mirror of
https://github.com/danbulant/jose
synced 2026-05-25 04:51:47 +00:00
5b53cb0155
- this deprecates the use of `JWK.importKey` in favor of `JWK.asKey` - this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of `JWKS.asKeyStore` Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted in the process getting blocked when large bitsize RSA private keys were missing their components and could also result in an endless calculation loop when the private key's private exponent was outright invalid or tampered with. The new methods still allow to import private RSA keys with these optimization key parameters missing but its disabled by default and one should choose to enable it when working with keys from trusted sources It is recommended not to use @panva/jose versions with this feature in its original on-by-default form - v1.1.0 and v1.2.0 These will
64 lines
2.6 KiB
JavaScript
64 lines
2.6 KiB
JavaScript
const test = require('ava')
|
|
|
|
const recipe = require('./recipes').get('4.6')
|
|
|
|
const { JWS, JWK: { asKey, generateSync }, JWKS: { KeyStore }, errors } = require('../..')
|
|
|
|
const { input: { payload, key: jwk }, signing: { protected: protec, unprotected } } = recipe
|
|
|
|
const key = asKey(jwk)
|
|
|
|
const keystoreEmpty = new KeyStore()
|
|
const keystoreMatchOne = new KeyStore(generateSync(key.kty, key.length, { alg: key.alg, use: key.use }), key)
|
|
const keystoreMatchMore = new KeyStore(generateSync(key.kty, key.length, { alg: key.alg, use: key.use, kid: key.kid }), key, asKey(key))
|
|
const keystoreMatchNone = new KeyStore(generateSync(key.kty), generateSync(key.kty))
|
|
|
|
test(`${recipe.title} - flattened sign`, t => {
|
|
t.deepEqual(JWS.sign.flattened(payload, key, protec, unprotected), recipe.output.json_flat)
|
|
})
|
|
|
|
test(`${recipe.title} - general sign`, t => {
|
|
t.deepEqual(JWS.sign.general(payload, key, protec, unprotected), recipe.output.json)
|
|
})
|
|
|
|
test(`${recipe.title} - flattened verify`, t => {
|
|
t.is(JWS.verify(recipe.output.json_flat, key), payload)
|
|
})
|
|
|
|
test(`${recipe.title} - general verify`, t => {
|
|
t.is(JWS.verify(recipe.output.json, key), payload)
|
|
})
|
|
|
|
;[keystoreMatchOne, keystoreMatchMore].forEach((keystore, i) => {
|
|
test(`${recipe.title} - flattened verify (using keystore ${i + 1}/2)`, t => {
|
|
t.is(JWS.verify(recipe.output.json_flat, keystore), payload)
|
|
})
|
|
|
|
test(`${recipe.title} - general verify (using keystore ${i + 1}/2)`, t => {
|
|
t.is(JWS.verify(recipe.output.json, keystore), payload)
|
|
})
|
|
})
|
|
|
|
test(`${recipe.title} - flattened verify (failing)`, t => {
|
|
t.throws(() => {
|
|
JWS.verify(recipe.output.json_flat, keystoreMatchNone)
|
|
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
|
})
|
|
|
|
test(`${recipe.title} - general verify (failing)`, t => {
|
|
t.throws(() => {
|
|
JWS.verify(recipe.output.json, keystoreMatchNone)
|
|
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
|
})
|
|
|
|
test(`${recipe.title} - flattened verify (using empty keystore)`, t => {
|
|
t.throws(() => {
|
|
JWS.verify(recipe.output.json_flat, keystoreEmpty)
|
|
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
|
})
|
|
|
|
test(`${recipe.title} - general verify (using empty keystore)`, t => {
|
|
t.throws(() => {
|
|
JWS.verify(recipe.output.json, keystoreEmpty)
|
|
}, { instanceOf: errors.JWKSNoMatchingKey, code: 'ERR_JWKS_NO_MATCHING_KEY', message: 'no matching key found in the KeyStore' })
|
|
})
|