@lindorm/aegis 0.2.6 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +31 -0
- package/dist/classes/Aegis.d.ts +29 -3
- package/dist/classes/Aegis.d.ts.map +1 -1
- package/dist/classes/Aegis.js +257 -45
- package/dist/classes/Aegis.js.map +1 -1
- package/dist/classes/CweKit.d.ts +14 -0
- package/dist/classes/CweKit.d.ts.map +1 -0
- package/dist/classes/CweKit.js +155 -0
- package/dist/classes/CweKit.js.map +1 -0
- package/dist/classes/CwsKit.d.ts +13 -0
- package/dist/classes/CwsKit.d.ts.map +1 -0
- package/dist/classes/CwsKit.js +131 -0
- package/dist/classes/CwsKit.js.map +1 -0
- package/dist/classes/CwtKit.d.ts +17 -0
- package/dist/classes/CwtKit.d.ts.map +1 -0
- package/dist/classes/CwtKit.js +162 -0
- package/dist/classes/CwtKit.js.map +1 -0
- package/dist/classes/JweKit.d.ts +5 -4
- package/dist/classes/JweKit.d.ts.map +1 -1
- package/dist/classes/JweKit.js +62 -53
- package/dist/classes/JweKit.js.map +1 -1
- package/dist/classes/JwsKit.d.ts +5 -2
- package/dist/classes/JwsKit.d.ts.map +1 -1
- package/dist/classes/JwsKit.js +43 -47
- package/dist/classes/JwsKit.js.map +1 -1
- package/dist/classes/JwtKit.d.ts +5 -2
- package/dist/classes/JwtKit.d.ts.map +1 -1
- package/dist/classes/JwtKit.js +48 -58
- package/dist/classes/JwtKit.js.map +1 -1
- package/dist/classes/SignatureKit.d.ts +12 -0
- package/dist/classes/SignatureKit.d.ts.map +1 -0
- package/dist/classes/SignatureKit.js +41 -0
- package/dist/classes/SignatureKit.js.map +1 -0
- package/dist/classes/index.d.ts +4 -0
- package/dist/classes/index.d.ts.map +1 -1
- package/dist/classes/index.js +4 -0
- package/dist/classes/index.js.map +1 -1
- package/dist/constants/private/cose.d.ts +20 -0
- package/dist/constants/private/cose.d.ts.map +1 -0
- package/dist/constants/private/cose.js +134 -0
- package/dist/constants/private/cose.js.map +1 -0
- package/dist/constants/private/format.d.ts.map +1 -1
- package/dist/constants/private/header.d.ts +3 -0
- package/dist/constants/private/header.d.ts.map +1 -0
- package/dist/constants/private/header.js +25 -0
- package/dist/constants/private/header.js.map +1 -0
- package/dist/constants/private/index.d.ts +2 -0
- package/dist/constants/private/index.d.ts.map +1 -1
- package/dist/constants/private/index.js +2 -0
- package/dist/constants/private/index.js.map +1 -1
- package/dist/errors/CoseEncryptError.d.ts +4 -0
- package/dist/errors/CoseEncryptError.d.ts.map +1 -0
- package/dist/errors/CoseEncryptError.js +8 -0
- package/dist/errors/CoseEncryptError.js.map +1 -0
- package/dist/errors/CoseSignError.d.ts +4 -0
- package/dist/errors/CoseSignError.d.ts.map +1 -0
- package/dist/errors/CoseSignError.js +8 -0
- package/dist/errors/CoseSignError.js.map +1 -0
- package/dist/errors/CwtError.d.ts +4 -0
- package/dist/errors/CwtError.d.ts.map +1 -0
- package/dist/errors/CwtError.js +8 -0
- package/dist/errors/CwtError.js.map +1 -0
- package/dist/errors/index.d.ts +3 -0
- package/dist/errors/index.d.ts.map +1 -1
- package/dist/errors/index.js +3 -0
- package/dist/errors/index.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/Aegis.d.ts +47 -0
- package/dist/interfaces/Aegis.d.ts.map +1 -0
- package/dist/{types/interfaces/aegis.js → interfaces/Aegis.js} +1 -1
- package/dist/interfaces/Aegis.js.map +1 -0
- package/dist/interfaces/CweKit.d.ts +6 -0
- package/dist/interfaces/CweKit.d.ts.map +1 -0
- package/dist/{types/interfaces/jwe-kit.js → interfaces/CweKit.js} +1 -1
- package/dist/interfaces/CweKit.js.map +1 -0
- package/dist/interfaces/CwsKit.d.ts +6 -0
- package/dist/interfaces/CwsKit.d.ts.map +1 -0
- package/dist/{types/interfaces/jws-kit.js → interfaces/CwsKit.js} +1 -1
- package/dist/interfaces/CwsKit.js.map +1 -0
- package/dist/interfaces/CwtKit.d.ts +7 -0
- package/dist/interfaces/CwtKit.d.ts.map +1 -0
- package/dist/{types/interfaces/jwt-kit.js → interfaces/CwtKit.js} +1 -1
- package/dist/interfaces/CwtKit.js.map +1 -0
- package/dist/interfaces/JweKit.d.ts +6 -0
- package/dist/interfaces/JweKit.d.ts.map +1 -0
- package/dist/interfaces/JweKit.js +3 -0
- package/dist/interfaces/JweKit.js.map +1 -0
- package/dist/interfaces/JwsKit.d.ts +6 -0
- package/dist/interfaces/JwsKit.d.ts.map +1 -0
- package/dist/interfaces/JwsKit.js +3 -0
- package/dist/interfaces/JwsKit.js.map +1 -0
- package/dist/interfaces/JwtKit.d.ts +7 -0
- package/dist/interfaces/JwtKit.d.ts.map +1 -0
- package/dist/interfaces/JwtKit.js +3 -0
- package/dist/interfaces/JwtKit.js.map +1 -0
- package/dist/interfaces/index.d.ts +8 -0
- package/dist/interfaces/index.d.ts.map +1 -0
- package/dist/interfaces/index.js +24 -0
- package/dist/interfaces/index.js.map +1 -0
- package/dist/mocks/create-mock-aegis.d.ts +1 -1
- package/dist/mocks/create-mock-aegis.d.ts.map +1 -1
- package/dist/mocks/create-mock-aegis.js +46 -2
- package/dist/mocks/create-mock-aegis.js.map +1 -1
- package/dist/types/aegis.d.ts +0 -1
- package/dist/types/aegis.d.ts.map +1 -1
- package/dist/types/cwe/cwe-decode.d.ts +14 -0
- package/dist/types/cwe/cwe-decode.d.ts.map +1 -0
- package/dist/types/cwe/cwe-decode.js +3 -0
- package/dist/types/cwe/cwe-decode.js.map +1 -0
- package/dist/types/cwe/cwe-decrypt.d.ts +15 -0
- package/dist/types/cwe/cwe-decrypt.d.ts.map +1 -0
- package/dist/types/cwe/cwe-decrypt.js +3 -0
- package/dist/types/cwe/cwe-decrypt.js.map +1 -0
- package/dist/types/cwe/cwe-encrypt.d.ts +10 -0
- package/dist/types/cwe/cwe-encrypt.d.ts.map +1 -0
- package/dist/types/cwe/cwe-encrypt.js +3 -0
- package/dist/types/cwe/cwe-encrypt.js.map +1 -0
- package/dist/types/cwe/cwe-kit.d.ts +9 -0
- package/dist/types/cwe/cwe-kit.d.ts.map +1 -0
- package/dist/types/cwe/cwe-kit.js +3 -0
- package/dist/types/cwe/cwe-kit.js.map +1 -0
- package/dist/types/cwe/index.d.ts +5 -0
- package/dist/types/cwe/index.d.ts.map +1 -0
- package/dist/types/cwe/index.js +21 -0
- package/dist/types/cwe/index.js.map +1 -0
- package/dist/types/cws/cws-decode.d.ts +9 -0
- package/dist/types/cws/cws-decode.d.ts.map +1 -0
- package/dist/types/cws/cws-decode.js +3 -0
- package/dist/types/cws/cws-decode.js.map +1 -0
- package/dist/types/cws/cws-kit.d.ts +8 -0
- package/dist/types/cws/cws-kit.d.ts.map +1 -0
- package/dist/types/cws/cws-kit.js +3 -0
- package/dist/types/cws/cws-kit.js.map +1 -0
- package/dist/types/cws/cws-parse.d.ts +14 -0
- package/dist/types/cws/cws-parse.d.ts.map +1 -0
- package/dist/types/cws/cws-parse.js +3 -0
- package/dist/types/cws/cws-parse.js.map +1 -0
- package/dist/types/cws/cws-sign.d.ts +12 -0
- package/dist/types/cws/cws-sign.d.ts.map +1 -0
- package/dist/types/cws/cws-sign.js +3 -0
- package/dist/types/cws/cws-sign.js.map +1 -0
- package/dist/types/cws/index.d.ts +5 -0
- package/dist/types/cws/index.d.ts.map +1 -0
- package/dist/types/cws/index.js +21 -0
- package/dist/types/cws/index.js.map +1 -0
- package/dist/types/cwt/cwt-claims.d.ts +3 -0
- package/dist/types/cwt/cwt-claims.d.ts.map +1 -0
- package/dist/types/cwt/cwt-claims.js +3 -0
- package/dist/types/cwt/cwt-claims.js.map +1 -0
- package/dist/types/cwt/cwt-decode.d.ts +10 -0
- package/dist/types/cwt/cwt-decode.d.ts.map +1 -0
- package/dist/types/cwt/cwt-decode.js +3 -0
- package/dist/types/cwt/cwt-decode.js.map +1 -0
- package/dist/types/cwt/cwt-kit.d.ts +3 -0
- package/dist/types/cwt/cwt-kit.d.ts.map +1 -0
- package/dist/types/cwt/cwt-kit.js +3 -0
- package/dist/types/cwt/cwt-kit.js.map +1 -0
- package/dist/types/cwt/cwt-parse.d.ts +15 -0
- package/dist/types/cwt/cwt-parse.d.ts.map +1 -0
- package/dist/types/cwt/cwt-parse.js +3 -0
- package/dist/types/cwt/cwt-parse.js.map +1 -0
- package/dist/types/cwt/cwt-sign.d.ts +14 -0
- package/dist/types/cwt/cwt-sign.d.ts.map +1 -0
- package/dist/types/cwt/cwt-sign.js +3 -0
- package/dist/types/cwt/cwt-sign.js.map +1 -0
- package/dist/types/cwt/cwt-validate.d.ts +3 -0
- package/dist/types/cwt/cwt-validate.d.ts.map +1 -0
- package/dist/types/cwt/cwt-validate.js +3 -0
- package/dist/types/cwt/cwt-validate.js.map +1 -0
- package/dist/types/cwt/cwt-verify.d.ts +3 -0
- package/dist/types/cwt/cwt-verify.d.ts.map +1 -0
- package/dist/types/cwt/cwt-verify.js +3 -0
- package/dist/types/cwt/cwt-verify.js.map +1 -0
- package/dist/types/cwt/index.d.ts +8 -0
- package/dist/types/cwt/index.d.ts.map +1 -0
- package/dist/types/cwt/index.js +24 -0
- package/dist/types/cwt/index.js.map +1 -0
- package/dist/types/header.d.ts +34 -11
- package/dist/types/header.d.ts.map +1 -1
- package/dist/types/index.d.ts +4 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +4 -1
- package/dist/types/index.js.map +1 -1
- package/dist/types/jwe/jwe-decode.d.ts +1 -1
- package/dist/types/jwe/jwe-decode.d.ts.map +1 -1
- package/dist/types/jwe/jwe-decrypt.d.ts +2 -2
- package/dist/types/jwe/jwe-decrypt.d.ts.map +1 -1
- package/dist/types/jwe/jwe-encrypt.d.ts +2 -0
- package/dist/types/jwe/jwe-encrypt.d.ts.map +1 -1
- package/dist/types/jwe/jwe-kit.d.ts +0 -1
- package/dist/types/jwe/jwe-kit.d.ts.map +1 -1
- package/dist/types/jws/index.d.ts +1 -1
- package/dist/types/jws/index.d.ts.map +1 -1
- package/dist/types/jws/index.js +1 -1
- package/dist/types/jws/index.js.map +1 -1
- package/dist/types/jws/{jws-verify.d.ts → jws-parse.d.ts} +5 -5
- package/dist/types/jws/jws-parse.d.ts.map +1 -0
- package/dist/types/jws/jws-parse.js +3 -0
- package/dist/types/jws/jws-parse.js.map +1 -0
- package/dist/types/jws/jws-sign.d.ts +2 -0
- package/dist/types/jws/jws-sign.d.ts.map +1 -1
- package/dist/types/jwt/jwt-claims.d.ts +1 -1
- package/dist/types/jwt/jwt-claims.d.ts.map +1 -1
- package/dist/types/jwt/jwt-parse.d.ts +13 -0
- package/dist/types/jwt/jwt-parse.d.ts.map +1 -1
- package/dist/types/jwt/jwt-sign.d.ts +2 -0
- package/dist/types/jwt/jwt-sign.d.ts.map +1 -1
- package/dist/types/jwt/jwt-verify.d.ts +0 -15
- package/dist/types/jwt/jwt-verify.d.ts.map +1 -1
- package/dist/types/signature-kit.d.ts +9 -0
- package/dist/types/signature-kit.d.ts.map +1 -0
- package/dist/types/signature-kit.js +3 -0
- package/dist/types/signature-kit.js.map +1 -0
- package/dist/utils/private/auth-tag-length.d.ts +3 -0
- package/dist/utils/private/auth-tag-length.d.ts.map +1 -0
- package/dist/utils/private/auth-tag-length.js +21 -0
- package/dist/utils/private/auth-tag-length.js.map +1 -0
- package/dist/utils/private/cose/bstr.d.ts +4 -0
- package/dist/utils/private/cose/bstr.d.ts.map +1 -0
- package/dist/utils/private/cose/bstr.js +18 -0
- package/dist/utils/private/cose/bstr.js.map +1 -0
- package/dist/utils/private/cose/claims.d.ts +5 -0
- package/dist/utils/private/cose/claims.d.ts.map +1 -0
- package/dist/utils/private/cose/claims.js +35 -0
- package/dist/utils/private/cose/claims.js.map +1 -0
- package/dist/utils/private/cose/crit.d.ts +3 -0
- package/dist/utils/private/cose/crit.d.ts.map +1 -0
- package/dist/utils/private/cose/crit.js +43 -0
- package/dist/utils/private/cose/crit.js.map +1 -0
- package/dist/utils/private/cose/find.d.ts +5 -0
- package/dist/utils/private/cose/find.d.ts.map +1 -0
- package/dist/utils/private/cose/find.js +37 -0
- package/dist/utils/private/cose/find.js.map +1 -0
- package/dist/utils/private/cose/header.d.ts +5 -0
- package/dist/utils/private/cose/header.d.ts.map +1 -0
- package/dist/utils/private/cose/header.js +88 -0
- package/dist/utils/private/cose/header.js.map +1 -0
- package/dist/utils/private/cose/index.d.ts +3 -0
- package/dist/utils/private/cose/index.d.ts.map +1 -0
- package/dist/{types/interfaces → utils/private/cose}/index.js +2 -4
- package/dist/utils/private/cose/index.js.map +1 -0
- package/dist/utils/private/cose/key.d.ts +4 -0
- package/dist/utils/private/cose/key.d.ts.map +1 -0
- package/dist/utils/private/cose/key.js +82 -0
- package/dist/utils/private/cose/key.js.map +1 -0
- package/dist/utils/private/cose-sign-token.d.ts +10 -0
- package/dist/utils/private/cose-sign-token.d.ts.map +1 -0
- package/dist/utils/private/cose-sign-token.js +12 -0
- package/dist/utils/private/cose-sign-token.js.map +1 -0
- package/dist/utils/private/cose-signature.d.ts +16 -0
- package/dist/utils/private/cose-signature.d.ts.map +1 -0
- package/dist/utils/private/cose-signature.js +17 -0
- package/dist/utils/private/cose-signature.js.map +1 -0
- package/dist/utils/private/create-hash.d.ts.map +1 -1
- package/dist/utils/private/index.d.ts +6 -3
- package/dist/utils/private/index.d.ts.map +1 -1
- package/dist/utils/private/index.js +6 -3
- package/dist/utils/private/index.js.map +1 -1
- package/dist/utils/private/jose-header.d.ts +4 -0
- package/dist/utils/private/jose-header.d.ts.map +1 -0
- package/dist/utils/private/jose-header.js +51 -0
- package/dist/utils/private/jose-header.js.map +1 -0
- package/dist/utils/private/jose-signature.d.ts +10 -0
- package/dist/utils/private/jose-signature.d.ts.map +1 -0
- package/dist/utils/private/jose-signature.js +19 -0
- package/dist/utils/private/jose-signature.js.map +1 -0
- package/dist/utils/private/jwt-payload.d.ts +3 -2
- package/dist/utils/private/jwt-payload.d.ts.map +1 -1
- package/dist/utils/private/jwt-payload.js +16 -14
- package/dist/utils/private/jwt-payload.js.map +1 -1
- package/dist/utils/private/jwt-validate.d.ts.map +1 -1
- package/dist/utils/private/jwt-verify.d.ts.map +1 -1
- package/dist/utils/private/jwt-verify.js +1 -1
- package/dist/utils/private/jwt-verify.js.map +1 -1
- package/dist/utils/private/token-header.d.ts +2 -3
- package/dist/utils/private/token-header.d.ts.map +1 -1
- package/dist/utils/private/token-header.js +32 -104
- package/dist/utils/private/token-header.js.map +1 -1
- package/dist/utils/private/validate-value.d.ts.map +1 -1
- package/dist/utils/private/validate.d.ts.map +1 -1
- package/package.json +20 -18
- package/dist/types/interfaces/aegis.d.ts +0 -22
- package/dist/types/interfaces/aegis.d.ts.map +0 -1
- package/dist/types/interfaces/aegis.js.map +0 -1
- package/dist/types/interfaces/index.d.ts +0 -5
- package/dist/types/interfaces/index.d.ts.map +0 -1
- package/dist/types/interfaces/index.js.map +0 -1
- package/dist/types/interfaces/jwe-kit.d.ts +0 -7
- package/dist/types/interfaces/jwe-kit.d.ts.map +0 -1
- package/dist/types/interfaces/jwe-kit.js.map +0 -1
- package/dist/types/interfaces/jws-kit.d.ts +0 -6
- package/dist/types/interfaces/jws-kit.d.ts.map +0 -1
- package/dist/types/interfaces/jws-kit.js.map +0 -1
- package/dist/types/interfaces/jwt-kit.d.ts +0 -8
- package/dist/types/interfaces/jwt-kit.d.ts.map +0 -1
- package/dist/types/interfaces/jwt-kit.js.map +0 -1
- package/dist/types/jws/jws-verify.d.ts.map +0 -1
- package/dist/types/jws/jws-verify.js +0 -3
- package/dist/types/jws/jws-verify.js.map +0 -1
- package/dist/utils/private/create-token-signature.d.ts +0 -9
- package/dist/utils/private/create-token-signature.d.ts.map +0 -1
- package/dist/utils/private/create-token-signature.js +0 -42
- package/dist/utils/private/create-token-signature.js.map +0 -1
- package/dist/utils/private/token-type.d.ts +0 -3
- package/dist/utils/private/token-type.d.ts.map +0 -1
- package/dist/utils/private/token-type.js +0 -11
- package/dist/utils/private/token-type.js.map +0 -1
- package/dist/utils/private/verify-token-signature.d.ts +0 -3
- package/dist/utils/private/verify-token-signature.d.ts.map +0 -1
- package/dist/utils/private/verify-token-signature.js +0 -43
- package/dist/utils/private/verify-token-signature.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CweKit.js","sourceRoot":"","sources":["../../src/classes/CweKit.ts"],"names":[],"mappings":";;;AAAA,sCAA2E;AAC3E,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA6C;AAW7C,8CAM0B;AAE1B,MAAa,MAAM;IACA,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;IAClF,CAAC;IAEM,OAAO,CAAC,IAAgB,EAAE,UAA6B,EAAE;QAC9D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3E,MAAM,EACJ,OAAO,EACP,OAAO,EACP,QAAQ,EACR,oBAAoB,EACpB,eAAe,EACf,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEhC,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;YACnC,UAAU,EAAE,0CAA0C;SACvD,CAAC,CACH,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC;QAE9C,MAAM,iBAAiB,GAAG,IAAA,uBAAa,EACrC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,oBAAoB;YACpB,QAAQ;SACT,CAAC,CACH,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAErD,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ;YACR,oBAAoB,EAAE,kBAAkB;YACxC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,eAAe;YACf,SAAS;YACT,mBAAmB;YACnB,mBAAmB;SACpB,CAAC,CACH,CAAC;QACF,MAAM,kBAAkB,GAAG,mBAAmB,IAAI,IAAI,CAAC;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,IAAA,aAAM,EAAC,EAAE,CAAC,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC,CAAC;QAEvE,MAAM,MAAM,GAAG,IAAA,aAAM,EAAC,CAAC,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3B,CAAC;IAEM,OAAO,CAAgC,KAAiB;QAC7D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEjD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAErC,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YACrD,MAAM,IAAI,yBAAgB,CAAC,eAAe,EAAE;gBAC1C,KAAK,EAAE;oBACL,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;oBAC9B,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;iBAC9B;aACF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1D,MAAM,IAAI,yBAAgB,CAAC,uBAAuB,EAAE;gBAClD,KAAK,EAAE;oBACL,MAAM,EAAE,IAAI,CAAC,UAAU;oBACvB,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;iBAC1C;aACF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC;QACzD,MAAM,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;QAC1D,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5D,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;QAC9D,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;QAC9D,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,mBAAmB,CAAC;QAElE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC1B,MAAM,IAAI,yBAAgB,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAqB;YAClD,GAAG,OAAO,CAAC,SAAS;YACpB,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG;SAC7B,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAI;YAC7B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAG,OAAO,CAAC,SAAS,CAAC,GAAsB,IAAI,YAAY;YACtE,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ;YACR,oBAAoB;YACpB,eAAe;YACf,SAAS;YACT,kBAAkB;YAClB,mBAAmB;YACnB,mBAAmB;YACnB,mBAAmB;SACU,CAAC,CAAC;QAEjC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAErC,OAAO;YACL,OAAO;YACP,MAAM;YACN,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,0CAA0C,CAAC;QAC7E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,KAAiB;QACpC,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAE1D,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC;QAC/B,MAAM,CAAC,CAAC,EAAE,eAAe,EAAE,mBAAmB,CAAC,GAAG,SAAS,CAAC;QAC5D,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAExD,MAAM,MAAM,GAAG,IAAA,uBAAa,EAAC,aAAa,CAAC,GAAI,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAE7C,OAAO;YACL,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,SAAS,EAAE;gBACT,WAAW,EAAE,aAAoB;gBACjC,oBAAoB,EAAE,aAAa,CAAC,EAAE;gBACtC,mBAAmB;aACpB;YACD,oBAAoB,EAAE,eAAe,CAAC,EAAG;YACzC,OAAO;YACP,OAAO;SACR,CAAC;IACJ,CAAC;IAIO,WAAW,CAAC,KAAiB;QACnC,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,0BAA0B,CAAC;QACpC,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AAnMD,wBAmMC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { ICwsKit } from "../interfaces";
|
|
2
|
+
import { CwsContent, CwsKitOptions, DecodedCws, ParsedCws, SignCwsOptions, SignedCws } from "../types";
|
|
3
|
+
export declare class CwsKit implements ICwsKit {
|
|
4
|
+
private readonly logger;
|
|
5
|
+
private readonly kryptos;
|
|
6
|
+
constructor(options: CwsKitOptions);
|
|
7
|
+
sign(data: CwsContent, options?: SignCwsOptions): SignedCws;
|
|
8
|
+
verify<T extends CwsContent>(token: CwsContent): ParsedCws<T>;
|
|
9
|
+
static isCws(token: Buffer | string): boolean;
|
|
10
|
+
static decode<T extends CwsContent>(token: CwsContent): DecodedCws<T>;
|
|
11
|
+
static parse<T extends CwsContent>(token: CwsContent): ParsedCws<T>;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=CwsKit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,SAAS,EAET,cAAc,EACd,SAAS,EACV,MAAM,UAAU,CAAC;AAWlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,cAAmB,GAAG,SAAS;IAiD/D,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC;WA4DtD,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;WAStC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC;WAsB9D,KAAK,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC;CAU3E"}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CwsKit = void 0;
|
|
4
|
+
const is_1 = require("@lindorm/is");
|
|
5
|
+
const cbor_1 = require("cbor");
|
|
6
|
+
const crypto_1 = require("crypto");
|
|
7
|
+
const errors_1 = require("../errors");
|
|
8
|
+
const private_1 = require("../utils/private");
|
|
9
|
+
class CwsKit {
|
|
10
|
+
logger;
|
|
11
|
+
kryptos;
|
|
12
|
+
constructor(options) {
|
|
13
|
+
this.logger = options.logger.child(["CoseSignKit"]);
|
|
14
|
+
this.kryptos = options.kryptos;
|
|
15
|
+
}
|
|
16
|
+
sign(data, options = {}) {
|
|
17
|
+
const objectId = options.objectId ?? (0, crypto_1.randomBytes)(20).toString("base64url");
|
|
18
|
+
this.logger.debug("Signing token", { options });
|
|
19
|
+
const protectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
20
|
+
algorithm: this.kryptos.algorithm,
|
|
21
|
+
contentType: options.contentType
|
|
22
|
+
? options.contentType
|
|
23
|
+
: (0, is_1.isString)(data)
|
|
24
|
+
? "text/plain; charset=utf-8"
|
|
25
|
+
: "application/octet-stream",
|
|
26
|
+
headerType: "application/cose; cose-type=cose-sign",
|
|
27
|
+
}));
|
|
28
|
+
const protectedCbor = (0, cbor_1.encode)(protectedHeader);
|
|
29
|
+
const unprotectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
30
|
+
...(options.header ?? {}),
|
|
31
|
+
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
32
|
+
keyId: this.kryptos.id,
|
|
33
|
+
objectId,
|
|
34
|
+
}));
|
|
35
|
+
const payloadBuffer = (0, is_1.isBuffer)(data) ? data : Buffer.from(data, "utf-8");
|
|
36
|
+
const payloadCbor = (0, cbor_1.encode)(payloadBuffer);
|
|
37
|
+
const signature = (0, private_1.createCoseSignature)({
|
|
38
|
+
kryptos: this.kryptos,
|
|
39
|
+
payload: payloadCbor,
|
|
40
|
+
protectedHeader: protectedCbor,
|
|
41
|
+
});
|
|
42
|
+
const buffer = (0, private_1.createCoseSignToken)({
|
|
43
|
+
payload: payloadCbor,
|
|
44
|
+
protectedHeader: protectedCbor,
|
|
45
|
+
unprotectedHeader,
|
|
46
|
+
signature,
|
|
47
|
+
});
|
|
48
|
+
const token = buffer.toString("base64url");
|
|
49
|
+
this.logger.debug("Token signed", { token });
|
|
50
|
+
return { buffer, objectId, token };
|
|
51
|
+
}
|
|
52
|
+
verify(token) {
|
|
53
|
+
this.logger.debug("Verifying token", { token });
|
|
54
|
+
const [protectedCbor, unprotectedCose, payloadCbor, signature] = (0, cbor_1.decode)((0, is_1.isBuffer)(token) ? token : Buffer.from(token, "base64url"));
|
|
55
|
+
const protectedDict = (0, private_1.decodeCoseHeader)((0, cbor_1.decode)(protectedCbor));
|
|
56
|
+
if (this.kryptos.algorithm !== protectedDict.alg) {
|
|
57
|
+
throw new errors_1.CoseSignError("Invalid token", {
|
|
58
|
+
data: { algorithm: protectedDict.alg },
|
|
59
|
+
debug: { expected: this.kryptos.algorithm },
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
const verified = (0, private_1.verifyCoseSignature)({
|
|
63
|
+
kryptos: this.kryptos,
|
|
64
|
+
payload: payloadCbor,
|
|
65
|
+
protectedHeader: protectedCbor,
|
|
66
|
+
signature,
|
|
67
|
+
});
|
|
68
|
+
if (!verified) {
|
|
69
|
+
throw new errors_1.CoseSignError("Invalid token", {
|
|
70
|
+
data: { verified, token },
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
const unprotectedDict = (0, private_1.decodeCoseHeader)(unprotectedCose);
|
|
74
|
+
const payloadBuffer = (0, cbor_1.decode)(payloadCbor);
|
|
75
|
+
const decoded = {
|
|
76
|
+
protected: protectedDict,
|
|
77
|
+
unprotected: unprotectedDict,
|
|
78
|
+
payload: payloadBuffer,
|
|
79
|
+
signature: signature,
|
|
80
|
+
};
|
|
81
|
+
const header = (0, private_1.parseTokenHeader)({
|
|
82
|
+
...protectedDict,
|
|
83
|
+
...unprotectedDict,
|
|
84
|
+
});
|
|
85
|
+
const payload = header.contentType === "text/plain; charset=utf-8"
|
|
86
|
+
? payloadBuffer.toString("utf-8")
|
|
87
|
+
: payloadBuffer;
|
|
88
|
+
this.logger.debug("Token verified");
|
|
89
|
+
return {
|
|
90
|
+
decoded,
|
|
91
|
+
header,
|
|
92
|
+
payload,
|
|
93
|
+
token: (0, is_1.isBuffer)(token) ? token.toString("base64url") : token,
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
static isCws(token) {
|
|
97
|
+
try {
|
|
98
|
+
const decode = CwsKit.decode(token);
|
|
99
|
+
return decode.protected.typ === "application/cose; cose-type=cose-sign";
|
|
100
|
+
}
|
|
101
|
+
catch {
|
|
102
|
+
return false;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
static decode(token) {
|
|
106
|
+
const [protectedCbor, unprotectedHeader, payloadCbor, signature] = (0, cbor_1.decode)((0, is_1.isBuffer)(token) ? token : Buffer.from(token, "base64url"));
|
|
107
|
+
const protectedDict = (0, private_1.decodeCoseHeader)((0, cbor_1.decode)(protectedCbor));
|
|
108
|
+
const unprotectedDict = (0, private_1.decodeCoseHeader)(unprotectedHeader);
|
|
109
|
+
const payloadBuffer = (0, cbor_1.decode)(payloadCbor);
|
|
110
|
+
const payload = protectedDict.cty === "text/plain; charset=utf-8"
|
|
111
|
+
? payloadBuffer.toString("utf-8")
|
|
112
|
+
: payloadBuffer;
|
|
113
|
+
return {
|
|
114
|
+
protected: protectedDict,
|
|
115
|
+
unprotected: unprotectedDict,
|
|
116
|
+
payload,
|
|
117
|
+
signature: signature.toString("base64url"),
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
static parse(token) {
|
|
121
|
+
const decoded = CwsKit.decode(token);
|
|
122
|
+
return {
|
|
123
|
+
decoded,
|
|
124
|
+
header: (0, private_1.parseTokenHeader)({ ...decoded.protected, ...decoded.unprotected }),
|
|
125
|
+
payload: decoded.payload,
|
|
126
|
+
token: (0, is_1.isBuffer)(token) ? token.toString("base64url") : token,
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
exports.CwsKit = CwsKit;
|
|
131
|
+
//# sourceMappingURL=CwsKit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CwsKit.js","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":";;;AAAA,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA0C;AAW1C,8CAQ0B;AAE1B,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAgB,EAAE,UAA0B,EAAE;QACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAC9B,CAAC,CAAC,OAAO,CAAC,WAAW;gBACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;oBACd,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,0BAA0B;YAChC,UAAU,EAAE,uCAAuC;SACpD,CAAC,CACH,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC;QAE9C,MAAM,iBAAiB,GAAG,IAAA,uBAAa,EACrC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC,CACH,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACzE,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAE1C,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAA,6BAAmB,EAAC;YACjC,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,iBAAiB;YACjB,SAAS;SACV,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAEM,MAAM,CAAuB,KAAiB;QACnD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAE9D,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;YACjD,MAAM,IAAI,sBAAa,CAAC,eAAe,EAAE;gBACvC,IAAI,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,GAAG,EAAE;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,6BAAmB,EAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CAAC,eAAe,EAAE;gBACvC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAC1D,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAE1C,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO,EAAE,aAAoB;YAC7B,SAAS,EAAE,SAAS;SACrB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAkB;YAC/C,GAAG,aAAa;YAChB,GAAG,eAAe;SACZ,CAAC,CAAC;QAEV,MAAM,OAAO,GACX,MAAM,CAAC,WAAW,KAAK,2BAA2B;YAChD,CAAC,CAAE,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAO;YACxC,CAAC,CAAC,aAAa,CAAC;QAEpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEpC,OAAO;YACL,OAAO;YACP,MAAM;YACN,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,uCAAuC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAuB,KAAiB;QAC1D,MAAM,CAAC,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACvE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,iBAAiB,CAAC,CAAC;QAE5D,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,OAAO,GACX,aAAa,CAAC,GAAG,KAAK,2BAA2B;YAC/C,CAAC,CAAE,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAO;YACxC,CAAC,CAAC,aAAa,CAAC;QAEpB,OAAO;YACL,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO;YACP,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC3C,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAuB,KAAiB;QACzD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAI,KAAK,CAAC,CAAC;QAExC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,GAAG,OAAO,CAAC,WAAW,EAAS,CAAC;YACjF,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;CACF;AA/JD,wBA+JC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { Dict } from "@lindorm/types";
|
|
2
|
+
import { ICwtKit } from "../interfaces";
|
|
3
|
+
import { CwtKitOptions, DecodedCwt, ParsedCwt, ParsedCwtPayload, SignCwtContent, SignCwtOptions, SignedCwt, ValidateCwtOptions, VerifyCwtOptions } from "../types";
|
|
4
|
+
export declare class CwtKit implements ICwtKit {
|
|
5
|
+
private readonly clockTolerance;
|
|
6
|
+
private readonly issuer;
|
|
7
|
+
private readonly logger;
|
|
8
|
+
private readonly kryptos;
|
|
9
|
+
constructor(options: CwtKitOptions);
|
|
10
|
+
sign<C extends Dict = Dict>(content: SignCwtContent<C>, options?: SignCwtOptions): SignedCwt;
|
|
11
|
+
verify<C extends Dict = Dict>(token: Buffer | string, verify?: VerifyCwtOptions): ParsedCwt<C>;
|
|
12
|
+
static isCwt(token: Buffer | string): boolean;
|
|
13
|
+
static decode<C extends Dict = Dict>(token: Buffer | string): DecodedCwt<C>;
|
|
14
|
+
static parse<C extends Dict = Dict>(token: Buffer | string): ParsedCwt<C>;
|
|
15
|
+
static validate<C extends Dict = Dict>(payload: ParsedCwtPayload<C>, options: ValidateCwtOptions): void;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=CwtKit.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CwtKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,aAAa,EACb,UAAU,EAEV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAmBlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAQlC,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC/B,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAiEL,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EACjC,KAAK,EAAE,MAAM,GAAG,MAAM,EACtB,MAAM,GAAE,gBAAqB,GAC5B,SAAS,CAAC,CAAC,CAAC;WAkFD,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;WAStC,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC;WAepE,KAAK,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;WAWlE,QAAQ,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC1C,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,OAAO,EAAE,kBAAkB,GAC1B,IAAI;CAKR"}
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CwtKit = void 0;
|
|
4
|
+
const date_1 = require("@lindorm/date");
|
|
5
|
+
const is_1 = require("@lindorm/is");
|
|
6
|
+
const cbor_1 = require("cbor");
|
|
7
|
+
const crypto_1 = require("crypto");
|
|
8
|
+
const errors_1 = require("../errors");
|
|
9
|
+
const private_1 = require("../utils/private");
|
|
10
|
+
class CwtKit {
|
|
11
|
+
clockTolerance;
|
|
12
|
+
issuer;
|
|
13
|
+
logger;
|
|
14
|
+
kryptos;
|
|
15
|
+
constructor(options) {
|
|
16
|
+
this.logger = options.logger.child(["CwtKit"]);
|
|
17
|
+
this.kryptos = options.kryptos;
|
|
18
|
+
this.issuer = options.issuer ?? null;
|
|
19
|
+
this.clockTolerance = options.clockTolerance ?? 0;
|
|
20
|
+
}
|
|
21
|
+
sign(content, options = {}) {
|
|
22
|
+
this.logger.debug("Signing token", { content, options });
|
|
23
|
+
if (!this.issuer) {
|
|
24
|
+
throw new Error("Issuer is required to sign CWT");
|
|
25
|
+
}
|
|
26
|
+
const objectId = options.objectId ?? content.subject ?? (0, crypto_1.randomBytes)(20).toString("base64url");
|
|
27
|
+
const protectedDict = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
28
|
+
algorithm: this.kryptos.algorithm,
|
|
29
|
+
contentType: "application/json",
|
|
30
|
+
headerType: "application/cwt",
|
|
31
|
+
}));
|
|
32
|
+
const protectedCbor = (0, cbor_1.encode)(protectedDict);
|
|
33
|
+
const unprotectedDict = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
34
|
+
...(options.header ?? {}),
|
|
35
|
+
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
36
|
+
keyId: this.kryptos.id,
|
|
37
|
+
objectId,
|
|
38
|
+
}));
|
|
39
|
+
const claims = (0, private_1.mapJwtContentToClaims)({ algorithm: this.kryptos.algorithm, issuer: this.issuer }, content, { tokenId: (0, crypto_1.randomBytes)(20).toString("base64url"), ...options });
|
|
40
|
+
const payloadDict = (0, private_1.mapCoseClaims)({ ...claims, ...(content.claims ?? {}) });
|
|
41
|
+
const payloadCbor = (0, cbor_1.encode)(payloadDict);
|
|
42
|
+
const signature = (0, private_1.createCoseSignature)({
|
|
43
|
+
kryptos: this.kryptos,
|
|
44
|
+
payload: payloadCbor,
|
|
45
|
+
protectedHeader: protectedCbor,
|
|
46
|
+
});
|
|
47
|
+
const buffer = (0, private_1.createCoseSignToken)({
|
|
48
|
+
payload: payloadCbor,
|
|
49
|
+
protectedHeader: protectedCbor,
|
|
50
|
+
unprotectedHeader: unprotectedDict,
|
|
51
|
+
signature,
|
|
52
|
+
});
|
|
53
|
+
const token = buffer.toString("base64url");
|
|
54
|
+
const { expiresAt, expiresIn, expiresOn } = (0, date_1.expires)(content.expires);
|
|
55
|
+
this.logger.debug("Token signed", { token });
|
|
56
|
+
return {
|
|
57
|
+
buffer,
|
|
58
|
+
expiresAt,
|
|
59
|
+
expiresIn,
|
|
60
|
+
expiresOn,
|
|
61
|
+
objectId,
|
|
62
|
+
token,
|
|
63
|
+
tokenId: claims.jti,
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
verify(token, verify = {}) {
|
|
67
|
+
this.logger.debug("Verifying token", { token, verify });
|
|
68
|
+
const [protectedCbor, unprotectedCose, payloadCbor, signature] = (0, cbor_1.decode)((0, is_1.isBuffer)(token) ? token : Buffer.from(token, "base64url"));
|
|
69
|
+
const protectedDict = (0, private_1.decodeCoseHeader)((0, cbor_1.decode)(protectedCbor));
|
|
70
|
+
const unprotectedDict = (0, private_1.decodeCoseHeader)(unprotectedCose);
|
|
71
|
+
const payloadDict = (0, private_1.decodeCoseClaims)((0, cbor_1.decode)(payloadCbor));
|
|
72
|
+
if (this.kryptos.algorithm !== protectedDict.alg) {
|
|
73
|
+
throw new errors_1.CwtError("Invalid token", {
|
|
74
|
+
data: { algorithm: protectedDict.alg },
|
|
75
|
+
debug: { expected: this.kryptos.algorithm },
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
const verified = (0, private_1.verifyCoseSignature)({
|
|
79
|
+
kryptos: this.kryptos,
|
|
80
|
+
payload: payloadCbor,
|
|
81
|
+
protectedHeader: protectedCbor,
|
|
82
|
+
signature,
|
|
83
|
+
});
|
|
84
|
+
if (!verified) {
|
|
85
|
+
throw new errors_1.CwtError("Invalid token", {
|
|
86
|
+
data: { verified, token },
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
const operators = (0, private_1.createJwtVerify)(this.kryptos.algorithm, verify, this.clockTolerance);
|
|
90
|
+
const invalid = [];
|
|
91
|
+
const withDates = {
|
|
92
|
+
...payloadDict,
|
|
93
|
+
exp: payloadDict.exp ? new Date(payloadDict.exp * 1000) : undefined,
|
|
94
|
+
iat: payloadDict.iat ? new Date(payloadDict.iat * 1000) : undefined,
|
|
95
|
+
nbf: payloadDict.nbf ? new Date(payloadDict.nbf * 1000) : undefined,
|
|
96
|
+
auth_time: payloadDict.auth_time
|
|
97
|
+
? new Date(payloadDict.auth_time * 1000)
|
|
98
|
+
: undefined,
|
|
99
|
+
};
|
|
100
|
+
for (const [key, ops] of Object.entries(operators)) {
|
|
101
|
+
const value = withDates[key];
|
|
102
|
+
if ((0, private_1.validateValue)(value, ops))
|
|
103
|
+
continue;
|
|
104
|
+
invalid.push({ key, value, ops });
|
|
105
|
+
}
|
|
106
|
+
if (invalid.length) {
|
|
107
|
+
throw new errors_1.CwtError("Invalid token", { data: { invalid } });
|
|
108
|
+
}
|
|
109
|
+
const decoded = {
|
|
110
|
+
protected: protectedDict,
|
|
111
|
+
unprotected: unprotectedDict,
|
|
112
|
+
payload: payloadDict,
|
|
113
|
+
signature: signature,
|
|
114
|
+
};
|
|
115
|
+
const payload = (0, private_1.parseTokenPayload)(payloadDict);
|
|
116
|
+
this.logger.debug("Token verified");
|
|
117
|
+
return {
|
|
118
|
+
decoded,
|
|
119
|
+
header: (0, private_1.parseTokenHeader)({
|
|
120
|
+
...protectedDict,
|
|
121
|
+
...unprotectedDict,
|
|
122
|
+
}),
|
|
123
|
+
payload,
|
|
124
|
+
token: (0, is_1.isBuffer)(token) ? token.toString("base64url") : token,
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
static isCwt(token) {
|
|
128
|
+
try {
|
|
129
|
+
const decode = CwtKit.decode(token);
|
|
130
|
+
return decode.protected.typ === "application/cwt";
|
|
131
|
+
}
|
|
132
|
+
catch {
|
|
133
|
+
return false;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
static decode(token) {
|
|
137
|
+
const [protectedCbor, unprotectedHeader, payloadCbor, signature] = (0, cbor_1.decode)((0, is_1.isBuffer)(token) ? token : Buffer.from(token, "base64url"));
|
|
138
|
+
const protectedCose = (0, cbor_1.decode)(protectedCbor);
|
|
139
|
+
const payloadCose = (0, cbor_1.decode)(payloadCbor);
|
|
140
|
+
return {
|
|
141
|
+
protected: (0, private_1.decodeCoseHeader)(protectedCose),
|
|
142
|
+
unprotected: (0, private_1.decodeCoseHeader)(unprotectedHeader),
|
|
143
|
+
payload: (0, private_1.decodeCoseClaims)(payloadCose),
|
|
144
|
+
signature: signature.toString("base64url"),
|
|
145
|
+
};
|
|
146
|
+
}
|
|
147
|
+
static parse(token) {
|
|
148
|
+
const decoded = CwtKit.decode(token);
|
|
149
|
+
return {
|
|
150
|
+
decoded,
|
|
151
|
+
header: (0, private_1.parseTokenHeader)({ ...decoded.protected, ...decoded.unprotected }),
|
|
152
|
+
payload: (0, private_1.parseTokenPayload)(decoded.payload),
|
|
153
|
+
token: (0, is_1.isBuffer)(token) ? token.toString("base64url") : token,
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
static validate(payload, options) {
|
|
157
|
+
const operators = (0, private_1.createJwtValidate)(options);
|
|
158
|
+
(0, private_1.validate)(payload, operators);
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
exports.CwtKit = CwtKit;
|
|
162
|
+
//# sourceMappingURL=CwtKit.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CwtKit.js","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":";;;AAAA,wCAAwC;AACxC,oCAAuC;AAIvC,+BAAsC;AACtC,mCAAqC;AACrC,sCAAqC;AAcrC,8CAgB0B;AAE1B,MAAa,MAAM;IACA,cAAc,CAAS;IACvB,MAAM,CAAgB;IACtB,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;QAErC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;IACpD,CAAC;IAEM,IAAI,CACT,OAA0B,EAC1B,UAA0B,EAAE;QAE5B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE/E,MAAM,aAAa,GAAG,IAAA,uBAAa,EACjC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,iBAAiB;SAC9B,CAAC,CACH,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAE5C,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,+BAAqB,EAClC,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAC1D,OAAO,EACP,EAAE,OAAO,EAAE,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,CAC/D,CAAC;QACF,MAAM,WAAW,GAAG,IAAA,uBAAa,EAAC,EAAE,GAAG,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAC5E,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAExC,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAA,6BAAmB,EAAC;YACjC,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,iBAAiB,EAAE,eAAe;YAClC,SAAS;SACV,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO;YACL,MAAM;YACN,SAAS;YACT,SAAS;YACT,SAAS;YACT,QAAQ;YACR,KAAK;YACL,OAAO,EAAE,MAAM,CAAC,GAAI;SACrB,CAAC;IACJ,CAAC;IAEM,MAAM,CACX,KAAsB,EACtB,SAA2B,EAAE;QAE7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAExD,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAA,0BAAgB,EAAI,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC,CAAC;QAE7D,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,GAAG,EAAE;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,6BAAmB,EAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,IAAA,yBAAe,EAC/B,IAAI,CAAC,OAAO,CAAC,SAAS,EACtB,MAAM,EACN,IAAI,CAAC,cAAc,CACpB,CAAC;QAEF,MAAM,OAAO,GAAuD,EAAE,CAAC;QAEvE,MAAM,SAAS,GAAG;YAChB,GAAG,WAAW;YACd,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,SAAS,EAAE,WAAW,CAAC,SAAS;gBAC9B,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC;gBACxC,CAAC,CAAC,SAAS;SACd,CAAC;QAEF,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,IAAA,uBAAa,EAAC,KAAK,EAAE,GAAG,CAAC;gBAAE,SAAS;YACxC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO,EAAE,WAAkB;YAC3B,SAAS,EAAE,SAAS;SACrB,CAAC;QAEF,MAAM,OAAO,GAAG,IAAA,2BAAiB,EAAC,WAAW,CAAC,CAAC;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEpC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC;gBACvB,GAAG,aAAa;gBAChB,GAAG,eAAe;aACZ,CAAC;YACT,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,iBAAiB,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAwB,KAAsB;QAChE,MAAM,CAAC,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACvE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,SAAS,EAAE,IAAA,0BAAgB,EAAC,aAAa,CAAQ;YACjD,WAAW,EAAE,IAAA,0BAAgB,EAAC,iBAAiB,CAAQ;YACvD,OAAO,EAAE,IAAA,0BAAgB,EAAC,WAAW,CAAQ;YAC7C,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC3C,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAwB,KAAsB;QAC/D,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAI,KAAK,CAAC,CAAC;QAExC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YAC1E,OAAO,EAAE,IAAA,2BAAiB,EAAC,OAAO,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,QAAQ,CACpB,OAA4B,EAC5B,OAA2B;QAE3B,MAAM,SAAS,GAAG,IAAA,2BAAiB,EAAC,OAAO,CAAC,CAAC;QAE7C,IAAA,kBAAQ,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;CACF;AAlND,wBAkNC"}
|
package/dist/classes/JweKit.d.ts
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { IJweKit } from "../interfaces";
|
|
2
|
+
import { DecodedJwe, DecryptedJwe, EncryptedJwe, JweEncryptOptions, JweKitOptions } from "../types";
|
|
2
3
|
export declare class JweKit implements IJweKit {
|
|
3
4
|
private readonly encryption;
|
|
4
|
-
private readonly logger;
|
|
5
5
|
private readonly kryptos;
|
|
6
|
-
private readonly
|
|
6
|
+
private readonly logger;
|
|
7
7
|
constructor(options: JweKitOptions);
|
|
8
8
|
encrypt(data: string, options?: JweEncryptOptions): EncryptedJwe;
|
|
9
|
-
decrypt(
|
|
9
|
+
decrypt(token: string): DecryptedJwe;
|
|
10
|
+
static isJwe(jwe: string): boolean;
|
|
10
11
|
static decode(jwe: string): DecodedJwe;
|
|
11
12
|
private contentType;
|
|
12
13
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,
|
|
1
|
+
{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAGlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;gBAEd,OAAO,EAAE,aAAa;IAMlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IAqEpE,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY;WAqF7B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAe7C,OAAO,CAAC,WAAW;CAuBpB"}
|
package/dist/classes/JweKit.js
CHANGED
|
@@ -3,80 +3,76 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.JweKit = void 0;
|
|
4
4
|
const aes_1 = require("@lindorm/aes");
|
|
5
5
|
const b64_1 = require("@lindorm/b64");
|
|
6
|
-
const
|
|
6
|
+
const is_1 = require("@lindorm/is");
|
|
7
7
|
const crypto_1 = require("crypto");
|
|
8
8
|
const private_1 = require("../constants/private");
|
|
9
9
|
const errors_1 = require("../errors");
|
|
10
10
|
const private_2 = require("../utils/private");
|
|
11
11
|
class JweKit {
|
|
12
12
|
encryption;
|
|
13
|
-
logger;
|
|
14
13
|
kryptos;
|
|
15
|
-
|
|
14
|
+
logger;
|
|
16
15
|
constructor(options) {
|
|
17
16
|
this.logger = options.logger.child(["JweKit"]);
|
|
18
17
|
this.kryptos = options.kryptos;
|
|
19
|
-
this.encryption = options.encryption
|
|
20
|
-
this.kryptosMayOverrideEncryption = options.kryptosMayOverrideEncryption ?? false;
|
|
18
|
+
this.encryption = options.encryption ?? options.kryptos.encryption ?? "A256GCM";
|
|
21
19
|
}
|
|
22
20
|
encrypt(data, options = {}) {
|
|
23
|
-
const
|
|
24
|
-
|
|
25
|
-
: this.encryption;
|
|
26
|
-
const jwksUri = this.kryptos.jwksUri;
|
|
27
|
-
const keyId = this.kryptos.id;
|
|
21
|
+
const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
|
|
22
|
+
this.logger.debug("Encrypting token", { options });
|
|
28
23
|
const objectId = options.objectId ?? (0, crypto_1.randomUUID)();
|
|
29
24
|
const critical = [
|
|
30
25
|
"algorithm",
|
|
31
26
|
"encryption",
|
|
32
27
|
];
|
|
33
|
-
const
|
|
34
|
-
const { authTag, content, hkdfSalt, initialisationVector, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = aes.encrypt(data, "record");
|
|
35
|
-
if (publicEncryptionJwk)
|
|
36
|
-
critical.push("publicEncryptionJwk");
|
|
37
|
-
if (publicEncryptionIv)
|
|
38
|
-
critical.push("publicEncryptionIv");
|
|
39
|
-
if (publicEncryptionTag)
|
|
40
|
-
critical.push("publicEncryptionTag");
|
|
28
|
+
const { authTag, content, hkdfSalt, initialisationVector, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = kit.encrypt(data, "record");
|
|
41
29
|
if (hkdfSalt)
|
|
42
30
|
critical.push("hkdfSalt");
|
|
43
31
|
if (pbkdfIterations)
|
|
44
32
|
critical.push("pbkdfIterations");
|
|
45
33
|
if (pbkdfSalt)
|
|
46
34
|
critical.push("pbkdfSalt");
|
|
35
|
+
if (publicEncryptionIv)
|
|
36
|
+
critical.push("initialisationVector");
|
|
37
|
+
if (publicEncryptionJwk)
|
|
38
|
+
critical.push("publicEncryptionJwk");
|
|
39
|
+
if (publicEncryptionTag)
|
|
40
|
+
critical.push("publicEncryptionTag");
|
|
47
41
|
const headerOptions = {
|
|
42
|
+
...(options.header ?? {}),
|
|
48
43
|
algorithm: this.kryptos.algorithm,
|
|
49
44
|
contentType: this.contentType(data),
|
|
50
45
|
critical,
|
|
51
|
-
encryption,
|
|
46
|
+
encryption: this.encryption,
|
|
52
47
|
headerType: "JWE",
|
|
53
48
|
hkdfSalt,
|
|
54
|
-
|
|
55
|
-
|
|
49
|
+
initialisationVector: publicEncryptionIv,
|
|
50
|
+
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
51
|
+
keyId: this.kryptos.id,
|
|
56
52
|
objectId,
|
|
57
53
|
pbkdfIterations,
|
|
58
54
|
pbkdfSalt,
|
|
59
|
-
publicEncryptionIv,
|
|
60
55
|
publicEncryptionJwk,
|
|
61
56
|
publicEncryptionTag,
|
|
62
57
|
};
|
|
63
|
-
const header = (0, private_2.
|
|
64
|
-
|
|
65
|
-
|
|
58
|
+
const header = (0, private_2.encodeJoseHeader)(headerOptions);
|
|
59
|
+
if (!authTag) {
|
|
60
|
+
throw new errors_1.JweError("Missing auth tag");
|
|
61
|
+
}
|
|
62
|
+
const token = [
|
|
66
63
|
header,
|
|
67
64
|
publicEncryptionKey ? b64_1.B64.encode(publicEncryptionKey, private_1.B64U) : "",
|
|
68
65
|
b64_1.B64.encode(initialisationVector, private_1.B64U),
|
|
69
66
|
b64_1.B64.encode(content, private_1.B64U),
|
|
70
|
-
|
|
71
|
-
]
|
|
72
|
-
this.logger.
|
|
67
|
+
b64_1.B64.encode(authTag, private_1.B64U),
|
|
68
|
+
].join(".");
|
|
69
|
+
this.logger.debug("Token encrypted", { token });
|
|
73
70
|
return { token };
|
|
74
71
|
}
|
|
75
|
-
decrypt(
|
|
76
|
-
const
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
const decoded = JweKit.decode(jwe);
|
|
72
|
+
decrypt(token) {
|
|
73
|
+
const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
|
|
74
|
+
this.logger.debug("Decrypting token", { token });
|
|
75
|
+
const decoded = JweKit.decode(token);
|
|
80
76
|
if (decoded.header.typ !== "JWE") {
|
|
81
77
|
throw new errors_1.JweError("Invalid token", {
|
|
82
78
|
data: { typ: decoded.header.typ },
|
|
@@ -89,14 +85,19 @@ class JweKit {
|
|
|
89
85
|
});
|
|
90
86
|
}
|
|
91
87
|
const header = (0, private_2.parseTokenHeader)(decoded.header);
|
|
92
|
-
|
|
88
|
+
if (header.encryption !== this.encryption) {
|
|
89
|
+
throw new errors_1.JweError("Unexpected encryption", {
|
|
90
|
+
debug: { actual: header.encryption, encryption: this.encryption },
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
const authTag = b64_1.B64.toBuffer(decoded.authTag);
|
|
93
94
|
const content = b64_1.B64.toBuffer(decoded.content);
|
|
94
95
|
const hkdfSalt = header.hkdfSalt ? b64_1.B64.toBuffer(header.hkdfSalt, private_1.B64U) : undefined;
|
|
95
96
|
const initialisationVector = b64_1.B64.toBuffer(decoded.initialisationVector);
|
|
96
97
|
const pbkdfIterations = header.pbkdfIterations;
|
|
97
98
|
const pbkdfSalt = header.pbkdfSalt ? b64_1.B64.toBuffer(header.pbkdfSalt, private_1.B64U) : undefined;
|
|
98
|
-
const publicEncryptionIv = header.
|
|
99
|
-
? b64_1.B64.toBuffer(header.
|
|
99
|
+
const publicEncryptionIv = header.initialisationVector
|
|
100
|
+
? b64_1.B64.toBuffer(header.initialisationVector)
|
|
100
101
|
: undefined;
|
|
101
102
|
const publicEncryptionKey = decoded.publicEncryptionKey
|
|
102
103
|
? b64_1.B64.toBuffer(decoded.publicEncryptionKey)
|
|
@@ -108,7 +109,7 @@ class JweKit {
|
|
|
108
109
|
if (header.critical.includes("publicEncryptionJwk") && !publicEncryptionJwk) {
|
|
109
110
|
throw new errors_1.JweError("Missing public encryption JWK");
|
|
110
111
|
}
|
|
111
|
-
if (header.critical.includes("
|
|
112
|
+
if (header.critical.includes("initialisationVector") && !publicEncryptionIv) {
|
|
112
113
|
throw new errors_1.JweError("Missing public encryption iv");
|
|
113
114
|
}
|
|
114
115
|
if (header.critical.includes("publicEncryptionTag") && !publicEncryptionTag) {
|
|
@@ -123,11 +124,10 @@ class JweKit {
|
|
|
123
124
|
if (header.critical.includes("pbkdfSalt") && !pbkdfSalt) {
|
|
124
125
|
throw new errors_1.JweError("Missing salt");
|
|
125
126
|
}
|
|
126
|
-
const
|
|
127
|
-
const payload = aes.decrypt({
|
|
127
|
+
const payload = kit.decrypt({
|
|
128
128
|
authTag,
|
|
129
129
|
content,
|
|
130
|
-
encryption,
|
|
130
|
+
encryption: this.encryption,
|
|
131
131
|
hkdfSalt,
|
|
132
132
|
initialisationVector,
|
|
133
133
|
pbkdfIterations,
|
|
@@ -137,30 +137,39 @@ class JweKit {
|
|
|
137
137
|
publicEncryptionKey,
|
|
138
138
|
publicEncryptionTag,
|
|
139
139
|
});
|
|
140
|
-
this.logger.
|
|
141
|
-
return {
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
token: jwe,
|
|
146
|
-
};
|
|
140
|
+
this.logger.debug("Token decrypted");
|
|
141
|
+
return { header, payload, decoded, token };
|
|
142
|
+
}
|
|
143
|
+
static isJwe(jwe) {
|
|
144
|
+
return (0, is_1.isJwe)(jwe);
|
|
147
145
|
}
|
|
148
146
|
static decode(jwe) {
|
|
149
147
|
const [header, publicEncryptionKey, initialisationVector, content, authTag] = jwe.split(".");
|
|
150
148
|
return {
|
|
151
|
-
header: (0, private_2.
|
|
149
|
+
header: (0, private_2.decodeJoseHeader)(header),
|
|
152
150
|
publicEncryptionKey: publicEncryptionKey?.length ? publicEncryptionKey : undefined,
|
|
153
151
|
initialisationVector,
|
|
154
152
|
content,
|
|
155
|
-
authTag
|
|
153
|
+
authTag,
|
|
156
154
|
};
|
|
157
155
|
}
|
|
158
156
|
contentType(input) {
|
|
159
|
-
if (
|
|
160
|
-
return "
|
|
157
|
+
if ((0, is_1.isJws)(input)) {
|
|
158
|
+
return "application/jws";
|
|
159
|
+
}
|
|
160
|
+
if ((0, is_1.isJwt)(input)) {
|
|
161
|
+
return "application/jwt";
|
|
162
|
+
}
|
|
163
|
+
if (input.startsWith("{") && input.endsWith("}")) {
|
|
164
|
+
return "application/json";
|
|
165
|
+
}
|
|
166
|
+
if (input.startsWith("[") && input.endsWith("]")) {
|
|
167
|
+
return "application/json";
|
|
168
|
+
}
|
|
169
|
+
if ((0, is_1.isString)(input)) {
|
|
170
|
+
return "text/plain; charset=utf-8";
|
|
161
171
|
}
|
|
162
|
-
|
|
163
|
-
return (0, private_2.decodeTokenHeader)(header).typ;
|
|
172
|
+
return "application/unknown";
|
|
164
173
|
}
|
|
165
174
|
}
|
|
166
175
|
exports.JweKit = JweKit;
|