UNPKG

cose-kit

Version:

This is an early prototype of a RFC8152 COSE library for node.js.

github.com/jfromaniello/cose-kit

jfromaniello/cose-kit

88 lines (87 loc) 3.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import { KeyLike, JSONWebKeySet } from 'jose'; import { SignatureBase } from '../cose/SignatureBase.js'; /** @private */ export declare function isJWKSLike(jwks: unknown): jwks is JSONWebKeySet; /** @private */ export declare class COSELocalJWKSet<T extends KeyLike = KeyLike> { protected _jwks?: JSONWebKeySet; private _cached; constructor(jwks: unknown); getKey(signature: SignatureBase): Promise<T>; } export type COSEVerifyGetKey = ReturnType<typeof createLocalJWKSet>; /** * Returns a function that resolves to a key object from a locally stored, or otherwise available, * JSON Web Key Set. * * It uses the "alg" (JWS Algorithm) Header Parameter to determine the right JWK "kty" (Key Type), * then proceeds to match the JWK "kid" (Key ID) with one found in the JWS Header Parameters (if * there is one) while also respecting the JWK "use" (Public Key Use) and JWK "key_ops" (Key * Operations) Parameters (if they are present on the JWK). * * Only a single public key must match the selection process. As shown in the example below when * multiple keys get matched it is possible to opt-in to iterate over the matched keys and attempt * verification in an iterative manner. * * @example * * ```js * const JWKS = jose.createLocalJWKSet({ * keys: [ * { * kty: 'RSA', * e: 'AQAB', * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', * alg: 'PS256', * }, * { * crv: 'P-256', * kty: 'EC', * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', * alg: 'ES256', * }, * ], * }) * * const { payload, protectedHeaders } = await jose.jwtVerify(jwt, JWKS, { * issuer: 'urn:example:issuer', * audience: 'urn:example:audience', * }) * console.log(protectedHeaders) * console.log(payload) * ``` * * @example Opting-in to multiple JWKS matches using `createLocalJWKSet` * * ```js * const options = { * issuer: 'urn:example:issuer', * audience: 'urn:example:audience', * } * const { payload, protectedHeaders } = await jose * .jwtVerify(jwt, JWKS, options) * .catch(async (error) => { * if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') { * for await (const publicKey of error) { * try { * return await jose.jwtVerify(jwt, publicKey, options) * } catch (innerError) { * if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') { * continue * } * throw innerError * } * } * throw new jose.errors.JWSSignatureVerificationFailed() * } * * throw error * }) * console.log(protectedHeaders) * console.log(payload) * ``` * * @param jwks JSON Web Key Set formatted object. */ export declare function createLocalJWKSet<T extends KeyLike = KeyLike>(jwks: JSONWebKeySet): (signature: SignatureBase) => Promise<T>;