@oari/jose 0.0.0

package/dist/webapi/lib/key_management.js

@@ -0,0 +1,186 @@
+import * as aeskw from './aeskw.js';
+import * as ecdhes from './ecdhes.js';
+import * as pbes2kw from './pbes2kw.js';
+import * as rsaes from './rsaes.js';
+import { encode as b64u } from '../util/base64url.js';
+import { normalizeKey } from './normalize_key.js';
+import { JOSENotSupported, JWEInvalid } from '../util/errors.js';
+import { decodeBase64url } from './helpers.js';
+import { generateCek, cekLength } from './content_encryption.js';
+import { importJWK } from '../key/import.js';
+import { exportJWK } from '../key/export.js';
+import { isObject } from './type_checks.js';
+import { wrap as aesGcmKwWrap, unwrap as aesGcmKwUnwrap } from './aesgcmkw.js';
+import { assertCryptoKey } from './is_key_like.js';
+const unsupportedAlgHeader = 'Invalid or unsupported "alg" (JWE Algorithm) header value';
+function assertEncryptedKey(encryptedKey) {
+    if (encryptedKey === undefined)
+        throw new JWEInvalid('JWE Encrypted Key missing');
+}
+export async function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {
+    switch (alg) {
+        case 'dir': {
+            if (encryptedKey !== undefined)
+                throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
+            return key;
+        }
+        case 'ECDH-ES':
+            if (encryptedKey !== undefined)
+                throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            if (!isObject(joseHeader.epk))
+                throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`);
+            assertCryptoKey(key);
+            if (!ecdhes.allowed(key))
+                throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');
+            const epk = await importJWK(joseHeader.epk, alg);
+            assertCryptoKey(epk);
+            let partyUInfo;
+            let partyVInfo;
+            if (joseHeader.apu !== undefined) {
+                if (typeof joseHeader.apu !== 'string')
+                    throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
+                partyUInfo = decodeBase64url(joseHeader.apu, 'apu', JWEInvalid);
+            }
+            if (joseHeader.apv !== undefined) {
+                if (typeof joseHeader.apv !== 'string')
+                    throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
+                partyVInfo = decodeBase64url(joseHeader.apv, 'apv', JWEInvalid);
+            }
+            const sharedSecret = await ecdhes.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
+            if (alg === 'ECDH-ES')
+                return sharedSecret;
+            assertEncryptedKey(encryptedKey);
+            return aeskw.unwrap(alg.slice(-6), sharedSecret, encryptedKey);
+        }
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512': {
+            assertEncryptedKey(encryptedKey);
+            assertCryptoKey(key);
+            return rsaes.decrypt(alg, key, encryptedKey);
+        }
+        case 'PBES2-HS256+A128KW':
+        case 'PBES2-HS384+A192KW':
+        case 'PBES2-HS512+A256KW': {
+            assertEncryptedKey(encryptedKey);
+            if (typeof joseHeader.p2c !== 'number')
+                throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
+            const p2cLimit = options?.maxPBES2Count || 10_000;
+            if (joseHeader.p2c > p2cLimit)
+                throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`);
+            if (typeof joseHeader.p2s !== 'string')
+                throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
+            let p2s;
+            p2s = decodeBase64url(joseHeader.p2s, 'p2s', JWEInvalid);
+            return pbes2kw.unwrap(alg, key, encryptedKey, joseHeader.p2c, p2s);
+        }
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW': {
+            assertEncryptedKey(encryptedKey);
+            return aeskw.unwrap(alg, key, encryptedKey);
+        }
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW': {
+            assertEncryptedKey(encryptedKey);
+            if (typeof joseHeader.iv !== 'string')
+                throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`);
+            if (typeof joseHeader.tag !== 'string')
+                throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
+            let iv;
+            iv = decodeBase64url(joseHeader.iv, 'iv', JWEInvalid);
+            let tag;
+            tag = decodeBase64url(joseHeader.tag, 'tag', JWEInvalid);
+            return aesGcmKwUnwrap(alg, key, encryptedKey, iv, tag);
+        }
+        default: {
+            throw new JOSENotSupported(unsupportedAlgHeader);
+        }
+    }
+}
+export async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) {
+    let encryptedKey;
+    let parameters;
+    let cek;
+    switch (alg) {
+        case 'dir': {
+            cek = key;
+            break;
+        }
+        case 'ECDH-ES':
+        case 'ECDH-ES+A128KW':
+        case 'ECDH-ES+A192KW':
+        case 'ECDH-ES+A256KW': {
+            assertCryptoKey(key);
+            if (!ecdhes.allowed(key)) {
+                throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');
+            }
+            const { apu, apv } = providedParameters;
+            let ephemeralKey;
+            if (providedParameters.epk) {
+                ephemeralKey = (await normalizeKey(providedParameters.epk, alg));
+            }
+            else {
+                ephemeralKey = (await crypto.subtle.generateKey(key.algorithm, true, ['deriveBits'])).privateKey;
+            }
+            const { x, y, crv, kty } = await exportJWK(ephemeralKey);
+            const sharedSecret = await ecdhes.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv);
+            parameters = { epk: { x, crv, kty } };
+            if (kty === 'EC')
+                parameters.epk.y = y;
+            if (apu)
+                parameters.apu = b64u(apu);
+            if (apv)
+                parameters.apv = b64u(apv);
+            if (alg === 'ECDH-ES') {
+                cek = sharedSecret;
+                break;
+            }
+            cek = providedCek || generateCek(enc);
+            const kwAlg = alg.slice(-6);
+            encryptedKey = await aeskw.wrap(kwAlg, sharedSecret, cek);
+            break;
+        }
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512': {
+            cek = providedCek || generateCek(enc);
+            assertCryptoKey(key);
+            encryptedKey = await rsaes.encrypt(alg, key, cek);
+            break;
+        }
+        case 'PBES2-HS256+A128KW':
+        case 'PBES2-HS384+A192KW':
+        case 'PBES2-HS512+A256KW': {
+            cek = providedCek || generateCek(enc);
+            const { p2c, p2s } = providedParameters;
+            ({ encryptedKey, ...parameters } = await pbes2kw.wrap(alg, key, cek, p2c, p2s));
+            break;
+        }
+        case 'A128KW':
+        case 'A192KW':
+        case 'A256KW': {
+            cek = providedCek || generateCek(enc);
+            encryptedKey = await aeskw.wrap(alg, key, cek);
+            break;
+        }
+        case 'A128GCMKW':
+        case 'A192GCMKW':
+        case 'A256GCMKW': {
+            cek = providedCek || generateCek(enc);
+            const { iv } = providedParameters;
+            ({ encryptedKey, ...parameters } = await aesGcmKwWrap(alg, key, cek, iv));
+            break;
+        }
+        default: {
+            throw new JOSENotSupported(unsupportedAlgHeader);
+        }
+    }
+    return { cek, encryptedKey, parameters };
+}

package/dist/webapi/lib/key_to_jwk.js

@@ -0,0 +1,31 @@
+import { invalidKeyInput } from './invalid_key_input.js';
+import { encode as b64u } from '../util/base64url.js';
+import { isCryptoKey, isKeyObject } from './is_key_like.js';
+export async function keyToJWK(key) {
+    if (isKeyObject(key)) {
+        if (key.type === 'secret') {
+            key = key.export();
+        }
+        else {
+            return key.export({ format: 'jwk' });
+        }
+    }
+    if (key instanceof Uint8Array) {
+        return {
+            kty: 'oct',
+            k: b64u(key),
+        };
+    }
+    if (!isCryptoKey(key)) {
+        throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject', 'Uint8Array'));
+    }
+    if (!key.extractable) {
+        throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK');
+    }
+    const { ext, key_ops, alg, use, ...jwk } = await crypto.subtle.exportKey('jwk', key);
+    if (jwk.kty === 'AKP') {
+        ;
+        jwk.alg = alg;
+    }
+    return jwk;
+}

package/dist/webapi/lib/normalize_key.js

@@ -0,0 +1,166 @@
+import { isJWK } from './type_checks.js';
+import { decode } from '../util/base64url.js';
+import { jwkToKey } from './jwk_to_key.js';
+import { isCryptoKey, isKeyObject } from './is_key_like.js';
+const unusableForAlg = 'given KeyObject instance cannot be used for this algorithm';
+let cache;
+const handleJWK = async (key, jwk, alg, freeze = false) => {
+    cache ||= new WeakMap();
+    let cached = cache.get(key);
+    if (cached?.[alg]) {
+        return cached[alg];
+    }
+    const cryptoKey = await jwkToKey({ ...jwk, alg });
+    if (freeze)
+        Object.freeze(key);
+    if (!cached) {
+        cache.set(key, { [alg]: cryptoKey });
+    }
+    else {
+        cached[alg] = cryptoKey;
+    }
+    return cryptoKey;
+};
+const handleKeyObject = (keyObject, alg) => {
+    cache ||= new WeakMap();
+    let cached = cache.get(keyObject);
+    if (cached?.[alg]) {
+        return cached[alg];
+    }
+    const isPublic = keyObject.type === 'public';
+    const extractable = isPublic ? true : false;
+    let cryptoKey;
+    if (keyObject.asymmetricKeyType === 'x25519') {
+        switch (alg) {
+            case 'ECDH-ES':
+            case 'ECDH-ES+A128KW':
+            case 'ECDH-ES+A192KW':
+            case 'ECDH-ES+A256KW':
+                break;
+            default:
+                throw new TypeError(unusableForAlg);
+        }
+        cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, isPublic ? [] : ['deriveBits']);
+    }
+    if (keyObject.asymmetricKeyType === 'ed25519') {
+        if (alg !== 'EdDSA' && alg !== 'Ed25519') {
+            throw new TypeError(unusableForAlg);
+        }
+        cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [
+            isPublic ? 'verify' : 'sign',
+        ]);
+    }
+    switch (keyObject.asymmetricKeyType) {
+        case 'ml-dsa-44':
+        case 'ml-dsa-65':
+        case 'ml-dsa-87': {
+            if (alg !== keyObject.asymmetricKeyType.toUpperCase()) {
+                throw new TypeError(unusableForAlg);
+            }
+            cryptoKey = keyObject.toCryptoKey(keyObject.asymmetricKeyType, extractable, [
+                isPublic ? 'verify' : 'sign',
+            ]);
+        }
+    }
+    if (keyObject.asymmetricKeyType === 'rsa') {
+        let hash;
+        switch (alg) {
+            case 'RSA-OAEP':
+                hash = 'SHA-1';
+                break;
+            case 'RS256':
+            case 'PS256':
+            case 'RSA-OAEP-256':
+                hash = 'SHA-256';
+                break;
+            case 'RS384':
+            case 'PS384':
+            case 'RSA-OAEP-384':
+                hash = 'SHA-384';
+                break;
+            case 'RS512':
+            case 'PS512':
+            case 'RSA-OAEP-512':
+                hash = 'SHA-512';
+                break;
+            default:
+                throw new TypeError(unusableForAlg);
+        }
+        if (alg.startsWith('RSA-OAEP')) {
+            return keyObject.toCryptoKey({
+                name: 'RSA-OAEP',
+                hash,
+            }, extractable, isPublic ? ['encrypt'] : ['decrypt']);
+        }
+        cryptoKey = keyObject.toCryptoKey({
+            name: alg.startsWith('PS') ? 'RSA-PSS' : 'RSASSA-PKCS1-v1_5',
+            hash,
+        }, extractable, [isPublic ? 'verify' : 'sign']);
+    }
+    if (keyObject.asymmetricKeyType === 'ec') {
+        const nist = new Map([
+            ['prime256v1', 'P-256'],
+            ['secp384r1', 'P-384'],
+            ['secp521r1', 'P-521'],
+        ]);
+        const namedCurve = nist.get(keyObject.asymmetricKeyDetails?.namedCurve);
+        if (!namedCurve) {
+            throw new TypeError(unusableForAlg);
+        }
+        const expectedCurve = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' };
+        if (expectedCurve[alg] && namedCurve === expectedCurve[alg]) {
+            cryptoKey = keyObject.toCryptoKey({
+                name: 'ECDSA',
+                namedCurve,
+            }, extractable, [isPublic ? 'verify' : 'sign']);
+        }
+        if (alg.startsWith('ECDH-ES')) {
+            cryptoKey = keyObject.toCryptoKey({
+                name: 'ECDH',
+                namedCurve,
+            }, extractable, isPublic ? [] : ['deriveBits']);
+        }
+    }
+    if (!cryptoKey) {
+        throw new TypeError(unusableForAlg);
+    }
+    if (!cached) {
+        cache.set(keyObject, { [alg]: cryptoKey });
+    }
+    else {
+        cached[alg] = cryptoKey;
+    }
+    return cryptoKey;
+};
+export async function normalizeKey(key, alg) {
+    if (key instanceof Uint8Array) {
+        return key;
+    }
+    if (isCryptoKey(key)) {
+        return key;
+    }
+    if (isKeyObject(key)) {
+        if (key.type === 'secret') {
+            return key.export();
+        }
+        if ('toCryptoKey' in key && typeof key.toCryptoKey === 'function') {
+            try {
+                return handleKeyObject(key, alg);
+            }
+            catch (err) {
+                if (err instanceof TypeError) {
+                    throw err;
+                }
+            }
+        }
+        let jwk = key.export({ format: 'jwk' });
+        return handleJWK(key, jwk, alg);
+    }
+    if (isJWK(key)) {
+        if (key.k) {
+            return decode(key.k);
+        }
+        return handleJWK(key, key, alg, true);
+    }
+    throw new Error('unreachable');
+}

package/dist/webapi/lib/pbes2kw.js

@@ -0,0 +1,42 @@
+import { encode as b64u } from '../util/base64url.js';
+import * as aeskw from './aeskw.js';
+import { checkEncCryptoKey } from './crypto_key.js';
+import { concat, encode } from './buffer_utils.js';
+import { JWEInvalid } from '../util/errors.js';
+function getCryptoKey(key, alg) {
+    if (key instanceof Uint8Array) {
+        return crypto.subtle.importKey('raw', key, 'PBKDF2', false, [
+            'deriveBits',
+        ]);
+    }
+    checkEncCryptoKey(key, alg, 'deriveBits');
+    return key;
+}
+const concatSalt = (alg, p2sInput) => concat(encode(alg), Uint8Array.of(0x00), p2sInput);
+async function deriveKey(p2s, alg, p2c, key) {
+    if (!(p2s instanceof Uint8Array) || p2s.length < 8) {
+        throw new JWEInvalid('PBES2 Salt Input must be 8 or more octets');
+    }
+    if (!Number.isSafeInteger(p2c) || Math.sign(p2c) !== 1) {
+        throw new JWEInvalid('PBES2 Count Input must be a positive integer');
+    }
+    const salt = concatSalt(alg, p2s);
+    const keylen = parseInt(alg.slice(13, 16), 10);
+    const subtleAlg = {
+        hash: `SHA-${alg.slice(8, 11)}`,
+        iterations: p2c,
+        name: 'PBKDF2',
+        salt,
+    };
+    const cryptoKey = await getCryptoKey(key, alg);
+    return new Uint8Array(await crypto.subtle.deriveBits(subtleAlg, cryptoKey, keylen));
+}
+export async function wrap(alg, key, cek, p2c = 2048, p2s = crypto.getRandomValues(new Uint8Array(16))) {
+    const derived = await deriveKey(p2s, alg, p2c, key);
+    const encryptedKey = await aeskw.wrap(alg.slice(-6), derived, cek);
+    return { encryptedKey, p2c, p2s: b64u(p2s) };
+}
+export async function unwrap(alg, key, encryptedKey, p2c, p2s) {
+    const derived = await deriveKey(p2s, alg, p2c, key);
+    return aeskw.unwrap(alg.slice(-6), derived, encryptedKey);
+}

package/dist/webapi/lib/rsaes.js

@@ -0,0 +1,24 @@
+import { checkEncCryptoKey } from './crypto_key.js';
+import { checkKeyLength } from './signing.js';
+import { JOSENotSupported } from '../util/errors.js';
+const subtleAlgorithm = (alg) => {
+    switch (alg) {
+        case 'RSA-OAEP':
+        case 'RSA-OAEP-256':
+        case 'RSA-OAEP-384':
+        case 'RSA-OAEP-512':
+            return 'RSA-OAEP';
+        default:
+            throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+    }
+};
+export async function encrypt(alg, key, cek) {
+    checkEncCryptoKey(key, alg, 'encrypt');
+    checkKeyLength(alg, key);
+    return new Uint8Array(await crypto.subtle.encrypt(subtleAlgorithm(alg), key, cek));
+}
+export async function decrypt(alg, key, encryptedKey) {
+    checkEncCryptoKey(key, alg, 'decrypt');
+    checkKeyLength(alg, key);
+    return new Uint8Array(await crypto.subtle.decrypt(subtleAlgorithm(alg), key, encryptedKey));
+}

package/dist/webapi/lib/signing.js

@@ -0,0 +1,74 @@
+import { JOSENotSupported } from '../util/errors.js';
+import { checkSigCryptoKey } from './crypto_key.js';
+import { invalidKeyInput } from './invalid_key_input.js';
+import { normalizeKey } from './normalize_key.js';
+import { isHardwareJWK } from './type_checks.js';
+export function checkKeyLength(alg, key) {
+    if (alg.startsWith('RS') || alg.startsWith('PS')) {
+        const { modulusLength } = key.algorithm;
+        if (typeof modulusLength !== 'number' || modulusLength < 2048) {
+            throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
+        }
+    }
+}
+function subtleAlgorithm(alg, algorithm) {
+    const hash = `SHA-${alg.slice(-3)}`;
+    switch (alg) {
+        case 'HS256':
+        case 'HS384':
+        case 'HS512':
+            return { hash, name: 'HMAC' };
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            return { hash, name: 'RSA-PSS', saltLength: parseInt(alg.slice(-3), 10) >> 3 };
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            return { hash, name: 'RSASSA-PKCS1-v1_5' };
+        case 'ES256':
+        case 'ES384':
+        case 'ES512':
+            return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };
+        case 'Ed25519':
+        case 'EdDSA':
+            return { name: 'Ed25519' };
+        case 'ML-DSA-44':
+        case 'ML-DSA-65':
+        case 'ML-DSA-87':
+            return { name: alg };
+        default:
+            throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+    }
+}
+async function getSigKey(alg, key, usage) {
+    if (key instanceof Uint8Array) {
+        if (!alg.startsWith('HS')) {
+            throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject', 'JSON Web Key'));
+        }
+        return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);
+    }
+    checkSigCryptoKey(key, alg, usage);
+    return key;
+}
+export async function sign(alg, key, data) {
+    if (isHardwareJWK(key)) {
+        return key.sign(alg, data);
+    }
+    const k = await normalizeKey(key, alg);
+    const cryptoKey = await getSigKey(alg, k, 'sign');
+    checkKeyLength(alg, cryptoKey);
+    const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);
+    return new Uint8Array(signature);
+}
+export async function verify(alg, key, signature, data) {
+    const cryptoKey = await getSigKey(alg, key, 'verify');
+    checkKeyLength(alg, cryptoKey);
+    const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);
+    try {
+        return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
+    }
+    catch {
+        return false;
+    }
+}

package/dist/webapi/lib/type_checks.js

@@ -0,0 +1,41 @@
+const isObjectLike = (value) => typeof value === 'object' && value !== null;
+export function isObject(input) {
+    if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {
+        return false;
+    }
+    if (Object.getPrototypeOf(input) === null) {
+        return true;
+    }
+    let proto = input;
+    while (Object.getPrototypeOf(proto) !== null) {
+        proto = Object.getPrototypeOf(proto);
+    }
+    return Object.getPrototypeOf(input) === proto;
+}
+export function isDisjoint(...headers) {
+    const sources = headers.filter(Boolean);
+    if (sources.length === 0 || sources.length === 1) {
+        return true;
+    }
+    let acc;
+    for (const header of sources) {
+        const parameters = Object.keys(header);
+        if (!acc || acc.size === 0) {
+            acc = new Set(parameters);
+            continue;
+        }
+        for (const parameter of parameters) {
+            if (acc.has(parameter)) {
+                return false;
+            }
+            acc.add(parameter);
+        }
+    }
+    return true;
+}
+export const isJWK = (key) => isObject(key) && typeof key.kty === 'string';
+export const isHardwareJWK = (key) => isJWK(key) && typeof key.sign === 'function';
+export const isPrivateJWK = (key) => key.kty !== 'oct' &&
+    ((key.kty === 'AKP' && typeof key.priv === 'string') || typeof key.d === 'string');
+export const isPublicJWK = (key) => key.kty !== 'oct' && key.d === undefined && key.priv === undefined;
+export const isSecretJWK = (key) => key.kty === 'oct' && typeof key.k === 'string';

package/dist/webapi/lib/validate_algorithms.js

@@ -0,0 +1,10 @@
+export function validateAlgorithms(option, algorithms) {
+    if (algorithms !== undefined &&
+        (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {
+        throw new TypeError(`"${option}" option must be an array of strings`);
+    }
+    if (!algorithms) {
+        return undefined;
+    }
+    return new Set(algorithms);
+}

package/dist/webapi/lib/validate_crit.js

@@ -0,0 +1,33 @@
+import { JOSENotSupported, JWEInvalid, JWSInvalid } from '../util/errors.js';
+export function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
+    if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {
+        throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
+    }
+    if (!protectedHeader || protectedHeader.crit === undefined) {
+        return new Set();
+    }
+    if (!Array.isArray(protectedHeader.crit) ||
+        protectedHeader.crit.length === 0 ||
+        protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {
+        throw new Err('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+    }
+    let recognized;
+    if (recognizedOption !== undefined) {
+        recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);
+    }
+    else {
+        recognized = recognizedDefault;
+    }
+    for (const parameter of protectedHeader.crit) {
+        if (!recognized.has(parameter)) {
+            throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`);
+        }
+        if (joseHeader[parameter] === undefined) {
+            throw new Err(`Extension Header Parameter "${parameter}" is missing`);
+        }
+        if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {
+            throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`);
+        }
+    }
+    return new Set(protectedHeader.crit);
+}

package/dist/webapi/util/base64url.js

@@ -0,0 +1,30 @@
+import { encoder, decoder } from '../lib/buffer_utils.js';
+import { encodeBase64, decodeBase64 } from '../lib/base64.js';
+export function decode(input) {
+    if (Uint8Array.fromBase64) {
+        return Uint8Array.fromBase64(typeof input === 'string' ? input : decoder.decode(input), {
+            alphabet: 'base64url',
+        });
+    }
+    let encoded = input;
+    if (encoded instanceof Uint8Array) {
+        encoded = decoder.decode(encoded);
+    }
+    encoded = encoded.replace(/-/g, '+').replace(/_/g, '/');
+    try {
+        return decodeBase64(encoded);
+    }
+    catch {
+        throw new TypeError('The input to be decoded is not correctly encoded.');
+    }
+}
+export function encode(input) {
+    let unencoded = input;
+    if (typeof unencoded === 'string') {
+        unencoded = encoder.encode(unencoded);
+    }
+    if (Uint8Array.prototype.toBase64) {
+        return unencoded.toBase64({ alphabet: 'base64url', omitPadding: true });
+    }
+    return encodeBase64(unencoded).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+}

package/dist/webapi/util/decode_jwt.js

@@ -0,0 +1,32 @@
+import { decode as b64u } from './base64url.js';
+import { decoder } from '../lib/buffer_utils.js';
+import { isObject } from '../lib/type_checks.js';
+import { JWTInvalid } from './errors.js';
+export function decodeJwt(jwt) {
+    if (typeof jwt !== 'string')
+        throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string');
+    const { 1: payload, length } = jwt.split('.');
+    if (length === 5)
+        throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded');
+    if (length !== 3)
+        throw new JWTInvalid('Invalid JWT');
+    if (!payload)
+        throw new JWTInvalid('JWTs must contain a payload');
+    let decoded;
+    try {
+        decoded = b64u(payload);
+    }
+    catch {
+        throw new JWTInvalid('Failed to base64url decode the payload');
+    }
+    let result;
+    try {
+        result = JSON.parse(decoder.decode(decoded));
+    }
+    catch {
+        throw new JWTInvalid('Failed to parse the decoded payload as JSON');
+    }
+    if (!isObject(result))
+        throw new JWTInvalid('Invalid JWT Claims Set');
+    return result;
+}