UNPKG

@oada/certs

Version:

Generate and verify JWT signatures (OAuth dynamic client registration certificates and Trellis document integrity signatures) in the Open Ag Data Alliance (OADA) and Trellis ecosystems

78 lines (77 loc) 2.17 kB
/** * @license * Copyright 2014 Qlever LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import { JWK as jose_JWK } from 'node-jose'; import type { RSA_JWK } from 'pem-jwk'; /** * @todo Better discriminated union of JWK types? */ export declare type JWK = JWKpem | JWKrsa; export interface BaseJWK extends Partial<jose_JWK.RawKey> { /** * Must have "kty" to be a JWK */ kty: string; } export interface JWKpem extends BaseJWK { kty: 'PEM'; pem: string; } export interface JWKrsa extends BaseJWK, RSA_JWK { kty: 'RSA'; n: string; e: string; } export interface JWKs { keys: readonly JWK[]; } export interface JOSEHeader { alg: 'RS256'; typ: string; kid?: string; jku?: string; jwk?: JWK; } export declare function cachePruneOldest(): boolean; export declare function clearJWKsCache(): void; export declare function getJWKsCache(): Map<string, { jwks: JWKs; timePutIntoCache: number; strbytes: number; }>; /** * Decide if an object is a JWK */ export declare function isJWK(key: unknown): key is JWK; /** * Decide if an object is a set of JWKs */ export declare function isJWKset(set: unknown): set is JWKs; /** * Pick a JWK from a JWK set by its Key ID */ export declare function findJWK(kid: string | undefined, jwks: JWKs): JWK | undefined; export declare function decodeWithoutVerify(jwt: string): { header: JOSEHeader; payload: unknown; signature: string | undefined; }; /** * Supported headers: [kid, jwk, jku] */ export declare function jwkForSignature(sig: string, hint: false | string | JWKs | JWK, { timeout }?: { timeout?: number; }): Promise<JWK>;