1 | 'use strict';
|
2 |
|
3 | Object.defineProperty(exports, "__esModule", {
|
4 | value: true
|
5 | });
|
6 | exports.JwksClient = undefined;
|
7 |
|
8 | var _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; };
|
9 |
|
10 | var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();
|
11 |
|
12 | var _debug = require('debug');
|
13 |
|
14 | var _debug2 = _interopRequireDefault(_debug);
|
15 |
|
16 | var _request = require('request');
|
17 |
|
18 | var _request2 = _interopRequireDefault(_request);
|
19 |
|
20 | var _JwksError = require('./errors/JwksError');
|
21 |
|
22 | var _JwksError2 = _interopRequireDefault(_JwksError);
|
23 |
|
24 | var _SigningKeyNotFoundError = require('./errors/SigningKeyNotFoundError');
|
25 |
|
26 | var _SigningKeyNotFoundError2 = _interopRequireDefault(_SigningKeyNotFoundError);
|
27 |
|
28 | var _utils = require('./utils');
|
29 |
|
30 | var _wrappers = require('./wrappers');
|
31 |
|
32 | function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
33 |
|
34 | function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
|
35 |
|
36 | var JwksClient = exports.JwksClient = function () {
|
37 | function JwksClient(options) {
|
38 | var _this = this;
|
39 |
|
40 | _classCallCheck(this, JwksClient);
|
41 |
|
42 | this.getSigningKey = function (kid, cb) {
|
43 | _this.logger('Fetching signing key for \'' + kid + '\'');
|
44 |
|
45 | _this.getSigningKeys(function (err, keys) {
|
46 | if (err) {
|
47 | return cb(err);
|
48 | }
|
49 |
|
50 | var key = keys.find(function (k) {
|
51 | return k.kid === kid;
|
52 | });
|
53 | if (key) {
|
54 | return cb(null, key);
|
55 | } else {
|
56 | _this.logger('Unable to find a signing key that matches \'' + kid + '\'');
|
57 | return cb(new _SigningKeyNotFoundError2.default('Unable to find a signing key that matches \'' + kid + '\''));
|
58 | }
|
59 | });
|
60 | };
|
61 |
|
62 | this.options = _extends({
|
63 | rateLimit: false,
|
64 | cache: true,
|
65 | strictSsl: true
|
66 | }, options);
|
67 | this.logger = (0, _debug2.default)('jwks');
|
68 |
|
69 |
|
70 | if (this.options.rateLimit) {
|
71 | this.getSigningKey = (0, _wrappers.rateLimitSigningKey)(this, options);
|
72 | }
|
73 | if (this.options.cache) {
|
74 | this.getSigningKey = (0, _wrappers.cacheSigningKey)(this, options);
|
75 | }
|
76 | }
|
77 |
|
78 | _createClass(JwksClient, [{
|
79 | key: 'getKeys',
|
80 | value: function getKeys(cb) {
|
81 | var _this2 = this;
|
82 |
|
83 | this.logger('Fetching keys from \'' + this.options.jwksUri + '\'');
|
84 | (0, _request2.default)({
|
85 | json: true,
|
86 | uri: this.options.jwksUri,
|
87 | strictSSL: this.options.strictSsl,
|
88 | headers: this.options.requestHeaders,
|
89 | agentOptions: this.options.requestAgentOptions,
|
90 | proxy: this.options.proxy
|
91 | }, function (err, res) {
|
92 | if (err || res.statusCode < 200 || res.statusCode >= 300) {
|
93 | _this2.logger('Failure:', res && res.body || err);
|
94 | if (res) {
|
95 | return cb(new _JwksError2.default(res.body && (res.body.message || res.body) || res.statusMessage || 'Http Error ' + res.statusCode));
|
96 | }
|
97 | return cb(err);
|
98 | }
|
99 |
|
100 | _this2.logger('Keys:', res.body.keys);
|
101 | return cb(null, res.body.keys);
|
102 | });
|
103 | }
|
104 | }, {
|
105 | key: 'getSigningKeys',
|
106 | value: function getSigningKeys(cb) {
|
107 | var _this3 = this;
|
108 |
|
109 | this.getKeys(function (err, keys) {
|
110 | if (err) {
|
111 | return cb(err);
|
112 | }
|
113 |
|
114 | if (!keys || !keys.length) {
|
115 | return cb(new _JwksError2.default('The JWKS endpoint did not contain any keys'));
|
116 | }
|
117 |
|
118 | var signingKeys = keys.filter(function (key) {
|
119 | if (key.kty !== 'RSA') {
|
120 | return false;
|
121 | }
|
122 | if (!key.kid) {
|
123 | return false;
|
124 | }
|
125 | if (key.hasOwnProperty('use') && key.use !== 'sig') {
|
126 | return false;
|
127 | }
|
128 | return key.x5c && key.x5c.length || key.n && key.e;
|
129 | }).map(function (key) {
|
130 | var jwk = {
|
131 | kid: key.kid,
|
132 | nbf: key.nbf
|
133 | };
|
134 | var hasCertificateChain = key.x5c && key.x5c.length;
|
135 | if (hasCertificateChain) {
|
136 | jwk.publicKey = (0, _utils.certToPEM)(key.x5c[0]);
|
137 | jwk.getPublicKey = function () {
|
138 | return jwk.publicKey;
|
139 | };
|
140 | } else {
|
141 | jwk.rsaPublicKey = (0, _utils.rsaPublicKeyToPEM)(key.n, key.e);
|
142 | jwk.getPublicKey = function () {
|
143 | return jwk.rsaPublicKey;
|
144 | };
|
145 | }
|
146 | return jwk;
|
147 | });
|
148 |
|
149 | if (!signingKeys.length) {
|
150 | return cb(new _JwksError2.default('The JWKS endpoint did not contain any signing keys'));
|
151 | }
|
152 |
|
153 | _this3.logger('Signing Keys:', signingKeys);
|
154 | return cb(null, signingKeys);
|
155 | });
|
156 | }
|
157 | }]);
|
158 |
|
159 | return JwksClient;
|
160 | }(); |
\ | No newline at end of file |