Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
node-jose - npm Package Compare versions
Comparing version 0.8.1 to 0.9.0
@@ -0,3 +1,19 @@ | ||
| # Release Notes | ||
| <a name="0.9.0"></a> | ||
| ## [0.9.0](https://github.com/cisco/node-jose/compare/0.8.1...0.9.0) (2016-07-17) | ||
| ### Update | ||
| * find keys embedded in JWS header ([445381dd628936a9a3d4b8ff59794f96a0f34adb](cisco/node-jose/commit/445381dd628936a9a3d4b8ff59794f96a0f34adb)), closes [#65](cisco/node-jose/issues/65) | ||
| ### Fix | ||
| * incorrect member name for unprotected JWS header ([6c6028c1619a500cb098b68fed0b83c52029823f](cisco/node-jose/commit/6c6028c1619a500cb098b68fed0b83c52029823f)) | ||
| <a name="0.8.1"></a> | ||
| # [0.8.1](https://github.com/cisco/node-jose/compare/0.8.0...0.8.1) (2016-07-13) | ||
| ## [0.8.1](https://github.com/cisco/node-jose/compare/0.8.0...0.8.1) (2016-07-13) | ||
@@ -18,3 +34,3 @@ ### Fix | ||
| <a name="0.8.0"></a> | ||
| # [0.8.0](https://github.com/cisco/node-jose/compare/0.7.1...0.8.0) (2016-04-18) | ||
| ## [0.8.0](https://github.com/cisco/node-jose/compare/0.7.1...0.8.0) (2016-04-18) | ||
@@ -48,3 +64,3 @@ | ||
| <a name="0.7.0"></a> | ||
| # [0.7.0](https://github.com/cisco/node-jose/compare/0.6.0...0.7.0) (2016-01-14) | ||
| ## [0.7.0](https://github.com/cisco/node-jose/compare/0.6.0...0.7.0) (2016-01-14) | ||
@@ -60,3 +76,3 @@ | ||
| <a name="0.6.0"></a> | ||
| # [0.6.0](https://github.com/cisco/node-jose/compare/0.5.2...0.6.0) (2015-12-12) | ||
| ## [0.6.0](https://github.com/cisco/node-jose/compare/0.5.2...0.6.0) (2015-12-12) | ||
@@ -107,3 +123,3 @@ | ||
| <a name="0.5.0"></a> | ||
| # [0.5.0](https://github.com/cisco/node-jose/compare/0.4.0...0.5.0) (2015-10-31) | ||
| ## [0.5.0](https://github.com/cisco/node-jose/compare/0.4.0...0.5.0) (2015-10-31) | ||
@@ -123,3 +139,3 @@ | ||
| <a name="0.4.0"></a> | ||
| # [0.4.0](https://github.com/cisco/node-jose/compare/0.3.1...0.4.0) (2015-10-12) | ||
| ## [0.4.0](https://github.com/cisco/node-jose/compare/0.3.1...0.4.0) (2015-10-12) | ||
@@ -138,3 +154,3 @@ | ||
| <a name="0.3.1"></a> | ||
| # [0.3.1](https://github.com/cisco/node-jose/compare/0.3.0...0.3.1) (2015-10-06) | ||
| ## [0.3.1](https://github.com/cisco/node-jose/compare/0.3.0...0.3.1) (2015-10-06) | ||
@@ -164,4 +180,4 @@ | ||
| <a name="0.3.0"></a> | ||
| # [0.3.0] (2015-09-11) | ||
| ## [0.3.0] (2015-09-11) | ||
| Initial public release. |
@@ -148,3 +148,3 @@ /*! | ||
| if (0 < lenUnprotect) { | ||
| sig.unprotected = unprotect; | ||
| sig.header = unprotect; | ||
| } | ||
@@ -151,0 +151,0 @@ sig.signature = util.base64url.encode(result.mac); |
@@ -26,8 +26,8 @@ /*! | ||
| if (JWK.isKey(ks)) { | ||
| assumedKey = ks; | ||
| keystore = assumedKey.keystore; | ||
| assumedKey = ks; | ||
| keystore = assumedKey.keystore; | ||
| } else if (JWK.isKeyStore(ks)) { | ||
| keystore = ks; | ||
| keystore = ks; | ||
| } else { | ||
| throw new TypeError("Keystore must be provided"); | ||
| keystore = JWK.createKeyStore(); | ||
| } | ||
@@ -37,2 +37,11 @@ | ||
| Object.defineProperty(this, "defaultKey", { | ||
| value: assumedKey || undefined, | ||
| enumerable: true | ||
| }); | ||
| Object.defineProperty(this, "keystore", { | ||
| value: keystore, | ||
| enumerable: true | ||
| }); | ||
| Object.defineProperty(this, "verify", { | ||
@@ -118,13 +127,27 @@ value: function(input, opts) { | ||
| var p = Promise.resolve(sig); | ||
| // find the key | ||
| p = p.then(function(sig) { | ||
| var algKey = assumedKey || keystore.get({ | ||
| use: "sig", | ||
| alg: sig.header.alg, | ||
| kid: sig.header.kid | ||
| var algKey; | ||
| // TODO: resolve jku, x5c, x5u | ||
| if (sig.header.jwk) { | ||
| algKey = JWK.asKey(sig.header.jwk); | ||
| } else if (sig.header.x5c) { | ||
| algKey = sig.header.x5c[0]; | ||
| algKey = new Buffer(algKey, "base64"); | ||
| // TODO: callback to validate chain | ||
| algKey = JWK.asKey(algKey, "pkix"); | ||
| } else { | ||
| algKey = Promise.resolve(assumedKey || keystore.get({ | ||
| use: "sig", | ||
| alg: sig.header.alg, | ||
| kid: sig.header.kid | ||
| })); | ||
| } | ||
| return algKey.then(function(k) { | ||
| if (!k) { | ||
| return Promise.reject(new Error("key does not match")); | ||
| } | ||
| sig.key = k; | ||
| return sig; | ||
| }); | ||
| if (!algKey) { | ||
| return Promise.reject(new Error("key does not match")); | ||
| } | ||
| sig.key = algKey; | ||
| return sig; | ||
| }); | ||
@@ -131,0 +154,0 @@ |
| { | ||
| "name": "node-jose", | ||
| "version": "0.8.1", | ||
| "version": "0.9.0", | ||
| "description": "A JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -401,2 +401,16 @@ # node-jose # | ||
| To verify using a key embedded in the JWS: | ||
| ``` | ||
| jose.JWS.createVerify(). | ||
| verify(input). | ||
| then(function(result) { | ||
| // ... | ||
| }); | ||
| ``` | ||
| The key can be embedded using either 'jwk' or 'x5c', and can be located in either the JWS Unprotected Header or JWS Protected Header. | ||
| **NOTE:** `verify()` will use the embedded key (if found) instead of any other key. | ||
| #### Handling `crit` Header Members #### | ||
@@ -403,0 +417,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.52%
308941
- Lines of code
- increased by0.24%
9122
- Number of lines in readme file
- increased by2.05%
697
- Number of medium supply chain risk alerts
- decreased by-100%
0
No dependency changes