import { KeyLike, JSONWebKeySet } from 'jose'; import { SignatureBase } from '../cose/SignatureBase.js'; /** @private */ export declare function isJWKSLike(jwks: unknown): jwks is JSONWebKeySet; /** @private */ export declare class COSELocalJWKSet { protected _jwks?: JSONWebKeySet; private _cached; constructor(jwks: unknown); getKey(signature: SignatureBase): Promise; } export type COSEVerifyGetKey = ReturnType; /** * Returns a function that resolves to a key object from a locally stored, or otherwise available, * JSON Web Key Set. * * It uses the "alg" (JWS Algorithm) Header Parameter to determine the right JWK "kty" (Key Type), * then proceeds to match the JWK "kid" (Key ID) with one found in the JWS Header Parameters (if * there is one) while also respecting the JWK "use" (Public Key Use) and JWK "key_ops" (Key * Operations) Parameters (if they are present on the JWK). * * Only a single public key must match the selection process. As shown in the example below when * multiple keys get matched it is possible to opt-in to iterate over the matched keys and attempt * verification in an iterative manner. * * @example * * ```js * const JWKS = jose.createLocalJWKSet({ * keys: [ * { * kty: 'RSA', * e: 'AQAB', * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', * alg: 'PS256', * }, * { * crv: 'P-256', * kty: 'EC', * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', * alg: 'ES256', * }, * ], * }) * * const { payload, protectedHeaders } = await jose.jwtVerify(jwt, JWKS, { * issuer: 'urn:example:issuer', * audience: 'urn:example:audience', * }) * console.log(protectedHeaders) * console.log(payload) * ``` * * @example Opting-in to multiple JWKS matches using `createLocalJWKSet` * * ```js * const options = { * issuer: 'urn:example:issuer', * audience: 'urn:example:audience', * } * const { payload, protectedHeaders } = await jose * .jwtVerify(jwt, JWKS, options) * .catch(async (error) => { * if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') { * for await (const publicKey of error) { * try { * return await jose.jwtVerify(jwt, publicKey, options) * } catch (innerError) { * if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') { * continue * } * throw innerError * } * } * throw new jose.errors.JWSSignatureVerificationFailed() * } * * throw error * }) * console.log(protectedHeaders) * console.log(payload) * ``` * * @param jwks JSON Web Key Set formatted object. */ export declare function createLocalJWKSet(jwks: JSONWebKeySet): (signature: SignatureBase) => Promise;