Comparing version 4.14.4 to 4.14.5
@@ -89,3 +89,8 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
if (jwe.encrypted_key !== undefined) { | ||
encryptedKey = base64url(jwe.encrypted_key); | ||
try { | ||
encryptedKey = base64url(jwe.encrypted_key); | ||
} | ||
catch (_c) { | ||
throw new JWEInvalid('Failed to base64url decode the encrypted_key'); | ||
} | ||
} | ||
@@ -107,4 +112,16 @@ let resolvedKey = false; | ||
} | ||
const iv = base64url(jwe.iv); | ||
const tag = base64url(jwe.tag); | ||
let iv; | ||
let tag; | ||
try { | ||
iv = base64url(jwe.iv); | ||
} | ||
catch (_d) { | ||
throw new JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
try { | ||
tag = base64url(jwe.tag); | ||
} | ||
catch (_e) { | ||
throw new JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : ''); | ||
@@ -118,3 +135,10 @@ let additionalData; | ||
} | ||
let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData); | ||
let ciphertext; | ||
try { | ||
ciphertext = base64url(jwe.ciphertext); | ||
} | ||
catch (_f) { | ||
throw new JWEInvalid('Failed to base64url decode the ciphertext'); | ||
} | ||
let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData); | ||
if (joseHeader.zip === 'DEF') { | ||
@@ -128,3 +152,8 @@ plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext); | ||
if (jwe.aad !== undefined) { | ||
result.additionalAuthenticatedData = base64url(jwe.aad); | ||
try { | ||
result.additionalAuthenticatedData = base64url(jwe.aad); | ||
} | ||
catch (_g) { | ||
throw new JWEInvalid('Failed to base64url decode the aad'); | ||
} | ||
} | ||
@@ -131,0 +160,0 @@ if (jwe.unprotected !== undefined) { |
@@ -78,3 +78,9 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload); | ||
const signature = base64url(jws.signature); | ||
let signature; | ||
try { | ||
signature = base64url(jws.signature); | ||
} | ||
catch (_c) { | ||
throw new JWSInvalid('Failed to base64url decode the signature'); | ||
} | ||
const verified = await verify(alg, key, signature, data); | ||
@@ -86,3 +92,8 @@ if (!verified) { | ||
if (b64) { | ||
payload = base64url(jws.payload); | ||
try { | ||
payload = base64url(jws.payload); | ||
} | ||
catch (_d) { | ||
throw new JWSInvalid('Failed to base64url decode the payload'); | ||
} | ||
} | ||
@@ -89,0 +100,0 @@ else if (typeof jws.payload === 'string') { |
@@ -36,3 +36,8 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`); | ||
partyUInfo = base64url(joseHeader.apu); | ||
try { | ||
partyUInfo = base64url(joseHeader.apu); | ||
} | ||
catch (_a) { | ||
throw new JWEInvalid('Failed to base64url decode the apu'); | ||
} | ||
} | ||
@@ -42,3 +47,8 @@ if (joseHeader.apv !== undefined) { | ||
throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`); | ||
partyVInfo = base64url(joseHeader.apv); | ||
try { | ||
partyVInfo = base64url(joseHeader.apv); | ||
} | ||
catch (_b) { | ||
throw new JWEInvalid('Failed to base64url decode the apv'); | ||
} | ||
} | ||
@@ -73,3 +83,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo); | ||
throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`); | ||
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s)); | ||
let p2s; | ||
try { | ||
p2s = base64url(joseHeader.p2s); | ||
} | ||
catch (_c) { | ||
throw new JWEInvalid('Failed to base64url decode the p2s'); | ||
} | ||
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, p2s); | ||
} | ||
@@ -92,4 +109,16 @@ case 'A128KW': | ||
throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`); | ||
const iv = base64url(joseHeader.iv); | ||
const tag = base64url(joseHeader.tag); | ||
let iv; | ||
try { | ||
iv = base64url(joseHeader.iv); | ||
} | ||
catch (_d) { | ||
throw new JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
let tag; | ||
try { | ||
tag = base64url(joseHeader.tag); | ||
} | ||
catch (_e) { | ||
throw new JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
return aesGcmKw(alg, key, encryptedKey, iv, tag); | ||
@@ -96,0 +125,0 @@ } |
@@ -199,5 +199,5 @@ import crypto, { isCryptoKey } from './webcrypto.js'; | ||
catch (cause) { | ||
throw new TypeError('failed to parse the X.509 certificate', { cause }); | ||
throw new TypeError('Failed to parse the X.509 certificate', { cause }); | ||
} | ||
return fromSPKI(spki, alg, options); | ||
}; |
@@ -20,3 +20,3 @@ import { decode as base64url } from './base64url.js'; | ||
catch (_a) { | ||
throw new JWTInvalid('Failed to parse the base64url encoded payload'); | ||
throw new JWTInvalid('Failed to base64url decode the payload'); | ||
} | ||
@@ -23,0 +23,0 @@ let result; |
@@ -92,3 +92,8 @@ "use strict"; | ||
if (jwe.encrypted_key !== undefined) { | ||
encryptedKey = (0, base64url_js_1.decode)(jwe.encrypted_key); | ||
try { | ||
encryptedKey = (0, base64url_js_1.decode)(jwe.encrypted_key); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the encrypted_key'); | ||
} | ||
} | ||
@@ -110,4 +115,16 @@ let resolvedKey = false; | ||
} | ||
const iv = (0, base64url_js_1.decode)(jwe.iv); | ||
const tag = (0, base64url_js_1.decode)(jwe.tag); | ||
let iv; | ||
let tag; | ||
try { | ||
iv = (0, base64url_js_1.decode)(jwe.iv); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
try { | ||
tag = (0, base64url_js_1.decode)(jwe.tag); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
const protectedHeader = buffer_utils_js_1.encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : ''); | ||
@@ -121,3 +138,10 @@ let additionalData; | ||
} | ||
let plaintext = await (0, decrypt_js_1.default)(enc, cek, (0, base64url_js_1.decode)(jwe.ciphertext), iv, tag, additionalData); | ||
let ciphertext; | ||
try { | ||
ciphertext = (0, base64url_js_1.decode)(jwe.ciphertext); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the ciphertext'); | ||
} | ||
let plaintext = await (0, decrypt_js_1.default)(enc, cek, ciphertext, iv, tag, additionalData); | ||
if (joseHeader.zip === 'DEF') { | ||
@@ -131,3 +155,8 @@ plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || zlib_js_1.inflate)(plaintext); | ||
if (jwe.aad !== undefined) { | ||
result.additionalAuthenticatedData = (0, base64url_js_1.decode)(jwe.aad); | ||
try { | ||
result.additionalAuthenticatedData = (0, base64url_js_1.decode)(jwe.aad); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the aad'); | ||
} | ||
} | ||
@@ -134,0 +163,0 @@ if (jwe.unprotected !== undefined) { |
@@ -81,3 +81,9 @@ "use strict"; | ||
const data = (0, buffer_utils_js_1.concat)(buffer_utils_js_1.encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), buffer_utils_js_1.encoder.encode('.'), typeof jws.payload === 'string' ? buffer_utils_js_1.encoder.encode(jws.payload) : jws.payload); | ||
const signature = (0, base64url_js_1.decode)(jws.signature); | ||
let signature; | ||
try { | ||
signature = (0, base64url_js_1.decode)(jws.signature); | ||
} | ||
catch { | ||
throw new errors_js_1.JWSInvalid('Failed to base64url decode the signature'); | ||
} | ||
const verified = await (0, verify_js_1.default)(alg, key, signature, data); | ||
@@ -89,3 +95,8 @@ if (!verified) { | ||
if (b64) { | ||
payload = (0, base64url_js_1.decode)(jws.payload); | ||
try { | ||
payload = (0, base64url_js_1.decode)(jws.payload); | ||
} | ||
catch { | ||
throw new errors_js_1.JWSInvalid('Failed to base64url decode the payload'); | ||
} | ||
} | ||
@@ -92,0 +103,0 @@ else if (typeof jws.payload === 'string') { |
@@ -38,3 +38,8 @@ "use strict"; | ||
throw new errors_js_1.JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`); | ||
partyUInfo = (0, base64url_js_1.decode)(joseHeader.apu); | ||
try { | ||
partyUInfo = (0, base64url_js_1.decode)(joseHeader.apu); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the apu'); | ||
} | ||
} | ||
@@ -44,3 +49,8 @@ if (joseHeader.apv !== undefined) { | ||
throw new errors_js_1.JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`); | ||
partyVInfo = (0, base64url_js_1.decode)(joseHeader.apv); | ||
try { | ||
partyVInfo = (0, base64url_js_1.decode)(joseHeader.apv); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the apv'); | ||
} | ||
} | ||
@@ -75,3 +85,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? (0, cek_js_1.bitLength)(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo); | ||
throw new errors_js_1.JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`); | ||
return (0, pbes2kw_js_1.decrypt)(alg, key, encryptedKey, joseHeader.p2c, (0, base64url_js_1.decode)(joseHeader.p2s)); | ||
let p2s; | ||
try { | ||
p2s = (0, base64url_js_1.decode)(joseHeader.p2s); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the p2s'); | ||
} | ||
return (0, pbes2kw_js_1.decrypt)(alg, key, encryptedKey, joseHeader.p2c, p2s); | ||
} | ||
@@ -94,4 +111,16 @@ case 'A128KW': | ||
throw new errors_js_1.JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`); | ||
const iv = (0, base64url_js_1.decode)(joseHeader.iv); | ||
const tag = (0, base64url_js_1.decode)(joseHeader.tag); | ||
let iv; | ||
try { | ||
iv = (0, base64url_js_1.decode)(joseHeader.iv); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
let tag; | ||
try { | ||
tag = (0, base64url_js_1.decode)(joseHeader.tag); | ||
} | ||
catch { | ||
throw new errors_js_1.JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
return (0, aesgcmkw_js_1.unwrap)(alg, key, encryptedKey, iv, tag); | ||
@@ -98,0 +127,0 @@ } |
@@ -7,3 +7,2 @@ "use strict"; | ||
let encode; | ||
exports.encode = encode; | ||
function normalize(input) { | ||
@@ -10,0 +9,0 @@ let encoded = input; |
@@ -23,3 +23,3 @@ "use strict"; | ||
catch { | ||
throw new errors_js_1.JWTInvalid('Failed to parse the base64url encoded payload'); | ||
throw new errors_js_1.JWTInvalid('Failed to base64url decode the payload'); | ||
} | ||
@@ -26,0 +26,0 @@ let result; |
@@ -89,3 +89,8 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
if (jwe.encrypted_key !== undefined) { | ||
encryptedKey = base64url(jwe.encrypted_key); | ||
try { | ||
encryptedKey = base64url(jwe.encrypted_key); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the encrypted_key'); | ||
} | ||
} | ||
@@ -107,4 +112,16 @@ let resolvedKey = false; | ||
} | ||
const iv = base64url(jwe.iv); | ||
const tag = base64url(jwe.tag); | ||
let iv; | ||
let tag; | ||
try { | ||
iv = base64url(jwe.iv); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
try { | ||
tag = base64url(jwe.tag); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : ''); | ||
@@ -118,3 +135,10 @@ let additionalData; | ||
} | ||
let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData); | ||
let ciphertext; | ||
try { | ||
ciphertext = base64url(jwe.ciphertext); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the ciphertext'); | ||
} | ||
let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData); | ||
if (joseHeader.zip === 'DEF') { | ||
@@ -128,3 +152,8 @@ plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext); | ||
if (jwe.aad !== undefined) { | ||
result.additionalAuthenticatedData = base64url(jwe.aad); | ||
try { | ||
result.additionalAuthenticatedData = base64url(jwe.aad); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the aad'); | ||
} | ||
} | ||
@@ -131,0 +160,0 @@ if (jwe.unprotected !== undefined) { |
@@ -78,3 +78,9 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload); | ||
const signature = base64url(jws.signature); | ||
let signature; | ||
try { | ||
signature = base64url(jws.signature); | ||
} | ||
catch { | ||
throw new JWSInvalid('Failed to base64url decode the signature'); | ||
} | ||
const verified = await verify(alg, key, signature, data); | ||
@@ -86,3 +92,8 @@ if (!verified) { | ||
if (b64) { | ||
payload = base64url(jws.payload); | ||
try { | ||
payload = base64url(jws.payload); | ||
} | ||
catch { | ||
throw new JWSInvalid('Failed to base64url decode the payload'); | ||
} | ||
} | ||
@@ -89,0 +100,0 @@ else if (typeof jws.payload === 'string') { |
@@ -36,3 +36,8 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`); | ||
partyUInfo = base64url(joseHeader.apu); | ||
try { | ||
partyUInfo = base64url(joseHeader.apu); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the apu'); | ||
} | ||
} | ||
@@ -42,3 +47,8 @@ if (joseHeader.apv !== undefined) { | ||
throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`); | ||
partyVInfo = base64url(joseHeader.apv); | ||
try { | ||
partyVInfo = base64url(joseHeader.apv); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the apv'); | ||
} | ||
} | ||
@@ -73,3 +83,10 @@ const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo); | ||
throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`); | ||
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s)); | ||
let p2s; | ||
try { | ||
p2s = base64url(joseHeader.p2s); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the p2s'); | ||
} | ||
return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, p2s); | ||
} | ||
@@ -92,4 +109,16 @@ case 'A128KW': | ||
throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`); | ||
const iv = base64url(joseHeader.iv); | ||
const tag = base64url(joseHeader.tag); | ||
let iv; | ||
try { | ||
iv = base64url(joseHeader.iv); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the iv'); | ||
} | ||
let tag; | ||
try { | ||
tag = base64url(joseHeader.tag); | ||
} | ||
catch { | ||
throw new JWEInvalid('Failed to base64url decode the tag'); | ||
} | ||
return aesGcmKw(alg, key, encryptedKey, iv, tag); | ||
@@ -96,0 +125,0 @@ } |
@@ -20,3 +20,3 @@ import { decode as base64url } from './base64url.js'; | ||
catch { | ||
throw new JWTInvalid('Failed to parse the base64url encoded payload'); | ||
throw new JWTInvalid('Failed to base64url decode the payload'); | ||
} | ||
@@ -23,0 +23,0 @@ let result; |
@@ -16,2 +16,3 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, CompactJWEHeaderParameters, EncryptOptions } from '../../types'; | ||
* validation purposes. | ||
* | ||
* @param cek JWE Content Encryption Key. | ||
@@ -26,2 +27,3 @@ */ | ||
* validation purposes. | ||
* | ||
* @param iv JWE Initialization Vector. | ||
@@ -28,0 +30,0 @@ */ |
@@ -58,2 +58,3 @@ import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types'; | ||
* validation purposes. | ||
* | ||
* @param cek JWE Content Encryption Key. | ||
@@ -68,2 +69,3 @@ */ | ||
* validation purposes. | ||
* | ||
* @param iv JWE Initialization Vector. | ||
@@ -70,0 +72,0 @@ */ |
@@ -8,2 +8,3 @@ import type { JWK } from '../types'; | ||
* "sha256". | ||
* | ||
* @see {@link https://www.rfc-editor.org/rfc/rfc7638 RFC7638} | ||
@@ -18,4 +19,5 @@ */ | ||
* "sha256". | ||
* | ||
* @see {@link https://www.rfc-editor.org/rfc/rfc9278 RFC9278} | ||
*/ | ||
export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; |
@@ -37,2 +37,3 @@ import type { EncryptOptions, CompactJWEHeaderParameters, JWEKeyManagementHeaderParameters, KeyLike } from '../types'; | ||
* validation purposes. | ||
* | ||
* @param cek JWE Content Encryption Key. | ||
@@ -47,2 +48,3 @@ */ | ||
* validation purposes. | ||
* | ||
* @param iv JWE Initialization Vector. | ||
@@ -49,0 +51,0 @@ */ |
@@ -302,2 +302,3 @@ /** | ||
* data often reveals information about the plaintext. | ||
* | ||
* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
@@ -491,2 +492,3 @@ */ | ||
* data often reveals information about the plaintext. | ||
* | ||
* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
@@ -504,2 +506,3 @@ */ | ||
* data often reveals information about the plaintext. | ||
* | ||
* @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
@@ -506,0 +509,0 @@ */ |
{ | ||
"name": "jose", | ||
"version": "4.14.4", | ||
"version": "4.14.5", | ||
"description": "'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
545608
13404