@oada/certs
Version:
Generate and verify JWT signatures (OAuth dynamic client registration certificates and Trellis document integrity signatures) in the Open Ag Data Alliance (OADA) and Trellis ecosystems
78 lines (77 loc) • 2.17 kB
TypeScript
/**
* @license
* Copyright 2014 Qlever LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { JWK as jose_JWK } from 'node-jose';
import type { RSA_JWK } from 'pem-jwk';
/**
* @todo Better discriminated union of JWK types?
*/
export declare type JWK = JWKpem | JWKrsa;
export interface BaseJWK extends Partial<jose_JWK.RawKey> {
/**
* Must have "kty" to be a JWK
*/
kty: string;
}
export interface JWKpem extends BaseJWK {
kty: 'PEM';
pem: string;
}
export interface JWKrsa extends BaseJWK, RSA_JWK {
kty: 'RSA';
n: string;
e: string;
}
export interface JWKs {
keys: readonly JWK[];
}
export interface JOSEHeader {
alg: 'RS256';
typ: string;
kid?: string;
jku?: string;
jwk?: JWK;
}
export declare function cachePruneOldest(): boolean;
export declare function clearJWKsCache(): void;
export declare function getJWKsCache(): Map<string, {
jwks: JWKs;
timePutIntoCache: number;
strbytes: number;
}>;
/**
* Decide if an object is a JWK
*/
export declare function isJWK(key: unknown): key is JWK;
/**
* Decide if an object is a set of JWKs
*/
export declare function isJWKset(set: unknown): set is JWKs;
/**
* Pick a JWK from a JWK set by its Key ID
*/
export declare function findJWK(kid: string | undefined, jwks: JWKs): JWK | undefined;
export declare function decodeWithoutVerify(jwt: string): {
header: JOSEHeader;
payload: unknown;
signature: string | undefined;
};
/**
* Supported headers: [kid, jwk, jku]
*/
export declare function jwkForSignature(sig: string, hint: false | string | JWKs | JWK, { timeout }?: {
timeout?: number;
}): Promise<JWK>;