@wix/cli-app 1.1.41 → 1.1.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/{CreateVersionCommand-NJC6EUQ6.js → CreateVersionCommand-PMT33DT7.js} +2 -2
- package/build/{DevCommand-7VFOSZMO.js → DevCommand-5YOE6DHO.js} +2 -2
- package/build/DevCommand-5YOE6DHO.js.map +1 -0
- package/build/{GenerateCommand-VISY3267.js → GenerateCommand-QCYI6ZGT.js} +14 -14
- package/build/GenerateCommand-QCYI6ZGT.js.map +1 -0
- package/build/{LogsCommand-5HFJDCHS.js → LogsCommand-P7GF73SY.js} +2 -2
- package/build/{LogsCommand-5HFJDCHS.js.map → LogsCommand-P7GF73SY.js.map} +1 -1
- package/build/PreviewCommand-TLAH2QYA.js +4 -0
- package/build/{ServeCommand-QS4FDP4T.js → ServeCommand-IDZMCSAT.js} +2 -2
- package/build/{build-BFTLTFIN.js → build-GUIJNSWL.js} +2 -2
- package/build/{chunk-3HELHIBJ.js → chunk-244VWIWT.js} +2 -2
- package/build/chunk-244VWIWT.js.map +1 -0
- package/build/{chunk-7RL4TN6T.js → chunk-33U542O7.js} +2 -2
- package/build/chunk-3Y4NOBS4.js +4 -0
- package/build/chunk-3Y4NOBS4.js.map +1 -0
- package/build/{chunk-5YVFVF4T.js → chunk-44AYFU7B.js} +2 -2
- package/build/chunk-44AYFU7B.js.map +1 -0
- package/build/chunk-AT2TE5HS.js +4 -0
- package/build/{chunk-3OFSARA2.js → chunk-CYIUFMSD.js} +2 -2
- package/build/chunk-DCT2GH4K.js +115 -0
- package/build/chunk-DCT2GH4K.js.map +1 -0
- package/build/{chunk-RUZJ2NCD.js → chunk-FFYM2OK5.js} +2 -2
- package/build/chunk-JLIQSEAZ.js +239 -0
- package/build/chunk-JLIQSEAZ.js.map +1 -0
- package/build/chunk-O3XQFKZB.js +4 -0
- package/build/chunk-O3XQFKZB.js.map +1 -0
- package/build/chunk-OGYAC6LH.js +4 -0
- package/build/{chunk-ZTW5IT5T.js.map → chunk-OGYAC6LH.js.map} +1 -1
- package/build/{chunk-6MMLDNFM.js → chunk-PDLH2OMF.js} +2 -2
- package/build/{chunk-YHA4H34H.js → chunk-QF6RQBVB.js} +3 -3
- package/build/{chunk-YHA4H34H.js.map → chunk-QF6RQBVB.js.map} +1 -1
- package/build/{chunk-IZOKP4UZ.js → chunk-RKLU4NIT.js} +2 -2
- package/build/chunk-RKLU4NIT.js.map +1 -0
- package/build/{chunk-LRONHC7Z.js → chunk-SBVOKZ7F.js} +6 -6
- package/build/{chunk-LRONHC7Z.js.map → chunk-SBVOKZ7F.js.map} +1 -1
- package/build/chunk-VBODBNSF.js +4 -0
- package/build/chunk-VBODBNSF.js.map +1 -0
- package/build/{chunk-UGTXCT5B.js → chunk-W5VAOQOV.js} +11 -11
- package/build/chunk-W5VAOQOV.js.map +1 -0
- package/build/{chunk-RL3KEEB6.js → chunk-Y647PYH3.js} +2 -2
- package/build/{chunk-GF543SV4.js → chunk-YL4Y5YEO.js} +2 -2
- package/build/cloudflare-runtime/entry.js +4875 -7
- package/build/cloudflare-runtime/getRegisteredExtensions.js +4871 -5
- package/build/index.js +2 -2
- package/build/platform-sdk/browser-ZCGHXB6A.js +5 -0
- package/build/platform-sdk/browser-ZCGHXB6A.js.map +1 -0
- package/build/platform-sdk/chunk-AA4CIK56.js +2 -0
- package/build/platform-sdk/chunk-AA4CIK56.js.map +1 -0
- package/build/platform-sdk/chunk-PXLVKIYB.js +2 -0
- package/build/platform-sdk/chunk-PXLVKIYB.js.map +1 -0
- package/build/platform-sdk/chunk-SBZEOPXX.js +2 -0
- package/build/platform-sdk/dashboard.js +1 -1
- package/build/platform-sdk/dashboard.js.map +1 -1
- package/build/platform-sdk/editor.js +7 -7
- package/build/platform-sdk/editor.js.map +1 -1
- package/build/platform-sdk/site.js +1 -1
- package/build/{preview-KSI26ITH.js → preview-RCAZQQRZ.js} +2 -2
- package/build/{render-command-D47LZ2TZ.js → render-command-YI5IXTNY.js} +2 -2
- package/build/xdg-open +338 -137
- package/package.json +7 -6
- package/schemas/ecom-gift-cards-provider.json +1 -0
- package/templates/service-plugin/gift-cards-provider/dependencies.json +5 -0
- package/templates/service-plugin/gift-cards-provider/files/plugin.json.ejs +4 -0
- package/templates/service-plugin/gift-cards-provider/files/plugin.ts.ejs +26 -0
- package/build/DevCommand-7VFOSZMO.js.map +0 -1
- package/build/GenerateCommand-VISY3267.js.map +0 -1
- package/build/PreviewCommand-R3AOKI4K.js +0 -4
- package/build/chunk-3HELHIBJ.js.map +0 -1
- package/build/chunk-5YVFVF4T.js.map +0 -1
- package/build/chunk-62SRA77S.js +0 -4
- package/build/chunk-62SRA77S.js.map +0 -1
- package/build/chunk-B2BRLGRZ.js +0 -4
- package/build/chunk-IZOKP4UZ.js.map +0 -1
- package/build/chunk-L7P6I5SY.js +0 -4
- package/build/chunk-L7P6I5SY.js.map +0 -1
- package/build/chunk-NCYXC7TY.js +0 -4
- package/build/chunk-NCYXC7TY.js.map +0 -1
- package/build/chunk-SQGBFWJ2.js +0 -114
- package/build/chunk-SQGBFWJ2.js.map +0 -1
- package/build/chunk-T3UD2OLT.js +0 -233
- package/build/chunk-T3UD2OLT.js.map +0 -1
- package/build/chunk-UGTXCT5B.js.map +0 -1
- package/build/chunk-ZTW5IT5T.js +0 -4
- package/build/platform-sdk/chunk-DGX4CFXG.js +0 -2
- package/build/platform-sdk/chunk-DGX4CFXG.js.map +0 -1
- package/build/platform-sdk/chunk-TEDR2MDT.js +0 -2
- package/build/platform-sdk/chunk-UZ376HBX.js +0 -2
- package/build/platform-sdk/chunk-UZ376HBX.js.map +0 -1
- package/build/platform-sdk/esm-WXLS5NTC.js +0 -2
- package/build/platform-sdk/esm-WXLS5NTC.js.map +0 -1
- /package/build/{CreateVersionCommand-NJC6EUQ6.js.map → CreateVersionCommand-PMT33DT7.js.map} +0 -0
- /package/build/{PreviewCommand-R3AOKI4K.js.map → PreviewCommand-TLAH2QYA.js.map} +0 -0
- /package/build/{ServeCommand-QS4FDP4T.js.map → ServeCommand-IDZMCSAT.js.map} +0 -0
- /package/build/{build-BFTLTFIN.js.map → build-GUIJNSWL.js.map} +0 -0
- /package/build/{chunk-7RL4TN6T.js.map → chunk-33U542O7.js.map} +0 -0
- /package/build/{chunk-B2BRLGRZ.js.map → chunk-AT2TE5HS.js.map} +0 -0
- /package/build/{chunk-3OFSARA2.js.map → chunk-CYIUFMSD.js.map} +0 -0
- /package/build/{chunk-RUZJ2NCD.js.map → chunk-FFYM2OK5.js.map} +0 -0
- /package/build/{chunk-6MMLDNFM.js.map → chunk-PDLH2OMF.js.map} +0 -0
- /package/build/{chunk-RL3KEEB6.js.map → chunk-Y647PYH3.js.map} +0 -0
- /package/build/{chunk-GF543SV4.js.map → chunk-YL4Y5YEO.js.map} +0 -0
- /package/build/platform-sdk/{chunk-TEDR2MDT.js.map → chunk-SBZEOPXX.js.map} +0 -0
- /package/build/{preview-KSI26ITH.js.map → preview-RCAZQQRZ.js.map} +0 -0
- /package/build/{render-command-D47LZ2TZ.js.map → render-command-YI5IXTNY.js.map} +0 -0
|
@@ -1,6 +1,4877 @@
|
|
|
1
|
+
var __defProp = Object.defineProperty;
|
|
2
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
3
|
+
var __esm = (fn, res) => function __init() {
|
|
4
|
+
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
5
|
+
};
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
|
|
11
|
+
// ../../node_modules/jose/dist/browser/runtime/webcrypto.js
|
|
12
|
+
var webcrypto_default, isCryptoKey;
|
|
13
|
+
var init_webcrypto = __esm({
|
|
14
|
+
"../../node_modules/jose/dist/browser/runtime/webcrypto.js"() {
|
|
15
|
+
"use strict";
|
|
16
|
+
webcrypto_default = crypto;
|
|
17
|
+
isCryptoKey = (key) => key instanceof CryptoKey;
|
|
18
|
+
}
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
// ../../node_modules/jose/dist/browser/runtime/digest.js
|
|
22
|
+
var digest, digest_default;
|
|
23
|
+
var init_digest = __esm({
|
|
24
|
+
"../../node_modules/jose/dist/browser/runtime/digest.js"() {
|
|
25
|
+
"use strict";
|
|
26
|
+
init_webcrypto();
|
|
27
|
+
digest = async (algorithm, data) => {
|
|
28
|
+
const subtleDigest = `SHA-${algorithm.slice(-3)}`;
|
|
29
|
+
return new Uint8Array(await webcrypto_default.subtle.digest(subtleDigest, data));
|
|
30
|
+
};
|
|
31
|
+
digest_default = digest;
|
|
32
|
+
}
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
// ../../node_modules/jose/dist/browser/lib/buffer_utils.js
|
|
36
|
+
function concat(...buffers) {
|
|
37
|
+
const size = buffers.reduce((acc, { length }) => acc + length, 0);
|
|
38
|
+
const buf = new Uint8Array(size);
|
|
39
|
+
let i = 0;
|
|
40
|
+
for (const buffer of buffers) {
|
|
41
|
+
buf.set(buffer, i);
|
|
42
|
+
i += buffer.length;
|
|
43
|
+
}
|
|
44
|
+
return buf;
|
|
45
|
+
}
|
|
46
|
+
function p2s(alg, p2sInput) {
|
|
47
|
+
return concat(encoder.encode(alg), new Uint8Array([0]), p2sInput);
|
|
48
|
+
}
|
|
49
|
+
function writeUInt32BE(buf, value, offset) {
|
|
50
|
+
if (value < 0 || value >= MAX_INT32) {
|
|
51
|
+
throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);
|
|
52
|
+
}
|
|
53
|
+
buf.set([value >>> 24, value >>> 16, value >>> 8, value & 255], offset);
|
|
54
|
+
}
|
|
55
|
+
function uint64be(value) {
|
|
56
|
+
const high = Math.floor(value / MAX_INT32);
|
|
57
|
+
const low = value % MAX_INT32;
|
|
58
|
+
const buf = new Uint8Array(8);
|
|
59
|
+
writeUInt32BE(buf, high, 0);
|
|
60
|
+
writeUInt32BE(buf, low, 4);
|
|
61
|
+
return buf;
|
|
62
|
+
}
|
|
63
|
+
function uint32be(value) {
|
|
64
|
+
const buf = new Uint8Array(4);
|
|
65
|
+
writeUInt32BE(buf, value);
|
|
66
|
+
return buf;
|
|
67
|
+
}
|
|
68
|
+
function lengthAndInput(input) {
|
|
69
|
+
return concat(uint32be(input.length), input);
|
|
70
|
+
}
|
|
71
|
+
async function concatKdf(secret, bits, value) {
|
|
72
|
+
const iterations = Math.ceil((bits >> 3) / 32);
|
|
73
|
+
const res = new Uint8Array(iterations * 32);
|
|
74
|
+
for (let iter = 0; iter < iterations; iter++) {
|
|
75
|
+
const buf = new Uint8Array(4 + secret.length + value.length);
|
|
76
|
+
buf.set(uint32be(iter + 1));
|
|
77
|
+
buf.set(secret, 4);
|
|
78
|
+
buf.set(value, 4 + secret.length);
|
|
79
|
+
res.set(await digest_default("sha256", buf), iter * 32);
|
|
80
|
+
}
|
|
81
|
+
return res.slice(0, bits >> 3);
|
|
82
|
+
}
|
|
83
|
+
var encoder, decoder, MAX_INT32;
|
|
84
|
+
var init_buffer_utils = __esm({
|
|
85
|
+
"../../node_modules/jose/dist/browser/lib/buffer_utils.js"() {
|
|
86
|
+
"use strict";
|
|
87
|
+
init_digest();
|
|
88
|
+
encoder = new TextEncoder();
|
|
89
|
+
decoder = new TextDecoder();
|
|
90
|
+
MAX_INT32 = 2 ** 32;
|
|
91
|
+
}
|
|
92
|
+
});
|
|
93
|
+
|
|
94
|
+
// ../../node_modules/jose/dist/browser/runtime/base64url.js
|
|
95
|
+
var encodeBase64, encode, decodeBase64, decode;
|
|
96
|
+
var init_base64url = __esm({
|
|
97
|
+
"../../node_modules/jose/dist/browser/runtime/base64url.js"() {
|
|
98
|
+
"use strict";
|
|
99
|
+
init_buffer_utils();
|
|
100
|
+
encodeBase64 = (input) => {
|
|
101
|
+
let unencoded = input;
|
|
102
|
+
if (typeof unencoded === "string") {
|
|
103
|
+
unencoded = encoder.encode(unencoded);
|
|
104
|
+
}
|
|
105
|
+
const CHUNK_SIZE = 32768;
|
|
106
|
+
const arr = [];
|
|
107
|
+
for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {
|
|
108
|
+
arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE)));
|
|
109
|
+
}
|
|
110
|
+
return btoa(arr.join(""));
|
|
111
|
+
};
|
|
112
|
+
encode = (input) => {
|
|
113
|
+
return encodeBase64(input).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
|
|
114
|
+
};
|
|
115
|
+
decodeBase64 = (encoded) => {
|
|
116
|
+
const binary = atob(encoded);
|
|
117
|
+
const bytes = new Uint8Array(binary.length);
|
|
118
|
+
for (let i = 0; i < binary.length; i++) {
|
|
119
|
+
bytes[i] = binary.charCodeAt(i);
|
|
120
|
+
}
|
|
121
|
+
return bytes;
|
|
122
|
+
};
|
|
123
|
+
decode = (input) => {
|
|
124
|
+
let encoded = input;
|
|
125
|
+
if (encoded instanceof Uint8Array) {
|
|
126
|
+
encoded = decoder.decode(encoded);
|
|
127
|
+
}
|
|
128
|
+
encoded = encoded.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
|
|
129
|
+
try {
|
|
130
|
+
return decodeBase64(encoded);
|
|
131
|
+
} catch {
|
|
132
|
+
throw new TypeError("The input to be decoded is not correctly encoded.");
|
|
133
|
+
}
|
|
134
|
+
};
|
|
135
|
+
}
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
// ../../node_modules/jose/dist/browser/util/errors.js
|
|
139
|
+
var errors_exports = {};
|
|
140
|
+
__export(errors_exports, {
|
|
141
|
+
JOSEAlgNotAllowed: () => JOSEAlgNotAllowed,
|
|
142
|
+
JOSEError: () => JOSEError,
|
|
143
|
+
JOSENotSupported: () => JOSENotSupported,
|
|
144
|
+
JWEDecryptionFailed: () => JWEDecryptionFailed,
|
|
145
|
+
JWEInvalid: () => JWEInvalid,
|
|
146
|
+
JWKInvalid: () => JWKInvalid,
|
|
147
|
+
JWKSInvalid: () => JWKSInvalid,
|
|
148
|
+
JWKSMultipleMatchingKeys: () => JWKSMultipleMatchingKeys,
|
|
149
|
+
JWKSNoMatchingKey: () => JWKSNoMatchingKey,
|
|
150
|
+
JWKSTimeout: () => JWKSTimeout,
|
|
151
|
+
JWSInvalid: () => JWSInvalid,
|
|
152
|
+
JWSSignatureVerificationFailed: () => JWSSignatureVerificationFailed,
|
|
153
|
+
JWTClaimValidationFailed: () => JWTClaimValidationFailed,
|
|
154
|
+
JWTExpired: () => JWTExpired,
|
|
155
|
+
JWTInvalid: () => JWTInvalid
|
|
156
|
+
});
|
|
157
|
+
var JOSEError, JWTClaimValidationFailed, JWTExpired, JOSEAlgNotAllowed, JOSENotSupported, JWEDecryptionFailed, JWEInvalid, JWSInvalid, JWTInvalid, JWKInvalid, JWKSInvalid, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, JWKSTimeout, JWSSignatureVerificationFailed;
|
|
158
|
+
var init_errors = __esm({
|
|
159
|
+
"../../node_modules/jose/dist/browser/util/errors.js"() {
|
|
160
|
+
"use strict";
|
|
161
|
+
JOSEError = class extends Error {
|
|
162
|
+
static get code() {
|
|
163
|
+
return "ERR_JOSE_GENERIC";
|
|
164
|
+
}
|
|
165
|
+
constructor(message2) {
|
|
166
|
+
super(message2);
|
|
167
|
+
this.code = "ERR_JOSE_GENERIC";
|
|
168
|
+
this.name = this.constructor.name;
|
|
169
|
+
Error.captureStackTrace?.(this, this.constructor);
|
|
170
|
+
}
|
|
171
|
+
};
|
|
172
|
+
JWTClaimValidationFailed = class extends JOSEError {
|
|
173
|
+
static get code() {
|
|
174
|
+
return "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
175
|
+
}
|
|
176
|
+
constructor(message2, claim = "unspecified", reason = "unspecified") {
|
|
177
|
+
super(message2);
|
|
178
|
+
this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
|
|
179
|
+
this.claim = claim;
|
|
180
|
+
this.reason = reason;
|
|
181
|
+
}
|
|
182
|
+
};
|
|
183
|
+
JWTExpired = class extends JOSEError {
|
|
184
|
+
static get code() {
|
|
185
|
+
return "ERR_JWT_EXPIRED";
|
|
186
|
+
}
|
|
187
|
+
constructor(message2, claim = "unspecified", reason = "unspecified") {
|
|
188
|
+
super(message2);
|
|
189
|
+
this.code = "ERR_JWT_EXPIRED";
|
|
190
|
+
this.claim = claim;
|
|
191
|
+
this.reason = reason;
|
|
192
|
+
}
|
|
193
|
+
};
|
|
194
|
+
JOSEAlgNotAllowed = class extends JOSEError {
|
|
195
|
+
constructor() {
|
|
196
|
+
super(...arguments);
|
|
197
|
+
this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
198
|
+
}
|
|
199
|
+
static get code() {
|
|
200
|
+
return "ERR_JOSE_ALG_NOT_ALLOWED";
|
|
201
|
+
}
|
|
202
|
+
};
|
|
203
|
+
JOSENotSupported = class extends JOSEError {
|
|
204
|
+
constructor() {
|
|
205
|
+
super(...arguments);
|
|
206
|
+
this.code = "ERR_JOSE_NOT_SUPPORTED";
|
|
207
|
+
}
|
|
208
|
+
static get code() {
|
|
209
|
+
return "ERR_JOSE_NOT_SUPPORTED";
|
|
210
|
+
}
|
|
211
|
+
};
|
|
212
|
+
JWEDecryptionFailed = class extends JOSEError {
|
|
213
|
+
constructor() {
|
|
214
|
+
super(...arguments);
|
|
215
|
+
this.code = "ERR_JWE_DECRYPTION_FAILED";
|
|
216
|
+
this.message = "decryption operation failed";
|
|
217
|
+
}
|
|
218
|
+
static get code() {
|
|
219
|
+
return "ERR_JWE_DECRYPTION_FAILED";
|
|
220
|
+
}
|
|
221
|
+
};
|
|
222
|
+
JWEInvalid = class extends JOSEError {
|
|
223
|
+
constructor() {
|
|
224
|
+
super(...arguments);
|
|
225
|
+
this.code = "ERR_JWE_INVALID";
|
|
226
|
+
}
|
|
227
|
+
static get code() {
|
|
228
|
+
return "ERR_JWE_INVALID";
|
|
229
|
+
}
|
|
230
|
+
};
|
|
231
|
+
JWSInvalid = class extends JOSEError {
|
|
232
|
+
constructor() {
|
|
233
|
+
super(...arguments);
|
|
234
|
+
this.code = "ERR_JWS_INVALID";
|
|
235
|
+
}
|
|
236
|
+
static get code() {
|
|
237
|
+
return "ERR_JWS_INVALID";
|
|
238
|
+
}
|
|
239
|
+
};
|
|
240
|
+
JWTInvalid = class extends JOSEError {
|
|
241
|
+
constructor() {
|
|
242
|
+
super(...arguments);
|
|
243
|
+
this.code = "ERR_JWT_INVALID";
|
|
244
|
+
}
|
|
245
|
+
static get code() {
|
|
246
|
+
return "ERR_JWT_INVALID";
|
|
247
|
+
}
|
|
248
|
+
};
|
|
249
|
+
JWKInvalid = class extends JOSEError {
|
|
250
|
+
constructor() {
|
|
251
|
+
super(...arguments);
|
|
252
|
+
this.code = "ERR_JWK_INVALID";
|
|
253
|
+
}
|
|
254
|
+
static get code() {
|
|
255
|
+
return "ERR_JWK_INVALID";
|
|
256
|
+
}
|
|
257
|
+
};
|
|
258
|
+
JWKSInvalid = class extends JOSEError {
|
|
259
|
+
constructor() {
|
|
260
|
+
super(...arguments);
|
|
261
|
+
this.code = "ERR_JWKS_INVALID";
|
|
262
|
+
}
|
|
263
|
+
static get code() {
|
|
264
|
+
return "ERR_JWKS_INVALID";
|
|
265
|
+
}
|
|
266
|
+
};
|
|
267
|
+
JWKSNoMatchingKey = class extends JOSEError {
|
|
268
|
+
constructor() {
|
|
269
|
+
super(...arguments);
|
|
270
|
+
this.code = "ERR_JWKS_NO_MATCHING_KEY";
|
|
271
|
+
this.message = "no applicable key found in the JSON Web Key Set";
|
|
272
|
+
}
|
|
273
|
+
static get code() {
|
|
274
|
+
return "ERR_JWKS_NO_MATCHING_KEY";
|
|
275
|
+
}
|
|
276
|
+
};
|
|
277
|
+
JWKSMultipleMatchingKeys = class extends JOSEError {
|
|
278
|
+
constructor() {
|
|
279
|
+
super(...arguments);
|
|
280
|
+
this.code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
|
|
281
|
+
this.message = "multiple matching keys found in the JSON Web Key Set";
|
|
282
|
+
}
|
|
283
|
+
static get code() {
|
|
284
|
+
return "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
|
|
285
|
+
}
|
|
286
|
+
};
|
|
287
|
+
JWKSTimeout = class extends JOSEError {
|
|
288
|
+
constructor() {
|
|
289
|
+
super(...arguments);
|
|
290
|
+
this.code = "ERR_JWKS_TIMEOUT";
|
|
291
|
+
this.message = "request timed out";
|
|
292
|
+
}
|
|
293
|
+
static get code() {
|
|
294
|
+
return "ERR_JWKS_TIMEOUT";
|
|
295
|
+
}
|
|
296
|
+
};
|
|
297
|
+
JWSSignatureVerificationFailed = class extends JOSEError {
|
|
298
|
+
constructor() {
|
|
299
|
+
super(...arguments);
|
|
300
|
+
this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
301
|
+
this.message = "signature verification failed";
|
|
302
|
+
}
|
|
303
|
+
static get code() {
|
|
304
|
+
return "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
|
|
305
|
+
}
|
|
306
|
+
};
|
|
307
|
+
}
|
|
308
|
+
});
|
|
309
|
+
|
|
310
|
+
// ../../node_modules/jose/dist/browser/runtime/random.js
|
|
311
|
+
var random_default;
|
|
312
|
+
var init_random = __esm({
|
|
313
|
+
"../../node_modules/jose/dist/browser/runtime/random.js"() {
|
|
314
|
+
"use strict";
|
|
315
|
+
init_webcrypto();
|
|
316
|
+
random_default = webcrypto_default.getRandomValues.bind(webcrypto_default);
|
|
317
|
+
}
|
|
318
|
+
});
|
|
319
|
+
|
|
320
|
+
// ../../node_modules/jose/dist/browser/lib/iv.js
|
|
321
|
+
function bitLength(alg) {
|
|
322
|
+
switch (alg) {
|
|
323
|
+
case "A128GCM":
|
|
324
|
+
case "A128GCMKW":
|
|
325
|
+
case "A192GCM":
|
|
326
|
+
case "A192GCMKW":
|
|
327
|
+
case "A256GCM":
|
|
328
|
+
case "A256GCMKW":
|
|
329
|
+
return 96;
|
|
330
|
+
case "A128CBC-HS256":
|
|
331
|
+
case "A192CBC-HS384":
|
|
332
|
+
case "A256CBC-HS512":
|
|
333
|
+
return 128;
|
|
334
|
+
default:
|
|
335
|
+
throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
var iv_default;
|
|
339
|
+
var init_iv = __esm({
|
|
340
|
+
"../../node_modules/jose/dist/browser/lib/iv.js"() {
|
|
341
|
+
"use strict";
|
|
342
|
+
init_errors();
|
|
343
|
+
init_random();
|
|
344
|
+
iv_default = (alg) => random_default(new Uint8Array(bitLength(alg) >> 3));
|
|
345
|
+
}
|
|
346
|
+
});
|
|
347
|
+
|
|
348
|
+
// ../../node_modules/jose/dist/browser/lib/check_iv_length.js
|
|
349
|
+
var checkIvLength, check_iv_length_default;
|
|
350
|
+
var init_check_iv_length = __esm({
|
|
351
|
+
"../../node_modules/jose/dist/browser/lib/check_iv_length.js"() {
|
|
352
|
+
"use strict";
|
|
353
|
+
init_errors();
|
|
354
|
+
init_iv();
|
|
355
|
+
checkIvLength = (enc, iv) => {
|
|
356
|
+
if (iv.length << 3 !== bitLength(enc)) {
|
|
357
|
+
throw new JWEInvalid("Invalid Initialization Vector length");
|
|
358
|
+
}
|
|
359
|
+
};
|
|
360
|
+
check_iv_length_default = checkIvLength;
|
|
361
|
+
}
|
|
362
|
+
});
|
|
363
|
+
|
|
364
|
+
// ../../node_modules/jose/dist/browser/runtime/check_cek_length.js
|
|
365
|
+
var checkCekLength, check_cek_length_default;
|
|
366
|
+
var init_check_cek_length = __esm({
|
|
367
|
+
"../../node_modules/jose/dist/browser/runtime/check_cek_length.js"() {
|
|
368
|
+
"use strict";
|
|
369
|
+
init_errors();
|
|
370
|
+
checkCekLength = (cek, expected) => {
|
|
371
|
+
const actual = cek.byteLength << 3;
|
|
372
|
+
if (actual !== expected) {
|
|
373
|
+
throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
|
|
374
|
+
}
|
|
375
|
+
};
|
|
376
|
+
check_cek_length_default = checkCekLength;
|
|
377
|
+
}
|
|
378
|
+
});
|
|
379
|
+
|
|
380
|
+
// ../../node_modules/jose/dist/browser/runtime/timing_safe_equal.js
|
|
381
|
+
var timingSafeEqual, timing_safe_equal_default;
|
|
382
|
+
var init_timing_safe_equal = __esm({
|
|
383
|
+
"../../node_modules/jose/dist/browser/runtime/timing_safe_equal.js"() {
|
|
384
|
+
"use strict";
|
|
385
|
+
timingSafeEqual = (a, b) => {
|
|
386
|
+
if (!(a instanceof Uint8Array)) {
|
|
387
|
+
throw new TypeError("First argument must be a buffer");
|
|
388
|
+
}
|
|
389
|
+
if (!(b instanceof Uint8Array)) {
|
|
390
|
+
throw new TypeError("Second argument must be a buffer");
|
|
391
|
+
}
|
|
392
|
+
if (a.length !== b.length) {
|
|
393
|
+
throw new TypeError("Input buffers must have the same length");
|
|
394
|
+
}
|
|
395
|
+
const len = a.length;
|
|
396
|
+
let out = 0;
|
|
397
|
+
let i = -1;
|
|
398
|
+
while (++i < len) {
|
|
399
|
+
out |= a[i] ^ b[i];
|
|
400
|
+
}
|
|
401
|
+
return out === 0;
|
|
402
|
+
};
|
|
403
|
+
timing_safe_equal_default = timingSafeEqual;
|
|
404
|
+
}
|
|
405
|
+
});
|
|
406
|
+
|
|
407
|
+
// ../../node_modules/jose/dist/browser/lib/crypto_key.js
|
|
408
|
+
function unusable(name, prop = "algorithm.name") {
|
|
409
|
+
return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
|
|
410
|
+
}
|
|
411
|
+
function isAlgorithm(algorithm, name) {
|
|
412
|
+
return algorithm.name === name;
|
|
413
|
+
}
|
|
414
|
+
function getHashLength(hash) {
|
|
415
|
+
return parseInt(hash.name.slice(4), 10);
|
|
416
|
+
}
|
|
417
|
+
function getNamedCurve(alg) {
|
|
418
|
+
switch (alg) {
|
|
419
|
+
case "ES256":
|
|
420
|
+
return "P-256";
|
|
421
|
+
case "ES384":
|
|
422
|
+
return "P-384";
|
|
423
|
+
case "ES512":
|
|
424
|
+
return "P-521";
|
|
425
|
+
default:
|
|
426
|
+
throw new Error("unreachable");
|
|
427
|
+
}
|
|
428
|
+
}
|
|
429
|
+
function checkUsage(key, usages) {
|
|
430
|
+
if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {
|
|
431
|
+
let msg = "CryptoKey does not support this operation, its usages must include ";
|
|
432
|
+
if (usages.length > 2) {
|
|
433
|
+
const last = usages.pop();
|
|
434
|
+
msg += `one of ${usages.join(", ")}, or ${last}.`;
|
|
435
|
+
} else if (usages.length === 2) {
|
|
436
|
+
msg += `one of ${usages[0]} or ${usages[1]}.`;
|
|
437
|
+
} else {
|
|
438
|
+
msg += `${usages[0]}.`;
|
|
439
|
+
}
|
|
440
|
+
throw new TypeError(msg);
|
|
441
|
+
}
|
|
442
|
+
}
|
|
443
|
+
function checkSigCryptoKey(key, alg, ...usages) {
|
|
444
|
+
switch (alg) {
|
|
445
|
+
case "HS256":
|
|
446
|
+
case "HS384":
|
|
447
|
+
case "HS512": {
|
|
448
|
+
if (!isAlgorithm(key.algorithm, "HMAC"))
|
|
449
|
+
throw unusable("HMAC");
|
|
450
|
+
const expected = parseInt(alg.slice(2), 10);
|
|
451
|
+
const actual = getHashLength(key.algorithm.hash);
|
|
452
|
+
if (actual !== expected)
|
|
453
|
+
throw unusable(`SHA-${expected}`, "algorithm.hash");
|
|
454
|
+
break;
|
|
455
|
+
}
|
|
456
|
+
case "RS256":
|
|
457
|
+
case "RS384":
|
|
458
|
+
case "RS512": {
|
|
459
|
+
if (!isAlgorithm(key.algorithm, "RSASSA-PKCS1-v1_5"))
|
|
460
|
+
throw unusable("RSASSA-PKCS1-v1_5");
|
|
461
|
+
const expected = parseInt(alg.slice(2), 10);
|
|
462
|
+
const actual = getHashLength(key.algorithm.hash);
|
|
463
|
+
if (actual !== expected)
|
|
464
|
+
throw unusable(`SHA-${expected}`, "algorithm.hash");
|
|
465
|
+
break;
|
|
466
|
+
}
|
|
467
|
+
case "PS256":
|
|
468
|
+
case "PS384":
|
|
469
|
+
case "PS512": {
|
|
470
|
+
if (!isAlgorithm(key.algorithm, "RSA-PSS"))
|
|
471
|
+
throw unusable("RSA-PSS");
|
|
472
|
+
const expected = parseInt(alg.slice(2), 10);
|
|
473
|
+
const actual = getHashLength(key.algorithm.hash);
|
|
474
|
+
if (actual !== expected)
|
|
475
|
+
throw unusable(`SHA-${expected}`, "algorithm.hash");
|
|
476
|
+
break;
|
|
477
|
+
}
|
|
478
|
+
case "EdDSA": {
|
|
479
|
+
if (key.algorithm.name !== "Ed25519" && key.algorithm.name !== "Ed448") {
|
|
480
|
+
throw unusable("Ed25519 or Ed448");
|
|
481
|
+
}
|
|
482
|
+
break;
|
|
483
|
+
}
|
|
484
|
+
case "ES256":
|
|
485
|
+
case "ES384":
|
|
486
|
+
case "ES512": {
|
|
487
|
+
if (!isAlgorithm(key.algorithm, "ECDSA"))
|
|
488
|
+
throw unusable("ECDSA");
|
|
489
|
+
const expected = getNamedCurve(alg);
|
|
490
|
+
const actual = key.algorithm.namedCurve;
|
|
491
|
+
if (actual !== expected)
|
|
492
|
+
throw unusable(expected, "algorithm.namedCurve");
|
|
493
|
+
break;
|
|
494
|
+
}
|
|
495
|
+
default:
|
|
496
|
+
throw new TypeError("CryptoKey does not support this operation");
|
|
497
|
+
}
|
|
498
|
+
checkUsage(key, usages);
|
|
499
|
+
}
|
|
500
|
+
function checkEncCryptoKey(key, alg, ...usages) {
|
|
501
|
+
switch (alg) {
|
|
502
|
+
case "A128GCM":
|
|
503
|
+
case "A192GCM":
|
|
504
|
+
case "A256GCM": {
|
|
505
|
+
if (!isAlgorithm(key.algorithm, "AES-GCM"))
|
|
506
|
+
throw unusable("AES-GCM");
|
|
507
|
+
const expected = parseInt(alg.slice(1, 4), 10);
|
|
508
|
+
const actual = key.algorithm.length;
|
|
509
|
+
if (actual !== expected)
|
|
510
|
+
throw unusable(expected, "algorithm.length");
|
|
511
|
+
break;
|
|
512
|
+
}
|
|
513
|
+
case "A128KW":
|
|
514
|
+
case "A192KW":
|
|
515
|
+
case "A256KW": {
|
|
516
|
+
if (!isAlgorithm(key.algorithm, "AES-KW"))
|
|
517
|
+
throw unusable("AES-KW");
|
|
518
|
+
const expected = parseInt(alg.slice(1, 4), 10);
|
|
519
|
+
const actual = key.algorithm.length;
|
|
520
|
+
if (actual !== expected)
|
|
521
|
+
throw unusable(expected, "algorithm.length");
|
|
522
|
+
break;
|
|
523
|
+
}
|
|
524
|
+
case "ECDH": {
|
|
525
|
+
switch (key.algorithm.name) {
|
|
526
|
+
case "ECDH":
|
|
527
|
+
case "X25519":
|
|
528
|
+
case "X448":
|
|
529
|
+
break;
|
|
530
|
+
default:
|
|
531
|
+
throw unusable("ECDH, X25519, or X448");
|
|
532
|
+
}
|
|
533
|
+
break;
|
|
534
|
+
}
|
|
535
|
+
case "PBES2-HS256+A128KW":
|
|
536
|
+
case "PBES2-HS384+A192KW":
|
|
537
|
+
case "PBES2-HS512+A256KW":
|
|
538
|
+
if (!isAlgorithm(key.algorithm, "PBKDF2"))
|
|
539
|
+
throw unusable("PBKDF2");
|
|
540
|
+
break;
|
|
541
|
+
case "RSA-OAEP":
|
|
542
|
+
case "RSA-OAEP-256":
|
|
543
|
+
case "RSA-OAEP-384":
|
|
544
|
+
case "RSA-OAEP-512": {
|
|
545
|
+
if (!isAlgorithm(key.algorithm, "RSA-OAEP"))
|
|
546
|
+
throw unusable("RSA-OAEP");
|
|
547
|
+
const expected = parseInt(alg.slice(9), 10) || 1;
|
|
548
|
+
const actual = getHashLength(key.algorithm.hash);
|
|
549
|
+
if (actual !== expected)
|
|
550
|
+
throw unusable(`SHA-${expected}`, "algorithm.hash");
|
|
551
|
+
break;
|
|
552
|
+
}
|
|
553
|
+
default:
|
|
554
|
+
throw new TypeError("CryptoKey does not support this operation");
|
|
555
|
+
}
|
|
556
|
+
checkUsage(key, usages);
|
|
557
|
+
}
|
|
558
|
+
var init_crypto_key = __esm({
|
|
559
|
+
"../../node_modules/jose/dist/browser/lib/crypto_key.js"() {
|
|
560
|
+
"use strict";
|
|
561
|
+
}
|
|
562
|
+
});
|
|
563
|
+
|
|
564
|
+
// ../../node_modules/jose/dist/browser/lib/invalid_key_input.js
|
|
565
|
+
function message(msg, actual, ...types2) {
|
|
566
|
+
if (types2.length > 2) {
|
|
567
|
+
const last = types2.pop();
|
|
568
|
+
msg += `one of type ${types2.join(", ")}, or ${last}.`;
|
|
569
|
+
} else if (types2.length === 2) {
|
|
570
|
+
msg += `one of type ${types2[0]} or ${types2[1]}.`;
|
|
571
|
+
} else {
|
|
572
|
+
msg += `of type ${types2[0]}.`;
|
|
573
|
+
}
|
|
574
|
+
if (actual == null) {
|
|
575
|
+
msg += ` Received ${actual}`;
|
|
576
|
+
} else if (typeof actual === "function" && actual.name) {
|
|
577
|
+
msg += ` Received function ${actual.name}`;
|
|
578
|
+
} else if (typeof actual === "object" && actual != null) {
|
|
579
|
+
if (actual.constructor?.name) {
|
|
580
|
+
msg += ` Received an instance of ${actual.constructor.name}`;
|
|
581
|
+
}
|
|
582
|
+
}
|
|
583
|
+
return msg;
|
|
584
|
+
}
|
|
585
|
+
function withAlg(alg, actual, ...types2) {
|
|
586
|
+
return message(`Key for the ${alg} algorithm must be `, actual, ...types2);
|
|
587
|
+
}
|
|
588
|
+
var invalid_key_input_default;
|
|
589
|
+
var init_invalid_key_input = __esm({
|
|
590
|
+
"../../node_modules/jose/dist/browser/lib/invalid_key_input.js"() {
|
|
591
|
+
"use strict";
|
|
592
|
+
invalid_key_input_default = (actual, ...types2) => {
|
|
593
|
+
return message("Key must be ", actual, ...types2);
|
|
594
|
+
};
|
|
595
|
+
}
|
|
596
|
+
});
|
|
597
|
+
|
|
598
|
+
// ../../node_modules/jose/dist/browser/runtime/is_key_like.js
|
|
599
|
+
var is_key_like_default, types;
|
|
600
|
+
var init_is_key_like = __esm({
|
|
601
|
+
"../../node_modules/jose/dist/browser/runtime/is_key_like.js"() {
|
|
602
|
+
"use strict";
|
|
603
|
+
init_webcrypto();
|
|
604
|
+
is_key_like_default = (key) => {
|
|
605
|
+
return isCryptoKey(key);
|
|
606
|
+
};
|
|
607
|
+
types = ["CryptoKey"];
|
|
608
|
+
}
|
|
609
|
+
});
|
|
610
|
+
|
|
611
|
+
// ../../node_modules/jose/dist/browser/runtime/decrypt.js
|
|
612
|
+
async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {
|
|
613
|
+
if (!(cek instanceof Uint8Array)) {
|
|
614
|
+
throw new TypeError(invalid_key_input_default(cek, "Uint8Array"));
|
|
615
|
+
}
|
|
616
|
+
const keySize = parseInt(enc.slice(1, 4), 10);
|
|
617
|
+
const encKey = await webcrypto_default.subtle.importKey("raw", cek.subarray(keySize >> 3), "AES-CBC", false, ["decrypt"]);
|
|
618
|
+
const macKey = await webcrypto_default.subtle.importKey("raw", cek.subarray(0, keySize >> 3), {
|
|
619
|
+
hash: `SHA-${keySize << 1}`,
|
|
620
|
+
name: "HMAC"
|
|
621
|
+
}, false, ["sign"]);
|
|
622
|
+
const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));
|
|
623
|
+
const expectedTag = new Uint8Array((await webcrypto_default.subtle.sign("HMAC", macKey, macData)).slice(0, keySize >> 3));
|
|
624
|
+
let macCheckPassed;
|
|
625
|
+
try {
|
|
626
|
+
macCheckPassed = timing_safe_equal_default(tag, expectedTag);
|
|
627
|
+
} catch {
|
|
628
|
+
}
|
|
629
|
+
if (!macCheckPassed) {
|
|
630
|
+
throw new JWEDecryptionFailed();
|
|
631
|
+
}
|
|
632
|
+
let plaintext;
|
|
633
|
+
try {
|
|
634
|
+
plaintext = new Uint8Array(await webcrypto_default.subtle.decrypt({ iv, name: "AES-CBC" }, encKey, ciphertext));
|
|
635
|
+
} catch {
|
|
636
|
+
}
|
|
637
|
+
if (!plaintext) {
|
|
638
|
+
throw new JWEDecryptionFailed();
|
|
639
|
+
}
|
|
640
|
+
return plaintext;
|
|
641
|
+
}
|
|
642
|
+
async function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {
|
|
643
|
+
let encKey;
|
|
644
|
+
if (cek instanceof Uint8Array) {
|
|
645
|
+
encKey = await webcrypto_default.subtle.importKey("raw", cek, "AES-GCM", false, ["decrypt"]);
|
|
646
|
+
} else {
|
|
647
|
+
checkEncCryptoKey(cek, enc, "decrypt");
|
|
648
|
+
encKey = cek;
|
|
649
|
+
}
|
|
650
|
+
try {
|
|
651
|
+
return new Uint8Array(await webcrypto_default.subtle.decrypt({
|
|
652
|
+
additionalData: aad,
|
|
653
|
+
iv,
|
|
654
|
+
name: "AES-GCM",
|
|
655
|
+
tagLength: 128
|
|
656
|
+
}, encKey, concat(ciphertext, tag)));
|
|
657
|
+
} catch {
|
|
658
|
+
throw new JWEDecryptionFailed();
|
|
659
|
+
}
|
|
660
|
+
}
|
|
661
|
+
var decrypt, decrypt_default;
|
|
662
|
+
var init_decrypt = __esm({
|
|
663
|
+
"../../node_modules/jose/dist/browser/runtime/decrypt.js"() {
|
|
664
|
+
"use strict";
|
|
665
|
+
init_buffer_utils();
|
|
666
|
+
init_check_iv_length();
|
|
667
|
+
init_check_cek_length();
|
|
668
|
+
init_timing_safe_equal();
|
|
669
|
+
init_errors();
|
|
670
|
+
init_webcrypto();
|
|
671
|
+
init_crypto_key();
|
|
672
|
+
init_invalid_key_input();
|
|
673
|
+
init_is_key_like();
|
|
674
|
+
decrypt = async (enc, cek, ciphertext, iv, tag, aad) => {
|
|
675
|
+
if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {
|
|
676
|
+
throw new TypeError(invalid_key_input_default(cek, ...types, "Uint8Array"));
|
|
677
|
+
}
|
|
678
|
+
if (!iv) {
|
|
679
|
+
throw new JWEInvalid("JWE Initialization Vector missing");
|
|
680
|
+
}
|
|
681
|
+
if (!tag) {
|
|
682
|
+
throw new JWEInvalid("JWE Authentication Tag missing");
|
|
683
|
+
}
|
|
684
|
+
check_iv_length_default(enc, iv);
|
|
685
|
+
switch (enc) {
|
|
686
|
+
case "A128CBC-HS256":
|
|
687
|
+
case "A192CBC-HS384":
|
|
688
|
+
case "A256CBC-HS512":
|
|
689
|
+
if (cek instanceof Uint8Array)
|
|
690
|
+
check_cek_length_default(cek, parseInt(enc.slice(-3), 10));
|
|
691
|
+
return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad);
|
|
692
|
+
case "A128GCM":
|
|
693
|
+
case "A192GCM":
|
|
694
|
+
case "A256GCM":
|
|
695
|
+
if (cek instanceof Uint8Array)
|
|
696
|
+
check_cek_length_default(cek, parseInt(enc.slice(1, 4), 10));
|
|
697
|
+
return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad);
|
|
698
|
+
default:
|
|
699
|
+
throw new JOSENotSupported("Unsupported JWE Content Encryption Algorithm");
|
|
700
|
+
}
|
|
701
|
+
};
|
|
702
|
+
decrypt_default = decrypt;
|
|
703
|
+
}
|
|
704
|
+
});
|
|
705
|
+
|
|
706
|
+
// ../../node_modules/jose/dist/browser/lib/is_disjoint.js
|
|
707
|
+
var isDisjoint, is_disjoint_default;
|
|
708
|
+
var init_is_disjoint = __esm({
|
|
709
|
+
"../../node_modules/jose/dist/browser/lib/is_disjoint.js"() {
|
|
710
|
+
"use strict";
|
|
711
|
+
isDisjoint = (...headers) => {
|
|
712
|
+
const sources = headers.filter(Boolean);
|
|
713
|
+
if (sources.length === 0 || sources.length === 1) {
|
|
714
|
+
return true;
|
|
715
|
+
}
|
|
716
|
+
let acc;
|
|
717
|
+
for (const header of sources) {
|
|
718
|
+
const parameters = Object.keys(header);
|
|
719
|
+
if (!acc || acc.size === 0) {
|
|
720
|
+
acc = new Set(parameters);
|
|
721
|
+
continue;
|
|
722
|
+
}
|
|
723
|
+
for (const parameter of parameters) {
|
|
724
|
+
if (acc.has(parameter)) {
|
|
725
|
+
return false;
|
|
726
|
+
}
|
|
727
|
+
acc.add(parameter);
|
|
728
|
+
}
|
|
729
|
+
}
|
|
730
|
+
return true;
|
|
731
|
+
};
|
|
732
|
+
is_disjoint_default = isDisjoint;
|
|
733
|
+
}
|
|
734
|
+
});
|
|
735
|
+
|
|
736
|
+
// ../../node_modules/jose/dist/browser/lib/is_object.js
|
|
737
|
+
function isObjectLike(value) {
|
|
738
|
+
return typeof value === "object" && value !== null;
|
|
739
|
+
}
|
|
740
|
+
function isObject2(input) {
|
|
741
|
+
if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") {
|
|
742
|
+
return false;
|
|
743
|
+
}
|
|
744
|
+
if (Object.getPrototypeOf(input) === null) {
|
|
745
|
+
return true;
|
|
746
|
+
}
|
|
747
|
+
let proto = input;
|
|
748
|
+
while (Object.getPrototypeOf(proto) !== null) {
|
|
749
|
+
proto = Object.getPrototypeOf(proto);
|
|
750
|
+
}
|
|
751
|
+
return Object.getPrototypeOf(input) === proto;
|
|
752
|
+
}
|
|
753
|
+
var init_is_object = __esm({
|
|
754
|
+
"../../node_modules/jose/dist/browser/lib/is_object.js"() {
|
|
755
|
+
"use strict";
|
|
756
|
+
}
|
|
757
|
+
});
|
|
758
|
+
|
|
759
|
+
// ../../node_modules/jose/dist/browser/runtime/bogus.js
|
|
760
|
+
var bogusWebCrypto, bogus_default;
|
|
761
|
+
var init_bogus = __esm({
|
|
762
|
+
"../../node_modules/jose/dist/browser/runtime/bogus.js"() {
|
|
763
|
+
"use strict";
|
|
764
|
+
bogusWebCrypto = [
|
|
765
|
+
{ hash: "SHA-256", name: "HMAC" },
|
|
766
|
+
true,
|
|
767
|
+
["sign"]
|
|
768
|
+
];
|
|
769
|
+
bogus_default = bogusWebCrypto;
|
|
770
|
+
}
|
|
771
|
+
});
|
|
772
|
+
|
|
773
|
+
// ../../node_modules/jose/dist/browser/runtime/aeskw.js
|
|
774
|
+
function checkKeySize(key, alg) {
|
|
775
|
+
if (key.algorithm.length !== parseInt(alg.slice(1, 4), 10)) {
|
|
776
|
+
throw new TypeError(`Invalid key size for alg: ${alg}`);
|
|
777
|
+
}
|
|
778
|
+
}
|
|
779
|
+
function getCryptoKey(key, alg, usage) {
|
|
780
|
+
if (isCryptoKey(key)) {
|
|
781
|
+
checkEncCryptoKey(key, alg, usage);
|
|
782
|
+
return key;
|
|
783
|
+
}
|
|
784
|
+
if (key instanceof Uint8Array) {
|
|
785
|
+
return webcrypto_default.subtle.importKey("raw", key, "AES-KW", true, [usage]);
|
|
786
|
+
}
|
|
787
|
+
throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
|
|
788
|
+
}
|
|
789
|
+
var wrap, unwrap;
|
|
790
|
+
var init_aeskw = __esm({
|
|
791
|
+
"../../node_modules/jose/dist/browser/runtime/aeskw.js"() {
|
|
792
|
+
"use strict";
|
|
793
|
+
init_bogus();
|
|
794
|
+
init_webcrypto();
|
|
795
|
+
init_crypto_key();
|
|
796
|
+
init_invalid_key_input();
|
|
797
|
+
init_is_key_like();
|
|
798
|
+
wrap = async (alg, key, cek) => {
|
|
799
|
+
const cryptoKey = await getCryptoKey(key, alg, "wrapKey");
|
|
800
|
+
checkKeySize(cryptoKey, alg);
|
|
801
|
+
const cryptoKeyCek = await webcrypto_default.subtle.importKey("raw", cek, ...bogus_default);
|
|
802
|
+
return new Uint8Array(await webcrypto_default.subtle.wrapKey("raw", cryptoKeyCek, cryptoKey, "AES-KW"));
|
|
803
|
+
};
|
|
804
|
+
unwrap = async (alg, key, encryptedKey) => {
|
|
805
|
+
const cryptoKey = await getCryptoKey(key, alg, "unwrapKey");
|
|
806
|
+
checkKeySize(cryptoKey, alg);
|
|
807
|
+
const cryptoKeyCek = await webcrypto_default.subtle.unwrapKey("raw", encryptedKey, cryptoKey, "AES-KW", ...bogus_default);
|
|
808
|
+
return new Uint8Array(await webcrypto_default.subtle.exportKey("raw", cryptoKeyCek));
|
|
809
|
+
};
|
|
810
|
+
}
|
|
811
|
+
});
|
|
812
|
+
|
|
813
|
+
// ../../node_modules/jose/dist/browser/runtime/ecdhes.js
|
|
814
|
+
async function deriveKey(publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {
|
|
815
|
+
if (!isCryptoKey(publicKey)) {
|
|
816
|
+
throw new TypeError(invalid_key_input_default(publicKey, ...types));
|
|
817
|
+
}
|
|
818
|
+
checkEncCryptoKey(publicKey, "ECDH");
|
|
819
|
+
if (!isCryptoKey(privateKey)) {
|
|
820
|
+
throw new TypeError(invalid_key_input_default(privateKey, ...types));
|
|
821
|
+
}
|
|
822
|
+
checkEncCryptoKey(privateKey, "ECDH", "deriveBits");
|
|
823
|
+
const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));
|
|
824
|
+
let length;
|
|
825
|
+
if (publicKey.algorithm.name === "X25519") {
|
|
826
|
+
length = 256;
|
|
827
|
+
} else if (publicKey.algorithm.name === "X448") {
|
|
828
|
+
length = 448;
|
|
829
|
+
} else {
|
|
830
|
+
length = Math.ceil(parseInt(publicKey.algorithm.namedCurve.substr(-3), 10) / 8) << 3;
|
|
831
|
+
}
|
|
832
|
+
const sharedSecret = new Uint8Array(await webcrypto_default.subtle.deriveBits({
|
|
833
|
+
name: publicKey.algorithm.name,
|
|
834
|
+
public: publicKey
|
|
835
|
+
}, privateKey, length));
|
|
836
|
+
return concatKdf(sharedSecret, keyLength, value);
|
|
837
|
+
}
|
|
838
|
+
async function generateEpk(key) {
|
|
839
|
+
if (!isCryptoKey(key)) {
|
|
840
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
841
|
+
}
|
|
842
|
+
return webcrypto_default.subtle.generateKey(key.algorithm, true, ["deriveBits"]);
|
|
843
|
+
}
|
|
844
|
+
function ecdhAllowed(key) {
|
|
845
|
+
if (!isCryptoKey(key)) {
|
|
846
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
847
|
+
}
|
|
848
|
+
return ["P-256", "P-384", "P-521"].includes(key.algorithm.namedCurve) || key.algorithm.name === "X25519" || key.algorithm.name === "X448";
|
|
849
|
+
}
|
|
850
|
+
var init_ecdhes = __esm({
|
|
851
|
+
"../../node_modules/jose/dist/browser/runtime/ecdhes.js"() {
|
|
852
|
+
"use strict";
|
|
853
|
+
init_buffer_utils();
|
|
854
|
+
init_webcrypto();
|
|
855
|
+
init_crypto_key();
|
|
856
|
+
init_invalid_key_input();
|
|
857
|
+
init_is_key_like();
|
|
858
|
+
}
|
|
859
|
+
});
|
|
860
|
+
|
|
861
|
+
// ../../node_modules/jose/dist/browser/lib/check_p2s.js
|
|
862
|
+
function checkP2s(p2s2) {
|
|
863
|
+
if (!(p2s2 instanceof Uint8Array) || p2s2.length < 8) {
|
|
864
|
+
throw new JWEInvalid("PBES2 Salt Input must be 8 or more octets");
|
|
865
|
+
}
|
|
866
|
+
}
|
|
867
|
+
var init_check_p2s = __esm({
|
|
868
|
+
"../../node_modules/jose/dist/browser/lib/check_p2s.js"() {
|
|
869
|
+
"use strict";
|
|
870
|
+
init_errors();
|
|
871
|
+
}
|
|
872
|
+
});
|
|
873
|
+
|
|
874
|
+
// ../../node_modules/jose/dist/browser/runtime/pbes2kw.js
|
|
875
|
+
function getCryptoKey2(key, alg) {
|
|
876
|
+
if (key instanceof Uint8Array) {
|
|
877
|
+
return webcrypto_default.subtle.importKey("raw", key, "PBKDF2", false, ["deriveBits"]);
|
|
878
|
+
}
|
|
879
|
+
if (isCryptoKey(key)) {
|
|
880
|
+
checkEncCryptoKey(key, alg, "deriveBits", "deriveKey");
|
|
881
|
+
return key;
|
|
882
|
+
}
|
|
883
|
+
throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
|
|
884
|
+
}
|
|
885
|
+
async function deriveKey2(p2s2, alg, p2c, key) {
|
|
886
|
+
checkP2s(p2s2);
|
|
887
|
+
const salt = p2s(alg, p2s2);
|
|
888
|
+
const keylen = parseInt(alg.slice(13, 16), 10);
|
|
889
|
+
const subtleAlg = {
|
|
890
|
+
hash: `SHA-${alg.slice(8, 11)}`,
|
|
891
|
+
iterations: p2c,
|
|
892
|
+
name: "PBKDF2",
|
|
893
|
+
salt
|
|
894
|
+
};
|
|
895
|
+
const wrapAlg = {
|
|
896
|
+
length: keylen,
|
|
897
|
+
name: "AES-KW"
|
|
898
|
+
};
|
|
899
|
+
const cryptoKey = await getCryptoKey2(key, alg);
|
|
900
|
+
if (cryptoKey.usages.includes("deriveBits")) {
|
|
901
|
+
return new Uint8Array(await webcrypto_default.subtle.deriveBits(subtleAlg, cryptoKey, keylen));
|
|
902
|
+
}
|
|
903
|
+
if (cryptoKey.usages.includes("deriveKey")) {
|
|
904
|
+
return webcrypto_default.subtle.deriveKey(subtleAlg, cryptoKey, wrapAlg, false, ["wrapKey", "unwrapKey"]);
|
|
905
|
+
}
|
|
906
|
+
throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"');
|
|
907
|
+
}
|
|
908
|
+
var encrypt, decrypt2;
|
|
909
|
+
var init_pbes2kw = __esm({
|
|
910
|
+
"../../node_modules/jose/dist/browser/runtime/pbes2kw.js"() {
|
|
911
|
+
"use strict";
|
|
912
|
+
init_random();
|
|
913
|
+
init_buffer_utils();
|
|
914
|
+
init_base64url();
|
|
915
|
+
init_aeskw();
|
|
916
|
+
init_check_p2s();
|
|
917
|
+
init_webcrypto();
|
|
918
|
+
init_crypto_key();
|
|
919
|
+
init_invalid_key_input();
|
|
920
|
+
init_is_key_like();
|
|
921
|
+
encrypt = async (alg, key, cek, p2c = 2048, p2s2 = random_default(new Uint8Array(16))) => {
|
|
922
|
+
const derived = await deriveKey2(p2s2, alg, p2c, key);
|
|
923
|
+
const encryptedKey = await wrap(alg.slice(-6), derived, cek);
|
|
924
|
+
return { encryptedKey, p2c, p2s: encode(p2s2) };
|
|
925
|
+
};
|
|
926
|
+
decrypt2 = async (alg, key, encryptedKey, p2c, p2s2) => {
|
|
927
|
+
const derived = await deriveKey2(p2s2, alg, p2c, key);
|
|
928
|
+
return unwrap(alg.slice(-6), derived, encryptedKey);
|
|
929
|
+
};
|
|
930
|
+
}
|
|
931
|
+
});
|
|
932
|
+
|
|
933
|
+
// ../../node_modules/jose/dist/browser/runtime/subtle_rsaes.js
|
|
934
|
+
function subtleRsaEs(alg) {
|
|
935
|
+
switch (alg) {
|
|
936
|
+
case "RSA-OAEP":
|
|
937
|
+
case "RSA-OAEP-256":
|
|
938
|
+
case "RSA-OAEP-384":
|
|
939
|
+
case "RSA-OAEP-512":
|
|
940
|
+
return "RSA-OAEP";
|
|
941
|
+
default:
|
|
942
|
+
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
|
|
943
|
+
}
|
|
944
|
+
}
|
|
945
|
+
var init_subtle_rsaes = __esm({
|
|
946
|
+
"../../node_modules/jose/dist/browser/runtime/subtle_rsaes.js"() {
|
|
947
|
+
"use strict";
|
|
948
|
+
init_errors();
|
|
949
|
+
}
|
|
950
|
+
});
|
|
951
|
+
|
|
952
|
+
// ../../node_modules/jose/dist/browser/runtime/check_key_length.js
|
|
953
|
+
var check_key_length_default;
|
|
954
|
+
var init_check_key_length = __esm({
|
|
955
|
+
"../../node_modules/jose/dist/browser/runtime/check_key_length.js"() {
|
|
956
|
+
"use strict";
|
|
957
|
+
check_key_length_default = (alg, key) => {
|
|
958
|
+
if (alg.startsWith("RS") || alg.startsWith("PS")) {
|
|
959
|
+
const { modulusLength } = key.algorithm;
|
|
960
|
+
if (typeof modulusLength !== "number" || modulusLength < 2048) {
|
|
961
|
+
throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
|
|
962
|
+
}
|
|
963
|
+
}
|
|
964
|
+
};
|
|
965
|
+
}
|
|
966
|
+
});
|
|
967
|
+
|
|
968
|
+
// ../../node_modules/jose/dist/browser/runtime/rsaes.js
|
|
969
|
+
var encrypt2, decrypt3;
|
|
970
|
+
var init_rsaes = __esm({
|
|
971
|
+
"../../node_modules/jose/dist/browser/runtime/rsaes.js"() {
|
|
972
|
+
"use strict";
|
|
973
|
+
init_subtle_rsaes();
|
|
974
|
+
init_bogus();
|
|
975
|
+
init_webcrypto();
|
|
976
|
+
init_crypto_key();
|
|
977
|
+
init_check_key_length();
|
|
978
|
+
init_invalid_key_input();
|
|
979
|
+
init_is_key_like();
|
|
980
|
+
encrypt2 = async (alg, key, cek) => {
|
|
981
|
+
if (!isCryptoKey(key)) {
|
|
982
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
983
|
+
}
|
|
984
|
+
checkEncCryptoKey(key, alg, "encrypt", "wrapKey");
|
|
985
|
+
check_key_length_default(alg, key);
|
|
986
|
+
if (key.usages.includes("encrypt")) {
|
|
987
|
+
return new Uint8Array(await webcrypto_default.subtle.encrypt(subtleRsaEs(alg), key, cek));
|
|
988
|
+
}
|
|
989
|
+
if (key.usages.includes("wrapKey")) {
|
|
990
|
+
const cryptoKeyCek = await webcrypto_default.subtle.importKey("raw", cek, ...bogus_default);
|
|
991
|
+
return new Uint8Array(await webcrypto_default.subtle.wrapKey("raw", cryptoKeyCek, key, subtleRsaEs(alg)));
|
|
992
|
+
}
|
|
993
|
+
throw new TypeError('RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation');
|
|
994
|
+
};
|
|
995
|
+
decrypt3 = async (alg, key, encryptedKey) => {
|
|
996
|
+
if (!isCryptoKey(key)) {
|
|
997
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
998
|
+
}
|
|
999
|
+
checkEncCryptoKey(key, alg, "decrypt", "unwrapKey");
|
|
1000
|
+
check_key_length_default(alg, key);
|
|
1001
|
+
if (key.usages.includes("decrypt")) {
|
|
1002
|
+
return new Uint8Array(await webcrypto_default.subtle.decrypt(subtleRsaEs(alg), key, encryptedKey));
|
|
1003
|
+
}
|
|
1004
|
+
if (key.usages.includes("unwrapKey")) {
|
|
1005
|
+
const cryptoKeyCek = await webcrypto_default.subtle.unwrapKey("raw", encryptedKey, key, subtleRsaEs(alg), ...bogus_default);
|
|
1006
|
+
return new Uint8Array(await webcrypto_default.subtle.exportKey("raw", cryptoKeyCek));
|
|
1007
|
+
}
|
|
1008
|
+
throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation');
|
|
1009
|
+
};
|
|
1010
|
+
}
|
|
1011
|
+
});
|
|
1012
|
+
|
|
1013
|
+
// ../../node_modules/jose/dist/browser/lib/cek.js
|
|
1014
|
+
function bitLength2(alg) {
|
|
1015
|
+
switch (alg) {
|
|
1016
|
+
case "A128GCM":
|
|
1017
|
+
return 128;
|
|
1018
|
+
case "A192GCM":
|
|
1019
|
+
return 192;
|
|
1020
|
+
case "A256GCM":
|
|
1021
|
+
case "A128CBC-HS256":
|
|
1022
|
+
return 256;
|
|
1023
|
+
case "A192CBC-HS384":
|
|
1024
|
+
return 384;
|
|
1025
|
+
case "A256CBC-HS512":
|
|
1026
|
+
return 512;
|
|
1027
|
+
default:
|
|
1028
|
+
throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);
|
|
1029
|
+
}
|
|
1030
|
+
}
|
|
1031
|
+
var cek_default;
|
|
1032
|
+
var init_cek = __esm({
|
|
1033
|
+
"../../node_modules/jose/dist/browser/lib/cek.js"() {
|
|
1034
|
+
"use strict";
|
|
1035
|
+
init_errors();
|
|
1036
|
+
init_random();
|
|
1037
|
+
cek_default = (alg) => random_default(new Uint8Array(bitLength2(alg) >> 3));
|
|
1038
|
+
}
|
|
1039
|
+
});
|
|
1040
|
+
|
|
1041
|
+
// ../../node_modules/jose/dist/browser/lib/format_pem.js
|
|
1042
|
+
var format_pem_default;
|
|
1043
|
+
var init_format_pem = __esm({
|
|
1044
|
+
"../../node_modules/jose/dist/browser/lib/format_pem.js"() {
|
|
1045
|
+
"use strict";
|
|
1046
|
+
format_pem_default = (b64, descriptor) => {
|
|
1047
|
+
const newlined = (b64.match(/.{1,64}/g) || []).join("\n");
|
|
1048
|
+
return `-----BEGIN ${descriptor}-----
|
|
1049
|
+
${newlined}
|
|
1050
|
+
-----END ${descriptor}-----`;
|
|
1051
|
+
};
|
|
1052
|
+
}
|
|
1053
|
+
});
|
|
1054
|
+
|
|
1055
|
+
// ../../node_modules/jose/dist/browser/runtime/asn1.js
|
|
1056
|
+
function getElement(seq) {
|
|
1057
|
+
const result = [];
|
|
1058
|
+
let next = 0;
|
|
1059
|
+
while (next < seq.length) {
|
|
1060
|
+
const nextPart = parseElement(seq.subarray(next));
|
|
1061
|
+
result.push(nextPart);
|
|
1062
|
+
next += nextPart.byteLength;
|
|
1063
|
+
}
|
|
1064
|
+
return result;
|
|
1065
|
+
}
|
|
1066
|
+
function parseElement(bytes) {
|
|
1067
|
+
let position = 0;
|
|
1068
|
+
let tag = bytes[0] & 31;
|
|
1069
|
+
position++;
|
|
1070
|
+
if (tag === 31) {
|
|
1071
|
+
tag = 0;
|
|
1072
|
+
while (bytes[position] >= 128) {
|
|
1073
|
+
tag = tag * 128 + bytes[position] - 128;
|
|
1074
|
+
position++;
|
|
1075
|
+
}
|
|
1076
|
+
tag = tag * 128 + bytes[position] - 128;
|
|
1077
|
+
position++;
|
|
1078
|
+
}
|
|
1079
|
+
let length = 0;
|
|
1080
|
+
if (bytes[position] < 128) {
|
|
1081
|
+
length = bytes[position];
|
|
1082
|
+
position++;
|
|
1083
|
+
} else if (length === 128) {
|
|
1084
|
+
length = 0;
|
|
1085
|
+
while (bytes[position + length] !== 0 || bytes[position + length + 1] !== 0) {
|
|
1086
|
+
if (length > bytes.byteLength) {
|
|
1087
|
+
throw new TypeError("invalid indefinite form length");
|
|
1088
|
+
}
|
|
1089
|
+
length++;
|
|
1090
|
+
}
|
|
1091
|
+
const byteLength2 = position + length + 2;
|
|
1092
|
+
return {
|
|
1093
|
+
byteLength: byteLength2,
|
|
1094
|
+
contents: bytes.subarray(position, position + length),
|
|
1095
|
+
raw: bytes.subarray(0, byteLength2)
|
|
1096
|
+
};
|
|
1097
|
+
} else {
|
|
1098
|
+
const numberOfDigits = bytes[position] & 127;
|
|
1099
|
+
position++;
|
|
1100
|
+
length = 0;
|
|
1101
|
+
for (let i = 0; i < numberOfDigits; i++) {
|
|
1102
|
+
length = length * 256 + bytes[position];
|
|
1103
|
+
position++;
|
|
1104
|
+
}
|
|
1105
|
+
}
|
|
1106
|
+
const byteLength = position + length;
|
|
1107
|
+
return {
|
|
1108
|
+
byteLength,
|
|
1109
|
+
contents: bytes.subarray(position, byteLength),
|
|
1110
|
+
raw: bytes.subarray(0, byteLength)
|
|
1111
|
+
};
|
|
1112
|
+
}
|
|
1113
|
+
function spkiFromX509(buf) {
|
|
1114
|
+
const tbsCertificate = getElement(getElement(parseElement(buf).contents)[0].contents);
|
|
1115
|
+
return encodeBase64(tbsCertificate[tbsCertificate[0].raw[0] === 160 ? 6 : 5].raw);
|
|
1116
|
+
}
|
|
1117
|
+
function getSPKI(x509) {
|
|
1118
|
+
const pem = x509.replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, "");
|
|
1119
|
+
const raw = decodeBase64(pem);
|
|
1120
|
+
return format_pem_default(spkiFromX509(raw), "PUBLIC KEY");
|
|
1121
|
+
}
|
|
1122
|
+
var genericExport, toSPKI, toPKCS8, findOid, getNamedCurve2, genericImport, fromPKCS8, fromSPKI, fromX509;
|
|
1123
|
+
var init_asn1 = __esm({
|
|
1124
|
+
"../../node_modules/jose/dist/browser/runtime/asn1.js"() {
|
|
1125
|
+
"use strict";
|
|
1126
|
+
init_webcrypto();
|
|
1127
|
+
init_invalid_key_input();
|
|
1128
|
+
init_base64url();
|
|
1129
|
+
init_format_pem();
|
|
1130
|
+
init_errors();
|
|
1131
|
+
init_is_key_like();
|
|
1132
|
+
genericExport = async (keyType, keyFormat, key) => {
|
|
1133
|
+
if (!isCryptoKey(key)) {
|
|
1134
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
1135
|
+
}
|
|
1136
|
+
if (!key.extractable) {
|
|
1137
|
+
throw new TypeError("CryptoKey is not extractable");
|
|
1138
|
+
}
|
|
1139
|
+
if (key.type !== keyType) {
|
|
1140
|
+
throw new TypeError(`key is not a ${keyType} key`);
|
|
1141
|
+
}
|
|
1142
|
+
return format_pem_default(encodeBase64(new Uint8Array(await webcrypto_default.subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);
|
|
1143
|
+
};
|
|
1144
|
+
toSPKI = (key) => {
|
|
1145
|
+
return genericExport("public", "spki", key);
|
|
1146
|
+
};
|
|
1147
|
+
toPKCS8 = (key) => {
|
|
1148
|
+
return genericExport("private", "pkcs8", key);
|
|
1149
|
+
};
|
|
1150
|
+
findOid = (keyData, oid, from = 0) => {
|
|
1151
|
+
if (from === 0) {
|
|
1152
|
+
oid.unshift(oid.length);
|
|
1153
|
+
oid.unshift(6);
|
|
1154
|
+
}
|
|
1155
|
+
const i = keyData.indexOf(oid[0], from);
|
|
1156
|
+
if (i === -1)
|
|
1157
|
+
return false;
|
|
1158
|
+
const sub = keyData.subarray(i, i + oid.length);
|
|
1159
|
+
if (sub.length !== oid.length)
|
|
1160
|
+
return false;
|
|
1161
|
+
return sub.every((value, index) => value === oid[index]) || findOid(keyData, oid, i + 1);
|
|
1162
|
+
};
|
|
1163
|
+
getNamedCurve2 = (keyData) => {
|
|
1164
|
+
switch (true) {
|
|
1165
|
+
case findOid(keyData, [42, 134, 72, 206, 61, 3, 1, 7]):
|
|
1166
|
+
return "P-256";
|
|
1167
|
+
case findOid(keyData, [43, 129, 4, 0, 34]):
|
|
1168
|
+
return "P-384";
|
|
1169
|
+
case findOid(keyData, [43, 129, 4, 0, 35]):
|
|
1170
|
+
return "P-521";
|
|
1171
|
+
case findOid(keyData, [43, 101, 110]):
|
|
1172
|
+
return "X25519";
|
|
1173
|
+
case findOid(keyData, [43, 101, 111]):
|
|
1174
|
+
return "X448";
|
|
1175
|
+
case findOid(keyData, [43, 101, 112]):
|
|
1176
|
+
return "Ed25519";
|
|
1177
|
+
case findOid(keyData, [43, 101, 113]):
|
|
1178
|
+
return "Ed448";
|
|
1179
|
+
default:
|
|
1180
|
+
throw new JOSENotSupported("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
|
|
1181
|
+
}
|
|
1182
|
+
};
|
|
1183
|
+
genericImport = async (replace, keyFormat, pem, alg, options) => {
|
|
1184
|
+
let algorithm;
|
|
1185
|
+
let keyUsages;
|
|
1186
|
+
const keyData = new Uint8Array(atob(pem.replace(replace, "")).split("").map((c) => c.charCodeAt(0)));
|
|
1187
|
+
const isPublic = keyFormat === "spki";
|
|
1188
|
+
switch (alg) {
|
|
1189
|
+
case "PS256":
|
|
1190
|
+
case "PS384":
|
|
1191
|
+
case "PS512":
|
|
1192
|
+
algorithm = { name: "RSA-PSS", hash: `SHA-${alg.slice(-3)}` };
|
|
1193
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1194
|
+
break;
|
|
1195
|
+
case "RS256":
|
|
1196
|
+
case "RS384":
|
|
1197
|
+
case "RS512":
|
|
1198
|
+
algorithm = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${alg.slice(-3)}` };
|
|
1199
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1200
|
+
break;
|
|
1201
|
+
case "RSA-OAEP":
|
|
1202
|
+
case "RSA-OAEP-256":
|
|
1203
|
+
case "RSA-OAEP-384":
|
|
1204
|
+
case "RSA-OAEP-512":
|
|
1205
|
+
algorithm = {
|
|
1206
|
+
name: "RSA-OAEP",
|
|
1207
|
+
hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`
|
|
1208
|
+
};
|
|
1209
|
+
keyUsages = isPublic ? ["encrypt", "wrapKey"] : ["decrypt", "unwrapKey"];
|
|
1210
|
+
break;
|
|
1211
|
+
case "ES256":
|
|
1212
|
+
algorithm = { name: "ECDSA", namedCurve: "P-256" };
|
|
1213
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1214
|
+
break;
|
|
1215
|
+
case "ES384":
|
|
1216
|
+
algorithm = { name: "ECDSA", namedCurve: "P-384" };
|
|
1217
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1218
|
+
break;
|
|
1219
|
+
case "ES512":
|
|
1220
|
+
algorithm = { name: "ECDSA", namedCurve: "P-521" };
|
|
1221
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1222
|
+
break;
|
|
1223
|
+
case "ECDH-ES":
|
|
1224
|
+
case "ECDH-ES+A128KW":
|
|
1225
|
+
case "ECDH-ES+A192KW":
|
|
1226
|
+
case "ECDH-ES+A256KW": {
|
|
1227
|
+
const namedCurve = getNamedCurve2(keyData);
|
|
1228
|
+
algorithm = namedCurve.startsWith("P-") ? { name: "ECDH", namedCurve } : { name: namedCurve };
|
|
1229
|
+
keyUsages = isPublic ? [] : ["deriveBits"];
|
|
1230
|
+
break;
|
|
1231
|
+
}
|
|
1232
|
+
case "EdDSA":
|
|
1233
|
+
algorithm = { name: getNamedCurve2(keyData) };
|
|
1234
|
+
keyUsages = isPublic ? ["verify"] : ["sign"];
|
|
1235
|
+
break;
|
|
1236
|
+
default:
|
|
1237
|
+
throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value');
|
|
1238
|
+
}
|
|
1239
|
+
return webcrypto_default.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? false, keyUsages);
|
|
1240
|
+
};
|
|
1241
|
+
fromPKCS8 = (pem, alg, options) => {
|
|
1242
|
+
return genericImport(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, "pkcs8", pem, alg, options);
|
|
1243
|
+
};
|
|
1244
|
+
fromSPKI = (pem, alg, options) => {
|
|
1245
|
+
return genericImport(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", pem, alg, options);
|
|
1246
|
+
};
|
|
1247
|
+
fromX509 = (pem, alg, options) => {
|
|
1248
|
+
let spki;
|
|
1249
|
+
try {
|
|
1250
|
+
spki = getSPKI(pem);
|
|
1251
|
+
} catch (cause) {
|
|
1252
|
+
throw new TypeError("Failed to parse the X.509 certificate", { cause });
|
|
1253
|
+
}
|
|
1254
|
+
return fromSPKI(spki, alg, options);
|
|
1255
|
+
};
|
|
1256
|
+
}
|
|
1257
|
+
});
|
|
1258
|
+
|
|
1259
|
+
// ../../node_modules/jose/dist/browser/runtime/jwk_to_key.js
|
|
1260
|
+
function subtleMapping(jwk) {
|
|
1261
|
+
let algorithm;
|
|
1262
|
+
let keyUsages;
|
|
1263
|
+
switch (jwk.kty) {
|
|
1264
|
+
case "RSA": {
|
|
1265
|
+
switch (jwk.alg) {
|
|
1266
|
+
case "PS256":
|
|
1267
|
+
case "PS384":
|
|
1268
|
+
case "PS512":
|
|
1269
|
+
algorithm = { name: "RSA-PSS", hash: `SHA-${jwk.alg.slice(-3)}` };
|
|
1270
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1271
|
+
break;
|
|
1272
|
+
case "RS256":
|
|
1273
|
+
case "RS384":
|
|
1274
|
+
case "RS512":
|
|
1275
|
+
algorithm = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${jwk.alg.slice(-3)}` };
|
|
1276
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1277
|
+
break;
|
|
1278
|
+
case "RSA-OAEP":
|
|
1279
|
+
case "RSA-OAEP-256":
|
|
1280
|
+
case "RSA-OAEP-384":
|
|
1281
|
+
case "RSA-OAEP-512":
|
|
1282
|
+
algorithm = {
|
|
1283
|
+
name: "RSA-OAEP",
|
|
1284
|
+
hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`
|
|
1285
|
+
};
|
|
1286
|
+
keyUsages = jwk.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
|
|
1287
|
+
break;
|
|
1288
|
+
default:
|
|
1289
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
1290
|
+
}
|
|
1291
|
+
break;
|
|
1292
|
+
}
|
|
1293
|
+
case "EC": {
|
|
1294
|
+
switch (jwk.alg) {
|
|
1295
|
+
case "ES256":
|
|
1296
|
+
algorithm = { name: "ECDSA", namedCurve: "P-256" };
|
|
1297
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1298
|
+
break;
|
|
1299
|
+
case "ES384":
|
|
1300
|
+
algorithm = { name: "ECDSA", namedCurve: "P-384" };
|
|
1301
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1302
|
+
break;
|
|
1303
|
+
case "ES512":
|
|
1304
|
+
algorithm = { name: "ECDSA", namedCurve: "P-521" };
|
|
1305
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1306
|
+
break;
|
|
1307
|
+
case "ECDH-ES":
|
|
1308
|
+
case "ECDH-ES+A128KW":
|
|
1309
|
+
case "ECDH-ES+A192KW":
|
|
1310
|
+
case "ECDH-ES+A256KW":
|
|
1311
|
+
algorithm = { name: "ECDH", namedCurve: jwk.crv };
|
|
1312
|
+
keyUsages = jwk.d ? ["deriveBits"] : [];
|
|
1313
|
+
break;
|
|
1314
|
+
default:
|
|
1315
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
1316
|
+
}
|
|
1317
|
+
break;
|
|
1318
|
+
}
|
|
1319
|
+
case "OKP": {
|
|
1320
|
+
switch (jwk.alg) {
|
|
1321
|
+
case "EdDSA":
|
|
1322
|
+
algorithm = { name: jwk.crv };
|
|
1323
|
+
keyUsages = jwk.d ? ["sign"] : ["verify"];
|
|
1324
|
+
break;
|
|
1325
|
+
case "ECDH-ES":
|
|
1326
|
+
case "ECDH-ES+A128KW":
|
|
1327
|
+
case "ECDH-ES+A192KW":
|
|
1328
|
+
case "ECDH-ES+A256KW":
|
|
1329
|
+
algorithm = { name: jwk.crv };
|
|
1330
|
+
keyUsages = jwk.d ? ["deriveBits"] : [];
|
|
1331
|
+
break;
|
|
1332
|
+
default:
|
|
1333
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
1334
|
+
}
|
|
1335
|
+
break;
|
|
1336
|
+
}
|
|
1337
|
+
default:
|
|
1338
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
|
|
1339
|
+
}
|
|
1340
|
+
return { algorithm, keyUsages };
|
|
1341
|
+
}
|
|
1342
|
+
var parse, jwk_to_key_default;
|
|
1343
|
+
var init_jwk_to_key = __esm({
|
|
1344
|
+
"../../node_modules/jose/dist/browser/runtime/jwk_to_key.js"() {
|
|
1345
|
+
"use strict";
|
|
1346
|
+
init_webcrypto();
|
|
1347
|
+
init_errors();
|
|
1348
|
+
parse = async (jwk) => {
|
|
1349
|
+
if (!jwk.alg) {
|
|
1350
|
+
throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
|
|
1351
|
+
}
|
|
1352
|
+
const { algorithm, keyUsages } = subtleMapping(jwk);
|
|
1353
|
+
const rest = [
|
|
1354
|
+
algorithm,
|
|
1355
|
+
jwk.ext ?? false,
|
|
1356
|
+
jwk.key_ops ?? keyUsages
|
|
1357
|
+
];
|
|
1358
|
+
const keyData = { ...jwk };
|
|
1359
|
+
delete keyData.alg;
|
|
1360
|
+
delete keyData.use;
|
|
1361
|
+
return webcrypto_default.subtle.importKey("jwk", keyData, ...rest);
|
|
1362
|
+
};
|
|
1363
|
+
jwk_to_key_default = parse;
|
|
1364
|
+
}
|
|
1365
|
+
});
|
|
1366
|
+
|
|
1367
|
+
// ../../node_modules/jose/dist/browser/key/import.js
|
|
1368
|
+
async function importSPKI(spki, alg, options) {
|
|
1369
|
+
if (typeof spki !== "string" || spki.indexOf("-----BEGIN PUBLIC KEY-----") !== 0) {
|
|
1370
|
+
throw new TypeError('"spki" must be SPKI formatted string');
|
|
1371
|
+
}
|
|
1372
|
+
return fromSPKI(spki, alg, options);
|
|
1373
|
+
}
|
|
1374
|
+
async function importX509(x509, alg, options) {
|
|
1375
|
+
if (typeof x509 !== "string" || x509.indexOf("-----BEGIN CERTIFICATE-----") !== 0) {
|
|
1376
|
+
throw new TypeError('"x509" must be X.509 formatted string');
|
|
1377
|
+
}
|
|
1378
|
+
return fromX509(x509, alg, options);
|
|
1379
|
+
}
|
|
1380
|
+
async function importPKCS8(pkcs8, alg, options) {
|
|
1381
|
+
if (typeof pkcs8 !== "string" || pkcs8.indexOf("-----BEGIN PRIVATE KEY-----") !== 0) {
|
|
1382
|
+
throw new TypeError('"pkcs8" must be PKCS#8 formatted string');
|
|
1383
|
+
}
|
|
1384
|
+
return fromPKCS8(pkcs8, alg, options);
|
|
1385
|
+
}
|
|
1386
|
+
async function importJWK(jwk, alg) {
|
|
1387
|
+
if (!isObject2(jwk)) {
|
|
1388
|
+
throw new TypeError("JWK must be an object");
|
|
1389
|
+
}
|
|
1390
|
+
alg || (alg = jwk.alg);
|
|
1391
|
+
switch (jwk.kty) {
|
|
1392
|
+
case "oct":
|
|
1393
|
+
if (typeof jwk.k !== "string" || !jwk.k) {
|
|
1394
|
+
throw new TypeError('missing "k" (Key Value) Parameter value');
|
|
1395
|
+
}
|
|
1396
|
+
return decode(jwk.k);
|
|
1397
|
+
case "RSA":
|
|
1398
|
+
if (jwk.oth !== void 0) {
|
|
1399
|
+
throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
|
|
1400
|
+
}
|
|
1401
|
+
case "EC":
|
|
1402
|
+
case "OKP":
|
|
1403
|
+
return jwk_to_key_default({ ...jwk, alg });
|
|
1404
|
+
default:
|
|
1405
|
+
throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value');
|
|
1406
|
+
}
|
|
1407
|
+
}
|
|
1408
|
+
var init_import = __esm({
|
|
1409
|
+
"../../node_modules/jose/dist/browser/key/import.js"() {
|
|
1410
|
+
"use strict";
|
|
1411
|
+
init_base64url();
|
|
1412
|
+
init_asn1();
|
|
1413
|
+
init_jwk_to_key();
|
|
1414
|
+
init_errors();
|
|
1415
|
+
init_is_object();
|
|
1416
|
+
}
|
|
1417
|
+
});
|
|
1418
|
+
|
|
1419
|
+
// ../../node_modules/jose/dist/browser/lib/check_key_type.js
|
|
1420
|
+
var symmetricTypeCheck, asymmetricTypeCheck, checkKeyType, check_key_type_default;
|
|
1421
|
+
var init_check_key_type = __esm({
|
|
1422
|
+
"../../node_modules/jose/dist/browser/lib/check_key_type.js"() {
|
|
1423
|
+
"use strict";
|
|
1424
|
+
init_invalid_key_input();
|
|
1425
|
+
init_is_key_like();
|
|
1426
|
+
symmetricTypeCheck = (alg, key) => {
|
|
1427
|
+
if (key instanceof Uint8Array)
|
|
1428
|
+
return;
|
|
1429
|
+
if (!is_key_like_default(key)) {
|
|
1430
|
+
throw new TypeError(withAlg(alg, key, ...types, "Uint8Array"));
|
|
1431
|
+
}
|
|
1432
|
+
if (key.type !== "secret") {
|
|
1433
|
+
throw new TypeError(`${types.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
|
|
1434
|
+
}
|
|
1435
|
+
};
|
|
1436
|
+
asymmetricTypeCheck = (alg, key, usage) => {
|
|
1437
|
+
if (!is_key_like_default(key)) {
|
|
1438
|
+
throw new TypeError(withAlg(alg, key, ...types));
|
|
1439
|
+
}
|
|
1440
|
+
if (key.type === "secret") {
|
|
1441
|
+
throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
|
|
1442
|
+
}
|
|
1443
|
+
if (usage === "sign" && key.type === "public") {
|
|
1444
|
+
throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);
|
|
1445
|
+
}
|
|
1446
|
+
if (usage === "decrypt" && key.type === "public") {
|
|
1447
|
+
throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);
|
|
1448
|
+
}
|
|
1449
|
+
if (key.algorithm && usage === "verify" && key.type === "private") {
|
|
1450
|
+
throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
|
|
1451
|
+
}
|
|
1452
|
+
if (key.algorithm && usage === "encrypt" && key.type === "private") {
|
|
1453
|
+
throw new TypeError(`${types.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
|
|
1454
|
+
}
|
|
1455
|
+
};
|
|
1456
|
+
checkKeyType = (alg, key, usage) => {
|
|
1457
|
+
const symmetric = alg.startsWith("HS") || alg === "dir" || alg.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(alg);
|
|
1458
|
+
if (symmetric) {
|
|
1459
|
+
symmetricTypeCheck(alg, key);
|
|
1460
|
+
} else {
|
|
1461
|
+
asymmetricTypeCheck(alg, key, usage);
|
|
1462
|
+
}
|
|
1463
|
+
};
|
|
1464
|
+
check_key_type_default = checkKeyType;
|
|
1465
|
+
}
|
|
1466
|
+
});
|
|
1467
|
+
|
|
1468
|
+
// ../../node_modules/jose/dist/browser/runtime/encrypt.js
|
|
1469
|
+
async function cbcEncrypt(enc, plaintext, cek, iv, aad) {
|
|
1470
|
+
if (!(cek instanceof Uint8Array)) {
|
|
1471
|
+
throw new TypeError(invalid_key_input_default(cek, "Uint8Array"));
|
|
1472
|
+
}
|
|
1473
|
+
const keySize = parseInt(enc.slice(1, 4), 10);
|
|
1474
|
+
const encKey = await webcrypto_default.subtle.importKey("raw", cek.subarray(keySize >> 3), "AES-CBC", false, ["encrypt"]);
|
|
1475
|
+
const macKey = await webcrypto_default.subtle.importKey("raw", cek.subarray(0, keySize >> 3), {
|
|
1476
|
+
hash: `SHA-${keySize << 1}`,
|
|
1477
|
+
name: "HMAC"
|
|
1478
|
+
}, false, ["sign"]);
|
|
1479
|
+
const ciphertext = new Uint8Array(await webcrypto_default.subtle.encrypt({
|
|
1480
|
+
iv,
|
|
1481
|
+
name: "AES-CBC"
|
|
1482
|
+
}, encKey, plaintext));
|
|
1483
|
+
const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));
|
|
1484
|
+
const tag = new Uint8Array((await webcrypto_default.subtle.sign("HMAC", macKey, macData)).slice(0, keySize >> 3));
|
|
1485
|
+
return { ciphertext, tag, iv };
|
|
1486
|
+
}
|
|
1487
|
+
async function gcmEncrypt(enc, plaintext, cek, iv, aad) {
|
|
1488
|
+
let encKey;
|
|
1489
|
+
if (cek instanceof Uint8Array) {
|
|
1490
|
+
encKey = await webcrypto_default.subtle.importKey("raw", cek, "AES-GCM", false, ["encrypt"]);
|
|
1491
|
+
} else {
|
|
1492
|
+
checkEncCryptoKey(cek, enc, "encrypt");
|
|
1493
|
+
encKey = cek;
|
|
1494
|
+
}
|
|
1495
|
+
const encrypted = new Uint8Array(await webcrypto_default.subtle.encrypt({
|
|
1496
|
+
additionalData: aad,
|
|
1497
|
+
iv,
|
|
1498
|
+
name: "AES-GCM",
|
|
1499
|
+
tagLength: 128
|
|
1500
|
+
}, encKey, plaintext));
|
|
1501
|
+
const tag = encrypted.slice(-16);
|
|
1502
|
+
const ciphertext = encrypted.slice(0, -16);
|
|
1503
|
+
return { ciphertext, tag, iv };
|
|
1504
|
+
}
|
|
1505
|
+
var encrypt3, encrypt_default;
|
|
1506
|
+
var init_encrypt = __esm({
|
|
1507
|
+
"../../node_modules/jose/dist/browser/runtime/encrypt.js"() {
|
|
1508
|
+
"use strict";
|
|
1509
|
+
init_buffer_utils();
|
|
1510
|
+
init_check_iv_length();
|
|
1511
|
+
init_check_cek_length();
|
|
1512
|
+
init_webcrypto();
|
|
1513
|
+
init_crypto_key();
|
|
1514
|
+
init_invalid_key_input();
|
|
1515
|
+
init_iv();
|
|
1516
|
+
init_errors();
|
|
1517
|
+
init_is_key_like();
|
|
1518
|
+
encrypt3 = async (enc, plaintext, cek, iv, aad) => {
|
|
1519
|
+
if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {
|
|
1520
|
+
throw new TypeError(invalid_key_input_default(cek, ...types, "Uint8Array"));
|
|
1521
|
+
}
|
|
1522
|
+
if (iv) {
|
|
1523
|
+
check_iv_length_default(enc, iv);
|
|
1524
|
+
} else {
|
|
1525
|
+
iv = iv_default(enc);
|
|
1526
|
+
}
|
|
1527
|
+
switch (enc) {
|
|
1528
|
+
case "A128CBC-HS256":
|
|
1529
|
+
case "A192CBC-HS384":
|
|
1530
|
+
case "A256CBC-HS512":
|
|
1531
|
+
if (cek instanceof Uint8Array) {
|
|
1532
|
+
check_cek_length_default(cek, parseInt(enc.slice(-3), 10));
|
|
1533
|
+
}
|
|
1534
|
+
return cbcEncrypt(enc, plaintext, cek, iv, aad);
|
|
1535
|
+
case "A128GCM":
|
|
1536
|
+
case "A192GCM":
|
|
1537
|
+
case "A256GCM":
|
|
1538
|
+
if (cek instanceof Uint8Array) {
|
|
1539
|
+
check_cek_length_default(cek, parseInt(enc.slice(1, 4), 10));
|
|
1540
|
+
}
|
|
1541
|
+
return gcmEncrypt(enc, plaintext, cek, iv, aad);
|
|
1542
|
+
default:
|
|
1543
|
+
throw new JOSENotSupported("Unsupported JWE Content Encryption Algorithm");
|
|
1544
|
+
}
|
|
1545
|
+
};
|
|
1546
|
+
encrypt_default = encrypt3;
|
|
1547
|
+
}
|
|
1548
|
+
});
|
|
1549
|
+
|
|
1550
|
+
// ../../node_modules/jose/dist/browser/lib/aesgcmkw.js
|
|
1551
|
+
async function wrap2(alg, key, cek, iv) {
|
|
1552
|
+
const jweAlgorithm = alg.slice(0, 7);
|
|
1553
|
+
const wrapped = await encrypt_default(jweAlgorithm, cek, key, iv, new Uint8Array(0));
|
|
1554
|
+
return {
|
|
1555
|
+
encryptedKey: wrapped.ciphertext,
|
|
1556
|
+
iv: encode(wrapped.iv),
|
|
1557
|
+
tag: encode(wrapped.tag)
|
|
1558
|
+
};
|
|
1559
|
+
}
|
|
1560
|
+
async function unwrap2(alg, key, encryptedKey, iv, tag) {
|
|
1561
|
+
const jweAlgorithm = alg.slice(0, 7);
|
|
1562
|
+
return decrypt_default(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0));
|
|
1563
|
+
}
|
|
1564
|
+
var init_aesgcmkw = __esm({
|
|
1565
|
+
"../../node_modules/jose/dist/browser/lib/aesgcmkw.js"() {
|
|
1566
|
+
"use strict";
|
|
1567
|
+
init_encrypt();
|
|
1568
|
+
init_decrypt();
|
|
1569
|
+
init_base64url();
|
|
1570
|
+
}
|
|
1571
|
+
});
|
|
1572
|
+
|
|
1573
|
+
// ../../node_modules/jose/dist/browser/lib/decrypt_key_management.js
|
|
1574
|
+
async function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {
|
|
1575
|
+
check_key_type_default(alg, key, "decrypt");
|
|
1576
|
+
switch (alg) {
|
|
1577
|
+
case "dir": {
|
|
1578
|
+
if (encryptedKey !== void 0)
|
|
1579
|
+
throw new JWEInvalid("Encountered unexpected JWE Encrypted Key");
|
|
1580
|
+
return key;
|
|
1581
|
+
}
|
|
1582
|
+
case "ECDH-ES":
|
|
1583
|
+
if (encryptedKey !== void 0)
|
|
1584
|
+
throw new JWEInvalid("Encountered unexpected JWE Encrypted Key");
|
|
1585
|
+
case "ECDH-ES+A128KW":
|
|
1586
|
+
case "ECDH-ES+A192KW":
|
|
1587
|
+
case "ECDH-ES+A256KW": {
|
|
1588
|
+
if (!isObject2(joseHeader.epk))
|
|
1589
|
+
throw new JWEInvalid(`JOSE Header "epk" (Ephemeral Public Key) missing or invalid`);
|
|
1590
|
+
if (!ecdhAllowed(key))
|
|
1591
|
+
throw new JOSENotSupported("ECDH with the provided key is not allowed or not supported by your javascript runtime");
|
|
1592
|
+
const epk = await importJWK(joseHeader.epk, alg);
|
|
1593
|
+
let partyUInfo;
|
|
1594
|
+
let partyVInfo;
|
|
1595
|
+
if (joseHeader.apu !== void 0) {
|
|
1596
|
+
if (typeof joseHeader.apu !== "string")
|
|
1597
|
+
throw new JWEInvalid(`JOSE Header "apu" (Agreement PartyUInfo) invalid`);
|
|
1598
|
+
try {
|
|
1599
|
+
partyUInfo = decode(joseHeader.apu);
|
|
1600
|
+
} catch {
|
|
1601
|
+
throw new JWEInvalid("Failed to base64url decode the apu");
|
|
1602
|
+
}
|
|
1603
|
+
}
|
|
1604
|
+
if (joseHeader.apv !== void 0) {
|
|
1605
|
+
if (typeof joseHeader.apv !== "string")
|
|
1606
|
+
throw new JWEInvalid(`JOSE Header "apv" (Agreement PartyVInfo) invalid`);
|
|
1607
|
+
try {
|
|
1608
|
+
partyVInfo = decode(joseHeader.apv);
|
|
1609
|
+
} catch {
|
|
1610
|
+
throw new JWEInvalid("Failed to base64url decode the apv");
|
|
1611
|
+
}
|
|
1612
|
+
}
|
|
1613
|
+
const sharedSecret = await deriveKey(epk, key, alg === "ECDH-ES" ? joseHeader.enc : alg, alg === "ECDH-ES" ? bitLength2(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);
|
|
1614
|
+
if (alg === "ECDH-ES")
|
|
1615
|
+
return sharedSecret;
|
|
1616
|
+
if (encryptedKey === void 0)
|
|
1617
|
+
throw new JWEInvalid("JWE Encrypted Key missing");
|
|
1618
|
+
return unwrap(alg.slice(-6), sharedSecret, encryptedKey);
|
|
1619
|
+
}
|
|
1620
|
+
case "RSA1_5":
|
|
1621
|
+
case "RSA-OAEP":
|
|
1622
|
+
case "RSA-OAEP-256":
|
|
1623
|
+
case "RSA-OAEP-384":
|
|
1624
|
+
case "RSA-OAEP-512": {
|
|
1625
|
+
if (encryptedKey === void 0)
|
|
1626
|
+
throw new JWEInvalid("JWE Encrypted Key missing");
|
|
1627
|
+
return decrypt3(alg, key, encryptedKey);
|
|
1628
|
+
}
|
|
1629
|
+
case "PBES2-HS256+A128KW":
|
|
1630
|
+
case "PBES2-HS384+A192KW":
|
|
1631
|
+
case "PBES2-HS512+A256KW": {
|
|
1632
|
+
if (encryptedKey === void 0)
|
|
1633
|
+
throw new JWEInvalid("JWE Encrypted Key missing");
|
|
1634
|
+
if (typeof joseHeader.p2c !== "number")
|
|
1635
|
+
throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) missing or invalid`);
|
|
1636
|
+
const p2cLimit = options?.maxPBES2Count || 1e4;
|
|
1637
|
+
if (joseHeader.p2c > p2cLimit)
|
|
1638
|
+
throw new JWEInvalid(`JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds`);
|
|
1639
|
+
if (typeof joseHeader.p2s !== "string")
|
|
1640
|
+
throw new JWEInvalid(`JOSE Header "p2s" (PBES2 Salt) missing or invalid`);
|
|
1641
|
+
let p2s2;
|
|
1642
|
+
try {
|
|
1643
|
+
p2s2 = decode(joseHeader.p2s);
|
|
1644
|
+
} catch {
|
|
1645
|
+
throw new JWEInvalid("Failed to base64url decode the p2s");
|
|
1646
|
+
}
|
|
1647
|
+
return decrypt2(alg, key, encryptedKey, joseHeader.p2c, p2s2);
|
|
1648
|
+
}
|
|
1649
|
+
case "A128KW":
|
|
1650
|
+
case "A192KW":
|
|
1651
|
+
case "A256KW": {
|
|
1652
|
+
if (encryptedKey === void 0)
|
|
1653
|
+
throw new JWEInvalid("JWE Encrypted Key missing");
|
|
1654
|
+
return unwrap(alg, key, encryptedKey);
|
|
1655
|
+
}
|
|
1656
|
+
case "A128GCMKW":
|
|
1657
|
+
case "A192GCMKW":
|
|
1658
|
+
case "A256GCMKW": {
|
|
1659
|
+
if (encryptedKey === void 0)
|
|
1660
|
+
throw new JWEInvalid("JWE Encrypted Key missing");
|
|
1661
|
+
if (typeof joseHeader.iv !== "string")
|
|
1662
|
+
throw new JWEInvalid(`JOSE Header "iv" (Initialization Vector) missing or invalid`);
|
|
1663
|
+
if (typeof joseHeader.tag !== "string")
|
|
1664
|
+
throw new JWEInvalid(`JOSE Header "tag" (Authentication Tag) missing or invalid`);
|
|
1665
|
+
let iv;
|
|
1666
|
+
try {
|
|
1667
|
+
iv = decode(joseHeader.iv);
|
|
1668
|
+
} catch {
|
|
1669
|
+
throw new JWEInvalid("Failed to base64url decode the iv");
|
|
1670
|
+
}
|
|
1671
|
+
let tag;
|
|
1672
|
+
try {
|
|
1673
|
+
tag = decode(joseHeader.tag);
|
|
1674
|
+
} catch {
|
|
1675
|
+
throw new JWEInvalid("Failed to base64url decode the tag");
|
|
1676
|
+
}
|
|
1677
|
+
return unwrap2(alg, key, encryptedKey, iv, tag);
|
|
1678
|
+
}
|
|
1679
|
+
default: {
|
|
1680
|
+
throw new JOSENotSupported('Invalid or unsupported "alg" (JWE Algorithm) header value');
|
|
1681
|
+
}
|
|
1682
|
+
}
|
|
1683
|
+
}
|
|
1684
|
+
var decrypt_key_management_default;
|
|
1685
|
+
var init_decrypt_key_management = __esm({
|
|
1686
|
+
"../../node_modules/jose/dist/browser/lib/decrypt_key_management.js"() {
|
|
1687
|
+
"use strict";
|
|
1688
|
+
init_aeskw();
|
|
1689
|
+
init_ecdhes();
|
|
1690
|
+
init_pbes2kw();
|
|
1691
|
+
init_rsaes();
|
|
1692
|
+
init_base64url();
|
|
1693
|
+
init_errors();
|
|
1694
|
+
init_cek();
|
|
1695
|
+
init_import();
|
|
1696
|
+
init_check_key_type();
|
|
1697
|
+
init_is_object();
|
|
1698
|
+
init_aesgcmkw();
|
|
1699
|
+
decrypt_key_management_default = decryptKeyManagement;
|
|
1700
|
+
}
|
|
1701
|
+
});
|
|
1702
|
+
|
|
1703
|
+
// ../../node_modules/jose/dist/browser/lib/validate_crit.js
|
|
1704
|
+
function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
|
|
1705
|
+
if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) {
|
|
1706
|
+
throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
|
|
1707
|
+
}
|
|
1708
|
+
if (!protectedHeader || protectedHeader.crit === void 0) {
|
|
1709
|
+
return /* @__PURE__ */ new Set();
|
|
1710
|
+
}
|
|
1711
|
+
if (!Array.isArray(protectedHeader.crit) || protectedHeader.crit.length === 0 || protectedHeader.crit.some((input) => typeof input !== "string" || input.length === 0)) {
|
|
1712
|
+
throw new Err('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
|
|
1713
|
+
}
|
|
1714
|
+
let recognized;
|
|
1715
|
+
if (recognizedOption !== void 0) {
|
|
1716
|
+
recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);
|
|
1717
|
+
} else {
|
|
1718
|
+
recognized = recognizedDefault;
|
|
1719
|
+
}
|
|
1720
|
+
for (const parameter of protectedHeader.crit) {
|
|
1721
|
+
if (!recognized.has(parameter)) {
|
|
1722
|
+
throw new JOSENotSupported(`Extension Header Parameter "${parameter}" is not recognized`);
|
|
1723
|
+
}
|
|
1724
|
+
if (joseHeader[parameter] === void 0) {
|
|
1725
|
+
throw new Err(`Extension Header Parameter "${parameter}" is missing`);
|
|
1726
|
+
}
|
|
1727
|
+
if (recognized.get(parameter) && protectedHeader[parameter] === void 0) {
|
|
1728
|
+
throw new Err(`Extension Header Parameter "${parameter}" MUST be integrity protected`);
|
|
1729
|
+
}
|
|
1730
|
+
}
|
|
1731
|
+
return new Set(protectedHeader.crit);
|
|
1732
|
+
}
|
|
1733
|
+
var validate_crit_default;
|
|
1734
|
+
var init_validate_crit = __esm({
|
|
1735
|
+
"../../node_modules/jose/dist/browser/lib/validate_crit.js"() {
|
|
1736
|
+
"use strict";
|
|
1737
|
+
init_errors();
|
|
1738
|
+
validate_crit_default = validateCrit;
|
|
1739
|
+
}
|
|
1740
|
+
});
|
|
1741
|
+
|
|
1742
|
+
// ../../node_modules/jose/dist/browser/lib/validate_algorithms.js
|
|
1743
|
+
var validateAlgorithms, validate_algorithms_default;
|
|
1744
|
+
var init_validate_algorithms = __esm({
|
|
1745
|
+
"../../node_modules/jose/dist/browser/lib/validate_algorithms.js"() {
|
|
1746
|
+
"use strict";
|
|
1747
|
+
validateAlgorithms = (option, algorithms) => {
|
|
1748
|
+
if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) {
|
|
1749
|
+
throw new TypeError(`"${option}" option must be an array of strings`);
|
|
1750
|
+
}
|
|
1751
|
+
if (!algorithms) {
|
|
1752
|
+
return void 0;
|
|
1753
|
+
}
|
|
1754
|
+
return new Set(algorithms);
|
|
1755
|
+
};
|
|
1756
|
+
validate_algorithms_default = validateAlgorithms;
|
|
1757
|
+
}
|
|
1758
|
+
});
|
|
1759
|
+
|
|
1760
|
+
// ../../node_modules/jose/dist/browser/jwe/flattened/decrypt.js
|
|
1761
|
+
async function flattenedDecrypt(jwe, key, options) {
|
|
1762
|
+
if (!isObject2(jwe)) {
|
|
1763
|
+
throw new JWEInvalid("Flattened JWE must be an object");
|
|
1764
|
+
}
|
|
1765
|
+
if (jwe.protected === void 0 && jwe.header === void 0 && jwe.unprotected === void 0) {
|
|
1766
|
+
throw new JWEInvalid("JOSE Header missing");
|
|
1767
|
+
}
|
|
1768
|
+
if (jwe.iv !== void 0 && typeof jwe.iv !== "string") {
|
|
1769
|
+
throw new JWEInvalid("JWE Initialization Vector incorrect type");
|
|
1770
|
+
}
|
|
1771
|
+
if (typeof jwe.ciphertext !== "string") {
|
|
1772
|
+
throw new JWEInvalid("JWE Ciphertext missing or incorrect type");
|
|
1773
|
+
}
|
|
1774
|
+
if (jwe.tag !== void 0 && typeof jwe.tag !== "string") {
|
|
1775
|
+
throw new JWEInvalid("JWE Authentication Tag incorrect type");
|
|
1776
|
+
}
|
|
1777
|
+
if (jwe.protected !== void 0 && typeof jwe.protected !== "string") {
|
|
1778
|
+
throw new JWEInvalid("JWE Protected Header incorrect type");
|
|
1779
|
+
}
|
|
1780
|
+
if (jwe.encrypted_key !== void 0 && typeof jwe.encrypted_key !== "string") {
|
|
1781
|
+
throw new JWEInvalid("JWE Encrypted Key incorrect type");
|
|
1782
|
+
}
|
|
1783
|
+
if (jwe.aad !== void 0 && typeof jwe.aad !== "string") {
|
|
1784
|
+
throw new JWEInvalid("JWE AAD incorrect type");
|
|
1785
|
+
}
|
|
1786
|
+
if (jwe.header !== void 0 && !isObject2(jwe.header)) {
|
|
1787
|
+
throw new JWEInvalid("JWE Shared Unprotected Header incorrect type");
|
|
1788
|
+
}
|
|
1789
|
+
if (jwe.unprotected !== void 0 && !isObject2(jwe.unprotected)) {
|
|
1790
|
+
throw new JWEInvalid("JWE Per-Recipient Unprotected Header incorrect type");
|
|
1791
|
+
}
|
|
1792
|
+
let parsedProt;
|
|
1793
|
+
if (jwe.protected) {
|
|
1794
|
+
try {
|
|
1795
|
+
const protectedHeader2 = decode(jwe.protected);
|
|
1796
|
+
parsedProt = JSON.parse(decoder.decode(protectedHeader2));
|
|
1797
|
+
} catch {
|
|
1798
|
+
throw new JWEInvalid("JWE Protected Header is invalid");
|
|
1799
|
+
}
|
|
1800
|
+
}
|
|
1801
|
+
if (!is_disjoint_default(parsedProt, jwe.header, jwe.unprotected)) {
|
|
1802
|
+
throw new JWEInvalid("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");
|
|
1803
|
+
}
|
|
1804
|
+
const joseHeader = {
|
|
1805
|
+
...parsedProt,
|
|
1806
|
+
...jwe.header,
|
|
1807
|
+
...jwe.unprotected
|
|
1808
|
+
};
|
|
1809
|
+
validate_crit_default(JWEInvalid, /* @__PURE__ */ new Map(), options?.crit, parsedProt, joseHeader);
|
|
1810
|
+
if (joseHeader.zip !== void 0) {
|
|
1811
|
+
throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');
|
|
1812
|
+
}
|
|
1813
|
+
const { alg, enc } = joseHeader;
|
|
1814
|
+
if (typeof alg !== "string" || !alg) {
|
|
1815
|
+
throw new JWEInvalid("missing JWE Algorithm (alg) in JWE Header");
|
|
1816
|
+
}
|
|
1817
|
+
if (typeof enc !== "string" || !enc) {
|
|
1818
|
+
throw new JWEInvalid("missing JWE Encryption Algorithm (enc) in JWE Header");
|
|
1819
|
+
}
|
|
1820
|
+
const keyManagementAlgorithms = options && validate_algorithms_default("keyManagementAlgorithms", options.keyManagementAlgorithms);
|
|
1821
|
+
const contentEncryptionAlgorithms = options && validate_algorithms_default("contentEncryptionAlgorithms", options.contentEncryptionAlgorithms);
|
|
1822
|
+
if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg) || !keyManagementAlgorithms && alg.startsWith("PBES2")) {
|
|
1823
|
+
throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed');
|
|
1824
|
+
}
|
|
1825
|
+
if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) {
|
|
1826
|
+
throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter value not allowed');
|
|
1827
|
+
}
|
|
1828
|
+
let encryptedKey;
|
|
1829
|
+
if (jwe.encrypted_key !== void 0) {
|
|
1830
|
+
try {
|
|
1831
|
+
encryptedKey = decode(jwe.encrypted_key);
|
|
1832
|
+
} catch {
|
|
1833
|
+
throw new JWEInvalid("Failed to base64url decode the encrypted_key");
|
|
1834
|
+
}
|
|
1835
|
+
}
|
|
1836
|
+
let resolvedKey = false;
|
|
1837
|
+
if (typeof key === "function") {
|
|
1838
|
+
key = await key(parsedProt, jwe);
|
|
1839
|
+
resolvedKey = true;
|
|
1840
|
+
}
|
|
1841
|
+
let cek;
|
|
1842
|
+
try {
|
|
1843
|
+
cek = await decrypt_key_management_default(alg, key, encryptedKey, joseHeader, options);
|
|
1844
|
+
} catch (err) {
|
|
1845
|
+
if (err instanceof TypeError || err instanceof JWEInvalid || err instanceof JOSENotSupported) {
|
|
1846
|
+
throw err;
|
|
1847
|
+
}
|
|
1848
|
+
cek = cek_default(enc);
|
|
1849
|
+
}
|
|
1850
|
+
let iv;
|
|
1851
|
+
let tag;
|
|
1852
|
+
if (jwe.iv !== void 0) {
|
|
1853
|
+
try {
|
|
1854
|
+
iv = decode(jwe.iv);
|
|
1855
|
+
} catch {
|
|
1856
|
+
throw new JWEInvalid("Failed to base64url decode the iv");
|
|
1857
|
+
}
|
|
1858
|
+
}
|
|
1859
|
+
if (jwe.tag !== void 0) {
|
|
1860
|
+
try {
|
|
1861
|
+
tag = decode(jwe.tag);
|
|
1862
|
+
} catch {
|
|
1863
|
+
throw new JWEInvalid("Failed to base64url decode the tag");
|
|
1864
|
+
}
|
|
1865
|
+
}
|
|
1866
|
+
const protectedHeader = encoder.encode(jwe.protected ?? "");
|
|
1867
|
+
let additionalData;
|
|
1868
|
+
if (jwe.aad !== void 0) {
|
|
1869
|
+
additionalData = concat(protectedHeader, encoder.encode("."), encoder.encode(jwe.aad));
|
|
1870
|
+
} else {
|
|
1871
|
+
additionalData = protectedHeader;
|
|
1872
|
+
}
|
|
1873
|
+
let ciphertext;
|
|
1874
|
+
try {
|
|
1875
|
+
ciphertext = decode(jwe.ciphertext);
|
|
1876
|
+
} catch {
|
|
1877
|
+
throw new JWEInvalid("Failed to base64url decode the ciphertext");
|
|
1878
|
+
}
|
|
1879
|
+
const plaintext = await decrypt_default(enc, cek, ciphertext, iv, tag, additionalData);
|
|
1880
|
+
const result = { plaintext };
|
|
1881
|
+
if (jwe.protected !== void 0) {
|
|
1882
|
+
result.protectedHeader = parsedProt;
|
|
1883
|
+
}
|
|
1884
|
+
if (jwe.aad !== void 0) {
|
|
1885
|
+
try {
|
|
1886
|
+
result.additionalAuthenticatedData = decode(jwe.aad);
|
|
1887
|
+
} catch {
|
|
1888
|
+
throw new JWEInvalid("Failed to base64url decode the aad");
|
|
1889
|
+
}
|
|
1890
|
+
}
|
|
1891
|
+
if (jwe.unprotected !== void 0) {
|
|
1892
|
+
result.sharedUnprotectedHeader = jwe.unprotected;
|
|
1893
|
+
}
|
|
1894
|
+
if (jwe.header !== void 0) {
|
|
1895
|
+
result.unprotectedHeader = jwe.header;
|
|
1896
|
+
}
|
|
1897
|
+
if (resolvedKey) {
|
|
1898
|
+
return { ...result, key };
|
|
1899
|
+
}
|
|
1900
|
+
return result;
|
|
1901
|
+
}
|
|
1902
|
+
var init_decrypt2 = __esm({
|
|
1903
|
+
"../../node_modules/jose/dist/browser/jwe/flattened/decrypt.js"() {
|
|
1904
|
+
"use strict";
|
|
1905
|
+
init_base64url();
|
|
1906
|
+
init_decrypt();
|
|
1907
|
+
init_errors();
|
|
1908
|
+
init_is_disjoint();
|
|
1909
|
+
init_is_object();
|
|
1910
|
+
init_decrypt_key_management();
|
|
1911
|
+
init_buffer_utils();
|
|
1912
|
+
init_cek();
|
|
1913
|
+
init_validate_crit();
|
|
1914
|
+
init_validate_algorithms();
|
|
1915
|
+
}
|
|
1916
|
+
});
|
|
1917
|
+
|
|
1918
|
+
// ../../node_modules/jose/dist/browser/jwe/compact/decrypt.js
|
|
1919
|
+
async function compactDecrypt(jwe, key, options) {
|
|
1920
|
+
if (jwe instanceof Uint8Array) {
|
|
1921
|
+
jwe = decoder.decode(jwe);
|
|
1922
|
+
}
|
|
1923
|
+
if (typeof jwe !== "string") {
|
|
1924
|
+
throw new JWEInvalid("Compact JWE must be a string or Uint8Array");
|
|
1925
|
+
}
|
|
1926
|
+
const { 0: protectedHeader, 1: encryptedKey, 2: iv, 3: ciphertext, 4: tag, length } = jwe.split(".");
|
|
1927
|
+
if (length !== 5) {
|
|
1928
|
+
throw new JWEInvalid("Invalid Compact JWE");
|
|
1929
|
+
}
|
|
1930
|
+
const decrypted = await flattenedDecrypt({
|
|
1931
|
+
ciphertext,
|
|
1932
|
+
iv: iv || void 0,
|
|
1933
|
+
protected: protectedHeader,
|
|
1934
|
+
tag: tag || void 0,
|
|
1935
|
+
encrypted_key: encryptedKey || void 0
|
|
1936
|
+
}, key, options);
|
|
1937
|
+
const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };
|
|
1938
|
+
if (typeof key === "function") {
|
|
1939
|
+
return { ...result, key: decrypted.key };
|
|
1940
|
+
}
|
|
1941
|
+
return result;
|
|
1942
|
+
}
|
|
1943
|
+
var init_decrypt3 = __esm({
|
|
1944
|
+
"../../node_modules/jose/dist/browser/jwe/compact/decrypt.js"() {
|
|
1945
|
+
"use strict";
|
|
1946
|
+
init_decrypt2();
|
|
1947
|
+
init_errors();
|
|
1948
|
+
init_buffer_utils();
|
|
1949
|
+
}
|
|
1950
|
+
});
|
|
1951
|
+
|
|
1952
|
+
// ../../node_modules/jose/dist/browser/jwe/general/decrypt.js
|
|
1953
|
+
async function generalDecrypt(jwe, key, options) {
|
|
1954
|
+
if (!isObject2(jwe)) {
|
|
1955
|
+
throw new JWEInvalid("General JWE must be an object");
|
|
1956
|
+
}
|
|
1957
|
+
if (!Array.isArray(jwe.recipients) || !jwe.recipients.every(isObject2)) {
|
|
1958
|
+
throw new JWEInvalid("JWE Recipients missing or incorrect type");
|
|
1959
|
+
}
|
|
1960
|
+
if (!jwe.recipients.length) {
|
|
1961
|
+
throw new JWEInvalid("JWE Recipients has no members");
|
|
1962
|
+
}
|
|
1963
|
+
for (const recipient of jwe.recipients) {
|
|
1964
|
+
try {
|
|
1965
|
+
return await flattenedDecrypt({
|
|
1966
|
+
aad: jwe.aad,
|
|
1967
|
+
ciphertext: jwe.ciphertext,
|
|
1968
|
+
encrypted_key: recipient.encrypted_key,
|
|
1969
|
+
header: recipient.header,
|
|
1970
|
+
iv: jwe.iv,
|
|
1971
|
+
protected: jwe.protected,
|
|
1972
|
+
tag: jwe.tag,
|
|
1973
|
+
unprotected: jwe.unprotected
|
|
1974
|
+
}, key, options);
|
|
1975
|
+
} catch {
|
|
1976
|
+
}
|
|
1977
|
+
}
|
|
1978
|
+
throw new JWEDecryptionFailed();
|
|
1979
|
+
}
|
|
1980
|
+
var init_decrypt4 = __esm({
|
|
1981
|
+
"../../node_modules/jose/dist/browser/jwe/general/decrypt.js"() {
|
|
1982
|
+
"use strict";
|
|
1983
|
+
init_decrypt2();
|
|
1984
|
+
init_errors();
|
|
1985
|
+
init_is_object();
|
|
1986
|
+
}
|
|
1987
|
+
});
|
|
1988
|
+
|
|
1989
|
+
// ../../node_modules/jose/dist/browser/runtime/key_to_jwk.js
|
|
1990
|
+
var keyToJWK, key_to_jwk_default;
|
|
1991
|
+
var init_key_to_jwk = __esm({
|
|
1992
|
+
"../../node_modules/jose/dist/browser/runtime/key_to_jwk.js"() {
|
|
1993
|
+
"use strict";
|
|
1994
|
+
init_webcrypto();
|
|
1995
|
+
init_invalid_key_input();
|
|
1996
|
+
init_base64url();
|
|
1997
|
+
init_is_key_like();
|
|
1998
|
+
keyToJWK = async (key) => {
|
|
1999
|
+
if (key instanceof Uint8Array) {
|
|
2000
|
+
return {
|
|
2001
|
+
kty: "oct",
|
|
2002
|
+
k: encode(key)
|
|
2003
|
+
};
|
|
2004
|
+
}
|
|
2005
|
+
if (!isCryptoKey(key)) {
|
|
2006
|
+
throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
|
|
2007
|
+
}
|
|
2008
|
+
if (!key.extractable) {
|
|
2009
|
+
throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");
|
|
2010
|
+
}
|
|
2011
|
+
const { ext, key_ops, alg, use, ...jwk } = await webcrypto_default.subtle.exportKey("jwk", key);
|
|
2012
|
+
return jwk;
|
|
2013
|
+
};
|
|
2014
|
+
key_to_jwk_default = keyToJWK;
|
|
2015
|
+
}
|
|
2016
|
+
});
|
|
2017
|
+
|
|
2018
|
+
// ../../node_modules/jose/dist/browser/key/export.js
|
|
2019
|
+
async function exportSPKI(key) {
|
|
2020
|
+
return toSPKI(key);
|
|
2021
|
+
}
|
|
2022
|
+
async function exportPKCS8(key) {
|
|
2023
|
+
return toPKCS8(key);
|
|
2024
|
+
}
|
|
2025
|
+
async function exportJWK(key) {
|
|
2026
|
+
return key_to_jwk_default(key);
|
|
2027
|
+
}
|
|
2028
|
+
var init_export = __esm({
|
|
2029
|
+
"../../node_modules/jose/dist/browser/key/export.js"() {
|
|
2030
|
+
"use strict";
|
|
2031
|
+
init_asn1();
|
|
2032
|
+
init_asn1();
|
|
2033
|
+
init_key_to_jwk();
|
|
2034
|
+
}
|
|
2035
|
+
});
|
|
2036
|
+
|
|
2037
|
+
// ../../node_modules/jose/dist/browser/lib/encrypt_key_management.js
|
|
2038
|
+
async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) {
|
|
2039
|
+
let encryptedKey;
|
|
2040
|
+
let parameters;
|
|
2041
|
+
let cek;
|
|
2042
|
+
check_key_type_default(alg, key, "encrypt");
|
|
2043
|
+
switch (alg) {
|
|
2044
|
+
case "dir": {
|
|
2045
|
+
cek = key;
|
|
2046
|
+
break;
|
|
2047
|
+
}
|
|
2048
|
+
case "ECDH-ES":
|
|
2049
|
+
case "ECDH-ES+A128KW":
|
|
2050
|
+
case "ECDH-ES+A192KW":
|
|
2051
|
+
case "ECDH-ES+A256KW": {
|
|
2052
|
+
if (!ecdhAllowed(key)) {
|
|
2053
|
+
throw new JOSENotSupported("ECDH with the provided key is not allowed or not supported by your javascript runtime");
|
|
2054
|
+
}
|
|
2055
|
+
const { apu, apv } = providedParameters;
|
|
2056
|
+
let { epk: ephemeralKey } = providedParameters;
|
|
2057
|
+
ephemeralKey || (ephemeralKey = (await generateEpk(key)).privateKey);
|
|
2058
|
+
const { x, y, crv, kty } = await exportJWK(ephemeralKey);
|
|
2059
|
+
const sharedSecret = await deriveKey(key, ephemeralKey, alg === "ECDH-ES" ? enc : alg, alg === "ECDH-ES" ? bitLength2(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv);
|
|
2060
|
+
parameters = { epk: { x, crv, kty } };
|
|
2061
|
+
if (kty === "EC")
|
|
2062
|
+
parameters.epk.y = y;
|
|
2063
|
+
if (apu)
|
|
2064
|
+
parameters.apu = encode(apu);
|
|
2065
|
+
if (apv)
|
|
2066
|
+
parameters.apv = encode(apv);
|
|
2067
|
+
if (alg === "ECDH-ES") {
|
|
2068
|
+
cek = sharedSecret;
|
|
2069
|
+
break;
|
|
2070
|
+
}
|
|
2071
|
+
cek = providedCek || cek_default(enc);
|
|
2072
|
+
const kwAlg = alg.slice(-6);
|
|
2073
|
+
encryptedKey = await wrap(kwAlg, sharedSecret, cek);
|
|
2074
|
+
break;
|
|
2075
|
+
}
|
|
2076
|
+
case "RSA1_5":
|
|
2077
|
+
case "RSA-OAEP":
|
|
2078
|
+
case "RSA-OAEP-256":
|
|
2079
|
+
case "RSA-OAEP-384":
|
|
2080
|
+
case "RSA-OAEP-512": {
|
|
2081
|
+
cek = providedCek || cek_default(enc);
|
|
2082
|
+
encryptedKey = await encrypt2(alg, key, cek);
|
|
2083
|
+
break;
|
|
2084
|
+
}
|
|
2085
|
+
case "PBES2-HS256+A128KW":
|
|
2086
|
+
case "PBES2-HS384+A192KW":
|
|
2087
|
+
case "PBES2-HS512+A256KW": {
|
|
2088
|
+
cek = providedCek || cek_default(enc);
|
|
2089
|
+
const { p2c, p2s: p2s2 } = providedParameters;
|
|
2090
|
+
({ encryptedKey, ...parameters } = await encrypt(alg, key, cek, p2c, p2s2));
|
|
2091
|
+
break;
|
|
2092
|
+
}
|
|
2093
|
+
case "A128KW":
|
|
2094
|
+
case "A192KW":
|
|
2095
|
+
case "A256KW": {
|
|
2096
|
+
cek = providedCek || cek_default(enc);
|
|
2097
|
+
encryptedKey = await wrap(alg, key, cek);
|
|
2098
|
+
break;
|
|
2099
|
+
}
|
|
2100
|
+
case "A128GCMKW":
|
|
2101
|
+
case "A192GCMKW":
|
|
2102
|
+
case "A256GCMKW": {
|
|
2103
|
+
cek = providedCek || cek_default(enc);
|
|
2104
|
+
const { iv } = providedParameters;
|
|
2105
|
+
({ encryptedKey, ...parameters } = await wrap2(alg, key, cek, iv));
|
|
2106
|
+
break;
|
|
2107
|
+
}
|
|
2108
|
+
default: {
|
|
2109
|
+
throw new JOSENotSupported('Invalid or unsupported "alg" (JWE Algorithm) header value');
|
|
2110
|
+
}
|
|
2111
|
+
}
|
|
2112
|
+
return { cek, encryptedKey, parameters };
|
|
2113
|
+
}
|
|
2114
|
+
var encrypt_key_management_default;
|
|
2115
|
+
var init_encrypt_key_management = __esm({
|
|
2116
|
+
"../../node_modules/jose/dist/browser/lib/encrypt_key_management.js"() {
|
|
2117
|
+
"use strict";
|
|
2118
|
+
init_aeskw();
|
|
2119
|
+
init_ecdhes();
|
|
2120
|
+
init_pbes2kw();
|
|
2121
|
+
init_rsaes();
|
|
2122
|
+
init_base64url();
|
|
2123
|
+
init_cek();
|
|
2124
|
+
init_errors();
|
|
2125
|
+
init_export();
|
|
2126
|
+
init_check_key_type();
|
|
2127
|
+
init_aesgcmkw();
|
|
2128
|
+
encrypt_key_management_default = encryptKeyManagement;
|
|
2129
|
+
}
|
|
2130
|
+
});
|
|
2131
|
+
|
|
2132
|
+
// ../../node_modules/jose/dist/browser/jwe/flattened/encrypt.js
|
|
2133
|
+
var unprotected, FlattenedEncrypt;
|
|
2134
|
+
var init_encrypt2 = __esm({
|
|
2135
|
+
"../../node_modules/jose/dist/browser/jwe/flattened/encrypt.js"() {
|
|
2136
|
+
"use strict";
|
|
2137
|
+
init_base64url();
|
|
2138
|
+
init_encrypt();
|
|
2139
|
+
init_encrypt_key_management();
|
|
2140
|
+
init_errors();
|
|
2141
|
+
init_is_disjoint();
|
|
2142
|
+
init_buffer_utils();
|
|
2143
|
+
init_validate_crit();
|
|
2144
|
+
unprotected = Symbol();
|
|
2145
|
+
FlattenedEncrypt = class {
|
|
2146
|
+
constructor(plaintext) {
|
|
2147
|
+
if (!(plaintext instanceof Uint8Array)) {
|
|
2148
|
+
throw new TypeError("plaintext must be an instance of Uint8Array");
|
|
2149
|
+
}
|
|
2150
|
+
this._plaintext = plaintext;
|
|
2151
|
+
}
|
|
2152
|
+
setKeyManagementParameters(parameters) {
|
|
2153
|
+
if (this._keyManagementParameters) {
|
|
2154
|
+
throw new TypeError("setKeyManagementParameters can only be called once");
|
|
2155
|
+
}
|
|
2156
|
+
this._keyManagementParameters = parameters;
|
|
2157
|
+
return this;
|
|
2158
|
+
}
|
|
2159
|
+
setProtectedHeader(protectedHeader) {
|
|
2160
|
+
if (this._protectedHeader) {
|
|
2161
|
+
throw new TypeError("setProtectedHeader can only be called once");
|
|
2162
|
+
}
|
|
2163
|
+
this._protectedHeader = protectedHeader;
|
|
2164
|
+
return this;
|
|
2165
|
+
}
|
|
2166
|
+
setSharedUnprotectedHeader(sharedUnprotectedHeader) {
|
|
2167
|
+
if (this._sharedUnprotectedHeader) {
|
|
2168
|
+
throw new TypeError("setSharedUnprotectedHeader can only be called once");
|
|
2169
|
+
}
|
|
2170
|
+
this._sharedUnprotectedHeader = sharedUnprotectedHeader;
|
|
2171
|
+
return this;
|
|
2172
|
+
}
|
|
2173
|
+
setUnprotectedHeader(unprotectedHeader) {
|
|
2174
|
+
if (this._unprotectedHeader) {
|
|
2175
|
+
throw new TypeError("setUnprotectedHeader can only be called once");
|
|
2176
|
+
}
|
|
2177
|
+
this._unprotectedHeader = unprotectedHeader;
|
|
2178
|
+
return this;
|
|
2179
|
+
}
|
|
2180
|
+
setAdditionalAuthenticatedData(aad) {
|
|
2181
|
+
this._aad = aad;
|
|
2182
|
+
return this;
|
|
2183
|
+
}
|
|
2184
|
+
setContentEncryptionKey(cek) {
|
|
2185
|
+
if (this._cek) {
|
|
2186
|
+
throw new TypeError("setContentEncryptionKey can only be called once");
|
|
2187
|
+
}
|
|
2188
|
+
this._cek = cek;
|
|
2189
|
+
return this;
|
|
2190
|
+
}
|
|
2191
|
+
setInitializationVector(iv) {
|
|
2192
|
+
if (this._iv) {
|
|
2193
|
+
throw new TypeError("setInitializationVector can only be called once");
|
|
2194
|
+
}
|
|
2195
|
+
this._iv = iv;
|
|
2196
|
+
return this;
|
|
2197
|
+
}
|
|
2198
|
+
async encrypt(key, options) {
|
|
2199
|
+
if (!this._protectedHeader && !this._unprotectedHeader && !this._sharedUnprotectedHeader) {
|
|
2200
|
+
throw new JWEInvalid("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");
|
|
2201
|
+
}
|
|
2202
|
+
if (!is_disjoint_default(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) {
|
|
2203
|
+
throw new JWEInvalid("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");
|
|
2204
|
+
}
|
|
2205
|
+
const joseHeader = {
|
|
2206
|
+
...this._protectedHeader,
|
|
2207
|
+
...this._unprotectedHeader,
|
|
2208
|
+
...this._sharedUnprotectedHeader
|
|
2209
|
+
};
|
|
2210
|
+
validate_crit_default(JWEInvalid, /* @__PURE__ */ new Map(), options?.crit, this._protectedHeader, joseHeader);
|
|
2211
|
+
if (joseHeader.zip !== void 0) {
|
|
2212
|
+
throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');
|
|
2213
|
+
}
|
|
2214
|
+
const { alg, enc } = joseHeader;
|
|
2215
|
+
if (typeof alg !== "string" || !alg) {
|
|
2216
|
+
throw new JWEInvalid('JWE "alg" (Algorithm) Header Parameter missing or invalid');
|
|
2217
|
+
}
|
|
2218
|
+
if (typeof enc !== "string" || !enc) {
|
|
2219
|
+
throw new JWEInvalid('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');
|
|
2220
|
+
}
|
|
2221
|
+
let encryptedKey;
|
|
2222
|
+
if (this._cek && (alg === "dir" || alg === "ECDH-ES")) {
|
|
2223
|
+
throw new TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${alg}`);
|
|
2224
|
+
}
|
|
2225
|
+
let cek;
|
|
2226
|
+
{
|
|
2227
|
+
let parameters;
|
|
2228
|
+
({ cek, encryptedKey, parameters } = await encrypt_key_management_default(alg, enc, key, this._cek, this._keyManagementParameters));
|
|
2229
|
+
if (parameters) {
|
|
2230
|
+
if (options && unprotected in options) {
|
|
2231
|
+
if (!this._unprotectedHeader) {
|
|
2232
|
+
this.setUnprotectedHeader(parameters);
|
|
2233
|
+
} else {
|
|
2234
|
+
this._unprotectedHeader = { ...this._unprotectedHeader, ...parameters };
|
|
2235
|
+
}
|
|
2236
|
+
} else {
|
|
2237
|
+
if (!this._protectedHeader) {
|
|
2238
|
+
this.setProtectedHeader(parameters);
|
|
2239
|
+
} else {
|
|
2240
|
+
this._protectedHeader = { ...this._protectedHeader, ...parameters };
|
|
2241
|
+
}
|
|
2242
|
+
}
|
|
2243
|
+
}
|
|
2244
|
+
}
|
|
2245
|
+
let additionalData;
|
|
2246
|
+
let protectedHeader;
|
|
2247
|
+
let aadMember;
|
|
2248
|
+
if (this._protectedHeader) {
|
|
2249
|
+
protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader)));
|
|
2250
|
+
} else {
|
|
2251
|
+
protectedHeader = encoder.encode("");
|
|
2252
|
+
}
|
|
2253
|
+
if (this._aad) {
|
|
2254
|
+
aadMember = encode(this._aad);
|
|
2255
|
+
additionalData = concat(protectedHeader, encoder.encode("."), encoder.encode(aadMember));
|
|
2256
|
+
} else {
|
|
2257
|
+
additionalData = protectedHeader;
|
|
2258
|
+
}
|
|
2259
|
+
const { ciphertext, tag, iv } = await encrypt_default(enc, this._plaintext, cek, this._iv, additionalData);
|
|
2260
|
+
const jwe = {
|
|
2261
|
+
ciphertext: encode(ciphertext)
|
|
2262
|
+
};
|
|
2263
|
+
if (iv) {
|
|
2264
|
+
jwe.iv = encode(iv);
|
|
2265
|
+
}
|
|
2266
|
+
if (tag) {
|
|
2267
|
+
jwe.tag = encode(tag);
|
|
2268
|
+
}
|
|
2269
|
+
if (encryptedKey) {
|
|
2270
|
+
jwe.encrypted_key = encode(encryptedKey);
|
|
2271
|
+
}
|
|
2272
|
+
if (aadMember) {
|
|
2273
|
+
jwe.aad = aadMember;
|
|
2274
|
+
}
|
|
2275
|
+
if (this._protectedHeader) {
|
|
2276
|
+
jwe.protected = decoder.decode(protectedHeader);
|
|
2277
|
+
}
|
|
2278
|
+
if (this._sharedUnprotectedHeader) {
|
|
2279
|
+
jwe.unprotected = this._sharedUnprotectedHeader;
|
|
2280
|
+
}
|
|
2281
|
+
if (this._unprotectedHeader) {
|
|
2282
|
+
jwe.header = this._unprotectedHeader;
|
|
2283
|
+
}
|
|
2284
|
+
return jwe;
|
|
2285
|
+
}
|
|
2286
|
+
};
|
|
2287
|
+
}
|
|
2288
|
+
});
|
|
2289
|
+
|
|
2290
|
+
// ../../node_modules/jose/dist/browser/jwe/general/encrypt.js
|
|
2291
|
+
var IndividualRecipient, GeneralEncrypt;
|
|
2292
|
+
var init_encrypt3 = __esm({
|
|
2293
|
+
"../../node_modules/jose/dist/browser/jwe/general/encrypt.js"() {
|
|
2294
|
+
"use strict";
|
|
2295
|
+
init_encrypt2();
|
|
2296
|
+
init_errors();
|
|
2297
|
+
init_cek();
|
|
2298
|
+
init_is_disjoint();
|
|
2299
|
+
init_encrypt_key_management();
|
|
2300
|
+
init_base64url();
|
|
2301
|
+
init_validate_crit();
|
|
2302
|
+
IndividualRecipient = class {
|
|
2303
|
+
constructor(enc, key, options) {
|
|
2304
|
+
this.parent = enc;
|
|
2305
|
+
this.key = key;
|
|
2306
|
+
this.options = options;
|
|
2307
|
+
}
|
|
2308
|
+
setUnprotectedHeader(unprotectedHeader) {
|
|
2309
|
+
if (this.unprotectedHeader) {
|
|
2310
|
+
throw new TypeError("setUnprotectedHeader can only be called once");
|
|
2311
|
+
}
|
|
2312
|
+
this.unprotectedHeader = unprotectedHeader;
|
|
2313
|
+
return this;
|
|
2314
|
+
}
|
|
2315
|
+
addRecipient(...args) {
|
|
2316
|
+
return this.parent.addRecipient(...args);
|
|
2317
|
+
}
|
|
2318
|
+
encrypt(...args) {
|
|
2319
|
+
return this.parent.encrypt(...args);
|
|
2320
|
+
}
|
|
2321
|
+
done() {
|
|
2322
|
+
return this.parent;
|
|
2323
|
+
}
|
|
2324
|
+
};
|
|
2325
|
+
GeneralEncrypt = class {
|
|
2326
|
+
constructor(plaintext) {
|
|
2327
|
+
this._recipients = [];
|
|
2328
|
+
this._plaintext = plaintext;
|
|
2329
|
+
}
|
|
2330
|
+
addRecipient(key, options) {
|
|
2331
|
+
const recipient = new IndividualRecipient(this, key, { crit: options?.crit });
|
|
2332
|
+
this._recipients.push(recipient);
|
|
2333
|
+
return recipient;
|
|
2334
|
+
}
|
|
2335
|
+
setProtectedHeader(protectedHeader) {
|
|
2336
|
+
if (this._protectedHeader) {
|
|
2337
|
+
throw new TypeError("setProtectedHeader can only be called once");
|
|
2338
|
+
}
|
|
2339
|
+
this._protectedHeader = protectedHeader;
|
|
2340
|
+
return this;
|
|
2341
|
+
}
|
|
2342
|
+
setSharedUnprotectedHeader(sharedUnprotectedHeader) {
|
|
2343
|
+
if (this._unprotectedHeader) {
|
|
2344
|
+
throw new TypeError("setSharedUnprotectedHeader can only be called once");
|
|
2345
|
+
}
|
|
2346
|
+
this._unprotectedHeader = sharedUnprotectedHeader;
|
|
2347
|
+
return this;
|
|
2348
|
+
}
|
|
2349
|
+
setAdditionalAuthenticatedData(aad) {
|
|
2350
|
+
this._aad = aad;
|
|
2351
|
+
return this;
|
|
2352
|
+
}
|
|
2353
|
+
async encrypt() {
|
|
2354
|
+
if (!this._recipients.length) {
|
|
2355
|
+
throw new JWEInvalid("at least one recipient must be added");
|
|
2356
|
+
}
|
|
2357
|
+
if (this._recipients.length === 1) {
|
|
2358
|
+
const [recipient] = this._recipients;
|
|
2359
|
+
const flattened = await new FlattenedEncrypt(this._plaintext).setAdditionalAuthenticatedData(this._aad).setProtectedHeader(this._protectedHeader).setSharedUnprotectedHeader(this._unprotectedHeader).setUnprotectedHeader(recipient.unprotectedHeader).encrypt(recipient.key, { ...recipient.options });
|
|
2360
|
+
const jwe2 = {
|
|
2361
|
+
ciphertext: flattened.ciphertext,
|
|
2362
|
+
iv: flattened.iv,
|
|
2363
|
+
recipients: [{}],
|
|
2364
|
+
tag: flattened.tag
|
|
2365
|
+
};
|
|
2366
|
+
if (flattened.aad)
|
|
2367
|
+
jwe2.aad = flattened.aad;
|
|
2368
|
+
if (flattened.protected)
|
|
2369
|
+
jwe2.protected = flattened.protected;
|
|
2370
|
+
if (flattened.unprotected)
|
|
2371
|
+
jwe2.unprotected = flattened.unprotected;
|
|
2372
|
+
if (flattened.encrypted_key)
|
|
2373
|
+
jwe2.recipients[0].encrypted_key = flattened.encrypted_key;
|
|
2374
|
+
if (flattened.header)
|
|
2375
|
+
jwe2.recipients[0].header = flattened.header;
|
|
2376
|
+
return jwe2;
|
|
2377
|
+
}
|
|
2378
|
+
let enc;
|
|
2379
|
+
for (let i = 0; i < this._recipients.length; i++) {
|
|
2380
|
+
const recipient = this._recipients[i];
|
|
2381
|
+
if (!is_disjoint_default(this._protectedHeader, this._unprotectedHeader, recipient.unprotectedHeader)) {
|
|
2382
|
+
throw new JWEInvalid("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");
|
|
2383
|
+
}
|
|
2384
|
+
const joseHeader = {
|
|
2385
|
+
...this._protectedHeader,
|
|
2386
|
+
...this._unprotectedHeader,
|
|
2387
|
+
...recipient.unprotectedHeader
|
|
2388
|
+
};
|
|
2389
|
+
const { alg } = joseHeader;
|
|
2390
|
+
if (typeof alg !== "string" || !alg) {
|
|
2391
|
+
throw new JWEInvalid('JWE "alg" (Algorithm) Header Parameter missing or invalid');
|
|
2392
|
+
}
|
|
2393
|
+
if (alg === "dir" || alg === "ECDH-ES") {
|
|
2394
|
+
throw new JWEInvalid('"dir" and "ECDH-ES" alg may only be used with a single recipient');
|
|
2395
|
+
}
|
|
2396
|
+
if (typeof joseHeader.enc !== "string" || !joseHeader.enc) {
|
|
2397
|
+
throw new JWEInvalid('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');
|
|
2398
|
+
}
|
|
2399
|
+
if (!enc) {
|
|
2400
|
+
enc = joseHeader.enc;
|
|
2401
|
+
} else if (enc !== joseHeader.enc) {
|
|
2402
|
+
throw new JWEInvalid('JWE "enc" (Encryption Algorithm) Header Parameter must be the same for all recipients');
|
|
2403
|
+
}
|
|
2404
|
+
validate_crit_default(JWEInvalid, /* @__PURE__ */ new Map(), recipient.options.crit, this._protectedHeader, joseHeader);
|
|
2405
|
+
if (joseHeader.zip !== void 0) {
|
|
2406
|
+
throw new JOSENotSupported('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');
|
|
2407
|
+
}
|
|
2408
|
+
}
|
|
2409
|
+
const cek = cek_default(enc);
|
|
2410
|
+
const jwe = {
|
|
2411
|
+
ciphertext: "",
|
|
2412
|
+
iv: "",
|
|
2413
|
+
recipients: [],
|
|
2414
|
+
tag: ""
|
|
2415
|
+
};
|
|
2416
|
+
for (let i = 0; i < this._recipients.length; i++) {
|
|
2417
|
+
const recipient = this._recipients[i];
|
|
2418
|
+
const target = {};
|
|
2419
|
+
jwe.recipients.push(target);
|
|
2420
|
+
const joseHeader = {
|
|
2421
|
+
...this._protectedHeader,
|
|
2422
|
+
...this._unprotectedHeader,
|
|
2423
|
+
...recipient.unprotectedHeader
|
|
2424
|
+
};
|
|
2425
|
+
const p2c = joseHeader.alg.startsWith("PBES2") ? 2048 + i : void 0;
|
|
2426
|
+
if (i === 0) {
|
|
2427
|
+
const flattened = await new FlattenedEncrypt(this._plaintext).setAdditionalAuthenticatedData(this._aad).setContentEncryptionKey(cek).setProtectedHeader(this._protectedHeader).setSharedUnprotectedHeader(this._unprotectedHeader).setUnprotectedHeader(recipient.unprotectedHeader).setKeyManagementParameters({ p2c }).encrypt(recipient.key, {
|
|
2428
|
+
...recipient.options,
|
|
2429
|
+
[unprotected]: true
|
|
2430
|
+
});
|
|
2431
|
+
jwe.ciphertext = flattened.ciphertext;
|
|
2432
|
+
jwe.iv = flattened.iv;
|
|
2433
|
+
jwe.tag = flattened.tag;
|
|
2434
|
+
if (flattened.aad)
|
|
2435
|
+
jwe.aad = flattened.aad;
|
|
2436
|
+
if (flattened.protected)
|
|
2437
|
+
jwe.protected = flattened.protected;
|
|
2438
|
+
if (flattened.unprotected)
|
|
2439
|
+
jwe.unprotected = flattened.unprotected;
|
|
2440
|
+
target.encrypted_key = flattened.encrypted_key;
|
|
2441
|
+
if (flattened.header)
|
|
2442
|
+
target.header = flattened.header;
|
|
2443
|
+
continue;
|
|
2444
|
+
}
|
|
2445
|
+
const { encryptedKey, parameters } = await encrypt_key_management_default(recipient.unprotectedHeader?.alg || this._protectedHeader?.alg || this._unprotectedHeader?.alg, enc, recipient.key, cek, { p2c });
|
|
2446
|
+
target.encrypted_key = encode(encryptedKey);
|
|
2447
|
+
if (recipient.unprotectedHeader || parameters)
|
|
2448
|
+
target.header = { ...recipient.unprotectedHeader, ...parameters };
|
|
2449
|
+
}
|
|
2450
|
+
return jwe;
|
|
2451
|
+
}
|
|
2452
|
+
};
|
|
2453
|
+
}
|
|
2454
|
+
});
|
|
2455
|
+
|
|
2456
|
+
// ../../node_modules/jose/dist/browser/runtime/subtle_dsa.js
|
|
2457
|
+
function subtleDsa(alg, algorithm) {
|
|
2458
|
+
const hash = `SHA-${alg.slice(-3)}`;
|
|
2459
|
+
switch (alg) {
|
|
2460
|
+
case "HS256":
|
|
2461
|
+
case "HS384":
|
|
2462
|
+
case "HS512":
|
|
2463
|
+
return { hash, name: "HMAC" };
|
|
2464
|
+
case "PS256":
|
|
2465
|
+
case "PS384":
|
|
2466
|
+
case "PS512":
|
|
2467
|
+
return { hash, name: "RSA-PSS", saltLength: alg.slice(-3) >> 3 };
|
|
2468
|
+
case "RS256":
|
|
2469
|
+
case "RS384":
|
|
2470
|
+
case "RS512":
|
|
2471
|
+
return { hash, name: "RSASSA-PKCS1-v1_5" };
|
|
2472
|
+
case "ES256":
|
|
2473
|
+
case "ES384":
|
|
2474
|
+
case "ES512":
|
|
2475
|
+
return { hash, name: "ECDSA", namedCurve: algorithm.namedCurve };
|
|
2476
|
+
case "EdDSA":
|
|
2477
|
+
return { name: algorithm.name };
|
|
2478
|
+
default:
|
|
2479
|
+
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
|
|
2480
|
+
}
|
|
2481
|
+
}
|
|
2482
|
+
var init_subtle_dsa = __esm({
|
|
2483
|
+
"../../node_modules/jose/dist/browser/runtime/subtle_dsa.js"() {
|
|
2484
|
+
"use strict";
|
|
2485
|
+
init_errors();
|
|
2486
|
+
}
|
|
2487
|
+
});
|
|
2488
|
+
|
|
2489
|
+
// ../../node_modules/jose/dist/browser/runtime/get_sign_verify_key.js
|
|
2490
|
+
function getCryptoKey3(alg, key, usage) {
|
|
2491
|
+
if (isCryptoKey(key)) {
|
|
2492
|
+
checkSigCryptoKey(key, alg, usage);
|
|
2493
|
+
return key;
|
|
2494
|
+
}
|
|
2495
|
+
if (key instanceof Uint8Array) {
|
|
2496
|
+
if (!alg.startsWith("HS")) {
|
|
2497
|
+
throw new TypeError(invalid_key_input_default(key, ...types));
|
|
2498
|
+
}
|
|
2499
|
+
return webcrypto_default.subtle.importKey("raw", key, { hash: `SHA-${alg.slice(-3)}`, name: "HMAC" }, false, [usage]);
|
|
2500
|
+
}
|
|
2501
|
+
throw new TypeError(invalid_key_input_default(key, ...types, "Uint8Array"));
|
|
2502
|
+
}
|
|
2503
|
+
var init_get_sign_verify_key = __esm({
|
|
2504
|
+
"../../node_modules/jose/dist/browser/runtime/get_sign_verify_key.js"() {
|
|
2505
|
+
"use strict";
|
|
2506
|
+
init_webcrypto();
|
|
2507
|
+
init_crypto_key();
|
|
2508
|
+
init_invalid_key_input();
|
|
2509
|
+
init_is_key_like();
|
|
2510
|
+
}
|
|
2511
|
+
});
|
|
2512
|
+
|
|
2513
|
+
// ../../node_modules/jose/dist/browser/runtime/verify.js
|
|
2514
|
+
var verify, verify_default;
|
|
2515
|
+
var init_verify = __esm({
|
|
2516
|
+
"../../node_modules/jose/dist/browser/runtime/verify.js"() {
|
|
2517
|
+
"use strict";
|
|
2518
|
+
init_subtle_dsa();
|
|
2519
|
+
init_webcrypto();
|
|
2520
|
+
init_check_key_length();
|
|
2521
|
+
init_get_sign_verify_key();
|
|
2522
|
+
verify = async (alg, key, signature, data) => {
|
|
2523
|
+
const cryptoKey = await getCryptoKey3(alg, key, "verify");
|
|
2524
|
+
check_key_length_default(alg, cryptoKey);
|
|
2525
|
+
const algorithm = subtleDsa(alg, cryptoKey.algorithm);
|
|
2526
|
+
try {
|
|
2527
|
+
return await webcrypto_default.subtle.verify(algorithm, cryptoKey, signature, data);
|
|
2528
|
+
} catch {
|
|
2529
|
+
return false;
|
|
2530
|
+
}
|
|
2531
|
+
};
|
|
2532
|
+
verify_default = verify;
|
|
2533
|
+
}
|
|
2534
|
+
});
|
|
2535
|
+
|
|
2536
|
+
// ../../node_modules/jose/dist/browser/jws/flattened/verify.js
|
|
2537
|
+
async function flattenedVerify(jws, key, options) {
|
|
2538
|
+
if (!isObject2(jws)) {
|
|
2539
|
+
throw new JWSInvalid("Flattened JWS must be an object");
|
|
2540
|
+
}
|
|
2541
|
+
if (jws.protected === void 0 && jws.header === void 0) {
|
|
2542
|
+
throw new JWSInvalid('Flattened JWS must have either of the "protected" or "header" members');
|
|
2543
|
+
}
|
|
2544
|
+
if (jws.protected !== void 0 && typeof jws.protected !== "string") {
|
|
2545
|
+
throw new JWSInvalid("JWS Protected Header incorrect type");
|
|
2546
|
+
}
|
|
2547
|
+
if (jws.payload === void 0) {
|
|
2548
|
+
throw new JWSInvalid("JWS Payload missing");
|
|
2549
|
+
}
|
|
2550
|
+
if (typeof jws.signature !== "string") {
|
|
2551
|
+
throw new JWSInvalid("JWS Signature missing or incorrect type");
|
|
2552
|
+
}
|
|
2553
|
+
if (jws.header !== void 0 && !isObject2(jws.header)) {
|
|
2554
|
+
throw new JWSInvalid("JWS Unprotected Header incorrect type");
|
|
2555
|
+
}
|
|
2556
|
+
let parsedProt = {};
|
|
2557
|
+
if (jws.protected) {
|
|
2558
|
+
try {
|
|
2559
|
+
const protectedHeader = decode(jws.protected);
|
|
2560
|
+
parsedProt = JSON.parse(decoder.decode(protectedHeader));
|
|
2561
|
+
} catch {
|
|
2562
|
+
throw new JWSInvalid("JWS Protected Header is invalid");
|
|
2563
|
+
}
|
|
2564
|
+
}
|
|
2565
|
+
if (!is_disjoint_default(parsedProt, jws.header)) {
|
|
2566
|
+
throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
2567
|
+
}
|
|
2568
|
+
const joseHeader = {
|
|
2569
|
+
...parsedProt,
|
|
2570
|
+
...jws.header
|
|
2571
|
+
};
|
|
2572
|
+
const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, parsedProt, joseHeader);
|
|
2573
|
+
let b64 = true;
|
|
2574
|
+
if (extensions.has("b64")) {
|
|
2575
|
+
b64 = parsedProt.b64;
|
|
2576
|
+
if (typeof b64 !== "boolean") {
|
|
2577
|
+
throw new JWSInvalid('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
2578
|
+
}
|
|
2579
|
+
}
|
|
2580
|
+
const { alg } = joseHeader;
|
|
2581
|
+
if (typeof alg !== "string" || !alg) {
|
|
2582
|
+
throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
2583
|
+
}
|
|
2584
|
+
const algorithms = options && validate_algorithms_default("algorithms", options.algorithms);
|
|
2585
|
+
if (algorithms && !algorithms.has(alg)) {
|
|
2586
|
+
throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter value not allowed');
|
|
2587
|
+
}
|
|
2588
|
+
if (b64) {
|
|
2589
|
+
if (typeof jws.payload !== "string") {
|
|
2590
|
+
throw new JWSInvalid("JWS Payload must be a string");
|
|
2591
|
+
}
|
|
2592
|
+
} else if (typeof jws.payload !== "string" && !(jws.payload instanceof Uint8Array)) {
|
|
2593
|
+
throw new JWSInvalid("JWS Payload must be a string or an Uint8Array instance");
|
|
2594
|
+
}
|
|
2595
|
+
let resolvedKey = false;
|
|
2596
|
+
if (typeof key === "function") {
|
|
2597
|
+
key = await key(parsedProt, jws);
|
|
2598
|
+
resolvedKey = true;
|
|
2599
|
+
}
|
|
2600
|
+
check_key_type_default(alg, key, "verify");
|
|
2601
|
+
const data = concat(encoder.encode(jws.protected ?? ""), encoder.encode("."), typeof jws.payload === "string" ? encoder.encode(jws.payload) : jws.payload);
|
|
2602
|
+
let signature;
|
|
2603
|
+
try {
|
|
2604
|
+
signature = decode(jws.signature);
|
|
2605
|
+
} catch {
|
|
2606
|
+
throw new JWSInvalid("Failed to base64url decode the signature");
|
|
2607
|
+
}
|
|
2608
|
+
const verified = await verify_default(alg, key, signature, data);
|
|
2609
|
+
if (!verified) {
|
|
2610
|
+
throw new JWSSignatureVerificationFailed();
|
|
2611
|
+
}
|
|
2612
|
+
let payload;
|
|
2613
|
+
if (b64) {
|
|
2614
|
+
try {
|
|
2615
|
+
payload = decode(jws.payload);
|
|
2616
|
+
} catch {
|
|
2617
|
+
throw new JWSInvalid("Failed to base64url decode the payload");
|
|
2618
|
+
}
|
|
2619
|
+
} else if (typeof jws.payload === "string") {
|
|
2620
|
+
payload = encoder.encode(jws.payload);
|
|
2621
|
+
} else {
|
|
2622
|
+
payload = jws.payload;
|
|
2623
|
+
}
|
|
2624
|
+
const result = { payload };
|
|
2625
|
+
if (jws.protected !== void 0) {
|
|
2626
|
+
result.protectedHeader = parsedProt;
|
|
2627
|
+
}
|
|
2628
|
+
if (jws.header !== void 0) {
|
|
2629
|
+
result.unprotectedHeader = jws.header;
|
|
2630
|
+
}
|
|
2631
|
+
if (resolvedKey) {
|
|
2632
|
+
return { ...result, key };
|
|
2633
|
+
}
|
|
2634
|
+
return result;
|
|
2635
|
+
}
|
|
2636
|
+
var init_verify2 = __esm({
|
|
2637
|
+
"../../node_modules/jose/dist/browser/jws/flattened/verify.js"() {
|
|
2638
|
+
"use strict";
|
|
2639
|
+
init_base64url();
|
|
2640
|
+
init_verify();
|
|
2641
|
+
init_errors();
|
|
2642
|
+
init_buffer_utils();
|
|
2643
|
+
init_is_disjoint();
|
|
2644
|
+
init_is_object();
|
|
2645
|
+
init_check_key_type();
|
|
2646
|
+
init_validate_crit();
|
|
2647
|
+
init_validate_algorithms();
|
|
2648
|
+
}
|
|
2649
|
+
});
|
|
2650
|
+
|
|
2651
|
+
// ../../node_modules/jose/dist/browser/jws/compact/verify.js
|
|
2652
|
+
async function compactVerify(jws, key, options) {
|
|
2653
|
+
if (jws instanceof Uint8Array) {
|
|
2654
|
+
jws = decoder.decode(jws);
|
|
2655
|
+
}
|
|
2656
|
+
if (typeof jws !== "string") {
|
|
2657
|
+
throw new JWSInvalid("Compact JWS must be a string or Uint8Array");
|
|
2658
|
+
}
|
|
2659
|
+
const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split(".");
|
|
2660
|
+
if (length !== 3) {
|
|
2661
|
+
throw new JWSInvalid("Invalid Compact JWS");
|
|
2662
|
+
}
|
|
2663
|
+
const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);
|
|
2664
|
+
const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };
|
|
2665
|
+
if (typeof key === "function") {
|
|
2666
|
+
return { ...result, key: verified.key };
|
|
2667
|
+
}
|
|
2668
|
+
return result;
|
|
2669
|
+
}
|
|
2670
|
+
var init_verify3 = __esm({
|
|
2671
|
+
"../../node_modules/jose/dist/browser/jws/compact/verify.js"() {
|
|
2672
|
+
"use strict";
|
|
2673
|
+
init_verify2();
|
|
2674
|
+
init_errors();
|
|
2675
|
+
init_buffer_utils();
|
|
2676
|
+
}
|
|
2677
|
+
});
|
|
2678
|
+
|
|
2679
|
+
// ../../node_modules/jose/dist/browser/jws/general/verify.js
|
|
2680
|
+
async function generalVerify(jws, key, options) {
|
|
2681
|
+
if (!isObject2(jws)) {
|
|
2682
|
+
throw new JWSInvalid("General JWS must be an object");
|
|
2683
|
+
}
|
|
2684
|
+
if (!Array.isArray(jws.signatures) || !jws.signatures.every(isObject2)) {
|
|
2685
|
+
throw new JWSInvalid("JWS Signatures missing or incorrect type");
|
|
2686
|
+
}
|
|
2687
|
+
for (const signature of jws.signatures) {
|
|
2688
|
+
try {
|
|
2689
|
+
return await flattenedVerify({
|
|
2690
|
+
header: signature.header,
|
|
2691
|
+
payload: jws.payload,
|
|
2692
|
+
protected: signature.protected,
|
|
2693
|
+
signature: signature.signature
|
|
2694
|
+
}, key, options);
|
|
2695
|
+
} catch {
|
|
2696
|
+
}
|
|
2697
|
+
}
|
|
2698
|
+
throw new JWSSignatureVerificationFailed();
|
|
2699
|
+
}
|
|
2700
|
+
var init_verify4 = __esm({
|
|
2701
|
+
"../../node_modules/jose/dist/browser/jws/general/verify.js"() {
|
|
2702
|
+
"use strict";
|
|
2703
|
+
init_verify2();
|
|
2704
|
+
init_errors();
|
|
2705
|
+
init_is_object();
|
|
2706
|
+
}
|
|
2707
|
+
});
|
|
2708
|
+
|
|
2709
|
+
// ../../node_modules/jose/dist/browser/lib/epoch.js
|
|
2710
|
+
var epoch_default;
|
|
2711
|
+
var init_epoch = __esm({
|
|
2712
|
+
"../../node_modules/jose/dist/browser/lib/epoch.js"() {
|
|
2713
|
+
"use strict";
|
|
2714
|
+
epoch_default = (date) => Math.floor(date.getTime() / 1e3);
|
|
2715
|
+
}
|
|
2716
|
+
});
|
|
2717
|
+
|
|
2718
|
+
// ../../node_modules/jose/dist/browser/lib/secs.js
|
|
2719
|
+
var minute, hour, day, week, year, REGEX, secs_default;
|
|
2720
|
+
var init_secs = __esm({
|
|
2721
|
+
"../../node_modules/jose/dist/browser/lib/secs.js"() {
|
|
2722
|
+
"use strict";
|
|
2723
|
+
minute = 60;
|
|
2724
|
+
hour = minute * 60;
|
|
2725
|
+
day = hour * 24;
|
|
2726
|
+
week = day * 7;
|
|
2727
|
+
year = day * 365.25;
|
|
2728
|
+
REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
|
|
2729
|
+
secs_default = (str) => {
|
|
2730
|
+
const matched = REGEX.exec(str);
|
|
2731
|
+
if (!matched || matched[4] && matched[1]) {
|
|
2732
|
+
throw new TypeError("Invalid time period format");
|
|
2733
|
+
}
|
|
2734
|
+
const value = parseFloat(matched[2]);
|
|
2735
|
+
const unit = matched[3].toLowerCase();
|
|
2736
|
+
let numericDate;
|
|
2737
|
+
switch (unit) {
|
|
2738
|
+
case "sec":
|
|
2739
|
+
case "secs":
|
|
2740
|
+
case "second":
|
|
2741
|
+
case "seconds":
|
|
2742
|
+
case "s":
|
|
2743
|
+
numericDate = Math.round(value);
|
|
2744
|
+
break;
|
|
2745
|
+
case "minute":
|
|
2746
|
+
case "minutes":
|
|
2747
|
+
case "min":
|
|
2748
|
+
case "mins":
|
|
2749
|
+
case "m":
|
|
2750
|
+
numericDate = Math.round(value * minute);
|
|
2751
|
+
break;
|
|
2752
|
+
case "hour":
|
|
2753
|
+
case "hours":
|
|
2754
|
+
case "hr":
|
|
2755
|
+
case "hrs":
|
|
2756
|
+
case "h":
|
|
2757
|
+
numericDate = Math.round(value * hour);
|
|
2758
|
+
break;
|
|
2759
|
+
case "day":
|
|
2760
|
+
case "days":
|
|
2761
|
+
case "d":
|
|
2762
|
+
numericDate = Math.round(value * day);
|
|
2763
|
+
break;
|
|
2764
|
+
case "week":
|
|
2765
|
+
case "weeks":
|
|
2766
|
+
case "w":
|
|
2767
|
+
numericDate = Math.round(value * week);
|
|
2768
|
+
break;
|
|
2769
|
+
default:
|
|
2770
|
+
numericDate = Math.round(value * year);
|
|
2771
|
+
break;
|
|
2772
|
+
}
|
|
2773
|
+
if (matched[1] === "-" || matched[4] === "ago") {
|
|
2774
|
+
return -numericDate;
|
|
2775
|
+
}
|
|
2776
|
+
return numericDate;
|
|
2777
|
+
};
|
|
2778
|
+
}
|
|
2779
|
+
});
|
|
2780
|
+
|
|
2781
|
+
// ../../node_modules/jose/dist/browser/lib/jwt_claims_set.js
|
|
2782
|
+
var normalizeTyp, checkAudiencePresence, jwt_claims_set_default;
|
|
2783
|
+
var init_jwt_claims_set = __esm({
|
|
2784
|
+
"../../node_modules/jose/dist/browser/lib/jwt_claims_set.js"() {
|
|
2785
|
+
"use strict";
|
|
2786
|
+
init_errors();
|
|
2787
|
+
init_buffer_utils();
|
|
2788
|
+
init_epoch();
|
|
2789
|
+
init_secs();
|
|
2790
|
+
init_is_object();
|
|
2791
|
+
normalizeTyp = (value) => value.toLowerCase().replace(/^application\//, "");
|
|
2792
|
+
checkAudiencePresence = (audPayload, audOption) => {
|
|
2793
|
+
if (typeof audPayload === "string") {
|
|
2794
|
+
return audOption.includes(audPayload);
|
|
2795
|
+
}
|
|
2796
|
+
if (Array.isArray(audPayload)) {
|
|
2797
|
+
return audOption.some(Set.prototype.has.bind(new Set(audPayload)));
|
|
2798
|
+
}
|
|
2799
|
+
return false;
|
|
2800
|
+
};
|
|
2801
|
+
jwt_claims_set_default = (protectedHeader, encodedPayload, options = {}) => {
|
|
2802
|
+
const { typ } = options;
|
|
2803
|
+
if (typ && (typeof protectedHeader.typ !== "string" || normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
|
|
2804
|
+
throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', "typ", "check_failed");
|
|
2805
|
+
}
|
|
2806
|
+
let payload;
|
|
2807
|
+
try {
|
|
2808
|
+
payload = JSON.parse(decoder.decode(encodedPayload));
|
|
2809
|
+
} catch {
|
|
2810
|
+
}
|
|
2811
|
+
if (!isObject2(payload)) {
|
|
2812
|
+
throw new JWTInvalid("JWT Claims Set must be a top-level JSON object");
|
|
2813
|
+
}
|
|
2814
|
+
const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
|
|
2815
|
+
const presenceCheck = [...requiredClaims];
|
|
2816
|
+
if (maxTokenAge !== void 0)
|
|
2817
|
+
presenceCheck.push("iat");
|
|
2818
|
+
if (audience !== void 0)
|
|
2819
|
+
presenceCheck.push("aud");
|
|
2820
|
+
if (subject !== void 0)
|
|
2821
|
+
presenceCheck.push("sub");
|
|
2822
|
+
if (issuer !== void 0)
|
|
2823
|
+
presenceCheck.push("iss");
|
|
2824
|
+
for (const claim of new Set(presenceCheck.reverse())) {
|
|
2825
|
+
if (!(claim in payload)) {
|
|
2826
|
+
throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, "missing");
|
|
2827
|
+
}
|
|
2828
|
+
}
|
|
2829
|
+
if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {
|
|
2830
|
+
throw new JWTClaimValidationFailed('unexpected "iss" claim value', "iss", "check_failed");
|
|
2831
|
+
}
|
|
2832
|
+
if (subject && payload.sub !== subject) {
|
|
2833
|
+
throw new JWTClaimValidationFailed('unexpected "sub" claim value', "sub", "check_failed");
|
|
2834
|
+
}
|
|
2835
|
+
if (audience && !checkAudiencePresence(payload.aud, typeof audience === "string" ? [audience] : audience)) {
|
|
2836
|
+
throw new JWTClaimValidationFailed('unexpected "aud" claim value', "aud", "check_failed");
|
|
2837
|
+
}
|
|
2838
|
+
let tolerance;
|
|
2839
|
+
switch (typeof options.clockTolerance) {
|
|
2840
|
+
case "string":
|
|
2841
|
+
tolerance = secs_default(options.clockTolerance);
|
|
2842
|
+
break;
|
|
2843
|
+
case "number":
|
|
2844
|
+
tolerance = options.clockTolerance;
|
|
2845
|
+
break;
|
|
2846
|
+
case "undefined":
|
|
2847
|
+
tolerance = 0;
|
|
2848
|
+
break;
|
|
2849
|
+
default:
|
|
2850
|
+
throw new TypeError("Invalid clockTolerance option type");
|
|
2851
|
+
}
|
|
2852
|
+
const { currentDate } = options;
|
|
2853
|
+
const now = epoch_default(currentDate || /* @__PURE__ */ new Date());
|
|
2854
|
+
if ((payload.iat !== void 0 || maxTokenAge) && typeof payload.iat !== "number") {
|
|
2855
|
+
throw new JWTClaimValidationFailed('"iat" claim must be a number', "iat", "invalid");
|
|
2856
|
+
}
|
|
2857
|
+
if (payload.nbf !== void 0) {
|
|
2858
|
+
if (typeof payload.nbf !== "number") {
|
|
2859
|
+
throw new JWTClaimValidationFailed('"nbf" claim must be a number', "nbf", "invalid");
|
|
2860
|
+
}
|
|
2861
|
+
if (payload.nbf > now + tolerance) {
|
|
2862
|
+
throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', "nbf", "check_failed");
|
|
2863
|
+
}
|
|
2864
|
+
}
|
|
2865
|
+
if (payload.exp !== void 0) {
|
|
2866
|
+
if (typeof payload.exp !== "number") {
|
|
2867
|
+
throw new JWTClaimValidationFailed('"exp" claim must be a number', "exp", "invalid");
|
|
2868
|
+
}
|
|
2869
|
+
if (payload.exp <= now - tolerance) {
|
|
2870
|
+
throw new JWTExpired('"exp" claim timestamp check failed', "exp", "check_failed");
|
|
2871
|
+
}
|
|
2872
|
+
}
|
|
2873
|
+
if (maxTokenAge) {
|
|
2874
|
+
const age = now - payload.iat;
|
|
2875
|
+
const max = typeof maxTokenAge === "number" ? maxTokenAge : secs_default(maxTokenAge);
|
|
2876
|
+
if (age - tolerance > max) {
|
|
2877
|
+
throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', "iat", "check_failed");
|
|
2878
|
+
}
|
|
2879
|
+
if (age < 0 - tolerance) {
|
|
2880
|
+
throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', "iat", "check_failed");
|
|
2881
|
+
}
|
|
2882
|
+
}
|
|
2883
|
+
return payload;
|
|
2884
|
+
};
|
|
2885
|
+
}
|
|
2886
|
+
});
|
|
2887
|
+
|
|
2888
|
+
// ../../node_modules/jose/dist/browser/jwt/verify.js
|
|
2889
|
+
async function jwtVerify(jwt, key, options) {
|
|
2890
|
+
const verified = await compactVerify(jwt, key, options);
|
|
2891
|
+
if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) {
|
|
2892
|
+
throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
|
|
2893
|
+
}
|
|
2894
|
+
const payload = jwt_claims_set_default(verified.protectedHeader, verified.payload, options);
|
|
2895
|
+
const result = { payload, protectedHeader: verified.protectedHeader };
|
|
2896
|
+
if (typeof key === "function") {
|
|
2897
|
+
return { ...result, key: verified.key };
|
|
2898
|
+
}
|
|
2899
|
+
return result;
|
|
2900
|
+
}
|
|
2901
|
+
var init_verify5 = __esm({
|
|
2902
|
+
"../../node_modules/jose/dist/browser/jwt/verify.js"() {
|
|
2903
|
+
"use strict";
|
|
2904
|
+
init_verify3();
|
|
2905
|
+
init_jwt_claims_set();
|
|
2906
|
+
init_errors();
|
|
2907
|
+
}
|
|
2908
|
+
});
|
|
2909
|
+
|
|
2910
|
+
// ../../node_modules/jose/dist/browser/jwt/decrypt.js
|
|
2911
|
+
async function jwtDecrypt(jwt, key, options) {
|
|
2912
|
+
const decrypted = await compactDecrypt(jwt, key, options);
|
|
2913
|
+
const payload = jwt_claims_set_default(decrypted.protectedHeader, decrypted.plaintext, options);
|
|
2914
|
+
const { protectedHeader } = decrypted;
|
|
2915
|
+
if (protectedHeader.iss !== void 0 && protectedHeader.iss !== payload.iss) {
|
|
2916
|
+
throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', "iss", "mismatch");
|
|
2917
|
+
}
|
|
2918
|
+
if (protectedHeader.sub !== void 0 && protectedHeader.sub !== payload.sub) {
|
|
2919
|
+
throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', "sub", "mismatch");
|
|
2920
|
+
}
|
|
2921
|
+
if (protectedHeader.aud !== void 0 && JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
|
|
2922
|
+
throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', "aud", "mismatch");
|
|
2923
|
+
}
|
|
2924
|
+
const result = { payload, protectedHeader };
|
|
2925
|
+
if (typeof key === "function") {
|
|
2926
|
+
return { ...result, key: decrypted.key };
|
|
2927
|
+
}
|
|
2928
|
+
return result;
|
|
2929
|
+
}
|
|
2930
|
+
var init_decrypt5 = __esm({
|
|
2931
|
+
"../../node_modules/jose/dist/browser/jwt/decrypt.js"() {
|
|
2932
|
+
"use strict";
|
|
2933
|
+
init_decrypt3();
|
|
2934
|
+
init_jwt_claims_set();
|
|
2935
|
+
init_errors();
|
|
2936
|
+
}
|
|
2937
|
+
});
|
|
2938
|
+
|
|
2939
|
+
// ../../node_modules/jose/dist/browser/jwe/compact/encrypt.js
|
|
2940
|
+
var CompactEncrypt;
|
|
2941
|
+
var init_encrypt4 = __esm({
|
|
2942
|
+
"../../node_modules/jose/dist/browser/jwe/compact/encrypt.js"() {
|
|
2943
|
+
"use strict";
|
|
2944
|
+
init_encrypt2();
|
|
2945
|
+
CompactEncrypt = class {
|
|
2946
|
+
constructor(plaintext) {
|
|
2947
|
+
this._flattened = new FlattenedEncrypt(plaintext);
|
|
2948
|
+
}
|
|
2949
|
+
setContentEncryptionKey(cek) {
|
|
2950
|
+
this._flattened.setContentEncryptionKey(cek);
|
|
2951
|
+
return this;
|
|
2952
|
+
}
|
|
2953
|
+
setInitializationVector(iv) {
|
|
2954
|
+
this._flattened.setInitializationVector(iv);
|
|
2955
|
+
return this;
|
|
2956
|
+
}
|
|
2957
|
+
setProtectedHeader(protectedHeader) {
|
|
2958
|
+
this._flattened.setProtectedHeader(protectedHeader);
|
|
2959
|
+
return this;
|
|
2960
|
+
}
|
|
2961
|
+
setKeyManagementParameters(parameters) {
|
|
2962
|
+
this._flattened.setKeyManagementParameters(parameters);
|
|
2963
|
+
return this;
|
|
2964
|
+
}
|
|
2965
|
+
async encrypt(key, options) {
|
|
2966
|
+
const jwe = await this._flattened.encrypt(key, options);
|
|
2967
|
+
return [jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join(".");
|
|
2968
|
+
}
|
|
2969
|
+
};
|
|
2970
|
+
}
|
|
2971
|
+
});
|
|
2972
|
+
|
|
2973
|
+
// ../../node_modules/jose/dist/browser/runtime/sign.js
|
|
2974
|
+
var sign, sign_default;
|
|
2975
|
+
var init_sign = __esm({
|
|
2976
|
+
"../../node_modules/jose/dist/browser/runtime/sign.js"() {
|
|
2977
|
+
"use strict";
|
|
2978
|
+
init_subtle_dsa();
|
|
2979
|
+
init_webcrypto();
|
|
2980
|
+
init_check_key_length();
|
|
2981
|
+
init_get_sign_verify_key();
|
|
2982
|
+
sign = async (alg, key, data) => {
|
|
2983
|
+
const cryptoKey = await getCryptoKey3(alg, key, "sign");
|
|
2984
|
+
check_key_length_default(alg, cryptoKey);
|
|
2985
|
+
const signature = await webcrypto_default.subtle.sign(subtleDsa(alg, cryptoKey.algorithm), cryptoKey, data);
|
|
2986
|
+
return new Uint8Array(signature);
|
|
2987
|
+
};
|
|
2988
|
+
sign_default = sign;
|
|
2989
|
+
}
|
|
2990
|
+
});
|
|
2991
|
+
|
|
2992
|
+
// ../../node_modules/jose/dist/browser/jws/flattened/sign.js
|
|
2993
|
+
var FlattenedSign;
|
|
2994
|
+
var init_sign2 = __esm({
|
|
2995
|
+
"../../node_modules/jose/dist/browser/jws/flattened/sign.js"() {
|
|
2996
|
+
"use strict";
|
|
2997
|
+
init_base64url();
|
|
2998
|
+
init_sign();
|
|
2999
|
+
init_is_disjoint();
|
|
3000
|
+
init_errors();
|
|
3001
|
+
init_buffer_utils();
|
|
3002
|
+
init_check_key_type();
|
|
3003
|
+
init_validate_crit();
|
|
3004
|
+
FlattenedSign = class {
|
|
3005
|
+
constructor(payload) {
|
|
3006
|
+
if (!(payload instanceof Uint8Array)) {
|
|
3007
|
+
throw new TypeError("payload must be an instance of Uint8Array");
|
|
3008
|
+
}
|
|
3009
|
+
this._payload = payload;
|
|
3010
|
+
}
|
|
3011
|
+
setProtectedHeader(protectedHeader) {
|
|
3012
|
+
if (this._protectedHeader) {
|
|
3013
|
+
throw new TypeError("setProtectedHeader can only be called once");
|
|
3014
|
+
}
|
|
3015
|
+
this._protectedHeader = protectedHeader;
|
|
3016
|
+
return this;
|
|
3017
|
+
}
|
|
3018
|
+
setUnprotectedHeader(unprotectedHeader) {
|
|
3019
|
+
if (this._unprotectedHeader) {
|
|
3020
|
+
throw new TypeError("setUnprotectedHeader can only be called once");
|
|
3021
|
+
}
|
|
3022
|
+
this._unprotectedHeader = unprotectedHeader;
|
|
3023
|
+
return this;
|
|
3024
|
+
}
|
|
3025
|
+
async sign(key, options) {
|
|
3026
|
+
if (!this._protectedHeader && !this._unprotectedHeader) {
|
|
3027
|
+
throw new JWSInvalid("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");
|
|
3028
|
+
}
|
|
3029
|
+
if (!is_disjoint_default(this._protectedHeader, this._unprotectedHeader)) {
|
|
3030
|
+
throw new JWSInvalid("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
|
|
3031
|
+
}
|
|
3032
|
+
const joseHeader = {
|
|
3033
|
+
...this._protectedHeader,
|
|
3034
|
+
...this._unprotectedHeader
|
|
3035
|
+
};
|
|
3036
|
+
const extensions = validate_crit_default(JWSInvalid, /* @__PURE__ */ new Map([["b64", true]]), options?.crit, this._protectedHeader, joseHeader);
|
|
3037
|
+
let b64 = true;
|
|
3038
|
+
if (extensions.has("b64")) {
|
|
3039
|
+
b64 = this._protectedHeader.b64;
|
|
3040
|
+
if (typeof b64 !== "boolean") {
|
|
3041
|
+
throw new JWSInvalid('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
|
|
3042
|
+
}
|
|
3043
|
+
}
|
|
3044
|
+
const { alg } = joseHeader;
|
|
3045
|
+
if (typeof alg !== "string" || !alg) {
|
|
3046
|
+
throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid');
|
|
3047
|
+
}
|
|
3048
|
+
check_key_type_default(alg, key, "sign");
|
|
3049
|
+
let payload = this._payload;
|
|
3050
|
+
if (b64) {
|
|
3051
|
+
payload = encoder.encode(encode(payload));
|
|
3052
|
+
}
|
|
3053
|
+
let protectedHeader;
|
|
3054
|
+
if (this._protectedHeader) {
|
|
3055
|
+
protectedHeader = encoder.encode(encode(JSON.stringify(this._protectedHeader)));
|
|
3056
|
+
} else {
|
|
3057
|
+
protectedHeader = encoder.encode("");
|
|
3058
|
+
}
|
|
3059
|
+
const data = concat(protectedHeader, encoder.encode("."), payload);
|
|
3060
|
+
const signature = await sign_default(alg, key, data);
|
|
3061
|
+
const jws = {
|
|
3062
|
+
signature: encode(signature),
|
|
3063
|
+
payload: ""
|
|
3064
|
+
};
|
|
3065
|
+
if (b64) {
|
|
3066
|
+
jws.payload = decoder.decode(payload);
|
|
3067
|
+
}
|
|
3068
|
+
if (this._unprotectedHeader) {
|
|
3069
|
+
jws.header = this._unprotectedHeader;
|
|
3070
|
+
}
|
|
3071
|
+
if (this._protectedHeader) {
|
|
3072
|
+
jws.protected = decoder.decode(protectedHeader);
|
|
3073
|
+
}
|
|
3074
|
+
return jws;
|
|
3075
|
+
}
|
|
3076
|
+
};
|
|
3077
|
+
}
|
|
3078
|
+
});
|
|
3079
|
+
|
|
3080
|
+
// ../../node_modules/jose/dist/browser/jws/compact/sign.js
|
|
3081
|
+
var CompactSign;
|
|
3082
|
+
var init_sign3 = __esm({
|
|
3083
|
+
"../../node_modules/jose/dist/browser/jws/compact/sign.js"() {
|
|
3084
|
+
"use strict";
|
|
3085
|
+
init_sign2();
|
|
3086
|
+
CompactSign = class {
|
|
3087
|
+
constructor(payload) {
|
|
3088
|
+
this._flattened = new FlattenedSign(payload);
|
|
3089
|
+
}
|
|
3090
|
+
setProtectedHeader(protectedHeader) {
|
|
3091
|
+
this._flattened.setProtectedHeader(protectedHeader);
|
|
3092
|
+
return this;
|
|
3093
|
+
}
|
|
3094
|
+
async sign(key, options) {
|
|
3095
|
+
const jws = await this._flattened.sign(key, options);
|
|
3096
|
+
if (jws.payload === void 0) {
|
|
3097
|
+
throw new TypeError("use the flattened module for creating JWS with b64: false");
|
|
3098
|
+
}
|
|
3099
|
+
return `${jws.protected}.${jws.payload}.${jws.signature}`;
|
|
3100
|
+
}
|
|
3101
|
+
};
|
|
3102
|
+
}
|
|
3103
|
+
});
|
|
3104
|
+
|
|
3105
|
+
// ../../node_modules/jose/dist/browser/jws/general/sign.js
|
|
3106
|
+
var IndividualSignature, GeneralSign;
|
|
3107
|
+
var init_sign4 = __esm({
|
|
3108
|
+
"../../node_modules/jose/dist/browser/jws/general/sign.js"() {
|
|
3109
|
+
"use strict";
|
|
3110
|
+
init_sign2();
|
|
3111
|
+
init_errors();
|
|
3112
|
+
IndividualSignature = class {
|
|
3113
|
+
constructor(sig, key, options) {
|
|
3114
|
+
this.parent = sig;
|
|
3115
|
+
this.key = key;
|
|
3116
|
+
this.options = options;
|
|
3117
|
+
}
|
|
3118
|
+
setProtectedHeader(protectedHeader) {
|
|
3119
|
+
if (this.protectedHeader) {
|
|
3120
|
+
throw new TypeError("setProtectedHeader can only be called once");
|
|
3121
|
+
}
|
|
3122
|
+
this.protectedHeader = protectedHeader;
|
|
3123
|
+
return this;
|
|
3124
|
+
}
|
|
3125
|
+
setUnprotectedHeader(unprotectedHeader) {
|
|
3126
|
+
if (this.unprotectedHeader) {
|
|
3127
|
+
throw new TypeError("setUnprotectedHeader can only be called once");
|
|
3128
|
+
}
|
|
3129
|
+
this.unprotectedHeader = unprotectedHeader;
|
|
3130
|
+
return this;
|
|
3131
|
+
}
|
|
3132
|
+
addSignature(...args) {
|
|
3133
|
+
return this.parent.addSignature(...args);
|
|
3134
|
+
}
|
|
3135
|
+
sign(...args) {
|
|
3136
|
+
return this.parent.sign(...args);
|
|
3137
|
+
}
|
|
3138
|
+
done() {
|
|
3139
|
+
return this.parent;
|
|
3140
|
+
}
|
|
3141
|
+
};
|
|
3142
|
+
GeneralSign = class {
|
|
3143
|
+
constructor(payload) {
|
|
3144
|
+
this._signatures = [];
|
|
3145
|
+
this._payload = payload;
|
|
3146
|
+
}
|
|
3147
|
+
addSignature(key, options) {
|
|
3148
|
+
const signature = new IndividualSignature(this, key, options);
|
|
3149
|
+
this._signatures.push(signature);
|
|
3150
|
+
return signature;
|
|
3151
|
+
}
|
|
3152
|
+
async sign() {
|
|
3153
|
+
if (!this._signatures.length) {
|
|
3154
|
+
throw new JWSInvalid("at least one signature must be added");
|
|
3155
|
+
}
|
|
3156
|
+
const jws = {
|
|
3157
|
+
signatures: [],
|
|
3158
|
+
payload: ""
|
|
3159
|
+
};
|
|
3160
|
+
for (let i = 0; i < this._signatures.length; i++) {
|
|
3161
|
+
const signature = this._signatures[i];
|
|
3162
|
+
const flattened = new FlattenedSign(this._payload);
|
|
3163
|
+
flattened.setProtectedHeader(signature.protectedHeader);
|
|
3164
|
+
flattened.setUnprotectedHeader(signature.unprotectedHeader);
|
|
3165
|
+
const { payload, ...rest } = await flattened.sign(signature.key, signature.options);
|
|
3166
|
+
if (i === 0) {
|
|
3167
|
+
jws.payload = payload;
|
|
3168
|
+
} else if (jws.payload !== payload) {
|
|
3169
|
+
throw new JWSInvalid("inconsistent use of JWS Unencoded Payload (RFC7797)");
|
|
3170
|
+
}
|
|
3171
|
+
jws.signatures.push(rest);
|
|
3172
|
+
}
|
|
3173
|
+
return jws;
|
|
3174
|
+
}
|
|
3175
|
+
};
|
|
3176
|
+
}
|
|
3177
|
+
});
|
|
3178
|
+
|
|
3179
|
+
// ../../node_modules/jose/dist/browser/jwt/produce.js
|
|
3180
|
+
function validateInput(label, input) {
|
|
3181
|
+
if (!Number.isFinite(input)) {
|
|
3182
|
+
throw new TypeError(`Invalid ${label} input`);
|
|
3183
|
+
}
|
|
3184
|
+
return input;
|
|
3185
|
+
}
|
|
3186
|
+
var ProduceJWT;
|
|
3187
|
+
var init_produce = __esm({
|
|
3188
|
+
"../../node_modules/jose/dist/browser/jwt/produce.js"() {
|
|
3189
|
+
"use strict";
|
|
3190
|
+
init_epoch();
|
|
3191
|
+
init_is_object();
|
|
3192
|
+
init_secs();
|
|
3193
|
+
ProduceJWT = class {
|
|
3194
|
+
constructor(payload = {}) {
|
|
3195
|
+
if (!isObject2(payload)) {
|
|
3196
|
+
throw new TypeError("JWT Claims Set MUST be an object");
|
|
3197
|
+
}
|
|
3198
|
+
this._payload = payload;
|
|
3199
|
+
}
|
|
3200
|
+
setIssuer(issuer) {
|
|
3201
|
+
this._payload = { ...this._payload, iss: issuer };
|
|
3202
|
+
return this;
|
|
3203
|
+
}
|
|
3204
|
+
setSubject(subject) {
|
|
3205
|
+
this._payload = { ...this._payload, sub: subject };
|
|
3206
|
+
return this;
|
|
3207
|
+
}
|
|
3208
|
+
setAudience(audience) {
|
|
3209
|
+
this._payload = { ...this._payload, aud: audience };
|
|
3210
|
+
return this;
|
|
3211
|
+
}
|
|
3212
|
+
setJti(jwtId) {
|
|
3213
|
+
this._payload = { ...this._payload, jti: jwtId };
|
|
3214
|
+
return this;
|
|
3215
|
+
}
|
|
3216
|
+
setNotBefore(input) {
|
|
3217
|
+
if (typeof input === "number") {
|
|
3218
|
+
this._payload = { ...this._payload, nbf: validateInput("setNotBefore", input) };
|
|
3219
|
+
} else if (input instanceof Date) {
|
|
3220
|
+
this._payload = { ...this._payload, nbf: validateInput("setNotBefore", epoch_default(input)) };
|
|
3221
|
+
} else {
|
|
3222
|
+
this._payload = { ...this._payload, nbf: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input) };
|
|
3223
|
+
}
|
|
3224
|
+
return this;
|
|
3225
|
+
}
|
|
3226
|
+
setExpirationTime(input) {
|
|
3227
|
+
if (typeof input === "number") {
|
|
3228
|
+
this._payload = { ...this._payload, exp: validateInput("setExpirationTime", input) };
|
|
3229
|
+
} else if (input instanceof Date) {
|
|
3230
|
+
this._payload = { ...this._payload, exp: validateInput("setExpirationTime", epoch_default(input)) };
|
|
3231
|
+
} else {
|
|
3232
|
+
this._payload = { ...this._payload, exp: epoch_default(/* @__PURE__ */ new Date()) + secs_default(input) };
|
|
3233
|
+
}
|
|
3234
|
+
return this;
|
|
3235
|
+
}
|
|
3236
|
+
setIssuedAt(input) {
|
|
3237
|
+
if (typeof input === "undefined") {
|
|
3238
|
+
this._payload = { ...this._payload, iat: epoch_default(/* @__PURE__ */ new Date()) };
|
|
3239
|
+
} else if (input instanceof Date) {
|
|
3240
|
+
this._payload = { ...this._payload, iat: validateInput("setIssuedAt", epoch_default(input)) };
|
|
3241
|
+
} else if (typeof input === "string") {
|
|
3242
|
+
this._payload = {
|
|
3243
|
+
...this._payload,
|
|
3244
|
+
iat: validateInput("setIssuedAt", epoch_default(/* @__PURE__ */ new Date()) + secs_default(input))
|
|
3245
|
+
};
|
|
3246
|
+
} else {
|
|
3247
|
+
this._payload = { ...this._payload, iat: validateInput("setIssuedAt", input) };
|
|
3248
|
+
}
|
|
3249
|
+
return this;
|
|
3250
|
+
}
|
|
3251
|
+
};
|
|
3252
|
+
}
|
|
3253
|
+
});
|
|
3254
|
+
|
|
3255
|
+
// ../../node_modules/jose/dist/browser/jwt/sign.js
|
|
3256
|
+
var SignJWT;
|
|
3257
|
+
var init_sign5 = __esm({
|
|
3258
|
+
"../../node_modules/jose/dist/browser/jwt/sign.js"() {
|
|
3259
|
+
"use strict";
|
|
3260
|
+
init_sign3();
|
|
3261
|
+
init_errors();
|
|
3262
|
+
init_buffer_utils();
|
|
3263
|
+
init_produce();
|
|
3264
|
+
SignJWT = class extends ProduceJWT {
|
|
3265
|
+
setProtectedHeader(protectedHeader) {
|
|
3266
|
+
this._protectedHeader = protectedHeader;
|
|
3267
|
+
return this;
|
|
3268
|
+
}
|
|
3269
|
+
async sign(key, options) {
|
|
3270
|
+
const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));
|
|
3271
|
+
sig.setProtectedHeader(this._protectedHeader);
|
|
3272
|
+
if (Array.isArray(this._protectedHeader?.crit) && this._protectedHeader.crit.includes("b64") && this._protectedHeader.b64 === false) {
|
|
3273
|
+
throw new JWTInvalid("JWTs MUST NOT use unencoded payload");
|
|
3274
|
+
}
|
|
3275
|
+
return sig.sign(key, options);
|
|
3276
|
+
}
|
|
3277
|
+
};
|
|
3278
|
+
}
|
|
3279
|
+
});
|
|
3280
|
+
|
|
3281
|
+
// ../../node_modules/jose/dist/browser/jwt/encrypt.js
|
|
3282
|
+
var EncryptJWT;
|
|
3283
|
+
var init_encrypt5 = __esm({
|
|
3284
|
+
"../../node_modules/jose/dist/browser/jwt/encrypt.js"() {
|
|
3285
|
+
"use strict";
|
|
3286
|
+
init_encrypt4();
|
|
3287
|
+
init_buffer_utils();
|
|
3288
|
+
init_produce();
|
|
3289
|
+
EncryptJWT = class extends ProduceJWT {
|
|
3290
|
+
setProtectedHeader(protectedHeader) {
|
|
3291
|
+
if (this._protectedHeader) {
|
|
3292
|
+
throw new TypeError("setProtectedHeader can only be called once");
|
|
3293
|
+
}
|
|
3294
|
+
this._protectedHeader = protectedHeader;
|
|
3295
|
+
return this;
|
|
3296
|
+
}
|
|
3297
|
+
setKeyManagementParameters(parameters) {
|
|
3298
|
+
if (this._keyManagementParameters) {
|
|
3299
|
+
throw new TypeError("setKeyManagementParameters can only be called once");
|
|
3300
|
+
}
|
|
3301
|
+
this._keyManagementParameters = parameters;
|
|
3302
|
+
return this;
|
|
3303
|
+
}
|
|
3304
|
+
setContentEncryptionKey(cek) {
|
|
3305
|
+
if (this._cek) {
|
|
3306
|
+
throw new TypeError("setContentEncryptionKey can only be called once");
|
|
3307
|
+
}
|
|
3308
|
+
this._cek = cek;
|
|
3309
|
+
return this;
|
|
3310
|
+
}
|
|
3311
|
+
setInitializationVector(iv) {
|
|
3312
|
+
if (this._iv) {
|
|
3313
|
+
throw new TypeError("setInitializationVector can only be called once");
|
|
3314
|
+
}
|
|
3315
|
+
this._iv = iv;
|
|
3316
|
+
return this;
|
|
3317
|
+
}
|
|
3318
|
+
replicateIssuerAsHeader() {
|
|
3319
|
+
this._replicateIssuerAsHeader = true;
|
|
3320
|
+
return this;
|
|
3321
|
+
}
|
|
3322
|
+
replicateSubjectAsHeader() {
|
|
3323
|
+
this._replicateSubjectAsHeader = true;
|
|
3324
|
+
return this;
|
|
3325
|
+
}
|
|
3326
|
+
replicateAudienceAsHeader() {
|
|
3327
|
+
this._replicateAudienceAsHeader = true;
|
|
3328
|
+
return this;
|
|
3329
|
+
}
|
|
3330
|
+
async encrypt(key, options) {
|
|
3331
|
+
const enc = new CompactEncrypt(encoder.encode(JSON.stringify(this._payload)));
|
|
3332
|
+
if (this._replicateIssuerAsHeader) {
|
|
3333
|
+
this._protectedHeader = { ...this._protectedHeader, iss: this._payload.iss };
|
|
3334
|
+
}
|
|
3335
|
+
if (this._replicateSubjectAsHeader) {
|
|
3336
|
+
this._protectedHeader = { ...this._protectedHeader, sub: this._payload.sub };
|
|
3337
|
+
}
|
|
3338
|
+
if (this._replicateAudienceAsHeader) {
|
|
3339
|
+
this._protectedHeader = { ...this._protectedHeader, aud: this._payload.aud };
|
|
3340
|
+
}
|
|
3341
|
+
enc.setProtectedHeader(this._protectedHeader);
|
|
3342
|
+
if (this._iv) {
|
|
3343
|
+
enc.setInitializationVector(this._iv);
|
|
3344
|
+
}
|
|
3345
|
+
if (this._cek) {
|
|
3346
|
+
enc.setContentEncryptionKey(this._cek);
|
|
3347
|
+
}
|
|
3348
|
+
if (this._keyManagementParameters) {
|
|
3349
|
+
enc.setKeyManagementParameters(this._keyManagementParameters);
|
|
3350
|
+
}
|
|
3351
|
+
return enc.encrypt(key, options);
|
|
3352
|
+
}
|
|
3353
|
+
};
|
|
3354
|
+
}
|
|
3355
|
+
});
|
|
3356
|
+
|
|
3357
|
+
// ../../node_modules/jose/dist/browser/jwk/thumbprint.js
|
|
3358
|
+
async function calculateJwkThumbprint(jwk, digestAlgorithm) {
|
|
3359
|
+
if (!isObject2(jwk)) {
|
|
3360
|
+
throw new TypeError("JWK must be an object");
|
|
3361
|
+
}
|
|
3362
|
+
digestAlgorithm ?? (digestAlgorithm = "sha256");
|
|
3363
|
+
if (digestAlgorithm !== "sha256" && digestAlgorithm !== "sha384" && digestAlgorithm !== "sha512") {
|
|
3364
|
+
throw new TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"');
|
|
3365
|
+
}
|
|
3366
|
+
let components;
|
|
3367
|
+
switch (jwk.kty) {
|
|
3368
|
+
case "EC":
|
|
3369
|
+
check(jwk.crv, '"crv" (Curve) Parameter');
|
|
3370
|
+
check(jwk.x, '"x" (X Coordinate) Parameter');
|
|
3371
|
+
check(jwk.y, '"y" (Y Coordinate) Parameter');
|
|
3372
|
+
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };
|
|
3373
|
+
break;
|
|
3374
|
+
case "OKP":
|
|
3375
|
+
check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter');
|
|
3376
|
+
check(jwk.x, '"x" (Public Key) Parameter');
|
|
3377
|
+
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };
|
|
3378
|
+
break;
|
|
3379
|
+
case "RSA":
|
|
3380
|
+
check(jwk.e, '"e" (Exponent) Parameter');
|
|
3381
|
+
check(jwk.n, '"n" (Modulus) Parameter');
|
|
3382
|
+
components = { e: jwk.e, kty: jwk.kty, n: jwk.n };
|
|
3383
|
+
break;
|
|
3384
|
+
case "oct":
|
|
3385
|
+
check(jwk.k, '"k" (Key Value) Parameter');
|
|
3386
|
+
components = { k: jwk.k, kty: jwk.kty };
|
|
3387
|
+
break;
|
|
3388
|
+
default:
|
|
3389
|
+
throw new JOSENotSupported('"kty" (Key Type) Parameter missing or unsupported');
|
|
3390
|
+
}
|
|
3391
|
+
const data = encoder.encode(JSON.stringify(components));
|
|
3392
|
+
return encode(await digest_default(digestAlgorithm, data));
|
|
3393
|
+
}
|
|
3394
|
+
async function calculateJwkThumbprintUri(jwk, digestAlgorithm) {
|
|
3395
|
+
digestAlgorithm ?? (digestAlgorithm = "sha256");
|
|
3396
|
+
const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm);
|
|
3397
|
+
return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`;
|
|
3398
|
+
}
|
|
3399
|
+
var check;
|
|
3400
|
+
var init_thumbprint = __esm({
|
|
3401
|
+
"../../node_modules/jose/dist/browser/jwk/thumbprint.js"() {
|
|
3402
|
+
"use strict";
|
|
3403
|
+
init_digest();
|
|
3404
|
+
init_base64url();
|
|
3405
|
+
init_errors();
|
|
3406
|
+
init_buffer_utils();
|
|
3407
|
+
init_is_object();
|
|
3408
|
+
check = (value, description) => {
|
|
3409
|
+
if (typeof value !== "string" || !value) {
|
|
3410
|
+
throw new JWKInvalid(`${description} missing or invalid`);
|
|
3411
|
+
}
|
|
3412
|
+
};
|
|
3413
|
+
}
|
|
3414
|
+
});
|
|
3415
|
+
|
|
3416
|
+
// ../../node_modules/jose/dist/browser/jwk/embedded.js
|
|
3417
|
+
async function EmbeddedJWK(protectedHeader, token) {
|
|
3418
|
+
const joseHeader = {
|
|
3419
|
+
...protectedHeader,
|
|
3420
|
+
...token?.header
|
|
3421
|
+
};
|
|
3422
|
+
if (!isObject2(joseHeader.jwk)) {
|
|
3423
|
+
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a JSON object');
|
|
3424
|
+
}
|
|
3425
|
+
const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg);
|
|
3426
|
+
if (key instanceof Uint8Array || key.type !== "public") {
|
|
3427
|
+
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key');
|
|
3428
|
+
}
|
|
3429
|
+
return key;
|
|
3430
|
+
}
|
|
3431
|
+
var init_embedded = __esm({
|
|
3432
|
+
"../../node_modules/jose/dist/browser/jwk/embedded.js"() {
|
|
3433
|
+
"use strict";
|
|
3434
|
+
init_import();
|
|
3435
|
+
init_is_object();
|
|
3436
|
+
init_errors();
|
|
3437
|
+
}
|
|
3438
|
+
});
|
|
3439
|
+
|
|
3440
|
+
// ../../node_modules/jose/dist/browser/jwks/local.js
|
|
3441
|
+
function getKtyFromAlg(alg) {
|
|
3442
|
+
switch (typeof alg === "string" && alg.slice(0, 2)) {
|
|
3443
|
+
case "RS":
|
|
3444
|
+
case "PS":
|
|
3445
|
+
return "RSA";
|
|
3446
|
+
case "ES":
|
|
3447
|
+
return "EC";
|
|
3448
|
+
case "Ed":
|
|
3449
|
+
return "OKP";
|
|
3450
|
+
default:
|
|
3451
|
+
throw new JOSENotSupported('Unsupported "alg" value for a JSON Web Key Set');
|
|
3452
|
+
}
|
|
3453
|
+
}
|
|
3454
|
+
function isJWKSLike(jwks) {
|
|
3455
|
+
return jwks && typeof jwks === "object" && Array.isArray(jwks.keys) && jwks.keys.every(isJWKLike);
|
|
3456
|
+
}
|
|
3457
|
+
function isJWKLike(key) {
|
|
3458
|
+
return isObject2(key);
|
|
3459
|
+
}
|
|
3460
|
+
function clone(obj) {
|
|
3461
|
+
if (typeof structuredClone === "function") {
|
|
3462
|
+
return structuredClone(obj);
|
|
3463
|
+
}
|
|
3464
|
+
return JSON.parse(JSON.stringify(obj));
|
|
3465
|
+
}
|
|
3466
|
+
async function importWithAlgCache(cache, jwk, alg) {
|
|
3467
|
+
const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);
|
|
3468
|
+
if (cached[alg] === void 0) {
|
|
3469
|
+
const key = await importJWK({ ...jwk, ext: true }, alg);
|
|
3470
|
+
if (key instanceof Uint8Array || key.type !== "public") {
|
|
3471
|
+
throw new JWKSInvalid("JSON Web Key Set members must be public keys");
|
|
3472
|
+
}
|
|
3473
|
+
cached[alg] = key;
|
|
3474
|
+
}
|
|
3475
|
+
return cached[alg];
|
|
3476
|
+
}
|
|
3477
|
+
function createLocalJWKSet(jwks) {
|
|
3478
|
+
const set = new LocalJWKSet(jwks);
|
|
3479
|
+
return async (protectedHeader, token) => set.getKey(protectedHeader, token);
|
|
3480
|
+
}
|
|
3481
|
+
var LocalJWKSet;
|
|
3482
|
+
var init_local = __esm({
|
|
3483
|
+
"../../node_modules/jose/dist/browser/jwks/local.js"() {
|
|
3484
|
+
"use strict";
|
|
3485
|
+
init_import();
|
|
3486
|
+
init_errors();
|
|
3487
|
+
init_is_object();
|
|
3488
|
+
LocalJWKSet = class {
|
|
3489
|
+
constructor(jwks) {
|
|
3490
|
+
this._cached = /* @__PURE__ */ new WeakMap();
|
|
3491
|
+
if (!isJWKSLike(jwks)) {
|
|
3492
|
+
throw new JWKSInvalid("JSON Web Key Set malformed");
|
|
3493
|
+
}
|
|
3494
|
+
this._jwks = clone(jwks);
|
|
3495
|
+
}
|
|
3496
|
+
async getKey(protectedHeader, token) {
|
|
3497
|
+
const { alg, kid } = { ...protectedHeader, ...token?.header };
|
|
3498
|
+
const kty = getKtyFromAlg(alg);
|
|
3499
|
+
const candidates = this._jwks.keys.filter((jwk2) => {
|
|
3500
|
+
let candidate = kty === jwk2.kty;
|
|
3501
|
+
if (candidate && typeof kid === "string") {
|
|
3502
|
+
candidate = kid === jwk2.kid;
|
|
3503
|
+
}
|
|
3504
|
+
if (candidate && typeof jwk2.alg === "string") {
|
|
3505
|
+
candidate = alg === jwk2.alg;
|
|
3506
|
+
}
|
|
3507
|
+
if (candidate && typeof jwk2.use === "string") {
|
|
3508
|
+
candidate = jwk2.use === "sig";
|
|
3509
|
+
}
|
|
3510
|
+
if (candidate && Array.isArray(jwk2.key_ops)) {
|
|
3511
|
+
candidate = jwk2.key_ops.includes("verify");
|
|
3512
|
+
}
|
|
3513
|
+
if (candidate && alg === "EdDSA") {
|
|
3514
|
+
candidate = jwk2.crv === "Ed25519" || jwk2.crv === "Ed448";
|
|
3515
|
+
}
|
|
3516
|
+
if (candidate) {
|
|
3517
|
+
switch (alg) {
|
|
3518
|
+
case "ES256":
|
|
3519
|
+
candidate = jwk2.crv === "P-256";
|
|
3520
|
+
break;
|
|
3521
|
+
case "ES256K":
|
|
3522
|
+
candidate = jwk2.crv === "secp256k1";
|
|
3523
|
+
break;
|
|
3524
|
+
case "ES384":
|
|
3525
|
+
candidate = jwk2.crv === "P-384";
|
|
3526
|
+
break;
|
|
3527
|
+
case "ES512":
|
|
3528
|
+
candidate = jwk2.crv === "P-521";
|
|
3529
|
+
break;
|
|
3530
|
+
}
|
|
3531
|
+
}
|
|
3532
|
+
return candidate;
|
|
3533
|
+
});
|
|
3534
|
+
const { 0: jwk, length } = candidates;
|
|
3535
|
+
if (length === 0) {
|
|
3536
|
+
throw new JWKSNoMatchingKey();
|
|
3537
|
+
}
|
|
3538
|
+
if (length !== 1) {
|
|
3539
|
+
const error = new JWKSMultipleMatchingKeys();
|
|
3540
|
+
const { _cached } = this;
|
|
3541
|
+
error[Symbol.asyncIterator] = async function* () {
|
|
3542
|
+
for (const jwk2 of candidates) {
|
|
3543
|
+
try {
|
|
3544
|
+
yield await importWithAlgCache(_cached, jwk2, alg);
|
|
3545
|
+
} catch {
|
|
3546
|
+
}
|
|
3547
|
+
}
|
|
3548
|
+
};
|
|
3549
|
+
throw error;
|
|
3550
|
+
}
|
|
3551
|
+
return importWithAlgCache(this._cached, jwk, alg);
|
|
3552
|
+
}
|
|
3553
|
+
};
|
|
3554
|
+
}
|
|
3555
|
+
});
|
|
3556
|
+
|
|
3557
|
+
// ../../node_modules/jose/dist/browser/runtime/fetch_jwks.js
|
|
3558
|
+
var fetchJwks, fetch_jwks_default;
|
|
3559
|
+
var init_fetch_jwks = __esm({
|
|
3560
|
+
"../../node_modules/jose/dist/browser/runtime/fetch_jwks.js"() {
|
|
3561
|
+
"use strict";
|
|
3562
|
+
init_errors();
|
|
3563
|
+
fetchJwks = async (url, timeout, options) => {
|
|
3564
|
+
let controller;
|
|
3565
|
+
let id;
|
|
3566
|
+
let timedOut = false;
|
|
3567
|
+
if (typeof AbortController === "function") {
|
|
3568
|
+
controller = new AbortController();
|
|
3569
|
+
id = setTimeout(() => {
|
|
3570
|
+
timedOut = true;
|
|
3571
|
+
controller.abort();
|
|
3572
|
+
}, timeout);
|
|
3573
|
+
}
|
|
3574
|
+
const response = await fetch(url.href, {
|
|
3575
|
+
signal: controller ? controller.signal : void 0,
|
|
3576
|
+
redirect: "manual",
|
|
3577
|
+
headers: options.headers
|
|
3578
|
+
}).catch((err) => {
|
|
3579
|
+
if (timedOut)
|
|
3580
|
+
throw new JWKSTimeout();
|
|
3581
|
+
throw err;
|
|
3582
|
+
});
|
|
3583
|
+
if (id !== void 0)
|
|
3584
|
+
clearTimeout(id);
|
|
3585
|
+
if (response.status !== 200) {
|
|
3586
|
+
throw new JOSEError("Expected 200 OK from the JSON Web Key Set HTTP response");
|
|
3587
|
+
}
|
|
3588
|
+
try {
|
|
3589
|
+
return await response.json();
|
|
3590
|
+
} catch {
|
|
3591
|
+
throw new JOSEError("Failed to parse the JSON Web Key Set HTTP response as JSON");
|
|
3592
|
+
}
|
|
3593
|
+
};
|
|
3594
|
+
fetch_jwks_default = fetchJwks;
|
|
3595
|
+
}
|
|
3596
|
+
});
|
|
3597
|
+
|
|
3598
|
+
// ../../node_modules/jose/dist/browser/jwks/remote.js
|
|
3599
|
+
function isCloudflareWorkers() {
|
|
3600
|
+
return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
|
|
3601
|
+
}
|
|
3602
|
+
function createRemoteJWKSet(url, options) {
|
|
3603
|
+
const set = new RemoteJWKSet(url, options);
|
|
3604
|
+
return async (protectedHeader, token) => set.getKey(protectedHeader, token);
|
|
3605
|
+
}
|
|
3606
|
+
var USER_AGENT, RemoteJWKSet;
|
|
3607
|
+
var init_remote = __esm({
|
|
3608
|
+
"../../node_modules/jose/dist/browser/jwks/remote.js"() {
|
|
3609
|
+
"use strict";
|
|
3610
|
+
init_fetch_jwks();
|
|
3611
|
+
init_errors();
|
|
3612
|
+
init_local();
|
|
3613
|
+
if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) {
|
|
3614
|
+
const NAME = "jose";
|
|
3615
|
+
const VERSION = "v5.2.3";
|
|
3616
|
+
USER_AGENT = `${NAME}/${VERSION}`;
|
|
3617
|
+
}
|
|
3618
|
+
RemoteJWKSet = class extends LocalJWKSet {
|
|
3619
|
+
constructor(url, options) {
|
|
3620
|
+
super({ keys: [] });
|
|
3621
|
+
this._jwks = void 0;
|
|
3622
|
+
if (!(url instanceof URL)) {
|
|
3623
|
+
throw new TypeError("url must be an instance of URL");
|
|
3624
|
+
}
|
|
3625
|
+
this._url = new URL(url.href);
|
|
3626
|
+
this._options = { agent: options?.agent, headers: options?.headers };
|
|
3627
|
+
this._timeoutDuration = typeof options?.timeoutDuration === "number" ? options?.timeoutDuration : 5e3;
|
|
3628
|
+
this._cooldownDuration = typeof options?.cooldownDuration === "number" ? options?.cooldownDuration : 3e4;
|
|
3629
|
+
this._cacheMaxAge = typeof options?.cacheMaxAge === "number" ? options?.cacheMaxAge : 6e5;
|
|
3630
|
+
}
|
|
3631
|
+
coolingDown() {
|
|
3632
|
+
return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cooldownDuration : false;
|
|
3633
|
+
}
|
|
3634
|
+
fresh() {
|
|
3635
|
+
return typeof this._jwksTimestamp === "number" ? Date.now() < this._jwksTimestamp + this._cacheMaxAge : false;
|
|
3636
|
+
}
|
|
3637
|
+
async getKey(protectedHeader, token) {
|
|
3638
|
+
if (!this._jwks || !this.fresh()) {
|
|
3639
|
+
await this.reload();
|
|
3640
|
+
}
|
|
3641
|
+
try {
|
|
3642
|
+
return await super.getKey(protectedHeader, token);
|
|
3643
|
+
} catch (err) {
|
|
3644
|
+
if (err instanceof JWKSNoMatchingKey) {
|
|
3645
|
+
if (this.coolingDown() === false) {
|
|
3646
|
+
await this.reload();
|
|
3647
|
+
return super.getKey(protectedHeader, token);
|
|
3648
|
+
}
|
|
3649
|
+
}
|
|
3650
|
+
throw err;
|
|
3651
|
+
}
|
|
3652
|
+
}
|
|
3653
|
+
async reload() {
|
|
3654
|
+
if (this._pendingFetch && isCloudflareWorkers()) {
|
|
3655
|
+
this._pendingFetch = void 0;
|
|
3656
|
+
}
|
|
3657
|
+
const headers = new Headers(this._options.headers);
|
|
3658
|
+
if (USER_AGENT && !headers.has("User-Agent")) {
|
|
3659
|
+
headers.set("User-Agent", USER_AGENT);
|
|
3660
|
+
this._options.headers = Object.fromEntries(headers.entries());
|
|
3661
|
+
}
|
|
3662
|
+
this._pendingFetch || (this._pendingFetch = fetch_jwks_default(this._url, this._timeoutDuration, this._options).then((json) => {
|
|
3663
|
+
if (!isJWKSLike(json)) {
|
|
3664
|
+
throw new JWKSInvalid("JSON Web Key Set malformed");
|
|
3665
|
+
}
|
|
3666
|
+
this._jwks = { keys: json.keys };
|
|
3667
|
+
this._jwksTimestamp = Date.now();
|
|
3668
|
+
this._pendingFetch = void 0;
|
|
3669
|
+
}).catch((err) => {
|
|
3670
|
+
this._pendingFetch = void 0;
|
|
3671
|
+
throw err;
|
|
3672
|
+
}));
|
|
3673
|
+
await this._pendingFetch;
|
|
3674
|
+
}
|
|
3675
|
+
};
|
|
3676
|
+
}
|
|
3677
|
+
});
|
|
3678
|
+
|
|
3679
|
+
// ../../node_modules/jose/dist/browser/jwt/unsecured.js
|
|
3680
|
+
var UnsecuredJWT;
|
|
3681
|
+
var init_unsecured = __esm({
|
|
3682
|
+
"../../node_modules/jose/dist/browser/jwt/unsecured.js"() {
|
|
3683
|
+
"use strict";
|
|
3684
|
+
init_base64url();
|
|
3685
|
+
init_buffer_utils();
|
|
3686
|
+
init_errors();
|
|
3687
|
+
init_jwt_claims_set();
|
|
3688
|
+
init_produce();
|
|
3689
|
+
UnsecuredJWT = class extends ProduceJWT {
|
|
3690
|
+
encode() {
|
|
3691
|
+
const header = encode(JSON.stringify({ alg: "none" }));
|
|
3692
|
+
const payload = encode(JSON.stringify(this._payload));
|
|
3693
|
+
return `${header}.${payload}.`;
|
|
3694
|
+
}
|
|
3695
|
+
static decode(jwt, options) {
|
|
3696
|
+
if (typeof jwt !== "string") {
|
|
3697
|
+
throw new JWTInvalid("Unsecured JWT must be a string");
|
|
3698
|
+
}
|
|
3699
|
+
const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split(".");
|
|
3700
|
+
if (length !== 3 || signature !== "") {
|
|
3701
|
+
throw new JWTInvalid("Invalid Unsecured JWT");
|
|
3702
|
+
}
|
|
3703
|
+
let header;
|
|
3704
|
+
try {
|
|
3705
|
+
header = JSON.parse(decoder.decode(decode(encodedHeader)));
|
|
3706
|
+
if (header.alg !== "none")
|
|
3707
|
+
throw new Error();
|
|
3708
|
+
} catch {
|
|
3709
|
+
throw new JWTInvalid("Invalid Unsecured JWT");
|
|
3710
|
+
}
|
|
3711
|
+
const payload = jwt_claims_set_default(header, decode(encodedPayload), options);
|
|
3712
|
+
return { payload, header };
|
|
3713
|
+
}
|
|
3714
|
+
};
|
|
3715
|
+
}
|
|
3716
|
+
});
|
|
3717
|
+
|
|
3718
|
+
// ../../node_modules/jose/dist/browser/util/base64url.js
|
|
3719
|
+
var base64url_exports2 = {};
|
|
3720
|
+
__export(base64url_exports2, {
|
|
3721
|
+
decode: () => decode2,
|
|
3722
|
+
encode: () => encode2
|
|
3723
|
+
});
|
|
3724
|
+
var encode2, decode2;
|
|
3725
|
+
var init_base64url2 = __esm({
|
|
3726
|
+
"../../node_modules/jose/dist/browser/util/base64url.js"() {
|
|
3727
|
+
"use strict";
|
|
3728
|
+
init_base64url();
|
|
3729
|
+
encode2 = encode;
|
|
3730
|
+
decode2 = decode;
|
|
3731
|
+
}
|
|
3732
|
+
});
|
|
3733
|
+
|
|
3734
|
+
// ../../node_modules/jose/dist/browser/util/decode_protected_header.js
|
|
3735
|
+
function decodeProtectedHeader(token) {
|
|
3736
|
+
let protectedB64u;
|
|
3737
|
+
if (typeof token === "string") {
|
|
3738
|
+
const parts = token.split(".");
|
|
3739
|
+
if (parts.length === 3 || parts.length === 5) {
|
|
3740
|
+
;
|
|
3741
|
+
[protectedB64u] = parts;
|
|
3742
|
+
}
|
|
3743
|
+
} else if (typeof token === "object" && token) {
|
|
3744
|
+
if ("protected" in token) {
|
|
3745
|
+
protectedB64u = token.protected;
|
|
3746
|
+
} else {
|
|
3747
|
+
throw new TypeError("Token does not contain a Protected Header");
|
|
3748
|
+
}
|
|
3749
|
+
}
|
|
3750
|
+
try {
|
|
3751
|
+
if (typeof protectedB64u !== "string" || !protectedB64u) {
|
|
3752
|
+
throw new Error();
|
|
3753
|
+
}
|
|
3754
|
+
const result = JSON.parse(decoder.decode(decode2(protectedB64u)));
|
|
3755
|
+
if (!isObject2(result)) {
|
|
3756
|
+
throw new Error();
|
|
3757
|
+
}
|
|
3758
|
+
return result;
|
|
3759
|
+
} catch {
|
|
3760
|
+
throw new TypeError("Invalid Token or Protected Header formatting");
|
|
3761
|
+
}
|
|
3762
|
+
}
|
|
3763
|
+
var init_decode_protected_header = __esm({
|
|
3764
|
+
"../../node_modules/jose/dist/browser/util/decode_protected_header.js"() {
|
|
3765
|
+
"use strict";
|
|
3766
|
+
init_base64url2();
|
|
3767
|
+
init_buffer_utils();
|
|
3768
|
+
init_is_object();
|
|
3769
|
+
}
|
|
3770
|
+
});
|
|
3771
|
+
|
|
3772
|
+
// ../../node_modules/jose/dist/browser/util/decode_jwt.js
|
|
3773
|
+
function decodeJwt(jwt) {
|
|
3774
|
+
if (typeof jwt !== "string")
|
|
3775
|
+
throw new JWTInvalid("JWTs must use Compact JWS serialization, JWT must be a string");
|
|
3776
|
+
const { 1: payload, length } = jwt.split(".");
|
|
3777
|
+
if (length === 5)
|
|
3778
|
+
throw new JWTInvalid("Only JWTs using Compact JWS serialization can be decoded");
|
|
3779
|
+
if (length !== 3)
|
|
3780
|
+
throw new JWTInvalid("Invalid JWT");
|
|
3781
|
+
if (!payload)
|
|
3782
|
+
throw new JWTInvalid("JWTs must contain a payload");
|
|
3783
|
+
let decoded;
|
|
3784
|
+
try {
|
|
3785
|
+
decoded = decode2(payload);
|
|
3786
|
+
} catch {
|
|
3787
|
+
throw new JWTInvalid("Failed to base64url decode the payload");
|
|
3788
|
+
}
|
|
3789
|
+
let result;
|
|
3790
|
+
try {
|
|
3791
|
+
result = JSON.parse(decoder.decode(decoded));
|
|
3792
|
+
} catch {
|
|
3793
|
+
throw new JWTInvalid("Failed to parse the decoded payload as JSON");
|
|
3794
|
+
}
|
|
3795
|
+
if (!isObject2(result))
|
|
3796
|
+
throw new JWTInvalid("Invalid JWT Claims Set");
|
|
3797
|
+
return result;
|
|
3798
|
+
}
|
|
3799
|
+
var init_decode_jwt = __esm({
|
|
3800
|
+
"../../node_modules/jose/dist/browser/util/decode_jwt.js"() {
|
|
3801
|
+
"use strict";
|
|
3802
|
+
init_base64url2();
|
|
3803
|
+
init_buffer_utils();
|
|
3804
|
+
init_is_object();
|
|
3805
|
+
init_errors();
|
|
3806
|
+
}
|
|
3807
|
+
});
|
|
3808
|
+
|
|
3809
|
+
// ../../node_modules/jose/dist/browser/runtime/generate.js
|
|
3810
|
+
async function generateSecret(alg, options) {
|
|
3811
|
+
let length;
|
|
3812
|
+
let algorithm;
|
|
3813
|
+
let keyUsages;
|
|
3814
|
+
switch (alg) {
|
|
3815
|
+
case "HS256":
|
|
3816
|
+
case "HS384":
|
|
3817
|
+
case "HS512":
|
|
3818
|
+
length = parseInt(alg.slice(-3), 10);
|
|
3819
|
+
algorithm = { name: "HMAC", hash: `SHA-${length}`, length };
|
|
3820
|
+
keyUsages = ["sign", "verify"];
|
|
3821
|
+
break;
|
|
3822
|
+
case "A128CBC-HS256":
|
|
3823
|
+
case "A192CBC-HS384":
|
|
3824
|
+
case "A256CBC-HS512":
|
|
3825
|
+
length = parseInt(alg.slice(-3), 10);
|
|
3826
|
+
return random_default(new Uint8Array(length >> 3));
|
|
3827
|
+
case "A128KW":
|
|
3828
|
+
case "A192KW":
|
|
3829
|
+
case "A256KW":
|
|
3830
|
+
length = parseInt(alg.slice(1, 4), 10);
|
|
3831
|
+
algorithm = { name: "AES-KW", length };
|
|
3832
|
+
keyUsages = ["wrapKey", "unwrapKey"];
|
|
3833
|
+
break;
|
|
3834
|
+
case "A128GCMKW":
|
|
3835
|
+
case "A192GCMKW":
|
|
3836
|
+
case "A256GCMKW":
|
|
3837
|
+
case "A128GCM":
|
|
3838
|
+
case "A192GCM":
|
|
3839
|
+
case "A256GCM":
|
|
3840
|
+
length = parseInt(alg.slice(1, 4), 10);
|
|
3841
|
+
algorithm = { name: "AES-GCM", length };
|
|
3842
|
+
keyUsages = ["encrypt", "decrypt"];
|
|
3843
|
+
break;
|
|
3844
|
+
default:
|
|
3845
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
3846
|
+
}
|
|
3847
|
+
return webcrypto_default.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
|
|
3848
|
+
}
|
|
3849
|
+
function getModulusLengthOption(options) {
|
|
3850
|
+
const modulusLength = options?.modulusLength ?? 2048;
|
|
3851
|
+
if (typeof modulusLength !== "number" || modulusLength < 2048) {
|
|
3852
|
+
throw new JOSENotSupported("Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used");
|
|
3853
|
+
}
|
|
3854
|
+
return modulusLength;
|
|
3855
|
+
}
|
|
3856
|
+
async function generateKeyPair(alg, options) {
|
|
3857
|
+
let algorithm;
|
|
3858
|
+
let keyUsages;
|
|
3859
|
+
switch (alg) {
|
|
3860
|
+
case "PS256":
|
|
3861
|
+
case "PS384":
|
|
3862
|
+
case "PS512":
|
|
3863
|
+
algorithm = {
|
|
3864
|
+
name: "RSA-PSS",
|
|
3865
|
+
hash: `SHA-${alg.slice(-3)}`,
|
|
3866
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
3867
|
+
modulusLength: getModulusLengthOption(options)
|
|
3868
|
+
};
|
|
3869
|
+
keyUsages = ["sign", "verify"];
|
|
3870
|
+
break;
|
|
3871
|
+
case "RS256":
|
|
3872
|
+
case "RS384":
|
|
3873
|
+
case "RS512":
|
|
3874
|
+
algorithm = {
|
|
3875
|
+
name: "RSASSA-PKCS1-v1_5",
|
|
3876
|
+
hash: `SHA-${alg.slice(-3)}`,
|
|
3877
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
3878
|
+
modulusLength: getModulusLengthOption(options)
|
|
3879
|
+
};
|
|
3880
|
+
keyUsages = ["sign", "verify"];
|
|
3881
|
+
break;
|
|
3882
|
+
case "RSA-OAEP":
|
|
3883
|
+
case "RSA-OAEP-256":
|
|
3884
|
+
case "RSA-OAEP-384":
|
|
3885
|
+
case "RSA-OAEP-512":
|
|
3886
|
+
algorithm = {
|
|
3887
|
+
name: "RSA-OAEP",
|
|
3888
|
+
hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,
|
|
3889
|
+
publicExponent: new Uint8Array([1, 0, 1]),
|
|
3890
|
+
modulusLength: getModulusLengthOption(options)
|
|
3891
|
+
};
|
|
3892
|
+
keyUsages = ["decrypt", "unwrapKey", "encrypt", "wrapKey"];
|
|
3893
|
+
break;
|
|
3894
|
+
case "ES256":
|
|
3895
|
+
algorithm = { name: "ECDSA", namedCurve: "P-256" };
|
|
3896
|
+
keyUsages = ["sign", "verify"];
|
|
3897
|
+
break;
|
|
3898
|
+
case "ES384":
|
|
3899
|
+
algorithm = { name: "ECDSA", namedCurve: "P-384" };
|
|
3900
|
+
keyUsages = ["sign", "verify"];
|
|
3901
|
+
break;
|
|
3902
|
+
case "ES512":
|
|
3903
|
+
algorithm = { name: "ECDSA", namedCurve: "P-521" };
|
|
3904
|
+
keyUsages = ["sign", "verify"];
|
|
3905
|
+
break;
|
|
3906
|
+
case "EdDSA": {
|
|
3907
|
+
keyUsages = ["sign", "verify"];
|
|
3908
|
+
const crv = options?.crv ?? "Ed25519";
|
|
3909
|
+
switch (crv) {
|
|
3910
|
+
case "Ed25519":
|
|
3911
|
+
case "Ed448":
|
|
3912
|
+
algorithm = { name: crv };
|
|
3913
|
+
break;
|
|
3914
|
+
default:
|
|
3915
|
+
throw new JOSENotSupported("Invalid or unsupported crv option provided");
|
|
3916
|
+
}
|
|
3917
|
+
break;
|
|
3918
|
+
}
|
|
3919
|
+
case "ECDH-ES":
|
|
3920
|
+
case "ECDH-ES+A128KW":
|
|
3921
|
+
case "ECDH-ES+A192KW":
|
|
3922
|
+
case "ECDH-ES+A256KW": {
|
|
3923
|
+
keyUsages = ["deriveKey", "deriveBits"];
|
|
3924
|
+
const crv = options?.crv ?? "P-256";
|
|
3925
|
+
switch (crv) {
|
|
3926
|
+
case "P-256":
|
|
3927
|
+
case "P-384":
|
|
3928
|
+
case "P-521": {
|
|
3929
|
+
algorithm = { name: "ECDH", namedCurve: crv };
|
|
3930
|
+
break;
|
|
3931
|
+
}
|
|
3932
|
+
case "X25519":
|
|
3933
|
+
case "X448":
|
|
3934
|
+
algorithm = { name: crv };
|
|
3935
|
+
break;
|
|
3936
|
+
default:
|
|
3937
|
+
throw new JOSENotSupported("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448");
|
|
3938
|
+
}
|
|
3939
|
+
break;
|
|
3940
|
+
}
|
|
3941
|
+
default:
|
|
3942
|
+
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
|
3943
|
+
}
|
|
3944
|
+
return webcrypto_default.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages);
|
|
3945
|
+
}
|
|
3946
|
+
var init_generate = __esm({
|
|
3947
|
+
"../../node_modules/jose/dist/browser/runtime/generate.js"() {
|
|
3948
|
+
"use strict";
|
|
3949
|
+
init_webcrypto();
|
|
3950
|
+
init_errors();
|
|
3951
|
+
init_random();
|
|
3952
|
+
}
|
|
3953
|
+
});
|
|
3954
|
+
|
|
3955
|
+
// ../../node_modules/jose/dist/browser/key/generate_key_pair.js
|
|
3956
|
+
async function generateKeyPair2(alg, options) {
|
|
3957
|
+
return generateKeyPair(alg, options);
|
|
3958
|
+
}
|
|
3959
|
+
var init_generate_key_pair = __esm({
|
|
3960
|
+
"../../node_modules/jose/dist/browser/key/generate_key_pair.js"() {
|
|
3961
|
+
"use strict";
|
|
3962
|
+
init_generate();
|
|
3963
|
+
}
|
|
3964
|
+
});
|
|
3965
|
+
|
|
3966
|
+
// ../../node_modules/jose/dist/browser/key/generate_secret.js
|
|
3967
|
+
async function generateSecret2(alg, options) {
|
|
3968
|
+
return generateSecret(alg, options);
|
|
3969
|
+
}
|
|
3970
|
+
var init_generate_secret = __esm({
|
|
3971
|
+
"../../node_modules/jose/dist/browser/key/generate_secret.js"() {
|
|
3972
|
+
"use strict";
|
|
3973
|
+
init_generate();
|
|
3974
|
+
}
|
|
3975
|
+
});
|
|
3976
|
+
|
|
3977
|
+
// ../../node_modules/jose/dist/browser/runtime/runtime.js
|
|
3978
|
+
var runtime_default;
|
|
3979
|
+
var init_runtime = __esm({
|
|
3980
|
+
"../../node_modules/jose/dist/browser/runtime/runtime.js"() {
|
|
3981
|
+
"use strict";
|
|
3982
|
+
runtime_default = "WebCryptoAPI";
|
|
3983
|
+
}
|
|
3984
|
+
});
|
|
3985
|
+
|
|
3986
|
+
// ../../node_modules/jose/dist/browser/util/runtime.js
|
|
3987
|
+
var runtime_default2;
|
|
3988
|
+
var init_runtime2 = __esm({
|
|
3989
|
+
"../../node_modules/jose/dist/browser/util/runtime.js"() {
|
|
3990
|
+
"use strict";
|
|
3991
|
+
init_runtime();
|
|
3992
|
+
runtime_default2 = runtime_default;
|
|
3993
|
+
}
|
|
3994
|
+
});
|
|
3995
|
+
|
|
3996
|
+
// ../../node_modules/jose/dist/browser/index.js
|
|
3997
|
+
var browser_exports = {};
|
|
3998
|
+
__export(browser_exports, {
|
|
3999
|
+
CompactEncrypt: () => CompactEncrypt,
|
|
4000
|
+
CompactSign: () => CompactSign,
|
|
4001
|
+
EmbeddedJWK: () => EmbeddedJWK,
|
|
4002
|
+
EncryptJWT: () => EncryptJWT,
|
|
4003
|
+
FlattenedEncrypt: () => FlattenedEncrypt,
|
|
4004
|
+
FlattenedSign: () => FlattenedSign,
|
|
4005
|
+
GeneralEncrypt: () => GeneralEncrypt,
|
|
4006
|
+
GeneralSign: () => GeneralSign,
|
|
4007
|
+
SignJWT: () => SignJWT,
|
|
4008
|
+
UnsecuredJWT: () => UnsecuredJWT,
|
|
4009
|
+
base64url: () => base64url_exports2,
|
|
4010
|
+
calculateJwkThumbprint: () => calculateJwkThumbprint,
|
|
4011
|
+
calculateJwkThumbprintUri: () => calculateJwkThumbprintUri,
|
|
4012
|
+
compactDecrypt: () => compactDecrypt,
|
|
4013
|
+
compactVerify: () => compactVerify,
|
|
4014
|
+
createLocalJWKSet: () => createLocalJWKSet,
|
|
4015
|
+
createRemoteJWKSet: () => createRemoteJWKSet,
|
|
4016
|
+
cryptoRuntime: () => runtime_default2,
|
|
4017
|
+
decodeJwt: () => decodeJwt,
|
|
4018
|
+
decodeProtectedHeader: () => decodeProtectedHeader,
|
|
4019
|
+
errors: () => errors_exports,
|
|
4020
|
+
exportJWK: () => exportJWK,
|
|
4021
|
+
exportPKCS8: () => exportPKCS8,
|
|
4022
|
+
exportSPKI: () => exportSPKI,
|
|
4023
|
+
flattenedDecrypt: () => flattenedDecrypt,
|
|
4024
|
+
flattenedVerify: () => flattenedVerify,
|
|
4025
|
+
generalDecrypt: () => generalDecrypt,
|
|
4026
|
+
generalVerify: () => generalVerify,
|
|
4027
|
+
generateKeyPair: () => generateKeyPair2,
|
|
4028
|
+
generateSecret: () => generateSecret2,
|
|
4029
|
+
importJWK: () => importJWK,
|
|
4030
|
+
importPKCS8: () => importPKCS8,
|
|
4031
|
+
importSPKI: () => importSPKI,
|
|
4032
|
+
importX509: () => importX509,
|
|
4033
|
+
jwtDecrypt: () => jwtDecrypt,
|
|
4034
|
+
jwtVerify: () => jwtVerify
|
|
4035
|
+
});
|
|
4036
|
+
var init_browser = __esm({
|
|
4037
|
+
"../../node_modules/jose/dist/browser/index.js"() {
|
|
4038
|
+
"use strict";
|
|
4039
|
+
init_decrypt3();
|
|
4040
|
+
init_decrypt2();
|
|
4041
|
+
init_decrypt4();
|
|
4042
|
+
init_encrypt3();
|
|
4043
|
+
init_verify3();
|
|
4044
|
+
init_verify2();
|
|
4045
|
+
init_verify4();
|
|
4046
|
+
init_verify5();
|
|
4047
|
+
init_decrypt5();
|
|
4048
|
+
init_encrypt4();
|
|
4049
|
+
init_encrypt2();
|
|
4050
|
+
init_sign3();
|
|
4051
|
+
init_sign2();
|
|
4052
|
+
init_sign4();
|
|
4053
|
+
init_sign5();
|
|
4054
|
+
init_encrypt5();
|
|
4055
|
+
init_thumbprint();
|
|
4056
|
+
init_embedded();
|
|
4057
|
+
init_local();
|
|
4058
|
+
init_remote();
|
|
4059
|
+
init_unsecured();
|
|
4060
|
+
init_export();
|
|
4061
|
+
init_import();
|
|
4062
|
+
init_decode_protected_header();
|
|
4063
|
+
init_decode_jwt();
|
|
4064
|
+
init_errors();
|
|
4065
|
+
init_generate_key_pair();
|
|
4066
|
+
init_generate_secret();
|
|
4067
|
+
init_base64url2();
|
|
4068
|
+
init_runtime2();
|
|
4069
|
+
}
|
|
4070
|
+
});
|
|
4071
|
+
|
|
1
4072
|
// src/utils.ts
|
|
2
4073
|
import { dirname, sep } from "node:path";
|
|
3
|
-
|
|
4074
|
+
|
|
4075
|
+
// ../../node_modules/@wix/sdk-context/build/browser/index.mjs
|
|
4076
|
+
var wixContext = {};
|
|
4077
|
+
|
|
4078
|
+
// ../../node_modules/@wix/sdk-types/build/browser/index.mjs
|
|
4079
|
+
function EventDefinition(type, isDomainEvent = false, transformations = (x) => x) {
|
|
4080
|
+
return () => ({
|
|
4081
|
+
__type: "event-definition",
|
|
4082
|
+
type,
|
|
4083
|
+
isDomainEvent,
|
|
4084
|
+
transformations
|
|
4085
|
+
});
|
|
4086
|
+
}
|
|
4087
|
+
var SERVICE_PLUGIN_ERROR_TYPE = "wix_spi_error";
|
|
4088
|
+
|
|
4089
|
+
// ../../node_modules/@wix/sdk/build/ambassador-modules.js
|
|
4090
|
+
var parseMethod = (method) => {
|
|
4091
|
+
switch (method) {
|
|
4092
|
+
case "get":
|
|
4093
|
+
case "GET":
|
|
4094
|
+
return "GET";
|
|
4095
|
+
case "post":
|
|
4096
|
+
case "POST":
|
|
4097
|
+
return "POST";
|
|
4098
|
+
case "put":
|
|
4099
|
+
case "PUT":
|
|
4100
|
+
return "PUT";
|
|
4101
|
+
case "delete":
|
|
4102
|
+
case "DELETE":
|
|
4103
|
+
return "DELETE";
|
|
4104
|
+
case "patch":
|
|
4105
|
+
case "PATCH":
|
|
4106
|
+
return "PATCH";
|
|
4107
|
+
case "head":
|
|
4108
|
+
case "HEAD":
|
|
4109
|
+
return "HEAD";
|
|
4110
|
+
case "options":
|
|
4111
|
+
case "OPTIONS":
|
|
4112
|
+
return "OPTIONS";
|
|
4113
|
+
default:
|
|
4114
|
+
throw new Error(`Unknown method: ${method}`);
|
|
4115
|
+
}
|
|
4116
|
+
};
|
|
4117
|
+
var toHTTPModule = (factory) => (httpClient) => async (payload) => {
|
|
4118
|
+
let requestOptions;
|
|
4119
|
+
const HTTPFactory = (context) => {
|
|
4120
|
+
requestOptions = factory(payload)(context);
|
|
4121
|
+
if (requestOptions.url === void 0) {
|
|
4122
|
+
throw new Error("Url was not successfully created for this request, please reach out to support channels for assistance.");
|
|
4123
|
+
}
|
|
4124
|
+
const { method, url, params } = requestOptions;
|
|
4125
|
+
return {
|
|
4126
|
+
...requestOptions,
|
|
4127
|
+
method: parseMethod(method),
|
|
4128
|
+
url,
|
|
4129
|
+
data: requestOptions.data,
|
|
4130
|
+
params
|
|
4131
|
+
};
|
|
4132
|
+
};
|
|
4133
|
+
try {
|
|
4134
|
+
const response = await httpClient.request(HTTPFactory);
|
|
4135
|
+
if (requestOptions === void 0) {
|
|
4136
|
+
throw new Error("Request options were not created for this request, please reach out to support channels for assistance.");
|
|
4137
|
+
}
|
|
4138
|
+
const transformations = Array.isArray(requestOptions.transformResponse) ? requestOptions.transformResponse : [requestOptions.transformResponse];
|
|
4139
|
+
let data = response.data;
|
|
4140
|
+
transformations.forEach((transform) => {
|
|
4141
|
+
if (transform) {
|
|
4142
|
+
data = transform(response.data, response.headers);
|
|
4143
|
+
}
|
|
4144
|
+
});
|
|
4145
|
+
return data;
|
|
4146
|
+
} catch (e) {
|
|
4147
|
+
if (typeof e === "object" && e !== null && "response" in e && typeof e.response === "object" && e.response !== null && "data" in e.response) {
|
|
4148
|
+
throw e.response.data;
|
|
4149
|
+
}
|
|
4150
|
+
throw e;
|
|
4151
|
+
}
|
|
4152
|
+
};
|
|
4153
|
+
var isAmbassadorModule = (module) => {
|
|
4154
|
+
if (module.__isAmbassador) {
|
|
4155
|
+
return true;
|
|
4156
|
+
}
|
|
4157
|
+
const fn = module();
|
|
4158
|
+
return Boolean(fn.__isAmbassador);
|
|
4159
|
+
};
|
|
4160
|
+
|
|
4161
|
+
// ../../node_modules/@wix/sdk/build/common.js
|
|
4162
|
+
var PUBLIC_METADATA_KEY = "__metadata";
|
|
4163
|
+
var DEFAULT_API_URL = "www.wixapis.com";
|
|
4164
|
+
|
|
4165
|
+
// ../../node_modules/@wix/sdk/build/fetch-error.js
|
|
4166
|
+
var FetchErrorResponse = class extends Error {
|
|
4167
|
+
message;
|
|
4168
|
+
response;
|
|
4169
|
+
constructor(message2, response) {
|
|
4170
|
+
super(message2);
|
|
4171
|
+
this.message = message2;
|
|
4172
|
+
this.response = response;
|
|
4173
|
+
}
|
|
4174
|
+
async details() {
|
|
4175
|
+
const dataError = await this.response.json();
|
|
4176
|
+
return errorBuilder(this.response.status, dataError?.message, dataError?.details, {
|
|
4177
|
+
requestId: this.response.headers.get("X-Wix-Request-Id"),
|
|
4178
|
+
details: dataError
|
|
4179
|
+
});
|
|
4180
|
+
}
|
|
4181
|
+
};
|
|
4182
|
+
var errorBuilder = (code, description, details, data) => {
|
|
4183
|
+
return {
|
|
4184
|
+
details: {
|
|
4185
|
+
...!details?.validationError && {
|
|
4186
|
+
applicationError: {
|
|
4187
|
+
description,
|
|
4188
|
+
code,
|
|
4189
|
+
data
|
|
4190
|
+
}
|
|
4191
|
+
},
|
|
4192
|
+
...details
|
|
4193
|
+
},
|
|
4194
|
+
message: description
|
|
4195
|
+
};
|
|
4196
|
+
};
|
|
4197
|
+
|
|
4198
|
+
// ../../node_modules/@wix/sdk/build/helpers.js
|
|
4199
|
+
var getDefaultContentHeader = (options) => {
|
|
4200
|
+
if (options?.method && ["post", "put", "patch"].includes(options.method.toLocaleLowerCase()) && options.body) {
|
|
4201
|
+
return { "Content-Type": "application/json" };
|
|
4202
|
+
}
|
|
4203
|
+
return {};
|
|
4204
|
+
};
|
|
4205
|
+
var isObject = (val) => val && typeof val === "object" && !Array.isArray(val);
|
|
4206
|
+
function parsePublicKeyIfEncoded(publicKey) {
|
|
4207
|
+
if (publicKey.includes("\n") || publicKey.includes("\r")) {
|
|
4208
|
+
return publicKey.trim();
|
|
4209
|
+
} else {
|
|
4210
|
+
return typeof atob !== "undefined" ? atob(publicKey) : Buffer.from(publicKey, "base64").toString("utf-8");
|
|
4211
|
+
}
|
|
4212
|
+
}
|
|
4213
|
+
|
|
4214
|
+
// ../../node_modules/@wix/sdk/build/host-modules.js
|
|
4215
|
+
var isHostModule = (val) => val.__type === "host";
|
|
4216
|
+
function buildHostModule(val, host) {
|
|
4217
|
+
return val.create(host);
|
|
4218
|
+
}
|
|
4219
|
+
|
|
4220
|
+
// ../../node_modules/@wix/sdk/build/bi/biHeaderGenerator.js
|
|
4221
|
+
var WixBIHeaderName = "x-wix-bi-gateway";
|
|
4222
|
+
function biHeaderGenerator(apiMetadata, publicMetadata) {
|
|
4223
|
+
return {
|
|
4224
|
+
[WixBIHeaderName]: objectToKeyValue({
|
|
4225
|
+
environment: "js-sdk",
|
|
4226
|
+
"package-name": apiMetadata.packageName ?? publicMetadata?.PACKAGE_NAME,
|
|
4227
|
+
"method-fqn": apiMetadata.methodFqn,
|
|
4228
|
+
entity: apiMetadata.entityFqdn
|
|
4229
|
+
})
|
|
4230
|
+
};
|
|
4231
|
+
}
|
|
4232
|
+
function objectToKeyValue(input) {
|
|
4233
|
+
return Object.entries(input).filter(([_, value]) => Boolean(value)).map(([key, value]) => `${key}=${value}`).join(",");
|
|
4234
|
+
}
|
|
4235
|
+
|
|
4236
|
+
// ../../node_modules/@wix/sdk-runtime/build/context.js
|
|
4237
|
+
function runWithoutContext(fn) {
|
|
4238
|
+
const globalContext = globalThis.__wix_context__;
|
|
4239
|
+
const moduleContext = {
|
|
4240
|
+
client: wixContext.client,
|
|
4241
|
+
elevatedClient: wixContext.elevatedClient
|
|
4242
|
+
};
|
|
4243
|
+
let closureContext;
|
|
4244
|
+
globalThis.__wix_context__ = void 0;
|
|
4245
|
+
wixContext.client = void 0;
|
|
4246
|
+
wixContext.elevatedClient = void 0;
|
|
4247
|
+
if (typeof $wixContext !== "undefined") {
|
|
4248
|
+
closureContext = {
|
|
4249
|
+
client: $wixContext?.client,
|
|
4250
|
+
elevatedClient: $wixContext?.elevatedClient
|
|
4251
|
+
};
|
|
4252
|
+
delete $wixContext.client;
|
|
4253
|
+
delete $wixContext.elevatedClient;
|
|
4254
|
+
}
|
|
4255
|
+
try {
|
|
4256
|
+
return fn();
|
|
4257
|
+
} finally {
|
|
4258
|
+
globalThis.__wix_context__ = globalContext;
|
|
4259
|
+
wixContext.client = moduleContext.client;
|
|
4260
|
+
wixContext.elevatedClient = moduleContext.elevatedClient;
|
|
4261
|
+
if (typeof $wixContext !== "undefined") {
|
|
4262
|
+
$wixContext.client = closureContext.client;
|
|
4263
|
+
$wixContext.elevatedClient = closureContext.elevatedClient;
|
|
4264
|
+
}
|
|
4265
|
+
}
|
|
4266
|
+
}
|
|
4267
|
+
|
|
4268
|
+
// ../../node_modules/@wix/sdk/build/rest-modules.js
|
|
4269
|
+
function buildRESTDescriptor(origFunc, publicMetadata, boundFetch, wixAPIFetch, getActiveToken, options) {
|
|
4270
|
+
return runWithoutContext(() => origFunc({
|
|
4271
|
+
request: async (factory) => {
|
|
4272
|
+
const requestOptions = factory({
|
|
4273
|
+
host: options?.HTTPHost || DEFAULT_API_URL
|
|
4274
|
+
});
|
|
4275
|
+
let request = requestOptions;
|
|
4276
|
+
if (request.method === "GET" && request.fallback?.length && request.params.toString().length > 4e3) {
|
|
4277
|
+
request = requestOptions.fallback[0];
|
|
4278
|
+
}
|
|
4279
|
+
const domain = options?.HTTPHost ?? DEFAULT_API_URL;
|
|
4280
|
+
let url = `https://${domain}${request.url}`;
|
|
4281
|
+
if (request.params && request.params.toString()) {
|
|
4282
|
+
url += `?${request.params.toString()}`;
|
|
4283
|
+
}
|
|
4284
|
+
try {
|
|
4285
|
+
const biHeader = biHeaderGenerator(requestOptions, publicMetadata);
|
|
4286
|
+
const res = await boundFetch(url, {
|
|
4287
|
+
method: request.method,
|
|
4288
|
+
...request.data && {
|
|
4289
|
+
body: JSON.stringify(request.data)
|
|
4290
|
+
},
|
|
4291
|
+
headers: {
|
|
4292
|
+
...biHeader
|
|
4293
|
+
}
|
|
4294
|
+
});
|
|
4295
|
+
if (res.status !== 200) {
|
|
4296
|
+
let dataError = null;
|
|
4297
|
+
try {
|
|
4298
|
+
dataError = await res.json();
|
|
4299
|
+
} catch (e) {
|
|
4300
|
+
}
|
|
4301
|
+
throw errorBuilder2(res.status, dataError?.message, dataError?.details, {
|
|
4302
|
+
requestId: res.headers.get("X-Wix-Request-Id"),
|
|
4303
|
+
details: dataError
|
|
4304
|
+
});
|
|
4305
|
+
}
|
|
4306
|
+
const data = await res.json();
|
|
4307
|
+
return {
|
|
4308
|
+
data,
|
|
4309
|
+
headers: res.headers,
|
|
4310
|
+
status: res.status,
|
|
4311
|
+
statusText: res.statusText
|
|
4312
|
+
};
|
|
4313
|
+
} catch (e) {
|
|
4314
|
+
if (e.message?.includes("fetch is not defined")) {
|
|
4315
|
+
console.error("Node.js v18+ is required");
|
|
4316
|
+
}
|
|
4317
|
+
throw e;
|
|
4318
|
+
}
|
|
4319
|
+
},
|
|
4320
|
+
fetchWithAuth: boundFetch,
|
|
4321
|
+
wixAPIFetch,
|
|
4322
|
+
getActiveToken
|
|
4323
|
+
}));
|
|
4324
|
+
}
|
|
4325
|
+
var errorBuilder2 = (code, description, details, data) => {
|
|
4326
|
+
return {
|
|
4327
|
+
response: {
|
|
4328
|
+
data: {
|
|
4329
|
+
details: {
|
|
4330
|
+
...!details?.validationError && {
|
|
4331
|
+
applicationError: {
|
|
4332
|
+
description,
|
|
4333
|
+
code,
|
|
4334
|
+
data
|
|
4335
|
+
}
|
|
4336
|
+
},
|
|
4337
|
+
...details
|
|
4338
|
+
},
|
|
4339
|
+
message: description
|
|
4340
|
+
},
|
|
4341
|
+
status: code
|
|
4342
|
+
}
|
|
4343
|
+
};
|
|
4344
|
+
};
|
|
4345
|
+
|
|
4346
|
+
// ../../node_modules/@wix/sdk/build/nanoevents.js
|
|
4347
|
+
function createNanoEvents() {
|
|
4348
|
+
return {
|
|
4349
|
+
emit(event, ...args) {
|
|
4350
|
+
for (let i = 0, callbacks = this.events[event] || [], length = callbacks.length; i < length; i++) {
|
|
4351
|
+
callbacks[i](...args);
|
|
4352
|
+
}
|
|
4353
|
+
},
|
|
4354
|
+
events: {},
|
|
4355
|
+
on(event, cb) {
|
|
4356
|
+
(this.events[event] ||= []).push(cb);
|
|
4357
|
+
return () => {
|
|
4358
|
+
this.events[event] = this.events[event]?.filter((i) => cb !== i);
|
|
4359
|
+
};
|
|
4360
|
+
}
|
|
4361
|
+
};
|
|
4362
|
+
}
|
|
4363
|
+
|
|
4364
|
+
// ../../node_modules/@wix/sdk/build/event-handlers-modules.js
|
|
4365
|
+
var isEventHandlerModule = (val) => val.__type === "event-definition";
|
|
4366
|
+
function runHandler(eventDefinition, handler, payload, baseEventMetadata) {
|
|
4367
|
+
let envelope;
|
|
4368
|
+
if (eventDefinition.isDomainEvent) {
|
|
4369
|
+
const domainEventPayload = payload;
|
|
4370
|
+
const { deletedEvent, actionEvent, createdEvent, updatedEvent, ...domainEventMetadata } = domainEventPayload;
|
|
4371
|
+
const metadata = {
|
|
4372
|
+
...baseEventMetadata,
|
|
4373
|
+
...domainEventMetadata
|
|
4374
|
+
};
|
|
4375
|
+
if (deletedEvent) {
|
|
4376
|
+
if (deletedEvent?.deletedEntity) {
|
|
4377
|
+
envelope = {
|
|
4378
|
+
entity: deletedEvent?.deletedEntity,
|
|
4379
|
+
metadata
|
|
4380
|
+
};
|
|
4381
|
+
} else {
|
|
4382
|
+
envelope = { metadata };
|
|
4383
|
+
}
|
|
4384
|
+
} else if (actionEvent) {
|
|
4385
|
+
envelope = {
|
|
4386
|
+
data: actionEvent.body,
|
|
4387
|
+
metadata
|
|
4388
|
+
};
|
|
4389
|
+
} else {
|
|
4390
|
+
envelope = {
|
|
4391
|
+
entity: createdEvent?.entity ?? updatedEvent?.currentEntity,
|
|
4392
|
+
metadata
|
|
4393
|
+
};
|
|
4394
|
+
}
|
|
4395
|
+
} else {
|
|
4396
|
+
envelope = {
|
|
4397
|
+
data: payload,
|
|
4398
|
+
metadata: baseEventMetadata
|
|
4399
|
+
};
|
|
4400
|
+
}
|
|
4401
|
+
const transformFromRESTFn = eventDefinition.transformations ?? ((x) => x);
|
|
4402
|
+
return handler(transformFromRESTFn(envelope));
|
|
4403
|
+
}
|
|
4404
|
+
function eventHandlersModules(authStrategy) {
|
|
4405
|
+
const eventHandlers = /* @__PURE__ */ new Map();
|
|
4406
|
+
const webhooksEmitter = createNanoEvents();
|
|
4407
|
+
const client = {
|
|
4408
|
+
...webhooksEmitter,
|
|
4409
|
+
getRegisteredEvents: () => eventHandlers,
|
|
4410
|
+
async process(jwt, opts = {
|
|
4411
|
+
expectedEvents: []
|
|
4412
|
+
}) {
|
|
4413
|
+
const { eventType, identity, instanceId, payload } = await this.parseJWT(jwt);
|
|
4414
|
+
const allExpectedEvents = [
|
|
4415
|
+
...opts.expectedEvents,
|
|
4416
|
+
...Array.from(eventHandlers.keys()).map((type) => ({ type }))
|
|
4417
|
+
];
|
|
4418
|
+
if (allExpectedEvents.length > 0 && !allExpectedEvents.some(({ type }) => type === eventType)) {
|
|
4419
|
+
throw new Error(`Unexpected event type: ${eventType}. Expected one of: ${allExpectedEvents.map((x) => x.type).join(", ")}`);
|
|
4420
|
+
}
|
|
4421
|
+
const handlers = eventHandlers.get(eventType) ?? [];
|
|
4422
|
+
await Promise.all(handlers.map(({ eventDefinition, handler }) => runHandler(eventDefinition, handler, payload, {
|
|
4423
|
+
instanceId,
|
|
4424
|
+
identity
|
|
4425
|
+
})));
|
|
4426
|
+
return {
|
|
4427
|
+
instanceId,
|
|
4428
|
+
eventType,
|
|
4429
|
+
payload,
|
|
4430
|
+
identity
|
|
4431
|
+
};
|
|
4432
|
+
},
|
|
4433
|
+
async processRequest(request, opts) {
|
|
4434
|
+
const body = await request.text();
|
|
4435
|
+
return this.process(body, opts);
|
|
4436
|
+
},
|
|
4437
|
+
async parseJWT(jwt) {
|
|
4438
|
+
if (!authStrategy.decodeJWT) {
|
|
4439
|
+
throw new Error("decodeJWT is not supported by the authentication strategy");
|
|
4440
|
+
}
|
|
4441
|
+
const { decoded, valid } = await authStrategy.decodeJWT(jwt);
|
|
4442
|
+
if (!valid) {
|
|
4443
|
+
throw new Error("JWT is not valid");
|
|
4444
|
+
}
|
|
4445
|
+
if (typeof decoded.data !== "string") {
|
|
4446
|
+
throw new Error(`Unexpected type of JWT data: expected string, got ${typeof decoded.data}`);
|
|
4447
|
+
}
|
|
4448
|
+
const parsedDecoded = JSON.parse(decoded.data);
|
|
4449
|
+
const eventType = parsedDecoded.eventType;
|
|
4450
|
+
const instanceId = parsedDecoded.instanceId;
|
|
4451
|
+
const identity = parsedDecoded.identity ? JSON.parse(parsedDecoded.identity) : void 0;
|
|
4452
|
+
const payload = JSON.parse(parsedDecoded.data);
|
|
4453
|
+
return {
|
|
4454
|
+
instanceId,
|
|
4455
|
+
eventType,
|
|
4456
|
+
payload,
|
|
4457
|
+
identity
|
|
4458
|
+
};
|
|
4459
|
+
},
|
|
4460
|
+
async parseRequest(request) {
|
|
4461
|
+
const jwt = await request.text();
|
|
4462
|
+
return this.parseJWT(jwt);
|
|
4463
|
+
},
|
|
4464
|
+
async executeHandlers(event) {
|
|
4465
|
+
const allExpectedEvents = Array.from(eventHandlers.keys()).map((type) => ({ type }));
|
|
4466
|
+
if (allExpectedEvents.length > 0 && !allExpectedEvents.some(({ type }) => type === event.eventType)) {
|
|
4467
|
+
throw new Error(`Unexpected event type: ${event.eventType}. Expected one of: ${allExpectedEvents.map((x) => x.type).join(", ")}`);
|
|
4468
|
+
}
|
|
4469
|
+
const handlers = eventHandlers.get(event.eventType) ?? [];
|
|
4470
|
+
await Promise.all(handlers.map(({ eventDefinition, handler }) => runHandler(eventDefinition, handler, event.payload, {
|
|
4471
|
+
instanceId: event.instanceId,
|
|
4472
|
+
identity: event.identity
|
|
4473
|
+
})));
|
|
4474
|
+
},
|
|
4475
|
+
apps: {
|
|
4476
|
+
AppInstalled: EventDefinition("AppInstalled")(),
|
|
4477
|
+
AppRemoved: EventDefinition("AppRemoved")()
|
|
4478
|
+
}
|
|
4479
|
+
};
|
|
4480
|
+
return {
|
|
4481
|
+
initModule(eventDefinition) {
|
|
4482
|
+
return (handler) => {
|
|
4483
|
+
const handlers = eventHandlers.get(eventDefinition.type) ?? [];
|
|
4484
|
+
handlers.push({ eventDefinition, handler });
|
|
4485
|
+
eventHandlers.set(eventDefinition.type, handlers);
|
|
4486
|
+
webhooksEmitter.emit("registered", eventDefinition);
|
|
4487
|
+
};
|
|
4488
|
+
},
|
|
4489
|
+
client
|
|
4490
|
+
};
|
|
4491
|
+
}
|
|
4492
|
+
|
|
4493
|
+
// ../../node_modules/@wix/sdk/build/service-plugin-modules.js
|
|
4494
|
+
var isServicePluginModule = (val) => val.__type === "service-plugin-definition";
|
|
4495
|
+
function servicePluginsModules(authStrategy) {
|
|
4496
|
+
const servicePluginsImplementations = /* @__PURE__ */ new Map();
|
|
4497
|
+
const servicePluginsEmitter = createNanoEvents();
|
|
4498
|
+
const client = {
|
|
4499
|
+
...servicePluginsEmitter,
|
|
4500
|
+
getRegisteredServicePlugins: () => servicePluginsImplementations,
|
|
4501
|
+
async parseJWT(jwt) {
|
|
4502
|
+
if (!authStrategy.decodeJWT) {
|
|
4503
|
+
throw new Error("decodeJWT is not supported by the authentication strategy");
|
|
4504
|
+
}
|
|
4505
|
+
const { decoded, valid } = await authStrategy.decodeJWT(jwt, true);
|
|
4506
|
+
if (!valid) {
|
|
4507
|
+
throw new Error("JWT is not valid");
|
|
4508
|
+
}
|
|
4509
|
+
if (typeof decoded.data !== "object" || decoded.data === null || !("metadata" in decoded.data) || typeof decoded.data.metadata !== "object" || decoded.data.metadata === null || !("appExtensionType" in decoded.data.metadata) || typeof decoded.data.metadata.appExtensionType !== "string") {
|
|
4510
|
+
throw new Error("Unexpected JWT data: expected object with metadata.appExtensionType string");
|
|
4511
|
+
}
|
|
4512
|
+
return decoded.data;
|
|
4513
|
+
},
|
|
4514
|
+
async process(request) {
|
|
4515
|
+
const servicePluginRequest = await this.parseJWT(request.body);
|
|
4516
|
+
return this.executeHandler(servicePluginRequest, request.url);
|
|
4517
|
+
},
|
|
4518
|
+
async parseRequest(request) {
|
|
4519
|
+
const body = await request.text();
|
|
4520
|
+
return this.parseJWT(body);
|
|
4521
|
+
},
|
|
4522
|
+
async processRequest(request) {
|
|
4523
|
+
const url = request.url;
|
|
4524
|
+
const body = await request.text();
|
|
4525
|
+
const implMethodResult = await this.process({ url, body });
|
|
4526
|
+
return Response.json(implMethodResult);
|
|
4527
|
+
},
|
|
4528
|
+
async executeHandler(servicePluginRequest, url) {
|
|
4529
|
+
const componentType = servicePluginRequest.metadata.appExtensionType.toLowerCase();
|
|
4530
|
+
const implementations = servicePluginsImplementations.get(componentType) ?? [];
|
|
4531
|
+
if (implementations.length === 0) {
|
|
4532
|
+
throw new Error(`No service plugin implementations found for component type ${componentType}`);
|
|
4533
|
+
} else if (implementations.length > 1) {
|
|
4534
|
+
throw new Error(`Multiple service plugin implementations found for component type ${componentType}. This is currently not supported`);
|
|
4535
|
+
}
|
|
4536
|
+
const { implementation: impl, servicePluginDefinition } = implementations[0];
|
|
4537
|
+
const method = servicePluginDefinition.methods.find((m) => url.endsWith(m.primaryHttpMappingPath));
|
|
4538
|
+
if (!method) {
|
|
4539
|
+
throw new Error("Unexpect request: request url did not match any method: " + url);
|
|
4540
|
+
}
|
|
4541
|
+
const implMethod = impl[method.name];
|
|
4542
|
+
if (!implMethod) {
|
|
4543
|
+
throw new Error(`Got request for service plugin method ${method.name} but no implementation was provided. Available methods: ${Object.keys(impl).join(", ")}`);
|
|
4544
|
+
}
|
|
4545
|
+
return method.transformations.toREST(await implMethod(method.transformations.fromREST(servicePluginRequest)));
|
|
4546
|
+
}
|
|
4547
|
+
};
|
|
4548
|
+
return {
|
|
4549
|
+
initModule(servicePluginDefinition) {
|
|
4550
|
+
return (implementation) => {
|
|
4551
|
+
const implementations = servicePluginsImplementations.get(servicePluginDefinition.componentType.toLowerCase()) ?? [];
|
|
4552
|
+
implementations.push({ servicePluginDefinition, implementation });
|
|
4553
|
+
servicePluginsImplementations.set(servicePluginDefinition.componentType.toLowerCase(), implementations);
|
|
4554
|
+
servicePluginsEmitter.emit("registered", servicePluginDefinition);
|
|
4555
|
+
};
|
|
4556
|
+
},
|
|
4557
|
+
client
|
|
4558
|
+
};
|
|
4559
|
+
}
|
|
4560
|
+
|
|
4561
|
+
// ../../node_modules/@wix/sdk/build/wixClient.js
|
|
4562
|
+
function createClient(config) {
|
|
4563
|
+
const _headers = config.headers || { Authorization: "" };
|
|
4564
|
+
const authStrategy = config.auth || {
|
|
4565
|
+
getAuthHeaders: (_) => Promise.resolve({ headers: {} })
|
|
4566
|
+
};
|
|
4567
|
+
const boundGetAuthHeaders = authStrategy.getAuthHeaders.bind(void 0, config.host);
|
|
4568
|
+
authStrategy.getAuthHeaders = boundGetAuthHeaders;
|
|
4569
|
+
const { client: servicePluginsClient, initModule: initServicePluginModule } = servicePluginsModules(authStrategy);
|
|
4570
|
+
const { client: eventHandlersClient, initModule: initEventHandlerModule } = eventHandlersModules(authStrategy);
|
|
4571
|
+
const boundFetch = async (url, options) => {
|
|
4572
|
+
const authHeaders = await boundGetAuthHeaders();
|
|
4573
|
+
const defaultContentTypeHeader = getDefaultContentHeader(options);
|
|
4574
|
+
return fetch(url, {
|
|
4575
|
+
...options,
|
|
4576
|
+
headers: {
|
|
4577
|
+
...defaultContentTypeHeader,
|
|
4578
|
+
..._headers,
|
|
4579
|
+
...authHeaders?.headers,
|
|
4580
|
+
...options?.headers
|
|
4581
|
+
}
|
|
4582
|
+
});
|
|
4583
|
+
};
|
|
4584
|
+
const use = (modules, metadata) => {
|
|
4585
|
+
if (isEventHandlerModule(modules)) {
|
|
4586
|
+
return initEventHandlerModule(modules);
|
|
4587
|
+
} else if (isServicePluginModule(modules)) {
|
|
4588
|
+
return initServicePluginModule(modules);
|
|
4589
|
+
} else if (isHostModule(modules) && config.host) {
|
|
4590
|
+
return buildHostModule(modules, config.host);
|
|
4591
|
+
} else if (typeof modules === "function") {
|
|
4592
|
+
if ("__type" in modules && modules.__type === SERVICE_PLUGIN_ERROR_TYPE) {
|
|
4593
|
+
return modules;
|
|
4594
|
+
}
|
|
4595
|
+
const apiBaseUrl = config.host?.apiBaseUrl ?? DEFAULT_API_URL;
|
|
4596
|
+
return buildRESTDescriptor(runWithoutContext(() => isAmbassadorModule(modules)) ? toHTTPModule(modules) : modules, metadata ?? {}, boundFetch, (relativeUrl, fetchOptions) => {
|
|
4597
|
+
const finalUrl = new URL(relativeUrl, `https://${apiBaseUrl}`);
|
|
4598
|
+
finalUrl.host = apiBaseUrl;
|
|
4599
|
+
finalUrl.protocol = "https";
|
|
4600
|
+
return boundFetch(finalUrl.toString(), fetchOptions);
|
|
4601
|
+
}, authStrategy.getActiveToken, { HTTPHost: apiBaseUrl });
|
|
4602
|
+
} else if (isObject(modules)) {
|
|
4603
|
+
return Object.fromEntries(Object.entries(modules).map(([key, value]) => {
|
|
4604
|
+
return [key, use(value, modules[PUBLIC_METADATA_KEY])];
|
|
4605
|
+
}));
|
|
4606
|
+
} else {
|
|
4607
|
+
return modules;
|
|
4608
|
+
}
|
|
4609
|
+
};
|
|
4610
|
+
const setHeaders = (headers) => {
|
|
4611
|
+
for (const k in headers) {
|
|
4612
|
+
_headers[k] = headers[k];
|
|
4613
|
+
}
|
|
4614
|
+
};
|
|
4615
|
+
const wrappedModules = config.modules ? use(config.modules) : {};
|
|
4616
|
+
return {
|
|
4617
|
+
...wrappedModules,
|
|
4618
|
+
auth: authStrategy,
|
|
4619
|
+
setHeaders,
|
|
4620
|
+
use,
|
|
4621
|
+
enableContext(contextType, opts = { elevated: false }) {
|
|
4622
|
+
if (contextType === "global") {
|
|
4623
|
+
if (globalThis.__wix_context__ != null) {
|
|
4624
|
+
if (opts.elevated) {
|
|
4625
|
+
globalThis.__wix_context__.elevatedClient = this;
|
|
4626
|
+
} else {
|
|
4627
|
+
globalThis.__wix_context__.client = this;
|
|
4628
|
+
}
|
|
4629
|
+
} else {
|
|
4630
|
+
if (opts.elevated) {
|
|
4631
|
+
globalThis.__wix_context__ = { elevatedClient: this };
|
|
4632
|
+
} else {
|
|
4633
|
+
globalThis.__wix_context__ = { client: this };
|
|
4634
|
+
}
|
|
4635
|
+
}
|
|
4636
|
+
} else {
|
|
4637
|
+
if (opts.elevated) {
|
|
4638
|
+
wixContext.elevatedClient = this;
|
|
4639
|
+
} else {
|
|
4640
|
+
wixContext.client = this;
|
|
4641
|
+
}
|
|
4642
|
+
}
|
|
4643
|
+
},
|
|
4644
|
+
fetch: (relativeUrl, options) => {
|
|
4645
|
+
const apiBaseUrl = config.host?.apiBaseUrl ?? DEFAULT_API_URL;
|
|
4646
|
+
const finalUrl = new URL(relativeUrl, `https://${apiBaseUrl}`);
|
|
4647
|
+
finalUrl.host = apiBaseUrl;
|
|
4648
|
+
finalUrl.protocol = "https";
|
|
4649
|
+
return boundFetch(finalUrl.toString(), options);
|
|
4650
|
+
},
|
|
4651
|
+
fetchWithAuth: async (urlOrRequest, requestInit) => {
|
|
4652
|
+
if (typeof urlOrRequest === "string" || urlOrRequest instanceof URL) {
|
|
4653
|
+
return fetch(urlOrRequest, {
|
|
4654
|
+
...requestInit,
|
|
4655
|
+
headers: {
|
|
4656
|
+
...requestInit?.headers,
|
|
4657
|
+
...(await boundGetAuthHeaders()).headers
|
|
4658
|
+
}
|
|
4659
|
+
});
|
|
4660
|
+
} else {
|
|
4661
|
+
for (const [k, v] of Object.entries((await boundGetAuthHeaders()).headers)) {
|
|
4662
|
+
urlOrRequest.headers.set(k, v);
|
|
4663
|
+
}
|
|
4664
|
+
return fetch(urlOrRequest, requestInit);
|
|
4665
|
+
}
|
|
4666
|
+
},
|
|
4667
|
+
async graphql(query, variables, opts = {
|
|
4668
|
+
apiVersion: "alpha"
|
|
4669
|
+
}) {
|
|
4670
|
+
const apiBaseUrl = config?.host?.apiBaseUrl ?? DEFAULT_API_URL;
|
|
4671
|
+
const res = await boundFetch(`https://${apiBaseUrl}/graphql/${opts.apiVersion}`, {
|
|
4672
|
+
method: "POST",
|
|
4673
|
+
headers: {
|
|
4674
|
+
"Content-Type": "application/json"
|
|
4675
|
+
},
|
|
4676
|
+
body: JSON.stringify({ query, variables })
|
|
4677
|
+
});
|
|
4678
|
+
if (res.status !== 200) {
|
|
4679
|
+
throw new FetchErrorResponse(`GraphQL request failed with status ${res.status}`, res);
|
|
4680
|
+
}
|
|
4681
|
+
const { data, errors } = await res.json();
|
|
4682
|
+
return { data: data ?? {}, errors };
|
|
4683
|
+
},
|
|
4684
|
+
webhooks: eventHandlersClient,
|
|
4685
|
+
servicePlugins: servicePluginsClient
|
|
4686
|
+
};
|
|
4687
|
+
}
|
|
4688
|
+
|
|
4689
|
+
// ../../node_modules/@wix/sdk/build/auth/AppStrategy.js
|
|
4690
|
+
function AppStrategy(opts) {
|
|
4691
|
+
const authServerBaseUrl = opts.authServerBaseUrl ?? "https://www.wixapis.com";
|
|
4692
|
+
let refreshToken = "refreshToken" in opts ? opts.refreshToken : void 0;
|
|
4693
|
+
return {
|
|
4694
|
+
getInstallUrl({ redirectUrl, token, state }) {
|
|
4695
|
+
const params = new URLSearchParams();
|
|
4696
|
+
params.set("redirectUrl", redirectUrl);
|
|
4697
|
+
params.set("appId", opts.appId);
|
|
4698
|
+
if (state) {
|
|
4699
|
+
params.set("state", state);
|
|
4700
|
+
}
|
|
4701
|
+
if (token) {
|
|
4702
|
+
params.set("token", token);
|
|
4703
|
+
}
|
|
4704
|
+
return `https://www.wix.com/installer/install?${params.toString()}`;
|
|
4705
|
+
},
|
|
4706
|
+
async handleOAuthCallback(url, oauthOpts) {
|
|
4707
|
+
if (!opts.appSecret) {
|
|
4708
|
+
throw new Error("App secret is required for handling OAuth callback. Make sure to pass it to the AppStrategy");
|
|
4709
|
+
}
|
|
4710
|
+
const params = new URLSearchParams(new URL(url).search);
|
|
4711
|
+
const state = params.get("state");
|
|
4712
|
+
if (state && oauthOpts?.state && state !== oauthOpts.state) {
|
|
4713
|
+
throw new Error(`Invalid OAuth callback URL. Expected state to be "${oauthOpts.state}" but got "${state}"`);
|
|
4714
|
+
}
|
|
4715
|
+
const code = params.get("code");
|
|
4716
|
+
const instanceId = params.get("instanceId");
|
|
4717
|
+
if (!code || !instanceId) {
|
|
4718
|
+
throw new Error("Invalid OAuth callback URL. Make sure you pass the url including the code and instanceId query params.");
|
|
4719
|
+
}
|
|
4720
|
+
const tokenUrl = new URL("/oauth/access", authServerBaseUrl);
|
|
4721
|
+
const tokensRes = await fetch(tokenUrl.href, {
|
|
4722
|
+
method: "POST",
|
|
4723
|
+
headers: {
|
|
4724
|
+
"Content-Type": "application/json"
|
|
4725
|
+
},
|
|
4726
|
+
body: JSON.stringify({
|
|
4727
|
+
code,
|
|
4728
|
+
client_id: opts.appId,
|
|
4729
|
+
client_secret: opts.appSecret,
|
|
4730
|
+
grant_type: "authorization_code"
|
|
4731
|
+
})
|
|
4732
|
+
});
|
|
4733
|
+
if (tokensRes.status !== 200) {
|
|
4734
|
+
throw new Error(`Failed to exchange authorization code for refresh token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
|
|
4735
|
+
}
|
|
4736
|
+
const tokens = await tokensRes.json();
|
|
4737
|
+
refreshToken = tokens.refresh_token;
|
|
4738
|
+
return {
|
|
4739
|
+
instanceId,
|
|
4740
|
+
accessToken: tokens.access_token,
|
|
4741
|
+
refreshToken: tokens.refresh_token
|
|
4742
|
+
};
|
|
4743
|
+
},
|
|
4744
|
+
async getAuthHeaders() {
|
|
4745
|
+
if ("refreshToken" in opts || refreshToken) {
|
|
4746
|
+
if (!opts.appSecret) {
|
|
4747
|
+
throw new Error("App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy");
|
|
4748
|
+
}
|
|
4749
|
+
const tokenUrl = new URL("/oauth/access", authServerBaseUrl);
|
|
4750
|
+
const tokensRes = await fetch(tokenUrl.href, {
|
|
4751
|
+
method: "POST",
|
|
4752
|
+
headers: {
|
|
4753
|
+
"Content-Type": "application/json"
|
|
4754
|
+
},
|
|
4755
|
+
body: JSON.stringify({
|
|
4756
|
+
refresh_token: refreshToken,
|
|
4757
|
+
client_id: opts.appId,
|
|
4758
|
+
client_secret: opts.appSecret,
|
|
4759
|
+
grant_type: "refresh_token"
|
|
4760
|
+
})
|
|
4761
|
+
});
|
|
4762
|
+
if (tokensRes.status !== 200) {
|
|
4763
|
+
throw new Error(`Failed to exchange refresh token for access token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
|
|
4764
|
+
}
|
|
4765
|
+
const tokens = await tokensRes.json();
|
|
4766
|
+
refreshToken = tokens.refresh_token;
|
|
4767
|
+
return {
|
|
4768
|
+
headers: {
|
|
4769
|
+
Authorization: tokens.access_token
|
|
4770
|
+
}
|
|
4771
|
+
};
|
|
4772
|
+
} else if ("instanceId" in opts) {
|
|
4773
|
+
if (!opts.appSecret) {
|
|
4774
|
+
throw new Error("App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy");
|
|
4775
|
+
}
|
|
4776
|
+
const tokenUrl = new URL("/oauth2/token", authServerBaseUrl);
|
|
4777
|
+
const tokensRes = await fetch(tokenUrl.href, {
|
|
4778
|
+
method: "POST",
|
|
4779
|
+
headers: {
|
|
4780
|
+
"Content-Type": "application/json"
|
|
4781
|
+
},
|
|
4782
|
+
body: JSON.stringify({
|
|
4783
|
+
instance_id: opts.instanceId,
|
|
4784
|
+
client_id: opts.appId,
|
|
4785
|
+
client_secret: opts.appSecret,
|
|
4786
|
+
grant_type: "client_credentials"
|
|
4787
|
+
})
|
|
4788
|
+
});
|
|
4789
|
+
if (tokensRes.status !== 200) {
|
|
4790
|
+
throw new Error(`Failed to exchange instance ID for access token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
|
|
4791
|
+
}
|
|
4792
|
+
const tokens = await tokensRes.json();
|
|
4793
|
+
return {
|
|
4794
|
+
headers: {
|
|
4795
|
+
Authorization: tokens.access_token
|
|
4796
|
+
}
|
|
4797
|
+
};
|
|
4798
|
+
} else if ("accessToken" in opts && opts.accessToken) {
|
|
4799
|
+
return {
|
|
4800
|
+
headers: {
|
|
4801
|
+
Authorization: opts.accessToken
|
|
4802
|
+
}
|
|
4803
|
+
};
|
|
4804
|
+
} else {
|
|
4805
|
+
throw new Error("Missing refresh token or instance ID. Either one is needed to get app level access tokens. Make sure to pass one of them to the AppStrategy");
|
|
4806
|
+
}
|
|
4807
|
+
},
|
|
4808
|
+
async elevated() {
|
|
4809
|
+
if ("accessToken" in opts && opts.accessToken) {
|
|
4810
|
+
const tokenInfo = await getTokenInfo(opts.accessToken, authServerBaseUrl);
|
|
4811
|
+
if (tokenInfo.clientId !== opts.appId) {
|
|
4812
|
+
throw new Error(`Invalid access token. The token is not issued for the app with ID "${opts.appId}"`);
|
|
4813
|
+
}
|
|
4814
|
+
if (!tokenInfo.instanceId) {
|
|
4815
|
+
throw new Error("Unexpected token info. The token does not contain instance ID");
|
|
4816
|
+
}
|
|
4817
|
+
return AppStrategy({
|
|
4818
|
+
appId: opts.appId,
|
|
4819
|
+
appSecret: opts.appSecret,
|
|
4820
|
+
publicKey: opts.publicKey,
|
|
4821
|
+
instanceId: tokenInfo.instanceId,
|
|
4822
|
+
authServerBaseUrl: opts.authServerBaseUrl
|
|
4823
|
+
});
|
|
4824
|
+
} else {
|
|
4825
|
+
throw new Error("Providing an access token is required to perform elevation. Make sure to pass it to the AppStrategy");
|
|
4826
|
+
}
|
|
4827
|
+
},
|
|
4828
|
+
async decodeJWT(token, verifyCallerClaims = false) {
|
|
4829
|
+
if (!opts.publicKey) {
|
|
4830
|
+
throw new Error("Missing public key. Make sure to pass it to the AppStrategy");
|
|
4831
|
+
}
|
|
4832
|
+
const { jwtVerify: jwtVerify2, importSPKI: importSPKI2 } = await Promise.resolve().then(() => (init_browser(), browser_exports));
|
|
4833
|
+
const publicKey = await importSPKI2(parsePublicKeyIfEncoded(opts.publicKey), "RS256");
|
|
4834
|
+
const decoded = await jwtVerify2(token, publicKey, verifyCallerClaims ? {
|
|
4835
|
+
issuer: "wix.com",
|
|
4836
|
+
audience: opts.appId
|
|
4837
|
+
} : void 0);
|
|
4838
|
+
return {
|
|
4839
|
+
decoded: {
|
|
4840
|
+
data: decoded.payload.data
|
|
4841
|
+
},
|
|
4842
|
+
valid: true
|
|
4843
|
+
};
|
|
4844
|
+
},
|
|
4845
|
+
async getTokenInfo() {
|
|
4846
|
+
const tokenToCheck = refreshToken ?? ("accessToken" in opts ? opts.accessToken : void 0);
|
|
4847
|
+
if (!tokenToCheck) {
|
|
4848
|
+
throw new Error("Missing token to get info for. Either pass the token as an argument or provide it when initializing the AppStrategy");
|
|
4849
|
+
}
|
|
4850
|
+
return getTokenInfo(tokenToCheck, authServerBaseUrl);
|
|
4851
|
+
},
|
|
4852
|
+
getActiveToken() {
|
|
4853
|
+
return "accessToken" in opts ? opts.accessToken : refreshToken;
|
|
4854
|
+
}
|
|
4855
|
+
};
|
|
4856
|
+
}
|
|
4857
|
+
async function getTokenInfo(token, authServerBaseUrl) {
|
|
4858
|
+
const tokenInfoUrl = new URL("/oauth2/token-info", authServerBaseUrl);
|
|
4859
|
+
const tokenInfoRes = await fetch(tokenInfoUrl.href, {
|
|
4860
|
+
method: "POST",
|
|
4861
|
+
headers: {
|
|
4862
|
+
"Content-Type": "application/json"
|
|
4863
|
+
},
|
|
4864
|
+
body: JSON.stringify({
|
|
4865
|
+
token
|
|
4866
|
+
})
|
|
4867
|
+
});
|
|
4868
|
+
if (tokenInfoRes.status !== 200) {
|
|
4869
|
+
throw new Error(`Failed to get token info. Unexpected status code from Wix OAuth API: ${tokenInfoRes.status}`);
|
|
4870
|
+
}
|
|
4871
|
+
return await tokenInfoRes.json();
|
|
4872
|
+
}
|
|
4873
|
+
|
|
4874
|
+
// src/utils.ts
|
|
4
4875
|
var supportedMethods = ["GET", "POST", "PUT", "DELETE"];
|
|
5
4876
|
function deriveTagName(elementPath) {
|
|
6
4877
|
return dirname(elementPath).split(sep).at(-1);
|
|
@@ -70,7 +4941,6 @@ var ApiHandler = class {
|
|
|
70
4941
|
};
|
|
71
4942
|
|
|
72
4943
|
// src/eventsHandler.ts
|
|
73
|
-
import { createClient } from "@wix/sdk";
|
|
74
4944
|
var EventHandler = class {
|
|
75
4945
|
constructor(events2, callsHandler) {
|
|
76
4946
|
this.events = events2;
|
|
@@ -130,12 +5000,11 @@ var EventHandler = class {
|
|
|
130
5000
|
};
|
|
131
5001
|
|
|
132
5002
|
// src/servicePluginHandler.ts
|
|
133
|
-
import { createClient as createClient2 } from "@wix/sdk";
|
|
134
5003
|
var ServicePluginHandler = class {
|
|
135
5004
|
constructor(servicePlugins2, callsHandler) {
|
|
136
5005
|
this.servicePlugins = servicePlugins2;
|
|
137
5006
|
this.callsHandler = callsHandler;
|
|
138
|
-
this.wixClient =
|
|
5007
|
+
this.wixClient = createClient({
|
|
139
5008
|
auth: createAppStrategy()
|
|
140
5009
|
});
|
|
141
5010
|
}
|
|
@@ -199,7 +5068,6 @@ var ServicePluginHandler = class {
|
|
|
199
5068
|
|
|
200
5069
|
// src/callsHandler.ts
|
|
201
5070
|
import { AsyncLocalStorage } from "node:async_hooks";
|
|
202
|
-
import { createClient as createClient3 } from "@wix/sdk";
|
|
203
5071
|
|
|
204
5072
|
// ../cli-test-overrides/src/unsafe.ts
|
|
205
5073
|
import process from "node:process";
|
|
@@ -222,7 +5090,7 @@ var CallsHandler = class {
|
|
|
222
5090
|
elevatedWixClient;
|
|
223
5091
|
asyncLocalStorage = new AsyncLocalStorage();
|
|
224
5092
|
constructor() {
|
|
225
|
-
this.wixClient =
|
|
5093
|
+
this.wixClient = createClient({
|
|
226
5094
|
auth: {
|
|
227
5095
|
getAuthHeaders: (host) => {
|
|
228
5096
|
const store = this.asyncLocalStorage.getStore();
|
|
@@ -233,7 +5101,7 @@ var CallsHandler = class {
|
|
|
233
5101
|
}
|
|
234
5102
|
}
|
|
235
5103
|
});
|
|
236
|
-
this.elevatedWixClient =
|
|
5104
|
+
this.elevatedWixClient = createClient({
|
|
237
5105
|
auth: {
|
|
238
5106
|
getAuthHeaders: async (host) => {
|
|
239
5107
|
const store = this.asyncLocalStorage.getStore();
|