@lindorm/aegis 0.3.5 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/README.md +247 -163
- package/__tests__/__mocks__/cbor.ts +17 -0
- package/__tests__/cose-interop.test.ts +1127 -0
- package/__tests__/jwe-interop.test.ts +331 -0
- package/__tests__/jwt-interop.test.ts +183 -0
- package/dist/classes/Aegis.d.ts.map +1 -1
- package/dist/classes/Aegis.js +8 -5
- package/dist/classes/Aegis.js.map +1 -1
- package/dist/classes/CweKit.d.ts.map +1 -1
- package/dist/classes/CweKit.js +31 -37
- package/dist/classes/CweKit.js.map +1 -1
- package/dist/classes/CwsKit.d.ts.map +1 -1
- package/dist/classes/CwsKit.js +8 -3
- package/dist/classes/CwsKit.js.map +1 -1
- package/dist/classes/CwtKit.d.ts.map +1 -1
- package/dist/classes/CwtKit.js +10 -14
- package/dist/classes/CwtKit.js.map +1 -1
- package/dist/classes/JweKit.d.ts.map +1 -1
- package/dist/classes/JweKit.js +24 -47
- package/dist/classes/JweKit.js.map +1 -1
- package/dist/classes/JwsKit.d.ts.map +1 -1
- package/dist/classes/JwsKit.js +9 -2
- package/dist/classes/JwsKit.js.map +1 -1
- package/dist/classes/JwtKit.d.ts.map +1 -1
- package/dist/classes/JwtKit.js +10 -9
- package/dist/classes/JwtKit.js.map +1 -1
- package/dist/classes/SignatureKit.d.ts.map +1 -1
- package/dist/classes/SignatureKit.js +2 -1
- package/dist/classes/SignatureKit.js.map +1 -1
- package/dist/constants/private/cose.d.ts +0 -1
- package/dist/constants/private/cose.d.ts.map +1 -1
- package/dist/constants/private/cose.js +5 -23
- package/dist/constants/private/cose.js.map +1 -1
- package/dist/types/cose-target.d.ts +2 -0
- package/dist/types/cose-target.d.ts.map +1 -0
- package/dist/types/{operators.js → cose-target.js} +1 -1
- package/dist/types/cose-target.js.map +1 -0
- package/dist/types/cwe/cwe-decode.d.ts +6 -2
- package/dist/types/cwe/cwe-decode.d.ts.map +1 -1
- package/dist/types/cwe/cwe-decrypt.d.ts +2 -2
- package/dist/types/cwe/cwe-decrypt.d.ts.map +1 -1
- package/dist/types/cwe/cwe-encrypt.d.ts +2 -0
- package/dist/types/cwe/cwe-encrypt.d.ts.map +1 -1
- package/dist/types/cws/cws-sign.d.ts +2 -0
- package/dist/types/cws/cws-sign.d.ts.map +1 -1
- package/dist/types/cwt/cwt-sign.d.ts +4 -1
- package/dist/types/cwt/cwt-sign.d.ts.map +1 -1
- package/dist/types/header.d.ts +6 -10
- package/dist/types/header.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -1
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +1 -1
- package/dist/types/index.js.map +1 -1
- package/dist/types/jwt/jwt-validate.d.ts +21 -21
- package/dist/types/jwt/jwt-validate.d.ts.map +1 -1
- package/dist/types/jwt/jwt-verify.d.ts +21 -21
- package/dist/types/jwt/jwt-verify.d.ts.map +1 -1
- package/dist/utils/private/auth-tag-length.js.map +1 -1
- package/dist/utils/private/cose/claims.d.ts +3 -3
- package/dist/utils/private/cose/claims.d.ts.map +1 -1
- package/dist/utils/private/cose/claims.js +27 -5
- package/dist/utils/private/cose/claims.js.map +1 -1
- package/dist/utils/private/cose/header.d.ts +3 -3
- package/dist/utils/private/cose/header.d.ts.map +1 -1
- package/dist/utils/private/cose/header.js +19 -26
- package/dist/utils/private/cose/header.js.map +1 -1
- package/dist/utils/private/cose/key.d.ts +1 -1
- package/dist/utils/private/cose/key.d.ts.map +1 -1
- package/dist/utils/private/cose/key.js +16 -12
- package/dist/utils/private/cose/key.js.map +1 -1
- package/dist/utils/private/cose-sign-token.d.ts +1 -2
- package/dist/utils/private/cose-sign-token.d.ts.map +1 -1
- package/dist/utils/private/cose-sign-token.js.map +1 -1
- package/dist/utils/private/index.d.ts +0 -1
- package/dist/utils/private/index.d.ts.map +1 -1
- package/dist/utils/private/index.js +0 -1
- package/dist/utils/private/index.js.map +1 -1
- package/dist/utils/private/jose-header.d.ts.map +1 -1
- package/dist/utils/private/jose-header.js +12 -17
- package/dist/utils/private/jose-header.js.map +1 -1
- package/dist/utils/private/jwt-validate.d.ts +3 -3
- package/dist/utils/private/jwt-validate.d.ts.map +1 -1
- package/dist/utils/private/jwt-validate.js +9 -9
- package/dist/utils/private/jwt-validate.js.map +1 -1
- package/dist/utils/private/jwt-verify.d.ts +3 -3
- package/dist/utils/private/jwt-verify.d.ts.map +1 -1
- package/dist/utils/private/jwt-verify.js +14 -14
- package/dist/utils/private/jwt-verify.js.map +1 -1
- package/dist/utils/private/token-header.d.ts.map +1 -1
- package/dist/utils/private/token-header.js +2 -10
- package/dist/utils/private/token-header.js.map +1 -1
- package/dist/utils/private/validate.d.ts +2 -3
- package/dist/utils/private/validate.d.ts.map +1 -1
- package/dist/utils/private/validate.js +9 -10
- package/dist/utils/private/validate.js.map +1 -1
- package/jest.config.interop.mjs +27 -0
- package/package.json +24 -24
- package/tsconfig.interop.json +9 -0
- package/dist/types/operators.d.ts +0 -27
- package/dist/types/operators.d.ts.map +0 -1
- package/dist/types/operators.js.map +0 -1
- package/dist/utils/private/validate-value.d.ts +0 -3
- package/dist/utils/private/validate-value.d.ts.map +0 -1
- package/dist/utils/private/validate-value.js +0 -91
- package/dist/utils/private/validate-value.js.map +0 -1
package/dist/classes/CweKit.js
CHANGED
|
@@ -20,32 +20,29 @@ class CweKit {
|
|
|
20
20
|
const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
|
|
21
21
|
this.logger.debug("Encrypting token", { options });
|
|
22
22
|
const objectId = options.objectId ?? (0, crypto_1.randomBytes)(20).toString("base64url");
|
|
23
|
-
const
|
|
23
|
+
const target = options.target ?? "internal";
|
|
24
|
+
const prepared = kit.prepareEncryption();
|
|
24
25
|
const protectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
25
|
-
algorithm: this.
|
|
26
|
+
algorithm: this.encryption,
|
|
26
27
|
contentType: this.contentType(data),
|
|
27
28
|
headerType: "application/cose; cose-type=cose-encrypt",
|
|
28
|
-
}));
|
|
29
|
+
}), target);
|
|
29
30
|
const protectedCbor = (0, cbor_1.encode)(protectedHeader);
|
|
31
|
+
const aad = protectedCbor;
|
|
32
|
+
const { authTag, content, initialisationVector } = prepared.encrypt(data, { aad });
|
|
30
33
|
const unprotectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
31
34
|
...(options.header ?? {}),
|
|
32
35
|
initialisationVector,
|
|
33
36
|
objectId,
|
|
34
|
-
}));
|
|
37
|
+
}), target);
|
|
35
38
|
const ciphertext = Buffer.concat([content, authTag]);
|
|
36
39
|
const recipientHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
37
|
-
|
|
38
|
-
hkdfSalt,
|
|
39
|
-
initialisationVector: publicEncryptionIv,
|
|
40
|
-
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
40
|
+
algorithm: this.kryptos.algorithm,
|
|
41
41
|
keyId: this.kryptos.id,
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
}));
|
|
47
|
-
const recipientPublicKey = publicEncryptionKey ?? null;
|
|
48
|
-
const recipients = [[(0, cbor_1.encode)({}), recipientHeader, recipientPublicKey]];
|
|
42
|
+
publicEncryptionJwk: prepared.headerParams.publicEncryptionJwk,
|
|
43
|
+
}), target);
|
|
44
|
+
const recipientPublicKey = prepared.publicEncryptionKey ?? null;
|
|
45
|
+
const recipients = [[(0, cbor_1.encode)(new Map()), recipientHeader, recipientPublicKey]];
|
|
49
46
|
const buffer = (0, cbor_1.encode)([protectedCbor, unprotectedHeader, ciphertext, recipients]);
|
|
50
47
|
const token = buffer.toString("base64url");
|
|
51
48
|
this.logger.debug("Token encrypted", { token });
|
|
@@ -55,55 +52,49 @@ class CweKit {
|
|
|
55
52
|
const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
|
|
56
53
|
this.logger.debug("Decrypting token", { token });
|
|
57
54
|
const decoded = CweKit.decode(token);
|
|
58
|
-
if (this.
|
|
59
|
-
throw new errors_1.CoseEncryptError("Invalid
|
|
55
|
+
if (this.encryption !== decoded.protected.alg) {
|
|
56
|
+
throw new errors_1.CoseEncryptError("Invalid content encryption", {
|
|
60
57
|
debug: {
|
|
61
|
-
expect: this.
|
|
58
|
+
expect: this.encryption,
|
|
62
59
|
actual: decoded.protected.alg,
|
|
63
60
|
},
|
|
64
61
|
});
|
|
65
62
|
}
|
|
66
|
-
if (decoded.recipient.unprotected.
|
|
67
|
-
throw new errors_1.CoseEncryptError("
|
|
63
|
+
if (this.kryptos.algorithm !== decoded.recipient.unprotected.alg) {
|
|
64
|
+
throw new errors_1.CoseEncryptError("Invalid key management algorithm", {
|
|
68
65
|
debug: {
|
|
69
|
-
expect: this.
|
|
70
|
-
actual: decoded.recipient.unprotected.
|
|
66
|
+
expect: this.kryptos.algorithm,
|
|
67
|
+
actual: decoded.recipient.unprotected.alg,
|
|
71
68
|
},
|
|
72
69
|
});
|
|
73
70
|
}
|
|
74
|
-
const hkdfSalt = decoded.recipient.unprotected.hkdf_salt;
|
|
75
71
|
const initialisationVector = decoded.unprotected.iv;
|
|
76
|
-
const pbkdfIterations = decoded.recipient.unprotected.p2c;
|
|
77
|
-
const pbkdfSalt = decoded.recipient.unprotected.p2s;
|
|
78
|
-
const publicEncryptionIv = decoded.recipient.unprotected.iv;
|
|
79
72
|
const publicEncryptionJwk = decoded.recipient.unprotected.epk;
|
|
80
|
-
const publicEncryptionTag = decoded.recipient.unprotected.tag;
|
|
81
73
|
const publicEncryptionKey = decoded.recipient.publicEncryptionKey;
|
|
82
74
|
if (!initialisationVector) {
|
|
83
75
|
throw new errors_1.CoseEncryptError("Missing iv");
|
|
84
76
|
}
|
|
85
77
|
const header = (0, private_1.parseTokenHeader)({
|
|
86
78
|
...decoded.protected,
|
|
87
|
-
enc: decoded.recipient.unprotected.enc,
|
|
88
79
|
epk: decoded.recipient.unprotected.epk,
|
|
89
|
-
jku: decoded.recipient.unprotected.jku,
|
|
90
80
|
kid: decoded.recipient.unprotected.kid,
|
|
91
81
|
oid: decoded.unprotected.oid,
|
|
92
82
|
});
|
|
83
|
+
if (header.critical?.length) {
|
|
84
|
+
for (const param of header.critical) {
|
|
85
|
+
throw new errors_1.CoseEncryptError(`Unsupported critical header parameter: ${param}`);
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
const aad = decoded.protectedCbor;
|
|
93
89
|
const payload = kit.decrypt({
|
|
94
90
|
authTag: decoded.authTag,
|
|
95
91
|
content: decoded.content,
|
|
96
92
|
contentType: decoded.protected.cty ?? "text/plain",
|
|
97
|
-
encryption:
|
|
98
|
-
hkdfSalt,
|
|
93
|
+
encryption: decoded.protected.alg,
|
|
99
94
|
initialisationVector,
|
|
100
|
-
pbkdfIterations,
|
|
101
|
-
pbkdfSalt,
|
|
102
|
-
publicEncryptionIv,
|
|
103
95
|
publicEncryptionJwk,
|
|
104
96
|
publicEncryptionKey,
|
|
105
|
-
|
|
106
|
-
});
|
|
97
|
+
}, { aad });
|
|
107
98
|
this.logger.debug("Token decrypted");
|
|
108
99
|
return {
|
|
109
100
|
decoded,
|
|
@@ -128,11 +119,14 @@ class CweKit {
|
|
|
128
119
|
const [recipient] = recipients;
|
|
129
120
|
const [_, recipientHeader, publicEncryptionKey] = recipient;
|
|
130
121
|
const recipientDict = (0, private_1.decodeCoseHeader)(recipientHeader);
|
|
131
|
-
const length = (0, private_1.authTagLength)(
|
|
122
|
+
const length = (0, private_1.authTagLength)(protectedDict.alg);
|
|
132
123
|
const authTag = ciphertext.slice(-length);
|
|
133
124
|
const content = ciphertext.slice(0, -length);
|
|
134
125
|
return {
|
|
135
126
|
protected: protectedDict,
|
|
127
|
+
protectedCbor: Buffer.isBuffer(protectedCbor)
|
|
128
|
+
? protectedCbor
|
|
129
|
+
: Buffer.from(protectedCbor),
|
|
136
130
|
unprotected: unprotectedDict,
|
|
137
131
|
recipient: {
|
|
138
132
|
unprotected: recipientDict,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CweKit.js","sourceRoot":"","sources":["../../src/classes/CweKit.ts"],"names":[],"mappings":";;;AAAA,sCAA2E;AAC3E,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA6C;
|
|
1
|
+
{"version":3,"file":"CweKit.js","sourceRoot":"","sources":["../../src/classes/CweKit.ts"],"names":[],"mappings":";;;AAAA,sCAA2E;AAC3E,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA6C;AAY7C,8CAM0B;AAE1B,MAAa,MAAM;IACA,UAAU,CAAoB;IAC9B,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;IAClF,CAAC;IAEM,OAAO,CAAC,IAAgB,EAAE,UAA6B,EAAE;QAC9D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;QAG5C,MAAM,QAAQ,GAAG,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAIzC,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,UAAkC;YAClD,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;YACnC,UAAU,EAAE,0CAA0C;SACvD,CAAC,EACF,MAAM,CACP,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC;QAG9C,MAAM,GAAG,GAAG,aAAa,CAAC;QAG1B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAGnF,MAAM,iBAAiB,GAAG,IAAA,uBAAa,EACrC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,oBAAoB;YACpB,QAAQ;SACT,CAAC,EACF,MAAM,CACP,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAGrD,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,mBAAmB,EAAE,QAAQ,CAAC,YAAY,CAAC,mBAAmB;SAC/D,CAAC,EACF,MAAM,CACP,CAAC;QACF,MAAM,kBAAkB,GAAG,QAAQ,CAAC,mBAAmB,IAAI,IAAI,CAAC;QAChE,MAAM,UAAU,GAAG,CAAC,CAAC,IAAA,aAAM,EAAC,IAAI,GAAG,EAAE,CAAC,EAAE,eAAe,EAAE,kBAAkB,CAAC,CAAC,CAAC;QAE9E,MAAM,MAAM,GAAG,IAAA,aAAM,EAAC,CAAC,aAAa,EAAE,iBAAiB,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3B,CAAC;IAEM,OAAO,CAAgC,KAAiB;QAC7D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEjD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAGrC,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YAC9C,MAAM,IAAI,yBAAgB,CAAC,4BAA4B,EAAE;gBACvD,KAAK,EAAE;oBACL,MAAM,EAAE,IAAI,CAAC,UAAU;oBACvB,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;iBAC9B;aACF,CAAC,CAAC;QACL,CAAC;QAGD,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;YACjE,MAAM,IAAI,yBAAgB,CAAC,kCAAkC,EAAE;gBAC7D,KAAK,EAAE;oBACL,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;oBAC9B,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;iBAC1C;aACF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACpD,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC;QAC9D,MAAM,mBAAmB,GAAG,OAAO,CAAC,SAAS,CAAC,mBAAmB,CAAC;QAElE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC1B,MAAM,IAAI,yBAAgB,CAAC,YAAY,CAAC,CAAC;QAC3C,CAAC;QAID,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC;YAC9B,GAAI,OAAO,CAAC,SAAiB;YAC7B,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG;YACtC,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG;SAC7B,CAAkC,CAAC;QAGpC,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,IAAI,yBAAgB,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAGD,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC;QAGlC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CACzB;YACE,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAG,OAAO,CAAC,SAAS,CAAC,GAAsB,IAAI,YAAY;YACtE,UAAU,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;YACjC,oBAAoB;YACpB,mBAAmB;YACnB,mBAAmB;SACU,EAC/B,EAAE,GAAG,EAAE,CACR,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAErC,OAAO;YACL,OAAO;YACP,MAAM;YACN,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,0CAA0C,CAAC;QAC7E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,KAAiB;QACpC,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAE1D,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC;QAC/B,MAAM,CAAC,CAAC,EAAE,eAAe,EAAE,mBAAmB,CAAC,GAAG,SAAS,CAAC;QAC5D,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAGxD,MAAM,MAAM,GAAG,IAAA,uBAAa,EAAC,aAAa,CAAC,GAAwB,CAAC,CAAC;QACrE,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAE7C,OAAO;YACL,SAAS,EAAE,aAAoB;YAC/B,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;gBAC3C,CAAC,CAAC,aAAa;gBACf,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;YAC9B,WAAW,EAAE,eAAsB;YACnC,SAAS,EAAE;gBACT,WAAW,EAAE,aAAoB;gBACjC,oBAAoB,EAAE,aAAa,CAAC,EAAE;gBACtC,mBAAmB;aACpB;YACD,oBAAoB,EAAE,eAAe,CAAC,EAAG;YACzC,OAAO;YACP,OAAO;SACR,CAAC;IACJ,CAAC;IAIO,WAAW,CAAC,KAAiB;QACnC,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,0BAA0B,CAAC;QACpC,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AA3MD,wBA2MC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,SAAS,EAET,cAAc,EACd,SAAS,EACV,MAAM,UAAU,CAAC;AAWlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,cAAmB,GAAG,SAAS;
|
|
1
|
+
{"version":3,"file":"CwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,SAAS,EAET,cAAc,EACd,SAAS,EACV,MAAM,UAAU,CAAC;AAWlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,cAAmB,GAAG,SAAS;IAoD/D,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC;WAmEtD,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;WAStC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC;WAsB9D,KAAK,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC;CAU3E"}
|
package/dist/classes/CwsKit.js
CHANGED
|
@@ -16,6 +16,7 @@ class CwsKit {
|
|
|
16
16
|
sign(data, options = {}) {
|
|
17
17
|
const objectId = options.objectId ?? (0, crypto_1.randomBytes)(20).toString("base64url");
|
|
18
18
|
this.logger.debug("Signing token", { options });
|
|
19
|
+
const target = options.target ?? "internal";
|
|
19
20
|
const protectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
20
21
|
algorithm: this.kryptos.algorithm,
|
|
21
22
|
contentType: options.contentType
|
|
@@ -24,14 +25,13 @@ class CwsKit {
|
|
|
24
25
|
? "text/plain; charset=utf-8"
|
|
25
26
|
: "application/octet-stream",
|
|
26
27
|
headerType: "application/cose; cose-type=cose-sign",
|
|
27
|
-
}));
|
|
28
|
+
}), target);
|
|
28
29
|
const protectedCbor = (0, cbor_1.encode)(protectedHeader);
|
|
29
30
|
const unprotectedHeader = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
30
31
|
...(options.header ?? {}),
|
|
31
|
-
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
32
32
|
keyId: this.kryptos.id,
|
|
33
33
|
objectId,
|
|
34
|
-
}));
|
|
34
|
+
}), target);
|
|
35
35
|
const payloadBuffer = (0, is_1.isBuffer)(data) ? data : Buffer.from(data, "utf-8");
|
|
36
36
|
const payloadCbor = (0, cbor_1.encode)(payloadBuffer);
|
|
37
37
|
const signature = (0, private_1.createCoseSignature)({
|
|
@@ -82,6 +82,11 @@ class CwsKit {
|
|
|
82
82
|
...protectedDict,
|
|
83
83
|
...unprotectedDict,
|
|
84
84
|
});
|
|
85
|
+
if (header.critical?.length) {
|
|
86
|
+
for (const param of header.critical) {
|
|
87
|
+
throw new errors_1.CoseSignError(`Unsupported critical header parameter: ${param}`);
|
|
88
|
+
}
|
|
89
|
+
}
|
|
85
90
|
const payload = header.contentType === "text/plain; charset=utf-8"
|
|
86
91
|
? payloadBuffer.toString("utf-8")
|
|
87
92
|
: payloadBuffer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CwsKit.js","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":";;;AAAA,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA0C;AAW1C,8CAQ0B;AAE1B,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAgB,EAAE,UAA0B,EAAE;QACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAC9B,CAAC,CAAC,OAAO,CAAC,WAAW;gBACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;oBACd,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,0BAA0B;YAChC,UAAU,EAAE,uCAAuC;SACpD,CAAC,
|
|
1
|
+
{"version":3,"file":"CwsKit.js","sourceRoot":"","sources":["../../src/classes/CwsKit.ts"],"names":[],"mappings":";;;AAAA,oCAAiD;AAGjD,+BAAsC;AACtC,mCAAqC;AACrC,sCAA0C;AAW1C,8CAQ0B;AAE1B,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAgB,EAAE,UAA0B,EAAE;QACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;QAE5C,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAC9B,CAAC,CAAC,OAAO,CAAC,WAAW;gBACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;oBACd,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,0BAA0B;YAChC,UAAU,EAAE,uCAAuC;SACpD,CAAC,EACF,MAAM,CACP,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,eAAe,CAAC,CAAC;QAE9C,MAAM,iBAAiB,GAAG,IAAA,uBAAa,EACrC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC,EACF,MAAM,CACP,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACzE,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAE1C,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAA,6BAAmB,EAAC;YACjC,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,iBAAiB;YACjB,SAAS;SACV,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAEM,MAAM,CAAuB,KAAiB;QACnD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAE9D,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;YACjD,MAAM,IAAI,sBAAa,CAAC,eAAe,EAAE;gBACvC,IAAI,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,GAAG,EAAE;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,6BAAmB,EAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,sBAAa,CAAC,eAAe,EAAE;gBACvC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAC1D,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAE1C,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,SAAS;SACrB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAkB;YAC/C,GAAG,aAAa;YAChB,GAAG,eAAe;SACZ,CAAC,CAAC;QAGV,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,IAAI,sBAAa,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GACX,MAAM,CAAC,WAAW,KAAK,2BAA2B;YAChD,CAAC,CAAE,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAO;YACxC,CAAC,CAAC,aAAa,CAAC;QAEpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEpC,OAAO;YACL,OAAO;YACP,MAAM;YACN,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,uCAAuC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAuB,KAAiB;QAC1D,MAAM,CAAC,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACvE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,iBAAiB,CAAC,CAAC;QAE5D,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,OAAO,GACX,aAAa,CAAC,GAAG,KAAK,2BAA2B;YAC/C,CAAC,CAAE,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAO;YACxC,CAAC,CAAC,aAAa,CAAC;QAEpB,OAAO;YACL,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO;YACP,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC3C,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAuB,KAAiB;QACzD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAI,KAAK,CAAC,CAAC;QAExC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,GAAG,OAAO,CAAC,WAAW,EAAS,CAAC;YACjF,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;CACF;AAzKD,wBAyKC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CwtKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,aAAa,EACb,UAAU,
|
|
1
|
+
{"version":3,"file":"CwtKit.d.ts","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,aAAa,EACb,UAAU,EACV,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAkBlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAQlC,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC/B,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAmEL,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EACjC,KAAK,EAAE,MAAM,GAAG,MAAM,EACtB,MAAM,GAAE,gBAAqB,GAC5B,SAAS,CAAC,CAAC,CAAC;WA4ED,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO;WAStC,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC;WAepE,KAAK,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;WAWlE,QAAQ,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC1C,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,OAAO,EAAE,kBAAkB,GAC1B,IAAI;CAKR"}
|
package/dist/classes/CwtKit.js
CHANGED
|
@@ -21,23 +21,23 @@ class CwtKit {
|
|
|
21
21
|
sign(content, options = {}) {
|
|
22
22
|
this.logger.debug("Signing token", { content, options });
|
|
23
23
|
if (!this.issuer) {
|
|
24
|
-
throw new
|
|
24
|
+
throw new errors_1.CwtError("Issuer is required to sign CWT");
|
|
25
25
|
}
|
|
26
26
|
const objectId = options.objectId ?? content.subject ?? (0, crypto_1.randomBytes)(20).toString("base64url");
|
|
27
|
+
const target = options.target ?? "internal";
|
|
27
28
|
const protectedDict = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
28
29
|
algorithm: this.kryptos.algorithm,
|
|
29
30
|
contentType: "application/json",
|
|
30
31
|
headerType: "application/cwt",
|
|
31
|
-
}));
|
|
32
|
+
}), target);
|
|
32
33
|
const protectedCbor = (0, cbor_1.encode)(protectedDict);
|
|
33
34
|
const unprotectedDict = (0, private_1.mapCoseHeader)((0, private_1.mapTokenHeader)({
|
|
34
35
|
...(options.header ?? {}),
|
|
35
|
-
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
36
36
|
keyId: this.kryptos.id,
|
|
37
37
|
objectId,
|
|
38
|
-
}));
|
|
38
|
+
}), target);
|
|
39
39
|
const claims = (0, private_1.mapJwtContentToClaims)({ algorithm: this.kryptos.algorithm, issuer: this.issuer }, content, { tokenId: (0, crypto_1.randomBytes)(20).toString("base64url"), ...options });
|
|
40
|
-
const payloadDict = (0, private_1.mapCoseClaims)({ ...claims, ...(content.claims ?? {}) });
|
|
40
|
+
const payloadDict = (0, private_1.mapCoseClaims)({ ...claims, ...(content.claims ?? {}) }, target);
|
|
41
41
|
const payloadCbor = (0, cbor_1.encode)(payloadDict);
|
|
42
42
|
const signature = (0, private_1.createCoseSignature)({
|
|
43
43
|
kryptos: this.kryptos,
|
|
@@ -86,8 +86,7 @@ class CwtKit {
|
|
|
86
86
|
data: { verified, token },
|
|
87
87
|
});
|
|
88
88
|
}
|
|
89
|
-
const
|
|
90
|
-
const invalid = [];
|
|
89
|
+
const predicate = (0, private_1.createJwtVerify)(this.kryptos.algorithm, verify, this.clockTolerance);
|
|
91
90
|
const withDates = {
|
|
92
91
|
...payloadDict,
|
|
93
92
|
exp: payloadDict.exp ? new Date(payloadDict.exp * 1000) : undefined,
|
|
@@ -97,14 +96,11 @@ class CwtKit {
|
|
|
97
96
|
? new Date(payloadDict.auth_time * 1000)
|
|
98
97
|
: undefined,
|
|
99
98
|
};
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
if ((0, private_1.validateValue)(value, ops))
|
|
103
|
-
continue;
|
|
104
|
-
invalid.push({ key, value, ops });
|
|
99
|
+
try {
|
|
100
|
+
(0, private_1.validate)(withDates, predicate);
|
|
105
101
|
}
|
|
106
|
-
|
|
107
|
-
throw new errors_1.CwtError("Invalid token", { data:
|
|
102
|
+
catch (err) {
|
|
103
|
+
throw new errors_1.CwtError("Invalid token", { data: err.data });
|
|
108
104
|
}
|
|
109
105
|
const decoded = {
|
|
110
106
|
protected: protectedDict,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CwtKit.js","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":";;;AAAA,wCAAwC;AACxC,oCAAuC;AAIvC,+BAAsC;AACtC,mCAAqC;AACrC,sCAAqC;
|
|
1
|
+
{"version":3,"file":"CwtKit.js","sourceRoot":"","sources":["../../src/classes/CwtKit.ts"],"names":[],"mappings":";;;AAAA,wCAAwC;AACxC,oCAAuC;AAIvC,+BAAsC;AACtC,mCAAqC;AACrC,sCAAqC;AAarC,8CAe0B;AAE1B,MAAa,MAAM;IACA,cAAc,CAAS;IACvB,MAAM,CAAgB;IACtB,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;QAErC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;IACpD,CAAC;IAEM,IAAI,CACT,OAA0B,EAC1B,UAA0B,EAAE;QAE5B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,iBAAQ,CAAC,gCAAgC,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC;QAE5C,MAAM,aAAa,GAAG,IAAA,uBAAa,EACjC,IAAA,wBAAc,EAAC;YACb,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,iBAAiB;SAC9B,CAAC,EACF,MAAM,CACP,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAE5C,MAAM,eAAe,GAAG,IAAA,uBAAa,EACnC,IAAA,wBAAc,EAAC;YACb,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC,EACF,MAAM,CACP,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,+BAAqB,EAClC,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAC1D,OAAO,EACP,EAAE,OAAO,EAAE,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,CAC/D,CAAC;QACF,MAAM,WAAW,GAAG,IAAA,uBAAa,EAAC,EAAE,GAAG,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACpF,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAExC,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAA,6BAAmB,EAAC;YACjC,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,iBAAiB,EAAE,eAAe;YAClC,SAAS;SACV,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE3C,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO;YACL,MAAM;YACN,SAAS;YACT,SAAS;YACT,SAAS;YACT,QAAQ;YACR,KAAK;YACL,OAAO,EAAE,MAAM,CAAC,GAAI;SACrB,CAAC;IACJ,CAAC;IAEM,MAAM,CACX,KAAsB,EACtB,SAA2B,EAAE;QAE7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAExD,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACrE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAA,0BAAgB,EAAC,eAAe,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAA,0BAAgB,EAAI,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC,CAAC;QAE7D,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,aAAa,CAAC,GAAG,EAAE,CAAC;YACjD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,GAAG,EAAE;gBACtC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,6BAAmB,EAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,WAAW;YACpB,eAAe,EAAE,aAAa;YAC9B,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,GAAG,IAAA,yBAAe,EAC/B,IAAI,CAAC,OAAO,CAAC,SAAS,EACtB,MAAM,EACN,IAAI,CAAC,cAAc,CACpB,CAAC;QAEF,MAAM,SAAS,GAAG;YAChB,GAAG,WAAW;YACd,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;YACnE,SAAS,EAAE,WAAW,CAAC,SAAS;gBAC9B,CAAC,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC;gBACxC,CAAC,CAAC,SAAS;SACd,CAAC;QAEF,IAAI,CAAC;YACH,IAAA,kBAAQ,EAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE,EAAE,IAAI,EAAG,GAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,OAAO,GAAkB;YAC7B,SAAS,EAAE,aAAoB;YAC/B,WAAW,EAAE,eAAsB;YACnC,OAAO,EAAE,WAAkB;YAC3B,SAAS,EAAE,SAAS;SACrB,CAAC;QAEF,MAAM,OAAO,GAAG,IAAA,2BAAiB,EAAC,WAAW,CAAC,CAAC;QAE/C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEpC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC;gBACvB,GAAG,aAAa;gBAChB,GAAG,eAAe;aACZ,CAAC;YACT,OAAO;YACP,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,KAAsB;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,iBAAiB,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAwB,KAAsB;QAChE,MAAM,CAAC,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,SAAS,CAAC,GAAG,IAAA,aAAM,EACvE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAC1D,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,aAAa,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,WAAW,CAAC,CAAC;QAExC,OAAO;YACL,SAAS,EAAE,IAAA,0BAAgB,EAAC,aAAa,CAAQ;YACjD,WAAW,EAAE,IAAA,0BAAgB,EAAC,iBAAiB,CAAQ;YACvD,OAAO,EAAE,IAAA,0BAAgB,EAAC,WAAW,CAAC;YACtC,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC;SAC3C,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAwB,KAAsB;QAC/D,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAI,KAAK,CAAC,CAAC;QAExC,OAAO;YACL,OAAO;YACP,MAAM,EAAE,IAAA,0BAAgB,EAAC,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YAC1E,OAAO,EAAE,IAAA,2BAAiB,EAAC,OAAO,CAAC,OAAO,CAAC;YAC3C,KAAK,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;SAC7D,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,QAAQ,CACpB,OAA4B,EAC5B,OAA2B;QAE3B,MAAM,SAAS,GAAG,IAAA,2BAAiB,EAAC,OAAO,CAAC,CAAC;QAE7C,IAAA,kBAAQ,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC/B,CAAC;CACF;AA9MD,wBA8MC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAGlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;gBAEd,OAAO,EAAE,aAAa;IAMlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;
|
|
1
|
+
{"version":3,"file":"JweKit.d.ts","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,YAAY,EAEZ,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAEd,MAAM,UAAU,CAAC;AAGlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;gBAEd,OAAO,EAAE,aAAa;IAMlC,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,GAAE,iBAAsB,GAAG,YAAY;IA6DpE,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY;WA8E7B,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAmB7C,OAAO,CAAC,WAAW;CAuBpB"}
|
package/dist/classes/JweKit.js
CHANGED
|
@@ -21,47 +21,33 @@ class JweKit {
|
|
|
21
21
|
const kit = new aes_1.AesKit({ encryption: this.encryption, kryptos: this.kryptos });
|
|
22
22
|
this.logger.debug("Encrypting token", { options });
|
|
23
23
|
const objectId = options.objectId ?? (0, crypto_1.randomUUID)();
|
|
24
|
-
const
|
|
25
|
-
|
|
26
|
-
"encryption",
|
|
27
|
-
];
|
|
28
|
-
const { authTag, content, hkdfSalt, initialisationVector, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = kit.encrypt(data, "record");
|
|
29
|
-
if (hkdfSalt)
|
|
30
|
-
critical.push("hkdfSalt");
|
|
31
|
-
if (pbkdfIterations)
|
|
32
|
-
critical.push("pbkdfIterations");
|
|
33
|
-
if (pbkdfSalt)
|
|
34
|
-
critical.push("pbkdfSalt");
|
|
35
|
-
if (publicEncryptionIv)
|
|
36
|
-
critical.push("initialisationVector");
|
|
37
|
-
if (publicEncryptionJwk)
|
|
38
|
-
critical.push("publicEncryptionJwk");
|
|
39
|
-
if (publicEncryptionTag)
|
|
40
|
-
critical.push("publicEncryptionTag");
|
|
24
|
+
const prepared = kit.prepareEncryption();
|
|
25
|
+
const critical = [];
|
|
41
26
|
const headerOptions = {
|
|
42
27
|
...(options.header ?? {}),
|
|
43
28
|
algorithm: this.kryptos.algorithm,
|
|
44
29
|
contentType: this.contentType(data),
|
|
45
|
-
critical,
|
|
30
|
+
...(critical.length ? { critical } : {}),
|
|
46
31
|
encryption: this.encryption,
|
|
47
32
|
headerType: "JWE",
|
|
48
|
-
|
|
49
|
-
initialisationVector: publicEncryptionIv,
|
|
33
|
+
initialisationVector: prepared.headerParams.publicEncryptionIv,
|
|
50
34
|
jwksUri: this.kryptos.jwksUri ?? undefined,
|
|
51
35
|
keyId: this.kryptos.id,
|
|
52
36
|
objectId,
|
|
53
|
-
pbkdfIterations,
|
|
54
|
-
pbkdfSalt,
|
|
55
|
-
publicEncryptionJwk,
|
|
56
|
-
publicEncryptionTag,
|
|
37
|
+
pbkdfIterations: prepared.headerParams.pbkdfIterations,
|
|
38
|
+
pbkdfSalt: prepared.headerParams.pbkdfSalt,
|
|
39
|
+
publicEncryptionJwk: prepared.headerParams.publicEncryptionJwk,
|
|
40
|
+
publicEncryptionTag: prepared.headerParams.publicEncryptionTag,
|
|
57
41
|
};
|
|
58
42
|
const header = (0, private_2.encodeJoseHeader)(headerOptions);
|
|
43
|
+
const aad = Buffer.from(header, "ascii");
|
|
44
|
+
const { authTag, content, initialisationVector } = prepared.encrypt(data, { aad });
|
|
59
45
|
if (!authTag) {
|
|
60
46
|
throw new errors_1.JweError("Missing auth tag");
|
|
61
47
|
}
|
|
62
48
|
const token = [
|
|
63
49
|
header,
|
|
64
|
-
publicEncryptionKey ? b64_1.B64.encode(publicEncryptionKey, private_1.B64U) : "",
|
|
50
|
+
prepared.publicEncryptionKey ? b64_1.B64.encode(prepared.publicEncryptionKey, private_1.B64U) : "",
|
|
65
51
|
b64_1.B64.encode(initialisationVector, private_1.B64U),
|
|
66
52
|
b64_1.B64.encode(content, private_1.B64U),
|
|
67
53
|
b64_1.B64.encode(authTag, private_1.B64U),
|
|
@@ -90,9 +76,15 @@ class JweKit {
|
|
|
90
76
|
debug: { actual: header.encryption, encryption: this.encryption },
|
|
91
77
|
});
|
|
92
78
|
}
|
|
79
|
+
if (header.critical?.length) {
|
|
80
|
+
for (const param of header.critical) {
|
|
81
|
+
throw new errors_1.JweError(`Unsupported critical header parameter: ${param}`);
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
const [headerB64] = token.split(".");
|
|
85
|
+
const aad = Buffer.from(headerB64, "ascii");
|
|
93
86
|
const authTag = b64_1.B64.toBuffer(decoded.authTag);
|
|
94
87
|
const content = b64_1.B64.toBuffer(decoded.content);
|
|
95
|
-
const hkdfSalt = header.hkdfSalt ? b64_1.B64.toBuffer(header.hkdfSalt, private_1.B64U) : undefined;
|
|
96
88
|
const initialisationVector = b64_1.B64.toBuffer(decoded.initialisationVector);
|
|
97
89
|
const pbkdfIterations = header.pbkdfIterations;
|
|
98
90
|
const pbkdfSalt = header.pbkdfSalt ? b64_1.B64.toBuffer(header.pbkdfSalt, private_1.B64U) : undefined;
|
|
@@ -106,29 +98,10 @@ class JweKit {
|
|
|
106
98
|
const publicEncryptionTag = header.publicEncryptionTag
|
|
107
99
|
? b64_1.B64.toBuffer(header.publicEncryptionTag)
|
|
108
100
|
: undefined;
|
|
109
|
-
if (header.critical.includes("publicEncryptionJwk") && !publicEncryptionJwk) {
|
|
110
|
-
throw new errors_1.JweError("Missing public encryption JWK");
|
|
111
|
-
}
|
|
112
|
-
if (header.critical.includes("initialisationVector") && !publicEncryptionIv) {
|
|
113
|
-
throw new errors_1.JweError("Missing public encryption iv");
|
|
114
|
-
}
|
|
115
|
-
if (header.critical.includes("publicEncryptionTag") && !publicEncryptionTag) {
|
|
116
|
-
throw new errors_1.JweError("Missing public encryption tag");
|
|
117
|
-
}
|
|
118
|
-
if (header.critical.includes("hkdfSalt") && !hkdfSalt) {
|
|
119
|
-
throw new errors_1.JweError("Missing salt");
|
|
120
|
-
}
|
|
121
|
-
if (header.critical.includes("pbkdfIterations") && !pbkdfIterations) {
|
|
122
|
-
throw new errors_1.JweError("Missing iterations");
|
|
123
|
-
}
|
|
124
|
-
if (header.critical.includes("pbkdfSalt") && !pbkdfSalt) {
|
|
125
|
-
throw new errors_1.JweError("Missing salt");
|
|
126
|
-
}
|
|
127
101
|
const payload = kit.decrypt({
|
|
128
102
|
authTag,
|
|
129
103
|
content,
|
|
130
104
|
encryption: this.encryption,
|
|
131
|
-
hkdfSalt,
|
|
132
105
|
initialisationVector,
|
|
133
106
|
pbkdfIterations,
|
|
134
107
|
pbkdfSalt,
|
|
@@ -136,7 +109,7 @@ class JweKit {
|
|
|
136
109
|
publicEncryptionJwk,
|
|
137
110
|
publicEncryptionKey,
|
|
138
111
|
publicEncryptionTag,
|
|
139
|
-
});
|
|
112
|
+
}, { aad });
|
|
140
113
|
this.logger.debug("Token decrypted");
|
|
141
114
|
return { header, payload, decoded, token };
|
|
142
115
|
}
|
|
@@ -144,7 +117,11 @@ class JweKit {
|
|
|
144
117
|
return (0, is_1.isJwe)(jwe);
|
|
145
118
|
}
|
|
146
119
|
static decode(jwe) {
|
|
147
|
-
const
|
|
120
|
+
const parts = jwe.split(".");
|
|
121
|
+
if (parts.length !== 5) {
|
|
122
|
+
throw new errors_1.JweError("Invalid JWE format: expected 5 parts");
|
|
123
|
+
}
|
|
124
|
+
const [header, publicEncryptionKey, initialisationVector, content, authTag] = parts;
|
|
148
125
|
return {
|
|
149
126
|
header: (0, private_2.decodeJoseHeader)(header),
|
|
150
127
|
publicEncryptionKey: publicEncryptionKey?.length ? publicEncryptionKey : undefined,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JweKit.js","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AACtC,sCAAmC;AACnC,oCAA4D;AAG5D,mCAAoC;AACpC,kDAA4C;AAC5C,sCAAqC;AAWrC,8CAAwF;AAExF,MAAa,MAAM;IACA,UAAU,CAAoB;IAC9B,OAAO,CAAW;IAClB,MAAM,CAAU;IAEjC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;IAClF,CAAC;IAEM,OAAO,CAAC,IAAY,EAAE,UAA6B,EAAE;QAC1D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"JweKit.js","sourceRoot":"","sources":["../../src/classes/JweKit.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AACtC,sCAAmC;AACnC,oCAA4D;AAG5D,mCAAoC;AACpC,kDAA4C;AAC5C,sCAAqC;AAWrC,8CAAwF;AAExF,MAAa,MAAM;IACA,UAAU,CAAoB;IAC9B,OAAO,CAAW;IAClB,MAAM,CAAU;IAEjC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC;IAClF,CAAC;IAEM,OAAO,CAAC,IAAY,EAAE,UAA6B,EAAE;QAC1D,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEnD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;QAGlD,MAAM,QAAQ,GAAG,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAOzC,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,MAAM,aAAa,GAAuB;YACxC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;YACnC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,UAAU,EAAE,KAAK;YACjB,oBAAoB,EAAE,QAAQ,CAAC,YAAY,CAAC,kBAAkB;YAC9D,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;YACR,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,eAAe;YACtD,SAAS,EAAE,QAAQ,CAAC,YAAY,CAAC,SAAS;YAC1C,mBAAmB,EAAE,QAAQ,CAAC,YAAY,CAAC,mBAAmB;YAC9D,mBAAmB,EAAE,QAAQ,CAAC,YAAY,CAAC,mBAAmB;SAC/D,CAAC;QAGF,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,aAAa,CAAC,CAAC;QAG/C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAGzC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAEnF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,iBAAQ,CAAC,kBAAkB,CAAC,CAAC;QACzC,CAAC;QAGD,MAAM,KAAK,GAAG;YACZ,MAAM;YACN,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,EAAE,cAAI,CAAC,CAAC,CAAC,CAAC,EAAE;YAClF,SAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,cAAI,CAAC;YACtC,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,cAAI,CAAC;YACzB,SAAG,CAAC,MAAM,CAAC,OAAO,EAAE,cAAI,CAAC;SAC1B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC;IAEM,OAAO,CAAC,KAAa;QAC1B,MAAM,GAAG,GAAG,IAAI,YAAM,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEjD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAErC,IAAI,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAClD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBACjC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAqB,OAAO,CAAC,MAAM,CAAC,CAAC;QAEpE,IAAI,MAAM,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,EAAE;gBAC1C,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;aAClE,CAAC,CAAC;QACL,CAAC;QAGD,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpC,MAAM,IAAI,iBAAQ,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QAGD,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAE5C,MAAM,OAAO,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,oBAAoB,GAAG,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACxE,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,cAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACtF,MAAM,kBAAkB,GAAG,MAAM,CAAC,oBAAoB;YACpD,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,oBAAoB,CAAC;YAC3C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB;YACrD,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC;YAC3C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAC;QACvD,MAAM,mBAAmB,GAAG,MAAM,CAAC,mBAAmB;YACpD,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;YAC1C,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CACzB;YACE,OAAO;YACP,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,oBAAoB;YACpB,eAAe;YACf,SAAS;YACT,kBAAkB;YAClB,mBAAmB;YACnB,mBAAmB;YACnB,mBAAmB;SACpB,EACD,EAAE,GAAG,EAAE,CACR,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAErC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,IAAA,UAAK,EAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,GAAW;QAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,iBAAQ,CAAC,sCAAsC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,CAAC,MAAM,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;QAEpF,OAAO;YACL,MAAM,EAAE,IAAA,0BAAgB,EAAC,MAAM,CAAC;YAChC,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;YAClF,oBAAoB;YACpB,OAAO;YACP,OAAO;SACR,CAAC;IACJ,CAAC;IAIO,WAAW,CAAC,KAAa;QAC/B,IAAI,IAAA,UAAK,EAAC,KAAK,CAAC,EAAE,CAAC;YACjB,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QAED,IAAI,IAAA,UAAK,EAAC,KAAK,CAAC,EAAE,CAAC;YACjB,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,OAAO,kBAAkB,CAAC;QAC5B,CAAC;QAED,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,2BAA2B,CAAC;QACrC,CAAC;QAED,OAAO,qBAAqB,CAAC;IAC/B,CAAC;CACF;AApMD,wBAoMC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,SAAS,EAET,cAAc,EACd,SAAS,EAEV,MAAM,UAAU,CAAC;AASlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EACnC,IAAI,EAAE,CAAC,EACP,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAoCL,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"JwsKit.d.ts","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,SAAS,EAET,cAAc,EACd,SAAS,EAEV,MAAM,UAAU,CAAC;AASlB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAKlC,IAAI,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EACnC,IAAI,EAAE,CAAC,EACP,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAoCL,MAAM,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;WAkCvD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;WAc/B,KAAK,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;CAuB5E"}
|
package/dist/classes/JwsKit.js
CHANGED
|
@@ -44,6 +44,11 @@ class JwsKit {
|
|
|
44
44
|
verify(token) {
|
|
45
45
|
this.logger.debug("Verifying token", { token });
|
|
46
46
|
const parsed = JwsKit.parse(token);
|
|
47
|
+
if (parsed.header.critical?.length) {
|
|
48
|
+
for (const param of parsed.header.critical) {
|
|
49
|
+
throw new errors_1.JwsError(`Unsupported critical header parameter: ${param}`);
|
|
50
|
+
}
|
|
51
|
+
}
|
|
47
52
|
if (this.kryptos.algorithm !== parsed.header.algorithm) {
|
|
48
53
|
throw new errors_1.JwsError("Invalid token", {
|
|
49
54
|
data: { algorithm: parsed.header.algorithm },
|
|
@@ -75,10 +80,12 @@ class JwsKit {
|
|
|
75
80
|
}
|
|
76
81
|
static parse(token) {
|
|
77
82
|
const decoded = JwsKit.decode(token);
|
|
78
|
-
if (decoded.header.typ !==
|
|
83
|
+
if (decoded.header.typ !== undefined &&
|
|
84
|
+
decoded.header.typ !== "JWS" &&
|
|
85
|
+
decoded.header.typ !== "JOSE") {
|
|
79
86
|
throw new errors_1.JwsError("Invalid token", {
|
|
80
87
|
data: { typ: decoded.header.typ },
|
|
81
|
-
details: "Header type must be JWS",
|
|
88
|
+
details: "Header type must be JWS, JOSE, or undefined",
|
|
82
89
|
});
|
|
83
90
|
}
|
|
84
91
|
const header = (0, private_2.parseTokenHeader)(decoded.header);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwsKit.js","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,oCAAwD;AAGxD,mCAAoC;AACpC,kDAA4C;AAC5C,sCAAqC;AAWrC,8CAM0B;AAE1B,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CACT,IAAO,EACP,UAA0B,EAAE;QAE5B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;QAElD,MAAM,aAAa,GAAuB;YACxC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAC9B,CAAC,CAAC,OAAO,CAAC,WAAW;gBACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;oBACd,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,0BAA0B;YAChC,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,aAAa,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAI,CAAC,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,IAAI,EAAE,cAAI,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,MAAM;YACN,OAAO;YACP,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;QAElD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAEM,MAAM,CAA4B,KAAa;QACpD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAI,KAAK,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"JwsKit.js","sourceRoot":"","sources":["../../src/classes/JwsKit.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,oCAAwD;AAGxD,mCAAoC;AACpC,kDAA4C;AAC5C,sCAAqC;AAWrC,8CAM0B;AAE1B,MAAa,MAAM;IACA,MAAM,CAAU;IAChB,OAAO,CAAW;IAEnC,YAAmB,OAAsB;QACvC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CACT,IAAO,EACP,UAA0B,EAAE;QAE5B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAA,mBAAU,GAAE,CAAC;QAElD,MAAM,aAAa,GAAuB;YACxC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;YACjC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAC9B,CAAC,CAAC,OAAO,CAAC,WAAW;gBACrB,CAAC,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC;oBACd,CAAC,CAAC,2BAA2B;oBAC7B,CAAC,CAAC,0BAA0B;YAChC,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;YACtB,QAAQ;SACT,CAAC;QAEF,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,aAAa,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAI,CAAC,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,IAAI,EAAE,cAAI,CAAC,CAAC;QAE9E,MAAM,SAAS,GAAG,IAAA,6BAAmB,EAAC;YACpC,MAAM;YACN,OAAO;YACP,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;QAElD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAE7C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAEM,MAAM,CAA4B,KAAa;QACpD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAEhD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAI,KAAK,CAAC,CAAC;QAGtC,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;YACnC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC3C,MAAM,IAAI,iBAAQ,CAAC,0CAA0C,KAAK,EAAE,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE;gBAC5C,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,IAAA,6BAAmB,EAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE;aACjC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAEpC,OAAO,MAAM,CAAC;IAChB,CAAC;IAIM,MAAM,CAAC,KAAK,CAAC,GAAW;QAC7B,OAAO,IAAA,UAAK,EAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,GAAW;QAC9B,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpD,MAAM,aAAa,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;QAE/C,OAAO;YACL,MAAM,EAAE,aAAa;YACrB,OAAO,EACL,aAAa,CAAC,GAAG,KAAK,2BAA2B;gBAC/C,CAAC,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACvB,CAAC,CAAC,OAAO;YACb,SAAS;SACV,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAA4B,KAAa;QAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAErC,IACE,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS;YAChC,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK;YAC5B,OAAO,CAAC,MAAM,CAAC,GAAG,KAAK,MAAM,EAC7B,CAAC;YACD,MAAM,IAAI,iBAAQ,CAAC,eAAe,EAAE;gBAClC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBACjC,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAkB,OAAO,CAAC,MAAM,CAAC,CAAC;QAEjE,MAAM,OAAO,GACX,MAAM,CAAC,WAAW,KAAK,2BAA2B;YAChD,CAAC,CAAE,OAAO,CAAC,OAAa;YACxB,CAAC,CAAE,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,cAAI,CAAO,CAAC;QAEjD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;CACF;AA3HD,wBA2HC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtKit.d.ts","sourceRoot":"","sources":["../../src/classes/JwtKit.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAGtC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,
|
|
1
|
+
{"version":3,"file":"JwtKit.d.ts","sourceRoot":"","sources":["../../src/classes/JwtKit.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAGtC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EACL,UAAU,EACV,aAAa,EACb,SAAS,EAET,gBAAgB,EAChB,cAAc,EACd,cAAc,EACd,SAAS,EAET,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,UAAU,CAAC;AAelB,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAW;gBAEhB,OAAO,EAAE,aAAa;IAQlC,IAAI,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC/B,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,EAC1B,OAAO,GAAE,cAAmB,GAC3B,SAAS;IAwCL,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EACjC,KAAK,EAAE,MAAM,EACb,MAAM,GAAE,gBAAqB,GAC5B,SAAS,CAAC,CAAC,CAAC;WA0DD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;WAI3B,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,GAAG,EAAE,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC;WAUzD,KAAK,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC;WAwBzD,QAAQ,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,EAC1C,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,OAAO,EAAE,kBAAkB,GAC1B,IAAI;CAKR"}
|
package/dist/classes/JwtKit.js
CHANGED
|
@@ -45,6 +45,11 @@ class JwtKit {
|
|
|
45
45
|
verify(token, verify = {}) {
|
|
46
46
|
this.logger.debug("Verifying token", { token, verify });
|
|
47
47
|
const parsed = JwtKit.parse(token);
|
|
48
|
+
if (parsed.header.critical?.length) {
|
|
49
|
+
for (const param of parsed.header.critical) {
|
|
50
|
+
throw new errors_1.JwtError(`Unsupported critical header parameter: ${param}`);
|
|
51
|
+
}
|
|
52
|
+
}
|
|
48
53
|
if (this.kryptos.algorithm !== parsed.header.algorithm) {
|
|
49
54
|
throw new errors_1.JwtError("Invalid token", {
|
|
50
55
|
data: { algorithm: parsed.header.algorithm },
|
|
@@ -57,8 +62,7 @@ class JwtKit {
|
|
|
57
62
|
data: { verified, token: token },
|
|
58
63
|
});
|
|
59
64
|
}
|
|
60
|
-
const
|
|
61
|
-
const invalid = [];
|
|
65
|
+
const predicate = (0, private_1.createJwtVerify)(this.kryptos.algorithm, verify, this.clockTolerance);
|
|
62
66
|
const { decoded: { payload }, } = parsed;
|
|
63
67
|
const withDates = {
|
|
64
68
|
...payload,
|
|
@@ -67,14 +71,11 @@ class JwtKit {
|
|
|
67
71
|
nbf: payload.nbf ? new Date(payload.nbf * 1000) : undefined,
|
|
68
72
|
auth_time: payload.auth_time ? new Date(payload.auth_time * 1000) : undefined,
|
|
69
73
|
};
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
if ((0, private_1.validateValue)(value, ops))
|
|
73
|
-
continue;
|
|
74
|
-
invalid.push({ key, value, ops });
|
|
74
|
+
try {
|
|
75
|
+
(0, private_1.validate)(withDates, predicate);
|
|
75
76
|
}
|
|
76
|
-
|
|
77
|
-
throw new errors_1.JwtError("Invalid token", { data:
|
|
77
|
+
catch (err) {
|
|
78
|
+
throw new errors_1.JwtError("Invalid token", { data: err.data });
|
|
78
79
|
}
|
|
79
80
|
this.logger.debug("Token verified");
|
|
80
81
|
return parsed;
|