JWA implementation (supports all JWS algorithms). 

JWA implementation (supports all JWS algorithms)

brianloveswords

omsmith

stenington

var bufferEqual = require('buffer-equal-constant-time');

var Buffer = require('safe-buffer').Buffer;

var formatEcdsa = require('ecdsa-sig-formatter');

var MSG_INVALID_ALGORITHM = '"%s" is not a valid algorithm.\n  Supported algorithms are:\n  "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".'

var MSG_INVALID_SECRET = 'secret must be a string or buffer';

var MSG_INVALID_VERIFIER_KEY = 'key must be a string or a buffer';

var MSG_INVALID_SIGNER_KEY = 'key must be a string, a buffer or an object';

var supportsKeyObjects = typeof crypto.createPublicKey === 'function';

  MSG_INVALID_VERIFIER_KEY += ' or a KeyObject';

  MSG_INVALID_SECRET += 'or a KeyObject';

    throw typeError(MSG_INVALID_VERIFIER_KEY);

  if (typeof key.asymmetricKeyType !== 'string') {

  if (typeof key.export !== 'function') {

  throw typeError(MSG_INVALID_SIGNER_KEY);

  var padding = 4 - base64url.length % 4;

  var args = [].slice.call(arguments, 1);

  var errMsg = util.format.bind(util, template).apply(null, args);

  return Buffer.isBuffer(obj) || typeof obj === 'string';

      throw typeError(MSG_INVALID_SECRET);

    var hmac = crypto.createHmac('sha' + bits, secret);

    var sig = (hmac.update(thing), hmac.digest('base64'))

  return function verify(thing, signature, secret) {

    var computedSig = createHmacSigner(bits)(thing, secret);

    return bufferEqual(Buffer.from(signature), Buffer.from(computedSig));

 return function sign(thing, privateKey) {

    // Even though we are specifying "RSA" here, this works with ECDSA

    var signer = crypto.createSign('RSA-SHA' + bits);

    var sig = (signer.update(thing), signer.sign(privateKey, 'base64'));

  return function verify(thing, signature, publicKey) {

    var verifier = crypto.createVerify('RSA-SHA' + bits);

    return verifier.verify(publicKey, signature, 'base64');

    if (!bufferOrString(privateKey) && !(typeof privateKey === 'object'))

      throw typeError(MSG_INVALID_SIGNER_KEY);

  return function sign(thing, privateKey) {

    var sig = (signer.update(thing), signer.sign({key: privateKey, padding: crypto.constants.RSA_PKCS1_PSS_PADDING}, 'base64'));

      throw typeError(MSG_INVALID_VERIFIER_KEY);

    return verifier.verify({key: publicKey, padding: crypto.constants.RSA_PKCS1_PSS_PADDING}, signature, 'base64');

    var signature = inner.apply(null, arguments);

    signature = formatEcdsa.derToJose(signature, 'ES' + bits);

    signature = formatEcdsa.joseToDer(signature, 'ES' + bits).toString('base64');

    var result = inner(thing, signature, publicKey);

  return function verify(thing, signature) {

module.exports = function jwa(algorithm) {

  var match = algorithm.match(/^(RS|PS|ES|HS)(256|384|512)$|^(none)$/i);

    throw typeError(MSG_INVALID_ALGORITHM, algorithm);

  var algo = (match[1] || match[3]).toLowerCase();

    verify: verifierFactories[algo](bits),

  "description": "JWA implementation (supports all JWS algorithms)",

    "buffer-equal-constant-time": "1.0.1",

    "url": "git://github.com/brianloveswords/node-jwa.git"

  "author": "Brian J. Brennan <brianloveswords@gmail.com>",

		@@ -15,2 +15,3 @@ var bufferEqual = require('buffer-equal-constant-time');
		MSG_INVALID_VERIFIER_KEY += ' or a KeyObject';
		MSG_INVALID_SECRET += 'or a KeyObject';
		}
		@@ -20,7 +21,7 @@
		if (Buffer.isBuffer(key)) {
		return key;
		return;
		}

		if (typeof key === 'string') {
		return key;
		return;
		}
		@@ -47,4 +48,2 @@
		}

		return key;
		};
		@@ -54,11 +53,11 @@
		if (Buffer.isBuffer(key)) {
		return key;
		return;
		}

		if (typeof key === 'string') {
		return key;
		return;
		}

		if (typeof key === 'object') {
		return key;
		return;
		}
		@@ -69,2 +68,28 @@

		function checkIsSecretKey(key) {
		if (Buffer.isBuffer(key)) {
		return;
		}

		if (typeof key === 'string') {
		return key;
		}

		if (!supportsKeyObjects) {
		throw typeError(MSG_INVALID_SECRET);
		}

		if (typeof key !== 'object') {
		throw typeError(MSG_INVALID_SECRET);
		}

		if (key.type !== 'secret') {
		throw typeError(MSG_INVALID_SECRET);
		}

		if (typeof key.export !== 'function') {
		throw typeError(MSG_INVALID_SECRET);
		}
		}

		function fromBase64(base64) {
		@@ -110,4 +135,3 @@ return base64
		return function sign(thing, secret) {
		if (!bufferOrString(secret))
		throw typeError(MSG_INVALID_SECRET);
		checkIsSecretKey(secret);
		thing = normalizeInput(thing);
		@@ -151,5 +175,4 @@ var hmac = crypto.createHmac('sha' + bits, secret);
		function createPSSKeySigner(bits) {
		return function sign(thing, privateKey) {
		if (!bufferOrString(privateKey) && !(typeof privateKey === 'object'))
		throw typeError(MSG_INVALID_SIGNER_KEY);
		return function sign(thing, privateKey) {
		checkIsPrivateKey(privateKey);
		thing = normalizeInput(thing);
		@@ -164,4 +187,3 @@ var signer = crypto.createSign('RSA-SHA' + bits);
		return function verify(thing, signature, publicKey) {
		if (!bufferOrString(publicKey))
		throw typeError(MSG_INVALID_VERIFIER_KEY);
		checkIsPublicKey(publicKey);
		thing = normalizeInput(thing);
		@@ -168,0 +190,0 @@ signature = toBase64(signature);

		{
		"name": "jwa",
		"version": "1.3.0",
		"version": "1.4.0",
		"description": "JWA implementation (supports all JWS algorithms)",
		@@ -16,2 +16,3 @@ "main": "index.js",
		"base64url": "^2.0.0",
		"jwk-to-pem": "^2.0.1",
		"semver": "4.3.6",
		@@ -18,0 +19,0 @@ "tap": "6.2.0"

Improved metrics

Worsened metrics