chore(release): 4.0.0

panva · Oct 14, 2021 · c9ea9de · c9ea9de
1 parent 6de3812
commit c9ea9de
Show file tree

Hide file tree

Showing 369 changed files with 18,043 additions and 30 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,35 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [4.0.0](https://github.com/panva/jose/compare/v3.20.3...v4.0.0) (2021-10-14)
+
+
+### ⚠ BREAKING CHANGES
+
+* All module named exports have moved from subpaths to
+just "jose". For example, `import { jwtVerify } from 'jose/jwt/verify'`
+is now just `import { jwtVerify } from 'jose'`.
+* All submodule default exports and named have been
+removed in favour of just "jose" named exports.
+* **typescript:** remove repeated type re-exports
+* The undocumented `jose/util/random` was removed.
+* The `jose/jwk/thumbprint` named export
+is renamed to `calculateJwkThumbprint`, now
+`import { calculateJwkThumbprint } from 'jose'`
+* The deprecated `jose/jwk/parse` module was
+removed, use `import { importJWK } from 'jose'` instead.
+* The deprecated `jose/jwk/from_key_like` module was
+removed, use `import { exportJWK } from 'jose'` instead.
+
+### Refactor
+
+* redo exports to support broader tooling ([dd2cf9e](https://github.com/panva/jose/commit/dd2cf9ed2d89488de6dc4536f721887ffc9bb34f))
+* remove util/random ([914e47f](https://github.com/panva/jose/commit/914e47fc9b6c207fd7e3469b1c3fac40f7a81031))
+* removed the deprecated jwk/from_key_like module ([ec1d0e7](https://github.com/panva/jose/commit/ec1d0e72fe39ec2bccc28e46b5bce2dc17711134))
+* removed the deprecated jwk/parse module ([8d3cc3b](https://github.com/panva/jose/commit/8d3cc3bb46e7e87e6511859dce58a651811ca551))
+* rename calculateThumprint to calculateJwkThumbprint ([5afb713](https://github.com/panva/jose/commit/5afb713fbb99e6c884bb3b1c68ae2cf490e54595))
+* **typescript:** remove repeated type re-exports ([3e137d2](https://github.com/panva/jose/commit/3e137d2427035d18397825074c2ee1e5db97515b))
+
 ## [3.20.3](https://github.com/panva/jose/compare/v3.20.2...v3.20.3) (2021-10-14)
 
 

diff --git a/dist/browser/index.js b/dist/browser/index.js
@@ -0,0 +1,28 @@
+export { compactDecrypt } from './jwe/compact/decrypt.js';
+export { flattenedDecrypt } from './jwe/flattened/decrypt.js';
+export { generalDecrypt } from './jwe/general/decrypt.js';
+export { compactVerify } from './jws/compact/verify.js';
+export { flattenedVerify } from './jws/flattened/verify.js';
+export { generalVerify } from './jws/general/verify.js';
+export { jwtVerify } from './jwt/verify.js';
+export { jwtDecrypt } from './jwt/decrypt.js';
+export { CompactEncrypt } from './jwe/compact/encrypt.js';
+export { FlattenedEncrypt } from './jwe/flattened/encrypt.js';
+export { CompactSign } from './jws/compact/sign.js';
+export { FlattenedSign } from './jws/flattened/sign.js';
+export { GeneralSign } from './jws/general/sign.js';
+export { SignJWT } from './jwt/sign.js';
+export { EncryptJWT } from './jwt/encrypt.js';
+export { calculateJwkThumbprint } from './jwk/thumbprint.js';
+export { EmbeddedJWK } from './jwk/embedded.js';
+export { createRemoteJWKSet } from './jwks/remote.js';
+export { UnsecuredJWT } from './jwt/unsecured.js';
+export { exportPKCS8, exportSPKI, exportJWK } from './key/export.js';
+export { importSPKI, importPKCS8, importX509, importJWK } from './key/import.js';
+export { decodeProtectedHeader } from './util/decode_protected_header.js';
+import * as errors_1 from './util/errors.js';
+export { errors_1 as errors };
+export { generateKeyPair } from './key/generate_key_pair.js';
+export { generateSecret } from './key/generate_secret.js';
+import * as base64url_1 from './util/base64url.js';
+export { base64url_1 as base64url };
diff --git a/dist/browser/jwe/compact/decrypt.js b/dist/browser/jwe/compact/decrypt.js
@@ -0,0 +1,27 @@
+import { flattenedDecrypt } from '../flattened/decrypt.js';
+import { JWEInvalid } from '../../util/errors.js';
+import { decoder } from '../../lib/buffer_utils.js';
+export async function compactDecrypt(jwe, key, options) {
+    if (jwe instanceof Uint8Array) {
+        jwe = decoder.decode(jwe);
+    }
+    if (typeof jwe !== 'string') {
+        throw new JWEInvalid('Compact JWE must be a string or Uint8Array');
+    }
+    const { 0: protectedHeader, 1: encryptedKey, 2: iv, 3: ciphertext, 4: tag, length, } = jwe.split('.');
+    if (length !== 5) {
+        throw new JWEInvalid('Invalid Compact JWE');
+    }
+    const decrypted = await flattenedDecrypt({
+        ciphertext: (ciphertext || undefined),
+        iv: (iv || undefined),
+        protected: protectedHeader || undefined,
+        tag: (tag || undefined),
+        encrypted_key: encryptedKey || undefined,
+    }, key, options);
+    const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };
+    if (typeof key === 'function') {
+        return { ...result, key: decrypted.key };
+    }
+    return result;
+}
diff --git a/dist/browser/jwe/compact/encrypt.js b/dist/browser/jwe/compact/encrypt.js
@@ -0,0 +1,26 @@
+import { FlattenedEncrypt } from '../flattened/encrypt.js';
+export class CompactEncrypt {
+    constructor(plaintext) {
+        this._flattened = new FlattenedEncrypt(plaintext);
+    }
+    setContentEncryptionKey(cek) {
+        this._flattened.setContentEncryptionKey(cek);
+        return this;
+    }
+    setInitializationVector(iv) {
+        this._flattened.setInitializationVector(iv);
+        return this;
+    }
+    setProtectedHeader(protectedHeader) {
+        this._flattened.setProtectedHeader(protectedHeader);
+        return this;
+    }
+    setKeyManagementParameters(parameters) {
+        this._flattened.setKeyManagementParameters(parameters);
+        return this;
+    }
+    async encrypt(key, options) {
+        const jwe = await this._flattened.encrypt(key, options);
+        return [jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join('.');
+    }
+}
diff --git a/dist/browser/jwe/flattened/decrypt.js b/dist/browser/jwe/flattened/decrypt.js
@@ -0,0 +1,137 @@
+import { decode as base64url } from '../../runtime/base64url.js';
+import decrypt from '../../runtime/decrypt.js';
+import { inflate } from '../../runtime/zlib.js';
+import { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js';
+import isDisjoint from '../../lib/is_disjoint.js';
+import isObject from '../../lib/is_object.js';
+import decryptKeyManagement from '../../lib/decrypt_key_management.js';
+import { encoder, decoder, concat } from '../../lib/buffer_utils.js';
+import generateCek from '../../lib/cek.js';
+import validateCrit from '../../lib/validate_crit.js';
+import validateAlgorithms from '../../lib/validate_algorithms.js';
+export async function flattenedDecrypt(jwe, key, options) {
+    var _a;
+    if (!isObject(jwe)) {
+        throw new JWEInvalid('Flattened JWE must be an object');
+    }
+    if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) {
+        throw new JWEInvalid('JOSE Header missing');
+    }
+    if (typeof jwe.iv !== 'string') {
+        throw new JWEInvalid('JWE Initialization Vector missing or incorrect type');
+    }
+    if (typeof jwe.ciphertext !== 'string') {
+        throw new JWEInvalid('JWE Ciphertext missing or incorrect type');
+    }
+    if (typeof jwe.tag !== 'string') {
+        throw new JWEInvalid('JWE Authentication Tag missing or incorrect type');
+    }
+    if (jwe.protected !== undefined && typeof jwe.protected !== 'string') {
+        throw new JWEInvalid('JWE Protected Header incorrect type');
+    }
+    if (jwe.encrypted_key !== undefined && typeof jwe.encrypted_key !== 'string') {
+        throw new JWEInvalid('JWE Encrypted Key incorrect type');
+    }
+    if (jwe.aad !== undefined && typeof jwe.aad !== 'string') {
+        throw new JWEInvalid('JWE AAD incorrect type');
+    }
+    if (jwe.header !== undefined && !isObject(jwe.header)) {
+        throw new JWEInvalid('JWE Shared Unprotected Header incorrect type');
+    }
+    if (jwe.unprotected !== undefined && !isObject(jwe.unprotected)) {
+        throw new JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type');
+    }
+    let parsedProt;
+    if (jwe.protected) {
+        const protectedHeader = base64url(jwe.protected);
+        try {
+            parsedProt = JSON.parse(decoder.decode(protectedHeader));
+        }
+        catch (_b) {
+            throw new JWEInvalid('JWE Protected Header is invalid');
+        }
+    }
+    if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) {
+        throw new JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint');
+    }
+    const joseHeader = {
+        ...parsedProt,
+        ...jwe.header,
+        ...jwe.unprotected,
+    };
+    validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
+    if (joseHeader.zip !== undefined) {
+        if (!parsedProt || !parsedProt.zip) {
+            throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');
+        }
+        if (joseHeader.zip !== 'DEF') {
+            throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value');
+        }
+    }
+    const { alg, enc } = joseHeader;
+    if (typeof alg !== 'string' || !alg) {
+        throw new JWEInvalid('missing JWE Algorithm (alg) in JWE Header');
+    }
+    if (typeof enc !== 'string' || !enc) {
+        throw new JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header');
+    }
+    const keyManagementAlgorithms = options && validateAlgorithms('keyManagementAlgorithms', options.keyManagementAlgorithms);
+    const contentEncryptionAlgorithms = options &&
+        validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);
+    if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) {
+        throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed');
+    }
+    if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) {
+        throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter not allowed');
+    }
+    let encryptedKey;
+    if (jwe.encrypted_key !== undefined) {
+        encryptedKey = base64url(jwe.encrypted_key);
+    }
+    let resolvedKey = false;
+    if (typeof key === 'function') {
+        key = await key(parsedProt, jwe);
+        resolvedKey = true;
+    }
+    let cek;
+    try {
+        cek = await decryptKeyManagement(alg, key, encryptedKey, joseHeader);
+    }
+    catch (err) {
+        if (err instanceof TypeError) {
+            throw err;
+        }
+        cek = generateCek(enc);
+    }
+    const iv = base64url(jwe.iv);
+    const tag = base64url(jwe.tag);
+    const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
+    let additionalData;
+    if (jwe.aad !== undefined) {
+        additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(jwe.aad));
+    }
+    else {
+        additionalData = protectedHeader;
+    }
+    let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData);
+    if (joseHeader.zip === 'DEF') {
+        plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext);
+    }
+    const result = { plaintext };
+    if (jwe.protected !== undefined) {
+        result.protectedHeader = parsedProt;
+    }
+    if (jwe.aad !== undefined) {
+        result.additionalAuthenticatedData = base64url(jwe.aad);
+    }
+    if (jwe.unprotected !== undefined) {
+        result.sharedUnprotectedHeader = jwe.unprotected;
+    }
+    if (jwe.header !== undefined) {
+        result.unprotectedHeader = jwe.header;
+    }
+    if (resolvedKey) {
+        return { ...result, key };
+    }
+    return result;
+}