mirror of
https://github.com/danbulant/jose
synced 2026-05-24 20:41:46 +00:00
34 lines
1.3 KiB
JavaScript
34 lines
1.3 KiB
JavaScript
const { JOSECritNotUnderstood } = require('../errors')
|
|
|
|
const DEFINED = new Set([
|
|
'alg', 'jku', 'jwk', 'kid', 'x5u', 'x5c', 'x5t', 'x5t#S256', 'typ', 'cty',
|
|
'crit', 'enc', 'zip', 'epk', 'apu', 'apv', 'iv', 'tag', 'p2s', 'p2c'
|
|
])
|
|
|
|
module.exports = function validateCrit (Err, protectedHeader, unprotectedHeader, understood) {
|
|
if (protectedHeader && 'crit' in protectedHeader) {
|
|
if (
|
|
!Array.isArray(protectedHeader.crit) ||
|
|
protectedHeader.crit.length === 0 ||
|
|
protectedHeader.crit.some(s => typeof s !== 'string' || !s)
|
|
) {
|
|
throw new Err('"crit" Header Parameter MUST be an array of non-empty strings when present')
|
|
}
|
|
const whitelisted = new Set(understood)
|
|
protectedHeader.crit.forEach((parameter) => {
|
|
if (DEFINED.has(parameter)) {
|
|
throw new Err(`The critical list contains a non-extension Header Parameter ${parameter}`)
|
|
}
|
|
if (!whitelisted.has(parameter)) {
|
|
throw new JOSECritNotUnderstood(`critical "${parameter}" is not understood`)
|
|
}
|
|
const combined = { ...protectedHeader, ...unprotectedHeader }
|
|
if (!(parameter in combined)) {
|
|
throw new Err(`critical parameter ${parameter} is missing`)
|
|
}
|
|
})
|
|
}
|
|
if (unprotectedHeader && 'crit' in unprotectedHeader) {
|
|
throw new Err('"crit" Header Parameter MUST be integrity protected when present')
|
|
}
|
|
}
|