-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Martin Auer <[email protected]>
- Loading branch information
1 parent
01f6d4d
commit 57c7592
Showing
3 changed files
with
52 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,70 +1,70 @@ | ||
import * as u8a from 'uint8arrays' | ||
import * as u8a from 'uint8arrays'; | ||
|
||
import { DigestAlgorithm } from '../types' | ||
import { DigestAlgorithm } from '../types'; | ||
|
||
import { JWK } from '.' | ||
import { JWK } from '.'; | ||
|
||
const check = (value: unknown, description: string) => { | ||
if (typeof value !== 'string' || !value) { | ||
throw Error(`${description} missing or invalid`) | ||
throw Error(`${description} missing or invalid`); | ||
} | ||
} | ||
}; | ||
|
||
const digest = async (algorithm: DigestAlgorithm, data: Uint8Array) => { | ||
const subtleDigest = `SHA-${algorithm.slice(-3)}` | ||
return new Uint8Array(await crypto.subtle.digest(subtleDigest, data)) | ||
} | ||
const subtleDigest = `SHA-${algorithm.slice(-3)}`; | ||
return new Uint8Array(await crypto.subtle.digest(subtleDigest, data)); | ||
}; | ||
|
||
export async function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: DigestAlgorithm): Promise<string> { | ||
if (!jwk || typeof jwk !== 'object') { | ||
throw new TypeError('JWK must be an object') | ||
throw new TypeError('JWK must be an object'); | ||
} | ||
const algorithm = digestAlgorithm ?? 'sha256' | ||
const algorithm = digestAlgorithm ?? 'sha256'; | ||
if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') { | ||
throw new TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"') | ||
throw new TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"'); | ||
} | ||
let components | ||
let components; | ||
switch (jwk.kty) { | ||
case 'EC': | ||
check(jwk.crv, '"crv" (Curve) Parameter') | ||
check(jwk.x, '"x" (X Coordinate) Parameter') | ||
check(jwk.y, '"y" (Y Coordinate) Parameter') | ||
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y } | ||
break | ||
check(jwk.crv, '"crv" (Curve) Parameter'); | ||
check(jwk.x, '"x" (X Coordinate) Parameter'); | ||
check(jwk.y, '"y" (Y Coordinate) Parameter'); | ||
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y }; | ||
break; | ||
case 'OKP': | ||
check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter') | ||
check(jwk.x, '"x" (Public Key) Parameter') | ||
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x } | ||
break | ||
check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter'); | ||
check(jwk.x, '"x" (Public Key) Parameter'); | ||
components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x }; | ||
break; | ||
case 'RSA': | ||
check(jwk.e, '"e" (Exponent) Parameter') | ||
check(jwk.n, '"n" (Modulus) Parameter') | ||
components = { e: jwk.e, kty: jwk.kty, n: jwk.n } | ||
break | ||
check(jwk.e, '"e" (Exponent) Parameter'); | ||
check(jwk.n, '"n" (Modulus) Parameter'); | ||
components = { e: jwk.e, kty: jwk.kty, n: jwk.n }; | ||
break; | ||
case 'oct': | ||
check(jwk.k, '"k" (Key Value) Parameter') | ||
components = { k: jwk.k, kty: jwk.kty } | ||
break | ||
check(jwk.k, '"k" (Key Value) Parameter'); | ||
components = { k: jwk.k, kty: jwk.kty }; | ||
break; | ||
default: | ||
throw Error('"kty" (Key Type) Parameter missing or unsupported') | ||
throw Error('"kty" (Key Type) Parameter missing or unsupported'); | ||
} | ||
const data = u8a.fromString(JSON.stringify(components), 'utf-8') | ||
return u8a.toString(await digest(algorithm, data), 'base64url') | ||
const data = u8a.fromString(JSON.stringify(components), 'utf-8'); | ||
return u8a.toString(await digest(algorithm, data), 'base64url'); | ||
} | ||
|
||
export async function getDigestAlgorithmFromJwkThumbprintUri(uri: string): Promise<DigestAlgorithm> { | ||
const match = uri.match(/^urn:ietf:params:oauth:jwk-thumbprint:sha-(\w+):/) | ||
const match = uri.match(/^urn:ietf:params:oauth:jwk-thumbprint:sha-(\w+):/); | ||
if (!match) { | ||
throw new Error(`Invalid JWK thumbprint URI structure ${uri}`) | ||
throw new Error(`Invalid JWK thumbprint URI structure ${uri}`); | ||
} | ||
const algorithm = `sha${match[1]}` as DigestAlgorithm | ||
const algorithm = `sha${match[1]}` as DigestAlgorithm; | ||
if (algorithm !== 'sha256' && algorithm !== 'sha384' && algorithm !== 'sha512') { | ||
throw new Error(`Invalid JWK thumbprint URI digest algorithm ${uri}`) | ||
throw new Error(`Invalid JWK thumbprint URI digest algorithm ${uri}`); | ||
} | ||
return algorithm | ||
return algorithm; | ||
} | ||
|
||
export async function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm: DigestAlgorithm = 'sha256'): Promise<string> { | ||
const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm) | ||
return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}` | ||
const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters