v1.2.8: allow non-stringified jwk in parse, ignore undefineds when neutering
This commit is contained in:
parent
885a00c3ae
commit
083cc6d73e
18
README.md
18
README.md
@ -51,6 +51,7 @@ return Keypairs.export({ jwk: pair.private, format: 'pkcs8' }).then(function (pe
|
|||||||
```
|
```
|
||||||
// PEM to JWK
|
// PEM to JWK
|
||||||
return Keypairs.import({ pem: pem }).then(function (jwk) {
|
return Keypairs.import({ pem: pem }).then(function (jwk) {
|
||||||
|
console.log(jwk);
|
||||||
});
|
});
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -164,9 +165,22 @@ Options
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Keypairs.publish({ jwk: jwk })
|
#### Keypairs.publish({ jwk: jwk, exp: '3d', use: 'sig' })
|
||||||
|
|
||||||
**Synchronously** strips a key of its private parts and returns the public version.
|
Promises a public key that adheres to the OIDC and Auth0 spec (plus expiry), suitable to be published to a JWKs URL:
|
||||||
|
|
||||||
|
```
|
||||||
|
{ "kty": "EC"
|
||||||
|
, "crv": "P-256"
|
||||||
|
, "x": "..."
|
||||||
|
, "y": "..."
|
||||||
|
, "kid": "..."
|
||||||
|
, "use": "sig"
|
||||||
|
, "exp": 1552074208
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
In particular this adds "use" and "exp".
|
||||||
|
|
||||||
#### Keypairs.thumbprint({ jwk: jwk })
|
#### Keypairs.thumbprint({ jwk: jwk })
|
||||||
|
|
||||||
|
|||||||
25
keypairs.js
25
keypairs.js
@ -10,10 +10,19 @@ var Keypairs = module.exports;
|
|||||||
Keypairs.generate = function (opts) {
|
Keypairs.generate = function (opts) {
|
||||||
opts = opts || {};
|
opts = opts || {};
|
||||||
var kty = opts.kty || opts.type;
|
var kty = opts.kty || opts.type;
|
||||||
|
var p;
|
||||||
if ('RSA' === kty) {
|
if ('RSA' === kty) {
|
||||||
return Rasha.generate(opts);
|
p = Rasha.generate(opts);
|
||||||
|
} else {
|
||||||
|
p = Eckles.generate(opts);
|
||||||
}
|
}
|
||||||
return Eckles.generate(opts);
|
return p.then(function (pair) {
|
||||||
|
return Keypairs.thumbprint({ jwk: pair.public }).then(function (thumb) {
|
||||||
|
pair.private.kid = thumb; // maybe not the same id on the private key?
|
||||||
|
pair.public.kid = thumb;
|
||||||
|
return pair;
|
||||||
|
});
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
Keypairs.parse = function (opts) {
|
Keypairs.parse = function (opts) {
|
||||||
@ -24,6 +33,7 @@ Keypairs.parse = function (opts) {
|
|||||||
var pem;
|
var pem;
|
||||||
var p;
|
var p;
|
||||||
|
|
||||||
|
if (!opts.key || !opts.key.kty) {
|
||||||
try {
|
try {
|
||||||
jwk = JSON.parse(opts.key);
|
jwk = JSON.parse(opts.key);
|
||||||
p = Keypairs.export({ jwk: jwk }).catch(function (e) {
|
p = Keypairs.export({ jwk: jwk }).catch(function (e) {
|
||||||
@ -41,6 +51,9 @@ Keypairs.parse = function (opts) {
|
|||||||
return Promise.reject(err);
|
return Promise.reject(err);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
p = Promise.resolve(opts.key);
|
||||||
|
}
|
||||||
|
|
||||||
return p.then(function (jwk) {
|
return p.then(function (jwk) {
|
||||||
var pubopts = JSON.parse(JSON.stringify(opts));
|
var pubopts = JSON.parse(JSON.stringify(opts));
|
||||||
@ -74,6 +87,11 @@ Keypairs.parseOrGenerate = function (opts) {
|
|||||||
Keypairs.import = function (opts) {
|
Keypairs.import = function (opts) {
|
||||||
return Eckles.import(opts).catch(function () {
|
return Eckles.import(opts).catch(function () {
|
||||||
return Rasha.import(opts);
|
return Rasha.import(opts);
|
||||||
|
}).then(function (jwk) {
|
||||||
|
return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) {
|
||||||
|
jwk.kid = thumb;
|
||||||
|
return jwk;
|
||||||
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -93,6 +111,7 @@ Keypairs.neuter = Keypairs._neuter = function (opts) {
|
|||||||
// trying to find the best balance of an immutable copy with custom attributes
|
// trying to find the best balance of an immutable copy with custom attributes
|
||||||
var jwk = {};
|
var jwk = {};
|
||||||
Object.keys(opts.jwk).forEach(function (k) {
|
Object.keys(opts.jwk).forEach(function (k) {
|
||||||
|
if ('undefined' === typeof opts.jwk[k]) { return; }
|
||||||
// ignore RSA and EC private parts
|
// ignore RSA and EC private parts
|
||||||
if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
|
if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
|
||||||
jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
|
jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
|
||||||
@ -111,7 +130,7 @@ Keypairs.publish = function (opts) {
|
|||||||
} else {
|
} else {
|
||||||
if (opts.exp) { jwk.exp = setTime(opts.exp); }
|
if (opts.exp) { jwk.exp = setTime(opts.exp); }
|
||||||
else if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
|
else if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
|
||||||
else { jwk.exp = opts.expiresAt; }
|
else if (opts.expiresAt) { jwk.exp = opts.expiresAt; }
|
||||||
}
|
}
|
||||||
if (!jwk.use && false !== jwk.use) { jwk.use = "sig"; }
|
if (!jwk.use && false !== jwk.use) { jwk.use = "sig"; }
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "keypairs",
|
"name": "keypairs",
|
||||||
"version": "1.2.7",
|
"version": "1.2.8",
|
||||||
"description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM",
|
"description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM",
|
||||||
"main": "keypairs.js",
|
"main": "keypairs.js",
|
||||||
"files": [
|
"files": [
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user