matej/dztps-iskalnik-urejevalnik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
matej
2025-09-01 22:12:29 +02:00
parent b1873f9c1d
commit 02a54f61c0
5598 changed files with 903558 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
server/node_modules/jose/dist/node/esm/runtime/aeskw.js generated vendored Normal file
View File

@@ -0,0 +1,50 @@
import { Buffer } from 'buffer';
import { KeyObject, createDecipheriv, createCipheriv, createSecretKey } from 'crypto';
import { JOSENotSupported } from '../util/errors.js';
import { concat } from '../lib/buffer_utils.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import supported from './ciphers.js';
import { types } from './is_key_like.js';
function checkKeySize(key, alg) {
if (key.symmetricKeySize << 3 !== parseInt(alg.slice(1, 4), 10)) {
throw new TypeError(`Invalid key size for alg: ${alg}`);
}
}
function ensureKeyObject(key, alg, usage) {
if (isKeyObject(key)) {
return key;
}
if (key instanceof Uint8Array) {
return createSecretKey(key);
}
if (isCryptoKey(key)) {
checkEncCryptoKey(key, alg, usage);
return KeyObject.from(key);
}
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));
}
export const wrap = (alg, key, cek) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'wrapKey');
checkKeySize(keyObject, alg);
const cipher = createCipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));
return concat(cipher.update(cek), cipher.final());
};
export const unwrap = (alg, key, encryptedKey) => {
const size = parseInt(alg.slice(1, 4), 10);
const algorithm = `aes${size}-wrap`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
const keyObject = ensureKeyObject(key, alg, 'unwrapKey');
checkKeySize(keyObject, alg);
const cipher = createDecipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));
return concat(cipher.update(encryptedKey), cipher.final());
};

46
server/node_modules/jose/dist/node/esm/runtime/asn1.js generated vendored Normal file
View File

@@ -0,0 +1,46 @@
import { createPrivateKey, createPublicKey, KeyObject } from 'crypto';
import { Buffer } from 'buffer';
import { isCryptoKey } from './webcrypto.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
const genericExport = (keyType, keyFormat, key) => {
let keyObject;
if (isCryptoKey(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = KeyObject.from(key);
}
else if (isKeyObject(key)) {
keyObject = key;
}
else {
throw new TypeError(invalidKeyInput(key, ...types));
}
if (keyObject.type !== keyType) {
throw new TypeError(`key is not a ${keyType} key`);
}
return keyObject.export({ format: 'pem', type: keyFormat });
};
export const toSPKI = (key) => {
return genericExport('public', 'spki', key);
};
export const toPKCS8 = (key) => {
return genericExport('private', 'pkcs8', key);
};
export const fromPKCS8 = (pem) => createPrivateKey({
key: Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g, ''), 'base64'),
type: 'pkcs8',
format: 'der',
});
export const fromSPKI = (pem) => createPublicKey({
key: Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, ''), 'base64'),
type: 'spki',
format: 'der',
});
export const fromX509 = (pem) => createPublicKey({
key: pem,
type: 'spki',
format: 'pem',
});

44
server/node_modules/jose/dist/node/esm/runtime/asn1_sequence_decoder.js generated vendored Normal file
View File

@@ -0,0 +1,44 @@
const tagInteger = 0x02;
const tagSequence = 0x30;
export default class Asn1SequenceDecoder {
constructor(buffer) {
if (buffer[0] !== tagSequence) {
throw new TypeError();
}
this.buffer = buffer;
this.offset = 1;
const len = this.decodeLength();
if (len !== buffer.length - this.offset) {
throw new TypeError();
}
}
decodeLength() {
let length = this.buffer[this.offset++];
if (length & 0x80) {
const nBytes = length & ~0x80;
length = 0;
for (let i = 0; i < nBytes; i++)
length = (length << 8) | this.buffer[this.offset + i];
this.offset += nBytes;
}
return length;
}
unsignedInteger() {
if (this.buffer[this.offset++] !== tagInteger) {
throw new TypeError();
}
let length = this.decodeLength();
if (this.buffer[this.offset] === 0) {
this.offset++;
length--;
}
const result = this.buffer.slice(this.offset, this.offset + length);
this.offset += length;
return result;
}
end() {
if (this.offset !== this.buffer.length) {
throw new TypeError();
}
}
}

88
server/node_modules/jose/dist/node/esm/runtime/asn1_sequence_encoder.js generated vendored Normal file
View File

@@ -0,0 +1,88 @@
import { Buffer } from 'buffer';
import { JOSENotSupported } from '../util/errors.js';
const tagInteger = 0x02;
const tagBitStr = 0x03;
const tagOctStr = 0x04;
const tagSequence = 0x30;
const bZero = Buffer.from([0x00]);
const bTagInteger = Buffer.from([tagInteger]);
const bTagBitStr = Buffer.from([tagBitStr]);
const bTagSequence = Buffer.from([tagSequence]);
const bTagOctStr = Buffer.from([tagOctStr]);
const encodeLength = (len) => {
if (len < 128)
return Buffer.from([len]);
const buffer = Buffer.alloc(5);
buffer.writeUInt32BE(len, 1);
let offset = 1;
while (buffer[offset] === 0)
offset++;
buffer[offset - 1] = 0x80 | (5 - offset);
return buffer.slice(offset - 1);
};
const oids = new Map([
['P-256', Buffer.from('06 08 2A 86 48 CE 3D 03 01 07'.replace(/ /g, ''), 'hex')],
['secp256k1', Buffer.from('06 05 2B 81 04 00 0A'.replace(/ /g, ''), 'hex')],
['P-384', Buffer.from('06 05 2B 81 04 00 22'.replace(/ /g, ''), 'hex')],
['P-521', Buffer.from('06 05 2B 81 04 00 23'.replace(/ /g, ''), 'hex')],
['ecPublicKey', Buffer.from('06 07 2A 86 48 CE 3D 02 01'.replace(/ /g, ''), 'hex')],
['X25519', Buffer.from('06 03 2B 65 6E'.replace(/ /g, ''), 'hex')],
['X448', Buffer.from('06 03 2B 65 6F'.replace(/ /g, ''), 'hex')],
['Ed25519', Buffer.from('06 03 2B 65 70'.replace(/ /g, ''), 'hex')],
['Ed448', Buffer.from('06 03 2B 65 71'.replace(/ /g, ''), 'hex')],
]);
export default class DumbAsn1Encoder {
constructor() {
this.length = 0;
this.elements = [];
}
oidFor(oid) {
const bOid = oids.get(oid);
if (!bOid) {
throw new JOSENotSupported('Invalid or unsupported OID');
}
this.elements.push(bOid);
this.length += bOid.length;
}
zero() {
this.elements.push(bTagInteger, Buffer.from([0x01]), bZero);
this.length += 3;
}
one() {
this.elements.push(bTagInteger, Buffer.from([0x01]), Buffer.from([0x01]));
this.length += 3;
}
unsignedInteger(integer) {
if (integer[0] & 0x80) {
const len = encodeLength(integer.length + 1);
this.elements.push(bTagInteger, len, bZero, integer);
this.length += 2 + len.length + integer.length;
}
else {
let i = 0;
while (integer[i] === 0 && (integer[i + 1] & 0x80) === 0)
i++;
const len = encodeLength(integer.length - i);
this.elements.push(bTagInteger, encodeLength(integer.length - i), integer.slice(i));
this.length += 1 + len.length + integer.length - i;
}
}
octStr(octStr) {
const len = encodeLength(octStr.length);
this.elements.push(bTagOctStr, encodeLength(octStr.length), octStr);
this.length += 1 + len.length + octStr.length;
}
bitStr(bitS) {
const len = encodeLength(bitS.length + 1);
this.elements.push(bTagBitStr, encodeLength(bitS.length + 1), bZero, bitS);
this.length += 1 + len.length + bitS.length + 1;
}
add(seq) {
this.elements.push(seq);
this.length += seq.length;
}
end(tag = bTagSequence) {
const len = encodeLength(this.length);
return Buffer.concat([tag, len, ...this.elements], 1 + len.length + this.length);
}
}

20
server/node_modules/jose/dist/node/esm/runtime/base64url.js generated vendored Normal file
View File

@@ -0,0 +1,20 @@
import { Buffer } from 'buffer';
import { decoder } from '../lib/buffer_utils.js';
let encode;
function normalize(input) {
let encoded = input;
if (encoded instanceof Uint8Array) {
encoded = decoder.decode(encoded);
}
return encoded;
}
if (Buffer.isEncoding('base64url')) {
encode = (input) => Buffer.from(input).toString('base64url');
}
else {
encode = (input) => Buffer.from(input).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
}
export const decodeBase64 = (input) => Buffer.from(input, 'base64');
export const encodeBase64 = (input) => Buffer.from(input).toString('base64');
export { encode };
export const decode = (input) => Buffer.from(normalize(input), 'base64');

8
server/node_modules/jose/dist/node/esm/runtime/cbc_tag.js generated vendored Normal file
View File

@@ -0,0 +1,8 @@
import { createHmac } from 'crypto';
import { concat, uint64be } from '../lib/buffer_utils.js';
export default function cbcTag(aad, iv, ciphertext, macSize, macKey, keySize) {
const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));
const hmac = createHmac(`sha${macSize}`, macKey);
hmac.update(macData);
return hmac.digest().slice(0, keySize >> 3);
}

35
server/node_modules/jose/dist/node/esm/runtime/check_cek_length.js generated vendored Normal file
View File

@@ -0,0 +1,35 @@
import { JWEInvalid, JOSENotSupported } from '../util/errors.js';
import isKeyObject from './is_key_object.js';
const checkCekLength = (enc, cek) => {
let expected;
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
expected = parseInt(enc.slice(-3), 10);
break;
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
expected = parseInt(enc.slice(1, 4), 10);
break;
default:
throw new JOSENotSupported(`Content Encryption Algorithm ${enc} is not supported either by JOSE or your javascript runtime`);
}
if (cek instanceof Uint8Array) {
const actual = cek.byteLength << 3;
if (actual !== expected) {
throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
if (isKeyObject(cek) && cek.type === 'secret') {
const actual = cek.symmetricKeySize << 3;
if (actual !== expected) {
throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);
}
return;
}
throw new TypeError('Invalid Content Encryption Key type');
};
export default checkCekLength;

48
server/node_modules/jose/dist/node/esm/runtime/check_modulus_length.js generated vendored Normal file
View File

@@ -0,0 +1,48 @@
export const weakMap = new WeakMap();
const getLength = (buf, index) => {
let len = buf.readUInt8(1);
if ((len & 0x80) === 0) {
if (index === 0) {
return len;
}
return getLength(buf.subarray(2 + len), index - 1);
}
const num = len & 0x7f;
len = 0;
for (let i = 0; i < num; i++) {
len <<= 8;
const j = buf.readUInt8(2 + i);
len |= j;
}
if (index === 0) {
return len;
}
return getLength(buf.subarray(2 + len), index - 1);
};
const getLengthOfSeqIndex = (sequence, index) => {
const len = sequence.readUInt8(1);
if ((len & 0x80) === 0) {
return getLength(sequence.subarray(2), index);
}
const num = len & 0x7f;
return getLength(sequence.subarray(2 + num), index);
};
const getModulusLength = (key) => {
var _a, _b;
if (weakMap.has(key)) {
return weakMap.get(key);
}
const modulusLength = (_b = (_a = key.asymmetricKeyDetails) === null || _a === void 0 ? void 0 : _a.modulusLength) !== null && _b !== void 0 ? _b : (getLengthOfSeqIndex(key.export({ format: 'der', type: 'pkcs1' }), key.type === 'private' ? 1 : 0) -
1) <<
3;
weakMap.set(key, modulusLength);
return modulusLength;
};
export const setModulusLength = (keyObject, modulusLength) => {
weakMap.set(keyObject, modulusLength);
};
export default (key, alg) => {
if (getModulusLength(key) < 2048) {
throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);
}
};

6
server/node_modules/jose/dist/node/esm/runtime/ciphers.js generated vendored Normal file
View File

@@ -0,0 +1,6 @@
import { getCiphers } from 'crypto';
let ciphers;
export default (algorithm) => {
ciphers || (ciphers = new Set(getCiphers()));
return ciphers.has(algorithm);
};

95
server/node_modules/jose/dist/node/esm/runtime/decrypt.js generated vendored Normal file
View File

@@ -0,0 +1,95 @@
import { createDecipheriv, KeyObject } from 'crypto';
import checkIvLength from '../lib/check_iv_length.js';
import checkCekLength from './check_cek_length.js';
import { concat } from '../lib/buffer_utils.js';
import { JOSENotSupported, JWEDecryptionFailed } from '../util/errors.js';
import timingSafeEqual from './timing_safe_equal.js';
import cbcTag from './cbc_tag.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import supported from './ciphers.js';
import { types } from './is_key_like.js';
function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if (isKeyObject(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const macSize = parseInt(enc.slice(-3), 10);
const algorithm = `aes-${keySize}-cbc`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const expectedTag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize);
let macCheckPassed;
try {
macCheckPassed = timingSafeEqual(tag, expectedTag);
}
catch {
}
if (!macCheckPassed) {
throw new JWEDecryptionFailed();
}
let plaintext;
try {
const decipher = createDecipheriv(algorithm, encKey, iv);
plaintext = concat(decipher.update(ciphertext), decipher.final());
}
catch {
}
if (!plaintext) {
throw new JWEDecryptionFailed();
}
return plaintext;
}
function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
try {
const decipher = createDecipheriv(algorithm, cek, iv, { authTagLength: 16 });
decipher.setAuthTag(tag);
if (aad.byteLength) {
decipher.setAAD(aad, { plaintextLength: ciphertext.length });
}
const plaintext = decipher.update(ciphertext);
decipher.final();
return plaintext;
}
catch {
throw new JWEDecryptionFailed();
}
}
const decrypt = (enc, cek, ciphertext, iv, tag, aad) => {
let key;
if (isCryptoKey(cek)) {
checkEncCryptoKey(cek, enc, 'decrypt');
key = KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || isKeyObject(cek)) {
key = cek;
}
else {
throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));
}
checkCekLength(enc, key);
checkIvLength(enc, iv);
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad);
default:
throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
export default decrypt;

3
server/node_modules/jose/dist/node/esm/runtime/digest.js generated vendored Normal file
View File

@@ -0,0 +1,3 @@
import { createHash } from 'crypto';
const digest = (algorithm, data) => createHash(algorithm).update(data).digest();
export default digest;

22
server/node_modules/jose/dist/node/esm/runtime/dsa_digest.js generated vendored Normal file
View File

@@ -0,0 +1,22 @@
import { JOSENotSupported } from '../util/errors.js';
export default function dsaDigest(alg) {
switch (alg) {
case 'PS256':
case 'RS256':
case 'ES256':
case 'ES256K':
return 'sha256';
case 'PS384':
case 'RS384':
case 'ES384':
return 'sha384';
case 'PS512':
case 'RS512':
case 'ES512':
return 'sha512';
case 'EdDSA':
return undefined;
default:
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}

64
server/node_modules/jose/dist/node/esm/runtime/ecdhes.js generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import { diffieHellman, generateKeyPair as generateKeyPairCb, KeyObject } from 'crypto';
import { promisify } from 'util';
import getNamedCurve from './get_named_curve.js';
import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../lib/buffer_utils.js';
import { JOSENotSupported } from '../util/errors.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
const generateKeyPair = promisify(generateKeyPairCb);
export async function deriveKey(publicKee, privateKee, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {
let publicKey;
if (isCryptoKey(publicKee)) {
checkEncCryptoKey(publicKee, 'ECDH');
publicKey = KeyObject.from(publicKee);
}
else if (isKeyObject(publicKee)) {
publicKey = publicKee;
}
else {
throw new TypeError(invalidKeyInput(publicKee, ...types));
}
let privateKey;
if (isCryptoKey(privateKee)) {
checkEncCryptoKey(privateKee, 'ECDH', 'deriveBits');
privateKey = KeyObject.from(privateKee);
}
else if (isKeyObject(privateKee)) {
privateKey = privateKee;
}
else {
throw new TypeError(invalidKeyInput(privateKee, ...types));
}
const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));
const sharedSecret = diffieHellman({ privateKey, publicKey });
return concatKdf(sharedSecret, keyLength, value);
}
export async function generateEpk(kee) {
let key;
if (isCryptoKey(kee)) {
key = KeyObject.from(kee);
}
else if (isKeyObject(kee)) {
key = kee;
}
else {
throw new TypeError(invalidKeyInput(kee, ...types));
}
switch (key.asymmetricKeyType) {
case 'x25519':
return generateKeyPair('x25519');
case 'x448': {
return generateKeyPair('x448');
}
case 'ec': {
const namedCurve = getNamedCurve(key);
return generateKeyPair('ec', { namedCurve });
}
default:
throw new JOSENotSupported('Invalid or unsupported EPK');
}
}
export const ecdhAllowed = (key) => ['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes(getNamedCurve(key));

72
server/node_modules/jose/dist/node/esm/runtime/encrypt.js generated vendored Normal file
View File

@@ -0,0 +1,72 @@
import { createCipheriv, KeyObject } from 'crypto';
import checkIvLength from '../lib/check_iv_length.js';
import checkCekLength from './check_cek_length.js';
import { concat } from '../lib/buffer_utils.js';
import cbcTag from './cbc_tag.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { JOSENotSupported } from '../util/errors.js';
import supported from './ciphers.js';
import { types } from './is_key_like.js';
function cbcEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
if (isKeyObject(cek)) {
cek = cek.export();
}
const encKey = cek.subarray(keySize >> 3);
const macKey = cek.subarray(0, keySize >> 3);
const algorithm = `aes-${keySize}-cbc`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = createCipheriv(algorithm, encKey, iv);
const ciphertext = concat(cipher.update(plaintext), cipher.final());
const macSize = parseInt(enc.slice(-3), 10);
const tag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize);
return { ciphertext, tag };
}
function gcmEncrypt(enc, plaintext, cek, iv, aad) {
const keySize = parseInt(enc.slice(1, 4), 10);
const algorithm = `aes-${keySize}-gcm`;
if (!supported(algorithm)) {
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
}
const cipher = createCipheriv(algorithm, cek, iv, { authTagLength: 16 });
if (aad.byteLength) {
cipher.setAAD(aad, { plaintextLength: plaintext.length });
}
const ciphertext = cipher.update(plaintext);
cipher.final();
const tag = cipher.getAuthTag();
return { ciphertext, tag };
}
const encrypt = (enc, plaintext, cek, iv, aad) => {
let key;
if (isCryptoKey(cek)) {
checkEncCryptoKey(cek, enc, 'encrypt');
key = KeyObject.from(cek);
}
else if (cek instanceof Uint8Array || isKeyObject(cek)) {
key = cek;
}
else {
throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));
}
checkCekLength(enc, key);
checkIvLength(enc, iv);
switch (enc) {
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
return cbcEncrypt(enc, plaintext, key, iv, aad);
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
return gcmEncrypt(enc, plaintext, key, iv, aad);
default:
throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
}
};
export default encrypt;

43
server/node_modules/jose/dist/node/esm/runtime/fetch_jwks.js generated vendored Normal file
View File

@@ -0,0 +1,43 @@
import * as http from 'http';
import * as https from 'https';
import { once } from 'events';
import { JOSEError, JWKSTimeout } from '../util/errors.js';
import { concat, decoder } from '../lib/buffer_utils.js';
const fetchJwks = async (url, timeout, options) => {
let get;
switch (url.protocol) {
case 'https:':
get = https.get;
break;
case 'http:':
get = http.get;
break;
default:
throw new TypeError('Unsupported URL protocol.');
}
const { agent, headers } = options;
const req = get(url.href, {
agent,
timeout,
headers,
});
const [response] = (await Promise.race([once(req, 'response'), once(req, 'timeout')]));
if (!response) {
req.destroy();
throw new JWKSTimeout();
}
if (response.statusCode !== 200) {
throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');
}
const parts = [];
for await (const part of response) {
parts.push(part);
}
try {
return JSON.parse(decoder.decode(concat(...parts)));
}
catch {
throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');
}
};
export default fetchJwks;

5
server/node_modules/jose/dist/node/esm/runtime/flags.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
const [major, minor] = process.versions.node.split('.').map((str) => parseInt(str, 10));
export const oneShotCallback = major >= 16 || (major === 15 && minor >= 13);
export const rsaPssParams = !('electron' in process.versions) && (major >= 17 || (major === 16 && minor >= 9));
export const jwkExport = major >= 16 || (major === 15 && minor >= 9);
export const jwkImport = major >= 16 || (major === 15 && minor >= 12);

100
server/node_modules/jose/dist/node/esm/runtime/generate.js generated vendored Normal file
View File

@@ -0,0 +1,100 @@
import { createSecretKey, generateKeyPair as generateKeyPairCb } from 'crypto';
import { promisify } from 'util';
import random from './random.js';
import { setModulusLength } from './check_modulus_length.js';
import { JOSENotSupported } from '../util/errors.js';
const generate = promisify(generateKeyPairCb);
export async function generateSecret(alg, options) {
let length;
switch (alg) {
case 'HS256':
case 'HS384':
case 'HS512':
case 'A128CBC-HS256':
case 'A192CBC-HS384':
case 'A256CBC-HS512':
length = parseInt(alg.slice(-3), 10);
break;
case 'A128KW':
case 'A192KW':
case 'A256KW':
case 'A128GCMKW':
case 'A192GCMKW':
case 'A256GCMKW':
case 'A128GCM':
case 'A192GCM':
case 'A256GCM':
length = parseInt(alg.slice(1, 4), 10);
break;
default:
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
return createSecretKey(random(new Uint8Array(length >> 3)));
}
export async function generateKeyPair(alg, options) {
var _a, _b;
switch (alg) {
case 'RS256':
case 'RS384':
case 'RS512':
case 'PS256':
case 'PS384':
case 'PS512':
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
case 'RSA1_5': {
const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;
if (typeof modulusLength !== 'number' || modulusLength < 2048) {
throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
}
const keypair = await generate('rsa', {
modulusLength,
publicExponent: 0x10001,
});
setModulusLength(keypair.privateKey, modulusLength);
setModulusLength(keypair.publicKey, modulusLength);
return keypair;
}
case 'ES256':
return generate('ec', { namedCurve: 'P-256' });
case 'ES256K':
return generate('ec', { namedCurve: 'secp256k1' });
case 'ES384':
return generate('ec', { namedCurve: 'P-384' });
case 'ES512':
return generate('ec', { namedCurve: 'P-521' });
case 'EdDSA': {
switch (options === null || options === void 0 ? void 0 : options.crv) {
case undefined:
case 'Ed25519':
return generate('ed25519');
case 'Ed448':
return generate('ed448');
default:
throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');
}
}
case 'ECDH-ES':
case 'ECDH-ES+A128KW':
case 'ECDH-ES+A192KW':
case 'ECDH-ES+A256KW':
const crv = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : 'P-256';
switch (crv) {
case undefined:
case 'P-256':
case 'P-384':
case 'P-521':
return generate('ec', { namedCurve: crv });
case 'X25519':
return generate('x25519');
case 'X448':
return generate('x448');
default:
throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
}
default:
throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
}
}

91
server/node_modules/jose/dist/node/esm/runtime/get_named_curve.js generated vendored Normal file
View File

@@ -0,0 +1,91 @@
import { Buffer } from 'buffer';
import { createPublicKey, KeyObject } from 'crypto';
import { JOSENotSupported } from '../util/errors.js';
import { isCryptoKey } from './webcrypto.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]);
const p384 = Buffer.from([43, 129, 4, 0, 34]);
const p521 = Buffer.from([43, 129, 4, 0, 35]);
const secp256k1 = Buffer.from([43, 129, 4, 0, 10]);
export const weakMap = new WeakMap();
const namedCurveToJOSE = (namedCurve) => {
switch (namedCurve) {
case 'prime256v1':
return 'P-256';
case 'secp384r1':
return 'P-384';
case 'secp521r1':
return 'P-521';
case 'secp256k1':
return 'secp256k1';
default:
throw new JOSENotSupported('Unsupported key curve for this operation');
}
};
const getNamedCurve = (kee, raw) => {
var _a;
let key;
if (isCryptoKey(kee)) {
key = KeyObject.from(kee);
}
else if (isKeyObject(kee)) {
key = kee;
}
else {
throw new TypeError(invalidKeyInput(kee, ...types));
}
if (key.type === 'secret') {
throw new TypeError('only "private" or "public" type keys can be used for this operation');
}
switch (key.asymmetricKeyType) {
case 'ed25519':
case 'ed448':
return `Ed${key.asymmetricKeyType.slice(2)}`;
case 'x25519':
case 'x448':
return `X${key.asymmetricKeyType.slice(1)}`;
case 'ec': {
if (weakMap.has(key)) {
return weakMap.get(key);
}
let namedCurve = (_a = key.asymmetricKeyDetails) === null || _a === void 0 ? void 0 : _a.namedCurve;
if (!namedCurve && key.type === 'private') {
namedCurve = getNamedCurve(createPublicKey(key), true);
}
else if (!namedCurve) {
const buf = key.export({ format: 'der', type: 'spki' });
const i = buf[1] < 128 ? 14 : 15;
const len = buf[i];
const curveOid = buf.slice(i + 1, i + 1 + len);
if (curveOid.equals(p256)) {
namedCurve = 'prime256v1';
}
else if (curveOid.equals(p384)) {
namedCurve = 'secp384r1';
}
else if (curveOid.equals(p521)) {
namedCurve = 'secp521r1';
}
else if (curveOid.equals(secp256k1)) {
namedCurve = 'secp256k1';
}
else {
throw new JOSENotSupported('Unsupported key curve for this operation');
}
}
if (raw)
return namedCurve;
const curve = namedCurveToJOSE(namedCurve);
weakMap.set(key, curve);
return curve;
}
default:
throw new TypeError('Invalid asymmetric key type for this operation');
}
};
export function setCurve(keyObject, curve) {
weakMap.set(keyObject, curve);
}
export default getNamedCurve;

21
server/node_modules/jose/dist/node/esm/runtime/get_sign_verify_key.js generated vendored Normal file
View File

@@ -0,0 +1,21 @@
import { KeyObject, createSecretKey } from 'crypto';
import { isCryptoKey } from './webcrypto.js';
import { checkSigCryptoKey } from '../lib/crypto_key.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
export default function getSignVerifyKey(alg, key, usage) {
if (key instanceof Uint8Array) {
if (!alg.startsWith('HS')) {
throw new TypeError(invalidKeyInput(key, ...types));
}
return createSecretKey(key);
}
if (key instanceof KeyObject) {
return key;
}
if (isCryptoKey(key)) {
checkSigCryptoKey(key, alg, usage);
return KeyObject.from(key);
}
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));
}

13
server/node_modules/jose/dist/node/esm/runtime/hmac_digest.js generated vendored Normal file
View File

@@ -0,0 +1,13 @@
import { JOSENotSupported } from '../util/errors.js';
export default function hmacDigest(alg) {
switch (alg) {
case 'HS256':
return 'sha256';
case 'HS384':
return 'sha384';
case 'HS512':
return 'sha512';
default:
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}

8
server/node_modules/jose/dist/node/esm/runtime/is_key_like.js generated vendored Normal file
View File

@@ -0,0 +1,8 @@
import webcrypto, { isCryptoKey } from './webcrypto.js';
import isKeyObject from './is_key_object.js';
export default (key) => isKeyObject(key) || isCryptoKey(key);
const types = ['KeyObject'];
if (globalThis.CryptoKey || (webcrypto === null || webcrypto === void 0 ? void 0 : webcrypto.CryptoKey)) {
types.push('CryptoKey');
}
export { types };

5
server/node_modules/jose/dist/node/esm/runtime/is_key_object.js generated vendored Normal file
View File

@@ -0,0 +1,5 @@
import { KeyObject } from 'crypto';
import * as util from 'util';
export default util.types.isKeyObject
? (obj) => util.types.isKeyObject(obj)
: (obj) => obj != null && obj instanceof KeyObject;

116
server/node_modules/jose/dist/node/esm/runtime/jwk_to_key.js generated vendored Normal file
View File

@@ -0,0 +1,116 @@
import { Buffer } from 'buffer';
import { createPrivateKey, createPublicKey, createSecretKey } from 'crypto';
import { decode as base64url } from './base64url.js';
import { JOSENotSupported } from '../util/errors.js';
import { setCurve } from './get_named_curve.js';
import { setModulusLength } from './check_modulus_length.js';
import Asn1SequenceEncoder from './asn1_sequence_encoder.js';
import { jwkImport } from './flags.js';
const parse = (jwk) => {
if (jwkImport && jwk.kty !== 'oct') {
return jwk.d
? createPrivateKey({ format: 'jwk', key: jwk })
: createPublicKey({ format: 'jwk', key: jwk });
}
switch (jwk.kty) {
case 'oct': {
return createSecretKey(base64url(jwk.k));
}
case 'RSA': {
const enc = new Asn1SequenceEncoder();
const isPrivate = jwk.d !== undefined;
const modulus = Buffer.from(jwk.n, 'base64');
const exponent = Buffer.from(jwk.e, 'base64');
if (isPrivate) {
enc.zero();
enc.unsignedInteger(modulus);
enc.unsignedInteger(exponent);
enc.unsignedInteger(Buffer.from(jwk.d, 'base64'));
enc.unsignedInteger(Buffer.from(jwk.p, 'base64'));
enc.unsignedInteger(Buffer.from(jwk.q, 'base64'));
enc.unsignedInteger(Buffer.from(jwk.dp, 'base64'));
enc.unsignedInteger(Buffer.from(jwk.dq, 'base64'));
enc.unsignedInteger(Buffer.from(jwk.qi, 'base64'));
}
else {
enc.unsignedInteger(modulus);
enc.unsignedInteger(exponent);
}
const der = enc.end();
const createInput = {
key: der,
format: 'der',
type: 'pkcs1',
};
const keyObject = isPrivate ? createPrivateKey(createInput) : createPublicKey(createInput);
setModulusLength(keyObject, modulus.length << 3);
return keyObject;
}
case 'EC': {
const enc = new Asn1SequenceEncoder();
const isPrivate = jwk.d !== undefined;
const pub = Buffer.concat([
Buffer.alloc(1, 4),
Buffer.from(jwk.x, 'base64'),
Buffer.from(jwk.y, 'base64'),
]);
if (isPrivate) {
enc.zero();
const enc$1 = new Asn1SequenceEncoder();
enc$1.oidFor('ecPublicKey');
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
const enc$2 = new Asn1SequenceEncoder();
enc$2.one();
enc$2.octStr(Buffer.from(jwk.d, 'base64'));
const enc$3 = new Asn1SequenceEncoder();
enc$3.bitStr(pub);
const f2 = enc$3.end(Buffer.from([0xa1]));
enc$2.add(f2);
const f = enc$2.end();
const enc$4 = new Asn1SequenceEncoder();
enc$4.add(f);
const f3 = enc$4.end(Buffer.from([0x04]));
enc.add(f3);
const der = enc.end();
const keyObject = createPrivateKey({ key: der, format: 'der', type: 'pkcs8' });
setCurve(keyObject, jwk.crv);
return keyObject;
}
const enc$1 = new Asn1SequenceEncoder();
enc$1.oidFor('ecPublicKey');
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
enc.bitStr(pub);
const der = enc.end();
const keyObject = createPublicKey({ key: der, format: 'der', type: 'spki' });
setCurve(keyObject, jwk.crv);
return keyObject;
}
case 'OKP': {
const enc = new Asn1SequenceEncoder();
const isPrivate = jwk.d !== undefined;
if (isPrivate) {
enc.zero();
const enc$1 = new Asn1SequenceEncoder();
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
const enc$2 = new Asn1SequenceEncoder();
enc$2.octStr(Buffer.from(jwk.d, 'base64'));
const f = enc$2.end(Buffer.from([0x04]));
enc.add(f);
const der = enc.end();
return createPrivateKey({ key: der, format: 'der', type: 'pkcs8' });
}
const enc$1 = new Asn1SequenceEncoder();
enc$1.oidFor(jwk.crv);
enc.add(enc$1.end());
enc.bitStr(Buffer.from(jwk.x, 'base64'));
const der = enc.end();
return createPublicKey({ key: der, format: 'der', type: 'spki' });
}
default:
throw new JOSENotSupported('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
}
};
export default parse;

158
server/node_modules/jose/dist/node/esm/runtime/key_to_jwk.js generated vendored Normal file
View File

@@ -0,0 +1,158 @@
import { KeyObject, createPublicKey } from 'crypto';
import { encode as base64url } from './base64url.js';
import Asn1SequenceDecoder from './asn1_sequence_decoder.js';
import { JOSENotSupported } from '../util/errors.js';
import getNamedCurve from './get_named_curve.js';
import { isCryptoKey } from './webcrypto.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
import { jwkExport } from './flags.js';
const keyToJWK = (key) => {
let keyObject;
if (isCryptoKey(key)) {
if (!key.extractable) {
throw new TypeError('CryptoKey is not extractable');
}
keyObject = KeyObject.from(key);
}
else if (isKeyObject(key)) {
keyObject = key;
}
else if (key instanceof Uint8Array) {
return {
kty: 'oct',
k: base64url(key),
};
}
else {
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));
}
if (jwkExport) {
if (keyObject.type !== 'secret' &&
!['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) {
throw new JOSENotSupported('Unsupported key asymmetricKeyType');
}
return keyObject.export({ format: 'jwk' });
}
switch (keyObject.type) {
case 'secret':
return {
kty: 'oct',
k: base64url(keyObject.export()),
};
case 'private':
case 'public': {
switch (keyObject.asymmetricKeyType) {
case 'rsa': {
const der = keyObject.export({ format: 'der', type: 'pkcs1' });
const dec = new Asn1SequenceDecoder(der);
if (keyObject.type === 'private') {
dec.unsignedInteger();
}
const n = base64url(dec.unsignedInteger());
const e = base64url(dec.unsignedInteger());
let jwk;
if (keyObject.type === 'private') {
jwk = {
d: base64url(dec.unsignedInteger()),
p: base64url(dec.unsignedInteger()),
q: base64url(dec.unsignedInteger()),
dp: base64url(dec.unsignedInteger()),
dq: base64url(dec.unsignedInteger()),
qi: base64url(dec.unsignedInteger()),
};
}
dec.end();
return { kty: 'RSA', n, e, ...jwk };
}
case 'ec': {
const crv = getNamedCurve(keyObject);
let len;
let offset;
let correction;
switch (crv) {
case 'secp256k1':
len = 64;
offset = 31 + 2;
correction = -1;
break;
case 'P-256':
len = 64;
offset = 34 + 2;
correction = -1;
break;
case 'P-384':
len = 96;
offset = 33 + 2;
correction = -3;
break;
case 'P-521':
len = 132;
offset = 33 + 2;
correction = -3;
break;
default:
throw new JOSENotSupported('Unsupported curve');
}
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'EC',
crv,
x: base64url(der.subarray(-len, -len / 2)),
y: base64url(der.subarray(-len / 2)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
if (der.length < 100) {
offset += correction;
}
return {
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(offset, offset + len / 2)),
};
}
case 'ed25519':
case 'x25519': {
const crv = getNamedCurve(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'OKP',
crv,
x: base64url(der.subarray(-32)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(-32)),
};
}
case 'ed448':
case 'x448': {
const crv = getNamedCurve(keyObject);
if (keyObject.type === 'public') {
const der = keyObject.export({ type: 'spki', format: 'der' });
return {
kty: 'OKP',
crv,
x: base64url(der.subarray(crv === 'Ed448' ? -57 : -56)),
};
}
const der = keyObject.export({ type: 'pkcs8', format: 'der' });
return {
...keyToJWK(createPublicKey(keyObject)),
d: base64url(der.subarray(crv === 'Ed448' ? -57 : -56)),
};
}
default:
throw new JOSENotSupported('Unsupported key asymmetricKeyType');
}
}
default:
throw new JOSENotSupported('Unsupported key type');
}
};
export default keyToJWK;

75
server/node_modules/jose/dist/node/esm/runtime/node_key.js generated vendored Normal file
View File

@@ -0,0 +1,75 @@
import { constants } from 'crypto';
import getNamedCurve from './get_named_curve.js';
import { JOSENotSupported } from '../util/errors.js';
import checkModulusLength from './check_modulus_length.js';
import { rsaPssParams } from './flags.js';
const PSS = {
padding: constants.RSA_PKCS1_PSS_PADDING,
saltLength: constants.RSA_PSS_SALTLEN_DIGEST,
};
const ecCurveAlgMap = new Map([
['ES256', 'P-256'],
['ES256K', 'secp256k1'],
['ES384', 'P-384'],
['ES512', 'P-521'],
]);
export default function keyForCrypto(alg, key) {
switch (alg) {
case 'EdDSA':
if (!['ed25519', 'ed448'].includes(key.asymmetricKeyType)) {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448');
}
return key;
case 'RS256':
case 'RS384':
case 'RS512':
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
checkModulusLength(key, alg);
return key;
case rsaPssParams && 'PS256':
case rsaPssParams && 'PS384':
case rsaPssParams && 'PS512':
if (key.asymmetricKeyType === 'rsa-pss') {
const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;
const length = parseInt(alg.slice(-3), 10);
if (hashAlgorithm !== undefined &&
(hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${alg}`);
}
if (saltLength !== undefined && saltLength > length >> 3) {
throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${alg}`);
}
}
else if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss');
}
checkModulusLength(key, alg);
return { key, ...PSS };
case !rsaPssParams && 'PS256':
case !rsaPssParams && 'PS384':
case !rsaPssParams && 'PS512':
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
checkModulusLength(key, alg);
return { key, ...PSS };
case 'ES256':
case 'ES256K':
case 'ES384':
case 'ES512': {
if (key.asymmetricKeyType !== 'ec') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec');
}
const actual = getNamedCurve(key);
const expected = ecCurveAlgMap.get(alg);
if (actual !== expected) {
throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`);
}
return { dsaEncoding: 'ieee-p1363', key };
}
default:
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
}
}

43
server/node_modules/jose/dist/node/esm/runtime/pbes2kw.js generated vendored Normal file
View File

@@ -0,0 +1,43 @@
import { promisify } from 'util';
import { KeyObject, pbkdf2 as pbkdf2cb } from 'crypto';
import random from './random.js';
import { p2s as concatSalt } from '../lib/buffer_utils.js';
import { encode as base64url } from './base64url.js';
import { wrap, unwrap } from './aeskw.js';
import checkP2s from '../lib/check_p2s.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
const pbkdf2 = promisify(pbkdf2cb);
function getPassword(key, alg) {
if (isKeyObject(key)) {
return key.export();
}
if (key instanceof Uint8Array) {
return key;
}
if (isCryptoKey(key)) {
checkEncCryptoKey(key, alg, 'deriveBits', 'deriveKey');
return KeyObject.from(key).export();
}
throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));
}
export const encrypt = async (alg, key, cek, p2c = 2048, p2s = random(new Uint8Array(16))) => {
checkP2s(p2s);
const salt = concatSalt(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
const encryptedKey = await wrap(alg.slice(-6), derivedKey, cek);
return { encryptedKey, p2c, p2s: base64url(p2s) };
};
export const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
checkP2s(p2s);
const salt = concatSalt(alg, p2s);
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
const password = getPassword(key, alg);
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
return unwrap(alg.slice(-6), derivedKey, encryptedKey);
};

1
server/node_modules/jose/dist/node/esm/runtime/random.js generated vendored Normal file
View File

@@ -0,0 +1 @@
export { randomFillSync as default } from 'crypto';

64
server/node_modules/jose/dist/node/esm/runtime/rsaes.js generated vendored Normal file
View File

@@ -0,0 +1,64 @@
import { KeyObject, publicEncrypt, constants, privateDecrypt } from 'crypto';
import checkModulusLength from './check_modulus_length.js';
import { isCryptoKey } from './webcrypto.js';
import { checkEncCryptoKey } from '../lib/crypto_key.js';
import isKeyObject from './is_key_object.js';
import invalidKeyInput from '../lib/invalid_key_input.js';
import { types } from './is_key_like.js';
const checkKey = (key, alg) => {
if (key.asymmetricKeyType !== 'rsa') {
throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
}
checkModulusLength(key, alg);
};
const resolvePadding = (alg) => {
switch (alg) {
case 'RSA-OAEP':
case 'RSA-OAEP-256':
case 'RSA-OAEP-384':
case 'RSA-OAEP-512':
return constants.RSA_PKCS1_OAEP_PADDING;
case 'RSA1_5':
return constants.RSA_PKCS1_PADDING;
default:
return undefined;
}
};
const resolveOaepHash = (alg) => {
switch (alg) {
case 'RSA-OAEP':
return 'sha1';
case 'RSA-OAEP-256':
return 'sha256';
case 'RSA-OAEP-384':
return 'sha384';
case 'RSA-OAEP-512':
return 'sha512';
default:
return undefined;
}
};
function ensureKeyObject(key, alg, ...usages) {
if (isKeyObject(key)) {
return key;
}
if (isCryptoKey(key)) {
checkEncCryptoKey(key, alg, ...usages);
return KeyObject.from(key);
}
throw new TypeError(invalidKeyInput(key, ...types));
}
export const encrypt = (alg, key, cek) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'wrapKey', 'encrypt');
checkKey(keyObject, alg);
return publicEncrypt({ key: keyObject, oaepHash, padding }, cek);
};
export const decrypt = (alg, key, encryptedKey) => {
const padding = resolvePadding(alg);
const oaepHash = resolveOaepHash(alg);
const keyObject = ensureKeyObject(key, alg, 'unwrapKey', 'decrypt');
checkKey(keyObject, alg);
return privateDecrypt({ key: keyObject, oaepHash, padding }, encryptedKey);
};

1
server/node_modules/jose/dist/node/esm/runtime/runtime.js generated vendored Normal file
View File

@@ -0,0 +1 @@
export default 'node:crypto';

23
server/node_modules/jose/dist/node/esm/runtime/sign.js generated vendored Normal file
View File

@@ -0,0 +1,23 @@
import * as crypto from 'crypto';
import { promisify } from 'util';
import nodeDigest from './dsa_digest.js';
import hmacDigest from './hmac_digest.js';
import nodeKey from './node_key.js';
import getSignKey from './get_sign_verify_key.js';
let oneShotSign;
if (crypto.sign.length > 3) {
oneShotSign = promisify(crypto.sign);
}
else {
oneShotSign = crypto.sign;
}
const sign = async (alg, key, data) => {
const keyObject = getSignKey(alg, key, 'sign');
if (alg.startsWith('HS')) {
const hmac = crypto.createHmac(hmacDigest(alg), keyObject);
hmac.update(data);
return hmac.digest();
}
return oneShotSign(nodeDigest(alg), data, nodeKey(alg, keyObject));
};
export default sign;

3
server/node_modules/jose/dist/node/esm/runtime/timing_safe_equal.js generated vendored Normal file
View File

@@ -0,0 +1,3 @@
import { timingSafeEqual as impl } from 'crypto';
const timingSafeEqual = impl;
export default timingSafeEqual;

36
server/node_modules/jose/dist/node/esm/runtime/verify.js generated vendored Normal file
View File

@@ -0,0 +1,36 @@
import * as crypto from 'crypto';
import { promisify } from 'util';
import nodeDigest from './dsa_digest.js';
import nodeKey from './node_key.js';
import sign from './sign.js';
import getVerifyKey from './get_sign_verify_key.js';
import { oneShotCallback } from './flags.js';
let oneShotVerify;
if (crypto.verify.length > 4 && oneShotCallback) {
oneShotVerify = promisify(crypto.verify);
}
else {
oneShotVerify = crypto.verify;
}
const verify = async (alg, key, signature, data) => {
const keyObject = getVerifyKey(alg, key, 'verify');
if (alg.startsWith('HS')) {
const expected = await sign(alg, keyObject, data);
const actual = signature;
try {
return crypto.timingSafeEqual(actual, expected);
}
catch {
return false;
}
}
const algorithm = nodeDigest(alg);
const keyInput = nodeKey(alg, keyObject);
try {
return await oneShotVerify(algorithm, data, keyInput, signature);
}
catch {
return false;
}
};
export default verify;

8
server/node_modules/jose/dist/node/esm/runtime/webcrypto.js generated vendored Normal file
View File

@@ -0,0 +1,8 @@
import * as crypto from 'crypto';
import * as util from 'util';
const webcrypto = crypto.webcrypto;
export default webcrypto;
export const isCryptoKey = util.types.isCryptoKey
? (key) => util.types.isCryptoKey(key)
:
(key) => false;

9
server/node_modules/jose/dist/node/esm/runtime/zlib.js generated vendored Normal file
View File

@@ -0,0 +1,9 @@
import { promisify } from 'util';
import { inflateRaw as inflateRawCb, deflateRaw as deflateRawCb } from 'zlib';
import { JWEDecompressionFailed } from '../util/errors.js';
const inflateRaw = promisify(inflateRawCb);
const deflateRaw = promisify(deflateRawCb);
export const inflate = (input) => inflateRaw(input, { maxOutputLength: 250000 }).catch(() => {
throw new JWEDecompressionFailed();
});
export const deflate = (input) => deflateRaw(input);