@blamejs/blamejs-shop 0.1.30 → 0.1.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -7963,7 +7963,10 @@ function testHostnameCompareTrailingDotNormalize() {
7963
7963
  catch (_e) { continue; }
7964
7964
  if (!reservedHostLiteralRe.test(content)) continue;
7965
7965
  var hasStrip = /\.charAt\([^)]*length\s*-\s*1\)\s*===\s*"\."/.test(content) ||
7966
- /while[\s\S]{0,80}length\s*>\s*0[\s\S]{0,80}charAt[\s\S]{0,80}===\s*"\."/.test(content);
7966
+ /while[\s\S]{0,80}length\s*>\s*0[\s\S]{0,80}charAt[\s\S]{0,80}===\s*"\."/.test(content) ||
7967
+ // end-anchored regex strip of one-or-more trailing dots:
7968
+ // .replace(/\.$/, ...) / .replace(/\.+$/, ...) / .replace(/\.*$/, ...)
7969
+ /\.replace\(\s*\/\\\.[+*]?\$\//.test(content);
7967
7970
  if (hasStrip) continue;
7968
7971
  var m = content.match(reservedHostLiteralRe);
7969
7972
  var lineNum = content.slice(0, m.index).split("\n").length;
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+ /**
3
+ * Layer 0 — b.jwk (RFC 7638 thumbprint).
4
+ * Oracle: the RFC 7638 §3.1 worked example (an RSA key whose SHA-256
5
+ * thumbprint is "NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs"), plus
6
+ * canonicalization + per-kty + composition (DPoP / DBSC delegate here).
7
+ */
8
+
9
+ var b = require("../../index");
10
+ var helpers = require("../helpers");
11
+ var check = helpers.check;
12
+ function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
13
+
14
+ // RFC 7638 §3.1 example key (with extra members that must be ignored).
15
+ var RFC_RSA = {
16
+ kty: "RSA",
17
+ n: "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
18
+ e: "AQAB", alg: "RS256", kid: "2011-04-29", use: "sig",
19
+ };
20
+ var RFC_THUMB = "NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs";
21
+
22
+ function testSurface() {
23
+ check("b.jwk.thumbprint is a function", typeof b.jwk.thumbprint === "function");
24
+ check("b.jwk.canonicalize is a function", typeof b.jwk.canonicalize === "function");
25
+ check("b.jwk.JwkError is a class", typeof b.jwk.JwkError === "function");
26
+ }
27
+
28
+ function testRfc7638() {
29
+ check("RFC 7638 §3.1 thumbprint matches", b.jwk.thumbprint(RFC_RSA) === RFC_THUMB);
30
+ check("optional members are ignored", b.jwk.thumbprint({ kty: "RSA", n: RFC_RSA.n, e: "AQAB" }) === RFC_THUMB);
31
+ check("canonical JSON is lexicographic + minimal", b.jwk.canonicalize(RFC_RSA) === '{"e":"AQAB","kty":"RSA","n":"' + RFC_RSA.n + '"}');
32
+ }
33
+
34
+ function testKtys() {
35
+ // EC required members are crv, kty, x, y (lexicographic).
36
+ check("EC canonical", b.jwk.canonicalize({ kty: "EC", crv: "P-256", x: "X", y: "Y", d: "secret" }) === '{"crv":"P-256","kty":"EC","x":"X","y":"Y"}');
37
+ check("OKP canonical (RFC 8037)", b.jwk.canonicalize({ kty: "OKP", crv: "Ed25519", x: "X" }) === '{"crv":"Ed25519","kty":"OKP","x":"X"}');
38
+ check("oct canonical", b.jwk.canonicalize({ kty: "oct", k: "GawgguFyGrWKav7AX4VKUg" }) === '{"k":"GawgguFyGrWKav7AX4VKUg","kty":"oct"}');
39
+ check("AKP canonical (PQC)", b.jwk.canonicalize({ kty: "AKP", alg: "ML-DSA-87", pub: "UFVC" }) === '{"alg":"ML-DSA-87","kty":"AKP","pub":"UFVC"}');
40
+ check("different keys → different thumbprints", b.jwk.thumbprint({ kty: "oct", k: "AAAA" }) !== b.jwk.thumbprint({ kty: "oct", k: "BBBB" }));
41
+ }
42
+
43
+ function testHashOption() {
44
+ check("sha384 differs from sha256", b.jwk.thumbprint(RFC_RSA, { hash: "sha384" }) !== RFC_THUMB);
45
+ check("sha512 is a string", typeof b.jwk.thumbprint(RFC_RSA, { hash: "sha512" }) === "string");
46
+ check("bad hash throws", code(function () { b.jwk.thumbprint(RFC_RSA, { hash: "md5" }); }) === "jwk/bad-hash");
47
+ }
48
+
49
+ function testErrors() {
50
+ check("missing kty throws", code(function () { b.jwk.thumbprint({ n: "x", e: "y" }); }) === "jwk/bad-jwk");
51
+ check("unsupported kty throws", code(function () { b.jwk.thumbprint({ kty: "XYZ" }); }) === "jwk/unsupported-kty");
52
+ check("missing required member throws", code(function () { b.jwk.thumbprint({ kty: "EC", crv: "P-256", x: "X" }); }) === "jwk/bad-jwk");
53
+ check("non-object throws", code(function () { b.jwk.thumbprint("nope"); }) === "jwk/bad-jwk");
54
+ }
55
+
56
+ function testComposition() {
57
+ // DPoP and DBSC compute their thumbprints through b.jwk.
58
+ var ec = { kty: "EC", crv: "P-256", x: "f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", y: "x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0" };
59
+ check("dpop.thumbprint composes b.jwk", b.auth.dpop.thumbprint(ec) === b.jwk.thumbprint(ec));
60
+ check("dpop refuses symmetric kty", code(function () { b.auth.dpop.thumbprint({ kty: "oct", k: "x" }); }) === "auth-dpop/refused-kty");
61
+ }
62
+
63
+ async function run() {
64
+ testSurface();
65
+ testRfc7638();
66
+ testKtys();
67
+ testHashOption();
68
+ testErrors();
69
+ testComposition();
70
+ }
71
+ module.exports = { run: run };
72
+ if (require.main === module) { run().then(function () { console.log("[jwk] OK — " + helpers.getChecks() + " checks passed"); }, function (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }); }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blamejs/blamejs-shop",
3
- "version": "0.1.30",
3
+ "version": "0.1.32",
4
4
  "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
5
5
  "main": "lib/index.js",
6
6
  "scripts": {