From be3f4e4b7ee72ea246acd9224c8d01056f36d811 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 4 Mar 2019 22:56:25 +0100
Subject: [PATCH] fix: do not 'in' operator when importing keys as string

---
 lib/jwk/import.js       |  4 ++--
 test/jwk/import.test.js | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/lib/jwk/import.js b/lib/jwk/import.js
index ff8a5aac82..05acbce84e 100644
--- a/lib/jwk/import.js
+++ b/lib/jwk/import.js
@@ -40,7 +40,7 @@ const importKey = (key, parameters) => {
         break
       default:
     }
-  } else if ('kty' in key && key.kty === 'oct') { // symmetric key <Object>
+  } else if (typeof key === 'object' && 'kty' in key && key.kty === 'oct') { // symmetric key <Object>
     try {
       secret = createSecretKey(base64url.decodeToBuffer(key.k))
     } catch (err) {
@@ -49,7 +49,7 @@ const importKey = (key, parameters) => {
       }
     }
     parameters = mergedParameters(parameters, key)
-  } else if ('kty' in key) { // assume JWK formatted asymmetric key <Object>
+  } else if (typeof key === 'object' && 'kty' in key) { // assume JWK formatted asymmetric key <Object>
     let parsedJWK
     try {
       parsedJWK = jwkToPem(key)
diff --git a/test/jwk/import.test.js b/test/jwk/import.test.js
index c22ca552e5..42a9543568 100644
--- a/test/jwk/import.test.js
+++ b/test/jwk/import.test.js
@@ -36,6 +36,25 @@ test('parameters must be a plain object', t => {
   })
 })
 
+Object.entries(fixtures.PEM).forEach(([type, { private: priv, public: pub }]) => {
+  test(`${type} private can be imported as a string`, t => {
+    const k = importKey(priv.toString('ascii'))
+    t.true(k.private)
+  })
+  test(`${type} public can be imported as a string`, t => {
+    const k = importKey(pub.toString('ascii'))
+    t.true(k.public)
+  })
+  test(`${type} private can be imported as a buffer`, t => {
+    const k = importKey(priv)
+    t.true(k.private)
+  })
+  test(`${type} public can be imported as a buffer`, t => {
+    const k = importKey(pub)
+    t.true(k.public)
+  })
+})
+
 test('failed to import throws an error', t => {
   t.throws(() => {
     importKey({
@@ -44,3 +63,16 @@ test('failed to import throws an error', t => {
     })
   }, { instanceOf: errors.JWKImportFailed, code: 'ERR_JWK_IMPORT_FAILED' })
 })
+
+;[
+  `-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIHXLsXm1lsq5HtyqJwQyFmpfEluuf0KOqP6DqMgGxxDL\n-----END PRIVATE KEY-----`,
+  `-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEXRYV3v5ucrHVR3mKqyPXxXqU34lASwc7Y7MoOvaqcs=\n-----END PUBLIC KEY-----`,
+  `-----BEGIN PRIVATE KEY-----\nMEcCAQAwBQYDK2VxBDsEObxytD95dGN3Hxk7kVk+Lig1rGYTRr3YdaHjRog++Sgk\nQD7KwKmxroBURtkE2N0JbQ3ctdrpGRB5DQ==\n-----END PRIVATE KEY-----`,
+  `-----BEGIN PUBLIC KEY-----\nMEMwBQYDK2VxAzoAIESY3jnpGdB5UVJDCznrv0vmBFIzgSMu+gafsbCX1rFtsJwR\nM6XUDQiEY7dk6rmm/Fktyawna5EA\n-----END PUBLIC KEY-----`
+].forEach((unsupported, i) => {
+  test.skip(`fails to import unsupported PEM ${i + 1}/4`, t => {
+    t.throws(() => {
+      importKey(unsupported)
+    }, { instanceOf: errors.JWKImportFailed, code: 'ERR_JWK_IMPORT_FAILED' })
+  })
+})