@lindorm/aegis 0.6.0 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -0
- package/README.md +142 -180
- package/__tests__/jwe-interop.test.ts +3 -2
- package/__tests__/jwt-interop.test.ts +4 -7
- package/dist/classes/Aegis.d.ts +5 -5
- package/dist/classes/Aegis.d.ts.map +1 -1
- package/dist/classes/Aegis.js +35 -39
- package/dist/classes/Aegis.js.map +1 -1
- package/dist/classes/JweKit.d.ts +2 -2
- package/dist/classes/JweKit.d.ts.map +1 -1
- package/dist/classes/JweKit.js +47 -51
- package/dist/classes/JweKit.js.map +1 -1
- package/dist/classes/JwsKit.d.ts +2 -2
- package/dist/classes/JwsKit.d.ts.map +1 -1
- package/dist/classes/JwsKit.js +32 -36
- package/dist/classes/JwsKit.js.map +1 -1
- package/dist/classes/JwtKit.d.ts +3 -3
- package/dist/classes/JwtKit.d.ts.map +1 -1
- package/dist/classes/JwtKit.js +50 -54
- package/dist/classes/JwtKit.js.map +1 -1
- package/dist/classes/SignatureKit.d.ts +2 -2
- package/dist/classes/SignatureKit.d.ts.map +1 -1
- package/dist/classes/SignatureKit.js +13 -17
- package/dist/classes/SignatureKit.js.map +1 -1
- package/dist/classes/index.d.ts +5 -5
- package/dist/classes/index.d.ts.map +1 -1
- package/dist/classes/index.js +5 -21
- package/dist/classes/index.js.map +1 -1
- package/dist/constants/token-type.js +2 -5
- package/dist/constants/token-type.js.map +1 -1
- package/dist/errors/AegisError.js +2 -6
- package/dist/errors/AegisError.js.map +1 -1
- package/dist/errors/JweError.js +2 -6
- package/dist/errors/JweError.js.map +1 -1
- package/dist/errors/JwsError.js +2 -6
- package/dist/errors/JwsError.js.map +1 -1
- package/dist/errors/JwtError.js +2 -6
- package/dist/errors/JwtError.js.map +1 -1
- package/dist/errors/index.d.ts +4 -4
- package/dist/errors/index.d.ts.map +1 -1
- package/dist/errors/index.js +4 -20
- package/dist/errors/index.js.map +1 -1
- package/dist/guards/index.d.ts +2 -2
- package/dist/guards/index.d.ts.map +1 -1
- package/dist/guards/index.js +2 -18
- package/dist/guards/index.js.map +1 -1
- package/dist/guards/is-parsed-jws.d.ts +1 -1
- package/dist/guards/is-parsed-jws.d.ts.map +1 -1
- package/dist/guards/is-parsed-jws.js +1 -5
- package/dist/guards/is-parsed-jws.js.map +1 -1
- package/dist/guards/is-parsed-jwt.d.ts +1 -1
- package/dist/guards/is-parsed-jwt.d.ts.map +1 -1
- package/dist/guards/is-parsed-jwt.js +1 -5
- package/dist/guards/is-parsed-jwt.js.map +1 -1
- package/dist/index.d.ts +6 -7
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -22
- package/dist/index.js.map +1 -1
- package/dist/interfaces/Aegis.d.ts +3 -3
- package/dist/interfaces/Aegis.d.ts.map +1 -1
- package/dist/interfaces/Aegis.js +1 -2
- package/dist/interfaces/JweKit.d.ts +1 -1
- package/dist/interfaces/JweKit.d.ts.map +1 -1
- package/dist/interfaces/JweKit.js +1 -2
- package/dist/interfaces/JwsKit.d.ts +1 -1
- package/dist/interfaces/JwsKit.d.ts.map +1 -1
- package/dist/interfaces/JwsKit.js +1 -2
- package/dist/interfaces/JwtKit.d.ts +2 -2
- package/dist/interfaces/JwtKit.d.ts.map +1 -1
- package/dist/interfaces/JwtKit.js +1 -2
- package/dist/interfaces/index.d.ts +4 -4
- package/dist/interfaces/index.d.ts.map +1 -1
- package/dist/interfaces/index.js +4 -20
- package/dist/interfaces/index.js.map +1 -1
- package/dist/internal/constants/aegis-profile-keys.js +1 -4
- package/dist/internal/constants/aegis-profile-keys.js.map +1 -1
- package/dist/internal/constants/format.js +1 -4
- package/dist/internal/constants/format.js.map +1 -1
- package/dist/internal/constants/header.js +13 -16
- package/dist/internal/constants/header.js.map +1 -1
- package/dist/internal/utils/compute-jwk-thumbprint.js +5 -9
- package/dist/internal/utils/compute-jwk-thumbprint.js.map +1 -1
- package/dist/internal/utils/compute-typ-header.d.ts +2 -2
- package/dist/internal/utils/compute-typ-header.d.ts.map +1 -1
- package/dist/internal/utils/compute-typ-header.js +6 -12
- package/dist/internal/utils/compute-typ-header.js.map +1 -1
- package/dist/internal/utils/create-hash.d.ts +1 -1
- package/dist/internal/utils/create-hash.d.ts.map +1 -1
- package/dist/internal/utils/create-hash.js +10 -17
- package/dist/internal/utils/create-hash.js.map +1 -1
- package/dist/internal/utils/extract-aegis-profile.d.ts +2 -2
- package/dist/internal/utils/extract-aegis-profile.d.ts.map +1 -1
- package/dist/internal/utils/extract-aegis-profile.js +6 -10
- package/dist/internal/utils/extract-aegis-profile.js.map +1 -1
- package/dist/internal/utils/extract-claims.d.ts +7 -7
- package/dist/internal/utils/extract-claims.d.ts.map +1 -1
- package/dist/internal/utils/extract-claims.js +47 -51
- package/dist/internal/utils/extract-claims.js.map +1 -1
- package/dist/internal/utils/extract-token-delegation.d.ts +2 -2
- package/dist/internal/utils/extract-token-delegation.d.ts.map +1 -1
- package/dist/internal/utils/extract-token-delegation.js +3 -7
- package/dist/internal/utils/extract-token-delegation.js.map +1 -1
- package/dist/internal/utils/generate-token-id.js +4 -8
- package/dist/internal/utils/generate-token-id.js.map +1 -1
- package/dist/internal/utils/jose-header.d.ts +1 -1
- package/dist/internal/utils/jose-header.d.ts.map +1 -1
- package/dist/internal/utils/jose-header.js +14 -19
- package/dist/internal/utils/jose-header.js.map +1 -1
- package/dist/internal/utils/jose-signature.d.ts +1 -1
- package/dist/internal/utils/jose-signature.d.ts.map +1 -1
- package/dist/internal/utils/jose-signature.js +7 -12
- package/dist/internal/utils/jose-signature.js.map +1 -1
- package/dist/internal/utils/jwt-payload.d.ts +3 -3
- package/dist/internal/utils/jwt-payload.d.ts.map +1 -1
- package/dist/internal/utils/jwt-payload.js +79 -86
- package/dist/internal/utils/jwt-payload.js.map +1 -1
- package/dist/internal/utils/jwt-validate.d.ts +2 -2
- package/dist/internal/utils/jwt-validate.d.ts.map +1 -1
- package/dist/internal/utils/jwt-validate.js +13 -17
- package/dist/internal/utils/jwt-validate.js.map +1 -1
- package/dist/internal/utils/jwt-verify.d.ts +3 -3
- package/dist/internal/utils/jwt-verify.d.ts.map +1 -1
- package/dist/internal/utils/jwt-verify.js +18 -22
- package/dist/internal/utils/jwt-verify.js.map +1 -1
- package/dist/internal/utils/parse-introspection.d.ts +2 -2
- package/dist/internal/utils/parse-introspection.d.ts.map +1 -1
- package/dist/internal/utils/parse-introspection.js +12 -16
- package/dist/internal/utils/parse-introspection.js.map +1 -1
- package/dist/internal/utils/parse-userinfo.d.ts +2 -2
- package/dist/internal/utils/parse-userinfo.d.ts.map +1 -1
- package/dist/internal/utils/parse-userinfo.js +10 -14
- package/dist/internal/utils/parse-userinfo.js.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.d.ts +2 -2
- package/dist/internal/utils/resolve-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/resolve-cert-binding.js +3 -7
- package/dist/internal/utils/resolve-cert-binding.js.map +1 -1
- package/dist/internal/utils/token-header.d.ts +1 -1
- package/dist/internal/utils/token-header.d.ts.map +1 -1
- package/dist/internal/utils/token-header.js +15 -20
- package/dist/internal/utils/token-header.js.map +1 -1
- package/dist/internal/utils/validate-actor.d.ts +1 -1
- package/dist/internal/utils/validate-actor.d.ts.map +1 -1
- package/dist/internal/utils/validate-actor.js +1 -5
- package/dist/internal/utils/validate-actor.js.map +1 -1
- package/dist/internal/utils/validate-crit.js +1 -5
- package/dist/internal/utils/validate-crit.js.map +1 -1
- package/dist/internal/utils/validate.d.ts +1 -1
- package/dist/internal/utils/validate.d.ts.map +1 -1
- package/dist/internal/utils/validate.js +6 -10
- package/dist/internal/utils/validate.js.map +1 -1
- package/dist/internal/utils/verify-cert-binding.d.ts +3 -3
- package/dist/internal/utils/verify-cert-binding.d.ts.map +1 -1
- package/dist/internal/utils/verify-cert-binding.js +4 -8
- package/dist/internal/utils/verify-cert-binding.js.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.d.ts +1 -1
- package/dist/internal/utils/verify-dpop-proof.d.ts.map +1 -1
- package/dist/internal/utils/verify-dpop-proof.js +23 -27
- package/dist/internal/utils/verify-dpop-proof.js.map +1 -1
- package/dist/mocks/create-mock-aegis.d.ts +3 -3
- package/dist/mocks/create-mock-aegis.d.ts.map +1 -1
- package/dist/mocks/create-mock-aegis.js +20 -20
- package/dist/mocks/create-mock-aegis.js.map +1 -1
- package/dist/mocks/jest.d.ts +5 -0
- package/dist/mocks/jest.d.ts.map +1 -0
- package/dist/mocks/jest.js +4 -0
- package/dist/mocks/jest.js.map +1 -0
- package/dist/mocks/vitest.d.ts +6 -0
- package/dist/mocks/vitest.d.ts.map +1 -0
- package/dist/mocks/vitest.js +5 -0
- package/dist/mocks/vitest.js.map +1 -0
- package/dist/types/aegis.d.ts +5 -5
- package/dist/types/aegis.d.ts.map +1 -1
- package/dist/types/aegis.js +1 -2
- package/dist/types/claims/act-claim.js +1 -2
- package/dist/types/claims/aegis-introspection.d.ts +6 -6
- package/dist/types/claims/aegis-introspection.d.ts.map +1 -1
- package/dist/types/claims/aegis-introspection.js +1 -2
- package/dist/types/claims/aegis-profile.js +1 -2
- package/dist/types/claims/aegis-userinfo.d.ts +1 -1
- package/dist/types/claims/aegis-userinfo.d.ts.map +1 -1
- package/dist/types/claims/aegis-userinfo.js +1 -2
- package/dist/types/claims/confirmation-claim.d.ts +1 -1
- package/dist/types/claims/confirmation-claim.d.ts.map +1 -1
- package/dist/types/claims/confirmation-claim.js +1 -2
- package/dist/types/claims/delegation-claims.d.ts +1 -1
- package/dist/types/claims/delegation-claims.d.ts.map +1 -1
- package/dist/types/claims/delegation-claims.js +1 -2
- package/dist/types/claims/index.d.ts +12 -12
- package/dist/types/claims/index.d.ts.map +1 -1
- package/dist/types/claims/index.js +12 -28
- package/dist/types/claims/index.js.map +1 -1
- package/dist/types/claims/jwt/act-claim-wire.js +1 -2
- package/dist/types/claims/jwt/confirmation-claim-wire.d.ts +1 -1
- package/dist/types/claims/jwt/confirmation-claim-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/confirmation-claim-wire.js +1 -2
- package/dist/types/claims/jwt/delegation-claims-wire.d.ts +1 -1
- package/dist/types/claims/jwt/delegation-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/delegation-claims-wire.js +1 -2
- package/dist/types/claims/jwt/index.d.ts +9 -9
- package/dist/types/claims/jwt/index.d.ts.map +1 -1
- package/dist/types/claims/jwt/index.js +9 -25
- package/dist/types/claims/jwt/index.js.map +1 -1
- package/dist/types/claims/jwt/jwt-claims.d.ts +6 -6
- package/dist/types/claims/jwt/jwt-claims.d.ts.map +1 -1
- package/dist/types/claims/jwt/jwt-claims.js +1 -2
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts +2 -2
- package/dist/types/claims/jwt/lindorm-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/lindorm-claims-wire.js +1 -2
- package/dist/types/claims/jwt/oauth-claims-wire.js +1 -2
- package/dist/types/claims/jwt/oidc-claims-wire.js +1 -2
- package/dist/types/claims/jwt/pop-claims-wire.d.ts +1 -1
- package/dist/types/claims/jwt/pop-claims-wire.d.ts.map +1 -1
- package/dist/types/claims/jwt/pop-claims-wire.js +1 -2
- package/dist/types/claims/jwt/std-claims-wire.js +1 -2
- package/dist/types/claims/lindorm-claims.d.ts +1 -1
- package/dist/types/claims/lindorm-claims.d.ts.map +1 -1
- package/dist/types/claims/lindorm-claims.js +1 -2
- package/dist/types/claims/oauth-claims.js +1 -2
- package/dist/types/claims/oidc-claims.js +1 -2
- package/dist/types/claims/pop-claims.d.ts +1 -1
- package/dist/types/claims/pop-claims.d.ts.map +1 -1
- package/dist/types/claims/pop-claims.js +1 -2
- package/dist/types/claims/std-claims.js +1 -2
- package/dist/types/header.d.ts +3 -3
- package/dist/types/header.d.ts.map +1 -1
- package/dist/types/header.js +1 -2
- package/dist/types/header.js.map +1 -1
- package/dist/types/index.d.ts +9 -9
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +9 -25
- package/dist/types/index.js.map +1 -1
- package/dist/types/jwe/index.d.ts +4 -4
- package/dist/types/jwe/index.d.ts.map +1 -1
- package/dist/types/jwe/index.js +4 -20
- package/dist/types/jwe/index.js.map +1 -1
- package/dist/types/jwe/jwe-decode.d.ts +1 -1
- package/dist/types/jwe/jwe-decode.d.ts.map +1 -1
- package/dist/types/jwe/jwe-decode.js +1 -2
- package/dist/types/jwe/jwe-decrypt.d.ts +3 -3
- package/dist/types/jwe/jwe-decrypt.d.ts.map +1 -1
- package/dist/types/jwe/jwe-decrypt.js +1 -2
- package/dist/types/jwe/jwe-encrypt.d.ts +2 -2
- package/dist/types/jwe/jwe-encrypt.d.ts.map +1 -1
- package/dist/types/jwe/jwe-encrypt.js +1 -2
- package/dist/types/jwe/jwe-kit.d.ts +1 -1
- package/dist/types/jwe/jwe-kit.d.ts.map +1 -1
- package/dist/types/jwe/jwe-kit.js +1 -2
- package/dist/types/jws/index.d.ts +4 -4
- package/dist/types/jws/index.d.ts.map +1 -1
- package/dist/types/jws/index.js +4 -20
- package/dist/types/jws/index.js.map +1 -1
- package/dist/types/jws/jws-decode.d.ts +1 -1
- package/dist/types/jws/jws-decode.d.ts.map +1 -1
- package/dist/types/jws/jws-decode.js +1 -2
- package/dist/types/jws/jws-kit.d.ts +1 -1
- package/dist/types/jws/jws-kit.d.ts.map +1 -1
- package/dist/types/jws/jws-kit.js +1 -2
- package/dist/types/jws/jws-parse.d.ts +3 -3
- package/dist/types/jws/jws-parse.d.ts.map +1 -1
- package/dist/types/jws/jws-parse.js +1 -2
- package/dist/types/jws/jws-sign.d.ts +2 -2
- package/dist/types/jws/jws-sign.d.ts.map +1 -1
- package/dist/types/jws/jws-sign.js +1 -2
- package/dist/types/jwt/index.d.ts +9 -9
- package/dist/types/jwt/index.d.ts.map +1 -1
- package/dist/types/jwt/index.js +9 -25
- package/dist/types/jwt/index.js.map +1 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts +1 -1
- package/dist/types/jwt/jwt-claim-matchers.d.ts.map +1 -1
- package/dist/types/jwt/jwt-claim-matchers.js +1 -2
- package/dist/types/jwt/jwt-decode.d.ts +3 -3
- package/dist/types/jwt/jwt-decode.d.ts.map +1 -1
- package/dist/types/jwt/jwt-decode.js +1 -2
- package/dist/types/jwt/jwt-delegation.d.ts +1 -1
- package/dist/types/jwt/jwt-delegation.d.ts.map +1 -1
- package/dist/types/jwt/jwt-delegation.js +1 -2
- package/dist/types/jwt/jwt-dpop.js +1 -2
- package/dist/types/jwt/jwt-kit.d.ts +1 -1
- package/dist/types/jwt/jwt-kit.d.ts.map +1 -1
- package/dist/types/jwt/jwt-kit.js +1 -2
- package/dist/types/jwt/jwt-parse.d.ts +7 -7
- package/dist/types/jwt/jwt-parse.d.ts.map +1 -1
- package/dist/types/jwt/jwt-parse.js +1 -2
- package/dist/types/jwt/jwt-sign.d.ts +4 -4
- package/dist/types/jwt/jwt-sign.d.ts.map +1 -1
- package/dist/types/jwt/jwt-sign.js +1 -2
- package/dist/types/jwt/jwt-validate.d.ts +3 -3
- package/dist/types/jwt/jwt-validate.d.ts.map +1 -1
- package/dist/types/jwt/jwt-validate.js +1 -2
- package/dist/types/jwt/jwt-verify.d.ts +2 -2
- package/dist/types/jwt/jwt-verify.d.ts.map +1 -1
- package/dist/types/jwt/jwt-verify.js +1 -2
- package/dist/types/kit.d.ts +3 -3
- package/dist/types/kit.d.ts.map +1 -1
- package/dist/types/kit.js +1 -2
- package/dist/types/level-of-assurance.js +1 -2
- package/dist/types/signature-kit.d.ts +2 -2
- package/dist/types/signature-kit.d.ts.map +1 -1
- package/dist/types/signature-kit.js +1 -2
- package/package.json +33 -33
- package/vitest.config.mjs +6 -0
- package/__tests__/__mocks__/cbor.ts +0 -17
- package/dist/mocks/index.d.ts +0 -2
- package/dist/mocks/index.d.ts.map +0 -1
- package/dist/mocks/index.js +0 -6
- package/dist/mocks/index.js.map +0 -1
- package/jest.config.interop.mjs +0 -27
- package/tsconfig.interop.json +0 -9
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolve-cert-binding.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"resolve-cert-binding.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,KAAK,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAEzF,eAAO,MAAM,kBAAkB,GAC7B,SAAS,QAAQ,EACjB,MAAM,mBAAmB,GAAG,SAAS,KACpC,uBAAuB,GAAG,SA4B5B,CAAC"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
exports.resolveCertBinding = void 0;
|
|
4
|
-
const errors_1 = require("../../errors");
|
|
5
|
-
const resolveCertBinding = (kryptos, mode) => {
|
|
1
|
+
import { AegisError } from "../../errors/index.js";
|
|
2
|
+
export const resolveCertBinding = (kryptos, mode) => {
|
|
6
3
|
const resolved = mode === "none"
|
|
7
4
|
? "none"
|
|
8
5
|
: mode === undefined
|
|
@@ -13,7 +10,7 @@ const resolveCertBinding = (kryptos, mode) => {
|
|
|
13
10
|
if (resolved === "none")
|
|
14
11
|
return undefined;
|
|
15
12
|
if (!kryptos.hasCertificate) {
|
|
16
|
-
throw new
|
|
13
|
+
throw new AegisError("bindCertificate requires kryptos with certificateChain", {
|
|
17
14
|
debug: { kryptosId: kryptos.id, mode },
|
|
18
15
|
});
|
|
19
16
|
}
|
|
@@ -26,5 +23,4 @@ const resolveCertBinding = (kryptos, mode) => {
|
|
|
26
23
|
}
|
|
27
24
|
return fields;
|
|
28
25
|
};
|
|
29
|
-
exports.resolveCertBinding = resolveCertBinding;
|
|
30
26
|
//# sourceMappingURL=resolve-cert-binding.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolve-cert-binding.js","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"resolve-cert-binding.js","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAiB,EACjB,IAAqC,EACA,EAAE;IACvC,MAAM,QAAQ,GACZ,IAAI,KAAK,MAAM;QACb,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,IAAI,KAAK,SAAS;YAClB,CAAC,CAAC,OAAO,CAAC,cAAc;gBACtB,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,MAAM;YACV,CAAC,CAAC,IAAI,CAAC;IAEb,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IAE1C,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,UAAU,CAAC,wDAAwD,EAAE;YAC7E,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAA4B;QACtC,OAAO,EAAE,OAAO,CAAC,qBAAqB,IAAI,SAAS;KACpD,CAAC;IAEF,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG;YACR,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { CertificateHeaderFields, DecodedTokenHeader, ParsedTokenHeader, RawTokenHeaderClaims, TokenHeaderOptions } from "../../types";
|
|
1
|
+
import type { CertificateHeaderFields, DecodedTokenHeader, ParsedTokenHeader, RawTokenHeaderClaims, TokenHeaderOptions } from "../../types/index.js";
|
|
2
2
|
export declare const mapTokenHeader: (options: TokenHeaderOptions, cert?: CertificateHeaderFields) => RawTokenHeaderClaims;
|
|
3
3
|
export declare const parseTokenHeader: <T extends ParsedTokenHeader = ParsedTokenHeader>(decoded: DecodedTokenHeader) => T;
|
|
4
4
|
//# sourceMappingURL=token-header.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"AAEA,OAAO,
|
|
1
|
+
{"version":3,"file":"token-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,uBAAuB,EACvB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,eAAO,MAAM,cAAc,GACzB,SAAS,kBAAkB,EAC3B,OAAM,uBAA4B,KACjC,oBAsDF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,EAC9E,SAAS,kBAAkB,KAC1B,CA+DF,CAAC"}
|
|
@@ -1,10 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
const
|
|
5
|
-
const utils_1 = require("@lindorm/utils");
|
|
6
|
-
const compute_typ_header_1 = require("./compute-typ-header");
|
|
7
|
-
const mapTokenHeader = (options, cert = {}) => {
|
|
1
|
+
import { isFinite, isObject, isString, isUrlLike } from "@lindorm/is";
|
|
2
|
+
import { removeUndefined } from "@lindorm/utils";
|
|
3
|
+
import { getBaseFormat } from "./compute-typ-header.js";
|
|
4
|
+
export const mapTokenHeader = (options, cert = {}) => {
|
|
8
5
|
const crit = options.critical
|
|
9
6
|
?.map((key) => {
|
|
10
7
|
switch (key) {
|
|
@@ -39,27 +36,26 @@ const mapTokenHeader = (options, cert = {}) => {
|
|
|
39
36
|
}
|
|
40
37
|
})
|
|
41
38
|
.sort();
|
|
42
|
-
return
|
|
39
|
+
return removeUndefined({
|
|
43
40
|
alg: options.algorithm,
|
|
44
41
|
crit,
|
|
45
42
|
cty: options.contentType,
|
|
46
|
-
enc:
|
|
47
|
-
epk:
|
|
43
|
+
enc: isString(options.encryption) ? options.encryption : undefined,
|
|
44
|
+
epk: isObject(options.publicEncryptionJwk) ? options.publicEncryptionJwk : undefined,
|
|
48
45
|
iv: options.initialisationVector,
|
|
49
|
-
jku:
|
|
50
|
-
jwk:
|
|
46
|
+
jku: isUrlLike(options.jwksUri) ? options.jwksUri : undefined,
|
|
47
|
+
jwk: isObject(options.jwk) ? options.jwk : undefined,
|
|
51
48
|
kid: options.keyId,
|
|
52
|
-
oid:
|
|
53
|
-
p2c:
|
|
49
|
+
oid: isString(options.objectId) ? options.objectId : undefined,
|
|
50
|
+
p2c: isFinite(options.pbkdfIterations) ? options.pbkdfIterations : undefined,
|
|
54
51
|
p2s: options.pbkdfSalt,
|
|
55
52
|
tag: options.publicEncryptionTag,
|
|
56
53
|
typ: options.headerType,
|
|
57
54
|
x5c: Array.isArray(cert.x5c) ? cert.x5c : undefined,
|
|
58
|
-
"x5t#S256":
|
|
55
|
+
"x5t#S256": isString(cert.x5tS256) ? cert.x5tS256 : undefined,
|
|
59
56
|
});
|
|
60
57
|
};
|
|
61
|
-
|
|
62
|
-
const parseTokenHeader = (decoded) => {
|
|
58
|
+
export const parseTokenHeader = (decoded) => {
|
|
63
59
|
const critical = decoded.crit
|
|
64
60
|
?.map((key) => {
|
|
65
61
|
switch (key) {
|
|
@@ -100,9 +96,9 @@ const parseTokenHeader = (decoded) => {
|
|
|
100
96
|
}
|
|
101
97
|
})
|
|
102
98
|
.sort() ?? [];
|
|
103
|
-
return
|
|
99
|
+
return removeUndefined({
|
|
104
100
|
algorithm: decoded.alg,
|
|
105
|
-
baseFormat:
|
|
101
|
+
baseFormat: getBaseFormat(decoded.typ),
|
|
106
102
|
contentType: decoded.cty,
|
|
107
103
|
critical,
|
|
108
104
|
encryption: decoded.enc,
|
|
@@ -121,5 +117,4 @@ const parseTokenHeader = (decoded) => {
|
|
|
121
117
|
x5tS256: decoded["x5t#S256"],
|
|
122
118
|
});
|
|
123
119
|
};
|
|
124
|
-
exports.parseTokenHeader = parseTokenHeader;
|
|
125
120
|
//# sourceMappingURL=token-header.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token-header.js","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"token-header.js","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAQjD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD,MAAM,CAAC,MAAM,cAAc,GAAG,CAC5B,OAA2B,EAC3B,OAAgC,EAAE,EACZ,EAAE;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ;QAC3B,EAAE,GAAG,CAAC,CAAC,GAAG,EAAU,EAAE;QACpB,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,WAAW;gBACd,OAAO,KAAK,CAAC;YACf,KAAK,aAAa;gBAChB,OAAO,KAAK,CAAC;YACf,KAAK,YAAY;gBACf,OAAO,KAAK,CAAC;YACf,KAAK,YAAY;gBACf,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,SAAS;gBACZ,OAAO,KAAK,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,KAAK,CAAC;YACf,KAAK,UAAU;gBACb,OAAO,KAAK,CAAC;YACf,KAAK,iBAAiB;gBACpB,OAAO,KAAK,CAAC;YACf,KAAK,WAAW;gBACd,OAAO,KAAK,CAAC;YACf,KAAK,sBAAsB;gBACzB,OAAO,IAAI,CAAC;YACd,KAAK,qBAAqB;gBACxB,OAAO,KAAK,CAAC;YACf,KAAK,qBAAqB;gBACxB,OAAO,KAAK,CAAC;YACf;gBACE,OAAO,GAAG,CAAC;QACf,CAAC;IACH,CAAC,CAAC;SACD,IAAI,EAAE,CAAC;IAEV,OAAO,eAAe,CAAC;QACrB,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,IAAI;QACJ,GAAG,EAAE,OAAO,CAAC,WAAW;QACxB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAClE,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,EAAE,EAAE,OAAO,CAAC,oBAAoB;QAChC,GAAG,EAAE,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QAC7D,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,OAAO,CAAC,KAAK;QAClB,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,GAAG,EAAE,OAAO,CAAC,mBAAmB;QAChC,GAAG,EAAE,OAAO,CAAC,UAAU;QACvB,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACnD,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;KAC9D,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,OAA2B,EACxB,EAAE;IACL,MAAM,QAAQ,GACX,OAAO,CAAC,IAAI;QACX,EAAE,GAAG,CAAC,CAAC,GAAG,EAAU,EAAE;QACpB,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,KAAK;gBACR,OAAO,WAAW,CAAC;YACrB,KAAK,KAAK;gBACR,OAAO,aAAa,CAAC;YACvB,KAAK,KAAK;gBACR,OAAO,YAAY,CAAC;YACtB,KAAK,KAAK;gBACR,OAAO,qBAAqB,CAAC;YAC/B,KAAK,IAAI;gBACP,OAAO,sBAAsB,CAAC;YAChC,KAAK,KAAK;gBACR,OAAO,SAAS,CAAC;YACnB,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,OAAO,CAAC;YACjB,KAAK,KAAK;gBACR,OAAO,UAAU,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,iBAAiB,CAAC;YAC3B,KAAK,KAAK;gBACR,OAAO,WAAW,CAAC;YACrB,KAAK,KAAK;gBACR,OAAO,qBAAqB,CAAC;YAC/B,KAAK,KAAK;gBACR,OAAO,YAAY,CAAC;YACtB,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,KAAK;gBACR,OAAO,KAAK,CAAC;YACf,KAAK,UAAU;gBACb,OAAO,SAAS,CAAC;YACnB;gBACE,OAAO,GAAG,CAAC;QACf,CAAC;IACH,CAAC,CAAC;SACD,IAAI,EAAoC,IAAI,EAAE,CAAC;IAEpD,OAAO,eAAe,CAAC;QACrB,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,UAAU,EAAE,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC;QACtC,WAAW,EAAE,OAAO,CAAC,GAAG;QACxB,QAAQ;QACR,UAAU,EAAE,OAAO,CAAC,GAAG;QACvB,UAAU,EAAE,OAAO,CAAC,GAAG;QACvB,oBAAoB,EAAE,OAAO,CAAC,EAAE;QAChC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,OAAO,EAAE,OAAO,CAAC,GAAG;QACpB,KAAK,EAAE,OAAO,CAAC,GAAG;QAClB,QAAQ,EAAE,OAAO,CAAC,GAAG;QACrB,eAAe,EAAE,OAAO,CAAC,GAAG;QAC5B,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,mBAAmB,EAAE,OAAO,CAAC,GAAG;QAChC,mBAAmB,EAAE,OAAO,CAAC,GAAG;QAChC,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC;KAC7B,CAAM,CAAC;AACV,CAAC,CAAC"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { TokenDelegation, VerifyActorOptions } from "../../types/jwt";
|
|
1
|
+
import type { TokenDelegation, VerifyActorOptions } from "../../types/jwt/index.js";
|
|
2
2
|
export declare const validateActor: (delegation: TokenDelegation, options: VerifyActorOptions | undefined) => string | null;
|
|
3
3
|
//# sourceMappingURL=validate-actor.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate-actor.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/validate-actor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"validate-actor.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/validate-actor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAEpF,eAAO,MAAM,aAAa,GACxB,YAAY,eAAe,EAC3B,SAAS,kBAAkB,GAAG,SAAS,KACtC,MAAM,GAAG,IA2BX,CAAC"}
|
|
@@ -1,7 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.validateActor = void 0;
|
|
4
|
-
const validateActor = (delegation, options) => {
|
|
1
|
+
export const validateActor = (delegation, options) => {
|
|
5
2
|
if (!options)
|
|
6
3
|
return null;
|
|
7
4
|
if (options.required && !delegation.isDelegated) {
|
|
@@ -23,5 +20,4 @@ const validateActor = (delegation, options) => {
|
|
|
23
20
|
}
|
|
24
21
|
return null;
|
|
25
22
|
};
|
|
26
|
-
exports.validateActor = validateActor;
|
|
27
23
|
//# sourceMappingURL=validate-actor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate-actor.js","sourceRoot":"","sources":["../../../src/internal/utils/validate-actor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validate-actor.js","sourceRoot":"","sources":["../../../src/internal/utils/validate-actor.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,UAA2B,EAC3B,OAAuC,EACxB,EAAE;IACjB,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,yCAAyC,CAAC;IACnD,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;QAChD,OAAO,8BAA8B,CAAC;IACxC,CAAC;IAED,IACE,OAAO,CAAC,aAAa,KAAK,SAAS;QACnC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,OAAO,CAAC,aAAa,EACpD,CAAC;QACD,OAAO,wCAAwC,OAAO,CAAC,aAAa,EAAE,CAAC;IACzE,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,OAAO,8BAA8B,KAAK,CAAC,OAAO,IAAI,WAAW,EAAE,CAAC;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC"}
|
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.validateCrit = void 0;
|
|
4
1
|
const IANA_REGISTERED_JOSE_HEADER_PARAMS = new Set([
|
|
5
2
|
"alg",
|
|
6
3
|
"jku",
|
|
@@ -28,7 +25,7 @@ const IANA_REGISTERED_JOSE_HEADER_PARAMS = new Set([
|
|
|
28
25
|
"nonce",
|
|
29
26
|
"svt",
|
|
30
27
|
]);
|
|
31
|
-
const validateCrit = (decoded) => {
|
|
28
|
+
export const validateCrit = (decoded) => {
|
|
32
29
|
const crit = decoded.crit;
|
|
33
30
|
if (crit === undefined)
|
|
34
31
|
return null;
|
|
@@ -51,5 +48,4 @@ const validateCrit = (decoded) => {
|
|
|
51
48
|
}
|
|
52
49
|
return null;
|
|
53
50
|
};
|
|
54
|
-
exports.validateCrit = validateCrit;
|
|
55
51
|
//# sourceMappingURL=validate-crit.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate-crit.js","sourceRoot":"","sources":["../../../src/internal/utils/validate-crit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validate-crit.js","sourceRoot":"","sources":["../../../src/internal/utils/validate-crit.ts"],"names":[],"mappings":"AAOA,MAAM,kCAAkC,GAAG,IAAI,GAAG,CAAC;IAEjD,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,KAAK;IACL,UAAU;IACV,KAAK;IACL,KAAK;IACL,MAAM;IAEN,KAAK;IACL,KAAK;IAEL,KAAK;IACL,KAAK;IACL,KAAK;IACL,IAAI;IACJ,KAAK;IACL,KAAK;IACL,KAAK;IAEL,KAAK;IAEL,KAAK;IAEL,KAAK;IACL,OAAO;IAEP,KAAK;CACN,CAAC,CAAC;AAYH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAAqD,EACtC,EAAE;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAE1B,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAEpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAGD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,8CAA8C,CAAC;IACxD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,8BAA8B,CAAC;QACxC,CAAC;QAID,IAAI,kCAAkC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,OAAO,+DAA+D,IAAI,GAAG,CAAC;QAChF,CAAC;QAOD,IAAI,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,EAAE,CAAC;YACvB,OAAO,0BAA0B,IAAI,gCAAgC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/validate.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/validate.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEtD,eAAO,MAAM,QAAQ,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EAC5C,MAAM,CAAC,EACP,WAAW,SAAS,CAAC,CAAC,CAAC,KACtB,IAWF,CAAC"}
|
|
@@ -1,18 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const utils_1 = require("@lindorm/utils");
|
|
6
|
-
const validate = (dict, predicate) => {
|
|
7
|
-
if (utils_1.Predicated.match(dict, predicate))
|
|
1
|
+
import { LindormError } from "@lindorm/errors";
|
|
2
|
+
import { Predicated } from "@lindorm/utils";
|
|
3
|
+
export const validate = (dict, predicate) => {
|
|
4
|
+
if (Predicated.match(dict, predicate))
|
|
8
5
|
return;
|
|
9
6
|
const invalid = [];
|
|
10
7
|
for (const [key, ops] of Object.entries(predicate)) {
|
|
11
|
-
if (!
|
|
8
|
+
if (!Predicated.match({ [key]: dict[key] }, { [key]: ops })) {
|
|
12
9
|
invalid.push({ key, value: dict[key] });
|
|
13
10
|
}
|
|
14
11
|
}
|
|
15
|
-
throw new
|
|
12
|
+
throw new LindormError("Invalid token", { data: { invalid } });
|
|
16
13
|
};
|
|
17
|
-
exports.validate = validate;
|
|
18
14
|
//# sourceMappingURL=validate.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/internal/utils/validate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/internal/utils/validate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAG5C,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,IAAO,EACP,SAAuB,EACjB,EAAE;IACR,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS,CAAC;QAAE,OAAO;IAE9C,MAAM,OAAO,GAAuC,EAAE,CAAC;IACvD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAS,CAAC,EAAE,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;AACjE,CAAC,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { IKryptos } from "@lindorm/kryptos";
|
|
2
|
-
import { ILogger } from "@lindorm/logger";
|
|
3
|
-
import { CertBindingMode } from "../../types";
|
|
1
|
+
import type { IKryptos } from "@lindorm/kryptos";
|
|
2
|
+
import type { ILogger } from "@lindorm/logger";
|
|
3
|
+
import type { CertBindingMode } from "../../types/index.js";
|
|
4
4
|
type VerifyCertBindingOptions = {
|
|
5
5
|
header: {
|
|
6
6
|
x5tS256: string | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-cert-binding.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/verify-cert-binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"verify-cert-binding.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/verify-cert-binding.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAE/C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D,KAAK,wBAAwB,GAAG;IAC9B,MAAM,EAAE;QAAE,OAAO,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAC;IACxC,OAAO,EAAE,QAAQ,CAAC;IAClB,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,eAAe,CAAC;CACvB,CAAC;AAqBF,eAAO,MAAM,iBAAiB,GAAI,oCAK/B,wBAAwB,KAAG,IAyB7B,CAAC"}
|
|
@@ -1,19 +1,16 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
exports.verifyCertBinding = void 0;
|
|
4
|
-
const errors_1 = require("../../errors");
|
|
5
|
-
const verifyCertBinding = ({ header, kryptos, logger, mode, }) => {
|
|
1
|
+
import { AegisError } from "../../errors/index.js";
|
|
2
|
+
export const verifyCertBinding = ({ header, kryptos, logger, mode, }) => {
|
|
6
3
|
if (header.x5tS256 === undefined)
|
|
7
4
|
return;
|
|
8
5
|
if (kryptos.certificateThumbprint === null) {
|
|
9
6
|
if (mode === "strict") {
|
|
10
|
-
throw new
|
|
7
|
+
throw new AegisError("token header x5t#S256 present but signing kryptos has no certificateChain", { debug: { kryptosId: kryptos.id } });
|
|
11
8
|
}
|
|
12
9
|
logger.warn("Cert binding: token header x5t#S256 present but signing kryptos has no certificateChain (lax mode — passing through)", { kryptosId: kryptos.id });
|
|
13
10
|
return;
|
|
14
11
|
}
|
|
15
12
|
if (header.x5tS256 !== kryptos.certificateThumbprint) {
|
|
16
|
-
throw new
|
|
13
|
+
throw new AegisError("signing certificate thumbprint mismatch", {
|
|
17
14
|
debug: {
|
|
18
15
|
expected: kryptos.certificateThumbprint,
|
|
19
16
|
received: header.x5tS256,
|
|
@@ -21,5 +18,4 @@ const verifyCertBinding = ({ header, kryptos, logger, mode, }) => {
|
|
|
21
18
|
});
|
|
22
19
|
}
|
|
23
20
|
};
|
|
24
|
-
exports.verifyCertBinding = verifyCertBinding;
|
|
25
21
|
//# sourceMappingURL=verify-cert-binding.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-cert-binding.js","sourceRoot":"","sources":["../../../src/internal/utils/verify-cert-binding.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verify-cert-binding.js","sourceRoot":"","sources":["../../../src/internal/utils/verify-cert-binding.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AA6BnD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,EAChC,MAAM,EACN,OAAO,EACP,MAAM,EACN,IAAI,GACqB,EAAQ,EAAE;IACnC,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO;IAEzC,IAAI,OAAO,CAAC,qBAAqB,KAAK,IAAI,EAAE,CAAC;QAC3C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,UAAU,CAClB,2EAA2E,EAC3E,EAAE,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,CACrC,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,IAAI,CACT,sHAAsH,EACtH,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAC1B,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,CAAC,qBAAqB,EAAE,CAAC;QACrD,MAAM,IAAI,UAAU,CAAC,yCAAyC,EAAE;YAC9D,KAAK,EAAE;gBACL,QAAQ,EAAE,OAAO,CAAC,qBAAqB;gBACvC,QAAQ,EAAE,MAAM,CAAC,OAAO;aACzB;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-dpop-proof.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/verify-dpop-proof.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,eAAe,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"verify-dpop-proof.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/verify-dpop-proof.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAMnE,KAAK,OAAO,GAAG;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAkBF,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,eA8ElD,CAAC"}
|
|
@@ -1,66 +1,63 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
const jose_header_1 = require("./jose-header");
|
|
9
|
-
const jose_signature_1 = require("./jose-signature");
|
|
10
|
-
const jwt_payload_1 = require("./jwt-payload");
|
|
1
|
+
import { KryptosKit } from "@lindorm/kryptos";
|
|
2
|
+
import { ShaKit } from "@lindorm/sha";
|
|
3
|
+
import { JwtError } from "../../errors/index.js";
|
|
4
|
+
import { computeJwkThumbprint } from "./compute-jwk-thumbprint.js";
|
|
5
|
+
import { decodeJoseHeader } from "./jose-header.js";
|
|
6
|
+
import { verifyJoseSignature } from "./jose-signature.js";
|
|
7
|
+
import { decodeJwtPayload } from "./jwt-payload.js";
|
|
11
8
|
const assertString = (value, claim) => {
|
|
12
9
|
if (typeof value !== "string" || value.length === 0) {
|
|
13
|
-
throw new
|
|
10
|
+
throw new JwtError(`Invalid DPoP proof: "${claim}" claim is required`);
|
|
14
11
|
}
|
|
15
12
|
return value;
|
|
16
13
|
};
|
|
17
|
-
const verifyDpopProof = (options) => {
|
|
14
|
+
export const verifyDpopProof = (options) => {
|
|
18
15
|
const { proof, accessToken, expectedThumbprint, dpopMaxSkew } = options;
|
|
19
16
|
const parts = proof.split(".");
|
|
20
17
|
if (parts.length !== 3) {
|
|
21
|
-
throw new
|
|
18
|
+
throw new JwtError("Invalid DPoP proof: not a compact JWS");
|
|
22
19
|
}
|
|
23
20
|
const [headerB64, payloadB64] = parts;
|
|
24
|
-
const header =
|
|
21
|
+
const header = decodeJoseHeader(headerB64);
|
|
25
22
|
if (header.typ !== "dpop+jwt") {
|
|
26
|
-
throw new
|
|
23
|
+
throw new JwtError("Invalid DPoP proof: header typ must be dpop+jwt", {
|
|
27
24
|
data: { typ: header.typ },
|
|
28
25
|
});
|
|
29
26
|
}
|
|
30
27
|
if (!header.jwk) {
|
|
31
|
-
throw new
|
|
28
|
+
throw new JwtError("Invalid DPoP proof: header jwk is required");
|
|
32
29
|
}
|
|
33
30
|
const rawJwk = header.jwk;
|
|
34
|
-
const thumbprint =
|
|
31
|
+
const thumbprint = computeJwkThumbprint(rawJwk);
|
|
35
32
|
if (thumbprint !== expectedThumbprint) {
|
|
36
|
-
throw new
|
|
33
|
+
throw new JwtError("Invalid DPoP proof: thumbprint does not match cnf.jkt", {
|
|
37
34
|
data: { expected: expectedThumbprint, actual: thumbprint },
|
|
38
35
|
});
|
|
39
36
|
}
|
|
40
|
-
const proofKryptos =
|
|
37
|
+
const proofKryptos = KryptosKit.from.jwk({
|
|
41
38
|
...rawJwk,
|
|
42
39
|
alg: header.alg,
|
|
43
40
|
use: "sig",
|
|
44
41
|
});
|
|
45
|
-
if (!
|
|
46
|
-
throw new
|
|
42
|
+
if (!verifyJoseSignature(proofKryptos, proof)) {
|
|
43
|
+
throw new JwtError("Invalid DPoP proof: signature verification failed");
|
|
47
44
|
}
|
|
48
|
-
const payload =
|
|
45
|
+
const payload = decodeJwtPayload(payloadB64);
|
|
49
46
|
const tokenId = assertString(payload.jti, "jti");
|
|
50
47
|
const httpMethod = assertString(payload.htm, "htm");
|
|
51
48
|
const httpUri = assertString(payload.htu, "htu");
|
|
52
49
|
if (typeof payload.iat !== "number") {
|
|
53
|
-
throw new
|
|
50
|
+
throw new JwtError("Invalid DPoP proof: iat claim is required");
|
|
54
51
|
}
|
|
55
52
|
const now = Math.floor(Date.now() / 1000);
|
|
56
53
|
if (Math.abs(now - payload.iat) > dpopMaxSkew) {
|
|
57
|
-
throw new
|
|
54
|
+
throw new JwtError("Invalid DPoP proof: iat is outside the allowed skew window", {
|
|
58
55
|
data: { iat: payload.iat, now, dpopMaxSkew },
|
|
59
56
|
});
|
|
60
57
|
}
|
|
61
|
-
const expectedAth =
|
|
58
|
+
const expectedAth = ShaKit.S256(accessToken);
|
|
62
59
|
if (payload.ath !== expectedAth) {
|
|
63
|
-
throw new
|
|
60
|
+
throw new JwtError("Invalid DPoP proof: ath does not match access token hash");
|
|
64
61
|
}
|
|
65
62
|
return {
|
|
66
63
|
thumbprint,
|
|
@@ -72,5 +69,4 @@ const verifyDpopProof = (options) => {
|
|
|
72
69
|
nonce: typeof payload.nonce === "string" ? payload.nonce : undefined,
|
|
73
70
|
};
|
|
74
71
|
};
|
|
75
|
-
exports.verifyDpopProof = verifyDpopProof;
|
|
76
72
|
//# sourceMappingURL=verify-dpop-proof.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-dpop-proof.js","sourceRoot":"","sources":["../../../src/internal/utils/verify-dpop-proof.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verify-dpop-proof.js","sourceRoot":"","sources":["../../../src/internal/utils/verify-dpop-proof.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAkBpD,MAAM,YAAY,GAAG,CAAC,KAAc,EAAE,KAAa,EAAU,EAAE;IAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,QAAQ,CAAC,wBAAwB,KAAK,qBAAqB,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAgB,EAAmB,EAAE;IACnE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,kBAAkB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAExE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,QAAQ,CAAC,uCAAuC,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,KAAK,CAAC;IAEtC,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAE3C,IAAI,MAAM,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,QAAQ,CAAC,iDAAiD,EAAE;YACpE,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,QAAQ,CAAC,4CAA4C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,GAA8B,CAAC;IAIrD,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAEhD,IAAI,UAAU,KAAK,kBAAkB,EAAE,CAAC;QACtC,MAAM,IAAI,QAAQ,CAAC,uDAAuD,EAAE;YAC1E,IAAI,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,EAAE,UAAU,EAAE;SAC3D,CAAC,CAAC;IACL,CAAC;IAOD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC;QACvC,GAAG,MAAM;QACT,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,KAAK;KACkC,CAAC,CAAC;IAEhD,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,QAAQ,CAAC,mDAAmD,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAmB,UAAU,CAAC,CAAC;IAE/D,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEjD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,QAAQ,CAAC,2CAA2C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,WAAW,EAAE,CAAC;QAC9C,MAAM,IAAI,QAAQ,CAAC,4DAA4D,EAAE;YAC/E,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,EAAE;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAI,QAAQ,CAAC,0DAA0D,CAAC,CAAC;IACjF,CAAC;IAED,OAAO;QACL,UAAU;QACV,OAAO;QACP,UAAU;QACV,OAAO;QACP,QAAQ,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QACtC,eAAe,EAAE,WAAW;QAC5B,KAAK,EAAE,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
export declare const
|
|
1
|
+
import type { IAesKit } from "@lindorm/aes";
|
|
2
|
+
import type { IAegis } from "../interfaces/index.js";
|
|
3
|
+
export declare const _createMockAegis: (mockFn: () => any, aesKit: IAesKit) => IAegis;
|
|
4
4
|
//# sourceMappingURL=create-mock-aegis.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-mock-aegis.d.ts","sourceRoot":"","sources":["../../src/mocks/create-mock-aegis.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"create-mock-aegis.d.ts","sourceRoot":"","sources":["../../src/mocks/create-mock-aegis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAErD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,OAAO,KAAG,MA+DrE,CAAC"}
|
|
@@ -1,40 +1,41 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
1
|
+
export const _createMockAegis = (mockFn, aesKit) => {
|
|
2
|
+
const impl = (fn) => {
|
|
3
|
+
const m = mockFn();
|
|
4
|
+
m.mockImplementation(fn);
|
|
5
|
+
return m;
|
|
6
|
+
};
|
|
7
|
+
const resolves = (value) => {
|
|
8
|
+
const m = mockFn();
|
|
9
|
+
m.mockResolvedValue(value);
|
|
10
|
+
return m;
|
|
11
|
+
};
|
|
7
12
|
return {
|
|
8
13
|
issuer: "https://test.lindorm.io/",
|
|
9
14
|
aes: {
|
|
10
|
-
encrypt:
|
|
11
|
-
|
|
12
|
-
.mockImplementation((data, mode) => Promise.resolve(mockAesKit.encrypt(data, mode))),
|
|
13
|
-
decrypt: jest
|
|
14
|
-
.fn()
|
|
15
|
-
.mockImplementation((data) => Promise.resolve(mockAesKit.decrypt(data))),
|
|
15
|
+
encrypt: impl((data, mode) => Promise.resolve(aesKit.encrypt(data, mode))),
|
|
16
|
+
decrypt: impl((data) => Promise.resolve(aesKit.decrypt(data))),
|
|
16
17
|
},
|
|
17
18
|
jwe: {
|
|
18
|
-
encrypt:
|
|
19
|
-
decrypt:
|
|
19
|
+
encrypt: resolves({ token: "mocked_token" }),
|
|
20
|
+
decrypt: resolves({
|
|
20
21
|
decoded: {},
|
|
21
22
|
header: {},
|
|
22
23
|
payload: "mocked_payload",
|
|
23
24
|
}),
|
|
24
25
|
},
|
|
25
26
|
jws: {
|
|
26
|
-
sign:
|
|
27
|
+
sign: resolves({
|
|
27
28
|
objectId: "mocked_object_id",
|
|
28
29
|
token: "mocked_token",
|
|
29
30
|
}),
|
|
30
|
-
verify:
|
|
31
|
+
verify: resolves({
|
|
31
32
|
decoded: {},
|
|
32
33
|
header: {},
|
|
33
34
|
payload: "verified_payload",
|
|
34
35
|
}),
|
|
35
36
|
},
|
|
36
37
|
jwt: {
|
|
37
|
-
sign:
|
|
38
|
+
sign: resolves({
|
|
38
39
|
expiresAt: new Date("2999-01-01T00:00:00.000Z"),
|
|
39
40
|
expiresIn: 999,
|
|
40
41
|
expiresOn: 9999,
|
|
@@ -42,18 +43,17 @@ const createMockAegis = () => {
|
|
|
42
43
|
token: "mocked_token",
|
|
43
44
|
tokenId: "mocked_token_id",
|
|
44
45
|
}),
|
|
45
|
-
verify:
|
|
46
|
+
verify: resolves({
|
|
46
47
|
decoded: {},
|
|
47
48
|
header: {},
|
|
48
49
|
payload: { subject: "verified_subject" },
|
|
49
50
|
}),
|
|
50
51
|
},
|
|
51
|
-
verify:
|
|
52
|
+
verify: resolves({
|
|
52
53
|
decoded: {},
|
|
53
54
|
header: {},
|
|
54
55
|
payload: { subject: "verified_subject" },
|
|
55
56
|
}),
|
|
56
57
|
};
|
|
57
58
|
};
|
|
58
|
-
exports.createMockAegis = createMockAegis;
|
|
59
59
|
//# sourceMappingURL=create-mock-aegis.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-mock-aegis.js","sourceRoot":"","sources":["../../src/mocks/create-mock-aegis.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"create-mock-aegis.js","sourceRoot":"","sources":["../../src/mocks/create-mock-aegis.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAiB,EAAE,MAAe,EAAU,EAAE;IAC7E,MAAM,IAAI,GAAG,CAAC,EAAO,EAAE,EAAE;QACvB,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC;QACnB,CAAC,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACzB,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;IACF,MAAM,QAAQ,GAAG,CAAC,KAAU,EAAE,EAAE;QAC9B,MAAM,CAAC,GAAG,MAAM,EAAE,CAAC;QACnB,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;IAEF,OAAO;QACL,MAAM,EAAE,0BAA0B;QAElC,GAAG,EAAE;YACH,OAAO,EAAE,IAAI,CAAC,CAAC,IAAS,EAAE,IAAa,EAAE,EAAE,CACzC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAW,CAAC,CAAC,CACnD;YACD,OAAO,EAAE,IAAI,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;SACpE;QAED,GAAG,EAAE;YACH,OAAO,EAAE,QAAQ,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;YAC5C,OAAO,EAAE,QAAQ,CAAC;gBAChB,OAAO,EAAE,EAAE;gBACX,MAAM,EAAE,EAAE;gBACV,OAAO,EAAE,gBAAgB;aAC1B,CAAC;SACH;QACD,GAAG,EAAE;YACH,IAAI,EAAE,QAAQ,CAAC;gBACb,QAAQ,EAAE,kBAAkB;gBAC5B,KAAK,EAAE,cAAc;aACtB,CAAC;YACF,MAAM,EAAE,QAAQ,CAAC;gBACf,OAAO,EAAE,EAAE;gBACX,MAAM,EAAE,EAAE;gBACV,OAAO,EAAE,kBAAkB;aAC5B,CAAC;SACH;QACD,GAAG,EAAE;YACH,IAAI,EAAE,QAAQ,CAAC;gBACb,SAAS,EAAE,IAAI,IAAI,CAAC,0BAA0B,CAAC;gBAC/C,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,IAAI;gBACf,QAAQ,EAAE,kBAAkB;gBAC5B,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,iBAAiB;aAC3B,CAAC;YACF,MAAM,EAAE,QAAQ,CAAC;gBACf,OAAO,EAAE,EAAE;gBACX,MAAM,EAAE,EAAE;gBACV,OAAO,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE;aACzC,CAAC;SACH;QAED,MAAM,EAAE,QAAQ,CAAC;YACf,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE;SACzC,CAAC;KACkB,CAAC;AACzB,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jest.d.ts","sourceRoot":"","sources":["../../src/mocks/jest.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD,KAAK,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAErC,eAAO,MAAM,eAAe,QAAO,SACyB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jest.js","sourceRoot":"","sources":["../../src/mocks/jest.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAI1D,MAAM,CAAC,MAAM,eAAe,GAAG,GAAc,EAAE,CAC7C,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,gBAAgB,EAAE,CAAc,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vitest.d.ts","sourceRoot":"","sources":["../../src/mocks/vitest.ts"],"names":[],"mappings":"AACA,OAAO,EAAM,KAAK,MAAM,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAGrD,KAAK,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAEhC,eAAO,MAAM,eAAe,QAAO,SACuB,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { createMockAesKit } from "@lindorm/aes/mocks/vitest";
|
|
2
|
+
import { vi } from "vitest";
|
|
3
|
+
import { _createMockAegis } from "./create-mock-aegis.js";
|
|
4
|
+
export const createMockAegis = () => _createMockAegis(vi.fn, createMockAesKit());
|
|
5
|
+
//# sourceMappingURL=vitest.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"vitest.js","sourceRoot":"","sources":["../../src/mocks/vitest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,EAAE,EAAe,MAAM,QAAQ,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAI1D,MAAM,CAAC,MAAM,eAAe,GAAG,GAAc,EAAE,CAC7C,gBAAgB,CAAC,EAAE,CAAC,EAAE,EAAE,gBAAgB,EAAE,CAAc,CAAC"}
|
package/dist/types/aegis.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { AmphoraQuery, IAmphora } from "@lindorm/amphora";
|
|
2
|
-
import { KryptosEncAlgorithm, KryptosEncryption, KryptosSigAlgorithm } from "@lindorm/kryptos";
|
|
3
|
-
import { ILogger } from "@lindorm/logger";
|
|
4
|
-
import { Predicate } from "@lindorm/types";
|
|
5
|
-
import { CertBindingMode } from "./header";
|
|
1
|
+
import type { AmphoraQuery, IAmphora } from "@lindorm/amphora";
|
|
2
|
+
import type { KryptosEncAlgorithm, KryptosEncryption, KryptosSigAlgorithm } from "@lindorm/kryptos";
|
|
3
|
+
import type { ILogger } from "@lindorm/logger";
|
|
4
|
+
import type { Predicate } from "@lindorm/types";
|
|
5
|
+
import type { CertBindingMode } from "./header.js";
|
|
6
6
|
export type AegisPredicate = Predicate<Pick<AmphoraQuery, "id" | "curve" | "purpose" | "type" | "use" | "ownerId">>;
|
|
7
7
|
export type AegisOptions = {
|
|
8
8
|
amphora: IAmphora;
|