signicat-client-ts
Version:
Community TypeScript client for Signicat Authentication REST API with automatic token management
132 lines (131 loc) • 5.44 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.EncryptionService = void 0;
const jose = __importStar(require("node-jose"));
/**
* Signicat Encryption Service
* Handles JWE encryption/decryption for Signicat API responses
*/
class EncryptionService {
/**
* Generate a new RSA key pair for encryption
* @param keySize Key size in bits (2048 or 4096)
* @returns Promise containing public and private keys in JWK format
*/
static generateRSAKeyPair() {
return __awaiter(this, arguments, void 0, function* (keySize = 2048) {
// Generate RSA key pair using node-jose
const keystore = jose.JWK.createKeyStore();
const key = yield keystore.generate("RSA", keySize, {
alg: "RSA-OAEP",
use: "enc",
});
// Export keys as JWK
const publicJWK = key.toJSON();
const privateJWK = key.toJSON(true); // true to include private components
// Format public key according to Signicat requirements
const signicatPublicKey = {
kty: "rsa",
use: "enc",
alg: "RSA-OAEP",
e: publicJWK.e,
n: publicJWK.n,
d: null, // Private exponent must be null for public key
};
return {
publicKey: signicatPublicKey,
privateKey: privateJWK,
};
});
}
/**
* Decrypt JWE response from Signicat
* @param jweToken The JWE token received from Signicat
* @param privateKey The private key in JWK format
* @returns Decrypted payload as JSON object
*/
static decryptJWE(jweToken, privateKey) {
return __awaiter(this, void 0, void 0, function* () {
try {
// Import private key
const keystore = jose.JWK.createKeyStore();
const key = yield keystore.add(privateKey);
// Decrypt JWE
const result = yield jose.JWE.createDecrypt(key).decrypt(jweToken);
// Parse JSON payload
const jsonString = result.payload.toString("utf8");
return JSON.parse(jsonString);
}
catch (error) {
throw new Error(`Failed to decrypt JWE token: ${error instanceof Error ? error.message : "Unknown error"}`);
}
});
}
/**
* Check if response is encrypted (JWE format)
* @param contentType The Content-Type header from the response
* @returns True if the response is encrypted
*/
static isEncryptedResponse(contentType) {
return contentType.includes("application/jose");
}
/**
* Validate encryption key format
* @param key The encryption key to validate
* @returns True if the key is valid
*/
static validateEncryptionKey(key) {
// Check required fields for RSA
if (key.kty === "rsa") {
return !!(key.alg === "RSA-OAEP" && key.use === "enc" && key.e && key.n);
}
// Check required fields for EC (when supported)
if (key.kty === "ec") {
return !!(key.alg === "ECDH-ES" && key.use === "enc" && key.crv && key.x && key.y);
}
return false;
}
}
exports.EncryptionService = EncryptionService;