@payello-module/jwt 1.20240419.1629 → 1.20240419.1640

package/dist/JWT.d.ts

@@ -1,18 +1,29 @@
-import { JwtSignOpts } from "./JwtSignOpts";
+import { JwtHeader } from "./JwtHeader";
 import { JwtExtract } from "./JwtExtract";
 import { JwtExtractOpts } from "./JwtExtractOpts";
+import { JWTAlgorithm } from "./JWTAlgorithms";
+import { JWTPayload } from "./JWTPayload";
+import { JWTKeyPair } from "./JWTKeyPair";
 /**
  * Class representing JSON Web Tokens (JWT) functionalities, including signing, extracting components,
  * and verifying the signature of the token.
  */
 export declare class JWT {
+    private static algExportFormat;
+    /**
+     * Generates a new key pair for the given algorithm
+     * @param alg JWT algorithm to generate for
+     * @returns
+     */
+    static generateKeys(alg?: JWTAlgorithm): Promise<JWTKeyPair>;
     /**
      * Signs the given payload and returns a JWT string.
      * @param payload - The payload of the JWT which is the content that you want to protect.
-     * @param options - The options for signing the JWT, including the private key, public key, and algorithm.
+     * @param alg - The algorithm for signing the JWT
+     * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static sign(payload: any, options?: JwtSignOpts): Promise<string>;
+    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>;
     /**
      * Extracts and returns the header, payload, and signature components from a JWT string.
      * @param input - The JWT string to be parsed.
@@ -22,11 +33,14 @@ export declare class JWT {
     static extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>;
     /**
      * Verifies the given JWT string using the secret key fetched by the given issuer.
-     * @param input - The JWT string to be verified.
-     * @param opts - An object containing a function getSecretKey to retrieve the secret key based on the issuer.
+     * @param token - The JWT to be verified.
+     * @param getVerifyKey - A function to retrieve the verification key based on the header & payload (BufferSource or base64-encoded string)
+     * @param throwErrors - If true then will throw JwtError if something fails or the token is not valid
      * @returns A promise that resolves to a boolean indicating whether the JWT has been verified successfully or not.
+     * @throws `JwtError | Error`
      */
-    static verify(input: string, opts: {
-        getSecretKey(issuer: string): Promise<string>;
-    }): Promise<true>;
+    static verifySignature(token: string, getVerifyKey: (header: JwtHeader, payload: JWTPayload) => Promise<BufferSource | string> | BufferSource | string, throwErrors?: boolean): Promise<{
+        verified: boolean;
+        extracted: JwtExtract | null;
+    }>;
 }

package/dist/JWT.js

@@ -1,41 +1,60 @@
-import { HmacSha256, HmacSha512 } from "@payello-module/encryption";
 import { JwtError } from "./JwtError";
+import { base64_decode_buffer, base64_decode_urlsafe, base64_encode_buffer, base64_encode_urlsafe } from "./base64_encode_buffer";
+import { JWTAlgorithms } from "./JWTAlgorithms";
 /**
  * Class representing JSON Web Tokens (JWT) functionalities, including signing, extracting components,
  * and verifying the signature of the token.
  */
 export class JWT {
+    static algExportFormat(alg, use) {
+        const algName = JWTAlgorithms[alg].name;
+        if (["RSASSA-PKCS1-v1_5", "ECDSA", "RSA-PSS"].indexOf(algName) > -1) {
+            return use == "sign" ? "pkcs8" : "spki";
+        }
+        return "raw";
+    }
+    /**
+     * Generates a new key pair for the given algorithm
+     * @param alg JWT algorithm to generate for
+     * @returns
+     */
+    static async generateKeys(alg = "HS256") {
+        if (alg == "HS256" || alg == "HS384" || alg == "HS512") {
+            const cryptoKey = await crypto.subtle.generateKey(JWTAlgorithms[alg], true, ["sign", "verify"]);
+            const privateKey = await crypto.subtle.exportKey("raw", cryptoKey);
+            const key = { raw: privateKey, base64: base64_encode_buffer(privateKey) };
+            return { sign: key, verify: key };
+        }
+        else if (alg == "RS256" || alg == "RS384" || alg == "RS512" || alg == "ES256" || alg == "ES384" || alg == "ES512" || alg == "PS256" || alg == "PS384" || alg == "PS512") {
+            const cryptoKey = await crypto.subtle.generateKey(JWTAlgorithms[alg], true, ["sign", "verify"]);
+            const privateKey = await crypto.subtle.exportKey(this.algExportFormat(alg, "sign"), cryptoKey.privateKey);
+            const publicKey = await crypto.subtle.exportKey(this.algExportFormat(alg, "verify"), cryptoKey.publicKey);
+            return { sign: { raw: privateKey, base64: base64_encode_buffer(privateKey) }, verify: { raw: publicKey, base64: base64_encode_buffer(publicKey) } };
+        }
+        throw new JwtError("Unknown algorithm: " + alg);
+    }
     /**
      * Signs the given payload and returns a JWT string.
      * @param payload - The payload of the JWT which is the content that you want to protect.
-     * @param options - The options for signing the JWT, including the private key, public key, and algorithm.
+     * @param alg - The algorithm for signing the JWT
+     * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static async sign(payload, options = { privKey: '', pubKey: '', algorithm: 'HS512' }) {
+    static async sign(payload, alg, key) {
+        if (typeof JWTAlgorithms[alg] == "undefined")
+            throw new JwtError("Unknown algorithm");
         const _header = {
             typ: 'JWT',
-            alg: options.algorithm
-        };
-        // Create payload with unique identifier, issued-at time, and incorporate the public key if provided.
-        const _payload = {
-            jti: `jti_${Date.now().valueOf()}`,
-            iat: Math.floor(Date.now().valueOf() / 1000),
-            iss: options.pubKey,
-            ...payload
+            alg: alg
         };
-        const _body = btoa(JSON.stringify(_header)) + "." + btoa(JSON.stringify(_payload));
-        let signature = "";
-        // Create signature based on selected algorithm.
-        switch (options.algorithm) {
-            case 'HS256':
-                signature = await HmacSha256.encrypt(_body, options.privKey);
-                break;
-            case 'HS512':
-                signature = await HmacSha512.encrypt(_body, options.privKey);
-                break;
-        }
+        const body = base64_encode_urlsafe(JSON.stringify(_header)) +
+            "." +
+            base64_encode_urlsafe(JSON.stringify(payload));
+        const signingKey = typeof key == "string" ? new Uint8Array(base64_decode_buffer(key)) : key;
+        const importedKey = await crypto.subtle.importKey(this.algExportFormat(alg, "sign"), signingKey, JWTAlgorithms[alg], false, ['sign']);
+        const signed = await crypto.subtle.sign(JWTAlgorithms[alg], importedKey, new TextEncoder().encode(body));
         // Returns the final JWT token as a concatenation of header, payload, and signature
-        return _body + "." + signature;
+        return body + "." + base64_encode_buffer(signed);
     }
     /**
      * Extracts and returns the header, payload, and signature components from a JWT string.
@@ -49,59 +68,104 @@ export class JWT {
         if (bits.length !== 3) {
             throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`);
         }
-        const header = JSON.parse(bits[0]);
+        const header = JSON.parse(base64_decode_urlsafe(bits[0]));
         if (!header || !header.typ || header.typ !== "JWT") {
             throw new JwtError("Header invalid or type is not JWT");
         }
-        const payload = JSON.parse(bits[1]);
-        if (!payload || !payload.jti) {
-            throw new JwtError("Payload invalid or missing jti value");
+        const payload = JSON.parse(base64_decode_urlsafe(bits[1]));
+        if (!payload || typeof payload !== "object") {
+            throw new JwtError("Payload invalid");
         }
         // Validates the present of required properties in the payload.
-        const requiredProps = opts.requiredProps || ["jti", "iss", "iat"];
-        for (const prop in requiredProps) {
+        const requiredProps = opts.requiredProps || [];
+        for (const prop of requiredProps) {
             if (!payload[prop]) {
                 throw new JwtError(`Payload missing ${prop} value`);
             }
         }
+        const signature = base64_decode_buffer(bits[2]);
         // Returns an object containing the extracted components of the JWT.
         return {
             header: header,
+            headerRaw: bits[0],
             payload: payload,
-            signature: bits[2]
+            payloadRaw: bits[1],
+            signature: signature,
+            signatureRaw: bits[2]
         };
     }
     /**
      * Verifies the given JWT string using the secret key fetched by the given issuer.
-     * @param input - The JWT string to be verified.
-     * @param opts - An object containing a function getSecretKey to retrieve the secret key based on the issuer.
+     * @param token - The JWT to be verified.
+     * @param getVerifyKey - A function to retrieve the verification key based on the header & payload (BufferSource or base64-encoded string)
+     * @param throwErrors - If true then will throw JwtError if something fails or the token is not valid
      * @returns A promise that resolves to a boolean indicating whether the JWT has been verified successfully or not.
+     * @throws `JwtError | Error`
      */
-    static async verify(input, opts) {
-        const extracted = await this.extract(input);
+    static async verifySignature(token, getVerifyKey, throwErrors) {
+        const extracted = await this.extract(token).catch(e => {
+            if (throwErrors)
+                throw e;
+        });
+        if (!extracted) {
+            return { verified: false, extracted: null };
+        }
         // Fetches the secret key based on the issuer in the payload.
-        const secretKey = await opts.getSecretKey(extracted.payload.jti);
-        if (!secretKey) {
-            throw new JwtError(`Public key not found`);
+        let verifyKey = await getVerifyKey(extracted.header, extracted.payload);
+        if (!verifyKey || (typeof verifyKey !== "string" && typeof verifyKey !== "object")) {
+            if (throwErrors)
+                throw new JwtError(`Verify key not found`);
+            return { verified: false, extracted: null };
+        }
+        if (typeof verifyKey == "string") {
+            try {
+                verifyKey = base64_decode_buffer(verifyKey);
+            }
+            catch (e) {
+                if (throwErrors)
+                    throw e;
+                return { verified: false, extracted: null };
+            }
         }
-        let verify = false;
+        let verified = false;
         // Preparation of the data to verify the signature.
-        const data = `${btoa(JSON.stringify(extracted.header))}.${btoa(JSON.stringify(extracted.payload))}`;
-        // Verification of the signature based on the algorithm specified in the header.
-        switch (extracted.header.alg) {
-            case 'HS256':
-                verify = await HmacSha256.verify(data, extracted.signature, secretKey);
-                break;
-            case 'HS512':
-                verify = await HmacSha512.verify(data, extracted.signature, secretKey);
-                break;
-            default:
-                throw new JwtError(`Unsupported algorithm`);
+        const body = `${extracted.headerRaw}.${extracted.payloadRaw}`;
+        try {
+            // Verification of the signature based on the algorithm specified in the header.
+            switch (extracted.header.alg) {
+                case 'HS256':
+                case 'HS384':
+                case 'HS512':
+                    const importedSignKey = await crypto.subtle.importKey(this.algExportFormat(extracted.header.alg, "verify"), verifyKey, JWTAlgorithms[extracted.header.alg], false, ['sign']);
+                    const signed = await crypto.subtle.sign(JWTAlgorithms[extracted.header.alg], importedSignKey, new TextEncoder().encode(body));
+                    verified = extracted.signatureRaw == base64_encode_buffer(signed);
+                    break;
+                case 'ES256':
+                case 'ES384':
+                case 'ES512':
+                case 'PS256':
+                case 'PS384':
+                case 'PS512':
+                case 'RS256':
+                case 'RS384':
+                case 'RS512':
+                    const importedVerifyKey = await crypto.subtle.importKey(this.algExportFormat(extracted.header.alg, "verify"), verifyKey, JWTAlgorithms[extracted.header.alg], false, ['verify']);
+                    verified = await crypto.subtle.verify(JWTAlgorithms[extracted.header.alg], importedVerifyKey, extracted.signature, new TextEncoder().encode(body));
+                    break;
+                default:
+                    if (throwErrors)
+                        throw new JwtError(`Unsupported algorithm`);
+                    break;
+            }
         }
-        if (!verify) {
-            throw new JwtError(`Signature not verified`);
+        catch (e) {
+            if (throwErrors)
+                throw e;
         }
-        // Returns the result of the verification process.
-        return verify;
+        if (verified === true)
+            return { verified: true, extracted: extracted };
+        if (throwErrors)
+            throw new JwtError(`Signature not verified`);
+        return { verified: false, extracted: null };
     }
 }

package/dist/JwtExtract.d.ts

@@ -1,6 +1,10 @@
+import { JWTPayload } from "./JWTPayload";
 import { JwtHeader } from "./JwtHeader";
 export interface JwtExtract {
     header: JwtHeader;
-    payload: any;
-    signature: string;
+    headerRaw: string;
+    payload: JWTPayload;
+    payloadRaw: string;
+    signature: Uint8Array;
+    signatureRaw: string;
 }

package/dist/JwtHeader.d.ts

@@ -1,4 +1,5 @@
+import { JWTAlgorithm } from "./JWTAlgorithms";
 export interface JwtHeader {
     typ: 'JWT';
-    alg: 'HS256' | 'HS512';
+    alg: JWTAlgorithm;
 }

package/dist/JwtSignOpts.d.ts

@@ -1,5 +1,5 @@
+import { JWTAlgorithm } from "./JWTAlgorithms";
 export interface JwtSignOpts {
-    privKey: string;
-    pubKey: string;
-    algorithm: "HS256" | "HS512";
+    privateKey: string | ArrayBuffer | Uint8Array;
+    algorithm: JWTAlgorithm;
 }

package/dist/index.d.ts

@@ -1,7 +1,10 @@
-export * from './JWT';
-export * from './JwtError';
-export * from './JwtExtract';
-export * from './JwtExtractOpts';
-export * from './JwtHeader';
 export * from './JwtSignOpts';
-export * from './example';
+export * from './JWTPayload';
+export * from './JWTKeyPair';
+export * from './JwtHeader';
+export * from './JwtExtractOpts';
+export * from './JwtExtract';
+export * from './JwtError';
+export * from './JWTAlgorithms';
+export * from './JWT';
+export * from './base64_encode_buffer';

package/dist/index.js

@@ -1,7 +1,10 @@
-export * from './JWT';
-export * from './JwtError';
-export * from './JwtExtract';
-export * from './JwtExtractOpts';
-export * from './JwtHeader';
 export * from './JwtSignOpts';
-export * from './example';
+export * from './JWTPayload';
+export * from './JWTKeyPair';
+export * from './JwtHeader';
+export * from './JwtExtractOpts';
+export * from './JwtExtract';
+export * from './JwtError';
+export * from './JWTAlgorithms';
+export * from './JWT';
+export * from './base64_encode_buffer';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@payello-module/jwt",
-  "version": "1.20240419.1629",
+  "version": "1.20240419.1640",
   "author": "Payello <devsupport@payello.com> (https://payello.com/)",
   "displayName": "@payello-module/jwt",
   "description": "JSON Web Token Module",

package/dist/example.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/example.js

@@ -1,13 +0,0 @@
-import { JWT } from "./JWT";
-async function example() {
-    const payload = {
-        exp: Math.floor(Date.now().valueOf() / 1000) + 300 // Expire in 300 seconds
-    };
-    const opts = {
-        privKey: "79c4e267e63845a986e669388fce66e9", // Private/Secret Key
-        pubKey: "f266a28e-5e9a-4fe3-90a8-2e8b2ef0f62d", // Public Key (Issuer ID)
-        algorithm: "HS256" // Possible values: HS256 or HS512
-    };
-    const jwt = await JWT.sign(payload, opts);
-    console.log(jwt);
-}

package/dist/src/JWT.d.ts

@@ -1,46 +0,0 @@
-import { JwtHeader } from "./JwtHeader";
-import { JwtExtract } from "./JwtExtract";
-import { JwtExtractOpts } from "./JwtExtractOpts";
-import { JWTAlgorithm } from "./JWTAlgorithms";
-import { JWTPayload } from "./JWTPayload";
-import { JWTKeyPair } from "./JWTKeyPair";
-/**
- * Class representing JSON Web Tokens (JWT) functionalities, including signing, extracting components,
- * and verifying the signature of the token.
- */
-export declare class JWT {
-    private static algExportFormat;
-    /**
-     * Generates a new key pair for the given algorithm
-     * @param alg JWT algorithm to generate for
-     * @returns
-     */
-    static generateKeys(alg?: JWTAlgorithm): Promise<JWTKeyPair>;
-    /**
-     * Signs the given payload and returns a JWT string.
-     * @param payload - The payload of the JWT which is the content that you want to protect.
-     * @param alg - The algorithm for signing the JWT
-     * @param key - The key for signing the JWT
-     * @returns A promise that resolves to the signed JWT string.
-     */
-    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>;
-    /**
-     * Extracts and returns the header, payload, and signature components from a JWT string.
-     * @param input - The JWT string to be parsed.
-     * @param opts - Optional parameters, including the requirements for the presence of required properties in the payload.
-     * @returns A promise that resolves to an object containing the separated components of the JWT (header, payload, signature).
-     */
-    static extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>;
-    /**
-     * Verifies the given JWT string using the secret key fetched by the given issuer.
-     * @param token - The JWT to be verified.
-     * @param getVerifyKey - A function to retrieve the verification key based on the header & payload (BufferSource or base64-encoded string)
-     * @param throwErrors - If true then will throw JwtError if something fails or the token is not valid
-     * @returns A promise that resolves to a boolean indicating whether the JWT has been verified successfully or not.
-     * @throws `JwtError | Error`
-     */
-    static verifySignature(token: string, getVerifyKey: (header: JwtHeader, payload: JWTPayload) => Promise<BufferSource | string> | BufferSource | string, throwErrors?: boolean): Promise<{
-        verified: boolean;
-        extracted: JwtExtract | null;
-    }>;
-}

package/dist/src/JWT.js

@@ -1,171 +0,0 @@
-import { JwtError } from "./JwtError";
-import { base64_decode_buffer, base64_decode_urlsafe, base64_encode_buffer, base64_encode_urlsafe } from "./base64_encode_buffer";
-import { JWTAlgorithms } from "./JWTAlgorithms";
-/**
- * Class representing JSON Web Tokens (JWT) functionalities, including signing, extracting components,
- * and verifying the signature of the token.
- */
-export class JWT {
-    static algExportFormat(alg, use) {
-        const algName = JWTAlgorithms[alg].name;
-        if (["RSASSA-PKCS1-v1_5", "ECDSA", "RSA-PSS"].indexOf(algName) > -1) {
-            return use == "sign" ? "pkcs8" : "spki";
-        }
-        return "raw";
-    }
-    /**
-     * Generates a new key pair for the given algorithm
-     * @param alg JWT algorithm to generate for
-     * @returns
-     */
-    static async generateKeys(alg = "HS256") {
-        if (alg == "HS256" || alg == "HS384" || alg == "HS512") {
-            const cryptoKey = await crypto.subtle.generateKey(JWTAlgorithms[alg], true, ["sign", "verify"]);
-            const privateKey = await crypto.subtle.exportKey("raw", cryptoKey);
-            const key = { raw: privateKey, base64: base64_encode_buffer(privateKey) };
-            return { sign: key, verify: key };
-        }
-        else if (alg == "RS256" || alg == "RS384" || alg == "RS512" || alg == "ES256" || alg == "ES384" || alg == "ES512" || alg == "PS256" || alg == "PS384" || alg == "PS512") {
-            const cryptoKey = await crypto.subtle.generateKey(JWTAlgorithms[alg], true, ["sign", "verify"]);
-            const privateKey = await crypto.subtle.exportKey(this.algExportFormat(alg, "sign"), cryptoKey.privateKey);
-            const publicKey = await crypto.subtle.exportKey(this.algExportFormat(alg, "verify"), cryptoKey.publicKey);
-            return { sign: { raw: privateKey, base64: base64_encode_buffer(privateKey) }, verify: { raw: publicKey, base64: base64_encode_buffer(publicKey) } };
-        }
-        throw new JwtError("Unknown algorithm: " + alg);
-    }
-    /**
-     * Signs the given payload and returns a JWT string.
-     * @param payload - The payload of the JWT which is the content that you want to protect.
-     * @param alg - The algorithm for signing the JWT
-     * @param key - The key for signing the JWT
-     * @returns A promise that resolves to the signed JWT string.
-     */
-    static async sign(payload, alg, key) {
-        if (typeof JWTAlgorithms[alg] == "undefined")
-            throw new JwtError("Unknown algorithm");
-        const _header = {
-            typ: 'JWT',
-            alg: alg
-        };
-        const body = base64_encode_urlsafe(JSON.stringify(_header)) +
-            "." +
-            base64_encode_urlsafe(JSON.stringify(payload));
-        const signingKey = typeof key == "string" ? new Uint8Array(base64_decode_buffer(key)) : key;
-        const importedKey = await crypto.subtle.importKey(this.algExportFormat(alg, "sign"), signingKey, JWTAlgorithms[alg], false, ['sign']);
-        const signed = await crypto.subtle.sign(JWTAlgorithms[alg], importedKey, new TextEncoder().encode(body));
-        // Returns the final JWT token as a concatenation of header, payload, and signature
-        return body + "." + base64_encode_buffer(signed);
-    }
-    /**
-     * Extracts and returns the header, payload, and signature components from a JWT string.
-     * @param input - The JWT string to be parsed.
-     * @param opts - Optional parameters, including the requirements for the presence of required properties in the payload.
-     * @returns A promise that resolves to an object containing the separated components of the JWT (header, payload, signature).
-     */
-    static async extract(input, opts = {}) {
-        const bits = input.split(".");
-        // Ensures that the JWT string has three parts: header, payload, and signature.
-        if (bits.length !== 3) {
-            throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`);
-        }
-        const header = JSON.parse(base64_decode_urlsafe(bits[0]));
-        if (!header || !header.typ || header.typ !== "JWT") {
-            throw new JwtError("Header invalid or type is not JWT");
-        }
-        const payload = JSON.parse(base64_decode_urlsafe(bits[1]));
-        if (!payload || typeof payload !== "object") {
-            throw new JwtError("Payload invalid");
-        }
-        // Validates the present of required properties in the payload.
-        const requiredProps = opts.requiredProps || [];
-        for (const prop of requiredProps) {
-            if (!payload[prop]) {
-                throw new JwtError(`Payload missing ${prop} value`);
-            }
-        }
-        const signature = base64_decode_buffer(bits[2]);
-        // Returns an object containing the extracted components of the JWT.
-        return {
-            header: header,
-            headerRaw: bits[0],
-            payload: payload,
-            payloadRaw: bits[1],
-            signature: signature,
-            signatureRaw: bits[2]
-        };
-    }
-    /**
-     * Verifies the given JWT string using the secret key fetched by the given issuer.
-     * @param token - The JWT to be verified.
-     * @param getVerifyKey - A function to retrieve the verification key based on the header & payload (BufferSource or base64-encoded string)
-     * @param throwErrors - If true then will throw JwtError if something fails or the token is not valid
-     * @returns A promise that resolves to a boolean indicating whether the JWT has been verified successfully or not.
-     * @throws `JwtError | Error`
-     */
-    static async verifySignature(token, getVerifyKey, throwErrors) {
-        const extracted = await this.extract(token).catch(e => {
-            if (throwErrors)
-                throw e;
-        });
-        if (!extracted) {
-            return { verified: false, extracted: null };
-        }
-        // Fetches the secret key based on the issuer in the payload.
-        let verifyKey = await getVerifyKey(extracted.header, extracted.payload);
-        if (!verifyKey || (typeof verifyKey !== "string" && typeof verifyKey !== "object")) {
-            if (throwErrors)
-                throw new JwtError(`Verify key not found`);
-            return { verified: false, extracted: null };
-        }
-        if (typeof verifyKey == "string") {
-            try {
-                verifyKey = base64_decode_buffer(verifyKey);
-            }
-            catch (e) {
-                if (throwErrors)
-                    throw e;
-                return { verified: false, extracted: null };
-            }
-        }
-        let verified = false;
-        // Preparation of the data to verify the signature.
-        const body = `${extracted.headerRaw}.${extracted.payloadRaw}`;
-        try {
-            // Verification of the signature based on the algorithm specified in the header.
-            switch (extracted.header.alg) {
-                case 'HS256':
-                case 'HS384':
-                case 'HS512':
-                    const importedSignKey = await crypto.subtle.importKey(this.algExportFormat(extracted.header.alg, "verify"), verifyKey, JWTAlgorithms[extracted.header.alg], false, ['sign']);
-                    const signed = await crypto.subtle.sign(JWTAlgorithms[extracted.header.alg], importedSignKey, new TextEncoder().encode(body));
-                    verified = extracted.signatureRaw == base64_encode_buffer(signed);
-                    break;
-                case 'ES256':
-                case 'ES384':
-                case 'ES512':
-                case 'PS256':
-                case 'PS384':
-                case 'PS512':
-                case 'RS256':
-                case 'RS384':
-                case 'RS512':
-                    const importedVerifyKey = await crypto.subtle.importKey(this.algExportFormat(extracted.header.alg, "verify"), verifyKey, JWTAlgorithms[extracted.header.alg], false, ['verify']);
-                    verified = await crypto.subtle.verify(JWTAlgorithms[extracted.header.alg], importedVerifyKey, extracted.signature, new TextEncoder().encode(body));
-                    break;
-                default:
-                    if (throwErrors)
-                        throw new JwtError(`Unsupported algorithm`);
-                    break;
-            }
-        }
-        catch (e) {
-            if (throwErrors)
-                throw e;
-        }
-        if (verified === true)
-            return { verified: true, extracted: extracted };
-        if (throwErrors)
-            throw new JwtError(`Signature not verified`);
-        return { verified: false, extracted: null };
-    }
-}

package/dist/src/JwtError.d.ts

@@ -1,4 +0,0 @@
-export declare class JwtError extends Error {
-    type: "@payello/module-jwt#JwtError";
-    constructor(message: string, options?: ErrorOptions);
-}

package/dist/src/JwtError.js

@@ -1,6 +0,0 @@
-export class JwtError extends Error {
-    type = "@payello/module-jwt#JwtError";
-    constructor(message, options) {
-        super(message, options);
-    }
-}

package/dist/src/JwtExtract.d.ts

@@ -1,10 +0,0 @@
-import { JWTPayload } from "./JWTPayload";
-import { JwtHeader } from "./JwtHeader";
-export interface JwtExtract {
-    header: JwtHeader;
-    headerRaw: string;
-    payload: JWTPayload;
-    payloadRaw: string;
-    signature: Uint8Array;
-    signatureRaw: string;
-}

package/dist/src/JwtExtract.js

@@ -1 +0,0 @@
-export {};

package/dist/src/JwtExtractOpts.d.ts

@@ -1,3 +0,0 @@
-export interface JwtExtractOpts {
-    requiredProps?: string[];
-}

package/dist/src/JwtExtractOpts.js

@@ -1 +0,0 @@
-export {};

package/dist/src/JwtHeader.d.ts

@@ -1,5 +0,0 @@
-import { JWTAlgorithm } from "./JWTAlgorithms";
-export interface JwtHeader {
-    typ: 'JWT';
-    alg: JWTAlgorithm;
-}

package/dist/src/JwtHeader.js

@@ -1 +0,0 @@
-export {};

package/dist/src/JwtSignOpts.d.ts

@@ -1,5 +0,0 @@
-import { JWTAlgorithm } from "./JWTAlgorithms";
-export interface JwtSignOpts {
-    privateKey: string | ArrayBuffer | Uint8Array;
-    algorithm: JWTAlgorithm;
-}

package/dist/src/JwtSignOpts.js

@@ -1 +0,0 @@
-export {};

package/dist/src/index.d.ts

@@ -1,10 +0,0 @@
-export * from './JwtSignOpts';
-export * from './JWTPayload';
-export * from './JWTKeyPair';
-export * from './JwtHeader';
-export * from './JwtExtractOpts';
-export * from './JwtExtract';
-export * from './JwtError';
-export * from './JWTAlgorithms';
-export * from './JWT';
-export * from './base64_encode_buffer';

package/dist/src/index.js

@@ -1,10 +0,0 @@
-export * from './JwtSignOpts';
-export * from './JWTPayload';
-export * from './JWTKeyPair';
-export * from './JwtHeader';
-export * from './JwtExtractOpts';
-export * from './JwtExtract';
-export * from './JwtError';
-export * from './JWTAlgorithms';
-export * from './JWT';
-export * from './base64_encode_buffer';

package/dist/test/test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/test/test.js

@@ -1,46 +0,0 @@
-import { JWT } from "../src/JWT";
-import { JWTAlgorithms } from "../src/JWTAlgorithms";
-/**
- * Ensures that verification works for all algorithms
- */
-async function Test1() {
-    for (let key of Object.keys(JWTAlgorithms)) {
-        console.log("ALG: ", key);
-        const keys = await JWT.generateKeys(key);
-        console.log("KEYS: ", keys);
-        const signed = await JWT.sign({ iss: "Hello" }, key, keys.sign.base64);
-        console.log("SIGNED: ", signed);
-        const verify = await JWT.verifySignature(signed, () => { return keys.verify.base64; });
-        console.log("VERIFIED: ", verify);
-        if (!verify.verified) {
-            throw new Error("Not verified!");
-        }
-        console.log("----");
-    }
-}
-/**
- * Ensures that signature manipulation fails for all algorithms
- */
-async function Test2() {
-    for (let key of Object.keys(JWTAlgorithms)) {
-        console.log("ALG: ", key);
-        const keys = await JWT.generateKeys(key);
-        console.log("KEYS: ", keys);
-        const signed = await JWT.sign({ iss: "Hello" }, key, keys.sign.base64);
-        console.log("SIGNED: ", signed);
-        const signed2 = await JWT.sign({ iss: "Hello there" }, key, keys.sign.base64);
-        console.log("SIGNED2: ", signed);
-        const token = signed.split('.').map(x => (val, index) => {
-            if (index == 2)
-                return signed2.split('.')[index];
-            return val;
-        }).join('.');
-        const verify = await JWT.verifySignature(token, () => { return keys.verify.base64; });
-        console.log("VERIFIED: ", verify);
-        if (verify.verified) {
-            throw new Error("Somehow verified (shouldn't be)");
-        }
-        console.log("----");
-    }
-}
-Test1();