cassproject 5.0.11 → 5.0.12

package/README.md

@@ -46,10 +46,10 @@ Development unit tests presume you have a CaSS Repository running on `localhost:
 ## Publish checklist
 
   * `npm upgrade --save` Review dependencies, autocomplete version numbers to latest versions.
-  * Increment version number using `npm version <patch|minor|major>`. This automatically updates `package.json` and `yuidoc.json`.
+  * Increment version number using `npm version --no-git-tag-version <patch|minor|major>`. This automatically updates `package.json` and `yuidoc.json`.
   * Update changelog using `npm run changelog`, and review the changes in `CHANGELOG.md`.
   * `npm install`
-  * `npm audit` and fix any audit issues.
+  * `npm audit` and fix any audit issues. Stop if `npm audit --omit=dev` has findings.
   * Update CaSS server version if necessary in package.json
   * `npm test` - Must not fail any tests.
   * `npm run webpack:cypressFirefoxHttps` See if the firefox test case has changed.

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "cassproject",
-	"version": "5.0.11",
+	"version": "5.0.12",
 	"description": "Competency and Skills Service",
 	"main": "index.js",
 	"scripts": {
@@ -141,13 +141,10 @@
 	],
 	"dependencies": {
 		"base64-arraybuffer": "^1.0.2",
-		"forge": "^2.3.0",
 		"jsonld": "^9.0.0",
 		"node-forge": "^1.3.3",
 		"papaparse": "^5.5.3",
-		"pem-jwk": "^2.0.0",
 		"promise-worker": "^2.0.1",
-		"rdf-canonize": "^5.0.0",
 		"web-worker": "1.3.0"
 	},
 	"files": [
@@ -172,25 +169,20 @@
 	},
 	"homepage": "https://github.com/cassproject/cass-npm#readme",
 	"devDependencies": {
-		"@cypress/browserify-preprocessor": "^3.0.2",
-		"@cypress/vite-dev-server": "^7.2.0",
 		"@cypress/webpack-preprocessor": "^7.0.2",
 		"chai": "^4.5.0",
 		"concurrently": "^9.2.1",
-		"convert-hrtime": "^5.0.0",
 		"cypress": "^15.10.0",
 		"cypress-fail-fast": "^7.1.1",
-		"eslint": "^9.39.3",
+		"eslint": "^10.0.1",
 		"fake-indexeddb": "^6.2.5",
 		"mocha": "^11.7.5",
 		"node-polyfill-webpack-plugin": "^4.1.0",
 		"nodemon": "^3.1.14",
 		"nyc": "^17.1.0",
 		"sinon": "^21.0.1",
-		"url-polyfill": "^1.1.14",
 		"wait-on": "^9.0.4",
-		"webpack": "^5.105.2",
-		"webpack-cli": "^6.0.1"
+		"webpack": "^5.105.2"
 	},
 	"packageManager": "npm@11.3.0+sha512.96eb611483f49c55f7fa74df61b588de9e213f80a256728e6798ddc67176c7b07e4a1cfc7de8922422cbce02543714367037536955221fa451b0c4fefaf20c66"
 }

package/src/com/eduworks/ec/crypto/EcPk.js

@@ -1,4 +1,4 @@
-let pemJwk = require("pem-jwk");
+
 let forge = require("node-forge");
 /**
  *  Helper classes for dealing with RSA Public Keys.
@@ -25,7 +25,7 @@ module.exports = class EcPk {
 	 */
 	static fromPem(pem) {
 		let pk = EcPk.cache[pem];
-		if (pk != null) 
+		if (pk != null)
 			return pk;
 		pk = new EcPk();
 		try {
@@ -69,11 +69,11 @@ module.exports = class EcPk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs1Pem
 	 */
-	toPkcs1Pem = function() {
+	toPkcs1Pem = function () {
 		return forge.pki
 			.publicKeyToRSAPublicKeyPem(this.pk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	/**
 	 *  Encodes the public key into a PEM encoded SubjectPublicKeyInfo (PKCS#8) formatted RSA Public Key.
@@ -82,16 +82,30 @@ module.exports = class EcPk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs8Pem
 	 */
-	toPkcs8Pem = function() {
+	toPkcs8Pem = function () {
 		return forge.pki
 			.publicKeyToPem(this.pk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 
 	toJwk() {
-		if (this.jwk == null)
-			this.jwk = pemJwk.pem2jwk(forge.pki.publicKeyToPem(this.pk));
+		if (this.jwk == null) {
+			const bnToBase64Url = (bn) => {
+				let hex = bn.toString(16);
+				if (hex.length % 2 !== 0) {
+					hex = '0' + hex;
+				}
+				const bytes = forge.util.hexToBytes(hex);
+				const b64 = forge.util.encode64(bytes);
+				return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+			};
+			this.jwk = {
+				kty: "RSA",
+				n: bnToBase64Url(this.pk.n),
+				e: bnToBase64Url(this.pk.e)
+			};
+		}
 		return this.jwk;
 	}
 	/**
@@ -101,7 +115,7 @@ module.exports = class EcPk {
 	 *  @method fingerprint
 	 */
 	fingerprint() {
-		return forge.ssh.getPublicKeyFingerprint(this.pk, {encoding:"hex"});
+		return forge.ssh.getPublicKeyFingerprint(this.pk, { encoding: "hex" });
 	}
 	verify(bytes, decode64) {
 		return this.pk.verify(bytes, decode64);

package/src/com/eduworks/ec/crypto/EcPpk.js

@@ -1,4 +1,4 @@
-let pemJwk = require("pem-jwk");
+
 let forge = require("node-forge");
 let EcPk = require("./EcPk.js");
 require("../../../../org/cassproject/general/AuditLogger.js");
@@ -48,8 +48,8 @@ module.exports = class EcPpk {
 	 *  @static
 	 */
 	static generateKeyAsync(callback) {
-		return new Promise((resolve,reject)=>{
-			forge.pki.rsa.generateKeyPair({workers:-1}, function(err, keypair) {
+		return new Promise((resolve, reject) => {
+			forge.pki.rsa.generateKeyPair({ workers: -1 }, function (err, keypair) {
 				let ppk = new EcPpk();
 				ppk.ppk = keypair.privateKey;
 				if (callback != null)
@@ -66,7 +66,7 @@ module.exports = class EcPpk {
 	 *  @static
 	 */
 	static generateKey() {
-		let keypair = forge.pki.rsa.generateKeyPair({workers:-1}, null);
+		let keypair = forge.pki.rsa.generateKeyPair({ workers: -1 }, null);
 		let ppk = new EcPpk();
 		ppk.ppk = keypair.privateKey;
 		return ppk;
@@ -108,11 +108,11 @@ module.exports = class EcPpk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs1Pem
 	 */
-	toPkcs1Pem = function() {
+	toPkcs1Pem = function () {
 		return forge.pki
 			.privateKeyToPem(this.ppk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	/**
 	 *  Encodes the private key into a PEM encoded PrivateKeyInfo (PKCS#8) formatted RSA Public Key.
@@ -121,22 +121,42 @@ module.exports = class EcPpk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs8Pem
 	 */
-	toPkcs8Pem = function() {
+	toPkcs8Pem = function () {
 		return forge.pki
 			.privateKeyInfoToPem(
 				forge.pki.wrapRsaPrivateKey(
 					forge.pki.privateKeyToAsn1(this.ppk)
 				)
 			)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	toJwk() {
-		if (this.jwk == null)
-			this.jwk = pemJwk.pem2jwk(forge.pki.privateKeyToPem(this.ppk));
+		if (this.jwk == null) {
+			const bnToBase64Url = (bn) => {
+				let hex = bn.toString(16);
+				if (hex.length % 2 !== 0) {
+					hex = '0' + hex;
+				}
+				const bytes = forge.util.hexToBytes(hex);
+				const b64 = forge.util.encode64(bytes);
+				return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+			};
+			this.jwk = {
+				kty: "RSA",
+				n: bnToBase64Url(this.ppk.n),
+				e: bnToBase64Url(this.ppk.e),
+				d: bnToBase64Url(this.ppk.d),
+				p: bnToBase64Url(this.ppk.p),
+				q: bnToBase64Url(this.ppk.q),
+				dp: bnToBase64Url(this.ppk.dP),
+				dq: bnToBase64Url(this.ppk.dQ),
+				qi: bnToBase64Url(this.ppk.qInv)
+			};
+		}
 		return this.jwk;
 	}
-	toPkcs8 = function() {
+	toPkcs8 = function () {
 		return forge.pki.wrapRsaPrivateKey(
 			forge.pki.privateKeyToAsn1(this.ppk)
 		);
@@ -162,8 +182,7 @@ module.exports = class EcPpk {
 	 */
 	inArray(ppks) {
 		for (let ppk of ppks) {
-			if (ppk.equals(this))
-			{
+			if (ppk.equals(this)) {
 				return true;
 			}
 		}

package/src/test/1.EcCrypto.jwk.test.js

@@ -0,0 +1,63 @@
+let EcPpk = require("../com/eduworks/ec/crypto/EcPpk.js");
+let EcRsaOaepAsync = require("../com/eduworks/ec/crypto/EcRsaOaepAsync.js");
+let EcRsaOaep = require("../com/eduworks/ec/crypto/EcRsaOaep.js");
+let EcAes = require("../com/eduworks/ec/crypto/EcAes.js");
+let chai = require("chai");
+
+let assert = chai.assert;
+
+describe("EcCrypto JWK", () => {
+    let ppk = null;
+    let pk = null;
+
+    before(async function () {
+        this.timeout(10000);
+        ppk = await EcPpk.generateKeyAsync();
+        pk = ppk.toPk();
+    });
+
+    it('EcPpk.toJwk is valid', () => {
+        let jwk = ppk.toJwk();
+        assert.isNotNull(jwk);
+        assert.isObject(jwk);
+        assert.equal(jwk.kty, "RSA");
+        assert.isString(jwk.n);
+        assert.isString(jwk.e);
+        assert.isString(jwk.d);
+        assert.isString(jwk.p);
+        assert.isString(jwk.q);
+    });
+
+    it('EcPk.toJwk is valid', () => {
+        let jwk = pk.toJwk();
+        assert.isNotNull(jwk);
+        assert.isObject(jwk);
+        assert.equal(jwk.kty, "RSA");
+        assert.isString(jwk.n);
+        assert.isString(jwk.e);
+        assert.isUndefined(jwk.d);
+    });
+
+    it('EcRsaOaepAsync.encrypt/decrypt works with generated JWK', async () => {
+        let randomString = EcAes.newIv(256).substring(0, 190);
+
+        // The verify functions in EcRsaOaepAsync automatically use toJwk() 
+        // behind the scenes when ppk.key is null, so by passing our newly 
+        // generated keys, we are implicitly testing that the JWK format generated 
+        // by `.toJwk()` is perfectly valid for use with crypto.subtle.
+
+        let encrypted = await EcRsaOaepAsync.encrypt(pk, randomString);
+        let decrypted = await EcRsaOaep.decrypt(ppk, encrypted);
+
+        assert.isTrue(randomString === decrypted, "Decrypted string should match original");
+    });
+
+    it('EcRsaOaepAsync.signSha256/verifySha256 works with generated JWK', async () => {
+        let randomString = EcAes.newIv(256 * 4);
+
+        let signature = await EcRsaOaepAsync.signSha256(ppk, randomString);
+        let verified = await EcRsaOaep.verifySha256(pk, randomString, signature);
+
+        assert.isTrue(verified, "Signature should be successfully verified");
+    });
+});