knso/Webklar.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

main repo

Browse Source
This commit is contained in:
Basilosaurusrex
2025-11-24 18:09:40 +01:00
parent b636ee5e70
commit f027651f9b
34146 changed files with 4436636 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
node_modules/jose/dist/node/cjs/runtime/aeskw.js generated vendored Normal file
View File

@@ -0,0 +1,55 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.unwrap = exports.wrap = void 0;
const buffer_1 = require("buffer");
const crypto_1 = require("crypto");
const errors_js_1 = require("../util/errors.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function checkKeySize(key, alg) {
if (key.symmetricKeySize << 3 !== parseInt(alg.slice(1, 4), 10)) {
throw new TypeError(`Invalid key size for alg: ${alg}`);
}
}
function ensureKeyObject(key, alg, usage) {
if ((0, is_key_object_js_1.default)(key)) {
return key;
}
if (key instanceof Uint8Array) {
return (0, crypto_1.createSecretKey)(key);
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, usage);
return crypto_1.KeyObject.from(key);
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
const wrap = (alg, key, cek) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'wrapKey');
checkKeySize(keyObject, alg);
const cipher = (0, crypto_1.createCipheriv)(algorithm, keyObject, buffer_1.Buffer.alloc(8, 0xa6));
return (0, buffer_utils_js_1.concat)(cipher.update(cek), cipher.final());
};
exports.wrap = wrap;
const unwrap = (alg, key, encryptedKey) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'unwrapKey');
checkKeySize(keyObject, alg);
const cipher = (0, crypto_1.createDecipheriv)(algorithm, keyObject, buffer_1.Buffer.alloc(8, 0xa6));
return (0, buffer_utils_js_1.concat)(cipher.update(encryptedKey), cipher.final());
};
exports.unwrap = unwrap;

54
node_modules/jose/dist/node/cjs/runtime/asn1.js generated vendored Normal file
View File

@@ -0,0 +1,54 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.fromX509 = exports.fromSPKI = exports.fromPKCS8 = exports.toPKCS8 = exports.toSPKI = void 0;
const crypto_1 = require("crypto");
const buffer_1 = require("buffer");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const genericExport = (keyType, keyFormat, key) => {
let keyObject;
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = crypto_1.KeyObject.from(key);
}
else if ((0, is_key_object_js_1.default)(key)) {
keyObject = key;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
if (keyObject.type !== keyType) {
throw new TypeError(`key is not a ${keyType} key`);
}
return keyObject.export({ format: 'pem', type: keyFormat });
};
const toSPKI = (key) => {
return genericExport('public', 'spki', key);
};
exports.toSPKI = toSPKI;
const toPKCS8 = (key) => {
return genericExport('private', 'pkcs8', key);
};
exports.toPKCS8 = toPKCS8;
const fromPKCS8 = (pem) => (0, crypto_1.createPrivateKey)({
key: buffer_1.Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, ''), 'base64'),
type: 'pkcs8',
format: 'der',
});
exports.fromPKCS8 = fromPKCS8;
const fromSPKI = (pem) => (0, crypto_1.createPublicKey)({
key: buffer_1.Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, ''), 'base64'),
type: 'spki',
format: 'der',
});
exports.fromSPKI = fromSPKI;
const fromX509 = (pem) => (0, crypto_1.createPublicKey)({
key: pem,
type: 'spki',
format: 'pem',
});
exports.fromX509 = fromX509;

47
node_modules/jose/dist/node/cjs/runtime/asn1_sequence_decoder.js generated vendored Normal file
View File

@@ -0,0 +1,47 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const tagInteger = 0x02;
const tagSequence = 0x30;
class Asn1SequenceDecoder {
constructor(buffer) {
if (buffer[0] !== tagSequence) {
throw new TypeError();
}
this.buffer = buffer;
this.offset = 1;
const len = this.decodeLength();
if (len !== buffer.length - this.offset) {
throw new TypeError();
}
}
decodeLength() {
let length = this.buffer[this.offset++];
if (length & 0x80) {
const nBytes = length & ~0x80;
length = 0;
for (let i = 0; i < nBytes; i++)
length = (length << 8) | this.buffer[this.offset + i];
this.offset += nBytes;
}
return length;
}
unsignedInteger() {
if (this.buffer[this.offset++] !== tagInteger) {
throw new TypeError();
}
let length = this.decodeLength();
if (this.buffer[this.offset] === 0) {
this.offset++;
length--;
}
const result = this.buffer.slice(this.offset, this.offset + length);
this.offset += length;
return result;
}
end() {
if (this.offset !== this.buffer.length) {
throw new TypeError();
}
}
}
exports.default = Asn1SequenceDecoder;

91
node_modules/jose/dist/node/cjs/runtime/asn1_sequence_encoder.js generated vendored Normal file
View File

@@ -0,0 +1,91 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const buffer_1 = require("buffer");
const errors_js_1 = require("../util/errors.js");
const tagInteger = 0x02;
const tagBitStr = 0x03;
const tagOctStr = 0x04;
const tagSequence = 0x30;
const bZero = buffer_1.Buffer.from([0x00]);
const bTagInteger = buffer_1.Buffer.from([tagInteger]);
const bTagBitStr = buffer_1.Buffer.from([tagBitStr]);
const bTagSequence = buffer_1.Buffer.from([tagSequence]);
const bTagOctStr = buffer_1.Buffer.from([tagOctStr]);
const encodeLength = (len) => {
if (len < 128)
return buffer_1.Buffer.from([len]);
const buffer = buffer_1.Buffer.alloc(5);
buffer.writeUInt32BE(len, 1);
let offset = 1;
while (buffer[offset] === 0)
offset++;
buffer[offset - 1] = 0x80 | (5 - offset);
return buffer.slice(offset - 1);
};
const oids = new Map([
['P-256', buffer_1.Buffer.from('06 08 2A 86 48 CE 3D 03 01 07'.replace(/ /g, ''), 'hex')],
['secp256k1', buffer_1.Buffer.from('06 05 2B 81 04 00 0A'.replace(/ /g, ''), 'hex')],
['P-384', buffer_1.Buffer.from('06 05 2B 81 04 00 22'.replace(/ /g, ''), 'hex')],
['P-521', buffer_1.Buffer.from('06 05 2B 81 04 00 23'.replace(/ /g, ''), 'hex')],
['ecPublicKey', buffer_1.Buffer.from('06 07 2A 86 48 CE 3D 02 01'.replace(/ /g, ''), 'hex')],
['X25519', buffer_1.Buffer.from('06 03 2B 65 6E'.replace(/ /g, ''), 'hex')],
['X448', buffer_1.Buffer.from('06 03 2B 65 6F'.replace(/ /g, ''), 'hex')],
['Ed25519', buffer_1.Buffer.from('06 03 2B 65 70'.replace(/ /g, ''), 'hex')],
['Ed448', buffer_1.Buffer.from('06 03 2B 65 71'.replace(/ /g, ''), 'hex')],
]);
class DumbAsn1Encoder {
constructor() {
this.length = 0;
this.elements = [];
}
oidFor(oid) {
const bOid = oids.get(oid);
if (!bOid) {
throw new errors_js_1.JOSENotSupported('Invalid or unsupported OID');
}
this.elements.push(bOid);
this.length += bOid.length;
}
zero() {
this.elements.push(bTagInteger, buffer_1.Buffer.from([0x01]), bZero);
this.length += 3;
}
one() {
this.elements.push(bTagInteger, buffer_1.Buffer.from([0x01]), buffer_1.Buffer.from([0x01]));
this.length += 3;
}
unsignedInteger(integer) {
if (integer[0] & 0x80) {
const len = encodeLength(integer.length + 1);
this.elements.push(bTagInteger, len, bZero, integer);
this.length += 2 + len.length + integer.length;
}
else {
let i = 0;
while (integer[i] === 0 && (integer[i + 1] & 0x80) === 0)
i++;
const len = encodeLength(integer.length - i);
this.elements.push(bTagInteger, encodeLength(integer.length - i), integer.slice(i));
this.length += 1 + len.length + integer.length - i;
}
}
octStr(octStr) {
const len = encodeLength(octStr.length);
this.elements.push(bTagOctStr, encodeLength(octStr.length), octStr);
this.length += 1 + len.length + octStr.length;
}
bitStr(bitS) {
const len = encodeLength(bitS.length + 1);
this.elements.push(bTagBitStr, encodeLength(bitS.length + 1), bZero, bitS);
this.length += 1 + len.length + bitS.length + 1;
}
add(seq) {
this.elements.push(seq);
this.length += seq.length;
}
end(tag = bTagSequence) {
const len = encodeLength(this.length);
return buffer_1.Buffer.concat([tag, len, ...this.elements], 1 + len.length + this.length);
}
}
exports.default = DumbAsn1Encoder;

25
node_modules/jose/dist/node/cjs/runtime/base64url.js generated vendored Normal file
View File

@@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decode = exports.encode = exports.encodeBase64 = exports.decodeBase64 = void 0;
const buffer_1 = require("buffer");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
let encode;
function normalize(input) {
let encoded = input;
if (encoded instanceof Uint8Array) {
encoded = buffer_utils_js_1.decoder.decode(encoded);
}
return encoded;
}
if (buffer_1.Buffer.isEncoding('base64url')) {
exports.encode = encode = (input) => buffer_1.Buffer.from(input).toString('base64url');
}
else {
exports.encode = encode = (input) => buffer_1.Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
}
const decodeBase64 = (input) => buffer_1.Buffer.from(input, 'base64');
exports.decodeBase64 = decodeBase64;
const encodeBase64 = (input) => buffer_1.Buffer.from(input).toString('base64');
exports.encodeBase64 = encodeBase64;
const decode = (input) => buffer_1.Buffer.from(normalize(input), 'base64');
exports.decode = decode;

11
node_modules/jose/dist/node/cjs/runtime/cbc_tag.js generated vendored Normal file
View File

@@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
function cbcTag(aad, iv, ciphertext, macSize, macKey, keySize) {
const macData = (0, buffer_utils_js_1.concat)(aad, iv, ciphertext, (0, buffer_utils_js_1.uint64be)(aad.length << 3));
const hmac = (0, crypto_1.createHmac)(`sha${macSize}`, macKey);
hmac.update(macData);
return hmac.digest().slice(0, keySize >> 3);
}
exports.default = cbcTag;

37
node_modules/jose/dist/node/cjs/runtime/check_cek_length.js generated vendored Normal file
View File

@@ -0,0 +1,37 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const errors_js_1 = require("../util/errors.js");
const is_key_object_js_1 = require("./is_key_object.js");
const checkCekLength = (enc, cek) => {
let expected;
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
expected = parseInt(enc.slice(-3), 10);
break;
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
expected = parseInt(enc.slice(1, 4), 10);
break;
default:
throw new errors_js_1.JOSENotSupported(`Content Encryption Algorithm ${enc} is not supported either by JOSE or your javascript runtime`);
}
if (cek instanceof Uint8Array) {
const actual = cek.byteLength << 3;
if (actual !== expected) {
throw new errors_js_1.JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
if ((0, is_key_object_js_1.default)(cek) && cek.type === 'secret') {
const actual = cek.symmetricKeySize << 3;
if (actual !== expected) {
throw new errors_js_1.JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
throw new TypeError('Invalid Content Encryption Key type');
};
exports.default = checkCekLength;

52
node_modules/jose/dist/node/cjs/runtime/check_modulus_length.js generated vendored Normal file
View File

@@ -0,0 +1,52 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.setModulusLength = exports.weakMap = void 0;
exports.weakMap = new WeakMap();
const getLength = (buf, index) => {
let len = buf.readUInt8(1);
if ((len & 0x80) === 0) {
if (index === 0) {
return len;
}
return getLength(buf.subarray(2 + len), index - 1);
}
const num = len & 0x7f;
len = 0;
for (let i = 0; i < num; i++) {
len <<= 8;
const j = buf.readUInt8(2 + i);
len |= j;
}
if (index === 0) {
return len;
}
return getLength(buf.subarray(2 + len), index - 1);
};
const getLengthOfSeqIndex = (sequence, index) => {
const len = sequence.readUInt8(1);
if ((len & 0x80) === 0) {
return getLength(sequence.subarray(2), index);
}
const num = len & 0x7f;
return getLength(sequence.subarray(2 + num), index);
};
const getModulusLength = (key) => {
var _a, _b;
if (exports.weakMap.has(key)) {
return exports.weakMap.get(key);
}
const modulusLength = (_b = (_a = key.asymmetricKeyDetails) === null || _a === void 0 ? void 0 : _a.modulusLength) !== null && _b !== void 0 ? _b : (getLengthOfSeqIndex(key.export({ format: 'der', type: 'pkcs1' }), key.type === 'private' ? 1 : 0) -
1) <<
3;
exports.weakMap.set(key, modulusLength);
return modulusLength;
};
const setModulusLength = (keyObject, modulusLength) => {
exports.weakMap.set(keyObject, modulusLength);
};
exports.setModulusLength = setModulusLength;
exports.default = (key, alg) => {
if (getModulusLength(key) < 2048) {
throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
}
};

8
node_modules/jose/dist/node/cjs/runtime/ciphers.js generated vendored Normal file
View File

@@ -0,0 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
let ciphers;
exports.default = (algorithm) => {
ciphers || (ciphers = new Set((0, crypto_1.getCiphers)()));
return ciphers.has(algorithm);
};

97
node_modules/jose/dist/node/cjs/runtime/decrypt.js generated vendored Normal file
View File

@@ -0,0 +1,97 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const check_iv_length_js_1 = require("../lib/check_iv_length.js");
const check_cek_length_js_1 = require("./check_cek_length.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const errors_js_1 = require("../util/errors.js");
const timing_safe_equal_js_1 = require("./timing_safe_equal.js");
const cbc_tag_js_1 = require("./cbc_tag.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if ((0, is_key_object_js_1.default)(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const macSize = parseInt(enc.slice(-3), 10);
const algorithm = `aes-${keySize}-cbc`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const expectedTag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
let macCheckPassed;
try {
macCheckPassed = (0, timing_safe_equal_js_1.default)(tag, expectedTag);
}
catch {
}
if (!macCheckPassed) {
throw new errors_js_1.JWEDecryptionFailed();
}
let plaintext;
try {
const decipher = (0, crypto_1.createDecipheriv)(algorithm, encKey, iv);
plaintext = (0, buffer_utils_js_1.concat)(decipher.update(ciphertext), decipher.final());
}
catch {
}
if (!plaintext) {
throw new errors_js_1.JWEDecryptionFailed();
}
return plaintext;
}
function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
try {
const decipher = (0, crypto_1.createDecipheriv)(algorithm, cek, iv, { authTagLength: 16 });
decipher.setAuthTag(tag);
if (aad.byteLength) {
decipher.setAAD(aad, { plaintextLength: ciphertext.length });
}
const plaintext = decipher.update(ciphertext);
decipher.final();
return plaintext;
}
catch {
throw new errors_js_1.JWEDecryptionFailed();
}
}
const decrypt = (enc, cek, ciphertext, iv, tag, aad) => {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(cek)) {
(0, crypto_key_js_1.checkEncCryptoKey)(cek, enc, 'decrypt');
key = crypto_1.KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || (0, is_key_object_js_1.default)(cek)) {
key = cek;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(cek, ...is_key_like_js_1.types, 'Uint8Array'));
}
(0, check_cek_length_js_1.default)(enc, key);
(0, check_iv_length_js_1.default)(enc, iv);
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad);
default:
throw new errors_js_1.JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
exports.default = decrypt;

5
node_modules/jose/dist/node/cjs/runtime/digest.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const digest = (algorithm, data) => (0, crypto_1.createHash)(algorithm).update(data).digest();
exports.default = digest;

25
node_modules/jose/dist/node/cjs/runtime/dsa_digest.js generated vendored Normal file
View File

@@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const errors_js_1 = require("../util/errors.js");
function dsaDigest(alg) {
switch (alg) {
case 'PS256':
case 'RS256':
case 'ES256':
case 'ES256K':
return 'sha256';
case 'PS384':
case 'RS384':
case 'ES384':
return 'sha384';
case 'PS512':
case 'RS512':
case 'ES512':
return 'sha512';
case 'EdDSA':
return undefined;
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}
exports.default = dsaDigest;

70
node_modules/jose/dist/node/cjs/runtime/ecdhes.js generated vendored Normal file
View File

@@ -0,0 +1,70 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ecdhAllowed = exports.generateEpk = exports.deriveKey = void 0;
const crypto_1 = require("crypto");
const util_1 = require("util");
const get_named_curve_js_1 = require("./get_named_curve.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const errors_js_1 = require("../util/errors.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const generateKeyPair = (0, util_1.promisify)(crypto_1.generateKeyPair);
async function deriveKey(publicKee, privateKee, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {
let publicKey;
if ((0, webcrypto_js_1.isCryptoKey)(publicKee)) {
(0, crypto_key_js_1.checkEncCryptoKey)(publicKee, 'ECDH');
publicKey = crypto_1.KeyObject.from(publicKee);
}
else if ((0, is_key_object_js_1.default)(publicKee)) {
publicKey = publicKee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(publicKee, ...is_key_like_js_1.types));
}
let privateKey;
if ((0, webcrypto_js_1.isCryptoKey)(privateKee)) {
(0, crypto_key_js_1.checkEncCryptoKey)(privateKee, 'ECDH', 'deriveBits');
privateKey = crypto_1.KeyObject.from(privateKee);
}
else if ((0, is_key_object_js_1.default)(privateKee)) {
privateKey = privateKee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(privateKee, ...is_key_like_js_1.types));
}
const value = (0, buffer_utils_js_1.concat)((0, buffer_utils_js_1.lengthAndInput)(buffer_utils_js_1.encoder.encode(algorithm)), (0, buffer_utils_js_1.lengthAndInput)(apu), (0, buffer_utils_js_1.lengthAndInput)(apv), (0, buffer_utils_js_1.uint32be)(keyLength));
const sharedSecret = (0, crypto_1.diffieHellman)({ privateKey, publicKey });
return (0, buffer_utils_js_1.concatKdf)(sharedSecret, keyLength, value);
}
exports.deriveKey = deriveKey;
async function generateEpk(kee) {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(kee)) {
key = crypto_1.KeyObject.from(kee);
}
else if ((0, is_key_object_js_1.default)(kee)) {
key = kee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(kee, ...is_key_like_js_1.types));
}
switch (key.asymmetricKeyType) {
case 'x25519':
return generateKeyPair('x25519');
case 'x448': {
return generateKeyPair('x448');
}
case 'ec': {
const namedCurve = (0, get_named_curve_js_1.default)(key);
return generateKeyPair('ec', { namedCurve });
}
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported EPK');
}
}
exports.generateEpk = generateEpk;
const ecdhAllowed = (key) => ['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes((0, get_named_curve_js_1.default)(key));
exports.ecdhAllowed = ecdhAllowed;

74
node_modules/jose/dist/node/cjs/runtime/encrypt.js generated vendored Normal file
View File

@@ -0,0 +1,74 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const check_iv_length_js_1 = require("../lib/check_iv_length.js");
const check_cek_length_js_1 = require("./check_cek_length.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const cbc_tag_js_1 = require("./cbc_tag.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const errors_js_1 = require("../util/errors.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function cbcEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if ((0, is_key_object_js_1.default)(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const algorithm = `aes-${keySize}-cbc`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = (0, crypto_1.createCipheriv)(algorithm, encKey, iv);
const ciphertext = (0, buffer_utils_js_1.concat)(cipher.update(plaintext), cipher.final());
const macSize = parseInt(enc.slice(-3), 10);
const tag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
return { ciphertext, tag };
}
function gcmEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = (0, crypto_1.createCipheriv)(algorithm, cek, iv, { authTagLength: 16 });
if (aad.byteLength) {
cipher.setAAD(aad, { plaintextLength: plaintext.length });
}
const ciphertext = cipher.update(plaintext);
cipher.final();
const tag = cipher.getAuthTag();
return { ciphertext, tag };
}
const encrypt = (enc, plaintext, cek, iv, aad) => {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(cek)) {
(0, crypto_key_js_1.checkEncCryptoKey)(cek, enc, 'encrypt');
key = crypto_1.KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || (0, is_key_object_js_1.default)(cek)) {
key = cek;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(cek, ...is_key_like_js_1.types, 'Uint8Array'));
}
(0, check_cek_length_js_1.default)(enc, key);
(0, check_iv_length_js_1.default)(enc, iv);
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcEncrypt(enc, plaintext, key, iv, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmEncrypt(enc, plaintext, key, iv, aad);
default:
throw new errors_js_1.JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
exports.default = encrypt;

45
node_modules/jose/dist/node/cjs/runtime/fetch_jwks.js generated vendored Normal file
View File

@@ -0,0 +1,45 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const http = require("http");
const https = require("https");
const events_1 = require("events");
const errors_js_1 = require("../util/errors.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const fetchJwks = async (url, timeout, options) => {
let get;
switch (url.protocol) {
case 'https:':
get = https.get;
break;
case 'http:':
get = http.get;
break;
default:
throw new TypeError('Unsupported URL protocol.');
}
const { agent, headers } = options;
const req = get(url.href, {
agent,
timeout,
headers,
});
const [response] = (await Promise.race([(0, events_1.once)(req, 'response'), (0, events_1.once)(req, 'timeout')]));
if (!response) {
req.destroy();
throw new errors_js_1.JWKSTimeout();
}
if (response.statusCode !== 200) {
throw new errors_js_1.JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');
}
const parts = [];
for await (const part of response) {
parts.push(part);
}
try {
return JSON.parse(buffer_utils_js_1.decoder.decode((0, buffer_utils_js_1.concat)(...parts)));
}
catch {
throw new errors_js_1.JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');
}
};
exports.default = fetchJwks;

8
node_modules/jose/dist/node/cjs/runtime/flags.js generated vendored Normal file
View File

@@ -0,0 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.jwkImport = exports.jwkExport = exports.rsaPssParams = exports.oneShotCallback = void 0;
const [major, minor] = process.versions.node.split('.').map((str) => parseInt(str, 10));
exports.oneShotCallback = major >= 16 || (major === 15 && minor >= 13);
exports.rsaPssParams = !('electron' in process.versions) && (major >= 17 || (major === 16 && minor >= 9));
exports.jwkExport = major >= 16 || (major === 15 && minor >= 9);
exports.jwkImport = major >= 16 || (major === 15 && minor >= 12);

105
node_modules/jose/dist/node/cjs/runtime/generate.js generated vendored Normal file
View File

@@ -0,0 +1,105 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateKeyPair = exports.generateSecret = void 0;
const crypto_1 = require("crypto");
const util_1 = require("util");
const random_js_1 = require("./random.js");
const check_modulus_length_js_1 = require("./check_modulus_length.js");
const errors_js_1 = require("../util/errors.js");
const generate = (0, util_1.promisify)(crypto_1.generateKeyPair);
async function generateSecret(alg, options) {
let length;
switch (alg) {
case 'HS256':
case 'HS384':
case 'HS512':
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
length = parseInt(alg.slice(-3), 10);
break;
case 'A128KW':
case 'A192KW':
case 'A256KW':
case 'A128GCMKW':
case 'A192GCMKW':
case 'A256GCMKW':
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
length = parseInt(alg.slice(1, 4), 10);
break;
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
return (0, crypto_1.createSecretKey)((0, random_js_1.default)(new Uint8Array(length >> 3)));
}
exports.generateSecret = generateSecret;
async function generateKeyPair(alg, options) {
var _a, _b;
switch (alg) {
case 'RS256':
case 'RS384':
case 'RS512':
case 'PS256':
case 'PS384':
case 'PS512':
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
case 'RSA1_5': {
const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;
if (typeof modulusLength !== 'number' || modulusLength < 2048) {
throw new errors_js_1.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
}
const keypair = await generate('rsa', {
modulusLength,
publicExponent: 0x10001,
});
(0, check_modulus_length_js_1.setModulusLength)(keypair.privateKey, modulusLength);
(0, check_modulus_length_js_1.setModulusLength)(keypair.publicKey, modulusLength);
return keypair;
}
case 'ES256':
return generate('ec', { namedCurve: 'P-256' });
case 'ES256K':
return generate('ec', { namedCurve: 'secp256k1' });
case 'ES384':
return generate('ec', { namedCurve: 'P-384' });
case 'ES512':
return generate('ec', { namedCurve: 'P-521' });
case 'EdDSA': {
switch (options === null || options === void 0 ? void 0 : options.crv) {
case undefined:
case 'Ed25519':
return generate('ed25519');
case 'Ed448':
return generate('ed448');
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');
}
}
case 'ECDH-ES':
case 'ECDH-ES+A128KW':
case 'ECDH-ES+A192KW':
case 'ECDH-ES+A256KW':
const crv = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : 'P-256';
switch (crv) {
case undefined:
case 'P-256':
case 'P-384':
case 'P-521':
return generate('ec', { namedCurve: crv });
case 'X25519':
return generate('x25519');
case 'X448':
return generate('x448');
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
}
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
}
exports.generateKeyPair = generateKeyPair;

95
node_modules/jose/dist/node/cjs/runtime/get_named_curve.js generated vendored Normal file
View File

@@ -0,0 +1,95 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.setCurve = exports.weakMap = void 0;
const buffer_1 = require("buffer");
const crypto_1 = require("crypto");
const errors_js_1 = require("../util/errors.js");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const p256 = buffer_1.Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]);
const p384 = buffer_1.Buffer.from([43, 129, 4, 0, 34]);
const p521 = buffer_1.Buffer.from([43, 129, 4, 0, 35]);
const secp256k1 = buffer_1.Buffer.from([43, 129, 4, 0, 10]);
exports.weakMap = new WeakMap();
const namedCurveToJOSE = (namedCurve) => {
switch (namedCurve) {
case 'prime256v1':
return 'P-256';
case 'secp384r1':
return 'P-384';
case 'secp521r1':
return 'P-521';
case 'secp256k1':
return 'secp256k1';
default:
throw new errors_js_1.JOSENotSupported('Unsupported key curve for this operation');
}
};
const getNamedCurve = (kee, raw) => {
var _a;
let key;
if ((0, webcrypto_js_1.isCryptoKey)(kee)) {
key = crypto_1.KeyObject.from(kee);
}
else if ((0, is_key_object_js_1.default)(kee)) {
key = kee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(kee, ...is_key_like_js_1.types));
}
if (key.type === 'secret') {
throw new TypeError('only "private" or "public" type keys can be used for this operation');
}
switch (key.asymmetricKeyType) {
case 'ed25519':
case 'ed448':
return `Ed${key.asymmetricKeyType.slice(2)}`;
case 'x25519':
case 'x448':
return `X${key.asymmetricKeyType.slice(1)}`;
case 'ec': {
if (exports.weakMap.has(key)) {
return exports.weakMap.get(key);
}
let namedCurve = (_a = key.asymmetricKeyDetails) === null || _a === void 0 ? void 0 : _a.namedCurve;
if (!namedCurve && key.type === 'private') {
namedCurve = getNamedCurve((0, crypto_1.createPublicKey)(key), true);
}
else if (!namedCurve) {
const buf = key.export({ format: 'der', type: 'spki' });
const i = buf[1] < 128 ? 14 : 15;
const len = buf[i];
const curveOid = buf.slice(i + 1, i + 1 + len);
if (curveOid.equals(p256)) {
namedCurve = 'prime256v1';
}
else if (curveOid.equals(p384)) {
namedCurve = 'secp384r1';
}
else if (curveOid.equals(p521)) {
namedCurve = 'secp521r1';
}
else if (curveOid.equals(secp256k1)) {
namedCurve = 'secp256k1';
}
else {
throw new errors_js_1.JOSENotSupported('Unsupported key curve for this operation');
}
}
if (raw)
return namedCurve;
const curve = namedCurveToJOSE(namedCurve);
exports.weakMap.set(key, curve);
return curve;
}
default:
throw new TypeError('Invalid asymmetric key type for this operation');
}
};
function setCurve(keyObject, curve) {
exports.weakMap.set(keyObject, curve);
}
exports.setCurve = setCurve;
exports.default = getNamedCurve;

24
node_modules/jose/dist/node/cjs/runtime/get_sign_verify_key.js generated vendored Normal file
View File

@@ -0,0 +1,24 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
function getSignVerifyKey(alg, key, usage) {
if (key instanceof Uint8Array) {
if (!alg.startsWith('HS')) {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
return (0, crypto_1.createSecretKey)(key);
}
if (key instanceof crypto_1.KeyObject) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkSigCryptoKey)(key, alg, usage);
return crypto_1.KeyObject.from(key);
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
exports.default = getSignVerifyKey;

16
node_modules/jose/dist/node/cjs/runtime/hmac_digest.js generated vendored Normal file
View File

@@ -0,0 +1,16 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const errors_js_1 = require("../util/errors.js");
function hmacDigest(alg) {
switch (alg) {
case 'HS256':
return 'sha256';
case 'HS384':
return 'sha384';
case 'HS512':
return 'sha512';
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}
exports.default = hmacDigest;

11
node_modules/jose/dist/node/cjs/runtime/is_key_like.js generated vendored Normal file
View File

@@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.types = void 0;
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
exports.default = (key) => (0, is_key_object_js_1.default)(key) || (0, webcrypto_js_1.isCryptoKey)(key);
const types = ['KeyObject'];
exports.types = types;
if (globalThis.CryptoKey || (webcrypto_js_1.default === null || webcrypto_js_1.default === void 0 ? void 0 : webcrypto_js_1.default.CryptoKey)) {
types.push('CryptoKey');
}

7
node_modules/jose/dist/node/cjs/runtime/is_key_object.js generated vendored Normal file
View File

@@ -0,0 +1,7 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const util = require("util");
exports.default = util.types.isKeyObject
? (obj) => util.types.isKeyObject(obj)
: (obj) => obj != null && obj instanceof crypto_1.KeyObject;

118
node_modules/jose/dist/node/cjs/runtime/jwk_to_key.js generated vendored Normal file
View File

@@ -0,0 +1,118 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const buffer_1 = require("buffer");
const crypto_1 = require("crypto");
const base64url_js_1 = require("./base64url.js");
const errors_js_1 = require("../util/errors.js");
const get_named_curve_js_1 = require("./get_named_curve.js");
const check_modulus_length_js_1 = require("./check_modulus_length.js");
const asn1_sequence_encoder_js_1 = require("./asn1_sequence_encoder.js");
const flags_js_1 = require("./flags.js");
const parse = (jwk) => {
if (flags_js_1.jwkImport && jwk.kty !== 'oct') {
return jwk.d
? (0, crypto_1.createPrivateKey)({ format: 'jwk', key: jwk })
: (0, crypto_1.createPublicKey)({ format: 'jwk', key: jwk });
}
switch (jwk.kty) {
case 'oct': {
return (0, crypto_1.createSecretKey)((0, base64url_js_1.decode)(jwk.k));
}
case 'RSA': {
const enc = new asn1_sequence_encoder_js_1.default();
const isPrivate = jwk.d !== undefined;
const modulus = buffer_1.Buffer.from(jwk.n, 'base64');
const exponent = buffer_1.Buffer.from(jwk.e, 'base64');
if (isPrivate) {
enc.zero();
enc.unsignedInteger(modulus);
enc.unsignedInteger(exponent);
enc.unsignedInteger(buffer_1.Buffer.from(jwk.d, 'base64'));
enc.unsignedInteger(buffer_1.Buffer.from(jwk.p, 'base64'));
enc.unsignedInteger(buffer_1.Buffer.from(jwk.q, 'base64'));
enc.unsignedInteger(buffer_1.Buffer.from(jwk.dp, 'base64'));
enc.unsignedInteger(buffer_1.Buffer.from(jwk.dq, 'base64'));
enc.unsignedInteger(buffer_1.Buffer.from(jwk.qi, 'base64'));
}
else {
enc.unsignedInteger(modulus);
enc.unsignedInteger(exponent);
}
const der = enc.end();
const createInput = {
key: der,
format: 'der',
type: 'pkcs1',
};
const keyObject = isPrivate ? (0, crypto_1.createPrivateKey)(createInput) : (0, crypto_1.createPublicKey)(createInput);
(0, check_modulus_length_js_1.setModulusLength)(keyObject, modulus.length << 3);
return keyObject;
}
case 'EC': {
const enc = new asn1_sequence_encoder_js_1.default();
const isPrivate = jwk.d !== undefined;
const pub = buffer_1.Buffer.concat([
buffer_1.Buffer.alloc(1, 4),
buffer_1.Buffer.from(jwk.x, 'base64'),
buffer_1.Buffer.from(jwk.y, 'base64'),
]);
if (isPrivate) {
enc.zero();
const enc$1 = new asn1_sequence_encoder_js_1.default();
enc$1.oidFor('ecPublicKey');
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
const enc$2 = new asn1_sequence_encoder_js_1.default();
enc$2.one();
enc$2.octStr(buffer_1.Buffer.from(jwk.d, 'base64'));
const enc$3 = new asn1_sequence_encoder_js_1.default();
enc$3.bitStr(pub);
const f2 = enc$3.end(buffer_1.Buffer.from([0xa1]));
enc$2.add(f2);
const f = enc$2.end();
const enc$4 = new asn1_sequence_encoder_js_1.default();
enc$4.add(f);
const f3 = enc$4.end(buffer_1.Buffer.from([0x04]));
enc.add(f3);
const der = enc.end();
const keyObject = (0, crypto_1.createPrivateKey)({ key: der, format: 'der', type: 'pkcs8' });
(0, get_named_curve_js_1.setCurve)(keyObject, jwk.crv);
return keyObject;
}
const enc$1 = new asn1_sequence_encoder_js_1.default();
enc$1.oidFor('ecPublicKey');
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
enc.bitStr(pub);
const der = enc.end();
const keyObject = (0, crypto_1.createPublicKey)({ key: der, format: 'der', type: 'spki' });
(0, get_named_curve_js_1.setCurve)(keyObject, jwk.crv);
return keyObject;
}
case 'OKP': {
const enc = new asn1_sequence_encoder_js_1.default();
const isPrivate = jwk.d !== undefined;
if (isPrivate) {
enc.zero();
const enc$1 = new asn1_sequence_encoder_js_1.default();
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
const enc$2 = new asn1_sequence_encoder_js_1.default();
enc$2.octStr(buffer_1.Buffer.from(jwk.d, 'base64'));
const f = enc$2.end(buffer_1.Buffer.from([0x04]));
enc.add(f);
const der = enc.end();
return (0, crypto_1.createPrivateKey)({ key: der, format: 'der', type: 'pkcs8' });
}
const enc$1 = new asn1_sequence_encoder_js_1.default();
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
enc.bitStr(buffer_1.Buffer.from(jwk.x, 'base64'));
const der = enc.end();
return (0, crypto_1.createPublicKey)({ key: der, format: 'der', type: 'spki' });
}
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
}
};
exports.default = parse;

160
node_modules/jose/dist/node/cjs/runtime/key_to_jwk.js generated vendored Normal file
View File

@@ -0,0 +1,160 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const base64url_js_1 = require("./base64url.js");
const asn1_sequence_decoder_js_1 = require("./asn1_sequence_decoder.js");
const errors_js_1 = require("../util/errors.js");
const get_named_curve_js_1 = require("./get_named_curve.js");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const flags_js_1 = require("./flags.js");
const keyToJWK = (key) => {
let keyObject;
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = crypto_1.KeyObject.from(key);
}
else if ((0, is_key_object_js_1.default)(key)) {
keyObject = key;
}
else if (key instanceof Uint8Array) {
return {
kty: 'oct',
k: (0, base64url_js_1.encode)(key),
};
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
if (flags_js_1.jwkExport) {
if (keyObject.type !== 'secret' &&
!['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) {
throw new errors_js_1.JOSENotSupported('Unsupported key asymmetricKeyType');
}
return keyObject.export({ format: 'jwk' });
}
switch (keyObject.type) {
case 'secret':
return {
kty: 'oct',
k: (0, base64url_js_1.encode)(keyObject.export()),
};
case 'private':
case 'public': {
switch (keyObject.asymmetricKeyType) {
case 'rsa': {
const der = keyObject.export({ format: 'der', type: 'pkcs1' });
const dec = new asn1_sequence_decoder_js_1.default(der);
if (keyObject.type === 'private') {
dec.unsignedInteger();
}
const n = (0, base64url_js_1.encode)(dec.unsignedInteger());
const e = (0, base64url_js_1.encode)(dec.unsignedInteger());
let jwk;
if (keyObject.type === 'private') {
jwk = {
d: (0, base64url_js_1.encode)(dec.unsignedInteger()),
p: (0, base64url_js_1.encode)(dec.unsignedInteger()),
q: (0, base64url_js_1.encode)(dec.unsignedInteger()),
dp: (0, base64url_js_1.encode)(dec.unsignedInteger()),
dq: (0, base64url_js_1.encode)(dec.unsignedInteger()),
qi: (0, base64url_js_1.encode)(dec.unsignedInteger()),
};
}
dec.end();
return { kty: 'RSA', n, e, ...jwk };
}
case 'ec': {
const crv = (0, get_named_curve_js_1.default)(keyObject);
let len;
let offset;
let correction;
switch (crv) {
case 'secp256k1':
len = 64;
offset = 31 + 2;
correction = -1;
break;
case 'P-256':
len = 64;
offset = 34 + 2;
correction = -1;
break;
case 'P-384':
len = 96;
offset = 33 + 2;
correction = -3;
break;
case 'P-521':
len = 132;
offset = 33 + 2;
correction = -3;
break;
default:
throw new errors_js_1.JOSENotSupported('Unsupported curve');
}
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'EC',
crv,
x: (0, base64url_js_1.encode)(der.subarray(-len, -len / 2)),
y: (0, base64url_js_1.encode)(der.subarray(-len / 2)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
if (der.length < 100) {
offset += correction;
}
return {
...keyToJWK((0, crypto_1.createPublicKey)(keyObject)),
d: (0, base64url_js_1.encode)(der.subarray(offset, offset + len / 2)),
};
}
case 'ed25519':
case 'x25519': {
const crv = (0, get_named_curve_js_1.default)(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'OKP',
crv,
x: (0, base64url_js_1.encode)(der.subarray(-32)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK((0, crypto_1.createPublicKey)(keyObject)),
d: (0, base64url_js_1.encode)(der.subarray(-32)),
};
}
case 'ed448':
case 'x448': {
const crv = (0, get_named_curve_js_1.default)(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'OKP',
crv,
x: (0, base64url_js_1.encode)(der.subarray(crv === 'Ed448' ? -57 : -56)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK((0, crypto_1.createPublicKey)(keyObject)),
d: (0, base64url_js_1.encode)(der.subarray(crv === 'Ed448' ? -57 : -56)),
};
}
default:
throw new errors_js_1.JOSENotSupported('Unsupported key asymmetricKeyType');
}
}
default:
throw new errors_js_1.JOSENotSupported('Unsupported key type');
}
};
exports.default = keyToJWK;

78
node_modules/jose/dist/node/cjs/runtime/node_key.js generated vendored Normal file
View File

@@ -0,0 +1,78 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const get_named_curve_js_1 = require("./get_named_curve.js");
const errors_js_1 = require("../util/errors.js");
const check_modulus_length_js_1 = require("./check_modulus_length.js");
const flags_js_1 = require("./flags.js");
const PSS = {
padding: crypto_1.constants.RSA_PKCS1_PSS_PADDING,
saltLength: crypto_1.constants.RSA_PSS_SALTLEN_DIGEST,
};
const ecCurveAlgMap = new Map([
['ES256', 'P-256'],
['ES256K', 'secp256k1'],
['ES384', 'P-384'],
['ES512', 'P-521'],
]);
function keyForCrypto(alg, key) {
switch (alg) {
case 'EdDSA':
if (!['ed25519', 'ed448'].includes(key.asymmetricKeyType)) {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448');
}
return key;
case 'RS256':
case 'RS384':
case 'RS512':
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
(0, check_modulus_length_js_1.default)(key, alg);
return key;
case flags_js_1.rsaPssParams && 'PS256':
case flags_js_1.rsaPssParams && 'PS384':
case flags_js_1.rsaPssParams && 'PS512':
if (key.asymmetricKeyType === 'rsa-pss') {
const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;
const length = parseInt(alg.slice(-3), 10);
if (hashAlgorithm !== undefined &&
(hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${alg}`);
}
if (saltLength !== undefined && saltLength > length >> 3) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${alg}`);
}
}
else if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss');
}
(0, check_modulus_length_js_1.default)(key, alg);
return { key, ...PSS };
case !flags_js_1.rsaPssParams && 'PS256':
case !flags_js_1.rsaPssParams && 'PS384':
case !flags_js_1.rsaPssParams && 'PS512':
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
(0, check_modulus_length_js_1.default)(key, alg);
return { key, ...PSS };
case 'ES256':
case 'ES256K':
case 'ES384':
case 'ES512': {
if (key.asymmetricKeyType !== 'ec') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec');
}
const actual = (0, get_named_curve_js_1.default)(key);
const expected = ecCurveAlgMap.get(alg);
if (actual !== expected) {
throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`);
}
return { dsaEncoding: 'ieee-p1363', key };
}
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}
exports.default = keyForCrypto;

48
node_modules/jose/dist/node/cjs/runtime/pbes2kw.js generated vendored Normal file
View File

@@ -0,0 +1,48 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decrypt = exports.encrypt = void 0;
const util_1 = require("util");
const crypto_1 = require("crypto");
const random_js_1 = require("./random.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const base64url_js_1 = require("./base64url.js");
const aeskw_js_1 = require("./aeskw.js");
const check_p2s_js_1 = require("../lib/check_p2s.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const pbkdf2 = (0, util_1.promisify)(crypto_1.pbkdf2);
function getPassword(key, alg) {
if ((0, is_key_object_js_1.default)(key)) {
return key.export();
}
if (key instanceof Uint8Array) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, 'deriveBits', 'deriveKey');
return crypto_1.KeyObject.from(key).export();
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
const encrypt = async (alg, key, cek, p2c = 2048, p2s = (0, random_js_1.default)(new Uint8Array(16))) => {
(0, check_p2s_js_1.default)(p2s);
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
const encryptedKey = await (0, aeskw_js_1.wrap)(alg.slice(-6), derivedKey, cek);
return { encryptedKey, p2c, p2s: (0, base64url_js_1.encode)(p2s) };
};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
(0, check_p2s_js_1.default)(p2s);
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
return (0, aeskw_js_1.unwrap)(alg.slice(-6), derivedKey, encryptedKey);
};
exports.decrypt = decrypt;

5
node_modules/jose/dist/node/cjs/runtime/random.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = void 0;
var crypto_1 = require("crypto");
Object.defineProperty(exports, "default", { enumerable: true, get: function () { return crypto_1.randomFillSync; } });

69
node_modules/jose/dist/node/cjs/runtime/rsaes.js generated vendored Normal file
View File

@@ -0,0 +1,69 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decrypt = exports.encrypt = void 0;
const crypto_1 = require("crypto");
const check_modulus_length_js_1 = require("./check_modulus_length.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const checkKey = (key, alg) => {
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
(0, check_modulus_length_js_1.default)(key, alg);
};
const resolvePadding = (alg) => {
switch (alg) {
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
return crypto_1.constants.RSA_PKCS1_OAEP_PADDING;
case 'RSA1_5':
return crypto_1.constants.RSA_PKCS1_PADDING;
default:
return undefined;
}
};
const resolveOaepHash = (alg) => {
switch (alg) {
case 'RSA-OAEP':
return 'sha1';
case 'RSA-OAEP-256':
return 'sha256';
case 'RSA-OAEP-384':
return 'sha384';
case 'RSA-OAEP-512':
return 'sha512';
default:
return undefined;
}
};
function ensureKeyObject(key, alg, ...usages) {
if ((0, is_key_object_js_1.default)(key)) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, ...usages);
return crypto_1.KeyObject.from(key);
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
const encrypt = (alg, key, cek) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'wrapKey', 'encrypt');
checkKey(keyObject, alg);
return (0, crypto_1.publicEncrypt)({ key: keyObject, oaepHash, padding }, cek);
};
exports.encrypt = encrypt;
const decrypt = (alg, key, encryptedKey) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'unwrapKey', 'decrypt');
checkKey(keyObject, alg);
return (0, crypto_1.privateDecrypt)({ key: keyObject, oaepHash, padding }, encryptedKey);
};
exports.decrypt = decrypt;

3
node_modules/jose/dist/node/cjs/runtime/runtime.js generated vendored Normal file
View File

@@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = 'node:crypto';

25
node_modules/jose/dist/node/cjs/runtime/sign.js generated vendored Normal file
View File

@@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto = require("crypto");
const util_1 = require("util");
const dsa_digest_js_1 = require("./dsa_digest.js");
const hmac_digest_js_1 = require("./hmac_digest.js");
const node_key_js_1 = require("./node_key.js");
const get_sign_verify_key_js_1 = require("./get_sign_verify_key.js");
let oneShotSign;
if (crypto.sign.length > 3) {
oneShotSign = (0, util_1.promisify)(crypto.sign);
}
else {
oneShotSign = crypto.sign;
}
const sign = async (alg, key, data) => {
const keyObject = (0, get_sign_verify_key_js_1.default)(alg, key, 'sign');
if (alg.startsWith('HS')) {
const hmac = crypto.createHmac((0, hmac_digest_js_1.default)(alg), keyObject);
hmac.update(data);
return hmac.digest();
}
return oneShotSign((0, dsa_digest_js_1.default)(alg), data, (0, node_key_js_1.default)(alg, keyObject));
};
exports.default = sign;

5
node_modules/jose/dist/node/cjs/runtime/timing_safe_equal.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = require("crypto");
const timingSafeEqual = crypto_1.timingSafeEqual;
exports.default = timingSafeEqual;

38
node_modules/jose/dist/node/cjs/runtime/verify.js generated vendored Normal file
View File

@@ -0,0 +1,38 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto = require("crypto");
const util_1 = require("util");
const dsa_digest_js_1 = require("./dsa_digest.js");
const node_key_js_1 = require("./node_key.js");
const sign_js_1 = require("./sign.js");
const get_sign_verify_key_js_1 = require("./get_sign_verify_key.js");
const flags_js_1 = require("./flags.js");
let oneShotVerify;
if (crypto.verify.length > 4 && flags_js_1.oneShotCallback) {
oneShotVerify = (0, util_1.promisify)(crypto.verify);
}
else {
oneShotVerify = crypto.verify;
}
const verify = async (alg, key, signature, data) => {
const keyObject = (0, get_sign_verify_key_js_1.default)(alg, key, 'verify');
if (alg.startsWith('HS')) {
const expected = await (0, sign_js_1.default)(alg, keyObject, data);
const actual = signature;
try {
return crypto.timingSafeEqual(actual, expected);
}
catch {
return false;
}
}
const algorithm = (0, dsa_digest_js_1.default)(alg);
const keyInput = (0, node_key_js_1.default)(alg, keyObject);
try {
return await oneShotVerify(algorithm, data, keyInput, signature);
}
catch {
return false;
}
};
exports.default = verify;

11
node_modules/jose/dist/node/cjs/runtime/webcrypto.js generated vendored Normal file
View File

@@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isCryptoKey = void 0;
const crypto = require("crypto");
const util = require("util");
const webcrypto = crypto.webcrypto;
exports.default = webcrypto;
exports.isCryptoKey = util.types.isCryptoKey
? (key) => util.types.isCryptoKey(key)
:
(key) => false;

14
node_modules/jose/dist/node/cjs/runtime/zlib.js generated vendored Normal file
View File

@@ -0,0 +1,14 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.deflate = exports.inflate = void 0;
const util_1 = require("util");
const zlib_1 = require("zlib");
const errors_js_1 = require("../util/errors.js");
const inflateRaw = (0, util_1.promisify)(zlib_1.inflateRaw);
const deflateRaw = (0, util_1.promisify)(zlib_1.deflateRaw);
const inflate = (input) => inflateRaw(input, { maxOutputLength: 250000 }).catch(() => {
throw new errors_js_1.JWEDecompressionFailed();
});
exports.inflate = inflate;
const deflate = (input) => deflateRaw(input);
exports.deflate = deflate;