diff --git a/docs/README.md b/docs/README.md index 50767dc3..545dba64 100644 --- a/docs/README.md +++ b/docs/README.md @@ -692,6 +692,8 @@ Creates a new KeyStore from a JSON Web Key Set. - `jwks`: `` JWKS formatted object (`{ keys: [{ kty: '...', ... }, ...] }`) - `options`: `` + - `ignoreErrors`: `` **Default** 'false'. This will make it so that keys + unsupported by your Node.js runtime version (or otherwise faulty keys) get swallowed. - `calculateMissingRSAPrimes`: `` **Default** 'false'. This option is really only in effect when the JWKS contains private RSA JWK keys, by default, keys without the optimization private key parameters (p, q, dp, dq, qi) won't imported because their calculation is heavy and diff --git a/lib/index.d.ts b/lib/index.d.ts index b19d7540..0a0e2b19 100644 --- a/lib/index.d.ts +++ b/lib/index.d.ts @@ -208,7 +208,11 @@ export namespace JWKS { static fromJWKS(jwks: JSONWebKeySet): KeyStore } - export function asKeyStore(jwks: JSONWebKeySet, options?: ImportOptions): KeyStore + interface JWKSImportOptions extends ImportOptions { + ignoreErrors?: boolean + } + + export function asKeyStore(jwks: JSONWebKeySet, options?: JWKSImportOptions): KeyStore } export namespace JWS { diff --git a/lib/jwks/keystore.js b/lib/jwks/keystore.js index 7b03f16f..07acc70d 100644 --- a/lib/jwks/keystore.js +++ b/lib/jwks/keystore.js @@ -168,12 +168,20 @@ class KeyStore { } } -function asKeyStore (jwks, { calculateMissingRSAPrimes = false } = {}) { +function asKeyStore (jwks, { ignoreErrors = false, calculateMissingRSAPrimes = false } = {}) { if (!isObject(jwks) || !Array.isArray(jwks.keys) || jwks.keys.some(k => !isObject(k) || !('kty' in k))) { throw new TypeError('jwks must be a JSON Web Key Set formatted object') } - const keys = jwks.keys.map((jwk) => importKey(jwk, { calculateMissingRSAPrimes })) + const keys = jwks.keys.map((jwk) => { + try { + return importKey(jwk, { calculateMissingRSAPrimes }) + } catch (err) { + if (!ignoreErrors) { + throw err + } + } + }).filter(Boolean) return new KeyStore(...keys) }