UNPKG

@oada/certs

Version:

Generate and verify JWT signatures (OAuth dynamic client registration certificates and Trellis document integrity signatures) in the Open Ag Data Alliance (OADA) and Trellis ecosystems

64 lines (63 loc) 1.99 kB
/** * @license * Copyright 2019 Open Ag Data Alliance * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import type { JOSEHeader } from './jwks-utils'; export declare const TRUSTED_LIST_URI = "https://oada.github.io/oada-trusted-lists/client-registration-v2.json"; export interface ValidateResult { /** * Valid and JWK/JKU+KID is in trusted list */ trusted: boolean; /** * Whether signature is a valid signature, regardless of trusted list status */ valid: boolean; /** * The actual decoded client certificate */ payload?: unknown; header?: JOSEHeader; /** * Array of objects with "message" keys giving details on the validation results */ details: ReadonlyArray<{ message: string; }>; } export interface ValidateOptions { /** * Timeout in ms * @default 1000 */ timeout: number; /** * Timeout in seconds * @default 3600 */ trustedListCacheTime: number; additionalTrustedListURIs: readonly string[]; /** * @default false */ disableDefaultTrustedListURI: boolean; } export declare type TrustedList = readonly string[] | { version: '2'; jkus?: unknown; jwks?: unknown; }; export declare function clearCache(): void; export declare function validate(sig: string, { timeout, trustedListCacheTime, additionalTrustedListURIs, disableDefaultTrustedListURI, }?: Partial<ValidateOptions>): Promise<ValidateResult>;