marketing-shibata50/cmux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update app and tooling

Browse source
This commit is contained in:
Lawrence Chen 2026-01-29 17:36:26 -08:00
parent 3046531bdd
commit e620ec7349
4950 changed files with 2975120 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

55
node_modules/jose/dist/node/cjs/runtime/aeskw.js generated vendored Normal file
View file

@ -0,0 +1,55 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.unwrap = exports.wrap = void 0;
const node_buffer_1 = require("node:buffer");
const node_crypto_1 = require("node:crypto");
const errors_js_1 = require("../util/errors.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function checkKeySize(key, alg) {
if (key.symmetricKeySize << 3 !== parseInt(alg.slice(1, 4), 10)) {
throw new TypeError(`Invalid key size for alg: ${alg}`);
}
}
function ensureKeyObject(key, alg, usage) {
if ((0, is_key_object_js_1.default)(key)) {
return key;
}
if (key instanceof Uint8Array) {
return (0, node_crypto_1.createSecretKey)(key);
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, usage);
return node_crypto_1.KeyObject.from(key);
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
const wrap = (alg, key, cek) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'wrapKey');
checkKeySize(keyObject, alg);
const cipher = (0, node_crypto_1.createCipheriv)(algorithm, keyObject, node_buffer_1.Buffer.alloc(8, 0xa6));
return (0, buffer_utils_js_1.concat)(cipher.update(cek), cipher.final());
};
exports.wrap = wrap;
const unwrap = (alg, key, encryptedKey) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'unwrapKey');
checkKeySize(keyObject, alg);
const cipher = (0, node_crypto_1.createDecipheriv)(algorithm, keyObject, node_buffer_1.Buffer.alloc(8, 0xa6));
return (0, buffer_utils_js_1.concat)(cipher.update(encryptedKey), cipher.final());
};
exports.unwrap = unwrap;

54
node_modules/jose/dist/node/cjs/runtime/asn1.js generated vendored Normal file
View file

@ -0,0 +1,54 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.fromX509 = exports.fromSPKI = exports.fromPKCS8 = exports.toPKCS8 = exports.toSPKI = void 0;
const node_crypto_1 = require("node:crypto");
const node_buffer_1 = require("node:buffer");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const genericExport = (keyType, keyFormat, key) => {
let keyObject;
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = node_crypto_1.KeyObject.from(key);
}
else if ((0, is_key_object_js_1.default)(key)) {
keyObject = key;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
if (keyObject.type !== keyType) {
throw new TypeError(`key is not a ${keyType} key`);
}
return keyObject.export({ format: 'pem', type: keyFormat });
};
const toSPKI = (key) => {
return genericExport('public', 'spki', key);
};
exports.toSPKI = toSPKI;
const toPKCS8 = (key) => {
return genericExport('private', 'pkcs8', key);
};
exports.toPKCS8 = toPKCS8;
const fromPKCS8 = (pem) => (0, node_crypto_1.createPrivateKey)({
key: node_buffer_1.Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, ''), 'base64'),
type: 'pkcs8',
format: 'der',
});
exports.fromPKCS8 = fromPKCS8;
const fromSPKI = (pem) => (0, node_crypto_1.createPublicKey)({
key: node_buffer_1.Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, ''), 'base64'),
type: 'spki',
format: 'der',
});
exports.fromSPKI = fromSPKI;
const fromX509 = (pem) => (0, node_crypto_1.createPublicKey)({
key: pem,
type: 'spki',
format: 'pem',
});
exports.fromX509 = fromX509;

20
node_modules/jose/dist/node/cjs/runtime/base64url.js generated vendored Normal file
View file

@ -0,0 +1,20 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decode = exports.encode = exports.encodeBase64 = exports.decodeBase64 = void 0;
const node_buffer_1 = require("node:buffer");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
function normalize(input) {
let encoded = input;
if (encoded instanceof Uint8Array) {
encoded = buffer_utils_js_1.decoder.decode(encoded);
}
return encoded;
}
const encode = (input) => node_buffer_1.Buffer.from(input).toString('base64url');
exports.encode = encode;
const decodeBase64 = (input) => new Uint8Array(node_buffer_1.Buffer.from(input, 'base64'));
exports.decodeBase64 = decodeBase64;
const encodeBase64 = (input) => node_buffer_1.Buffer.from(input).toString('base64');
exports.encodeBase64 = encodeBase64;
const decode = (input) => new Uint8Array(node_buffer_1.Buffer.from(normalize(input), 'base64url'));
exports.decode = decode;

11
node_modules/jose/dist/node/cjs/runtime/cbc_tag.js generated vendored Normal file
View file

@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = cbcTag;
const node_crypto_1 = require("node:crypto");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
function cbcTag(aad, iv, ciphertext, macSize, macKey, keySize) {
const macData = (0, buffer_utils_js_1.concat)(aad, iv, ciphertext, (0, buffer_utils_js_1.uint64be)(aad.length << 3));
const hmac = (0, node_crypto_1.createHmac)(`sha${macSize}`, macKey);
hmac.update(macData);
return hmac.digest().slice(0, keySize >> 3);
}

37
node_modules/jose/dist/node/cjs/runtime/check_cek_length.js generated vendored Normal file
View file

@ -0,0 +1,37 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const errors_js_1 = require("../util/errors.js");
const is_key_object_js_1 = require("./is_key_object.js");
const checkCekLength = (enc, cek) => {
let expected;
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
expected = parseInt(enc.slice(-3), 10);
break;
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
expected = parseInt(enc.slice(1, 4), 10);
break;
default:
throw new errors_js_1.JOSENotSupported(`Content Encryption Algorithm ${enc} is not supported either by JOSE or your javascript runtime`);
}
if (cek instanceof Uint8Array) {
const actual = cek.byteLength << 3;
if (actual !== expected) {
throw new errors_js_1.JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
if ((0, is_key_object_js_1.default)(cek) && cek.type === 'secret') {
const actual = cek.symmetricKeySize << 3;
if (actual !== expected) {
throw new errors_js_1.JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
throw new TypeError('Invalid Content Encryption Key type');
};
exports.default = checkCekLength;

18
node_modules/jose/dist/node/cjs/runtime/check_key_length.js generated vendored Normal file
View file

@ -0,0 +1,18 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
exports.default = (key, alg) => {
let modulusLength;
try {
if (key instanceof node_crypto_1.KeyObject) {
modulusLength = key.asymmetricKeyDetails?.modulusLength;
}
else {
modulusLength = Buffer.from(key.n, 'base64url').byteLength << 3;
}
}
catch { }
if (typeof modulusLength !== 'number' || modulusLength < 2048) {
throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
}
};

8
node_modules/jose/dist/node/cjs/runtime/ciphers.js generated vendored Normal file
View file

@ -0,0 +1,8 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
let ciphers;
exports.default = (algorithm) => {
ciphers ||= new Set((0, node_crypto_1.getCiphers)());
return ciphers.has(algorithm);
};

103
node_modules/jose/dist/node/cjs/runtime/decrypt.js generated vendored Normal file
View file

@ -0,0 +1,103 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const check_iv_length_js_1 = require("../lib/check_iv_length.js");
const check_cek_length_js_1 = require("./check_cek_length.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const errors_js_1 = require("../util/errors.js");
const timing_safe_equal_js_1 = require("./timing_safe_equal.js");
const cbc_tag_js_1 = require("./cbc_tag.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if ((0, is_key_object_js_1.default)(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const macSize = parseInt(enc.slice(-3), 10);
const algorithm = `aes-${keySize}-cbc`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const expectedTag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
let macCheckPassed;
try {
macCheckPassed = (0, timing_safe_equal_js_1.default)(tag, expectedTag);
}
catch {
}
if (!macCheckPassed) {
throw new errors_js_1.JWEDecryptionFailed();
}
let plaintext;
try {
const decipher = (0, node_crypto_1.createDecipheriv)(algorithm, encKey, iv);
plaintext = (0, buffer_utils_js_1.concat)(decipher.update(ciphertext), decipher.final());
}
catch {
}
if (!plaintext) {
throw new errors_js_1.JWEDecryptionFailed();
}
return plaintext;
}
function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
try {
const decipher = (0, node_crypto_1.createDecipheriv)(algorithm, cek, iv, { authTagLength: 16 });
decipher.setAuthTag(tag);
if (aad.byteLength) {
decipher.setAAD(aad, { plaintextLength: ciphertext.length });
}
const plaintext = decipher.update(ciphertext);
decipher.final();
return plaintext;
}
catch {
throw new errors_js_1.JWEDecryptionFailed();
}
}
const decrypt = (enc, cek, ciphertext, iv, tag, aad) => {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(cek)) {
(0, crypto_key_js_1.checkEncCryptoKey)(cek, enc, 'decrypt');
key = node_crypto_1.KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || (0, is_key_object_js_1.default)(cek)) {
key = cek;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(cek, ...is_key_like_js_1.types, 'Uint8Array'));
}
if (!iv) {
throw new errors_js_1.JWEInvalid('JWE Initialization Vector missing');
}
if (!tag) {
throw new errors_js_1.JWEInvalid('JWE Authentication Tag missing');
}
(0, check_cek_length_js_1.default)(enc, key);
(0, check_iv_length_js_1.default)(enc, iv);
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad);
default:
throw new errors_js_1.JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
exports.default = decrypt;

5
node_modules/jose/dist/node/cjs/runtime/digest.js generated vendored Normal file
View file

@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const digest = (algorithm, data) => (0, node_crypto_1.createHash)(algorithm).update(data).digest();
exports.default = digest;

25
node_modules/jose/dist/node/cjs/runtime/dsa_digest.js generated vendored Normal file
View file

@ -0,0 +1,25 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = dsaDigest;
const errors_js_1 = require("../util/errors.js");
function dsaDigest(alg) {
switch (alg) {
case 'PS256':
case 'RS256':
case 'ES256':
case 'ES256K':
return 'sha256';
case 'PS384':
case 'RS384':
case 'ES384':
return 'sha384';
case 'PS512':
case 'RS512':
case 'ES512':
return 'sha512';
case 'EdDSA':
return undefined;
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}

70
node_modules/jose/dist/node/cjs/runtime/ecdhes.js generated vendored Normal file
View file

@ -0,0 +1,70 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ecdhAllowed = void 0;
exports.deriveKey = deriveKey;
exports.generateEpk = generateEpk;
const node_crypto_1 = require("node:crypto");
const node_util_1 = require("node:util");
const get_named_curve_js_1 = require("./get_named_curve.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const errors_js_1 = require("../util/errors.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const generateKeyPair = (0, node_util_1.promisify)(node_crypto_1.generateKeyPair);
async function deriveKey(publicKee, privateKee, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {
let publicKey;
if ((0, webcrypto_js_1.isCryptoKey)(publicKee)) {
(0, crypto_key_js_1.checkEncCryptoKey)(publicKee, 'ECDH');
publicKey = node_crypto_1.KeyObject.from(publicKee);
}
else if ((0, is_key_object_js_1.default)(publicKee)) {
publicKey = publicKee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(publicKee, ...is_key_like_js_1.types));
}
let privateKey;
if ((0, webcrypto_js_1.isCryptoKey)(privateKee)) {
(0, crypto_key_js_1.checkEncCryptoKey)(privateKee, 'ECDH', 'deriveBits');
privateKey = node_crypto_1.KeyObject.from(privateKee);
}
else if ((0, is_key_object_js_1.default)(privateKee)) {
privateKey = privateKee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(privateKee, ...is_key_like_js_1.types));
}
const value = (0, buffer_utils_js_1.concat)((0, buffer_utils_js_1.lengthAndInput)(buffer_utils_js_1.encoder.encode(algorithm)), (0, buffer_utils_js_1.lengthAndInput)(apu), (0, buffer_utils_js_1.lengthAndInput)(apv), (0, buffer_utils_js_1.uint32be)(keyLength));
const sharedSecret = (0, node_crypto_1.diffieHellman)({ privateKey, publicKey });
return (0, buffer_utils_js_1.concatKdf)(sharedSecret, keyLength, value);
}
async function generateEpk(kee) {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(kee)) {
key = node_crypto_1.KeyObject.from(kee);
}
else if ((0, is_key_object_js_1.default)(kee)) {
key = kee;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(kee, ...is_key_like_js_1.types));
}
switch (key.asymmetricKeyType) {
case 'x25519':
return generateKeyPair('x25519');
case 'x448': {
return generateKeyPair('x448');
}
case 'ec': {
const namedCurve = (0, get_named_curve_js_1.default)(key);
return generateKeyPair('ec', { namedCurve });
}
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported EPK');
}
}
const ecdhAllowed = (key) => ['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes((0, get_named_curve_js_1.default)(key));
exports.ecdhAllowed = ecdhAllowed;

80
node_modules/jose/dist/node/cjs/runtime/encrypt.js generated vendored Normal file
View file

@ -0,0 +1,80 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const check_iv_length_js_1 = require("../lib/check_iv_length.js");
const check_cek_length_js_1 = require("./check_cek_length.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const cbc_tag_js_1 = require("./cbc_tag.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const iv_js_1 = require("../lib/iv.js");
const errors_js_1 = require("../util/errors.js");
const ciphers_js_1 = require("./ciphers.js");
const is_key_like_js_1 = require("./is_key_like.js");
function cbcEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if ((0, is_key_object_js_1.default)(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const algorithm = `aes-${keySize}-cbc`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = (0, node_crypto_1.createCipheriv)(algorithm, encKey, iv);
const ciphertext = (0, buffer_utils_js_1.concat)(cipher.update(plaintext), cipher.final());
const macSize = parseInt(enc.slice(-3), 10);
const tag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
return { ciphertext, tag, iv };
}
function gcmEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!(0, ciphers_js_1.default)(algorithm)) {
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = (0, node_crypto_1.createCipheriv)(algorithm, cek, iv, { authTagLength: 16 });
if (aad.byteLength) {
cipher.setAAD(aad, { plaintextLength: plaintext.length });
}
const ciphertext = cipher.update(plaintext);
cipher.final();
const tag = cipher.getAuthTag();
return { ciphertext, tag, iv };
}
const encrypt = (enc, plaintext, cek, iv, aad) => {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(cek)) {
(0, crypto_key_js_1.checkEncCryptoKey)(cek, enc, 'encrypt');
key = node_crypto_1.KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || (0, is_key_object_js_1.default)(cek)) {
key = cek;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(cek, ...is_key_like_js_1.types, 'Uint8Array'));
}
(0, check_cek_length_js_1.default)(enc, key);
if (iv) {
(0, check_iv_length_js_1.default)(enc, iv);
}
else {
iv = (0, iv_js_1.default)(enc);
}
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcEncrypt(enc, plaintext, key, iv, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmEncrypt(enc, plaintext, key, iv, aad);
default:
throw new errors_js_1.JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
exports.default = encrypt;

45
node_modules/jose/dist/node/cjs/runtime/fetch_jwks.js generated vendored Normal file
View file

@ -0,0 +1,45 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const http = require("node:http");
const https = require("node:https");
const node_events_1 = require("node:events");
const errors_js_1 = require("../util/errors.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const fetchJwks = async (url, timeout, options) => {
let get;
switch (url.protocol) {
case 'https:':
get = https.get;
break;
case 'http:':
get = http.get;
break;
default:
throw new TypeError('Unsupported URL protocol.');
}
const { agent, headers } = options;
const req = get(url.href, {
agent,
timeout,
headers,
});
const [response] = (await Promise.race([(0, node_events_1.once)(req, 'response'), (0, node_events_1.once)(req, 'timeout')]));
if (!response) {
req.destroy();
throw new errors_js_1.JWKSTimeout();
}
if (response.statusCode !== 200) {
throw new errors_js_1.JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');
}
const parts = [];
for await (const part of response) {
parts.push(part);
}
try {
return JSON.parse(buffer_utils_js_1.decoder.decode((0, buffer_utils_js_1.concat)(...parts)));
}
catch {
throw new errors_js_1.JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');
}
};
exports.default = fetchJwks;

101
node_modules/jose/dist/node/cjs/runtime/generate.js generated vendored Normal file
View file

@ -0,0 +1,101 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateSecret = generateSecret;
exports.generateKeyPair = generateKeyPair;
const node_crypto_1 = require("node:crypto");
const node_util_1 = require("node:util");
const random_js_1 = require("./random.js");
const errors_js_1 = require("../util/errors.js");
const generate = (0, node_util_1.promisify)(node_crypto_1.generateKeyPair);
async function generateSecret(alg, options) {
let length;
switch (alg) {
case 'HS256':
case 'HS384':
case 'HS512':
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
length = parseInt(alg.slice(-3), 10);
break;
case 'A128KW':
case 'A192KW':
case 'A256KW':
case 'A128GCMKW':
case 'A192GCMKW':
case 'A256GCMKW':
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
length = parseInt(alg.slice(1, 4), 10);
break;
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
return (0, node_crypto_1.createSecretKey)((0, random_js_1.default)(new Uint8Array(length >> 3)));
}
async function generateKeyPair(alg, options) {
switch (alg) {
case 'RS256':
case 'RS384':
case 'RS512':
case 'PS256':
case 'PS384':
case 'PS512':
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
case 'RSA1_5': {
const modulusLength = options?.modulusLength ?? 2048;
if (typeof modulusLength !== 'number' || modulusLength < 2048) {
throw new errors_js_1.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
}
const keypair = await generate('rsa', {
modulusLength,
publicExponent: 0x10001,
});
return keypair;
}
case 'ES256':
return generate('ec', { namedCurve: 'P-256' });
case 'ES256K':
return generate('ec', { namedCurve: 'secp256k1' });
case 'ES384':
return generate('ec', { namedCurve: 'P-384' });
case 'ES512':
return generate('ec', { namedCurve: 'P-521' });
case 'EdDSA': {
switch (options?.crv) {
case undefined:
case 'Ed25519':
return generate('ed25519');
case 'Ed448':
return generate('ed448');
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');
}
}
case 'ECDH-ES':
case 'ECDH-ES+A128KW':
case 'ECDH-ES+A192KW':
case 'ECDH-ES+A256KW': {
const crv = options?.crv ?? 'P-256';
switch (crv) {
case undefined:
case 'P-256':
case 'P-384':
case 'P-521':
return generate('ec', { namedCurve: crv });
case 'X25519':
return generate('x25519');
case 'X448':
return generate('x448');
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
}
}
default:
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
}

61
node_modules/jose/dist/node/cjs/runtime/get_named_curve.js generated vendored Normal file
View file

@ -0,0 +1,61 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.weakMap = void 0;
const node_crypto_1 = require("node:crypto");
const errors_js_1 = require("../util/errors.js");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const is_jwk_js_1 = require("../lib/is_jwk.js");
exports.weakMap = new WeakMap();
const namedCurveToJOSE = (namedCurve) => {
switch (namedCurve) {
case 'prime256v1':
return 'P-256';
case 'secp384r1':
return 'P-384';
case 'secp521r1':
return 'P-521';
case 'secp256k1':
return 'secp256k1';
default:
throw new errors_js_1.JOSENotSupported('Unsupported key curve for this operation');
}
};
const getNamedCurve = (kee, raw) => {
let key;
if ((0, webcrypto_js_1.isCryptoKey)(kee)) {
key = node_crypto_1.KeyObject.from(kee);
}
else if ((0, is_key_object_js_1.default)(kee)) {
key = kee;
}
else if ((0, is_jwk_js_1.isJWK)(kee)) {
return kee.crv;
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(kee, ...is_key_like_js_1.types));
}
if (key.type === 'secret') {
throw new TypeError('only "private" or "public" type keys can be used for this operation');
}
switch (key.asymmetricKeyType) {
case 'ed25519':
case 'ed448':
return `Ed${key.asymmetricKeyType.slice(2)}`;
case 'x25519':
case 'x448':
return `X${key.asymmetricKeyType.slice(1)}`;
case 'ec': {
const namedCurve = key.asymmetricKeyDetails.namedCurve;
if (raw) {
return namedCurve;
}
return namedCurveToJOSE(namedCurve);
}
default:
throw new TypeError('Invalid asymmetric key type for this operation');
}
};
exports.default = getNamedCurve;

31
node_modules/jose/dist/node/cjs/runtime/get_sign_verify_key.js generated vendored Normal file
View file

@ -0,0 +1,31 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = getSignVerifyKey;
const node_crypto_1 = require("node:crypto");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const jwk = require("../lib/is_jwk.js");
function getSignVerifyKey(alg, key, usage) {
if (key instanceof Uint8Array) {
if (!alg.startsWith('HS')) {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
return (0, node_crypto_1.createSecretKey)(key);
}
if (key instanceof node_crypto_1.KeyObject) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkSigCryptoKey)(key, alg, usage);
return node_crypto_1.KeyObject.from(key);
}
if (jwk.isJWK(key)) {
if (alg.startsWith('HS')) {
return (0, node_crypto_1.createSecretKey)(Buffer.from(key.k, 'base64url'));
}
return key;
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array', 'JSON Web Key'));
}

16
node_modules/jose/dist/node/cjs/runtime/hmac_digest.js generated vendored Normal file
View file

@ -0,0 +1,16 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = hmacDigest;
const errors_js_1 = require("../util/errors.js");
function hmacDigest(alg) {
switch (alg) {
case 'HS256':
return 'sha256';
case 'HS384':
return 'sha384';
case 'HS512':
return 'sha512';
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}

11
node_modules/jose/dist/node/cjs/runtime/is_key_like.js generated vendored Normal file
View file

@ -0,0 +1,11 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.types = void 0;
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
exports.default = (key) => (0, is_key_object_js_1.default)(key) || (0, webcrypto_js_1.isCryptoKey)(key);
const types = ['KeyObject'];
exports.types = types;
if (globalThis.CryptoKey || webcrypto_js_1.default?.CryptoKey) {
types.push('CryptoKey');
}

4
node_modules/jose/dist/node/cjs/runtime/is_key_object.js generated vendored Normal file
View file

@ -0,0 +1,4 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const util = require("node:util");
exports.default = (obj) => util.types.isKeyObject(obj);

10
node_modules/jose/dist/node/cjs/runtime/jwk_to_key.js generated vendored Normal file
View file

@ -0,0 +1,10 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const parse = (key) => {
if (key.d) {
return (0, node_crypto_1.createPrivateKey)({ format: 'jwk', key });
}
return (0, node_crypto_1.createPublicKey)({ format: 'jwk', key });
};
exports.default = parse;

36
node_modules/jose/dist/node/cjs/runtime/key_to_jwk.js generated vendored Normal file
View file

@ -0,0 +1,36 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const base64url_js_1 = require("./base64url.js");
const errors_js_1 = require("../util/errors.js");
const webcrypto_js_1 = require("./webcrypto.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const keyToJWK = (key) => {
let keyObject;
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = node_crypto_1.KeyObject.from(key);
}
else if ((0, is_key_object_js_1.default)(key)) {
keyObject = key;
}
else if (key instanceof Uint8Array) {
return {
kty: 'oct',
k: (0, base64url_js_1.encode)(key),
};
}
else {
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
if (keyObject.type !== 'secret' &&
!['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) {
throw new errors_js_1.JOSENotSupported('Unsupported key asymmetricKeyType');
}
return keyObject.export({ format: 'jwk' });
};
exports.default = keyToJWK;

106
node_modules/jose/dist/node/cjs/runtime/node_key.js generated vendored Normal file
View file

@ -0,0 +1,106 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = keyForCrypto;
const node_crypto_1 = require("node:crypto");
const get_named_curve_js_1 = require("./get_named_curve.js");
const errors_js_1 = require("../util/errors.js");
const check_key_length_js_1 = require("./check_key_length.js");
const ecCurveAlgMap = new Map([
['ES256', 'P-256'],
['ES256K', 'secp256k1'],
['ES384', 'P-384'],
['ES512', 'P-521'],
]);
function keyForCrypto(alg, key) {
let asymmetricKeyType;
let asymmetricKeyDetails;
let isJWK;
if (key instanceof node_crypto_1.KeyObject) {
asymmetricKeyType = key.asymmetricKeyType;
asymmetricKeyDetails = key.asymmetricKeyDetails;
}
else {
isJWK = true;
switch (key.kty) {
case 'RSA':
asymmetricKeyType = 'rsa';
break;
case 'EC':
asymmetricKeyType = 'ec';
break;
case 'OKP': {
if (key.crv === 'Ed25519') {
asymmetricKeyType = 'ed25519';
break;
}
if (key.crv === 'Ed448') {
asymmetricKeyType = 'ed448';
break;
}
throw new TypeError('Invalid key for this operation, its crv must be Ed25519 or Ed448');
}
default:
throw new TypeError('Invalid key for this operation, its kty must be RSA, OKP, or EC');
}
}
let options;
switch (alg) {
case 'EdDSA':
if (!['ed25519', 'ed448'].includes(asymmetricKeyType)) {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448');
}
break;
case 'RS256':
case 'RS384':
case 'RS512':
if (asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
(0, check_key_length_js_1.default)(key, alg);
break;
case 'PS256':
case 'PS384':
case 'PS512':
if (asymmetricKeyType === 'rsa-pss') {
const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = asymmetricKeyDetails;
const length = parseInt(alg.slice(-3), 10);
if (hashAlgorithm !== undefined &&
(hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${alg}`);
}
if (saltLength !== undefined && saltLength > length >> 3) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${alg}`);
}
}
else if (asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss');
}
(0, check_key_length_js_1.default)(key, alg);
options = {
padding: node_crypto_1.constants.RSA_PKCS1_PSS_PADDING,
saltLength: node_crypto_1.constants.RSA_PSS_SALTLEN_DIGEST,
};
break;
case 'ES256':
case 'ES256K':
case 'ES384':
case 'ES512': {
if (asymmetricKeyType !== 'ec') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec');
}
const actual = (0, get_named_curve_js_1.default)(key);
const expected = ecCurveAlgMap.get(alg);
if (actual !== expected) {
throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`);
}
options = { dsaEncoding: 'ieee-p1363' };
break;
}
default:
throw new errors_js_1.JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
if (isJWK) {
return { format: 'jwk', key, ...options };
}
return options ? { ...options, key } : key;
}

3
node_modules/jose/dist/node/cjs/runtime/normalize_key.js generated vendored Normal file
View file

@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = {};

48
node_modules/jose/dist/node/cjs/runtime/pbes2kw.js generated vendored Normal file
View file

@ -0,0 +1,48 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decrypt = exports.encrypt = void 0;
const node_util_1 = require("node:util");
const node_crypto_1 = require("node:crypto");
const random_js_1 = require("./random.js");
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
const base64url_js_1 = require("./base64url.js");
const aeskw_js_1 = require("./aeskw.js");
const check_p2s_js_1 = require("../lib/check_p2s.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const pbkdf2 = (0, node_util_1.promisify)(node_crypto_1.pbkdf2);
function getPassword(key, alg) {
if ((0, is_key_object_js_1.default)(key)) {
return key.export();
}
if (key instanceof Uint8Array) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, 'deriveBits', 'deriveKey');
return node_crypto_1.KeyObject.from(key).export();
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
}
const encrypt = async (alg, key, cek, p2c = 2048, p2s = (0, random_js_1.default)(new Uint8Array(16))) => {
(0, check_p2s_js_1.default)(p2s);
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
const encryptedKey = await (0, aeskw_js_1.wrap)(alg.slice(-6), derivedKey, cek);
return { encryptedKey, p2c, p2s: (0, base64url_js_1.encode)(p2s) };
};
exports.encrypt = encrypt;
const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
(0, check_p2s_js_1.default)(p2s);
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
return (0, aeskw_js_1.unwrap)(alg.slice(-6), derivedKey, encryptedKey);
};
exports.decrypt = decrypt;

5
node_modules/jose/dist/node/cjs/runtime/random.js generated vendored Normal file
View file

@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = void 0;
var node_crypto_1 = require("node:crypto");
Object.defineProperty(exports, "default", { enumerable: true, get: function () { return node_crypto_1.randomFillSync; } });

71
node_modules/jose/dist/node/cjs/runtime/rsaes.js generated vendored Normal file
View file

@ -0,0 +1,71 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decrypt = exports.encrypt = void 0;
const node_crypto_1 = require("node:crypto");
const node_util_1 = require("node:util");
const check_key_length_js_1 = require("./check_key_length.js");
const webcrypto_js_1 = require("./webcrypto.js");
const crypto_key_js_1 = require("../lib/crypto_key.js");
const is_key_object_js_1 = require("./is_key_object.js");
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
const is_key_like_js_1 = require("./is_key_like.js");
const checkKey = (key, alg) => {
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
(0, check_key_length_js_1.default)(key, alg);
};
const RSA1_5 = (0, node_util_1.deprecate)(() => node_crypto_1.constants.RSA_PKCS1_PADDING, 'The RSA1_5 "alg" (JWE Algorithm) is deprecated and will be removed in the next major revision.');
const resolvePadding = (alg) => {
switch (alg) {
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
return node_crypto_1.constants.RSA_PKCS1_OAEP_PADDING;
case 'RSA1_5':
return RSA1_5();
default:
return undefined;
}
};
const resolveOaepHash = (alg) => {
switch (alg) {
case 'RSA-OAEP':
return 'sha1';
case 'RSA-OAEP-256':
return 'sha256';
case 'RSA-OAEP-384':
return 'sha384';
case 'RSA-OAEP-512':
return 'sha512';
default:
return undefined;
}
};
function ensureKeyObject(key, alg, ...usages) {
if ((0, is_key_object_js_1.default)(key)) {
return key;
}
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, ...usages);
return node_crypto_1.KeyObject.from(key);
}
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types));
}
const encrypt = (alg, key, cek) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'wrapKey', 'encrypt');
checkKey(keyObject, alg);
return (0, node_crypto_1.publicEncrypt)({ key: keyObject, oaepHash, padding }, cek);
};
exports.encrypt = encrypt;
const decrypt = (alg, key, encryptedKey) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'unwrapKey', 'decrypt');
checkKey(keyObject, alg);
return (0, node_crypto_1.privateDecrypt)({ key: keyObject, oaepHash, padding }, encryptedKey);
};
exports.decrypt = decrypt;

3
node_modules/jose/dist/node/cjs/runtime/runtime.js generated vendored Normal file
View file

@ -0,0 +1,3 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = 'node:crypto';

19
node_modules/jose/dist/node/cjs/runtime/sign.js generated vendored Normal file
View file

@ -0,0 +1,19 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto = require("node:crypto");
const node_util_1 = require("node:util");
const dsa_digest_js_1 = require("./dsa_digest.js");
const hmac_digest_js_1 = require("./hmac_digest.js");
const node_key_js_1 = require("./node_key.js");
const get_sign_verify_key_js_1 = require("./get_sign_verify_key.js");
const oneShotSign = (0, node_util_1.promisify)(crypto.sign);
const sign = async (alg, key, data) => {
const k = (0, get_sign_verify_key_js_1.default)(alg, key, 'sign');
if (alg.startsWith('HS')) {
const hmac = crypto.createHmac((0, hmac_digest_js_1.default)(alg), k);
hmac.update(data);
return hmac.digest();
}
return oneShotSign((0, dsa_digest_js_1.default)(alg), data, (0, node_key_js_1.default)(alg, k));
};
exports.default = sign;

5
node_modules/jose/dist/node/cjs/runtime/timing_safe_equal.js generated vendored Normal file
View file

@ -0,0 +1,5 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const node_crypto_1 = require("node:crypto");
const timingSafeEqual = node_crypto_1.timingSafeEqual;
exports.default = timingSafeEqual;

31
node_modules/jose/dist/node/cjs/runtime/verify.js generated vendored Normal file
View file

@ -0,0 +1,31 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const crypto = require("node:crypto");
const node_util_1 = require("node:util");
const dsa_digest_js_1 = require("./dsa_digest.js");
const node_key_js_1 = require("./node_key.js");
const sign_js_1 = require("./sign.js");
const get_sign_verify_key_js_1 = require("./get_sign_verify_key.js");
const oneShotVerify = (0, node_util_1.promisify)(crypto.verify);
const verify = async (alg, key, signature, data) => {
const k = (0, get_sign_verify_key_js_1.default)(alg, key, 'verify');
if (alg.startsWith('HS')) {
const expected = await (0, sign_js_1.default)(alg, k, data);
const actual = signature;
try {
return crypto.timingSafeEqual(actual, expected);
}
catch {
return false;
}
}
const algorithm = (0, dsa_digest_js_1.default)(alg);
const keyInput = (0, node_key_js_1.default)(alg, k);
try {
return await oneShotVerify(algorithm, data, keyInput, signature);
}
catch {
return false;
}
};
exports.default = verify;

9
node_modules/jose/dist/node/cjs/runtime/webcrypto.js generated vendored Normal file
View file

@ -0,0 +1,9 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isCryptoKey = void 0;
const crypto = require("node:crypto");
const util = require("node:util");
const webcrypto = crypto.webcrypto;
exports.default = webcrypto;
const isCryptoKey = (key) => util.types.isCryptoKey(key);
exports.isCryptoKey = isCryptoKey;