From 072e83de5bf3a15775b0bf25ef8afa8851b8862d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 30 Apr 2023 08:03:16 +0200 Subject: [PATCH] refactor: cleanup NODE-ED25519 workerd workarounds Both workerd and the live service now support the Ed25519 and X25519 identifiers. --- src/jwks/remote.ts | 12 ++++++++++- src/lib/crypto_key.ts | 6 ------ src/runtime/browser/asn1.ts | 33 +++++++------------------------ src/runtime/browser/env.ts | 10 ---------- src/runtime/browser/generate.ts | 21 +++----------------- src/runtime/browser/jwk_to_key.ts | 15 +------------- src/runtime/browser/subtle_dsa.ts | 5 ----- src/runtime/node/env.ts | 3 --- 8 files changed, 22 insertions(+), 83 deletions(-) delete mode 100644 src/runtime/browser/env.ts delete mode 100644 src/runtime/node/env.ts diff --git a/src/jwks/remote.ts b/src/jwks/remote.ts index 428dc119fc..957d587896 100644 --- a/src/jwks/remote.ts +++ b/src/jwks/remote.ts @@ -1,11 +1,21 @@ import fetchJwks from '../runtime/fetch_jwks.js' -import { isCloudflareWorkers } from '../runtime/env.js' import type { KeyLike, JWSHeaderParameters, FlattenedJWSInput } from '../types.d' import { JWKSInvalid, JWKSNoMatchingKey } from '../util/errors.js' import { isJWKSLike, LocalJWKSet } from './local.js' +function isCloudflareWorkers() { + return ( + // @ts-ignore + typeof WebSocketPair !== 'undefined' || + // @ts-ignore + (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') || + // @ts-ignore + (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel') + ) +} + /** Options for the remote JSON Web Key Set. */ export interface RemoteJWKSetOptions { /** diff --git a/src/lib/crypto_key.ts b/src/lib/crypto_key.ts index fb964c42d4..44e77f1e6d 100644 --- a/src/lib/crypto_key.ts +++ b/src/lib/crypto_key.ts @@ -1,5 +1,3 @@ -import { isCloudflareWorkers } from '../runtime/env.js' - function unusable(name: string | number, prop = 'algorithm.name') { return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`) } @@ -73,10 +71,6 @@ export function checkSigCryptoKey(key: CryptoKey, alg: string, ...usages: KeyUsa } case 'EdDSA': { if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') { - if (isCloudflareWorkers()) { - if (isAlgorithm(key.algorithm, 'NODE-ED25519')) break - throw unusable('Ed25519, Ed448, or NODE-ED25519') - } throw unusable('Ed25519 or Ed448') } break diff --git a/src/runtime/browser/asn1.ts b/src/runtime/browser/asn1.ts index be2b8dfeb6..84152a819f 100644 --- a/src/runtime/browser/asn1.ts +++ b/src/runtime/browser/asn1.ts @@ -1,4 +1,3 @@ -import { isCloudflareWorkers } from './env.js' import crypto, { isCryptoKey } from './webcrypto.js' import type { PEMExportFunction, PEMImportFunction } from '../interfaces.d' import invalidKeyInput from '../../lib/invalid_key_input.js' @@ -143,31 +142,13 @@ const genericImport = async ( throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value') } - try { - return await crypto.subtle.importKey( - keyFormat, - keyData, - algorithm, - options?.extractable ?? false, - keyUsages, - ) - } catch (err) { - if ( - algorithm.name === 'Ed25519' && - (err)?.name === 'NotSupportedError' && - isCloudflareWorkers() - ) { - algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' } - return await crypto.subtle.importKey( - keyFormat, - keyData, - algorithm, - options?.extractable ?? false, - keyUsages, - ) - } - throw err - } + return crypto.subtle.importKey( + keyFormat, + keyData, + algorithm, + options?.extractable ?? false, + keyUsages, + ) } export const fromPKCS8: PEMImportFunction = (pem, alg, options?) => { diff --git a/src/runtime/browser/env.ts b/src/runtime/browser/env.ts deleted file mode 100644 index c756022f1b..0000000000 --- a/src/runtime/browser/env.ts +++ /dev/null @@ -1,10 +0,0 @@ -export function isCloudflareWorkers() { - return ( - // @ts-ignore - typeof WebSocketPair !== 'undefined' || - // @ts-ignore - (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') || - // @ts-ignore - (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel') - ) -} diff --git a/src/runtime/browser/generate.ts b/src/runtime/browser/generate.ts index 4c21762b30..916cf20ed1 100644 --- a/src/runtime/browser/generate.ts +++ b/src/runtime/browser/generate.ts @@ -1,4 +1,3 @@ -import { isCloudflareWorkers } from './env.js' import crypto from './webcrypto.js' import { JOSENotSupported } from '../../util/errors.js' import random from './random.js' @@ -149,21 +148,7 @@ export async function generateKeyPair(alg: string, options?: GenerateKeyPairOpti throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value') } - try { - return <{ publicKey: CryptoKey; privateKey: CryptoKey }>( - await crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages) - ) - } catch (err) { - if ( - algorithm.name === 'Ed25519' && - (err)?.name === 'NotSupportedError' && - isCloudflareWorkers() - ) { - algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' } - return <{ publicKey: CryptoKey; privateKey: CryptoKey }>( - await crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages) - ) - } - throw err - } + return >( + crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages) + ) } diff --git a/src/runtime/browser/jwk_to_key.ts b/src/runtime/browser/jwk_to_key.ts index 983edf30c2..7c72e3db79 100644 --- a/src/runtime/browser/jwk_to_key.ts +++ b/src/runtime/browser/jwk_to_key.ts @@ -1,4 +1,3 @@ -import { isCloudflareWorkers } from './env.js' import crypto from './webcrypto.js' import type { JWKImportFunction } from '../interfaces.d' import { JOSENotSupported } from '../../util/errors.js' @@ -150,18 +149,6 @@ const parse: JWKImportFunction = async (jwk: JWK): Promise => { const keyData: JWK = { ...jwk } delete keyData.alg delete keyData.use - try { - return await crypto.subtle.importKey('jwk', keyData, ...rest) - } catch (err) { - if ( - algorithm.name === 'Ed25519' && - (err)?.name === 'NotSupportedError' && - isCloudflareWorkers() - ) { - rest[0] = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' } - return await crypto.subtle.importKey('jwk', keyData, ...rest) - } - throw err - } + return crypto.subtle.importKey('jwk', keyData, ...rest) } export default parse diff --git a/src/runtime/browser/subtle_dsa.ts b/src/runtime/browser/subtle_dsa.ts index 741f115e82..47ebccec14 100644 --- a/src/runtime/browser/subtle_dsa.ts +++ b/src/runtime/browser/subtle_dsa.ts @@ -1,4 +1,3 @@ -import { isCloudflareWorkers } from './env.js' import { JOSENotSupported } from '../../util/errors.js' export default function subtleDsa(alg: string, algorithm: KeyAlgorithm | EcKeyAlgorithm) { @@ -22,10 +21,6 @@ export default function subtleDsa(alg: string, algorithm: KeyAlgorithm | EcKeyAl case 'ES512': return { hash, name: 'ECDSA', namedCurve: (algorithm).namedCurve } case 'EdDSA': - if (isCloudflareWorkers() && algorithm.name === 'NODE-ED25519') { - return { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' } - } - return { name: algorithm.name } default: throw new JOSENotSupported( diff --git a/src/runtime/node/env.ts b/src/runtime/node/env.ts deleted file mode 100644 index e1ad91c087..0000000000 --- a/src/runtime/node/env.ts +++ /dev/null @@ -1,3 +0,0 @@ -export function isCloudflareWorkers() { - return false -}