update name: convertIfEcdsa => ecdsaAsn1SigToJoseSig

README.md

@@ -29,26 +29,50 @@ and [Rasha.js (RSA)](https://git.coolaj86.com/coolaj86/rasha.js/).
 
 # Usage
 
-A brief (albeit somewhat nonsensical) introduction to the APIs:
+A brief introduction to the APIs:
 
 ```
+// generate a new keypair as jwk
+// (defaults to EC P-256 when no options are specified)
 Keypairs.generate().then(function (pair) {
-  return Keypairs.export({ jwk: pair.private }).then(function (pem) {
+  console.log(pair.private);
+  console.log(pair.public);
+});
+```
+
+```
+// JWK to PEM
+// (supports various 'format' and 'encoding' options)
+return Keypairs.export({ jwk: pair.private, format: 'pkcs8' }).then(function (pem) {
+  console.log(pem);
+});
+```
+
+```
+// PEM to JWK
 return Keypairs.import({ pem: pem }).then(function (jwk) {
+  console.log(jwk);
+});
+```
+
+```
+// Thumbprint a JWK (SHA256)
 return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) {
   console.log(thumb);
+});
+```
+
+```
+// Sign a JWT (aka compact JWS)
 return Keypairs.signJwt({
-          jwk: keypair.private
+  jwk: pair.private
+, iss: 'https://example.com'
+, exp: '1h'
+  // optional claims
 , claims: {
-            iss: 'https://example.com'
   , sub: 'jon.doe@gmail.com'
-          , exp: Math.round(Date.now()/1000) + (3 * 24 * 60 * 60)
   }
 });
-      });
-    });
-  });
-});
 ```
 
 By default ECDSA keys will be used since they've had native support in node
@@ -56,9 +80,9 @@ _much_ longer than RSA has, and they're smaller, and faster to generate.
 
 ## API Overview
 
-* generate
+* generate (JWK)
-* parse
+* parse (PEM)
-* parseOrGenerate
+* parseOrGenerate (PEM to JWK)
 * import (PEM-to-JWK)
 * export (JWK-to-PEM, private or public)
 * publish (Private JWK to Public JWK)
@@ -141,9 +165,22 @@ Options
 }
 ```
 
-#### Keypairs.publish({ jwk: jwk })
+#### Keypairs.publish({ jwk: jwk, exp: '3d', use: 'sig' })
 
-**Synchronously** strips a key of its private parts and returns the public version.
+Promises a public key that adheres to the OIDC and Auth0 spec (plus expiry), suitable to be published to a JWKs URL:
+
+```
+{ "kty": "EC"
+, "crv": "P-256"
+, "x": "..."
+, "y": "..."
+, "kid": "..."
+, "use": "sig"
+, "exp": 1552074208
+}
+```
+
+In particular this adds "use" and "exp".
 
 #### Keypairs.thumbprint({ jwk: jwk })
 
@@ -155,11 +192,17 @@ Returns a JWT (otherwise known as a protected JWS in "compressed" format).
 
 ```js
 { jwk: jwk
+  // required claims
+, iss: 'https://example.com'
+, exp: '15m'
+  // all optional claims
 , claims: {
   }
 }
 ```
 
+Exp may be human readable duration (i.e. 1h, 15m, 30s) or a datetime in seconds.
+
 Header defaults:
 
 ```js

keypairs.js

@@ -10,10 +10,19 @@ var Keypairs = module.exports;
 Keypairs.generate = function (opts) {
   opts = opts || {};
   var kty = opts.kty || opts.type;
+  var p;
   if ('RSA' === kty) {
-    return Rasha.generate(opts);
+    p = Rasha.generate(opts);
+  } else {
+    p = Eckles.generate(opts);
   }
-  return Eckles.generate(opts);
+  return p.then(function (pair) {
+    return Keypairs.thumbprint({ jwk: pair.public }).then(function (thumb) {
+      pair.private.kid = thumb; // maybe not the same id on the private key?
+      pair.public.kid = thumb;
+      return pair;
+    });
+  });
 };
 
 Keypairs.parse = function (opts) {
@@ -24,6 +33,7 @@ Keypairs.parse = function (opts) {
   var pem;
   var p;
 
+  if (!opts.key || !opts.key.kty) {
     try {
       jwk = JSON.parse(opts.key);
       p = Keypairs.export({ jwk: jwk }).catch(function (e) {
@@ -41,6 +51,9 @@ Keypairs.parse = function (opts) {
         return Promise.reject(err);
       });
     }
+  } else {
+    p = Promise.resolve(opts.key);
+  }
 
   return p.then(function (jwk) {
     var pubopts = JSON.parse(JSON.stringify(opts));
@@ -74,6 +87,11 @@ Keypairs.parseOrGenerate = function (opts) {
 Keypairs.import = function (opts) {
   return Eckles.import(opts).catch(function () {
     return Rasha.import(opts);
+  }).then(function (jwk) {
+    return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) {
+      jwk.kid = thumb;
+      return jwk;
+    });
   });
 };
 
@@ -93,6 +111,7 @@ Keypairs.neuter = Keypairs._neuter = function (opts) {
   // trying to find the best balance of an immutable copy with custom attributes
   var jwk = {};
   Object.keys(opts.jwk).forEach(function (k) {
+    if ('undefined' === typeof opts.jwk[k]) { return; }
     // ignore RSA and EC private parts
     if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
     jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
@@ -103,11 +122,15 @@ Keypairs.neuter = Keypairs._neuter = function (opts) {
 Keypairs.publish = function (opts) {
   if ('object' !== typeof opts.jwk || !opts.jwk.kty) { throw new Error("invalid jwk: " + JSON.stringify(opts.jwk)); }
 
+  // returns a copy
   var jwk = Keypairs.neuter(opts);
 
-  if (!jwk.exp) {
+  if (jwk.exp) {
-    if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
+    jwk.exp = setTime(jwk.exp);
-    else { jwk.exp = opts.expiresAt; }
+  } else {
+    if (opts.exp) { jwk.exp = setTime(opts.exp); }
+    else if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
+    else if (opts.expiresAt) { jwk.exp = opts.expiresAt; }
   }
   if (!jwk.use && false !== jwk.use) { jwk.use = "sig"; }
 
@@ -131,20 +154,25 @@ Keypairs.signJwt = function (opts) {
     var header = opts.header || {};
     var claims = JSON.parse(JSON.stringify(opts.claims || {}));
     header.typ = 'JWT';
-    if (!header.kid) {
+
-      header.kid = thumb;
+    if (!header.kid) { header.kid = thumb; }
-    }
+    if (!header.alg && opts.alg) { header.alg = opts.alg; }
-    if (false === claims.iat) {
+    if (!claims.iat && (false === claims.iat || false === opts.iat)) {
       claims.iat = undefined;
     } else if (!claims.iat) {
       claims.iat = Math.round(Date.now()/1000);
     }
-    if (false === claims.exp) {
+
+    if (opts.exp) {
+      claims.exp = setTime(opts.exp);
+    } else if (!claims.exp && (false === claims.exp || false === opts.exp)) {
       claims.exp = undefined;
     } else if (!claims.exp) {
-      throw new Error("opts.claims.exp should be the expiration date (as seconds since the Unix epoch) or false");
+      throw new Error("opts.claims.exp should be the expiration date as seconds, human form (i.e. '1h' or '15m') or false");
     }
-    if (false === claims.iss) {
+
+    if (opts.iss) { claims.iss = opts.iss; }
+    if (!claims.iss && (false === claims.iss || false === opts.iss)) {
       claims.iss = undefined;
     } else if (!claims.iss) {
       throw new Error("opts.claims.iss should be in the form of https://example.com/, a secure OIDC base url");
@@ -169,7 +197,7 @@ Keypairs.signJws = function (opts) {
       if (!opts.jwk) {
         throw new Error("opts.jwk must exist and must declare 'typ'");
       }
-      return ('RSA' === opts.jwk.typ) ? "RS256" : "ES256";
+      return ('RSA' === opts.jwk.kty) ? "RS256" : "ES256";
     }
 
     function sign(pem) {
@@ -201,13 +229,21 @@ Keypairs.signJws = function (opts) {
       }
 
       // node specifies RSA-SHAxxx even whet it's actually ecdsa (it's all encoded x509 shasums anyway)
-      var nodeAlg = "RSA-SHA" + (((protect||header).alg||'').replace(/^[^\d]+/, '')||'256');
+      var nodeAlg = "SHA" + (((protect||header).alg||'').replace(/^[^\d]+/, '')||'256');
       var protected64 = Enc.strToUrlBase64(protectedHeader);
       var payload64 = Enc.bufToUrlBase64(payload);
-      var sig = require('crypto')
+      var binsig = require('crypto')
         .createSign(nodeAlg)
         .update(protect ? (protected64 + "." + payload64) : payload64)
-        .sign(pem, 'base64')
+        .sign(pem)
+      ;
+      if ('EC' === opts.jwk.kty) {
+        // ECDSA JWT signatures differ from "normal" ECDSA signatures
+        // https://tools.ietf.org/html/rfc7518#section-3.4
+        binsig = ecdsaAsn1SigToJoseSig(binsig);
+      }
+
+      var sig = binsig.toString('base64')
         .replace(/\+/g, '-')
         .replace(/\//g, '_')
         .replace(/=/g, '')
@@ -221,6 +257,41 @@ Keypairs.signJws = function (opts) {
       };
     }
 
+    function ecdsaAsn1SigToJoseSig(binsig) {
+      // should have asn1 sequence header of 0x30
+      if (0x30 !== binsig[0]) { throw new Error("Impossible EC SHA head marker"); }
+      var index = 2; // first ecdsa "R" header byte
+      var len = binsig[1];
+      var lenlen = 0;
+      // Seek length of length if length is greater than 127 (i.e. two 512-bit / 64-byte R and S values)
+      if (0x80 & len) {
+        lenlen = len - 0x80; // should be exactly 1
+        len = binsig[2]; // should be <= 130 (two 64-bit SHA-512s, plus padding)
+        index += lenlen;
+      }
+      // should be of BigInt type
+      if (0x02 !== binsig[index]) { throw new Error("Impossible EC SHA R marker"); }
+      index += 1;
+
+      var rlen = binsig[index];
+      var bits = 32;
+      if (rlen > 49) {
+        bits = 64;
+      } else if (rlen > 33) {
+        bits = 48;
+      }
+      var r = binsig.slice(index + 1, index + 1 + rlen).toString('hex');
+      var slen = binsig[index + 1 + rlen + 1]; // skip header and read length
+      var s = binsig.slice(index + 1 + rlen + 1 + 1).toString('hex');
+      if (2 *slen !== s.length) { throw new Error("Impossible EC SHA S length"); }
+      // There may be one byte of padding on either
+      while (r.length < 2*bits) { r = '00' + r; }
+      while (s.length < 2*bits) { s = '00' + s; }
+      if (2*(bits+1) === r.length) { r = r.slice(2); }
+      if (2*(bits+1) === s.length) { s = s.slice(2); }
+      return Buffer.concat([Buffer.from(r, 'hex'), Buffer.from(s, 'hex')]);
+    }
+
     if (opts.pem && opts.jwk) {
       return sign(opts.pem);
     } else {
@@ -229,6 +300,36 @@ Keypairs.signJws = function (opts) {
   });
 };
 
+function setTime(time) {
+  if ('number' === typeof time) { return time; }
+
+  var t = time.match(/^(\-?\d+)([dhms])$/i);
+  if (!t || !t[0]) {
+    throw new Error("'" + time + "' should be datetime in seconds or human-readable format (i.e. 3d, 1h, 15m, 30s");
+  }
+
+  var now = Math.round(Date.now()/1000);
+  var num = parseInt(t[1], 10);
+  var unit = t[2];
+  var mult = 1;
+  switch(unit) {
+    // fancy fallthrough, what fun!
+    case 'd':
+      mult *= 24;
+      /*falls through*/
+    case 'h':
+      mult *= 60;
+      /*falls through*/
+    case 'm':
+      mult *= 60;
+      /*falls through*/
+    case 's':
+      mult *= 1;
+  }
+
+  return now + (mult * num);
+}
+
 Enc.strToUrlBase64 = function (str) {
   // node automatically can tell the difference
   // between uc2 (utf-8) strings and binary strings
@@ -241,3 +342,25 @@ Enc.bufToUrlBase64 = function (buf) {
   return Buffer.from(buf).toString('base64')
     .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
 };
+
+// For 'rsa-compat' module only
+// PLEASE do not use these sync methods, they are deprecated
+Keypairs._importSync = function (opts) {
+  try {
+    return Eckles.importSync(opts);
+  } catch(e) {
+    try {
+      return Rasha.importSync(opts);
+    } catch(e) {
+      console.error("options.pem does not appear to be a valid RSA or ECDSA public or private key");
+    }
+  }
+};
+// PLEASE do not use these, they are deprecated
+Keypairs._exportSync = function (opts) {
+  if ('RSA' === opts.jwk.kty) {
+    return Rasha.exportSync(opts);
+  } else {
+    return Eckles.exportSync(opts);
+  }
+};

package.json

@@ -1,10 +1,9 @@
 {
   "name": "keypairs",
-  "version": "1.2.6",
+  "version": "1.2.14",
-  "description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM",
+  "description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM using node's native RSA and ECDSA support",
   "main": "keypairs.js",
   "files": [
-    "CLI.md",
     "bin/keypairs.js"
   ],
   "scripts": {
@@ -22,7 +21,11 @@
     "RSA",
     "ECDSA",
     "PEM",
-    "JWK"
+    "JWK",
+    "keypair",
+    "crypto",
+    "sign",
+    "verify"
   ],
   "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
   "license": "MPL-2.0",

test.js

@@ -1,6 +1,7 @@
 var Keypairs = require('./');
 
 /* global Promise*/
+console.info("This SHOULD result in an error message:");
 Keypairs.parseOrGenerate({ key: '' }).then(function (pair) {
   // should NOT have any warning output
   if (!pair.private || !pair.public) {
@@ -90,6 +91,20 @@ Keypairs.parseOrGenerate({ key: '' }).then(function (pair) {
       if ('NOERR' === e.code) { throw e; }
       return true;
     })
+  , Keypairs.signJwt({ jwk: pair.private, alg: 'ES512', iss: 'https://example.com/', exp: '1h' }).then(function (jwt) {
+      var parts = jwt.split('.');
+      var now = Math.round(Date.now()/1000);
+      var token = {
+        header: JSON.parse(Buffer.from(parts[0], 'base64'))
+      , payload: JSON.parse(Buffer.from(parts[1], 'base64'))
+      , signature: parts[2] //Buffer.from(parts[2], 'base64')
+      };
+      // allow some leeway just in case we happen to hit a 1ms boundary
+      if (token.payload.exp - now > 60 * 59.99) {
+        return true;
+      }
+      throw new Error("token was not properly generated");
+    })
   ]).then(function (results) {
     if (results.length && results.every(function (v) { return true === v; })) {
       console.info("If a warning prints right above this, it's a pass");