 
-const formatPem = (base64pem, descriptor) => `-----BEGIN ${descriptor} KEY-----${EOL}${base64pem.match(/.{1,64}/g).join(EOL)}${EOL}-----END ${descriptor} KEY-----`
+const formatPem = (base64pem, descriptor) => `-----BEGIN ${descriptor} KEY-----${EOL}${(base64pem.match(/.{1,64}/g) || []).join(EOL)}${EOL}-----END ${descriptor} KEY-----`
 
@@ -16,0 +16,0 @@ const okpToJWK = {

lib/jwk/index.js

 const Key = require('./key/base')
 const None = require('./key/none')
+const EmbeddedJWK = require('./key/embedded.jwk')
+const EmbeddedX5C = require('./key/embedded.x5c')
 const importKey = require('./import')
@@ -10,3 +12,5 @@ const generate = require('./generate')
   isKey: input => input instanceof Key,
-  None
+  None,
+  EmbeddedJWK,
+  EmbeddedX5C
 }
@@ -13,0 +17,0 @@

lib/jwk/key/base.js

@@ -64,3 +64,3 @@ const { strict: assert } = require('assert')
           publicKey = createPublicKey({
-            key: `-----BEGIN CERTIFICATE-----${EOL}${cert.match(/.{1,64}/g).join(EOL)}${EOL}-----END CERTIFICATE-----`, format: 'pem'
+            key: `-----BEGIN CERTIFICATE-----${EOL}${(cert.match(/.{1,64}/g) || []).join(EOL)}${EOL}-----END CERTIFICATE-----`, format: 'pem'
           })
@@ -67,0 +67,0 @@ } catch (err) {

lib/jwk/key/none.js

@@ -10,2 +10,3 @@ const { inspect } = require('util')
       kid: { value: undefined },
+      kty: { value: undefined },
       thumbprint: { value: undefined },
@@ -34,2 +35,2 @@ toJWK: { value: undefined },
 
-module.exports = new NoneKey({ type: 'unsecured' }, { alg: 'none' })
+module.exports = new NoneKey()

lib/jwks/keystore.js

@@ -6,3 +6,3 @@ const { deprecate, inspect } = require('util')
 const { USES_MAPPING } = require('../help/consts')
-const { None, isKey, asKey: importKey } = require('../jwk')
+const { isKey, asKey: importKey } = require('../jwk')
 
@@ -39,3 +39,3 @@ const keyscore = (key, { alg, use, ops }) => {
     }
-    if (keys.some(k => !isKey(k) || k === None)) {
+    if (keys.some(k => !isKey(k) || !k.kty)) {
       throw new TypeError('all keys must be instances of a key instantiated by JWK.asKey')
@@ -112,3 +112,3 @@ }
   add (key) {
-    if (!isKey(key) || key === None) {
+    if (!isKey(key) || !key.kty) {
       throw new TypeError('key must be an instance of a key instantiated by JWK.asKey')
@@ -115,0 +115,0 @@ }

lib/jws/verify.js

@@ -0,3 +1,6 @@
+const { EOL } = require('os')
+
 const base64url = require('../help/base64url')
 const isDisjoint = require('../help/is_disjoint')
+const isObject = require('../help/is_object')
 let validateCrit = require('../help/validate_crit')
@@ -8,2 +11,3 @@ const getKey = require('../help/get_key')
 const { check, verify } = require('../jwa')
+const JWK = require('../jwk')
 
@@ -129,2 +133,20 @@ const { detect: resolveSerialization } = require('./serializers')
 
+    if (key === JWK.EmbeddedJWK) {
+      if (!isObject(combinedHeader.jwk)) {
+        throw new errors.JWSInvalid('JWS Header Parameter "jwk" must be a JSON object')
+      }
+      key = JWK.asKey(combinedHeader.jwk)
+      if (key.type !== 'public') {
+        throw new errors.JWSInvalid('JWS Header Parameter "jwk" must be a public key')
+      }
+    } else if (key === JWK.EmbeddedX5C) {
+      if (!Array.isArray(combinedHeader.x5c) || !combinedHeader.x5c.length || combinedHeader.x5c.some(c => typeof c !== 'string' || !c)) {
+        throw new errors.JWSInvalid('JWS Header Parameter "x5c" must be a JSON array of certificate value strings')
+      }
+      key = JWK.asKey(
+        `-----BEGIN CERTIFICATE-----${EOL}${(combinedHeader.x5c[0].match(/.{1,64}/g) || []).join(EOL)}${EOL}-----END CERTIFICATE-----`,
+        { x5c: combinedHeader.x5c }
+      )
+    }
+
     check(key, 'verify', alg)
@@ -131,0 +153,0 @@

package.json

 {
   "name": "jose",
-  "version": "1.26.1",
+  "version": "1.27.0",
   "description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
@@ -16,2 +16,3 @@ "keywords": [
     "electron",
+    "embedded",
     "encrypt",
@@ -18,0 +19,0 @@ "flattened",

types/index.d.ts

@@ -30,2 +30,5 @@ /// <reference types="node" />
 export type NoneKey = JWK.NoneKey;
+export type EmbeddedJWK = JWK.EmbeddedJWK;
+export type EmbeddedX5C = JWK.EmbeddedX5C;
+export type EmbeddedVerifyKeys = EmbeddedJWK | EmbeddedX5C;
 export type ProduceKeyInputWithNone = ProduceKeyInput | NoneKey;
@@ -220,2 +223,16 @@ export type ConsumeKeyInputWithNone = ConsumeKeyInput | NoneKey;
 
+  interface EmbeddedJWK {
+    readonly type: 'embedded';
+    algorithms(operation?: keyOperation): Set<string>;
+  }
+
+  const EmbeddedJWK: EmbeddedJWK;
+
+  interface EmbeddedX5C {
+    readonly type: 'embedded';
+    algorithms(operation?: keyOperation): Set<string>;
+  }
+
+  const EmbeddedX5C: EmbeddedX5C;
+
   function isKey(object: any): boolean;
@@ -345,6 +362,6 @@
 
-  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone, options?: VerifyOptions): string | object;
-  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone, options?: VerifyOptions<false, false>): Buffer;
-  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true>): completeVerification<string | object, JWK.Key>;
-  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true, false>): completeVerification<Buffer, JWK.Key>;
+  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions): string | object;
+  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions<false, false>): Buffer;
+  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeVerification<string | object, JWK.Key>;
+  function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true, false>): completeVerification<Buffer, JWK.Key>;
   function verify(jws: string | FlattenedJWS | GeneralJWS, key: NoneKey, options?: VerifyOptions<true>): completeVerification<string | object, NoneKey>;
@@ -446,4 +463,4 @@ function verify(jws: string | FlattenedJWS | GeneralJWS, key: NoneKey, options?: VerifyOptions<true, false>): completeVerification<Buffer, NoneKey>;
 
-  function verify(jwt: string, key: ConsumeKeyInputWithNone, options?: VerifyOptions<false>): object;
-  function verify(jwt: string, key: ConsumeKeyInput, options?: VerifyOptions<true>): completeResult;
+  function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions<false>): object;
+  function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeResult;
   function verify(jwt: string, key: NoneKey, options?: VerifyOptions<true>): completeResult<NoneKey>;
@@ -475,4 +492,4 @@
   namespace IdToken {
-    function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;
-    function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult;
+    function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;
+    function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult;
     function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult<NoneKey>;
@@ -482,4 +499,4 @@ }
   namespace LogoutToken {
-    function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;
-    function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult;
+    function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;
+    function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult;
     function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult<NoneKey>;
@@ -489,4 +506,4 @@ }
   namespace AccessToken {
-    function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;
-    function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult;
+    function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;
+    function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult;
     function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult<NoneKey>;
@@ -493,0 +510,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

230546

increased by1.39%

Number of package files

92

increased by2.22%

Lines of code

4839

increased by1.72%

No dependency changes