cassproject 5.0.11 → 5.0.13

package/README.md

@@ -46,10 +46,10 @@ Development unit tests presume you have a CaSS Repository running on `localhost:
 ## Publish checklist
 
   * `npm upgrade --save` Review dependencies, autocomplete version numbers to latest versions.
-  * Increment version number using `npm version <patch|minor|major>`. This automatically updates `package.json` and `yuidoc.json`.
+  * Increment version number using `npm version --no-git-tag-version <patch|minor|major>`. This automatically updates `package.json` and `yuidoc.json`.
   * Update changelog using `npm run changelog`, and review the changes in `CHANGELOG.md`.
   * `npm install`
-  * `npm audit` and fix any audit issues.
+  * `npm audit` and fix any audit issues. Stop if `npm audit --omit=dev` has findings.
   * Update CaSS server version if necessary in package.json
   * `npm test` - Must not fail any tests.
   * `npm run webpack:cypressFirefoxHttps` See if the firefox test case has changed.

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "cassproject",
-	"version": "5.0.11",
+	"version": "5.0.13",
 	"description": "Competency and Skills Service",
 	"main": "index.js",
 	"scripts": {
@@ -10,7 +10,7 @@
 		"multitest": "concurrently --kill-others-on-fail \"npm run test15\" \"npm run test14\" \"npm run test13\" \"npm run test12\"",
 		"testCassTest": "npm run testkill && docker run -d --platform linux/amd64 --network cass-net --name cass-test -p80:80 -e CASS_LOOPBACK cass-test && wait-on http://localhost/api/ping && npm run testNode18 && npm run testNode18Fips && npm run testCypressEdge && npm run testCypress && npm run testkill",
 		"testDevHttps": "npm run testkill && docker run -d --platform linux/amd64 --network cass-net --name cass-test -p443:80 -e CASS_LOOPBACK -e HTTPS=true cassproject/cass:dev && wait-on https://localhost/api/ping && npm run testNode18HttpsFips && npm run testNode18Https && npm run testCypressEdgeHttps && npm run testCypressHttps",
-		"test16HttpsFips": "export CASS_LOOPBACK=https://cass-testsf16/api/|| set CASS_LOOPBACK=https://cass-testsf16/api/&& npm run testkillsf16 && docker run -d --platform linux/amd64 --network cass-net --name cass-testsf16 -p450:443 -e CASS_LOOPBACK -e HTTPS=true cassproject/cass:1.6 && wait-on https://localhost:450/api/ping && concurrently --kill-others-on-fail \"npm run testCypressHttps\" \"npm run testNode24Https\" \"npm run testNode24HttpsFips\" \"npm run testNode24HttpsForceFips\" \"npm run testNode22Https\" \"npm run testNode22HttpsFips\" \"npm run testNode22HttpsForceFips\" \"npm run testNode20Https\" \"npm run testNode20HttpsFips\" \"npm run testNode20HttpsForceFips\" \"npm run testNode18Https\" && npm run testkillsf16",
+		"test16HttpsFips": "export CASS_LOOPBACK=https://cass-testsf16/api/|| set CASS_LOOPBACK=https://cass-testsf16/api/&& npm run testkillsf16 && docker run -d --platform linux/amd64 --network cass-net --name cass-testsf16 -p450:443 -e CASS_LOOPBACK -e HTTPS=true --pull always cassproject/cass:1.6 && wait-on https://localhost:450/api/ping && concurrently --kill-others-on-fail \"npm run testCypressHttps\" \"npm run testNode24Https\" \"npm run testNode24HttpsFips\" \"npm run testNode24HttpsForceFips\" \"npm run testNode22Https\" \"npm run testNode22HttpsFips\" \"npm run testNode22HttpsForceFips\" \"npm run testNode20Https\" \"npm run testNode20HttpsFips\" \"npm run testNode20HttpsForceFips\" \"npm run testNode18Https\" && npm run testkillsf16",
 		"test16Https11Fips": "export CASS_LOOPBACK=https://cass-testsf1116/api/|| set CASS_LOOPBACK=https://cass-testsf1116/api/&& npm run testkillsf1116 && docker run -d --platform linux/amd64 --network cass-net --name cass-testsf1116 -p449:443 -e CASS_LOOPBACK -e HTTPS=true -e HTTP2=false cassproject/cass:1.6 && wait-on https://localhost:449/api/ping && concurrently --kill-others-on-fail \"npm run testCypressHttps\" \"npm run testNode24Https\" \"npm run testNode24HttpsFips\" \"npm run testNode24HttpsForceFips\" \"npm run testNode22Https\" \"npm run testNode22HttpsFips\" \"npm run testNode22HttpsForceFips\" \"npm run testNode20Https\" \"npm run testNode20HttpsFips\" \"npm run testNode20HttpsForceFips\" \"npm run testNode18Https\" && npm run testkillsf1116",
 		"test16Https": "export CASS_LOOPBACK=https://cass-tests16/api/|| set CASS_LOOPBACK=https://cass-tests16/api/&& npm run testkills16 && docker run -d --platform linux/amd64 --network cass-net --name cass-tests16 -p448:443 -e CASS_LOOPBACK -e HTTPS=true cassproject/cass:1.6 && wait-on https://localhost:448/api/ping && concurrently --kill-others-on-fail \"npm run testCypressHttps\" \"npm run testNode24Https\" \"npm run testNode24HttpsFips\" \"npm run testNode22Https\" \"npm run testNode22HttpsFips\" \"npm run testNode20Https\" \"npm run testNode20HttpsFips\" \"npm run testNode18Https\" && npm run testkills16",
 		"test16HttpsNoFips": "export CASS_LOOPBACK=https://cass-tests16/api/|| set CASS_LOOPBACK=https://cass-tests16/api/&& npm run testkills16 && docker run -d --platform linux/amd64 --network cass-net --name cass-tests16 -p448:443 -e CASS_LOOPBACK -e HTTPS=true cassproject/cass:1.6 && wait-on https://localhost:448/api/ping && concurrently --kill-others-on-fail \"npm run testCypressHttps\" \"npm run testNode24Https\" \"npm run testNode22Https\" \"npm run testNode20Https\" \"npm run testNode18Https\" && npm run testkills16",
@@ -82,18 +82,18 @@
 		"autoindex": "nodemon index.js",
 		"autonyc": "nodemon --exec \"npm run nyc\"",
 		"nyc": "nyc --reporter lcov npm run mocha",
-		"mocha": "mocha --timeout 60000 -b src/**/*.test.js",
-		"mochaFips": "mocha -n 'force-fips' --timeout 60000 -b src/**/*.test.js",
-		"mocha:httpsNoHttp2": "export HTTP2=false|| set HTTP2=false&& mocha --timeout 60000 -b src/**/*.test.js",
-		"mocha:https": "export CASS_LOOPBACK=https://localhost/api/|| set CASS_LOOPBACK=https://localhost/api/&& mocha --timeout 60000 -b src/**/*.test.js",
-		"mocha:clientSideCertificates": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha --timeout 60000 -b src/**/*.test.js",
-		"mochaFips:clientSideCertificates": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha -n 'force-fips' --timeout 60000 -b src/**/*.test.js",
-		"mocha:clientSideCertificatesDangerMouse": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha --timeout 60000 -b src/**/*.test.js",
-		"mocha:custom": "export CASS_LOOPBACK=https://tides.eduworks.us/api/|| set CASS_LOOPBACK=https://tides.eduworks.us/api/&& export HTTP2=false|| set HTTP2=false&& mocha --timeout 600000 -b src/**/*.test.js",
-		"mocha:dev": "export CASS_LOOPBACK=https://dev.cassproject.org/api/|| set CASS_LOOPBACK=https://dev.cassproject.org/api/&& export HTTP2=false|| set HTTP2=false&& mocha --timeout 600000 -b src/**/*.test.js",
-		"mocha:demo": "export CASS_LOOPBACK=https://demo.cassproject.org/api/|| set CASS_LOOPBACK=https://demo.cassproject.org/api/&& export HTTP2=false|| set HTTP2=false&& mocha --timeout 600000 -b src/**/*.test.js",
-		"mochaGraph": "mocha --timeout 60000 -b src/com/eduworks/ec/graph/**/*.test.js",
-		"mochaCrypto": "mocha --timeout 60000 -b src/test/*Rsa*.test.js -b src/test/*Aes*.test.js -b src/test/*Crypto*.test.js",
+		"mocha": "mocha --exit --timeout 60000 -b src/**/*.test.js",
+		"mochaFips": "mocha --exit -n 'force-fips' --timeout 60000 -b src/**/*.test.js",
+		"mocha:httpsNoHttp2": "export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 60000 -b src/**/*.test.js",
+		"mocha:https": "export CASS_LOOPBACK=https://localhost/api/|| set CASS_LOOPBACK=https://localhost/api/&& mocha --exit --timeout 60000 -b src/**/*.test.js",
+		"mocha:clientSideCertificates": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 60000 -b src/**/*.test.js",
+		"mochaFips:clientSideCertificates": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha --exit -n 'force-fips' --timeout 60000 -b src/**/*.test.js",
+		"mocha:clientSideCertificatesDangerMouse": "export NODE_EXTRA_CA_CERTS=ca.crt|| set NODE_EXTRA_CA_CERTS=ca.crt&&export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 60000 -b src/**/*.test.js",
+		"mocha:custom": "export CASS_LOOPBACK=https://tides.eduworks.us/api/|| set CASS_LOOPBACK=https://tides.eduworks.us/api/&& export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 600000 -b src/**/*.test.js",
+		"mocha:dev": "export CASS_LOOPBACK=https://dev.cassproject.org/api/|| set CASS_LOOPBACK=https://dev.cassproject.org/api/&& export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 600000 -b src/**/*.test.js",
+		"mocha:demo": "export CASS_LOOPBACK=https://demo.cassproject.org/api/|| set CASS_LOOPBACK=https://demo.cassproject.org/api/&& export HTTP2=false|| set HTTP2=false&& mocha --exit --timeout 600000 -b src/**/*.test.js",
+		"mochaGraph": "mocha --exit --timeout 60000 -b src/com/eduworks/ec/graph/**/*.test.js",
+		"mochaCrypto": "mocha --exit --timeout 60000 -b src/test/*Rsa*.test.js -b src/test/*Aes*.test.js -b src/test/*Crypto*.test.js",
 		"automocha": "nodemon --exec \"npm run mocha\"",
 		"automochaGraph": "nodemon --exec \"npm run mochaGraph\"",
 		"automochaCrypto": "nodemon --exec \"npm run mochaCrypto\"",
@@ -141,13 +141,10 @@
 	],
 	"dependencies": {
 		"base64-arraybuffer": "^1.0.2",
-		"forge": "^2.3.0",
 		"jsonld": "^9.0.0",
-		"node-forge": "^1.3.3",
+		"node-forge": "^1.4.0",
 		"papaparse": "^5.5.3",
-		"pem-jwk": "^2.0.0",
 		"promise-worker": "^2.0.1",
-		"rdf-canonize": "^5.0.0",
 		"web-worker": "1.3.0"
 	},
 	"files": [
@@ -172,25 +169,20 @@
 	},
 	"homepage": "https://github.com/cassproject/cass-npm#readme",
 	"devDependencies": {
-		"@cypress/browserify-preprocessor": "^3.0.2",
-		"@cypress/vite-dev-server": "^7.2.0",
 		"@cypress/webpack-preprocessor": "^7.0.2",
 		"chai": "^4.5.0",
 		"concurrently": "^9.2.1",
-		"convert-hrtime": "^5.0.0",
-		"cypress": "^15.10.0",
+		"cypress": "^15.13.0",
 		"cypress-fail-fast": "^7.1.1",
-		"eslint": "^9.39.3",
+		"eslint": "^10.1.0",
 		"fake-indexeddb": "^6.2.5",
 		"mocha": "^11.7.5",
 		"node-polyfill-webpack-plugin": "^4.1.0",
 		"nodemon": "^3.1.14",
 		"nyc": "^17.1.0",
-		"sinon": "^21.0.1",
-		"url-polyfill": "^1.1.14",
+		"sinon": "^21.0.3",
 		"wait-on": "^9.0.4",
-		"webpack": "^5.105.2",
-		"webpack-cli": "^6.0.1"
+		"webpack": "^5.105.4"
 	},
 	"packageManager": "npm@11.3.0+sha512.96eb611483f49c55f7fa74df61b588de9e213f80a256728e6798ddc67176c7b07e4a1cfc7de8922422cbce02543714367037536955221fa451b0c4fefaf20c66"
 }

package/src/com/eduworks/ec/crypto/EcAes.js

@@ -1,5 +1,7 @@
 const forge = require("node-forge");
 const realCrypto = require('crypto');
+const base64 = require("base64-arraybuffer");
+
 /**
  *  AES encryption tasks common across all variants of AES.
  *  @class EcAes
@@ -16,7 +18,13 @@ module.exports = class EcAes {
 	 */
 	static newSecret = function(i) {
 		if (i == null) throw new Error("Undefined secret length.");
-		return realCrypto.randomBytes(i).toString('base64');
+		let array = new Uint8Array(i);
+		if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+			crypto.getRandomValues(array);
+		} else {
+			realCrypto.webcrypto.getRandomValues(array);
+		}
+		return base64.encode(array.buffer);
 	};
 	/**
 	 *  Generates a random Initialization Vector of length @i
@@ -27,6 +35,12 @@ module.exports = class EcAes {
 	 */
 	static newIv = function(i) {
 		if (i == null) throw new Error("Undefined iv length.");
-		return realCrypto.randomBytes(i).toString('base64');
+		let array = new Uint8Array(i);
+		if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+			crypto.getRandomValues(array);
+		} else {
+			realCrypto.webcrypto.getRandomValues(array);
+		}
+		return base64.encode(array.buffer);
 	};
 };

package/src/com/eduworks/ec/crypto/EcPk.js

@@ -1,4 +1,4 @@
-let pemJwk = require("pem-jwk");
+
 let forge = require("node-forge");
 /**
  *  Helper classes for dealing with RSA Public Keys.
@@ -25,7 +25,7 @@ module.exports = class EcPk {
 	 */
 	static fromPem(pem) {
 		let pk = EcPk.cache[pem];
-		if (pk != null) 
+		if (pk != null)
 			return pk;
 		pk = new EcPk();
 		try {
@@ -69,11 +69,11 @@ module.exports = class EcPk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs1Pem
 	 */
-	toPkcs1Pem = function() {
+	toPkcs1Pem = function () {
 		return forge.pki
 			.publicKeyToRSAPublicKeyPem(this.pk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	/**
 	 *  Encodes the public key into a PEM encoded SubjectPublicKeyInfo (PKCS#8) formatted RSA Public Key.
@@ -82,16 +82,30 @@ module.exports = class EcPk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs8Pem
 	 */
-	toPkcs8Pem = function() {
+	toPkcs8Pem = function () {
 		return forge.pki
 			.publicKeyToPem(this.pk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 
 	toJwk() {
-		if (this.jwk == null)
-			this.jwk = pemJwk.pem2jwk(forge.pki.publicKeyToPem(this.pk));
+		if (this.jwk == null) {
+			const bnToBase64Url = (bn) => {
+				let hex = bn.toString(16);
+				if (hex.length % 2 !== 0) {
+					hex = '0' + hex;
+				}
+				const bytes = forge.util.hexToBytes(hex);
+				const b64 = forge.util.encode64(bytes);
+				return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+			};
+			this.jwk = {
+				kty: "RSA",
+				n: bnToBase64Url(this.pk.n),
+				e: bnToBase64Url(this.pk.e)
+			};
+		}
 		return this.jwk;
 	}
 	/**
@@ -101,7 +115,7 @@ module.exports = class EcPk {
 	 *  @method fingerprint
 	 */
 	fingerprint() {
-		return forge.ssh.getPublicKeyFingerprint(this.pk, {encoding:"hex"});
+		return forge.ssh.getPublicKeyFingerprint(this.pk, { encoding: "hex" });
 	}
 	verify(bytes, decode64) {
 		return this.pk.verify(bytes, decode64);

package/src/com/eduworks/ec/crypto/EcPpk.js

@@ -1,4 +1,4 @@
-let pemJwk = require("pem-jwk");
+
 let forge = require("node-forge");
 let EcPk = require("./EcPk.js");
 require("../../../../org/cassproject/general/AuditLogger.js");
@@ -48,8 +48,8 @@ module.exports = class EcPpk {
 	 *  @static
 	 */
 	static generateKeyAsync(callback) {
-		return new Promise((resolve,reject)=>{
-			forge.pki.rsa.generateKeyPair({workers:-1}, function(err, keypair) {
+		return new Promise((resolve, reject) => {
+			forge.pki.rsa.generateKeyPair({ workers: -1 }, function (err, keypair) {
 				let ppk = new EcPpk();
 				ppk.ppk = keypair.privateKey;
 				if (callback != null)
@@ -66,7 +66,7 @@ module.exports = class EcPpk {
 	 *  @static
 	 */
 	static generateKey() {
-		let keypair = forge.pki.rsa.generateKeyPair({workers:-1}, null);
+		let keypair = forge.pki.rsa.generateKeyPair({ workers: -1 }, null);
 		let ppk = new EcPpk();
 		ppk.ppk = keypair.privateKey;
 		return ppk;
@@ -108,11 +108,11 @@ module.exports = class EcPpk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs1Pem
 	 */
-	toPkcs1Pem = function() {
+	toPkcs1Pem = function () {
 		return forge.pki
 			.privateKeyToPem(this.ppk)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	/**
 	 *  Encodes the private key into a PEM encoded PrivateKeyInfo (PKCS#8) formatted RSA Public Key.
@@ -121,22 +121,42 @@ module.exports = class EcPpk {
 	 *  @return {string} PEM encoded public key without whitespace.
 	 *  @method toPkcs8Pem
 	 */
-	toPkcs8Pem = function() {
+	toPkcs8Pem = function () {
 		return forge.pki
 			.privateKeyInfoToPem(
 				forge.pki.wrapRsaPrivateKey(
 					forge.pki.privateKeyToAsn1(this.ppk)
 				)
 			)
-				.replace(/\r/g, "")
-				.replace(/\n/g, "");
+			.replace(/\r/g, "")
+			.replace(/\n/g, "");
 	};
 	toJwk() {
-		if (this.jwk == null)
-			this.jwk = pemJwk.pem2jwk(forge.pki.privateKeyToPem(this.ppk));
+		if (this.jwk == null) {
+			const bnToBase64Url = (bn) => {
+				let hex = bn.toString(16);
+				if (hex.length % 2 !== 0) {
+					hex = '0' + hex;
+				}
+				const bytes = forge.util.hexToBytes(hex);
+				const b64 = forge.util.encode64(bytes);
+				return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+			};
+			this.jwk = {
+				kty: "RSA",
+				n: bnToBase64Url(this.ppk.n),
+				e: bnToBase64Url(this.ppk.e),
+				d: bnToBase64Url(this.ppk.d),
+				p: bnToBase64Url(this.ppk.p),
+				q: bnToBase64Url(this.ppk.q),
+				dp: bnToBase64Url(this.ppk.dP),
+				dq: bnToBase64Url(this.ppk.dQ),
+				qi: bnToBase64Url(this.ppk.qInv)
+			};
+		}
 		return this.jwk;
 	}
-	toPkcs8 = function() {
+	toPkcs8 = function () {
 		return forge.pki.wrapRsaPrivateKey(
 			forge.pki.privateKeyToAsn1(this.ppk)
 		);
@@ -162,8 +182,7 @@ module.exports = class EcPpk {
 	 */
 	inArray(ppks) {
 		for (let ppk of ppks) {
-			if (ppk.equals(this))
-			{
+			if (ppk.equals(this)) {
 				return true;
 			}
 		}

package/src/org/cass/profile/EcAssertion.js

@@ -19,13 +19,34 @@ module.exports = class EcAssertion extends Assertion {
 	async decrypt(eim) {
 		eim = eim || EcIdentityManager.default;
 		let a = new Assertion().copyFrom(this);
-		a.setSubject(await this.getSubject(eim));
-		a.setAgent(await this.getAgent(eim));
-		a.setAssertionDate(await this.getAssertionDate(eim));
-		a.setExpirationDate(await this.getExpirationDate(eim));
-		a.setEvidence(await this.getEvidences(eim));
-		a.setNegative(await this.getNegative(eim));
-		a.setDecayFunction(await this.getDecayFunction(eim));
+		let subject = this.getSubject(eim);
+		let agent = this.getAgent(eim);
+		let assertionDate = this.getAssertionDate(eim);
+		let expirationDate = this.getExpirationDate(eim);
+		let evidences = this.getEvidences(eim);
+		let negative = this.getNegative(eim);
+		let decayFunction = this.getDecayFunction(eim);
+		subject = await subject;
+		agent = await agent;
+		assertionDate = await assertionDate;
+		expirationDate = await expirationDate;
+		evidences = await evidences;
+		negative = await negative;
+		decayFunction = await decayFunction;
+		if (subject)
+			a.setSubject(subject);
+		if (agent)
+			a.setAgent(agent);
+		if (assertionDate)
+			a.setAssertionDate(assertionDate);
+		if (expirationDate)
+			a.setExpirationDate(expirationDate);
+		if (evidences)
+			a.setEvidence(evidences);
+		if (negative)
+			a.setNegative(negative);
+		if (decayFunction)
+			a.setDecayFunction(decayFunction);
 		a.setCompetency(this.competency);
 		a.setLevel(this.level);
 		a.setConfidence(this.confidence);

package/src/org/cassproject/schema/cass/profile/Assertion.js

@@ -246,13 +246,13 @@ module.exports = class Assertion extends schema.CreativeWork {
 		success(this.decayFunction);
 	}
 	getNegative() {
-		return "true".equals(this.negative);
+		return "true".equals(this.negative) | this.negative === true;
 	}
 	setNegative(negativeB) {
 		this.negative = negativeB;
 	}
 	getNegativeAsync(success, failure) {
-		success("true".equals(this.negative));
+		success("true".equals(this.negative) | this.negative === true);
 	}
 	setCompetency(competencyUrl) {
 		this.competency = competencyUrl;

package/src/test/1.EcCrypto.jwk.test.js

@@ -0,0 +1,63 @@
+let EcPpk = require("../com/eduworks/ec/crypto/EcPpk.js");
+let EcRsaOaepAsync = require("../com/eduworks/ec/crypto/EcRsaOaepAsync.js");
+let EcRsaOaep = require("../com/eduworks/ec/crypto/EcRsaOaep.js");
+let EcAes = require("../com/eduworks/ec/crypto/EcAes.js");
+let chai = require("chai");
+
+let assert = chai.assert;
+
+describe("EcCrypto JWK", () => {
+    let ppk = null;
+    let pk = null;
+
+    before(async function () {
+        this.timeout(10000);
+        ppk = await EcPpk.generateKeyAsync();
+        pk = ppk.toPk();
+    });
+
+    it('EcPpk.toJwk is valid', () => {
+        let jwk = ppk.toJwk();
+        assert.isNotNull(jwk);
+        assert.isObject(jwk);
+        assert.equal(jwk.kty, "RSA");
+        assert.isString(jwk.n);
+        assert.isString(jwk.e);
+        assert.isString(jwk.d);
+        assert.isString(jwk.p);
+        assert.isString(jwk.q);
+    });
+
+    it('EcPk.toJwk is valid', () => {
+        let jwk = pk.toJwk();
+        assert.isNotNull(jwk);
+        assert.isObject(jwk);
+        assert.equal(jwk.kty, "RSA");
+        assert.isString(jwk.n);
+        assert.isString(jwk.e);
+        assert.isUndefined(jwk.d);
+    });
+
+    it('EcRsaOaepAsync.encrypt/decrypt works with generated JWK', async () => {
+        let randomString = EcAes.newIv(256).substring(0, 190);
+
+        // The verify functions in EcRsaOaepAsync automatically use toJwk() 
+        // behind the scenes when ppk.key is null, so by passing our newly 
+        // generated keys, we are implicitly testing that the JWK format generated 
+        // by `.toJwk()` is perfectly valid for use with crypto.subtle.
+
+        let encrypted = await EcRsaOaepAsync.encrypt(pk, randomString);
+        let decrypted = await EcRsaOaep.decrypt(ppk, encrypted);
+
+        assert.isTrue(randomString === decrypted, "Decrypted string should match original");
+    });
+
+    it('EcRsaOaepAsync.signSha256/verifySha256 works with generated JWK', async () => {
+        let randomString = EcAes.newIv(256 * 4);
+
+        let signature = await EcRsaOaepAsync.signSha256(ppk, randomString);
+        let verified = await EcRsaOaep.verifySha256(pk, randomString, signature);
+
+        assert.isTrue(verified, "Signature should be successfully verified");
+    });
+});