1 | const { JWKKeySupport, JOSENotSupported } = require('../errors')
|
2 | const { KEY_MANAGEMENT_ENCRYPT, KEY_MANAGEMENT_DECRYPT } = require('../help/consts')
|
3 |
|
4 | const { JWA, JWK } = require('../registry')
|
5 |
|
6 |
|
7 | require('./hmac')(JWA, JWK)
|
8 | require('./ecdsa')(JWA, JWK)
|
9 | require('./eddsa')(JWA, JWK)
|
10 | require('./rsassa_pss')(JWA, JWK)
|
11 | require('./rsassa')(JWA, JWK)
|
12 | require('./none')(JWA)
|
13 |
|
14 |
|
15 | require('./aes_cbc_hmac_sha2')(JWA, JWK)
|
16 | require('./aes_gcm')(JWA, JWK)
|
17 |
|
18 |
|
19 | require('./rsaes')(JWA, JWK)
|
20 | require('./aes_kw')(JWA, JWK)
|
21 | require('./aes_gcm_kw')(JWA, JWK)
|
22 |
|
23 |
|
24 | require('./pbes2')(JWA, JWK)
|
25 | require('./ecdh/dir')(JWA, JWK)
|
26 | require('./ecdh/kw')(JWA, JWK)
|
27 |
|
28 | const check = (key, op, alg) => {
|
29 | const cache = `_${op}_${alg}`
|
30 |
|
31 | let label
|
32 | let keyOp
|
33 | if (op === 'keyManagementEncrypt') {
|
34 | label = 'key management (encryption)'
|
35 | keyOp = KEY_MANAGEMENT_ENCRYPT
|
36 | } else if (op === 'keyManagementDecrypt') {
|
37 | label = 'key management (decryption)'
|
38 | keyOp = KEY_MANAGEMENT_DECRYPT
|
39 | }
|
40 |
|
41 | if (cache in key) {
|
42 | if (key[cache]) {
|
43 | return
|
44 | }
|
45 | throw new JWKKeySupport(`the key does not support ${alg} ${label || op} algorithm`)
|
46 | }
|
47 |
|
48 | let value = true
|
49 | if (!JWA[op].has(alg)) {
|
50 | throw new JOSENotSupported(`unsupported ${label || op} alg: ${alg}`)
|
51 | } else if (!key.algorithms(keyOp).has(alg)) {
|
52 | value = false
|
53 | }
|
54 |
|
55 | Object.defineProperty(key, cache, { value, enumerable: false })
|
56 |
|
57 | if (!value) {
|
58 | return check(key, op, alg)
|
59 | }
|
60 | }
|
61 |
|
62 | module.exports = {
|
63 | check,
|
64 | sign: (alg, key, payload) => {
|
65 | check(key, 'sign', alg)
|
66 | return JWA.sign.get(alg)(key, payload)
|
67 | },
|
68 | verify: (alg, key, payload, signature) => {
|
69 | check(key, 'verify', alg)
|
70 | return JWA.verify.get(alg)(key, payload, signature)
|
71 | },
|
72 | keyManagementEncrypt: (alg, key, payload, opts) => {
|
73 | check(key, 'keyManagementEncrypt', alg)
|
74 | return JWA.keyManagementEncrypt.get(alg)(key, payload, opts)
|
75 | },
|
76 | keyManagementDecrypt: (alg, key, payload, opts) => {
|
77 | check(key, 'keyManagementDecrypt', alg)
|
78 | return JWA.keyManagementDecrypt.get(alg)(key, payload, opts)
|
79 | },
|
80 | encrypt: (alg, key, cleartext, opts) => {
|
81 | check(key, 'encrypt', alg)
|
82 | return JWA.encrypt.get(alg)(key, cleartext, opts)
|
83 | },
|
84 | decrypt: (alg, key, ciphertext, opts) => {
|
85 | check(key, 'decrypt', alg)
|
86 | return JWA.decrypt.get(alg)(key, ciphertext, opts)
|
87 | }
|
88 | }
|