Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: panva/jose
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.18.0
Choose a base ref
...
head repository: panva/jose
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.19.0
Choose a head ref
  • 6 commits
  • 190 files changed
  • 1 contributor

Commits on Sep 22, 2021

  1. chore: cleanup after publish

    @panva
    panva committed Sep 22, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    iampopovich Alex Popov
    GPG key ID: C9ABDE12115262C4
    Verified
    Learn about vigilant mode
    Copy the full SHA
    eaff90b View commit details

Commits on Sep 24, 2021

  1. refactor: remote and embedded helpers return extractable keys

    @panva
    panva committed Sep 24, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    iampopovich Alex Popov
    GPG key ID: C9ABDE12115262C4
    Verified
    Learn about vigilant mode
    Copy the full SHA
    203eef7 View commit details

  2. refactor: parseJwk and fromKeyLike proper deprecation

    @panva
    panva committed Sep 24, 2021

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    6c17d7f View commit details

Commits on Sep 25, 2021

  1. feat: return resolved key when verify and decrypt resolve functions a… 

    …re used
    @panva
    panva committed Sep 25, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    iampopovich Alex Popov
    GPG key ID: C9ABDE12115262C4
    Verified
    Learn about vigilant mode
    Copy the full SHA
    49fb62c View commit details

Commits on Sep 26, 2021

  1. test: throttle cf requests

    @panva
    panva committed Sep 26, 2021

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    dcaaaf3 View commit details

  2. chore(release): 3.19.0

    @panva
    panva committed Sep 26, 2021

    Verified

    This commit was signed with the committer’s verified signature.
    iampopovich Alex Popov
    GPG key ID: C9ABDE12115262C4
    Verified
    Learn about vigilant mode
    Copy the full SHA
    40e3e15 View commit details
Showing with 1,376 additions and 711 deletions.
  1. +7 −0 CHANGELOG.md
  2. +5 −1 dist/browser/jwe/compact/decrypt.js
  3. +5 −0 dist/browser/jwe/flattened/decrypt.js
  4. +2 −2 dist/browser/jwk/embedded.js
  5. +2 −2 dist/browser/jwk/from_key_like.js
  6. +2 −31 dist/browser/jwk/parse.js
  7. +1 −1 dist/browser/jwks/remote.js
  8. +5 −1 dist/browser/jws/compact/verify.js
  9. +5 −0 dist/browser/jws/flattened/verify.js
  10. +5 −1 dist/browser/jwt/decrypt.js
  11. +5 −1 dist/browser/jwt/verify.js
  12. +4 −2 dist/browser/key/export.js
  13. +33 −3 dist/browser/key/import.js
  14. +2 −2 dist/browser/lib/decrypt_key_management.js
  15. +23 −23 dist/deno/README.md
  16. +25 −3 dist/deno/jwe/compact/decrypt.ts
  17. +24 −2 dist/deno/jwe/flattened/decrypt.ts
  18. +18 −2 dist/deno/jwe/general/decrypt.ts
  19. +4 −2 dist/deno/jwk/embedded.ts
  20. +2 −2 dist/deno/jwk/from_key_like.ts
  21. +2 −39 dist/deno/jwk/parse.ts
  22. +3 −1 dist/deno/jwks/remote.ts
  23. +25 −3 dist/deno/jws/compact/verify.ts
  24. +24 −2 dist/deno/jws/flattened/verify.ts
  25. +18 −2 dist/deno/jws/general/verify.ts
  26. +26 −4 dist/deno/jwt/decrypt.ts
  27. +24 −4 dist/deno/jwt/verify.ts
  28. +6 −4 dist/deno/key/export.ts
  29. +47 −5 dist/deno/key/import.ts
  30. +2 −2 dist/deno/lib/decrypt_key_management.ts
  31. +7 −0 dist/deno/types.d.ts
  32. +5 −1 dist/node/cjs/jwe/compact/decrypt.js
  33. +5 −0 dist/node/cjs/jwe/flattened/decrypt.js
  34. +2 −2 dist/node/cjs/jwk/embedded.js
  35. +2 −2 dist/node/cjs/jwk/from_key_like.js
  36. +2 −31 dist/node/cjs/jwk/parse.js
  37. +1 −1 dist/node/cjs/jwks/remote.js
  38. +5 −1 dist/node/cjs/jws/compact/verify.js
  39. +5 −0 dist/node/cjs/jws/flattened/verify.js
  40. +5 −1 dist/node/cjs/jwt/decrypt.js
  41. +5 −1 dist/node/cjs/jwt/verify.js
  42. +4 −2 dist/node/cjs/key/export.js
  43. +32 −2 dist/node/cjs/key/import.js
  44. +2 −2 dist/node/cjs/lib/decrypt_key_management.js
  45. +5 −1 dist/node/esm/jwe/compact/decrypt.js
  46. +5 −0 dist/node/esm/jwe/flattened/decrypt.js
  47. +2 −2 dist/node/esm/jwk/embedded.js
  48. +2 −2 dist/node/esm/jwk/from_key_like.js
  49. +2 −31 dist/node/esm/jwk/parse.js
  50. +1 −1 dist/node/esm/jwks/remote.js
  51. +5 −1 dist/node/esm/jws/compact/verify.js
  52. +5 −0 dist/node/esm/jws/flattened/verify.js
  53. +5 −1 dist/node/esm/jwt/decrypt.js
  54. +5 −1 dist/node/esm/jwt/verify.js
  55. +4 −2 dist/node/esm/key/export.js
  56. +33 −3 dist/node/esm/key/import.js
  57. +2 −2 dist/node/esm/lib/decrypt_key_management.js
  58. +3 −2 dist/types/jwe/compact/decrypt.d.ts
  59. +3 −2 dist/types/jwe/flattened/decrypt.d.ts
  60. +3 −2 dist/types/jwe/general/decrypt.d.ts
  61. +3 −2 dist/types/jws/compact/verify.d.ts
  62. +3 −2 dist/types/jws/flattened/verify.d.ts
  63. +3 −2 dist/types/jws/general/verify.d.ts
  64. +3 −2 dist/types/jwt/decrypt.d.ts
  65. +3 −2 dist/types/jwt/verify.d.ts
  66. +3 −4 dist/types/key/export.d.ts
  67. +3 −4 dist/types/key/import.d.ts
  68. +3 −0 dist/types/types.d.ts
  69. +7 −7 docs/classes/jwe_compact_encrypt.CompactEncrypt.md
  70. +10 −10 docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md
  71. +4 −4 docs/classes/jws_compact_sign.CompactSign.md
  72. +5 −5 docs/classes/jws_flattened_sign.FlattenedSign.md
  73. +4 −4 docs/classes/jws_general_sign.GeneralSign.md
  74. +17 −17 docs/classes/jwt_encrypt.EncryptJWT.md
  75. +11 −11 docs/classes/jwt_sign.SignJWT.md
  76. +11 −11 docs/classes/jwt_unsecured.UnsecuredJWT.md
  77. +3 −3 docs/classes/util_errors.JOSEAlgNotAllowed.md
  78. +3 −3 docs/classes/util_errors.JOSEError.md
  79. +3 −3 docs/classes/util_errors.JOSENotSupported.md
  80. +4 −4 docs/classes/util_errors.JWEDecryptionFailed.md
  81. +3 −3 docs/classes/util_errors.JWEInvalid.md
  82. +3 −3 docs/classes/util_errors.JWKInvalid.md
  83. +3 −3 docs/classes/util_errors.JWKSInvalid.md
  84. +4 −4 docs/classes/util_errors.JWKSMultipleMatchingKeys.md
  85. +4 −4 docs/classes/util_errors.JWKSNoMatchingKey.md
  86. +3 −3 docs/classes/util_errors.JWSInvalid.md
  87. +4 −4 docs/classes/util_errors.JWSSignatureVerificationFailed.md
  88. +5 −5 docs/classes/util_errors.JWTClaimValidationFailed.md
  89. +5 −5 docs/classes/util_errors.JWTExpired.md
  90. +3 −3 docs/classes/util_errors.JWTInvalid.md
  91. +21 −3 docs/functions/jwe_compact_decrypt.compactDecrypt.md
  92. +21 −3 docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md
  93. +21 −3 docs/functions/jwe_general_decrypt.generalDecrypt.md
  94. +2 −2 docs/functions/jwk_embedded.EmbeddedJWK.md
  95. +1 −1 docs/functions/jwk_from_key_like.fromKeyLike.md
  96. +1 −1 docs/functions/jwk_parse.parseJwk.md
  97. +2 −2 docs/functions/jwk_thumbprint.calculateThumbprint.md
  98. +2 −2 docs/functions/jwks_remote.createRemoteJWKSet.md
  99. +21 −3 docs/functions/jws_compact_verify.compactVerify.md
  100. +21 −3 docs/functions/jws_flattened_verify.flattenedVerify.md
  101. +21 −3 docs/functions/jws_general_verify.generalVerify.md
  102. +21 −3 docs/functions/jwt_decrypt.jwtDecrypt.md
  103. +21 −3 docs/functions/jwt_verify.jwtVerify.md
  104. +3 −3 docs/functions/key_export.exportJWK.md
  105. +2 −2 docs/functions/key_export.exportPKCS8.md
  106. +2 −2 docs/functions/key_export.exportSPKI.md
  107. +3 −3 docs/functions/key_import.importJWK.md
  108. +2 −2 docs/functions/key_import.importPKCS8.md
  109. +2 −2 docs/functions/key_import.importSPKI.md
  110. +2 −2 docs/functions/key_import.importX509.md
  111. +1 −1 docs/functions/util_base64url.decode.md
  112. +1 −1 docs/functions/util_base64url.encode.md
  113. +2 −2 docs/functions/util_decode_protected_header.decodeProtectedHeader.md
  114. +2 −2 docs/functions/util_generate_key_pair.generateKeyPair.md
  115. +2 −2 docs/functions/util_generate_secret.generateSecret.md
  116. +1 −1 docs/functions/util_random.random.md
  117. +1 −1 docs/interfaces/jwe_compact_decrypt.CompactDecryptGetKey.md
  118. +1 −1 docs/interfaces/jwe_flattened_decrypt.FlattenedDecryptGetKey.md
  119. +1 −1 docs/interfaces/jwe_general_decrypt.GeneralDecryptGetKey.md
  120. +3 −3 docs/interfaces/jwks_remote.RemoteJWKSetOptions.md
  121. +1 −1 docs/interfaces/jws_compact_verify.CompactVerifyGetKey.md
  122. +1 −1 docs/interfaces/jws_flattened_verify.FlattenedVerifyGetKey.md
  123. +2 −2 docs/interfaces/jws_general_sign.Signature.md
  124. +1 −1 docs/interfaces/jws_general_verify.GeneralVerifyGetKey.md
  125. +1 −1 docs/interfaces/jwt_decrypt.JWTDecryptGetKey.md
  126. +11 −11 docs/interfaces/jwt_decrypt.JWTDecryptOptions.md
  127. +2 −2 docs/interfaces/jwt_unsecured.UnsecuredResult.md
  128. +1 −1 docs/interfaces/jwt_verify.JWTVerifyGetKey.md
  129. +9 −9 docs/interfaces/jwt_verify.JWTVerifyOptions.md
  130. +1 −1 docs/interfaces/key_import.PEMImportOptions.md
  131. +2 −2 docs/interfaces/types.CompactDecryptResult.md
  132. +2 −2 docs/interfaces/types.CompactVerifyResult.md
  133. +1 −1 docs/interfaces/types.CritOption.md
  134. +4 −4 docs/interfaces/types.DecryptOptions.md
  135. +1 −1 docs/interfaces/types.DeflateFunction.md
  136. +2 −2 docs/interfaces/types.EncryptOptions.md
  137. +5 −5 docs/interfaces/types.FlattenedDecryptResult.md
  138. +8 −8 docs/interfaces/types.FlattenedJWE.md
  139. +4 −4 docs/interfaces/types.FlattenedJWS.md
  140. +4 −4 docs/interfaces/types.FlattenedJWSInput.md
  141. +3 −3 docs/interfaces/types.FlattenedVerifyResult.md
  142. +5 −5 docs/interfaces/types.GeneralDecryptResult.md
  143. +7 −7 docs/interfaces/types.GeneralJWE.md
  144. +2 −2 docs/interfaces/types.GeneralJWS.md
  145. +2 −2 docs/interfaces/types.GeneralJWSInput.md
  146. +3 −3 docs/interfaces/types.GeneralVerifyResult.md
  147. +1 −1 docs/interfaces/types.GetKeyFunction.md
  148. +1 −1 docs/interfaces/types.InflateFunction.md
  149. +12 −12 docs/interfaces/types.JWEHeaderParameters.md
  150. +6 −6 docs/interfaces/types.JWEKeyManagementHeaderParameters.md
  151. +23 −23 docs/interfaces/types.JWK.md
  152. +11 −11 docs/interfaces/types.JWSHeaderParameters.md
  153. +7 −7 docs/interfaces/types.JWTClaimVerificationOptions.md
  154. +2 −2 docs/interfaces/types.JWTDecryptResult.md
  155. +7 −7 docs/interfaces/types.JWTPayload.md
  156. +2 −2 docs/interfaces/types.JWTVerifyResult.md
  157. +8 −8 docs/interfaces/types.JoseHeaderParameters.md
  158. +21 −0 docs/interfaces/types.ResolvedKey.md
  159. +1 −1 docs/interfaces/types.SignOptions.md
  160. +2 −2 docs/interfaces/types.VerifyOptions.md
  161. +3 −3 docs/interfaces/util_generate_key_pair.GenerateKeyPairOptions.md
  162. +2 −2 docs/interfaces/util_generate_key_pair.GenerateKeyPairResult.md
  163. +1 −1 docs/interfaces/util_generate_secret.GenerateSecretOptions.md
  164. +7 −0 docs/modules/key_export.md
  165. +7 −0 docs/modules/key_import.md
  166. +1 −0 docs/modules/types.md
  167. +1 −1 docs/types/types.KeyLike.md
  168. +1 −1 docs/types/util_decode_protected_header.ProtectedHeaderParameters.md
  169. +2 −1 package.json
  170. +25 −3 src/jwe/compact/decrypt.ts
  171. +24 −2 src/jwe/flattened/decrypt.ts
  172. +18 −2 src/jwe/general/decrypt.ts
  173. +4 −2 src/jwk/embedded.ts
  174. +2 −2 src/jwk/from_key_like.ts
  175. +2 −39 src/jwk/parse.ts
  176. +3 −1 src/jwks/remote.ts
  177. +25 −3 src/jws/compact/verify.ts
  178. +24 −2 src/jws/flattened/verify.ts
  179. +18 −2 src/jws/general/verify.ts
  180. +26 −4 src/jwt/decrypt.ts
  181. +24 −4 src/jwt/verify.ts
  182. +6 −4 src/key/export.ts
  183. +47 −5 src/key/import.ts
  184. +2 −2 src/lib/decrypt_key_management.ts
  185. +7 −0 src/types.d.ts
  186. +14 −7 test-cloudflare-workers/cloudflare.test.mjs
  187. +5 −1 test/jwk/embedded.test.mjs
  188. +5 −1 test/jwks/remote.test.mjs
  189. +6 −1 test/jwt/encrypt.test.mjs
  190. +2 −1 test/jwt/sign.test.mjs
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,13 @@

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [3.19.0](https://github.com/panva/jose/compare/v3.18.0...v3.19.0) (2021-09-26)


### Features

* return resolved key when verify and decrypt resolve functions are used ([49fb62c](https://github.com/panva/jose/commit/49fb62cb96cd9afc854f5102313f16e27c0eb2b4))

## [3.18.0](https://github.com/panva/jose/compare/v3.17.0...v3.18.0) (2021-09-22)


6 changes: 5 additions & 1 deletion dist/browser/jwe/compact/decrypt.js
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,11 @@ async function compactDecrypt(jwe, key, options) {
tag: (tag || undefined),
encrypted_key: encryptedKey || undefined,
}, key, options);
return { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };
const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };
if (typeof key === 'function') {
return { ...result, key: decrypted.key };
}
return result;
}
export { compactDecrypt };
export default compactDecrypt;
5 changes: 5 additions & 0 deletions dist/browser/jwe/flattened/decrypt.js
View file
Original file line number Diff line number Diff line change
@@ -92,8 +92,10 @@ async function flattenedDecrypt(jwe, key, options) {
if (jwe.encrypted_key !== undefined) {
encryptedKey = base64url(jwe.encrypted_key);
}
let resolvedKey = false;
if (typeof key === 'function') {
key = await key(parsedProt, jwe);
resolvedKey = true;
}
let cek;
try {
@@ -132,6 +134,9 @@ async function flattenedDecrypt(jwe, key, options) {
if (jwe.header !== undefined) {
result.unprotectedHeader = jwe.header;
}
if (resolvedKey) {
return { ...result, key };
}
return result;
}
export { flattenedDecrypt };
4 changes: 2 additions & 2 deletions dist/browser/jwk/embedded.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import parseJwk from './parse.js';
import { importJWK } from '../key/import.js';
import isObject from '../lib/is_object.js';
import { JWSInvalid } from '../util/errors.js';
async function EmbeddedJWK(protectedHeader, token) {
@@ -9,7 +9,7 @@ async function EmbeddedJWK(protectedHeader, token) {
if (!isObject(joseHeader.jwk)) {
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a JSON object');
}
const key = await parseJwk(joseHeader.jwk, joseHeader.alg, true);
const key = (await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true));
if (key.type !== 'public') {
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key');
}
4 changes: 2 additions & 2 deletions dist/browser/jwk/from_key_like.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import asJWK from '../runtime/key_to_jwk.js';
import { exportJWK } from '../key/export.js';
async function fromKeyLike(key) {
return asJWK(key);
return exportJWK(key);
}
export { fromKeyLike };
export default fromKeyLike;
33 changes: 2 additions & 31 deletions dist/browser/jwk/parse.js
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,6 @@
import { decode as base64url } from '../runtime/base64url.js';
import asKeyObject from '../runtime/jwk_to_key.js';
import { JOSENotSupported } from '../util/errors.js';
import isObject from '../lib/is_object.js';
import { importJWK } from '../key/import.js';
async function parseJwk(jwk, alg, octAsKeyObject) {
if (!isObject(jwk)) {
throw new TypeError('JWK must be an object');
}
alg || (alg = jwk.alg);
if (typeof alg !== 'string' || !alg) {
throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
}
switch (jwk.kty) {
case 'oct':
if (typeof jwk.k !== 'string' || !jwk.k) {
throw new TypeError('missing "k" (Key Value) Parameter value');
}
octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : (octAsKeyObject = jwk.ext !== true);
if (octAsKeyObject) {
return asKeyObject({ ...jwk, alg, ext: false });
}
return base64url(jwk.k);
case 'RSA':
if (jwk.oth !== undefined) {
throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
}
case 'EC':
case 'OKP':
return asKeyObject({ ...jwk, alg });
default:
throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value');
}
return importJWK(jwk, alg, octAsKeyObject);
}
export { parseJwk };
export default parseJwk;
2 changes: 1 addition & 1 deletion dist/browser/jwks/remote.js
View file
Original file line number Diff line number Diff line change
@@ -93,7 +93,7 @@ class RemoteJWKSet {
}
const cached = this._cached.get(jwk);
if (cached[protectedHeader.alg] === undefined) {
const keyObject = await parseJWK({ ...jwk, alg: protectedHeader.alg });
const keyObject = (await parseJWK({ ...jwk, alg: protectedHeader.alg, ext: true }));
if (keyObject.type !== 'public') {
throw new JWKSInvalid('JSON Web Key Set members must be public keys');
}
6 changes: 5 additions & 1 deletion dist/browser/jws/compact/verify.js
View file
Original file line number Diff line number Diff line change
@@ -17,7 +17,11 @@ async function compactVerify(jws, key, options) {
protected: protectedHeader || undefined,
signature: (signature || undefined),
}, key, options);
return { payload: verified.payload, protectedHeader: verified.protectedHeader };
const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };
if (typeof key === 'function') {
return { ...result, key: verified.key };
}
return result;
}
export { compactVerify };
export default compactVerify;
5 changes: 5 additions & 0 deletions dist/browser/jws/flattened/verify.js
View file
Original file line number Diff line number Diff line change
@@ -70,8 +70,10 @@ async function flattenedVerify(jws, key, options) {
else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {
throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');
}
let resolvedKey = false;
if (typeof key === 'function') {
key = await key(parsedProt, jws);
resolvedKey = true;
}
checkKeyType(alg, key, 'verify');
const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);
@@ -97,6 +99,9 @@ async function flattenedVerify(jws, key, options) {
if (jws.header !== undefined) {
result.unprotectedHeader = jws.header;
}
if (resolvedKey) {
return { ...result, key };
}
return result;
}
export { flattenedVerify };
6 changes: 5 additions & 1 deletion dist/browser/jwt/decrypt.js
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,11 @@ async function jwtDecrypt(jwt, key, options) {
JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', 'aud', 'mismatch');
}
return { payload, protectedHeader };
const result = { payload, protectedHeader };
if (typeof key === 'function') {
return { ...result, key: decrypted.key };
}
return result;
}
export { jwtDecrypt };
export default jwtDecrypt;
6 changes: 5 additions & 1 deletion dist/browser/jwt/verify.js
View file
Original file line number Diff line number Diff line change
@@ -8,7 +8,11 @@ async function jwtVerify(jwt, key, options) {
throw new JWTInvalid('JWTs MUST NOT use unencoded payload');
}
const payload = jwtPayload(verified.protectedHeader, verified.payload, options);
return { payload, protectedHeader: verified.protectedHeader };
const result = { payload, protectedHeader: verified.protectedHeader };
if (typeof key === 'function') {
return { ...result, key: verified.key };
}
return result;
}
export { jwtVerify };
export default jwtVerify;
6 changes: 4 additions & 2 deletions dist/browser/key/export.js
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
import { toSPKI as exportPublic } from '../runtime/asn1.js';
import { toPKCS8 as exportPrivate } from '../runtime/asn1.js';
import { fromKeyLike } from '../jwk/from_key_like.js';
import keyToJWK from '../runtime/key_to_jwk.js';
export async function exportSPKI(key) {
return exportPublic(key);
}
export async function exportPKCS8(key) {
return exportPrivate(key);
}
export const exportJWK = (...args) => fromKeyLike(...args);
export async function exportJWK(key) {
return keyToJWK(key);
}
36 changes: 33 additions & 3 deletions dist/browser/key/import.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
import { encodeBase64, decodeBase64 } from '../runtime/base64url.js';
import { decode as decodeBase64URL, encodeBase64, decodeBase64 } from '../runtime/base64url.js';
import { fromSPKI as importPublic } from '../runtime/asn1.js';
import { fromPKCS8 as importPrivate } from '../runtime/asn1.js';
import asKeyObject from '../runtime/jwk_to_key.js';
import { JOSENotSupported } from '../util/errors.js';
import formatPEM from '../lib/format_pem.js';
import { parseJwk as importJwk } from '../jwk/parse.js';
import isObject from '../lib/is_object.js';
function getElement(seq) {
let result = [];
let next = 0;
@@ -86,4 +88,32 @@ export async function importPKCS8(pkcs8, alg, options) {
}
return importPrivate(pkcs8, alg, options);
}
export const importJWK = (...args) => importJwk(...args);
export async function importJWK(jwk, alg, octAsKeyObject) {
if (!isObject(jwk)) {
throw new TypeError('JWK must be an object');
}
alg || (alg = jwk.alg);
if (typeof alg !== 'string' || !alg) {
throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
}
switch (jwk.kty) {
case 'oct':
if (typeof jwk.k !== 'string' || !jwk.k) {
throw new TypeError('missing "k" (Key Value) Parameter value');
}
octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : (octAsKeyObject = jwk.ext !== true);
if (octAsKeyObject) {
return asKeyObject({ ...jwk, alg, ext: false });
}
return decodeBase64URL(jwk.k);
case 'RSA':
if (jwk.oth !== undefined) {
throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
}
case 'EC':
case 'OKP':
return asKeyObject({ ...jwk, alg });
default:
throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value');
}
}
4 changes: 2 additions & 2 deletions dist/browser/lib/decrypt_key_management.js
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ import { unwrap as aesGcmKw } from '../runtime/aesgcmkw.js';
import { decode as base64url } from '../runtime/base64url.js';
import { JOSENotSupported, JWEInvalid } from '../util/errors.js';
import { bitLengths as cekLengths } from '../lib/cek.js';
import { parseJwk } from '../jwk/parse.js';
import { importJWK } from '../key/import.js';
import checkKeyType from './check_key_type.js';
function assertEnryptedKey(encryptedKey) {
if (!encryptedKey) {
@@ -38,7 +38,7 @@ async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {
if (!ECDH.ecdhAllowed(key)) {
throw new JOSENotSupported('ECDH-ES with the provided key is not allowed or not supported by your javascript runtime');
}
const epk = await parseJwk(joseHeader.epk, alg);
const epk = await importJWK(joseHeader.epk, alg);
let partyUInfo;
let partyVInfo;
if (joseHeader.apu !== undefined)
46 changes: 23 additions & 23 deletions dist/deno/README.md
View file
Original file line number Diff line number Diff line change
@@ -9,37 +9,37 @@ If you or your business use `jose`, please consider becoming a [sponsor][support
## Available modules

- JSON Web Tokens (JWT)
- [Signing](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jwt_sign.SignJWT.md#readme)
- [Verification & Claims Set Validation](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwt_verify.jwtVerify.md#readme)
- [Signing](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jwt_sign.SignJWT.md#readme)
- [Verification & Claims Set Validation](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwt_verify.jwtVerify.md#readme)
- Encrypted JSON Web Tokens
- [Encryption](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jwt_encrypt.EncryptJWT.md#readme)
- [Decryption & Claims Set Validation](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwt_decrypt.jwtDecrypt.md#readme)
- [Encryption](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jwt_encrypt.EncryptJWT.md#readme)
- [Decryption & Claims Set Validation](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwt_decrypt.jwtDecrypt.md#readme)
- Key Import
- [JWK Import](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_import.importJWK.md#readme)
- [Public Key Import (SPKI)](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_import.importSPKI.md#readme)
- [Public Key Import (X.509 Certificate)](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_import.importX509.md#readme)
- [Private Key Import (PKCS #8)](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_import.importPKCS8.md#readme)
- [JWK Import](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_import.importJWK.md#readme)
- [Public Key Import (SPKI)](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_import.importSPKI.md#readme)
- [Public Key Import (X.509 Certificate)](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_import.importX509.md#readme)
- [Private Key Import (PKCS #8)](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_import.importPKCS8.md#readme)
- JSON Web Encryption (JWE)
- Encryption - [Compact](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jwe_compact_encrypt.CompactEncrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md#readme)
- Decryption - [Compact](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwe_compact_decrypt.compactDecrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md#readme), [General](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwe_general_decrypt.generalDecrypt.md#readme)
- Encryption - [Compact](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jwe_compact_encrypt.CompactEncrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md#readme)
- Decryption - [Compact](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwe_compact_decrypt.compactDecrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md#readme), [General](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwe_general_decrypt.generalDecrypt.md#readme)
- JSON Web Signature (JWS)
- Signing - [Compact](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jws_compact_sign.CompactSign.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jws_flattened_sign.FlattenedSign.md#readme), [General](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jws_general_sign.GeneralSign.md#readme)
- Verification - [Compact](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jws_compact_verify.compactVerify.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jws_flattened_verify.flattenedVerify.md#readme), [General](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jws_general_verify.generalVerify.md#readme)
- Signing - [Compact](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jws_compact_sign.CompactSign.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jws_flattened_sign.FlattenedSign.md#readme), [General](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jws_general_sign.GeneralSign.md#readme)
- Verification - [Compact](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jws_compact_verify.compactVerify.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jws_flattened_verify.flattenedVerify.md#readme), [General](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jws_general_verify.generalVerify.md#readme)
- JSON Web Key (JWK)
- [Thumbprints](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwk_thumbprint.calculateThumbprint.md#readme)
- [EmbeddedJWK](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwk_embedded.EmbeddedJWK.md#readme)
- [Thumbprints](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwk_thumbprint.calculateThumbprint.md#readme)
- [EmbeddedJWK](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwk_embedded.EmbeddedJWK.md#readme)
- JSON Web Key Set (JWKS)
- [Verify using a remote JWKSet](https://github.com/panva/jose/blob/v3.18.0/docs/functions/jwks_remote.createRemoteJWKSet.md#readme)
- [Verify using a remote JWKSet](https://github.com/panva/jose/blob/v3.19.0/docs/functions/jwks_remote.createRemoteJWKSet.md#readme)
- Key Pair or Secret Generation
- [Asymmetric Key Pair Generation](https://github.com/panva/jose/blob/v3.18.0/docs/functions/util_generate_key_pair.generateKeyPair.md#readme)
- [Symmetric Secret Generation](https://github.com/panva/jose/blob/v3.18.0/docs/functions/util_generate_secret.generateSecret.md#readme)
- [Asymmetric Key Pair Generation](https://github.com/panva/jose/blob/v3.19.0/docs/functions/util_generate_key_pair.generateKeyPair.md#readme)
- [Symmetric Secret Generation](https://github.com/panva/jose/blob/v3.19.0/docs/functions/util_generate_secret.generateSecret.md#readme)
- Key Export
- [JWK Export](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_export.exportJWK.md#readme)
- [Private Key Export](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_export.exportPKCS8.md#readme)
- [Public Key Export](https://github.com/panva/jose/blob/v3.18.0/docs/functions/key_export.exportSPKI.md#readme)
- [JWK Export](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_export.exportJWK.md#readme)
- [Private Key Export](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_export.exportPKCS8.md#readme)
- [Public Key Export](https://github.com/panva/jose/blob/v3.19.0/docs/functions/key_export.exportSPKI.md#readme)
- Utilities
- [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v3.18.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md#readme)
- [Unsecured JWT](https://github.com/panva/jose/blob/v3.18.0/docs/classes/jwt_unsecured.UnsecuredJWT.md#readme)
- [JOSE Errors](https://github.com/panva/jose/blob/v3.18.0/docs/modules/util_errors.md#readme)
- [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v3.19.0/docs/functions/util_decode_protected_header.decodeProtectedHeader.md#readme)
- [Unsecured JWT](https://github.com/panva/jose/blob/v3.19.0/docs/classes/jwt_unsecured.UnsecuredJWT.md#readme)
- [JOSE Errors](https://github.com/panva/jose/blob/v3.19.0/docs/modules/util_errors.md#readme)

[support-sponsor]: https://github.com/sponsors/panva
28 changes: 25 additions & 3 deletions dist/deno/jwe/compact/decrypt.ts
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ import type {
GetKeyFunction,
FlattenedJWE,
CompactDecryptResult,
ResolvedKey,
} from '../../types.d.ts'

/**
@@ -20,7 +21,7 @@ export interface CompactDecryptGetKey extends GetKeyFunction<JWEHeaderParameters
* Decrypts a Compact JWE.
*
* @param jwe Compact JWE.
* @param key Private Key or Secret, or a function resolving one, to decrypt the JWE with.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*
* @example ESM import
@@ -49,11 +50,26 @@ export interface CompactDecryptGetKey extends GetKeyFunction<JWEHeaderParameters
* console.log(decoder.decode(plaintext))
* ```
*/
async function compactDecrypt(
jwe: string | Uint8Array,
key: KeyLike,
options?: DecryptOptions,
): Promise<CompactDecryptResult>
/**
* @param jwe Compact JWE.
* @param getKey Function resolving Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/
async function compactDecrypt(
jwe: string | Uint8Array,
getKey: CompactDecryptGetKey,
options?: DecryptOptions,
): Promise<CompactDecryptResult & ResolvedKey>
async function compactDecrypt(
jwe: string | Uint8Array,
key: KeyLike | CompactDecryptGetKey,
options?: DecryptOptions,
): Promise<CompactDecryptResult> {
) {
if (jwe instanceof Uint8Array) {
jwe = decoder.decode(jwe)
}
@@ -86,7 +102,13 @@ async function compactDecrypt(
options,
)

return { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader! }
const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader! }

if (typeof key === 'function') {
return { ...result, key: decrypted.key }
}

return result
}

export { compactDecrypt }
Loading