///
import { KeyObject, PrivateKeyInput, PublicKeyInput } from 'crypto'
type use = 'sig' | 'enc'
type keyOperation = 'sign' | 'verify' | 'encrypt' | 'decrypt' | 'wrapKey' | 'unwrapKey' | 'deriveKey'
interface BasicParameters {
alg?: string
use?: use
kid?: string
key_ops?: keyOperation[]
}
interface KeyParameters extends BasicParameters {
x5c?: string[]
x5t?: string
'x5t#S256'?: string
}
type ECCurve = 'P-256' | 'secp256k1' | 'P-384' | 'P-521'
type OKPCurve = 'Ed25519' | 'Ed448' | 'X25519' | 'X448'
type keyType = 'RSA' | 'EC' | 'OKP' | 'oct'
type asymmetricKeyObjectTypes = 'private' | 'public'
type keyObjectTypes = asymmetricKeyObjectTypes | 'secret'
type JWTProfiles = 'id_token'
interface JWKOctKey extends BasicParameters { // no x5c
kty: 'oct',
k?: string
}
interface JWKECKey extends KeyParameters {
kty: 'EC'
crv: ECCurve
x: string
y: string
d?: string
}
interface JWKOKPKey extends KeyParameters {
kty: 'OKP'
crv: OKPCurve
x: string
d?: string
}
interface JWKRSAKey extends KeyParameters {
kty: 'RSA'
e: string
n: string
d?: string
p?: string
q?: string
dp?: string
dq?: string
qi?: string
}
type JSONWebKey = JWKRSAKey | JWKOKPKey | JWKECKey | JWKOctKey
interface JSONWebKeySet {
keys: JSONWebKey[]
}
interface ImportOptions {
calculateMissingRSAPrimes?: boolean
}
export namespace JWK {
interface pemEncodingOptions {
type?: string
cipher?: string
passphrase?: string
}
class Key {
kty: keyType
type: keyObjectTypes
private: boolean
public: boolean
secret: boolean
alg?: string
use?: use
key_ops?: keyOperation[]
kid: string
thumbprint: string
x5c?: string[]
x5t?: string
'x5t#S256'?: string
toPEM(private?: boolean, encoding?: pemEncodingOptions): string
algorithms(operation?: keyOperation): Set
}
class RSAKey extends Key {
kty: 'RSA'
type: asymmetricKeyObjectTypes
secret: false
e: string
n: string
d?: string
p?: string
q?: string
dp?: string
dq?: string
qi?: string
toJWK(private?: boolean): JWKRSAKey
}
class ECKey extends Key {
kty: 'EC'
secret: false
type: asymmetricKeyObjectTypes
crv: ECCurve
x: string
y: string
d?: string
toJWK(private?: boolean): JWKECKey
}
class OKPKey extends Key {
kty: 'OKP'
secret: false
type: asymmetricKeyObjectTypes
crv: OKPCurve
x: string
d?: string
toJWK(private?: boolean): JWKOKPKey
}
class OctKey extends Key {
kty: 'oct'
type: 'secret'
private: false
public: false
secret: true
k?: string
toJWK(private?: boolean): JWKOctKey
}
export function isKey(object: any): boolean
export function asKey(keyObject: KeyObject, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey
export function asKey(key: PrivateKeyInput | PublicKeyInput | string | Buffer, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey
export function asKey(jwk: JWKOctKey): OctKey
export function asKey(jwk: JWKRSAKey, options?: ImportOptions): RSAKey
export function asKey(jwk: JWKECKey): ECKey
export function asKey(jwk: JWKOKPKey): OKPKey
/*
* @deprecated in favor of asKey
*/
export function importKey(keyObject: KeyObject, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey
export function importKey(key: PrivateKeyInput | PublicKeyInput | string | Buffer, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey
export function importKey(jwk: JWKOctKey): OctKey
export function importKey(jwk: JWKRSAKey): RSAKey
export function importKey(jwk: JWKECKey): ECKey
export function importKey(jwk: JWKOKPKey): OKPKey
export function generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise
export function generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise
export function generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise
export function generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise
export function generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): ECKey
export function generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): OKPKey
export function generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): RSAKey
export function generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): OctKey
}
export namespace JWKS {
interface KeyQuery extends BasicParameters {
kty?: keyType
x5t?: string
'x5t#S256'?: string
}
class KeyStore {
constructor(keys?: JWK.Key[])
size: number
add(key: JWK.Key): void
remove(key: JWK.Key): void
all(parameters?: KeyQuery): JWK.Key[]
get(parameters?: KeyQuery): JWK.Key
toJWKS(private?: boolean): JSONWebKeySet
generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void
generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void
generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): void
generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): void
generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void
generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void
generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): void
generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): void
/*
* @deprecated in favor of JWKS.asKeyStore
*/
static fromJWKS(jwks: JSONWebKeySet): KeyStore
}
export function asKeyStore(jwks: JSONWebKeySet, options?: ImportOptions): KeyStore
}
export namespace JWS {
interface JWSJSON {
payload: string
}
interface JWSRecipient {
signature: string,
protected?: string,
header?: object
}
interface FlattenedJWS extends JWSRecipient, JWSJSON {}
interface GeneralJWS extends JWSJSON {
signatures: JWSRecipient[]
}
class Sign {
constructor(payload: string | Buffer | object)
recipient(key: JWK.Key, protected?: object, header?: object): void
sign(serialization: 'compact'): string
sign(serialization: 'flattened'): FlattenedJWS
sign(serialization: 'general'): GeneralJWS
}
export function sign(payload: string | Buffer | object, key: JWK.Key, protected?: object): string
namespace sign {
export function flattened(payload: string | Buffer | object, key: JWK.Key, protected?: object, header?: object): FlattenedJWS
export function general(payload: string | Buffer | object, key: JWK.Key, protected?: object, header?: object): GeneralJWS
}
interface VerifyOptions {
complete?: komplet,
crit?: string[],
algorithms?: string[]
}
interface completeVerification {
payload: string | object,
key: JWK.Key,
protected?: object,
header?: object,
}
export function verify(jws: string | FlattenedJWS | GeneralJWS, key: JWK.Key | JWKS.KeyStore, options?: VerifyOptions): string | object
export function verify(jws: string | FlattenedJWS | GeneralJWS, key: JWK.Key | JWKS.KeyStore, options?: VerifyOptions): completeVerification
}
export namespace JWE {
interface JWEJSON {
protected?: string,
unprotected?: object,
ciphertext: string,
tag: string,
iv: string,
aad?: string,
}
interface JWERecipient {
header?: object,
encrypted_key: string
}
interface FlattenedJWE extends JWERecipient, JWEJSON {}
interface GeneralJWE extends JWEJSON {
recipients: JWERecipient[]
}
class Encrypt {
constructor(cleartext: string | Buffer, protected?: object, unprotected?: object, aad?: string)
recipient(key: JWK.Key, header?: object): void
encrypt(serialization: 'compact'): string
encrypt(serialization: 'flattened'): FlattenedJWE
encrypt(serialization: 'general'): GeneralJWE
}
export function encrypt(payload: string | Buffer, key: JWK.Key, protected?: object): string
namespace encrypt {
export function flattened(payload: string | Buffer, key: JWK.Key, protected?: object, header?: object, aad?: string): FlattenedJWE
export function general(payload: string | Buffer, key: JWK.Key, protected?: object, header?: object, aad?: string): GeneralJWE
}
interface DecryptOptions {
complete?: komplet,
crit?: string[],
algorithms?: string[]
}
interface completeDecrypt {
cleartext: Buffer,
key: JWK.Key,
aad?: string,
header?: object,
unprotected?: object,
protected?: object,
}
export function decrypt(jwe: string | FlattenedJWE | GeneralJWE, key: JWK.Key | JWKS.KeyStore, options?: DecryptOptions): Buffer
export function decrypt(jwe: string | FlattenedJWE | GeneralJWE, key: JWK.Key | JWKS.KeyStore, options?: DecryptOptions): completeDecrypt
}
export namespace JWT {
interface completeResult {
payload: object,
header: object,
signature: string,
key: JWK.Key
}
interface DecodeOptions {
complete?: komplet
}
export function decode(jwt: string, options?: DecodeOptions): object
export function decode(jwt: string, options?: DecodeOptions): completeResult
interface VerifyOptions {
complete?: komplet,
ignoreExp?: boolean,
ignoreNbf?: boolean,
ignoreIat?: boolean,
maxTokenAge?: string,
subject?: string,
issuer?: string,
maxAuthAge?: string,
jti?: string,
clockTolerance?: string,
audience?: string | string[],
algorithms?: string[],
nonce?: string,
now?: Date,
crit?: string[],
profile?: JWTProfiles
}
export function verify(jwt: string, key: JWK.Key | JWKS.KeyStore, options?: VerifyOptions): object
export function verify(jwt: string, key: JWK.Key | JWKS.KeyStore, options?: VerifyOptions): completeResult
interface SignOptions {
iat?: boolean,
kid?: boolean,
subject?: string,
issuer?: string,
audience?: string | string[],
header?: object,
algorithm?: string,
expiresIn?: string,
notBefore?: string,
jti?: string,
nonce?: string,
now?: Date
}
export function sign(payload: object, key: JWK.Key, options?: SignOptions): string
}
export namespace errors {
export class JOSEError extends Error {}
export class JOSEMultiError extends JOSEError {}
export class JOSEAlgNotWhitelisted extends JOSEError {}
export class JOSECritNotUnderstood extends JOSEError {}
export class JOSENotSupported extends JOSEError {}
export class JWEDecryptionFailed extends JOSEError {}
export class JWEInvalid extends JOSEError {}
export class JWKImportFailed extends JOSEError {}
export class JWKInvalid extends JOSEError {}
export class JWKKeySupport extends JOSEError {}
export class JWKSNoMatchingKey extends JOSEError {}
export class JWSInvalid extends JOSEError {}
export class JWSVerificationFailed extends JOSEError {}
export class JWTClaimInvalid extends JOSEError {}
export class JWTMalformed extends JOSEError {}
}