mirror of
https://github.com/danbulant/jose
synced 2026-05-24 20:41:46 +00:00
5b53cb0155
- this deprecates the use of `JWK.importKey` in favor of `JWK.asKey` - this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of `JWKS.asKeyStore` Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted in the process getting blocked when large bitsize RSA private keys were missing their components and could also result in an endless calculation loop when the private key's private exponent was outright invalid or tampered with. The new methods still allow to import private RSA keys with these optimization key parameters missing but its disabled by default and one should choose to enable it when working with keys from trusted sources It is recommended not to use @panva/jose versions with this feature in its original on-by-default form - v1.1.0 and v1.2.0 These will
51 lines
1.7 KiB
JavaScript
51 lines
1.7 KiB
JavaScript
const test = require('ava')
|
|
|
|
const { JWK, JWS, errors } = require('../..')
|
|
|
|
const k = JWK.asKey({
|
|
kty: 'oct',
|
|
k: 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow'
|
|
})
|
|
|
|
const FIXTURE = {
|
|
protected: 'eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19',
|
|
payload: '$.02',
|
|
signature: 'A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY'
|
|
}
|
|
|
|
test('b64=false is supported for JWS', t => {
|
|
t.deepEqual(
|
|
JWS.sign.flattened('$.02', k, { alg: 'HS256', b64: false, crit: ['b64'] }),
|
|
FIXTURE
|
|
)
|
|
|
|
t.is(JWS.verify(FIXTURE, k, { crit: ['b64'] }), FIXTURE.payload)
|
|
})
|
|
|
|
test('b64=true is also allowed', t => {
|
|
const jws = JWS.sign.flattened('$.02', k, { alg: 'HS256', b64: true, crit: ['b64'] })
|
|
t.is(jws.payload, 'JC4wMg')
|
|
t.is(JWS.verify(FIXTURE, k, { crit: ['b64'] }), FIXTURE.payload)
|
|
})
|
|
|
|
test('b64 must be integrity protected', t => {
|
|
t.throws(() => {
|
|
JWS.sign.flattened('foo', k, { alg: 'HS256', crit: ['b64'] }, { b64: true })
|
|
}, { instanceOf: errors.JWSInvalid, code: 'ERR_JWS_INVALID', message: '"b64" critical parameter must be integrity protected' })
|
|
})
|
|
|
|
test('b64 must be a boolean', t => {
|
|
t.throws(() => {
|
|
JWS.sign.flattened('foo', k, { alg: 'HS256', crit: ['b64'], b64: 'true' })
|
|
}, { instanceOf: errors.JWSInvalid, code: 'ERR_JWS_INVALID', message: '"b64" critical parameter must be a boolean' })
|
|
})
|
|
|
|
test('b64 must be the same for all recipients', t => {
|
|
const sign = new JWS.Sign('$.02')
|
|
sign.recipient(k, { crit: ['b64'], b64: false })
|
|
sign.recipient(k, { crit: ['b64'], b64: true })
|
|
|
|
t.throws(() => {
|
|
sign.sign('general')
|
|
}, { instanceOf: errors.JWSInvalid, code: 'ERR_JWS_INVALID', message: 'the "b64" Header Parameter value MUST be the same for all recipients' })
|
|
})
|