dan/jose
1
0
Fork 0
mirror of https://github.com/danbulant/jose synced 2026-05-25 04:51:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
405 commits 10 branches 160 tags 9.9 MiB
Commit graph

189 commits

Author SHA1 Message Date
Filip Skokan
67c1a5de77 docs: update decode docs to be less likely to be discovered instead of verify 2020-09-03 16:05:24 +02:00
Filip Skokan
eb482a8ab8 style: lib/jwe/encrypt.js 2020-08-10 18:35:02 +02:00
Filip Skokan
e0a2d57926 refactor: sign.js PROCESS_RECIPIENT 2020-08-10 18:35:02 +02:00
sboys3
ce6836af88
feat: support for validating issuer from a list of values (#91) 
Co-authored-by: Filip Skokan <panva.ip@gmail.com>
 2020-08-10 18:34:51 +02:00
Filip Skokan
d56ec9f5dd fix: ensure "b64" is the same for all recipients edge cases 2020-08-04 14:37:52 +02:00
Filip Skokan
169542363f fix: do not mutate unencoded payload when signing for multiple parties 
resolves #89
 2020-08-04 14:36:52 +02:00
Filip Skokan
e8ad38993e
fix: handle private EC keys without public component (#86) 
Only possible to handle when KeyObject API is available in the runtime.

closes #85
 2020-07-01 13:13:34 +02:00
Filip Skokan
7ba492237a fix: allow any JSON numeric value for timestamp values 
> NumericDate
>    A JSON numeric value representing the number of seconds from
>    1970-01-01T00:00:00Z UTC until the specified UTC date/time,
>    ignoring leap seconds.  This is equivalent to the IEEE Std 1003.1,
>    2013 Edition [POSIX.1] definition "Seconds Since the Epoch", in
>    which each day is accounted for by exactly 86400 seconds, other
>    than that non-integer values can be represented.  See RFC 3339
>    [RFC3339] for details regarding date/times in general and UTC in
>    particular.
 2020-06-01 14:58:25 +02:00
Filip Skokan
7c1cab196e feat: add opt-in objects to verify using embedded JWS Header public keys 2020-05-04 22:37:11 +02:00
Filip Skokan
06915861b3 fix: "typ" content-type validation, case insensitive and handled prefix 2020-04-27 20:48:35 +02:00
Filip Skokan
8c0a8a950e feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 
BREAKING CHANGE: `at+JWT` JWT draft profile - in the draft's Section 2.2
the claims `iat` and `jti` are now REQUIRED (was RECOMMENDED).
 2020-04-16 12:09:08 +02:00
Filip Skokan
530709d15c refactor: aes_kw 2020-04-15 09:27:18 +02:00
Filip Skokan
dcf8d75a8a fix: use native openssl AES Key Wrap 🤦 2020-04-15 09:21:50 +02:00
Filip Skokan
447f2bee01 refactor: clear check for supported curves 2020-04-08 08:51:13 +02:00
Filip Skokan
27b77b9edc refactor: get rid of multiple asn1 OID mappings 2020-04-07 20:10:55 +02:00
Filip Skokan
bc77a15fab feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 2020-03-11 15:29:56 +01:00
Filip Skokan
f86bda3bb7 fix: allow importing simpler passphrases as oct keys 2020-03-05 20:36:15 +01:00
Filip Skokan
fc08426466 feat: add JWT.verify "typ" option for checking JWT Type Header parameter 2020-02-24 09:12:27 +01:00
Kyle Den Hartog
419d09b4d5
refactor: use consistent BigInt(n) syntax 2020-02-24 08:57:35 +01:00
Filip Skokan
9e7444b7d2 refactor: removed asn1.js in favor of slimmer @panva/asn1.js 
resolves #61
 2020-02-18 16:12:10 +01:00
Filip Skokan
f7e463d0dd improvement: private / public key input support improved in node 10 2020-02-14 21:17:19 +01:00
Filip Skokan
38369ea3d7 feat: add ECDH-ES with X25519 and X448 OKP keys 2020-02-13 16:26:09 +01:00
Filip Skokan
594c3e4e43 improvement: dsaEncoding is now available in lts/erbium 2020-02-13 15:31:28 +01:00
Filip Skokan
7477f0831b feat: add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms 
These are registered for JOSE by W3C Web Cryptography Working Group in
[Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
 2020-02-13 15:24:37 +01:00
Filip Skokan
3e3d7dd381 perf: various codepaths refactored 2020-02-06 14:18:48 +01:00
Filip Skokan
eae01b57ab fix: actually remove the base64url proper encoding check 
This should've landed with 470b4c7
 2020-02-03 14:07:28 +01:00
Filip Skokan
dec5d233e1 refactor: simplify lib/jwa/ecdsa.js 2020-01-30 16:16:42 +01:00
Filip Skokan
2fb1d8ed85 style: remove unused requires 2020-01-29 20:38:03 +01:00
Filip Skokan
470b4c7315 perf: base64url decode, JWT.verify, JWK.Key instance re-use 
I'm done trying to educate other JOSE producers about interoperability
so i'm going to be accepting their non-conform base64url so that users
of this module don't suffer performance loss.
 2020-01-29 20:33:30 +01:00
Filip Skokan
93068a63c8 refactor: improve performance when decoding base64url values 
When creating a Buffer from a string, this encoding will also correctly
accept "URL and Filename Safe Alphabet".
 2020-01-28 16:41:03 +01:00
Filip Skokan
ed1f78023e refactor: cleanup, code diet 2020-01-27 10:34:21 +01:00
Filip Skokan
a9f6f71350 feat: keystore filtering by JWK Key thumbprint 2020-01-26 19:31:55 +01:00
Filip Skokan
70ff22227a fix: contactKDF iteration count fixed for key sizes larger than 256 bits 2020-01-25 16:43:53 +01:00
Filip Skokan
3a6d17fdd1 feat: add opt-in support for Unsecured JWS algorithm "none" 2020-01-23 18:38:00 +01:00
Filip Skokan
a0c0c7ad70
feat: add JWTExpired error and JWTClaimInvalid claim and reason props 
Resolves #62
 2020-01-16 08:49:37 +01:00
Filip Skokan
b1864e319d feat: exposed shorthands for JWT verification profiles 2020-01-12 16:40:51 +01:00
Filip Skokan
bc81e5dec2 fix: expose JOSENotSupported key import errors on unsupported runtimes 2020-01-08 13:17:45 +01:00
Filip Skokan
bb58c9ce52 fix: typo in JOSENotSupported error when x509 certs are not supported 2020-01-07 21:03:00 +01:00
Filip Skokan
3035b8a4f1 docs: fix flattened encrypt docs 2020-01-04 23:19:20 +01:00
Filip Skokan
927118cc47 chore: cleanup 2020-01-01 21:31:20 +01:00
Filip Skokan
828ad5a33d fix: force iat past check when maxTokenAge option is used + JWT refactor 2020-01-01 21:23:05 +01:00
Filip Skokan
7bb5c953a9 feat: add JWT validation profiles for Access Tokens and Logout Tokens 2019-12-31 14:20:52 +01:00
Filip Skokan
0ed5025de3 fix: skip validating iat is in the past when exp is present 
validating that iat is in the past is common sense but actually nowhere
defined, in most applications tokens will contain `exp` and for those
it seems requiring a few second leeway just to satisfy `iat` seems
inappropriate
 2019-12-17 20:40:23 +01:00
Filip Skokan
11ceb4ef5d chore: add deprecation warning for P-256K 2019-12-17 17:23:00 +01:00
Filip Skokan
10457355e3 refactor: revert the slow Object.freeze 2019-12-11 09:15:13 +01:00
Filip Skokan
bee574457f fix: properly fail to import unsupported openssh keys 2019-12-10 17:06:34 +01:00
Filip Skokan
94ec607d4c refactor: freeze the key's x5c array 2019-12-10 15:20:01 +01:00
Filip Skokan
25a7a71915 feat: importing a certificate populates x5c and x5t thumbprints 
closes #59
 2019-12-10 14:58:54 +01:00
Filip Skokan
62bdee7b29 refactor: improve error message when JWE "enc" value is invalid 2019-12-06 16:09:49 +01:00
Filip Skokan
8976027c97 refactor: improve error message when key use mismatches the operation 2019-12-06 15:35:15 +01:00