-
-
Notifications
You must be signed in to change notification settings - Fork 299
/
decrypt.ts
107 lines (102 loc) · 3.22 KB
/
decrypt.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import { flattenedDecrypt } from '../flattened/decrypt.ts'
import { JWEDecryptionFailed, JWEInvalid } from '../../util/errors.ts'
import type {
KeyLike,
DecryptOptions,
JWEHeaderParameters,
GetKeyFunction,
FlattenedJWE,
GeneralJWE,
GeneralDecryptResult,
ResolvedKey,
} from '../../types.d.ts'
import isObject from '../../lib/is_object.ts'
/**
* Interface for General JWE Decryption dynamic key resolution. No token components have been
* verified at the time of this function call.
*/
export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> {}
/**
* Decrypts a General JWE.
*
* @example Usage
*
* ```js
* const jwe = {
* ciphertext: '9EzjFISUyoG-ifC2mSihfP0DPC80yeyrxhTzKt1C_VJBkxeBG0MI4Te61Pk45RAGubUvBpU9jm4',
* iv: '8Fy7A_IuoX5VXG9s',
* tag: 'W76IYV6arGRuDSaSyWrQNg',
* aad: 'VGhlIEZlbGxvd3NoaXAgb2YgdGhlIFJpbmc',
* protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0',
* recipients: [
* {
* encrypted_key:
* 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA',
* },
* ],
* }
*
* const { plaintext, protectedHeader, additionalAuthenticatedData } =
* await jose.generalDecrypt(jwe, privateKey)
*
* console.log(protectedHeader)
* const decoder = new TextDecoder()
* console.log(decoder.decode(plaintext))
* console.log(decoder.decode(additionalAuthenticatedData))
* ```
*
* @param jwe General JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/
export function generalDecrypt(
jwe: GeneralJWE,
key: KeyLike | Uint8Array,
options?: DecryptOptions,
): Promise<GeneralDecryptResult>
/**
* @param jwe General JWE.
* @param getKey Function resolving Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/
export function generalDecrypt(
jwe: GeneralJWE,
getKey: GeneralDecryptGetKey,
options?: DecryptOptions,
): Promise<GeneralDecryptResult & ResolvedKey>
export async function generalDecrypt(
jwe: GeneralJWE,
key: KeyLike | Uint8Array | GeneralDecryptGetKey,
options?: DecryptOptions,
) {
if (!isObject(jwe)) {
throw new JWEInvalid('General JWE must be an object')
}
if (!Array.isArray(jwe.recipients) || !jwe.recipients.every(isObject)) {
throw new JWEInvalid('JWE Recipients missing or incorrect type')
}
if (!jwe.recipients.length) {
throw new JWEInvalid('JWE Recipients has no members')
}
for (const recipient of jwe.recipients) {
try {
return await flattenedDecrypt(
{
aad: jwe.aad,
ciphertext: jwe.ciphertext,
encrypted_key: recipient.encrypted_key,
header: recipient.header,
iv: jwe.iv,
protected: jwe.protected,
tag: jwe.tag,
unprotected: jwe.unprotected,
},
<Parameters<typeof flattenedDecrypt>[1]>key,
options,
)
} catch {
//
}
}
throw new JWEDecryptionFailed()
}