expresscheckout-nodejs/dist/cjs/security/JWE.js

Juspay's official expresscheckout-nodejs sdk

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
const crypto_1 = __importDefault(require("crypto"));
const Utils_js_1 = __importDefault(require("./Utils.js"));
const JuspayCryptoError_js_1 = __importDefault(require("./JuspayCryptoError.js"));
function encrypt(data, keyId, publicKey) {
    try {
        const headers = {
            alg: 'RSA-OAEP',
            enc: 'A256GCM',
            cty: 'JWT',
            kid: keyId,
        };
        const aad = Utils_js_1.default.encodeBase64Url(JSON.stringify(headers));
        const cek = crypto_1.default.randomBytes(32);
        const cekOptions = {
            key: publicKey,
            padding: crypto_1.default.constants.RSA_PKCS1_OAEP_PADDING,
        };
        const encryptedKey = Utils_js_1.default.encodeBase64UrlFromBuffer(crypto_1.default.publicEncrypt(cekOptions, cek));
        const iv = crypto_1.default.randomBytes(12);
        const cipher = crypto_1.default.createCipheriv('aes-256-gcm', cek, iv);
        cipher.setAutoPadding(false);
        cipher.setAAD(Buffer.from(aad));
        const cipherOutput = Buffer.concat([cipher.update(data), cipher.final()]);
        const authTag = cipher.getAuthTag();
        const ivText = Utils_js_1.default.encodeBase64UrlFromBuffer(iv);
        const cipherText = Utils_js_1.default.encodeBase64UrlFromBuffer(cipherOutput);
        const tagText = Utils_js_1.default.encodeBase64UrlFromBuffer(authTag);
        return {
            header: aad,
            encryptedKey,
            iv: ivText,
            encryptedPayload: cipherText,
            tag: tagText,
        };
    }
    catch (error) {
        throw new JuspayCryptoError_js_1.default(error, 'EncryptionFailed');
    }
}
function decrypt(cipher, privateKey) {
    let data;
    if (typeof cipher == 'string') {
        try {
            data = JSON.parse(cipher);
        }
        catch (error) {
            const cipherParts = cipher.split('.');
            if (cipherParts.length != 5) {
                throw new JuspayCryptoError_js_1.default('Encrypted Payload Illformed!', 'EncryptedCipherIllformed');
            }
            data = {
                header: cipherParts[0],
                encryptedKey: cipherParts[1],
                iv: cipherParts[2],
                encryptedPayload: cipherParts[3],
                tag: cipherParts[4],
            };
        }
    }
    else {
        data = cipher;
    }
    try {
        const aad = Buffer.from(data.header), encryptedKey = Utils_js_1.default.decodeBase64UrlToBuffer(data.encryptedKey), iv = Utils_js_1.default.decodeBase64UrlToBuffer(data.iv), encryptedPayload = Utils_js_1.default.decodeBase64UrlToBuffer(data.encryptedPayload), tag = Utils_js_1.default.decodeBase64UrlToBuffer(data.tag);
        const cekOptions = {
            key: privateKey,
            oaepHash: 'sha256',
            padding: crypto_1.default.constants.RSA_PKCS1_OAEP_PADDING,
        };
        const cek = crypto_1.default.privateDecrypt(cekOptions, encryptedKey);
        const decipher = crypto_1.default.createDecipheriv('aes-256-gcm', cek, iv);
        decipher.setAutoPadding(false);
        decipher.setAAD(aad);
        decipher.setAuthTag(tag);
        const cipherOutput = Buffer.concat([
            decipher.update(encryptedPayload),
            decipher.final(),
        ]);
        return Utils_js_1.default.decodeBase64Url(cipherOutput.toString('base64'));
    }
    catch (error) {
        throw new JuspayCryptoError_js_1.default(error, 'DecryptionFailed');
    }
}
exports.default = {
    encrypt,
    decrypt,
};
//# sourceMappingURL=JWE.js.map