npm - @nocobase/plugin-idp-oauth - Versions diffs - 2.1.0-alpha.10 - Mend

@nocobase/plugin-idp-oauth 2.1.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (451) hide show

package/dist/node_modules/jose/dist/webapi/key/generate_secret.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { JOSENotSupported } from '../util/errors.js';
+export async function generateSecret(alg, options) {
+    let length;
+    let algorithm;
+    let keyUsages;
+    switch (alg) {
+        case 'HS256':
+        case 'HS384':
+        case 'HS512':
+            length = parseInt(alg.slice(-3), 10);
+            algorithm = { name: 'HMAC', hash: `SHA-${length}`, length };
+            keyUsages = ['sign', 'verify'];
+            break;
+        case 'A128CBC-HS256':
+        case 'A192CBC-HS384':
+        case 'A256CBC-HS512':
+            length = parseInt(alg.slice(-3), 10);
+            return crypto.getRandomValues(new Uint8Array(length >> 3));
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW':
+            length = parseInt(alg.slice(1, 4), 10);
+            algorithm = { name: 'AES-KW', length };
+            keyUsages = ['wrapKey', 'unwrapKey'];
+            break;
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW':
+        case 'A128GCM':
+        case 'A192GCM':
+        case 'A256GCM':
+            length = parseInt(alg.slice(1, 4), 10);
+            algorithm = { name: 'AES-GCM', length };
+            keyUsages = ['encrypt', 'decrypt'];
+            break;
+        default:
+            throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+    }
+    return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
+}

package/dist/node_modules/jose/dist/webapi/key/import.js ADDED Viewed

@@ -0,0 +1,57 @@
+import { decode as decodeBase64URL } from '../util/base64url.js';
+import { fromSPKI, fromPKCS8, fromX509 } from '../lib/asn1.js';
+import { jwkToKey } from '../lib/jwk_to_key.js';
+import { JOSENotSupported } from '../util/errors.js';
+import { isObject } from '../lib/type_checks.js';
+export async function importSPKI(spki, alg, options) {
+    if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) {
+        throw new TypeError('"spki" must be SPKI formatted string');
+    }
+    return fromSPKI(spki, alg, options);
+}
+export async function importX509(x509, alg, options) {
+    if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) {
+        throw new TypeError('"x509" must be X.509 formatted string');
+    }
+    return fromX509(x509, alg, options);
+}
+export async function importPKCS8(pkcs8, alg, options) {
+    if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) {
+        throw new TypeError('"pkcs8" must be PKCS#8 formatted string');
+    }
+    return fromPKCS8(pkcs8, alg, options);
+}
+export async function importJWK(jwk, alg, options) {
+    if (!isObject(jwk)) {
+        throw new TypeError('JWK must be an object');
+    }
+    let ext;
+    alg ??= jwk.alg;
+    ext ??= options?.extractable ?? jwk.ext;
+    switch (jwk.kty) {
+        case 'oct':
+            if (typeof jwk.k !== 'string' || !jwk.k) {
+                throw new TypeError('missing "k" (Key Value) Parameter value');
+            }
+            return decodeBase64URL(jwk.k);
+        case 'RSA':
+            if ('oth' in jwk && jwk.oth !== undefined) {
+                throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
+            }
+            return jwkToKey({ ...jwk, alg, ext });
+        case 'AKP': {
+            if (typeof jwk.alg !== 'string' || !jwk.alg) {
+                throw new TypeError('missing "alg" (Algorithm) Parameter value');
+            }
+            if (alg !== undefined && alg !== jwk.alg) {
+                throw new TypeError('JWK alg and alg option value mismatch');
+            }
+            return jwkToKey({ ...jwk, ext });
+        }
+        case 'EC':
+        case 'OKP':
+            return jwkToKey({ ...jwk, alg, ext });
+        default:
+            throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value');
+    }
+}

package/dist/node_modules/jose/dist/webapi/lib/aesgcmkw.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { encrypt, decrypt } from './content_encryption.js';
+import { encode as b64u } from '../util/base64url.js';
+export async function wrap(alg, key, cek, iv) {
+    const jweAlgorithm = alg.slice(0, 7);
+    const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array());
+    return {
+        encryptedKey: wrapped.ciphertext,
+        iv: b64u(wrapped.iv),
+        tag: b64u(wrapped.tag),
+    };
+}
+export async function unwrap(alg, key, encryptedKey, iv, tag) {
+    const jweAlgorithm = alg.slice(0, 7);
+    return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array());
+}

package/dist/node_modules/jose/dist/webapi/lib/aeskw.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { checkEncCryptoKey } from './crypto_key.js';
+function checkKeySize(key, alg) {
+    if (key.algorithm.length !== parseInt(alg.slice(1, 4), 10)) {
+        throw new TypeError(`Invalid key size for alg: ${alg}`);
+    }
+}
+function getCryptoKey(key, alg, usage) {
+    if (key instanceof Uint8Array) {
+        return crypto.subtle.importKey('raw', key, 'AES-KW', true, [usage]);
+    }
+    checkEncCryptoKey(key, alg, usage);
+    return key;
+}
+export async function wrap(alg, key, cek) {
+    const cryptoKey = await getCryptoKey(key, alg, 'wrapKey');
+    checkKeySize(cryptoKey, alg);
+    const cryptoKeyCek = await crypto.subtle.importKey('raw', cek, { hash: 'SHA-256', name: 'HMAC' }, true, ['sign']);
+    return new Uint8Array(await crypto.subtle.wrapKey('raw', cryptoKeyCek, cryptoKey, 'AES-KW'));
+}
+export async function unwrap(alg, key, encryptedKey) {
+    const cryptoKey = await getCryptoKey(key, alg, 'unwrapKey');
+    checkKeySize(cryptoKey, alg);
+    const cryptoKeyCek = await crypto.subtle.unwrapKey('raw', encryptedKey, cryptoKey, 'AES-KW', { hash: 'SHA-256', name: 'HMAC' }, true, ['sign']);
+    return new Uint8Array(await crypto.subtle.exportKey('raw', cryptoKeyCek));
+}

package/dist/node_modules/jose/dist/webapi/lib/asn1.js ADDED Viewed

@@ -0,0 +1,243 @@
+import { invalidKeyInput } from './invalid_key_input.js';
+import { encodeBase64, decodeBase64 } from '../lib/base64.js';
+import { JOSENotSupported } from '../util/errors.js';
+import { isCryptoKey, isKeyObject } from './is_key_like.js';
+const formatPEM = (b64, descriptor) => {
+    const newlined = (b64.match(/.{1,64}/g) || []).join('\n');
+    return `-----BEGIN ${descriptor}-----\n${newlined}\n-----END ${descriptor}-----`;
+};
+const genericExport = async (keyType, keyFormat, key) => {
+    if (isKeyObject(key)) {
+        if (key.type !== keyType) {
+            throw new TypeError(`key is not a ${keyType} key`);
+        }
+        return key.export({ format: 'pem', type: keyFormat });
+    }
+    if (!isCryptoKey(key)) {
+        throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject'));
+    }
+    if (!key.extractable) {
+        throw new TypeError('CryptoKey is not extractable');
+    }
+    if (key.type !== keyType) {
+        throw new TypeError(`key is not a ${keyType} key`);
+    }
+    return formatPEM(encodeBase64(new Uint8Array(await crypto.subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);
+};
+export const toSPKI = (key) => genericExport('public', 'spki', key);
+export const toPKCS8 = (key) => genericExport('private', 'pkcs8', key);
+const bytesEqual = (a, b) => {
+    if (a.byteLength !== b.length)
+        return false;
+    for (let i = 0; i < a.byteLength; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+};
+const createASN1State = (data) => ({ data, pos: 0 });
+const parseLength = (state) => {
+    const first = state.data[state.pos++];
+    if (first & 0x80) {
+        const lengthOfLen = first & 0x7f;
+        let length = 0;
+        for (let i = 0; i < lengthOfLen; i++) {
+            length = (length << 8) | state.data[state.pos++];
+        }
+        return length;
+    }
+    return first;
+};
+const skipElement = (state, count = 1) => {
+    if (count <= 0)
+        return;
+    state.pos++;
+    const length = parseLength(state);
+    state.pos += length;
+    if (count > 1) {
+        skipElement(state, count - 1);
+    }
+};
+const expectTag = (state, expectedTag, errorMessage) => {
+    if (state.data[state.pos++] !== expectedTag) {
+        throw new Error(errorMessage);
+    }
+};
+const getSubarray = (state, length) => {
+    const result = state.data.subarray(state.pos, state.pos + length);
+    state.pos += length;
+    return result;
+};
+const parseAlgorithmOID = (state) => {
+    expectTag(state, 0x06, 'Expected algorithm OID');
+    const oidLen = parseLength(state);
+    return getSubarray(state, oidLen);
+};
+function parsePKCS8Header(state) {
+    expectTag(state, 0x30, 'Invalid PKCS#8 structure');
+    parseLength(state);
+    expectTag(state, 0x02, 'Expected version field');
+    const verLen = parseLength(state);
+    state.pos += verLen;
+    expectTag(state, 0x30, 'Expected algorithm identifier');
+    const algIdLen = parseLength(state);
+    const algIdStart = state.pos;
+    return { algIdStart, algIdLength: algIdLen };
+}
+function parseSPKIHeader(state) {
+    expectTag(state, 0x30, 'Invalid SPKI structure');
+    parseLength(state);
+    expectTag(state, 0x30, 'Expected algorithm identifier');
+    const algIdLen = parseLength(state);
+    const algIdStart = state.pos;
+    return { algIdStart, algIdLength: algIdLen };
+}
+const parseECAlgorithmIdentifier = (state) => {
+    const algOid = parseAlgorithmOID(state);
+    if (bytesEqual(algOid, [0x2b, 0x65, 0x6e])) {
+        return 'X25519';
+    }
+    if (!bytesEqual(algOid, [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01])) {
+        throw new Error('Unsupported key algorithm');
+    }
+    expectTag(state, 0x06, 'Expected curve OID');
+    const curveOidLen = parseLength(state);
+    const curveOid = getSubarray(state, curveOidLen);
+    for (const { name, oid } of [
+        { name: 'P-256', oid: [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07] },
+        { name: 'P-384', oid: [0x2b, 0x81, 0x04, 0x00, 0x22] },
+        { name: 'P-521', oid: [0x2b, 0x81, 0x04, 0x00, 0x23] },
+    ]) {
+        if (bytesEqual(curveOid, oid)) {
+            return name;
+        }
+    }
+    throw new Error('Unsupported named curve');
+};
+const genericImport = async (keyFormat, keyData, alg, options) => {
+    let algorithm;
+    let keyUsages;
+    const isPublic = keyFormat === 'spki';
+    const getSigUsages = () => (isPublic ? ['verify'] : ['sign']);
+    const getEncUsages = () => isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];
+    switch (alg) {
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };
+            keyUsages = getSigUsages();
+            break;
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };
+            keyUsages = getSigUsages();
+            break;
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512':
+            algorithm = {
+                name: 'RSA-OAEP',
+                hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,
+            };
+            keyUsages = getEncUsages();
+            break;
+        case 'ES256':
+        case 'ES384':
+        case 'ES512': {
+            const curveMap = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' };
+            algorithm = { name: 'ECDSA', namedCurve: curveMap[alg] };
+            keyUsages = getSigUsages();
+            break;
+        }
+        case 'ECDH-ES':
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            try {
+                const namedCurve = options.getNamedCurve(keyData);
+                algorithm = namedCurve === 'X25519' ? { name: 'X25519' } : { name: 'ECDH', namedCurve };
+            }
+            catch (cause) {
+                throw new JOSENotSupported('Invalid or unsupported key format');
+            }
+            keyUsages = isPublic ? [] : ['deriveBits'];
+            break;
+        }
+        case 'Ed25519':
+        case 'EdDSA':
+            algorithm = { name: 'Ed25519' };
+            keyUsages = getSigUsages();
+            break;
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87':
+            algorithm = { name: alg };
+            keyUsages = getSigUsages();
+            break;
+        default:
+            throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
+    }
+    return crypto.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? (isPublic ? true : false), keyUsages);
+};
+const processPEMData = (pem, pattern) => {
+    return decodeBase64(pem.replace(pattern, ''));
+};
+export const fromPKCS8 = (pem, alg, options) => {
+    const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);
+    let opts = options;
+    if (alg?.startsWith?.('ECDH-ES')) {
+        opts ||= {};
+        opts.getNamedCurve = (keyData) => {
+            const state = createASN1State(keyData);
+            parsePKCS8Header(state);
+            return parseECAlgorithmIdentifier(state);
+        };
+    }
+    return genericImport('pkcs8', keyData, alg, opts);
+};
+export const fromSPKI = (pem, alg, options) => {
+    const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g);
+    let opts = options;
+    if (alg?.startsWith?.('ECDH-ES')) {
+        opts ||= {};
+        opts.getNamedCurve = (keyData) => {
+            const state = createASN1State(keyData);
+            parseSPKIHeader(state);
+            return parseECAlgorithmIdentifier(state);
+        };
+    }
+    return genericImport('spki', keyData, alg, opts);
+};
+function spkiFromX509(buf) {
+    const state = createASN1State(buf);
+    expectTag(state, 0x30, 'Invalid certificate structure');
+    parseLength(state);
+    expectTag(state, 0x30, 'Invalid tbsCertificate structure');
+    parseLength(state);
+    if (buf[state.pos] === 0xa0) {
+        skipElement(state, 6);
+    }
+    else {
+        skipElement(state, 5);
+    }
+    const spkiStart = state.pos;
+    expectTag(state, 0x30, 'Invalid SPKI structure');
+    const spkiContentLen = parseLength(state);
+    return buf.subarray(spkiStart, spkiStart + spkiContentLen + (state.pos - spkiStart));
+}
+function extractX509SPKI(x509) {
+    const derBytes = processPEMData(x509, /(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g);
+    return spkiFromX509(derBytes);
+}
+export const fromX509 = (pem, alg, options) => {
+    let spki;
+    try {
+        spki = extractX509SPKI(pem);
+    }
+    catch (cause) {
+        throw new TypeError('Failed to parse the X.509 certificate', { cause });
+    }
+    return fromSPKI(formatPEM(encodeBase64(spki), 'PUBLIC KEY'), alg, options);
+};

package/dist/node_modules/jose/dist/webapi/lib/base64.js ADDED Viewed

@@ -0,0 +1,22 @@
+export function encodeBase64(input) {
+    if (Uint8Array.prototype.toBase64) {
+        return input.toBase64();
+    }
+    const CHUNK_SIZE = 0x8000;
+    const arr = [];
+    for (let i = 0; i < input.length; i += CHUNK_SIZE) {
+        arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));
+    }
+    return btoa(arr.join(''));
+}
+export function decodeBase64(encoded) {
+    if (Uint8Array.fromBase64) {
+        return Uint8Array.fromBase64(encoded);
+    }
+    const binary = atob(encoded);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+        bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+}

package/dist/node_modules/jose/dist/webapi/lib/buffer_utils.js ADDED Viewed

@@ -0,0 +1,43 @@
+export const encoder = new TextEncoder();
+export const decoder = new TextDecoder();
+const MAX_INT32 = 2 ** 32;
+export function concat(...buffers) {
+    const size = buffers.reduce((acc, { length }) => acc + length, 0);
+    const buf = new Uint8Array(size);
+    let i = 0;
+    for (const buffer of buffers) {
+        buf.set(buffer, i);
+        i += buffer.length;
+    }
+    return buf;
+}
+function writeUInt32BE(buf, value, offset) {
+    if (value < 0 || value >= MAX_INT32) {
+        throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);
+    }
+    buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset);
+}
+export function uint64be(value) {
+    const high = Math.floor(value / MAX_INT32);
+    const low = value % MAX_INT32;
+    const buf = new Uint8Array(8);
+    writeUInt32BE(buf, high, 0);
+    writeUInt32BE(buf, low, 4);
+    return buf;
+}
+export function uint32be(value) {
+    const buf = new Uint8Array(4);
+    writeUInt32BE(buf, value);
+    return buf;
+}
+export function encode(string) {
+    const bytes = new Uint8Array(string.length);
+    for (let i = 0; i < string.length; i++) {
+        const code = string.charCodeAt(i);
+        if (code > 127) {
+            throw new TypeError('non-ASCII string encountered in encode()');
+        }
+        bytes[i] = code;
+    }
+    return bytes;
+}

package/dist/node_modules/jose/dist/webapi/lib/check_key_type.js ADDED Viewed

@@ -0,0 +1,122 @@
+import { withAlg as invalidKeyInput } from './invalid_key_input.js';
+import { isKeyLike } from './is_key_like.js';
+import * as jwk from './type_checks.js';
+const tag = (key) => key?.[Symbol.toStringTag];
+const jwkMatchesOp = (alg, key, usage) => {
+    if (key.use !== undefined) {
+        let expected;
+        switch (usage) {
+            case 'sign':
+            case 'verify':
+                expected = 'sig';
+                break;
+            case 'encrypt':
+            case 'decrypt':
+                expected = 'enc';
+                break;
+        }
+        if (key.use !== expected) {
+            throw new TypeError(`Invalid key for this operation, its "use" must be "${expected}" when present`);
+        }
+    }
+    if (key.alg !== undefined && key.alg !== alg) {
+        throw new TypeError(`Invalid key for this operation, its "alg" must be "${alg}" when present`);
+    }
+    if (Array.isArray(key.key_ops)) {
+        let expectedKeyOp;
+        switch (true) {
+            case usage === 'sign' || usage === 'verify':
+            case alg === 'dir':
+            case alg.includes('CBC-HS'):
+                expectedKeyOp = usage;
+                break;
+            case alg.startsWith('PBES2'):
+                expectedKeyOp = 'deriveBits';
+                break;
+            case /^A\d{3}(?:GCM)?(?:KW)?$/.test(alg):
+                if (!alg.includes('GCM') && alg.endsWith('KW')) {
+                    expectedKeyOp = usage === 'encrypt' ? 'wrapKey' : 'unwrapKey';
+                }
+                else {
+                    expectedKeyOp = usage;
+                }
+                break;
+            case usage === 'encrypt' && alg.startsWith('RSA'):
+                expectedKeyOp = 'wrapKey';
+                break;
+            case usage === 'decrypt':
+                expectedKeyOp = alg.startsWith('RSA') ? 'unwrapKey' : 'deriveBits';
+                break;
+        }
+        if (expectedKeyOp && key.key_ops?.includes?.(expectedKeyOp) === false) {
+            throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${expectedKeyOp}" when present`);
+        }
+    }
+    return true;
+};
+const symmetricTypeCheck = (alg, key, usage) => {
+    if (key instanceof Uint8Array)
+        return;
+    if (jwk.isJWK(key)) {
+        if (jwk.isSecretJWK(key) && jwkMatchesOp(alg, key, usage))
+            return;
+        throw new TypeError(`JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present`);
+    }
+    if (!isKeyLike(key)) {
+        throw new TypeError(invalidKeyInput(alg, key, 'CryptoKey', 'KeyObject', 'JSON Web Key', 'Uint8Array'));
+    }
+    if (key.type !== 'secret') {
+        throw new TypeError(`${tag(key)} instances for symmetric algorithms must be of type "secret"`);
+    }
+};
+const asymmetricTypeCheck = (alg, key, usage) => {
+    if (jwk.isJWK(key)) {
+        switch (usage) {
+            case 'decrypt':
+            case 'sign':
+                if (jwk.isPrivateJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                throw new TypeError(`JSON Web Key for this operation must be a private JWK`);
+            case 'encrypt':
+            case 'verify':
+                if (jwk.isPublicJWK(key) && jwkMatchesOp(alg, key, usage))
+                    return;
+                throw new TypeError(`JSON Web Key for this operation must be a public JWK`);
+        }
+    }
+    if (!isKeyLike(key)) {
+        throw new TypeError(invalidKeyInput(alg, key, 'CryptoKey', 'KeyObject', 'JSON Web Key'));
+    }
+    if (key.type === 'secret') {
+        throw new TypeError(`${tag(key)} instances for asymmetric algorithms must not be of type "secret"`);
+    }
+    if (key.type === 'public') {
+        switch (usage) {
+            case 'sign':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm signing must be of type "private"`);
+            case 'decrypt':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm decryption must be of type "private"`);
+        }
+    }
+    if (key.type === 'private') {
+        switch (usage) {
+            case 'verify':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm verifying must be of type "public"`);
+            case 'encrypt':
+                throw new TypeError(`${tag(key)} instances for asymmetric algorithm encryption must be of type "public"`);
+        }
+    }
+};
+export function checkKeyType(alg, key, usage) {
+    switch (alg.substring(0, 2)) {
+        case 'A1':
+        case 'A2':
+        case 'di':
+        case 'HS':
+        case 'PB':
+            symmetricTypeCheck(alg, key, usage);
+            break;
+        default:
+            asymmetricTypeCheck(alg, key, usage);
+    }
+}