diff --git a/docs/classes/jws_compact_sign.CompactSign.md b/docs/classes/jws_compact_sign.CompactSign.md index 0567a92eb3..7572509c37 100644 --- a/docs/classes/jws_compact_sign.CompactSign.md +++ b/docs/classes/jws_compact_sign.CompactSign.md @@ -80,7 +80,7 @@ Signs and resolves the value of the Compact JWS string. | Name | Type | Description | | :------ | :------ | :------ | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Private Key or Secret to sign the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Private Key or Secret to sign the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`SignOptions`](../interfaces/types.SignOptions.md) | JWS Sign options. | #### Returns diff --git a/docs/classes/jws_flattened_sign.FlattenedSign.md b/docs/classes/jws_flattened_sign.FlattenedSign.md index 113e6be146..0ac55e29d2 100644 --- a/docs/classes/jws_flattened_sign.FlattenedSign.md +++ b/docs/classes/jws_flattened_sign.FlattenedSign.md @@ -99,7 +99,7 @@ Signs and resolves the value of the Flattened JWS object. | Name | Type | Description | | :------ | :------ | :------ | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Private Key or Secret to sign the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Private Key or Secret to sign the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`SignOptions`](../interfaces/types.SignOptions.md) | JWS Sign options. | #### Returns diff --git a/docs/classes/jws_general_sign.GeneralSign.md b/docs/classes/jws_general_sign.GeneralSign.md index d58b625050..75ac3a5ea1 100644 --- a/docs/classes/jws_general_sign.GeneralSign.md +++ b/docs/classes/jws_general_sign.GeneralSign.md @@ -65,7 +65,7 @@ Adds an additional signature for the General JWS object. | Name | Type | Description | | :------ | :------ | :------ | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Private Key or Secret to sign the individual JWS signature with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Private Key or Secret to sign the individual JWS signature with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`SignOptions`](../interfaces/types.SignOptions.md) | JWS Sign options. | #### Returns diff --git a/docs/classes/jwt_sign.SignJWT.md b/docs/classes/jwt_sign.SignJWT.md index f72d688eb5..958aa75dff 100644 --- a/docs/classes/jwt_sign.SignJWT.md +++ b/docs/classes/jwt_sign.SignJWT.md @@ -354,7 +354,7 @@ Signs and returns the JWT. | Name | Type | Description | | :------ | :------ | :------ | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Private Key or Secret to sign the JWT with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Private Key or Secret to sign the JWT with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`SignOptions`](../interfaces/types.SignOptions.md) | JWT Sign options. | #### Returns diff --git a/docs/functions/jws_compact_verify.compactVerify.md b/docs/functions/jws_compact_verify.compactVerify.md index 8e99b4d731..f698593212 100644 --- a/docs/functions/jws_compact_verify.compactVerify.md +++ b/docs/functions/jws_compact_verify.compactVerify.md @@ -18,7 +18,7 @@ as from its subpath export `'jose/jws/compact/verify'`. | Name | Type | Description | | :------ | :------ | :------ | | `jws` | `string` \| [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) | Compact JWS. | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`VerifyOptions`](../interfaces/types.VerifyOptions.md) | JWS Verify options. | #### Returns diff --git a/docs/functions/jws_flattened_verify.flattenedVerify.md b/docs/functions/jws_flattened_verify.flattenedVerify.md index 7028b32bd8..1f4386b5e6 100644 --- a/docs/functions/jws_flattened_verify.flattenedVerify.md +++ b/docs/functions/jws_flattened_verify.flattenedVerify.md @@ -18,7 +18,7 @@ as from its subpath export `'jose/jws/flattened/verify'`. | Name | Type | Description | | :------ | :------ | :------ | | `jws` | [`FlattenedJWSInput`](../interfaces/types.FlattenedJWSInput.md) | Flattened JWS. | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`VerifyOptions`](../interfaces/types.VerifyOptions.md) | JWS Verify options. | #### Returns diff --git a/docs/functions/jws_general_verify.generalVerify.md b/docs/functions/jws_general_verify.generalVerify.md index 453985a04e..9bd029a433 100644 --- a/docs/functions/jws_general_verify.generalVerify.md +++ b/docs/functions/jws_general_verify.generalVerify.md @@ -18,7 +18,7 @@ as from its subpath export `'jose/jws/general/verify'`. | Name | Type | Description | | :------ | :------ | :------ | | `jws` | [`GeneralJWSInput`](../interfaces/types.GeneralJWSInput.md) | General JWS. | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Key to verify the JWS with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`VerifyOptions`](../interfaces/types.VerifyOptions.md) | JWS Verify options. | #### Returns diff --git a/docs/functions/jwt_verify.jwtVerify.md b/docs/functions/jwt_verify.jwtVerify.md index a5fb1ef452..057a487384 100644 --- a/docs/functions/jwt_verify.jwtVerify.md +++ b/docs/functions/jwt_verify.jwtVerify.md @@ -25,7 +25,7 @@ as from its subpath export `'jose/jwt/verify'`. | Name | Type | Description | | :------ | :------ | :------ | | `jwt` | `string` \| [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) | JSON Web Token value (encoded as JWS). | -| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) | Key to verify the JWT with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | +| `key` | [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](../interfaces/types.JWK.md) | Key to verify the JWT with. See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210#jws-alg). | | `options?` | [`JWTVerifyOptions`](../interfaces/jwt_verify.JWTVerifyOptions.md) | JWT Decryption and JWT Claims Set validation options. | #### Returns diff --git a/docs/interfaces/jws_compact_verify.CompactVerifyGetKey.md b/docs/interfaces/jws_compact_verify.CompactVerifyGetKey.md index fe16b69398..d9ad380085 100644 --- a/docs/interfaces/jws_compact_verify.CompactVerifyGetKey.md +++ b/docs/interfaces/jws_compact_verify.CompactVerifyGetKey.md @@ -17,7 +17,7 @@ verified at the time of this function call. ### CompactVerifyGetKey -▸ **CompactVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +▸ **CompactVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> Dynamic key resolution function. No token components have been verified at the time of this function call. @@ -33,4 +33,4 @@ If you cannot match a key suitable for the token, throw an error instead. #### Returns -[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> diff --git a/docs/interfaces/jws_flattened_verify.FlattenedVerifyGetKey.md b/docs/interfaces/jws_flattened_verify.FlattenedVerifyGetKey.md index dcfb189e8c..05a7dc785e 100644 --- a/docs/interfaces/jws_flattened_verify.FlattenedVerifyGetKey.md +++ b/docs/interfaces/jws_flattened_verify.FlattenedVerifyGetKey.md @@ -17,7 +17,7 @@ verified at the time of this function call. ### FlattenedVerifyGetKey -▸ **FlattenedVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +▸ **FlattenedVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> Dynamic key resolution function. No token components have been verified at the time of this function call. @@ -33,4 +33,4 @@ If you cannot match a key suitable for the token, throw an error instead. #### Returns -[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> diff --git a/docs/interfaces/jws_general_sign.Signature.md b/docs/interfaces/jws_general_sign.Signature.md index 060bfcbcca..2a4adb010c 100644 --- a/docs/interfaces/jws_general_sign.Signature.md +++ b/docs/interfaces/jws_general_sign.Signature.md @@ -28,7 +28,7 @@ A shorthand for calling addSignature() on the enclosing GeneralSign instance | Name | Type | | :------ | :------ | -| `...args` | [key: Uint8Array \| KeyLike, options?: SignOptions] | +| `...args` | [key: Uint8Array \| KeyLike \| JWK, options?: SignOptions] | #### Returns diff --git a/docs/interfaces/jws_general_verify.GeneralVerifyGetKey.md b/docs/interfaces/jws_general_verify.GeneralVerifyGetKey.md index e8dc526cb7..d19dfb03a2 100644 --- a/docs/interfaces/jws_general_verify.GeneralVerifyGetKey.md +++ b/docs/interfaces/jws_general_verify.GeneralVerifyGetKey.md @@ -17,7 +17,7 @@ verified at the time of this function call. ### GeneralVerifyGetKey -▸ **GeneralVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +▸ **GeneralVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> Dynamic key resolution function. No token components have been verified at the time of this function call. @@ -33,4 +33,4 @@ If you cannot match a key suitable for the token, throw an error instead. #### Returns -[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> diff --git a/docs/interfaces/jwt_verify.JWTVerifyGetKey.md b/docs/interfaces/jwt_verify.JWTVerifyGetKey.md index 0f57571cfb..ba8d7d669e 100644 --- a/docs/interfaces/jwt_verify.JWTVerifyGetKey.md +++ b/docs/interfaces/jwt_verify.JWTVerifyGetKey.md @@ -17,7 +17,7 @@ the time of this function call. ### JWTVerifyGetKey -▸ **JWTVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +▸ **JWTVerifyGetKey**(`protectedHeader`, `token`): [`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> Dynamic key resolution function. No token components have been verified at the time of this function call. @@ -33,4 +33,4 @@ If you cannot match a key suitable for the token, throw an error instead. #### Returns -[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md)\> +[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md) \| [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`Uint8Array`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array ) \| [`KeyLike`](../types/types.KeyLike.md) \| [`JWK`](types.JWK.md)\> diff --git a/docs/interfaces/types.CompactJWEHeaderParameters.md b/docs/interfaces/types.CompactJWEHeaderParameters.md index 4e89bbcfb9..6a09a8ab0e 100644 --- a/docs/interfaces/types.CompactJWEHeaderParameters.md +++ b/docs/interfaces/types.CompactJWEHeaderParameters.md @@ -69,7 +69,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/interfaces/types.CompactJWSHeaderParameters.md b/docs/interfaces/types.CompactJWSHeaderParameters.md index 568794318c..d1b18d960c 100644 --- a/docs/interfaces/types.CompactJWSHeaderParameters.md +++ b/docs/interfaces/types.CompactJWSHeaderParameters.md @@ -69,7 +69,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/interfaces/types.JWEHeaderParameters.md b/docs/interfaces/types.JWEHeaderParameters.md index 0833ca428c..cdb672bb89 100644 --- a/docs/interfaces/types.JWEHeaderParameters.md +++ b/docs/interfaces/types.JWEHeaderParameters.md @@ -69,7 +69,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/interfaces/types.JWK.md b/docs/interfaces/types.JWK.md index 87a8ef4c7e..d48c2f80d2 100644 --- a/docs/interfaces/types.JWK.md +++ b/docs/interfaces/types.JWK.md @@ -13,6 +13,7 @@ key types are supported. ### Properties +- [kty](types.JWK.md#kty) - [alg](types.JWK.md#alg) - [crv](types.JWK.md#crv) - [d](types.JWK.md#d) @@ -23,7 +24,6 @@ key types are supported. - [k](types.JWK.md#k) - [key\_ops](types.JWK.md#key_ops) - [kid](types.JWK.md#kid) -- [kty](types.JWK.md#kty) - [n](types.JWK.md#n) - [oth](types.JWK.md#oth) - [p](types.JWK.md#p) @@ -39,6 +39,14 @@ key types are supported. ## Properties +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + ### alg • `Optional` **alg**: `string` @@ -51,30 +59,43 @@ ___ • `Optional` **crv**: `string` +- (EC) Curve +- (OKP) The Subtype of Key Pair + ___ ### d • `Optional` **d**: `string` +- (Private RSA) Private Exponent +- (Private EC) ECC Private Key +- (Private OKP) The Private Key + ___ ### dp • `Optional` **dp**: `string` +(Private RSA) First Factor CRT Exponent + ___ ### dq • `Optional` **dq**: `string` +(Private RSA) Second Factor CRT Exponent + ___ ### e • `Optional` **e**: `string` +(RSA) Exponent + ___ ### ext @@ -89,6 +110,8 @@ ___ • `Optional` **k**: `string` +(oct) Key Value + ___ ### key\_ops @@ -107,42 +130,44 @@ JWK "kid" (Key ID) Parameter. ___ -### kty - -• `Optional` **kty**: `string` - -JWK "kty" (Key Type) Parameter. - -___ - ### n • `Optional` **n**: `string` +(RSA) Modulus + ___ ### oth • `Optional` **oth**: \{ `d?`: `string` ; `r?`: `string` ; `t?`: `string` }[] +(Private RSA) Other Primes Info. This parameter is not supported. + ___ ### p • `Optional` **p**: `string` +(Private RSA) First Prime Factor + ___ ### q • `Optional` **q**: `string` +(Private RSA) Second Prime Factor + ___ ### qi • `Optional` **qi**: `string` +(Private RSA) First CRT Coefficient + ___ ### use @@ -157,6 +182,9 @@ ___ • `Optional` **x**: `string` +- (EC) X Coordinate +- (OKP) The public key + ___ ### x5c @@ -194,3 +222,5 @@ ___ ### y • `Optional` **y**: `string` + +(EC) Y Coordinate diff --git a/docs/interfaces/types.JWKParameters.md b/docs/interfaces/types.JWKParameters.md new file mode 100644 index 0000000000..c03415b30e --- /dev/null +++ b/docs/interfaces/types.JWKParameters.md @@ -0,0 +1,104 @@ +# Interface: JWKParameters + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Generic JSON Web Key Parameters. + +## Table of contents + +### Properties + +- [kty](types.JWKParameters.md#kty) +- [alg](types.JWKParameters.md#alg) +- [ext](types.JWKParameters.md#ext) +- [key\_ops](types.JWKParameters.md#key_ops) +- [kid](types.JWKParameters.md#kid) +- [use](types.JWKParameters.md#use) +- [x5c](types.JWKParameters.md#x5c) +- [x5t](types.JWKParameters.md#x5t) +- [x5t#S256](types.JWKParameters.md#x5t#s256) +- [x5u](types.JWKParameters.md#x5u) + +## Properties + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_EC_Private.md b/docs/interfaces/types.JWK_EC_Private.md new file mode 100644 index 0000000000..2947f9f7c8 --- /dev/null +++ b/docs/interfaces/types.JWK_EC_Private.md @@ -0,0 +1,140 @@ +# Interface: JWK\_EC\_Private + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Private EC JSON Web Keys + +## Table of contents + +### Properties + +- [crv](types.JWK_EC_Private.md#crv) +- [d](types.JWK_EC_Private.md#d) +- [kty](types.JWK_EC_Private.md#kty) +- [x](types.JWK_EC_Private.md#x) +- [y](types.JWK_EC_Private.md#y) +- [alg](types.JWK_EC_Private.md#alg) +- [ext](types.JWK_EC_Private.md#ext) +- [key\_ops](types.JWK_EC_Private.md#key_ops) +- [kid](types.JWK_EC_Private.md#kid) +- [use](types.JWK_EC_Private.md#use) +- [x5c](types.JWK_EC_Private.md#x5c) +- [x5t](types.JWK_EC_Private.md#x5t) +- [x5t#S256](types.JWK_EC_Private.md#x5t#s256) +- [x5u](types.JWK_EC_Private.md#x5u) + +## Properties + +### crv + +• **crv**: `string` + +Curve + +___ + +### d + +• **d**: `string` + +ECC Private Key + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### x + +• **x**: `string` + +X Coordinate + +___ + +### y + +• **y**: `string` + +Y Coordinate + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_EC_Public.md b/docs/interfaces/types.JWK_EC_Public.md new file mode 100644 index 0000000000..e154527001 --- /dev/null +++ b/docs/interfaces/types.JWK_EC_Public.md @@ -0,0 +1,131 @@ +# Interface: JWK\_EC\_Public + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Public EC JSON Web Keys + +## Table of contents + +### Properties + +- [crv](types.JWK_EC_Public.md#crv) +- [kty](types.JWK_EC_Public.md#kty) +- [x](types.JWK_EC_Public.md#x) +- [y](types.JWK_EC_Public.md#y) +- [alg](types.JWK_EC_Public.md#alg) +- [ext](types.JWK_EC_Public.md#ext) +- [key\_ops](types.JWK_EC_Public.md#key_ops) +- [kid](types.JWK_EC_Public.md#kid) +- [use](types.JWK_EC_Public.md#use) +- [x5c](types.JWK_EC_Public.md#x5c) +- [x5t](types.JWK_EC_Public.md#x5t) +- [x5t#S256](types.JWK_EC_Public.md#x5t#s256) +- [x5u](types.JWK_EC_Public.md#x5u) + +## Properties + +### crv + +• **crv**: `string` + +Curve + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### x + +• **x**: `string` + +X Coordinate + +___ + +### y + +• **y**: `string` + +Y Coordinate + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_OKP_Private.md b/docs/interfaces/types.JWK_OKP_Private.md new file mode 100644 index 0000000000..533ec9097b --- /dev/null +++ b/docs/interfaces/types.JWK_OKP_Private.md @@ -0,0 +1,131 @@ +# Interface: JWK\_OKP\_Private + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Private OKP JSON Web Keys + +## Table of contents + +### Properties + +- [crv](types.JWK_OKP_Private.md#crv) +- [d](types.JWK_OKP_Private.md#d) +- [kty](types.JWK_OKP_Private.md#kty) +- [x](types.JWK_OKP_Private.md#x) +- [alg](types.JWK_OKP_Private.md#alg) +- [ext](types.JWK_OKP_Private.md#ext) +- [key\_ops](types.JWK_OKP_Private.md#key_ops) +- [kid](types.JWK_OKP_Private.md#kid) +- [use](types.JWK_OKP_Private.md#use) +- [x5c](types.JWK_OKP_Private.md#x5c) +- [x5t](types.JWK_OKP_Private.md#x5t) +- [x5t#S256](types.JWK_OKP_Private.md#x5t#s256) +- [x5u](types.JWK_OKP_Private.md#x5u) + +## Properties + +### crv + +• **crv**: `string` + +The Subtype of Key Pair + +___ + +### d + +• **d**: `string` + +The Private Key + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### x + +• **x**: `string` + +The public key + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_OKP_Public.md b/docs/interfaces/types.JWK_OKP_Public.md new file mode 100644 index 0000000000..fbefba90d4 --- /dev/null +++ b/docs/interfaces/types.JWK_OKP_Public.md @@ -0,0 +1,122 @@ +# Interface: JWK\_OKP\_Public + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Public OKP JSON Web Keys + +## Table of contents + +### Properties + +- [crv](types.JWK_OKP_Public.md#crv) +- [kty](types.JWK_OKP_Public.md#kty) +- [x](types.JWK_OKP_Public.md#x) +- [alg](types.JWK_OKP_Public.md#alg) +- [ext](types.JWK_OKP_Public.md#ext) +- [key\_ops](types.JWK_OKP_Public.md#key_ops) +- [kid](types.JWK_OKP_Public.md#kid) +- [use](types.JWK_OKP_Public.md#use) +- [x5c](types.JWK_OKP_Public.md#x5c) +- [x5t](types.JWK_OKP_Public.md#x5t) +- [x5t#S256](types.JWK_OKP_Public.md#x5t#s256) +- [x5u](types.JWK_OKP_Public.md#x5u) + +## Properties + +### crv + +• **crv**: `string` + +The Subtype of Key Pair + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### x + +• **x**: `string` + +The public key + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_RSA_Private.md b/docs/interfaces/types.JWK_RSA_Private.md new file mode 100644 index 0000000000..e0d8e5625d --- /dev/null +++ b/docs/interfaces/types.JWK_RSA_Private.md @@ -0,0 +1,185 @@ +# Interface: JWK\_RSA\_Private + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Private RSA JSON Web Keys + +## Table of contents + +### Properties + +- [d](types.JWK_RSA_Private.md#d) +- [dp](types.JWK_RSA_Private.md#dp) +- [dq](types.JWK_RSA_Private.md#dq) +- [e](types.JWK_RSA_Private.md#e) +- [kty](types.JWK_RSA_Private.md#kty) +- [n](types.JWK_RSA_Private.md#n) +- [p](types.JWK_RSA_Private.md#p) +- [q](types.JWK_RSA_Private.md#q) +- [qi](types.JWK_RSA_Private.md#qi) +- [alg](types.JWK_RSA_Private.md#alg) +- [ext](types.JWK_RSA_Private.md#ext) +- [key\_ops](types.JWK_RSA_Private.md#key_ops) +- [kid](types.JWK_RSA_Private.md#kid) +- [oth](types.JWK_RSA_Private.md#oth) +- [use](types.JWK_RSA_Private.md#use) +- [x5c](types.JWK_RSA_Private.md#x5c) +- [x5t](types.JWK_RSA_Private.md#x5t) +- [x5t#S256](types.JWK_RSA_Private.md#x5t#s256) +- [x5u](types.JWK_RSA_Private.md#x5u) + +## Properties + +### d + +• **d**: `string` + +Private Exponent + +___ + +### dp + +• **dp**: `string` + +First Factor CRT Exponent + +___ + +### dq + +• **dq**: `string` + +Second Factor CRT Exponent + +___ + +### e + +• **e**: `string` + +Exponent + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### n + +• **n**: `string` + +Modulus + +___ + +### p + +• **p**: `string` + +First Prime Factor + +___ + +### q + +• **q**: `string` + +Second Prime Factor + +___ + +### qi + +• **qi**: `string` + +First CRT Coefficient + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### oth + +• `Optional` **oth**: \{ `d?`: `string` ; `r?`: `string` ; `t?`: `string` }[] + +Other Primes Info. This parameter is not supported. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_RSA_Public.md b/docs/interfaces/types.JWK_RSA_Public.md new file mode 100644 index 0000000000..ed6dcb1c57 --- /dev/null +++ b/docs/interfaces/types.JWK_RSA_Public.md @@ -0,0 +1,122 @@ +# Interface: JWK\_RSA\_Public + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for Public RSA JSON Web Keys + +## Table of contents + +### Properties + +- [e](types.JWK_RSA_Public.md#e) +- [kty](types.JWK_RSA_Public.md#kty) +- [n](types.JWK_RSA_Public.md#n) +- [alg](types.JWK_RSA_Public.md#alg) +- [ext](types.JWK_RSA_Public.md#ext) +- [key\_ops](types.JWK_RSA_Public.md#key_ops) +- [kid](types.JWK_RSA_Public.md#kid) +- [use](types.JWK_RSA_Public.md#use) +- [x5c](types.JWK_RSA_Public.md#x5c) +- [x5t](types.JWK_RSA_Public.md#x5t) +- [x5t#S256](types.JWK_RSA_Public.md#x5t#s256) +- [x5u](types.JWK_RSA_Public.md#x5u) + +## Properties + +### e + +• **e**: `string` + +Exponent + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### n + +• **n**: `string` + +Modulus + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWK_oct.md b/docs/interfaces/types.JWK_oct.md new file mode 100644 index 0000000000..eb5ebcf8b8 --- /dev/null +++ b/docs/interfaces/types.JWK_oct.md @@ -0,0 +1,113 @@ +# Interface: JWK\_oct + +## [💗 Help the project](https://github.com/sponsors/panva) + +Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva). + +--- + +Convenience interface for oct JSON Web Keys + +## Table of contents + +### Properties + +- [k](types.JWK_oct.md#k) +- [kty](types.JWK_oct.md#kty) +- [alg](types.JWK_oct.md#alg) +- [ext](types.JWK_oct.md#ext) +- [key\_ops](types.JWK_oct.md#key_ops) +- [kid](types.JWK_oct.md#kid) +- [use](types.JWK_oct.md#use) +- [x5c](types.JWK_oct.md#x5c) +- [x5t](types.JWK_oct.md#x5t) +- [x5t#S256](types.JWK_oct.md#x5t#s256) +- [x5u](types.JWK_oct.md#x5u) + +## Properties + +### k + +• **k**: `string` + +Key Value + +___ + +### kty + +• **kty**: `string` + +JWK "kty" (Key Type) Parameter. + +___ + +### alg + +• `Optional` **alg**: `string` + +JWK "alg" (Algorithm) Parameter. + +___ + +### ext + +• `Optional` **ext**: `boolean` + +JWK "ext" (Extractable) Parameter. + +___ + +### key\_ops + +• `Optional` **key\_ops**: `string`[] + +JWK "key_ops" (Key Operations) Parameter. + +___ + +### kid + +• `Optional` **kid**: `string` + +JWK "kid" (Key ID) Parameter. + +___ + +### use + +• `Optional` **use**: `string` + +JWK "use" (Public Key Use) Parameter. + +___ + +### x5c + +• `Optional` **x5c**: `string`[] + +JWK "x5c" (X.509 Certificate Chain) Parameter. + +___ + +### x5t + +• `Optional` **x5t**: `string` + +JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. + +___ + +### x5t#S256 + +• `Optional` **x5t#S256**: `string` + +"x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. + +___ + +### x5u + +• `Optional` **x5u**: `string` + +JWK "x5u" (X.509 URL) Parameter. diff --git a/docs/interfaces/types.JWSHeaderParameters.md b/docs/interfaces/types.JWSHeaderParameters.md index cbcffc48a1..b0da159670 100644 --- a/docs/interfaces/types.JWSHeaderParameters.md +++ b/docs/interfaces/types.JWSHeaderParameters.md @@ -69,7 +69,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/interfaces/types.JWTHeaderParameters.md b/docs/interfaces/types.JWTHeaderParameters.md index 7407d51097..b01ba9beed 100644 --- a/docs/interfaces/types.JWTHeaderParameters.md +++ b/docs/interfaces/types.JWTHeaderParameters.md @@ -69,7 +69,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/interfaces/types.JoseHeaderParameters.md b/docs/interfaces/types.JoseHeaderParameters.md index 050a16af13..fac294f840 100644 --- a/docs/interfaces/types.JoseHeaderParameters.md +++ b/docs/interfaces/types.JoseHeaderParameters.md @@ -39,7 +39,7 @@ ___ ### jwk -• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"kty"`` \| ``"n"``\> +• `Optional` **jwk**: [`Pick`]( https://www.typescriptlang.org/docs/handbook/utility-types.html#picktype-keys )\<[`JWK`](types.JWK.md), ``"x"`` \| ``"y"`` \| ``"crv"`` \| ``"e"`` \| ``"n"`` \| ``"kty"``\> "jwk" (JSON Web Key) Header Parameter. diff --git a/docs/modules/types.md b/docs/modules/types.md index 2c5ef00246..66b325547c 100644 --- a/docs/modules/types.md +++ b/docs/modules/types.md @@ -37,6 +37,14 @@ Support from the community to continue maintaining and improving this module is - [JWEHeaderParameters](../interfaces/types.JWEHeaderParameters.md) - [JWEKeyManagementHeaderParameters](../interfaces/types.JWEKeyManagementHeaderParameters.md) - [JWK](../interfaces/types.JWK.md) +- [JWKParameters](../interfaces/types.JWKParameters.md) +- [JWK\_EC\_Private](../interfaces/types.JWK_EC_Private.md) +- [JWK\_EC\_Public](../interfaces/types.JWK_EC_Public.md) +- [JWK\_OKP\_Private](../interfaces/types.JWK_OKP_Private.md) +- [JWK\_OKP\_Public](../interfaces/types.JWK_OKP_Public.md) +- [JWK\_RSA\_Private](../interfaces/types.JWK_RSA_Private.md) +- [JWK\_RSA\_Public](../interfaces/types.JWK_RSA_Public.md) +- [JWK\_oct](../interfaces/types.JWK_oct.md) - [JWSHeaderParameters](../interfaces/types.JWSHeaderParameters.md) - [JWTClaimVerificationOptions](../interfaces/types.JWTClaimVerificationOptions.md) - [JWTDecryptResult](../interfaces/types.JWTDecryptResult.md) diff --git a/src/jws/compact/sign.ts b/src/jws/compact/sign.ts index 3550bf0354..b94e8eb4bd 100644 --- a/src/jws/compact/sign.ts +++ b/src/jws/compact/sign.ts @@ -1,5 +1,5 @@ import { FlattenedSign } from '../flattened/sign.js' -import type { CompactJWSHeaderParameters, KeyLike, SignOptions } from '../../types.d' +import type { JWK, CompactJWSHeaderParameters, KeyLike, SignOptions } from '../../types.d' /** * The CompactSign class is used to build and sign Compact JWS strings. @@ -44,7 +44,7 @@ export class CompactSign { * {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}. * @param options JWS Sign options. */ - async sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise { + async sign(key: KeyLike | Uint8Array | JWK, options?: SignOptions): Promise { const jws = await this._flattened.sign(key, options) if (jws.payload === undefined) { diff --git a/src/jws/compact/verify.ts b/src/jws/compact/verify.ts index 00f746180a..c706869c93 100644 --- a/src/jws/compact/verify.ts +++ b/src/jws/compact/verify.ts @@ -2,9 +2,10 @@ import { flattenedVerify } from '../flattened/verify.js' import { JWSInvalid } from '../../util/errors.js' import { decoder } from '../../lib/buffer_utils.js' import type { + JWK, CompactVerifyResult, FlattenedJWSInput, - GetKeyFunction, + GenericGetKeyFunction, CompactJWSHeaderParameters, KeyLike, VerifyOptions, @@ -18,7 +19,11 @@ import type { * @see [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) to verify using a remote JSON Web Key Set. */ export interface CompactVerifyGetKey - extends GetKeyFunction {} + extends GenericGetKeyFunction< + CompactJWSHeaderParameters, + FlattenedJWSInput, + KeyLike | JWK | Uint8Array + > {} /** * Verifies the signature and format of and afterwards decodes the Compact JWS. @@ -45,7 +50,7 @@ export interface CompactVerifyGetKey */ export function compactVerify( jws: string | Uint8Array, - key: KeyLike | Uint8Array, + key: KeyLike | Uint8Array | JWK, options?: VerifyOptions, ): Promise /** @@ -61,7 +66,7 @@ export function compactVerify( ): Promise> export async function compactVerify( jws: string | Uint8Array, - key: KeyLike | Uint8Array | CompactVerifyGetKey, + key: KeyLike | Uint8Array | JWK | CompactVerifyGetKey, options?: VerifyOptions, ) { if (jws instanceof Uint8Array) { diff --git a/src/jws/flattened/sign.ts b/src/jws/flattened/sign.ts index 0332326721..262bda8cc4 100644 --- a/src/jws/flattened/sign.ts +++ b/src/jws/flattened/sign.ts @@ -4,8 +4,8 @@ import sign from '../../runtime/sign.js' import isDisjoint from '../../lib/is_disjoint.js' import { JWSInvalid } from '../../util/errors.js' import { encoder, decoder, concat } from '../../lib/buffer_utils.js' -import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types.d' -import checkKeyType from '../../lib/check_key_type.js' +import type { JWK, KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types.d' +import { checkKeyTypeWithJwk } from '../../lib/check_key_type.js' import validateCrit from '../../lib/validate_crit.js' /** @@ -74,7 +74,7 @@ export class FlattenedSign { * {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}. * @param options JWS Sign options. */ - async sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise { + async sign(key: KeyLike | Uint8Array | JWK, options?: SignOptions): Promise { if (!this._protectedHeader && !this._unprotectedHeader) { throw new JWSInvalid( 'either setProtectedHeader or setUnprotectedHeader must be called before #sign()', @@ -116,7 +116,7 @@ export class FlattenedSign { throw new JWSInvalid('JWS "alg" (Algorithm) Header Parameter missing or invalid') } - checkKeyType(alg, key, 'sign') + checkKeyTypeWithJwk(alg, key, 'sign') let payload = this._payload if (b64) { diff --git a/src/jws/flattened/verify.ts b/src/jws/flattened/verify.ts index bdb9af1433..36f15e7484 100644 --- a/src/jws/flattened/verify.ts +++ b/src/jws/flattened/verify.ts @@ -5,19 +5,22 @@ import { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '. import { concat, encoder, decoder } from '../../lib/buffer_utils.js' import isDisjoint from '../../lib/is_disjoint.js' import isObject from '../../lib/is_object.js' -import checkKeyType from '../../lib/check_key_type.js' +import { checkKeyTypeWithJwk } from '../../lib/check_key_type.js' import validateCrit from '../../lib/validate_crit.js' import validateAlgorithms from '../../lib/validate_algorithms.js' import type { + JWK, FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, - GetKeyFunction, + GenericGetKeyFunction, ResolvedKey, } from '../../types.d' +import { isJWK } from '../../lib/is_jwk.js' +import { importJWK } from '../../key/import.js' /** * Interface for Flattened JWS Verification dynamic key resolution. No token components have been @@ -26,7 +29,11 @@ import type { * @see [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) to verify using a remote JSON Web Key Set. */ export interface FlattenedVerifyGetKey - extends GetKeyFunction {} + extends GenericGetKeyFunction< + JWSHeaderParameters | undefined, + FlattenedJWSInput, + KeyLike | JWK | Uint8Array + > {} /** * Verifies the signature and format of and afterwards decodes the Flattened JWS. @@ -58,7 +65,7 @@ export interface FlattenedVerifyGetKey */ export function flattenedVerify( jws: FlattenedJWSInput, - key: KeyLike | Uint8Array, + key: KeyLike | Uint8Array | JWK, options?: VerifyOptions, ): Promise /** @@ -74,7 +81,7 @@ export function flattenedVerify( ): Promise> export async function flattenedVerify( jws: FlattenedJWSInput, - key: KeyLike | Uint8Array | FlattenedVerifyGetKey, + key: KeyLike | Uint8Array | JWK | FlattenedVerifyGetKey, options?: VerifyOptions, ) { if (!isObject(jws)) { @@ -163,10 +170,14 @@ export async function flattenedVerify( if (typeof key === 'function') { key = await key(parsedProt, jws) resolvedKey = true + checkKeyTypeWithJwk(alg, key, 'verify') + if (isJWK(key)) { + key = await importJWK(key, alg) + } + } else { + checkKeyTypeWithJwk(alg, key, 'verify') } - checkKeyType(alg, key, 'verify') - const data = concat( encoder.encode(jws.protected ?? ''), encoder.encode('.'), diff --git a/src/jws/general/sign.ts b/src/jws/general/sign.ts index 4b5f8bca68..ed4a354053 100644 --- a/src/jws/general/sign.ts +++ b/src/jws/general/sign.ts @@ -1,7 +1,7 @@ import { FlattenedSign } from '../flattened/sign.js' import { JWSInvalid } from '../../util/errors.js' -import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types.d' +import type { JWK, KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types.d' export interface Signature { /** @@ -34,9 +34,9 @@ class IndividualSignature implements Signature { protectedHeader?: JWSHeaderParameters unprotectedHeader?: JWSHeaderParameters options?: SignOptions - key: KeyLike | Uint8Array + key: KeyLike | Uint8Array | JWK - constructor(sig: GeneralSign, key: KeyLike | Uint8Array, options?: SignOptions) { + constructor(sig: GeneralSign, key: KeyLike | Uint8Array | JWK, options?: SignOptions) { this.parent = sig this.key = key this.options = options @@ -109,7 +109,7 @@ export class GeneralSign { * {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}. * @param options JWS Sign options. */ - addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature { + addSignature(key: KeyLike | Uint8Array | JWK, options?: SignOptions): Signature { const signature = new IndividualSignature(this, key, options) this._signatures.push(signature) return signature diff --git a/src/jws/general/verify.ts b/src/jws/general/verify.ts index 7d90d66225..c4c98cf600 100644 --- a/src/jws/general/verify.ts +++ b/src/jws/general/verify.ts @@ -1,9 +1,10 @@ import { flattenedVerify } from '../flattened/verify.js' import type { + JWK, GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, - GetKeyFunction, + GenericGetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, @@ -19,7 +20,11 @@ import isObject from '../../lib/is_object.js' * @see [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) to verify using a remote JSON Web Key Set. */ export interface GeneralVerifyGetKey - extends GetKeyFunction {} + extends GenericGetKeyFunction< + JWSHeaderParameters, + FlattenedJWSInput, + KeyLike | JWK | Uint8Array + > {} /** * Verifies the signature and format of and afterwards decodes the General JWS. @@ -54,7 +59,7 @@ export interface GeneralVerifyGetKey */ export function generalVerify( jws: GeneralJWSInput, - key: KeyLike | Uint8Array, + key: KeyLike | Uint8Array | JWK, options?: VerifyOptions, ): Promise /** @@ -70,7 +75,7 @@ export function generalVerify( ): Promise> export async function generalVerify( jws: GeneralJWSInput, - key: KeyLike | Uint8Array | GeneralVerifyGetKey, + key: KeyLike | Uint8Array | JWK | GeneralVerifyGetKey, options?: VerifyOptions, ) { if (!isObject(jws)) { diff --git a/src/jwt/sign.ts b/src/jwt/sign.ts index bc7b1b7aeb..dbe259c2f7 100644 --- a/src/jwt/sign.ts +++ b/src/jwt/sign.ts @@ -1,6 +1,6 @@ import { CompactSign } from '../jws/compact/sign.js' import { JWTInvalid } from '../util/errors.js' -import type { JWTHeaderParameters, KeyLike, SignOptions } from '../types.d' +import type { JWK, JWTHeaderParameters, KeyLike, SignOptions } from '../types.d' import { encoder } from '../lib/buffer_utils.js' import { ProduceJWT } from './produce.js' @@ -128,7 +128,7 @@ export class SignJWT extends ProduceJWT { * {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}. * @param options JWT Sign options. */ - async sign(key: KeyLike | Uint8Array, options?: SignOptions): Promise { + async sign(key: KeyLike | Uint8Array | JWK, options?: SignOptions): Promise { const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload))) sig.setProtectedHeader(this._protectedHeader) if ( diff --git a/src/jwt/verify.ts b/src/jwt/verify.ts index cdcd991114..8b108db324 100644 --- a/src/jwt/verify.ts +++ b/src/jwt/verify.ts @@ -1,11 +1,12 @@ import { compactVerify } from '../jws/compact/verify.js' import type { + JWK, JWTPayload, KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, - GetKeyFunction, + GenericGetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey, @@ -22,7 +23,12 @@ export interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOpt * * @see [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) to verify using a remote JSON Web Key Set. */ -export interface JWTVerifyGetKey extends GetKeyFunction {} +export interface JWTVerifyGetKey + extends GenericGetKeyFunction< + JWTHeaderParameters, + FlattenedJWSInput, + KeyLike | JWK | Uint8Array + > {} /** * Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the @@ -110,7 +116,7 @@ export interface JWTVerifyGetKey extends GetKeyFunction( jwt: string | Uint8Array, - key: KeyLike | Uint8Array, + key: KeyLike | Uint8Array | JWK, options?: JWTVerifyOptions, ): Promise> @@ -143,7 +149,7 @@ export async function jwtVerify[1]>key, options) diff --git a/src/lib/check_key_type.ts b/src/lib/check_key_type.ts index 5996d1f761..5ca78b77c6 100644 --- a/src/lib/check_key_type.ts +++ b/src/lib/check_key_type.ts @@ -1,14 +1,43 @@ import { withAlg as invalidKeyInput } from './invalid_key_input.js' import isKeyLike, { types } from '../runtime/is_key_like.js' +import * as jwk from './is_jwk.js' +import { JWK } from '../types.d' // @ts-expect-error const tag = (key: unknown): string => key?.[Symbol.toStringTag] -const symmetricTypeCheck = (alg: string, key: unknown) => { +const jwkMatchesOp = (alg: string, key: JWK, usage: Usage) => { + if (key.use !== undefined && key.use !== 'sig') { + throw new TypeError('Invalid key for this operation, when present its use must be sig') + } + + if (key.key_ops !== undefined && key.key_ops.includes?.(usage) !== true) { + throw new TypeError( + `Invalid key for this operation, when present its key_ops must include ${usage}`, + ) + } + + if (key.alg !== undefined && key.alg !== alg) { + throw new TypeError(`Invalid key for this operation, when present its alg must be ${alg}`) + } + + return true +} + +const symmetricTypeCheck = (alg: string, key: unknown, usage: Usage, allowJwk: boolean) => { if (key instanceof Uint8Array) return + if (allowJwk && jwk.isJWK(key)) { + if (jwk.isSecretJWK(key) && jwkMatchesOp(alg, key, usage)) return + throw new TypeError( + `JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present`, + ) + } + if (!isKeyLike(key)) { - throw new TypeError(invalidKeyInput(alg, key, ...types, 'Uint8Array')) + throw new TypeError( + invalidKeyInput(alg, key, ...types, 'Uint8Array', allowJwk ? 'JSON Web Key' : null), + ) } if (key.type !== 'secret') { @@ -16,9 +45,20 @@ const symmetricTypeCheck = (alg: string, key: unknown) => { } } -const asymmetricTypeCheck = (alg: string, key: unknown, usage: string) => { +const asymmetricTypeCheck = (alg: string, key: unknown, usage: Usage, allowJwk: boolean) => { + if (allowJwk && jwk.isJWK(key)) { + switch (usage) { + case 'sign': + if (jwk.isPrivateJWK(key) && jwkMatchesOp(alg, key, usage)) return + throw new TypeError(`JSON Web Key for this operation be a private JWK`) + case 'verify': + if (jwk.isPublicJWK(key) && jwkMatchesOp(alg, key, usage)) return + throw new TypeError(`JSON Web Key for this operation be a public JWK`) + } + } + if (!isKeyLike(key)) { - throw new TypeError(invalidKeyInput(alg, key, ...types)) + throw new TypeError(invalidKeyInput(alg, key, ...types, allowJwk ? 'JSON Web Key' : null)) } if (key.type === 'secret') { @@ -54,7 +94,9 @@ const asymmetricTypeCheck = (alg: string, key: unknown, usage: string) => { } } -const checkKeyType = (alg: string, key: unknown, usage: string): void => { +type Usage = 'sign' | 'verify' | 'encrypt' | 'decrypt' + +function checkKeyType(allowJwk: boolean, alg: string, key: unknown, usage: Usage): void { const symmetric = alg.startsWith('HS') || alg === 'dir' || @@ -62,10 +104,11 @@ const checkKeyType = (alg: string, key: unknown, usage: string): void => { /^A\d{3}(?:GCM)?KW$/.test(alg) if (symmetric) { - symmetricTypeCheck(alg, key) + symmetricTypeCheck(alg, key, usage, allowJwk) } else { - asymmetricTypeCheck(alg, key, usage) + asymmetricTypeCheck(alg, key, usage, allowJwk) } } -export default checkKeyType +export default checkKeyType.bind(undefined, false) +export const checkKeyTypeWithJwk = checkKeyType.bind(undefined, true) diff --git a/src/lib/invalid_key_input.ts b/src/lib/invalid_key_input.ts index 1146d853fb..d2e29ec503 100644 --- a/src/lib/invalid_key_input.ts +++ b/src/lib/invalid_key_input.ts @@ -1,4 +1,5 @@ -function message(msg: string, actual: unknown, ...types: string[]) { +function message(msg: string, actual: unknown, ...types: Array) { + types = types.filter(Boolean) if (types.length > 2) { const last = types.pop() msg += `one of type ${types.join(', ')}, or ${last}.` @@ -25,6 +26,6 @@ export default (actual: unknown, ...types: string[]) => { return message('Key must be ', actual, ...types) } -export function withAlg(alg: string, actual: unknown, ...types: string[]) { +export function withAlg(alg: string, actual: unknown, ...types: Array) { return message(`Key for the ${alg} algorithm must be `, actual, ...types) } diff --git a/src/lib/is_jwk.ts b/src/lib/is_jwk.ts new file mode 100644 index 0000000000..cf3b52a252 --- /dev/null +++ b/src/lib/is_jwk.ts @@ -0,0 +1,18 @@ +import type { JWK } from '../types.d' +import isObject from './is_object.js' + +export function isJWK(key: unknown): key is JWK & { kty: string } { + return isObject(key) && typeof key.kty === 'string' +} + +export function isPrivateJWK(key: JWK & { kty: string }) { + return key.kty !== 'oct' && typeof key.d === 'string' +} + +export function isPublicJWK(key: JWK & { kty: string }) { + return key.kty !== 'oct' && typeof key.d === 'undefined' +} + +export function isSecretJWK(key: JWK & { kty: string }) { + return isJWK(key) && key.kty === 'oct' && typeof key.k === 'string' +} diff --git a/src/runtime/browser/get_sign_verify_key.ts b/src/runtime/browser/get_sign_verify_key.ts index f1bbf590a9..d661af8d24 100644 --- a/src/runtime/browser/get_sign_verify_key.ts +++ b/src/runtime/browser/get_sign_verify_key.ts @@ -31,5 +31,5 @@ export default async function getCryptoKey(alg: string, key: unknown, usage: Key ) } - throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')) + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array', 'JSON Web Key')) } diff --git a/src/runtime/browser/normalize_key.ts b/src/runtime/browser/normalize_key.ts index 437bbee73f..092a3daa7b 100644 --- a/src/runtime/browser/normalize_key.ts +++ b/src/runtime/browser/normalize_key.ts @@ -1,8 +1,9 @@ +import { isJWK } from '../../lib/is_jwk.js' import type { JWK, KeyLike } from '../../types.d' import { decode } from '../base64url.js' import importJWK from '../jwk_to_key.js' -const normalizeSecretKey = (k: string) => decode(k) +const exportKeyValue = (k: string) => decode(k) let privCache: WeakMap> let pubCache: WeakMap> @@ -14,9 +15,10 @@ const isKeyObject = (key: unknown): key is KeyLike => { const importAndCache = async ( cache: typeof privCache | typeof pubCache, - key: KeyLike, + key: KeyLike | JWK, jwk: JWK, alg: string, + freeze = false, ) => { let cached = cache.get(key) if (cached?.[alg]) { @@ -24,6 +26,7 @@ const importAndCache = async ( } const cryptoKey = await importJWK({ ...jwk, alg }) + if (freeze) Object.freeze(key) if (!cached) { cache.set(key, { [alg]: cryptoKey }) } else { @@ -32,7 +35,7 @@ const importAndCache = async ( return cryptoKey } -const normalizePublicKey = (key: KeyLike | Uint8Array | unknown, alg: string) => { +const normalizePublicKey = (key: KeyLike | Uint8Array | JWK | unknown, alg: string) => { if (isKeyObject(key)) { // @ts-expect-error let jwk: JWK = key.export({ format: 'jwk' }) @@ -43,28 +46,42 @@ const normalizePublicKey = (key: KeyLike | Uint8Array | unknown, alg: string) => delete jwk.q delete jwk.qi if (jwk.k) { - return normalizeSecretKey(jwk.k) + return exportKeyValue(jwk.k) } pubCache ||= new WeakMap() return importAndCache(pubCache, key, jwk, alg) } + if (isJWK(key)) { + if (key.k) return decode(key.k) + pubCache ||= new WeakMap() + const cryptoKey = importAndCache(pubCache, key, key, alg, true) + return cryptoKey + } + return key } -const normalizePrivateKey = (key: KeyLike | Uint8Array | unknown, alg: string) => { +const normalizePrivateKey = (key: KeyLike | Uint8Array | JWK | unknown, alg: string) => { if (isKeyObject(key)) { // @ts-expect-error let jwk: JWK = key.export({ format: 'jwk' }) if (jwk.k) { - return normalizeSecretKey(jwk.k) + return exportKeyValue(jwk.k) } privCache ||= new WeakMap() return importAndCache(privCache, key, jwk, alg) } + if (isJWK(key)) { + if (key.k) return decode(key.k) + privCache ||= new WeakMap() + const cryptoKey = importAndCache(privCache, key, key, alg, true) + return cryptoKey + } + return key } diff --git a/src/runtime/node/base64url.ts b/src/runtime/node/base64url.ts index 60b28a3c73..2c672da833 100644 --- a/src/runtime/node/base64url.ts +++ b/src/runtime/node/base64url.ts @@ -15,4 +15,4 @@ export const decodeBase64 = (input: string) => new Uint8Array(Buffer.from(input, export const encodeBase64 = (input: Uint8Array | string) => Buffer.from(input).toString('base64') export { encode } export const decode = (input: Uint8Array | string) => - new Uint8Array(Buffer.from(normalize(input), 'base64')) + new Uint8Array(Buffer.from(normalize(input), 'base64url')) diff --git a/src/runtime/node/check_key_length.ts b/src/runtime/node/check_key_length.ts index a305226f5e..480282fcba 100644 --- a/src/runtime/node/check_key_length.ts +++ b/src/runtime/node/check_key_length.ts @@ -1,7 +1,16 @@ -import type { KeyObject } from 'node:crypto' +import { KeyObject } from 'node:crypto' +import type { JWK } from '../../types.d' + +export default (key: KeyObject | JWK, alg: string) => { + let modulusLength: any + try { + if (key instanceof KeyObject) { + modulusLength = key.asymmetricKeyDetails?.modulusLength + } else { + modulusLength = Buffer.from(key.n!, 'base64url').byteLength << 3 + } + } catch {} -export default (key: KeyObject, alg: string) => { - const { modulusLength } = key.asymmetricKeyDetails! if (typeof modulusLength !== 'number' || modulusLength < 2048) { throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`) } diff --git a/src/runtime/node/get_named_curve.ts b/src/runtime/node/get_named_curve.ts index fb9eac9def..529923495b 100644 --- a/src/runtime/node/get_named_curve.ts +++ b/src/runtime/node/get_named_curve.ts @@ -4,6 +4,7 @@ import { isCryptoKey } from './webcrypto.js' import isKeyObject from './is_key_object.js' import invalidKeyInput from '../../lib/invalid_key_input.js' import { types } from './is_key_like.js' +import { isJWK } from '../../lib/is_jwk.js' export const weakMap: WeakMap = new WeakMap() @@ -28,6 +29,8 @@ const getNamedCurve = (kee: unknown, raw?: boolean): string => { key = KeyObject.from(kee) } else if (isKeyObject(kee)) { key = kee + } else if (isJWK(kee)) { + return kee.crv! } else { throw new TypeError(invalidKeyInput(kee, ...types)) } diff --git a/src/runtime/node/get_sign_verify_key.ts b/src/runtime/node/get_sign_verify_key.ts index 2cfd2d13d9..4790c25502 100644 --- a/src/runtime/node/get_sign_verify_key.ts +++ b/src/runtime/node/get_sign_verify_key.ts @@ -3,8 +3,14 @@ import { isCryptoKey } from './webcrypto.js' import { checkSigCryptoKey } from '../../lib/crypto_key.js' import invalidKeyInput from '../../lib/invalid_key_input.js' import { types } from './is_key_like.js' +import * as jwk from '../../lib/is_jwk.js' +import type { JWK } from '../../types.d' -export default function getSignVerifyKey(alg: string, key: unknown, usage: KeyUsage) { +export default function getSignVerifyKey( + alg: string, + key: unknown, + usage: 'sign' | 'verify', +): KeyObject | JWK { if (key instanceof Uint8Array) { if (!alg.startsWith('HS')) { throw new TypeError(invalidKeyInput(key, ...types)) @@ -18,5 +24,14 @@ export default function getSignVerifyKey(alg: string, key: unknown, usage: KeyUs checkSigCryptoKey(key, alg, usage) return KeyObject.from(key) } - throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')) + + if (jwk.isJWK(key)) { + if (alg.startsWith('HS')) { + return createSecretKey(Buffer.from(key.k!, 'base64url')) + } + + return key + } + + throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array', 'JSON Web Key')) } diff --git a/src/runtime/node/key_to_jwk.ts b/src/runtime/node/key_to_jwk.ts index a77d895db5..8862cbd51a 100644 --- a/src/runtime/node/key_to_jwk.ts +++ b/src/runtime/node/key_to_jwk.ts @@ -32,6 +32,6 @@ const keyToJWK: JWKExportFunction = (key: unknown): JWK => { ) { throw new JOSENotSupported('Unsupported key asymmetricKeyType') } - return keyObject.export({ format: 'jwk' }) + return keyObject.export({ format: 'jwk' }) } export default keyToJWK diff --git a/src/runtime/node/node_key.ts b/src/runtime/node/node_key.ts index d8101924f5..2b00ec7a90 100644 --- a/src/runtime/node/node_key.ts +++ b/src/runtime/node/node_key.ts @@ -1,14 +1,10 @@ -import { constants } from 'node:crypto' -import type { KeyObject, SignKeyObjectInput } from 'node:crypto' +import { constants, KeyObject } from 'node:crypto' +import type { SigningOptions } from 'node:crypto' import getNamedCurve from './get_named_curve.js' import { JOSENotSupported } from '../../util/errors.js' import checkKeyLength from './check_key_length.js' - -const PSS = { - padding: constants.RSA_PKCS1_PSS_PADDING, - saltLength: constants.RSA_PSS_SALTLEN_DIGEST, -} +import type { JWK } from '../../types.d' const ecCurveAlgMap = new Map([ ['ES256', 'P-256'], @@ -17,32 +13,65 @@ const ecCurveAlgMap = new Map([ ['ES512', 'P-521'], ]) -export default function keyForCrypto(alg: string, key: KeyObject): KeyObject | SignKeyObjectInput { +export default function keyForCrypto( + alg: string, + key: KeyObject | JWK, +): KeyObjectOptions | JWKOptions | KeyObject { + let asymmetricKeyType: string + let asymmetricKeyDetails: KeyObject['asymmetricKeyDetails'] + + let isJWK: true | undefined + + if (key instanceof KeyObject) { + asymmetricKeyType = key.asymmetricKeyType! + asymmetricKeyDetails = key.asymmetricKeyDetails + } else { + isJWK = true + switch (key.kty) { + case 'RSA': + asymmetricKeyType = 'rsa' + break + case 'EC': + asymmetricKeyType = 'ec' + break + case 'OKP': { + if (key.crv === 'Ed25519') { + asymmetricKeyType = 'ed25519' + break + } + if (key.crv === 'Ed448') { + asymmetricKeyType = 'ed448' + break + } + throw new TypeError('Invalid key for this operation, its crv must be Ed25519 or Ed448') + } + default: + throw new TypeError('Invalid key for this operation, its kty must be RSA, OKP, or EC') + } + } + + let options!: SigningOptions switch (alg) { case 'EdDSA': - if (!['ed25519', 'ed448'].includes(key.asymmetricKeyType!)) { + if (!['ed25519', 'ed448'].includes(asymmetricKeyType)) { throw new TypeError( 'Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448', ) } - - return key - + break case 'RS256': case 'RS384': case 'RS512': - if (key.asymmetricKeyType !== 'rsa') { + if (asymmetricKeyType !== 'rsa') { throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa') } checkKeyLength(key, alg) - - return key - + break case 'PS256': case 'PS384': case 'PS512': - if (key.asymmetricKeyType === 'rsa-pss') { - const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails! + if (asymmetricKeyType === 'rsa-pss') { + const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = asymmetricKeyDetails! const length = parseInt(alg.slice(-3), 10) @@ -59,20 +88,23 @@ export default function keyForCrypto(alg: string, key: KeyObject): KeyObject | S `Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${alg}`, ) } - } else if (key.asymmetricKeyType !== 'rsa') { + } else if (asymmetricKeyType !== 'rsa') { throw new TypeError( 'Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss', ) } checkKeyLength(key, alg) - return { key, ...PSS } - + options = { + padding: constants.RSA_PKCS1_PSS_PADDING, + saltLength: constants.RSA_PSS_SALTLEN_DIGEST, + } + break case 'ES256': case 'ES256K': case 'ES384': case 'ES512': { - if (key.asymmetricKeyType !== 'ec') { + if (asymmetricKeyType !== 'ec') { throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec') } @@ -84,11 +116,18 @@ export default function keyForCrypto(alg: string, key: KeyObject): KeyObject | S ) } - return { dsaEncoding: 'ieee-p1363', key } + options = { dsaEncoding: 'ieee-p1363' } + break } default: throw new JOSENotSupported( `alg ${alg} is not supported either by JOSE or your javascript runtime`, ) } + + if (isJWK) { + return { format: 'jwk', key, ...options } + } + + return options ? { ...options, key } : key } diff --git a/src/runtime/node/sign.ts b/src/runtime/node/sign.ts index 1c2497f041..f11e20d321 100644 --- a/src/runtime/node/sign.ts +++ b/src/runtime/node/sign.ts @@ -1,4 +1,5 @@ import * as crypto from 'node:crypto' +import type { KeyObject, SignJsonWebKeyInput, SignKeyObjectInput } from 'node:crypto' import { promisify } from 'node:util' import type { SignFunction } from '../interfaces.d' @@ -10,15 +11,19 @@ import getSignKey from './get_sign_verify_key.js' const oneShotSign = promisify(crypto.sign) const sign: SignFunction = async (alg, key: unknown, data) => { - const keyObject = getSignKey(alg, key, 'sign') + const k = getSignKey(alg, key, 'sign') if (alg.startsWith('HS')) { - const hmac = crypto.createHmac(hmacDigest(alg), keyObject) + const hmac = crypto.createHmac(hmacDigest(alg), k) hmac.update(data) return hmac.digest() } - return oneShotSign(nodeDigest(alg), data, nodeKey(alg, keyObject)) + return oneShotSign( + nodeDigest(alg), + data, + nodeKey(alg, k), + ) } export default sign diff --git a/src/runtime/node/verify.ts b/src/runtime/node/verify.ts index 75f96fc804..688c0505e5 100644 --- a/src/runtime/node/verify.ts +++ b/src/runtime/node/verify.ts @@ -1,4 +1,5 @@ import * as crypto from 'node:crypto' +import type { VerifyJsonWebKeyInput, VerifyKeyObjectInput } from 'node:crypto' import { promisify } from 'node:util' import type { VerifyFunction } from '../interfaces.d' @@ -10,10 +11,10 @@ import getVerifyKey from './get_sign_verify_key.js' const oneShotVerify = promisify(crypto.verify) const verify: VerifyFunction = async (alg, key: unknown, signature, data) => { - const keyObject = getVerifyKey(alg, key, 'verify') + const k = getVerifyKey(alg, key, 'verify') if (alg.startsWith('HS')) { - const expected = await sign(alg, keyObject, data) + const expected = await sign(alg, k, data) const actual = signature try { return crypto.timingSafeEqual(actual, expected) @@ -24,7 +25,7 @@ const verify: VerifyFunction = async (alg, key: unknown, signature, data) => { } const algorithm = nodeDigest(alg) - const keyInput = nodeKey(alg, keyObject) + const keyInput = nodeKey(alg, k) try { return await oneShotVerify(algorithm, data, keyInput, signature) } catch { diff --git a/src/types.d.ts b/src/types.d.ts index 83c2ba978f..7dd470e6ea 100644 --- a/src/types.d.ts +++ b/src/types.d.ts @@ -99,59 +99,153 @@ */ export type KeyLike = { type: string } +/** Generic JSON Web Key Parameters. */ +export interface JWKParameters { + /** JWK "kty" (Key Type) Parameter. */ + kty: string + /** JWK "alg" (Algorithm) Parameter. */ + alg?: string + /** JWK "key_ops" (Key Operations) Parameter. */ + key_ops?: string[] + /** JWK "ext" (Extractable) Parameter. */ + ext?: boolean + /** JWK "use" (Public Key Use) Parameter. */ + use?: string + /** JWK "x5c" (X.509 Certificate Chain) Parameter. */ + x5c?: string[] + /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */ + x5t?: string + /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */ + 'x5t#S256'?: string + /** JWK "x5u" (X.509 URL) Parameter. */ + x5u?: string + /** JWK "kid" (Key ID) Parameter. */ + kid?: string +} + +/** Convenience interface for Public OKP JSON Web Keys */ +export interface JWK_OKP_Public extends JWKParameters { + /** The Subtype of Key Pair */ + crv: string + /** The public key */ + x: string +} + +/** Convenience interface for Private OKP JSON Web Keys */ +export interface JWK_OKP_Private extends JWK_OKP_Public, JWKParameters { + /** The Private Key */ + d: string +} + +/** Convenience interface for Public EC JSON Web Keys */ +export interface JWK_EC_Public extends JWKParameters { + /** Curve */ + crv: string + /** X Coordinate */ + x: string + /** Y Coordinate */ + y: string +} + +/** Convenience interface for Private EC JSON Web Keys */ +export interface JWK_EC_Private extends JWK_EC_Public, JWKParameters { + /** ECC Private Key */ + d: string +} + +/** Convenience interface for Public RSA JSON Web Keys */ +export interface JWK_RSA_Public extends JWKParameters { + /** Exponent */ + e: string + /** Modulus */ + n: string +} + +/** Convenience interface for Private RSA JSON Web Keys */ +export interface JWK_RSA_Private extends JWK_RSA_Public, JWKParameters { + /** Private Exponent */ + d: string + /** First Factor CRT Exponent */ + dp: string + /** Second Factor CRT Exponent */ + dq: string + /** Other Primes Info. This parameter is not supported. */ + oth?: Array<{ + d?: string + r?: string + t?: string + }> + /** First Prime Factor */ + p: string + /** Second Prime Factor */ + q: string + /** First CRT Coefficient */ + qi: string +} + +/** + * Convenience interface for oct JSON Web Keys + */ +export interface JWK_oct extends JWKParameters { + /** Key Value */ + k: string +} + /** * JSON Web Key ({@link https://www.rfc-editor.org/rfc/rfc7517 JWK}). "RSA", "EC", "OKP", and "oct" * key types are supported. */ -export interface JWK { - /** JWK "alg" (Algorithm) Parameter. */ - alg?: string +export interface JWK extends JWKParameters { + /** + * - (EC) Curve + * - (OKP) The Subtype of Key Pair + */ crv?: string + /** + * - (Private RSA) Private Exponent + * - (Private EC) ECC Private Key + * - (Private OKP) The Private Key + */ d?: string + /** (Private RSA) First Factor CRT Exponent */ dp?: string + /** (Private RSA) Second Factor CRT Exponent */ dq?: string + /** (RSA) Exponent */ e?: string - /** JWK "ext" (Extractable) Parameter. */ - ext?: boolean + /** (oct) Key Value */ k?: string - /** JWK "key_ops" (Key Operations) Parameter. */ - key_ops?: string[] - /** JWK "kid" (Key ID) Parameter. */ - kid?: string - /** JWK "kty" (Key Type) Parameter. */ - kty?: string + /** (RSA) Modulus */ n?: string + /** (Private RSA) Other Primes Info. This parameter is not supported. */ oth?: Array<{ d?: string r?: string t?: string }> + /** (Private RSA) First Prime Factor */ p?: string + /** (Private RSA) Second Prime Factor */ q?: string + /** (Private RSA) First CRT Coefficient */ qi?: string - /** JWK "use" (Public Key Use) Parameter. */ - use?: string + /** + * - (EC) X Coordinate + * - (OKP) The public key + */ x?: string + /** (EC) Y Coordinate */ y?: string - /** JWK "x5c" (X.509 Certificate Chain) Parameter. */ - x5c?: string[] - /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */ - x5t?: string - /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */ - 'x5t#S256'?: string - /** JWK "x5u" (X.509 URL) Parameter. */ - x5u?: string [propName: string]: unknown } /** - * Generic Interface for consuming operations dynamic key resolution. + * @private * - * @param IProtectedHeader Type definition of the JWE or JWS Protected Header. - * @param IToken Type definition of the consumed JWE or JWS token. + * @internal */ -export interface GetKeyFunction { +export interface GenericGetKeyFunction { /** * Dynamic key resolution function. No token components have been verified at the time of this * function call. @@ -161,12 +255,18 @@ export interface GetKeyFunction { * @param protectedHeader JWE or JWS Protected Header. * @param token The consumed JWE or JWS token. */ - ( - protectedHeader: IProtectedHeader, - token: IToken, - ): Promise | KeyLike | Uint8Array + (protectedHeader: IProtectedHeader, token: IToken): Promise | ReturnKeyTypes } +/** + * Generic Interface for consuming operations dynamic key resolution. + * + * @param IProtectedHeader Type definition of the JWE or JWS Protected Header. + * @param IToken Type definition of the consumed JWE or JWS token. + */ +export interface GetKeyFunction + extends GenericGetKeyFunction {} + /** * Flattened JWS definition for verify function inputs, allows payload as Uint8Array for detached * signature validation. diff --git a/tap/aes.ts b/tap/aes.ts index 219f3f075a..21acb5775e 100644 --- a/tap/aes.ts +++ b/tap/aes.ts @@ -40,12 +40,12 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { const execute = async (t: typeof QUnit.assert) => { for await (const secret of secretsFor(enc)) { - await roundtrip.jwe(t, lib, 'dir', enc, secret) + await roundtrip.jwe(t, lib, keys, 'dir', enc, secret) } } const jwt = async (t: typeof QUnit.assert) => { - await roundtrip.jwt(t, lib, 'dir', enc, await secretsFor(enc)[0]) + await roundtrip.jwt(t, lib, keys, 'dir', enc, await secretsFor(enc)[0]) } if (works) { diff --git a/tap/aeskw.ts b/tap/aeskw.ts index a7997085bb..9189ba1b75 100644 --- a/tap/aeskw.ts +++ b/tap/aeskw.ts @@ -37,12 +37,12 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { const execute = async (t: typeof QUnit.assert) => { for await (const secret of secretsFor(alg)) { - await roundtrip.jwe(t, lib, alg, 'A128GCM', secret) + await roundtrip.jwe(t, lib, keys, alg, 'A128GCM', secret) } } const jwt = async (t: typeof QUnit.assert) => { - await roundtrip.jwt(t, lib, alg, 'A128GCM', await secretsFor(alg)[0]) + await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', await secretsFor(alg)[0]) } if (works) { diff --git a/tap/ecdh.ts b/tap/ecdh.ts index b7b2c118a7..bae91516aa 100644 --- a/tap/ecdh.ts +++ b/tap/ecdh.ts @@ -41,14 +41,14 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { if (!kps[k]) { kps[k] = await keys.generateKeyPair(alg, options) } - await roundtrip.jwe(t, lib, alg, 'A128GCM', kps[k]) + await roundtrip.jwe(t, lib, keys, alg, 'A128GCM', kps[k]) } const jwt = async (t: typeof QUnit.assert) => { if (!kps[k]) { kps[k] = await keys.generateKeyPair(alg, options) } - await roundtrip.jwt(t, lib, alg, 'A128GCM', kps[k]) + await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', kps[k]) } if (works) { diff --git a/tap/encrypt.ts b/tap/encrypt.ts index 310c823706..840c2177ae 100644 --- a/tap/encrypt.ts +++ b/tap/encrypt.ts @@ -11,6 +11,7 @@ function isKeyPair( export async function jwe( t: typeof QUnit.assert, lib: typeof jose, + keys: typeof jose, alg: string, enc: string, secretOrKeyPair: Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult, @@ -36,6 +37,7 @@ export async function jwe( export async function jwt( t: typeof QUnit.assert, lib: typeof jose, + keys: typeof jose, alg: string, enc: string, secretOrKeyPair: Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult, diff --git a/tap/hmac.ts b/tap/hmac.ts index 82c615411f..3d4b93bd5d 100644 --- a/tap/hmac.ts +++ b/tap/hmac.ts @@ -10,7 +10,10 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { const algorithms = ['HS256', 'HS384', 'HS512'] function digestSizeSecretsFor(alg: string) { - return [keys.generateSecret(alg), random(parseInt(alg.slice(2, 5), 10) >> 3)] + return [ + keys.generateSecret(alg, { extractable: true }), + random(parseInt(alg.slice(2, 5), 10) >> 3), + ] } function nonDigestSizeSecretFor(alg: string) { @@ -21,18 +24,18 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { for (const alg of algorithms) { test(alg, async (t) => { for await (const secret of digestSizeSecretsFor(alg)) { - await roundtrip.jws(t, lib, alg, secret) + await roundtrip.jws(t, lib, keys, alg, secret) } }) test(`${alg} w/ non-digest output length secrets`, async (t) => { for await (const secret of nonDigestSizeSecretFor(alg)) { - await roundtrip.jws(t, lib, alg, secret) + await roundtrip.jws(t, lib, keys, alg, secret) } }) test(`${alg} JWT`, async (t) => { - await roundtrip.jwt(t, lib, alg, await digestSizeSecretsFor(alg)[0]) + await roundtrip.jwt(t, lib, keys, alg, await digestSizeSecretsFor(alg)[0]) }) } } diff --git a/tap/jws.ts b/tap/jws.ts index be49545d68..d360c7ea59 100644 --- a/tap/jws.ts +++ b/tap/jws.ts @@ -49,16 +49,16 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { const execute = async (t: typeof QUnit.assert) => { if (!kps[k]) { - kps[k] = await keys.generateKeyPair(alg, options) + kps[k] = await keys.generateKeyPair(alg, { ...options, extractable: true }) } - await roundtrip.jws(t, lib, alg, kps[k]) + await roundtrip.jws(t, lib, keys, alg, kps[k]) } const jwt = async (t: typeof QUnit.assert) => { if (!kps[k]) { - kps[k] = await keys.generateKeyPair(alg, options) + kps[k] = await keys.generateKeyPair(alg, { ...options, extractable: true }) } - await roundtrip.jwt(t, lib, alg, kps[k]) + await roundtrip.jwt(t, lib, keys, alg, kps[k]) } if (works) { diff --git a/tap/pbes2.ts b/tap/pbes2.ts index 33bb0fa435..300ee84136 100644 --- a/tap/pbes2.ts +++ b/tap/pbes2.ts @@ -29,12 +29,12 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { const execute = async (t: typeof QUnit.assert) => { const password = new TextEncoder().encode('letmein') - await roundtrip.jwe(t, lib, alg, 'A128GCM', password) + await roundtrip.jwe(t, lib, keys, alg, 'A128GCM', password) } const jwt = async (t: typeof QUnit.assert) => { const password = new TextEncoder().encode('letmein') - await roundtrip.jwt(t, lib, alg, 'A128GCM', password) + await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', password) } if (works) { diff --git a/tap/rsaes.ts b/tap/rsaes.ts index 60c6e24f71..85085ad5e9 100644 --- a/tap/rsaes.ts +++ b/tap/rsaes.ts @@ -34,7 +34,7 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { kps[alg] = await keys.generateKeyPair(alg) } - await roundtrip.jwe(t, lib, alg, 'A128GCM', kps[alg]) + await roundtrip.jwe(t, lib, keys, alg, 'A128GCM', kps[alg]) } const jwt = async (t: typeof QUnit.assert) => { @@ -42,7 +42,7 @@ export default (QUnit: QUnit, lib: typeof jose, keys: typeof jose) => { kps[alg] = await keys.generateKeyPair(alg) } - await roundtrip.jwt(t, lib, alg, 'A128GCM', kps[alg]) + await roundtrip.jwt(t, lib, keys, alg, 'A128GCM', kps[alg]) } if (works) { diff --git a/tap/sign.ts b/tap/sign.ts index 83dcd01617..dcf2e67688 100644 --- a/tap/sign.ts +++ b/tap/sign.ts @@ -2,46 +2,133 @@ import type QUnit from 'qunit' import type * as jose from '../src/index.js' import random from './random.js' -function isKeyPair( - input: Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult, -): input is jose.GenerateKeyPairResult { +type keyType = Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult + +function isKeyPair(input: keyType): input is jose.GenerateKeyPairResult { return 'publicKey' in input && 'privateKey' in input } +async function getJWKs( + secretOrKeyPair: keyType, + jwk: false, + keys: typeof jose, +): Promise> +async function getJWKs( + secretOrKeyPair: keyType, + jwk: true, + keys: typeof jose, +): Promise> +async function getJWKs(secretOrKeyPair: keyType, jwk: boolean, keys: typeof jose) { + let sKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.privateKey : secretOrKeyPair + let vKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.publicKey : secretOrKeyPair + + if (jwk) { + return [await keys.exportJWK(sKey), await keys.exportJWK(vKey)] + } + + return [sKey, vKey] +} + export async function jws( t: typeof QUnit.assert, lib: typeof jose, + keys: typeof jose, alg: string, - secretOrKeyPair: Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult, + secretOrKeyPair: keyType, payload = random(), ) { - const sKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.privateKey : secretOrKeyPair - const vKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.publicKey : secretOrKeyPair + // Test Uint8Array, CryptoKey, and KeyObject key inputs + { + const [sKey, vKey] = await getJWKs(secretOrKeyPair, false, keys) + const jws = await new lib.FlattenedSign(payload).setProtectedHeader({ alg }).sign(sKey) + { + const verified = await lib.flattenedVerify(jws, vKey) + t.deepEqual([...verified.payload], [...payload]) + } + { + const verified = await lib.flattenedVerify(jws, async () => vKey) + t.deepEqual(verified, { + key: vKey, + payload, + protectedHeader: { alg }, + }) + } + } + + if (secretOrKeyPair instanceof Uint8Array) return - const jws = await new lib.FlattenedSign(payload).setProtectedHeader({ alg }).sign(sKey) + // Test JWK key input + { + const [sKey, vKey] = await getJWKs(secretOrKeyPair, true, keys) + const jws = await new lib.FlattenedSign(payload).setProtectedHeader({ alg }).sign(sKey) + const verified = await lib.flattenedVerify(jws, vKey) + t.deepEqual([...verified.payload], [...payload]) + } - const verified = await lib.flattenedVerify(jws, vKey) - t.deepEqual([...verified.payload], [...payload]) + // Test JWK key input with all JWK properties + { + const [sKey, vKey] = await getJWKs(secretOrKeyPair, true, keys) + const jws = await new lib.FlattenedSign(payload) + .setProtectedHeader({ alg }) + .sign({ ...sKey, alg, use: 'sig', key_ops: ['sign'] }) + const verified = await lib.flattenedVerify(jws, { + ...vKey, + alg, + use: 'sig', + key_ops: ['verify'], + }) + t.deepEqual([...verified.payload], [...payload]) + } } export async function jwt( t: typeof QUnit.assert, lib: typeof jose, + keys: typeof jose, alg: string, - secretOrKeyPair: Uint8Array | jose.KeyLike | jose.GenerateKeyPairResult, + secretOrKeyPair: keyType, ) { - const sKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.privateKey : secretOrKeyPair - const vKey = isKeyPair(secretOrKeyPair) ? secretOrKeyPair.publicKey : secretOrKeyPair + // Test Uint8Array, CryptoKey, and KeyObject key inputs + { + const [sKey, vKey] = await getJWKs(secretOrKeyPair, false, keys) + const jwt = await new lib.SignJWT({ foo: 'bar' }).setProtectedHeader({ alg }).sign(sKey) + { + const verified = await lib.jwtVerify(jwt, vKey) + t.deepEqual(verified, { + payload: { + foo: 'bar', + }, + protectedHeader: { + alg, + }, + }) + } + { + const verified = await lib.jwtVerify(jwt, async () => vKey) + t.deepEqual(verified, { + key: vKey, + payload: { + foo: 'bar', + }, + protectedHeader: { alg }, + }) + } + } - const jwt = await new lib.SignJWT({ foo: 'bar' }).setProtectedHeader({ alg }).sign(sKey) + if (secretOrKeyPair instanceof Uint8Array) return - const verified = await lib.jwtVerify(jwt, vKey) - t.deepEqual(verified, { - payload: { - foo: 'bar', - }, - protectedHeader: { - alg, - }, - }) + // Test JWK key input + { + const [sKey, vKey] = await getJWKs(secretOrKeyPair, true, keys) + const jwt = await new lib.SignJWT({ foo: 'bar' }).setProtectedHeader({ alg }).sign(sKey) + const verified = await lib.jwtVerify(jwt, vKey) + t.deepEqual(verified, { + payload: { + foo: 'bar', + }, + protectedHeader: { + alg, + }, + }) + } } diff --git a/test/types/index.test-d.ts b/test/types/index.test-d.ts index 06019a9c89..829e982734 100644 --- a/test/types/index.test-d.ts +++ b/test/types/index.test-d.ts @@ -40,9 +40,9 @@ expectType(await lib.importX509('', 'RS256')) expectType(await lib.importX509('', 'RS256')) expectType(await lib.importX509('', 'RS256')) -expectType(await lib.importJWK({})) -expectType(await lib.importJWK({})) -expectType(await lib.importJWK({})) +expectType(await lib.importJWK({ kty: 'RSA' })) +expectType(await lib.importJWK({ kty: 'RSA' })) +expectType(await lib.importJWK({ kty: 'RSA' })) { const result = await lib.jwtVerify('', lib.createLocalJWKSet({ keys: [] })) @@ -269,3 +269,25 @@ expectType(await lib.EmbeddedJWK()) expectType(result.iss) expectType(result.unknown) } + +{ + expectType(await lib.jwtVerify('', { kty: 'RSA' })) + expectType( + await lib.generalVerify({ payload: '', signatures: [{ signature: '' }] }, { kty: 'RSA' }), + ) + expectType(await lib.compactVerify('', { kty: 'RSA' })) + expectType( + await lib.flattenedVerify({ payload: '', signature: '' }, { kty: 'RSA' }), + ) +} + +{ + expectType>(new lib.SignJWT().sign({ kty: 'RSA' })) + expectType>(new lib.CompactSign(new Uint8Array()).sign({ kty: 'RSA' })) + expectType>( + new lib.FlattenedSign(new Uint8Array()).sign({ kty: 'RSA' }), + ) + expectType>( + new lib.GeneralSign(new Uint8Array()).addSignature({ kty: 'RSA' }).sign(), + ) +} diff --git a/test/unit/check_key_type_jwk.test.mjs b/test/unit/check_key_type_jwk.test.mjs new file mode 100644 index 0000000000..04d0a70923 --- /dev/null +++ b/test/unit/check_key_type_jwk.test.mjs @@ -0,0 +1,81 @@ +import test from 'ava' + +const types = 'KeyObject, CryptoKey, Uint8Array, or JSON Web Key' +const asymmetricTypes = 'KeyObject, CryptoKey, or JSON Web Key' + +const { checkKeyTypeWithJwk } = await import('#dist/lib/check_key_type') + +for (const runtime of [await import('#dist'), await import('#dist/webapi').catch(() => {})]) { + test[runtime ? 'serial' : 'skip']( + `lib/check_key_type.ts with JWK in ${runtime?.cryptoRuntime}`, + async (t) => { + const type = runtime.cryptoRuntime === 'WebCryptoAPI' ? 'CryptoKey' : 'KeyObject' + + const expected = { + instanceOf: TypeError, + message: new RegExp(`^Key for the .+ algorithm must be (?:one )?of type ${types}\\.`), + } + + t.throws(() => checkKeyTypeWithJwk('HS256'), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', undefined), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', null), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', 1), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', 0), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', true), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', Boolean), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', []), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', ''), expected) + t.throws(() => checkKeyTypeWithJwk('HS256', 'foo'), expected) + + t.throws(() => checkKeyTypeWithJwk('PS256', new Uint8Array()), { + ...expected, + message: new RegExp( + `^Key for the .+ algorithm must be (?:one )?of type ${asymmetricTypes}\\.`, + ), + }) + + t.notThrows(() => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '' })) + t.notThrows(() => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', use: 'sig' })) + t.notThrows(() => + checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', key_ops: ['sign'] }, 'sign'), + ) + t.notThrows(() => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', alg: 'HS256' })) + + t.throws(() => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', use: 'enc' }), { + ...expected, + message: 'Invalid key for this operation, when present its use must be sig', + }) + + t.throws(() => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', alg: 'HS384' }), { + ...expected, + message: 'Invalid key for this operation, when present its alg must be HS256', + }) + + t.throws( + () => checkKeyTypeWithJwk('HS256', { kty: 'oct', k: '', key_ops: ['sign'] }, 'verify'), + { + ...expected, + message: 'Invalid key for this operation, when present its key_ops must include verify', + }, + ) + + t.throws(() => checkKeyTypeWithJwk('HS256', { kty: 'RSA' }), { + ...expected, + message: + 'JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present', + }) + + t.notThrows(() => checkKeyTypeWithJwk('PS256', { kty: 'RSA' }, 'verify')) + t.throws(() => checkKeyTypeWithJwk('PS256', { kty: 'RSA', d: '' }, 'verify'), { + ...expected, + message: 'JSON Web Key for this operation be a public JWK', + }) + + t.notThrows(() => checkKeyTypeWithJwk('PS256', { kty: 'RSA', d: '' }, 'sign')) + t.throws(() => checkKeyTypeWithJwk('PS256', { kty: 'RSA' }, 'sign'), { + ...expected, + message: 'JSON Web Key for this operation be a private JWK', + }) + }, + ) +}