@berlingske-media/bm.node-module.gateway_jwt
Version:
AuthGateway JWT verification library based on public JWKS endpoint
67 lines • 2.34 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.getSpki = exports.retrieveSigningKeys = void 0;
const tslib_1 = require("tslib");
const errors_1 = require("./errors");
const jose_1 = require("jose");
function resolveAlg(jwk) {
if (jwk.alg) {
return jwk.alg;
}
if (jwk.kty === 'RSA') {
return 'RS256';
}
if (jwk.kty === 'EC') {
switch (jwk.crv) {
case 'P-256':
return 'ES256';
case 'secp256k1':
return 'ES256K';
case 'P-384':
return 'ES384';
case 'P-521':
return 'ES512';
}
}
if (jwk.kty === 'OKP') {
switch (jwk.crv) {
case 'Ed25519':
case 'Ed448':
return 'EdDSA';
}
}
throw new errors_1.JwksError('Unsupported JWK');
}
function retrieveSigningKeys(jwks) {
return tslib_1.__awaiter(this, void 0, void 0, function* () {
const results = [];
jwks = jwks
.filter(({ use }) => use === 'sig' || use === undefined)
.filter(({ kty }) => kty === 'RSA' || kty === 'EC' || kty === 'OKP');
for (const jwk of jwks) {
try {
const key = yield (0, jose_1.importJWK)(jwk, resolveAlg(jwk));
if (key.type !== 'public') {
continue;
}
let getSpki;
switch (key[Symbol.toStringTag]) {
case 'KeyObject':
default:
getSpki = () => key.export({ format: 'pem', type: 'spki' });
}
results.push(Object.assign(Object.assign({ get publicKey() { return getSpki(); },
get rsaPublicKey() { return getSpki(); },
getPublicKey() { return getSpki(); } }, (typeof jwk.kid === 'string' && jwk.kid ? { kid: jwk.kid } : undefined)), (typeof jwk.alg === 'string' && jwk.alg ? { alg: jwk.alg } : undefined)));
}
catch (err) {
continue;
}
}
return results;
});
}
exports.retrieveSigningKeys = retrieveSigningKeys;
const getSpki = (key) => key.export({ format: 'pem', type: 'spki' });
exports.getSpki = getSpki;
//# sourceMappingURL=utils.js.map