jsonauthtoken 3.0.1 → 3.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,30 +1,31 @@
|
|
|
1
1
|
export declare class NodeCrypto {
|
|
2
|
-
|
|
2
|
+
private crypto;
|
|
3
|
+
private __init;
|
|
3
4
|
private _encrypt;
|
|
4
5
|
private _decrypt;
|
|
5
6
|
private _rsaPublicKeyGeneration;
|
|
6
7
|
private _rsaPrivatePublicKeyGeneration;
|
|
7
|
-
encrypt(algo: 'aes-256-gcm', key: string, payload: any, exp: number): string
|
|
8
|
+
encrypt(algo: 'aes-256-gcm', key: string, payload: any, exp: number): Promise<string>;
|
|
8
9
|
decrypt<T>(algo: 'aes-256-gcm', key: string, encryptedData: {
|
|
9
10
|
iv: string;
|
|
10
11
|
encrypted: string;
|
|
11
12
|
tag: string;
|
|
12
|
-
}): {
|
|
13
|
+
}): Promise<{
|
|
13
14
|
payload: T;
|
|
14
15
|
exp: number;
|
|
15
|
-
}
|
|
16
|
-
encryptRSA(payload: any, publicKey: string, exp: number): string
|
|
16
|
+
}>;
|
|
17
|
+
encryptRSA(payload: any, publicKey: string, exp: number): Promise<string>;
|
|
17
18
|
decryptRSA<T>(privateKey: string, encryptedKey: string, encryptedData: {
|
|
18
19
|
iv: string;
|
|
19
20
|
encrypted: string;
|
|
20
21
|
tag: string;
|
|
21
|
-
}): {
|
|
22
|
+
}): Promise<{
|
|
22
23
|
payload: T;
|
|
23
24
|
exp: number;
|
|
24
|
-
}
|
|
25
|
-
rsaPrivatePublicKeyGeneration(): {
|
|
25
|
+
}>;
|
|
26
|
+
rsaPrivatePublicKeyGeneration(): Promise<{
|
|
26
27
|
privateKey: string;
|
|
27
28
|
publicKey: string;
|
|
28
|
-
}
|
|
29
|
-
rsaPublicKeyGeneration(privateKeyPem: string): string | Buffer<ArrayBufferLike
|
|
29
|
+
}>;
|
|
30
|
+
rsaPublicKeyGeneration(privateKeyPem: string): Promise<string | Buffer<ArrayBufferLike>>;
|
|
30
31
|
}
|
|
@@ -1,17 +1,50 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
5
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
36
|
exports.NodeCrypto = void 0;
|
|
7
|
-
const crypto_1 = __importDefault(require("crypto"));
|
|
8
37
|
const functions_lib_1 = require("../lib/functions.lib");
|
|
9
38
|
class NodeCrypto {
|
|
10
|
-
|
|
39
|
+
crypto;
|
|
40
|
+
async __init() {
|
|
41
|
+
if (!this.crypto) {
|
|
42
|
+
return await Promise.resolve().then(() => __importStar(require('crypto')));
|
|
43
|
+
}
|
|
11
44
|
}
|
|
12
45
|
_encrypt(algorithm, key, payload) {
|
|
13
|
-
const iv =
|
|
14
|
-
const cipher =
|
|
46
|
+
const iv = this.crypto.randomBytes(12);
|
|
47
|
+
const cipher = this.crypto.createCipheriv(algorithm, key, iv);
|
|
15
48
|
const data = JSON.stringify(payload);
|
|
16
49
|
let encrypted = cipher.update(data, 'utf8', 'base64');
|
|
17
50
|
encrypted += cipher.final('base64');
|
|
@@ -24,23 +57,23 @@ class NodeCrypto {
|
|
|
24
57
|
}
|
|
25
58
|
_decrypt(algorithm, key, encryptedData) {
|
|
26
59
|
const { iv, encrypted, tag } = encryptedData;
|
|
27
|
-
const decipher =
|
|
60
|
+
const decipher = this.crypto.createDecipheriv(algorithm, key, Buffer.from(iv, 'base64'));
|
|
28
61
|
decipher.setAuthTag(Buffer.from(tag, 'base64'));
|
|
29
62
|
let decrypted = decipher.update(encrypted, 'base64', 'utf8');
|
|
30
63
|
decrypted += decipher.final('utf8');
|
|
31
64
|
return JSON.parse(decrypted);
|
|
32
65
|
}
|
|
33
66
|
_rsaPublicKeyGeneration(privateKeyPem) {
|
|
34
|
-
const privateKeyObject =
|
|
67
|
+
const privateKeyObject = this.crypto.createPrivateKey({
|
|
35
68
|
key: privateKeyPem.replace(/\\n/g, '\n'),
|
|
36
69
|
format: 'pem',
|
|
37
70
|
type: 'pkcs8'
|
|
38
71
|
});
|
|
39
|
-
const publicKeyObject =
|
|
72
|
+
const publicKeyObject = this.crypto.createPublicKey(privateKeyObject);
|
|
40
73
|
return publicKeyObject.export({ type: 'spki', format: 'pem' });
|
|
41
74
|
}
|
|
42
75
|
_rsaPrivatePublicKeyGeneration() {
|
|
43
|
-
const { publicKey, privateKey } =
|
|
76
|
+
const { publicKey, privateKey } = this.crypto.generateKeyPairSync('rsa', {
|
|
44
77
|
modulusLength: 2048,
|
|
45
78
|
publicKeyEncoding: {
|
|
46
79
|
type: 'spki',
|
|
@@ -53,8 +86,9 @@ class NodeCrypto {
|
|
|
53
86
|
});
|
|
54
87
|
return { privateKey, publicKey };
|
|
55
88
|
}
|
|
56
|
-
encrypt(algo, key, payload, exp) {
|
|
57
|
-
|
|
89
|
+
async encrypt(algo, key, payload, exp) {
|
|
90
|
+
await this.__init();
|
|
91
|
+
const keyHash = this.crypto.createHash('sha256').update(key).digest();
|
|
58
92
|
const newPayload = { payload: payload, exp: exp };
|
|
59
93
|
const { iv, encrypted, tag } = this._encrypt(algo, keyHash, newPayload);
|
|
60
94
|
return (0, functions_lib_1.tokenFormatCreate)({
|
|
@@ -66,17 +100,19 @@ class NodeCrypto {
|
|
|
66
100
|
tag
|
|
67
101
|
}, encrypted);
|
|
68
102
|
}
|
|
69
|
-
decrypt(algo, key, encryptedData) {
|
|
70
|
-
|
|
103
|
+
async decrypt(algo, key, encryptedData) {
|
|
104
|
+
await this.__init();
|
|
105
|
+
const keyHash = this.crypto.createHash('sha256').update(key).digest();
|
|
71
106
|
return this._decrypt(algo, keyHash, encryptedData);
|
|
72
107
|
}
|
|
73
|
-
encryptRSA(payload, publicKey, exp) {
|
|
74
|
-
|
|
108
|
+
async encryptRSA(payload, publicKey, exp) {
|
|
109
|
+
await this.__init();
|
|
110
|
+
const symmetricKey = this.crypto.randomBytes(32);
|
|
75
111
|
const newPayload = { payload: payload, exp: exp };
|
|
76
112
|
const { iv, encrypted, tag } = this._encrypt('aes-256-gcm', symmetricKey, newPayload);
|
|
77
|
-
const encryptedSymmetricKey =
|
|
113
|
+
const encryptedSymmetricKey = this.crypto.publicEncrypt({
|
|
78
114
|
key: publicKey,
|
|
79
|
-
padding:
|
|
115
|
+
padding: this.crypto.constants.RSA_PKCS1_OAEP_PADDING,
|
|
80
116
|
oaepHash: 'sha256'
|
|
81
117
|
}, symmetricKey);
|
|
82
118
|
return (0, functions_lib_1.tokenFormatCreate)({
|
|
@@ -89,18 +125,21 @@ class NodeCrypto {
|
|
|
89
125
|
encryptedKey: encryptedSymmetricKey.toString('base64')
|
|
90
126
|
}, encrypted);
|
|
91
127
|
}
|
|
92
|
-
decryptRSA(privateKey, encryptedKey, encryptedData) {
|
|
93
|
-
|
|
128
|
+
async decryptRSA(privateKey, encryptedKey, encryptedData) {
|
|
129
|
+
await this.__init();
|
|
130
|
+
const decryptedSymmetricKey = this.crypto.privateDecrypt({
|
|
94
131
|
key: privateKey,
|
|
95
|
-
padding:
|
|
132
|
+
padding: this.crypto.constants.RSA_PKCS1_OAEP_PADDING,
|
|
96
133
|
oaepHash: 'sha256'
|
|
97
134
|
}, Buffer.from(encryptedKey, 'base64'));
|
|
98
135
|
return this._decrypt('aes-256-gcm', decryptedSymmetricKey, encryptedData);
|
|
99
136
|
}
|
|
100
|
-
rsaPrivatePublicKeyGeneration() {
|
|
137
|
+
async rsaPrivatePublicKeyGeneration() {
|
|
138
|
+
await this.__init();
|
|
101
139
|
return this._rsaPrivatePublicKeyGeneration();
|
|
102
140
|
}
|
|
103
|
-
rsaPublicKeyGeneration(privateKeyPem) {
|
|
141
|
+
async rsaPublicKeyGeneration(privateKeyPem) {
|
|
142
|
+
await this.__init();
|
|
104
143
|
return this._rsaPublicKeyGeneration(privateKeyPem);
|
|
105
144
|
}
|
|
106
145
|
}
|
package/dist/runtime/runtime.js
CHANGED
|
@@ -65,13 +65,13 @@ class RuntimeCrypto {
|
|
|
65
65
|
if (algoData.value !== 'ras+a256gcm') {
|
|
66
66
|
throw new Error(`Algorithm ${algoData.name} is not supported for asymmetric encryption`);
|
|
67
67
|
}
|
|
68
|
-
return this.node.encryptRSA(payload, key, exp);
|
|
68
|
+
return await this.node.encryptRSA(payload, key, exp);
|
|
69
69
|
}
|
|
70
70
|
else {
|
|
71
71
|
if (algoData.value !== 'aes-256-gcm') {
|
|
72
72
|
throw new Error(`Algorithm ${algoData.name} is not supported for symmetric encryption`);
|
|
73
73
|
}
|
|
74
|
-
return this.node.encrypt(algoData.value, key, payload, exp);
|
|
74
|
+
return await this.node.encrypt(algoData.value, key, payload, exp);
|
|
75
75
|
}
|
|
76
76
|
}
|
|
77
77
|
else {
|
|
@@ -101,13 +101,13 @@ class RuntimeCrypto {
|
|
|
101
101
|
if (algo !== 'RSA+A256GCM') {
|
|
102
102
|
throw new Error(`Algorithm ${algo} is not supported for asymmetric encryption`);
|
|
103
103
|
}
|
|
104
|
-
return this.node.decryptRSA(key, encryptedKey, { iv, encrypted, tag });
|
|
104
|
+
return await this.node.decryptRSA(key, encryptedKey, { iv, encrypted, tag });
|
|
105
105
|
}
|
|
106
106
|
else {
|
|
107
107
|
if (algo !== 'AES-256-GCM') {
|
|
108
108
|
throw new Error(`Algorithm ${algo} is not supported for symmetric encryption`);
|
|
109
109
|
}
|
|
110
|
-
return this.node.decrypt("aes-256-gcm", key, { iv, encrypted, tag });
|
|
110
|
+
return await this.node.decrypt("aes-256-gcm", key, { iv, encrypted, tag });
|
|
111
111
|
}
|
|
112
112
|
}
|
|
113
113
|
else {
|
|
@@ -129,12 +129,12 @@ class RuntimeCrypto {
|
|
|
129
129
|
await this.getModule(runtime);
|
|
130
130
|
if (runtime === 'node') {
|
|
131
131
|
if (type === 'keyPair') {
|
|
132
|
-
return this.node.rsaPrivatePublicKeyGeneration();
|
|
132
|
+
return await this.node.rsaPrivatePublicKeyGeneration();
|
|
133
133
|
}
|
|
134
134
|
else {
|
|
135
135
|
if (!privateKeyPem)
|
|
136
136
|
throw new Error('privateKeyPem is required');
|
|
137
|
-
return this.node.rsaPublicKeyGeneration(privateKeyPem);
|
|
137
|
+
return await this.node.rsaPublicKeyGeneration(privateKeyPem);
|
|
138
138
|
}
|
|
139
139
|
}
|
|
140
140
|
else {
|