chore(release): 3.20.4

panva · Sep 1, 2022 · a38040d · a38040d
1 parent 1895f9e
commit a38040d
Show file tree

Hide file tree

Showing 86 changed files with 375 additions and 323 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [3.20.4](https://github.com/panva/jose/compare/v3.20.3...v3.20.4) (2022-09-01)
+
+
+### Bug Fixes
+
+* limit default PBES2 alg's computational expense ([d530c30](https://github.com/panva/jose/commit/d530c30af5d5156552accfcdf0b059696e17c44c))
+
 ## [3.20.3](https://github.com/panva/jose/compare/v3.20.2...v3.20.3) (2021-10-14)
 
 

diff --git a/dist/deno/README.md b/dist/deno/README.md
@@ -0,0 +1,45 @@
+# `jose` Modules API Documentation
+
+> "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies using native crypto runtimes
+
+## Support
+
+If you or your business use `jose`, please consider becoming a [sponsor][support-sponsor] so I can continue maintaining it and adding new features carefree.
+
+## Available modules
+
+- JSON Web Tokens (JWT)
+  - [Signing](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jwt_sign.SignJWT.md#readme)
+  - [Verification & Claims Set Validation](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwt_verify.jwtVerify.md#readme)
+  - Encrypted JSON Web Tokens
+    - [Encryption](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jwt_encrypt.EncryptJWT.md#readme)
+    - [Decryption & Claims Set Validation](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwt_decrypt.jwtDecrypt.md#readme)
+- Key Import
+  - [JWK Import](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_import.importJWK.md#readme)
+  - [Public Key Import (SPKI)](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_import.importSPKI.md#readme)
+  - [Public Key Import (X.509 Certificate)](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_import.importX509.md#readme)
+  - [Private Key Import (PKCS #8)](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_import.importPKCS8.md#readme)
+- JSON Web Encryption (JWE)
+  - Encryption - [Compact](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jwe_compact_encrypt.CompactEncrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jwe_flattened_encrypt.FlattenedEncrypt.md#readme)
+  - Decryption - [Compact](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwe_compact_decrypt.compactDecrypt.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwe_flattened_decrypt.flattenedDecrypt.md#readme), [General](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwe_general_decrypt.generalDecrypt.md#readme)
+- JSON Web Signature (JWS)
+  - Signing - [Compact](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jws_compact_sign.CompactSign.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jws_flattened_sign.FlattenedSign.md#readme), [General](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jws_general_sign.GeneralSign.md#readme)
+  - Verification - [Compact](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jws_compact_verify.compactVerify.md#readme), [Flattened](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jws_flattened_verify.flattenedVerify.md#readme), [General](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jws_general_verify.generalVerify.md#readme)
+- JSON Web Key (JWK)
+  - [Thumbprints](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwk_thumbprint.calculateThumbprint.md#readme)
+  - [EmbeddedJWK](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwk_embedded.EmbeddedJWK.md#readme)
+- JSON Web Key Set (JWKS)
+  - [Verify using a remote JWKSet](https://github.com/panva/jose/blob/v3.20.4/docs/functions/jwks_remote.createRemoteJWKSet.md#readme)
+- Key Pair or Secret Generation
+  - [Asymmetric Key Pair Generation](https://github.com/panva/jose/blob/v3.20.4/docs/functions/util_generate_key_pair.generateKeyPair.md#readme)
+  - [Symmetric Secret Generation](https://github.com/panva/jose/blob/v3.20.4/docs/functions/util_generate_secret.generateSecret.md#readme)
+- Key Export
+  - [JWK Export](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_export.exportJWK.md#readme)
+  - [Private Key Export](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_export.exportPKCS8.md#readme)
+  - [Public Key Export](https://github.com/panva/jose/blob/v3.20.4/docs/functions/key_export.exportSPKI.md#readme)
+- Utilities
+  - [Decoding Token's Protected Header](https://github.com/panva/jose/blob/v3.20.4/docs/functions/util_decode_protected_header.decodeProtectedHeader.md#readme)
+- [Unsecured JWT](https://github.com/panva/jose/blob/v3.20.4/docs/classes/jwt_unsecured.UnsecuredJWT.md#readme)
+- [JOSE Errors](https://github.com/panva/jose/blob/v3.20.4/docs/modules/util_errors.md#readme)
+
+[support-sponsor]: https://github.com/sponsors/panva
diff --git a/dist/node/cjs/jwe/compact/decrypt.js b/dist/node/cjs/jwe/compact/decrypt.js
@@ -15,7 +15,7 @@ async function compactDecrypt(jwe, key, options) {
     if (length !== 5) {
         throw new errors_js_1.JWEInvalid('Invalid Compact JWE');
     }
-    const decrypted = await (0, decrypt_js_1.default)({
+    const decrypted = await decrypt_js_1.default({
         ciphertext: (ciphertext || undefined),
         iv: (iv || undefined),
         protected: protectedHeader || undefined,

diff --git a/dist/node/cjs/jwe/flattened/decrypt.js b/dist/node/cjs/jwe/flattened/decrypt.js
@@ -14,7 +14,7 @@ const validate_crit_js_1 = require("../../lib/validate_crit.js");
 const validate_algorithms_js_1 = require("../../lib/validate_algorithms.js");
 async function flattenedDecrypt(jwe, key, options) {
     var _a;
-    if (!(0, is_object_js_1.default)(jwe)) {
+    if (!is_object_js_1.default(jwe)) {
         throw new errors_js_1.JWEInvalid('Flattened JWE must be an object');
     }
     if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) {
@@ -38,31 +38,31 @@ async function flattenedDecrypt(jwe, key, options) {
     if (jwe.aad !== undefined && typeof jwe.aad !== 'string') {
         throw new errors_js_1.JWEInvalid('JWE AAD incorrect type');
     }
-    if (jwe.header !== undefined && !(0, is_object_js_1.default)(jwe.header)) {
+    if (jwe.header !== undefined && !is_object_js_1.default(jwe.header)) {
         throw new errors_js_1.JWEInvalid('JWE Shared Unprotected Header incorrect type');
     }
-    if (jwe.unprotected !== undefined && !(0, is_object_js_1.default)(jwe.unprotected)) {
+    if (jwe.unprotected !== undefined && !is_object_js_1.default(jwe.unprotected)) {
         throw new errors_js_1.JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type');
     }
     let parsedProt;
     if (jwe.protected) {
-        const protectedHeader = (0, base64url_js_1.decode)(jwe.protected);
+        const protectedHeader = base64url_js_1.decode(jwe.protected);
         try {
             parsedProt = JSON.parse(buffer_utils_js_1.decoder.decode(protectedHeader));
         }
         catch {
             throw new errors_js_1.JWEInvalid('JWE Protected Header is invalid');
         }
     }
-    if (!(0, is_disjoint_js_1.default)(parsedProt, jwe.header, jwe.unprotected)) {
+    if (!is_disjoint_js_1.default(parsedProt, jwe.header, jwe.unprotected)) {
         throw new errors_js_1.JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint');
     }
     const joseHeader = {
         ...parsedProt,
         ...jwe.header,
         ...jwe.unprotected,
     };
-    (0, validate_crit_js_1.default)(errors_js_1.JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
+    validate_crit_js_1.default(errors_js_1.JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
     if (joseHeader.zip !== undefined) {
         if (!parsedProt || !parsedProt.zip) {
             throw new errors_js_1.JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');
@@ -78,9 +78,9 @@ async function flattenedDecrypt(jwe, key, options) {
     if (typeof enc !== 'string' || !enc) {
         throw new errors_js_1.JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header');
     }
-    const keyManagementAlgorithms = options && (0, validate_algorithms_js_1.default)('keyManagementAlgorithms', options.keyManagementAlgorithms);
+    const keyManagementAlgorithms = options && validate_algorithms_js_1.default('keyManagementAlgorithms', options.keyManagementAlgorithms);
     const contentEncryptionAlgorithms = options &&
-        (0, validate_algorithms_js_1.default)('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);
+        validate_algorithms_js_1.default('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);
     if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) {
         throw new errors_js_1.JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed');
     }
@@ -89,7 +89,7 @@ async function flattenedDecrypt(jwe, key, options) {
     }
     let encryptedKey;
     if (jwe.encrypted_key !== undefined) {
-        encryptedKey = (0, base64url_js_1.decode)(jwe.encrypted_key);
+        encryptedKey = base64url_js_1.decode(jwe.encrypted_key);
     }
     let resolvedKey = false;
     if (typeof key === 'function') {
@@ -98,25 +98,25 @@ async function flattenedDecrypt(jwe, key, options) {
     }
     let cek;
     try {
-        cek = await (0, decrypt_key_management_js_1.default)(alg, key, encryptedKey, joseHeader, options);
+        cek = await decrypt_key_management_js_1.default(alg, key, encryptedKey, joseHeader, options);
     }
     catch (err) {
         if (err instanceof TypeError || err instanceof errors_js_1.JWEInvalid || err instanceof errors_js_1.JOSENotSupported) {
             throw err;
         }
-        cek = (0, cek_js_1.default)(enc);
+        cek = cek_js_1.default(enc);
     }
-    const iv = (0, base64url_js_1.decode)(jwe.iv);
-    const tag = (0, base64url_js_1.decode)(jwe.tag);
+    const iv = base64url_js_1.decode(jwe.iv);
+    const tag = base64url_js_1.decode(jwe.tag);
     const protectedHeader = buffer_utils_js_1.encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
     let additionalData;
     if (jwe.aad !== undefined) {
-        additionalData = (0, buffer_utils_js_1.concat)(protectedHeader, buffer_utils_js_1.encoder.encode('.'), buffer_utils_js_1.encoder.encode(jwe.aad));
+        additionalData = buffer_utils_js_1.concat(protectedHeader, buffer_utils_js_1.encoder.encode('.'), buffer_utils_js_1.encoder.encode(jwe.aad));
     }
     else {
         additionalData = protectedHeader;
     }
-    let plaintext = await (0, decrypt_js_1.default)(enc, cek, (0, base64url_js_1.decode)(jwe.ciphertext), iv, tag, additionalData);
+    let plaintext = await decrypt_js_1.default(enc, cek, base64url_js_1.decode(jwe.ciphertext), iv, tag, additionalData);
     if (joseHeader.zip === 'DEF') {
         plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || zlib_js_1.inflate)(plaintext);
     }
@@ -125,7 +125,7 @@ async function flattenedDecrypt(jwe, key, options) {
         result.protectedHeader = parsedProt;
     }
     if (jwe.aad !== undefined) {
-        result.additionalAuthenticatedData = (0, base64url_js_1.decode)(jwe.aad);
+        result.additionalAuthenticatedData = base64url_js_1.decode(jwe.aad);
     }
     if (jwe.unprotected !== undefined) {
         result.sharedUnprotectedHeader = jwe.unprotected;

diff --git a/dist/node/cjs/jwe/flattened/encrypt.js b/dist/node/cjs/jwe/flattened/encrypt.js
@@ -67,15 +67,15 @@ class FlattenedEncrypt {
         if (!this._protectedHeader && !this._unprotectedHeader && !this._sharedUnprotectedHeader) {
             throw new errors_js_1.JWEInvalid('either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()');
         }
-        if (!(0, is_disjoint_js_1.default)(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) {
+        if (!is_disjoint_js_1.default(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) {
             throw new errors_js_1.JWEInvalid('JWE Shared Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint');
         }
         const joseHeader = {
             ...this._protectedHeader,
             ...this._unprotectedHeader,
             ...this._sharedUnprotectedHeader,
         };
-        (0, validate_crit_js_1.default)(errors_js_1.JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);
+        validate_crit_js_1.default(errors_js_1.JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);
         if (joseHeader.zip !== undefined) {
             if (!this._protectedHeader || !this._protectedHeader.zip) {
                 throw new errors_js_1.JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');
@@ -105,7 +105,7 @@ class FlattenedEncrypt {
         let cek;
         {
             let parameters;
-            ({ cek, encryptedKey, parameters } = await (0, encrypt_key_management_js_1.default)(alg, enc, key, this._cek, this._keyManagementParameters));
+            ({ cek, encryptedKey, parameters } = await encrypt_key_management_js_1.default(alg, enc, key, this._cek, this._keyManagementParameters));
             if (parameters) {
                 if (!this._protectedHeader) {
                     this.setProtectedHeader(parameters);
@@ -115,19 +115,19 @@ class FlattenedEncrypt {
                 }
             }
         }
-        this._iv || (this._iv = (0, iv_js_1.default)(enc));
+        this._iv || (this._iv = iv_js_1.default(enc));
         let additionalData;
         let protectedHeader;
         let aadMember;
         if (this._protectedHeader) {
-            protectedHeader = buffer_utils_js_1.encoder.encode((0, base64url_js_1.encode)(JSON.stringify(this._protectedHeader)));
+            protectedHeader = buffer_utils_js_1.encoder.encode(base64url_js_1.encode(JSON.stringify(this._protectedHeader)));
         }
         else {
             protectedHeader = buffer_utils_js_1.encoder.encode('');
         }
         if (this._aad) {
-            aadMember = (0, base64url_js_1.encode)(this._aad);
-            additionalData = (0, buffer_utils_js_1.concat)(protectedHeader, buffer_utils_js_1.encoder.encode('.'), buffer_utils_js_1.encoder.encode(aadMember));
+            aadMember = base64url_js_1.encode(this._aad);
+            additionalData = buffer_utils_js_1.concat(protectedHeader, buffer_utils_js_1.encoder.encode('.'), buffer_utils_js_1.encoder.encode(aadMember));
         }
         else {
             additionalData = protectedHeader;
@@ -136,19 +136,19 @@ class FlattenedEncrypt {
         let tag;
         if (joseHeader.zip === 'DEF') {
             const deflated = await ((options === null || options === void 0 ? void 0 : options.deflateRaw) || zlib_js_1.deflate)(this._plaintext);
-            ({ ciphertext, tag } = await (0, encrypt_js_1.default)(enc, deflated, cek, this._iv, additionalData));
+            ({ ciphertext, tag } = await encrypt_js_1.default(enc, deflated, cek, this._iv, additionalData));
         }
         else {
             ;
-            ({ ciphertext, tag } = await (0, encrypt_js_1.default)(enc, this._plaintext, cek, this._iv, additionalData));
+            ({ ciphertext, tag } = await encrypt_js_1.default(enc, this._plaintext, cek, this._iv, additionalData));
         }
         const jwe = {
-            ciphertext: (0, base64url_js_1.encode)(ciphertext),
-            iv: (0, base64url_js_1.encode)(this._iv),
-            tag: (0, base64url_js_1.encode)(tag),
+            ciphertext: base64url_js_1.encode(ciphertext),
+            iv: base64url_js_1.encode(this._iv),
+            tag: base64url_js_1.encode(tag),
         };
         if (encryptedKey) {
-            jwe.encrypted_key = (0, base64url_js_1.encode)(encryptedKey);
+            jwe.encrypted_key = base64url_js_1.encode(encryptedKey);
         }
         if (aadMember) {
             jwe.aad = aadMember;

diff --git a/dist/node/cjs/jwe/general/decrypt.js b/dist/node/cjs/jwe/general/decrypt.js
@@ -5,15 +5,15 @@ const decrypt_js_1 = require("../flattened/decrypt.js");
 const errors_js_1 = require("../../util/errors.js");
 const is_object_js_1 = require("../../lib/is_object.js");
 async function generalDecrypt(jwe, key, options) {
-    if (!(0, is_object_js_1.default)(jwe)) {
+    if (!is_object_js_1.default(jwe)) {
         throw new errors_js_1.JWEInvalid('General JWE must be an object');
     }
     if (!Array.isArray(jwe.recipients) || !jwe.recipients.every(is_object_js_1.default)) {
         throw new errors_js_1.JWEInvalid('JWE Recipients missing or incorrect type');
     }
     for (const recipient of jwe.recipients) {
         try {
-            return await (0, decrypt_js_1.default)({
+            return await decrypt_js_1.default({
                 aad: jwe.aad,
                 ciphertext: jwe.ciphertext,
                 encrypted_key: recipient.encrypted_key,

diff --git a/dist/node/cjs/jwk/embedded.js b/dist/node/cjs/jwk/embedded.js
@@ -9,10 +9,10 @@ async function EmbeddedJWK(protectedHeader, token) {
         ...protectedHeader,
         ...token.header,
     };
-    if (!(0, is_object_js_1.default)(joseHeader.jwk)) {
+    if (!is_object_js_1.default(joseHeader.jwk)) {
         throw new errors_js_1.JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a JSON object');
     }
-    const key = await (0, import_js_1.importJWK)({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true);
+    const key = await import_js_1.importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true);
     if (key instanceof Uint8Array || key.type !== 'public') {
         throw new errors_js_1.JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key');
     }

diff --git a/dist/node/cjs/jwk/from_key_like.js b/dist/node/cjs/jwk/from_key_like.js
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromKeyLike = void 0;
 const export_js_1 = require("../key/export.js");
 async function fromKeyLike(key) {
-    return (0, export_js_1.exportJWK)(key);
+    return export_js_1.exportJWK(key);
 }
 exports.fromKeyLike = fromKeyLike;
 exports.default = fromKeyLike;
diff --git a/dist/node/cjs/jwk/parse.js b/dist/node/cjs/jwk/parse.js
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseJwk = void 0;
 const import_js_1 = require("../key/import.js");
 async function parseJwk(jwk, alg, octAsKeyObject) {
-    return (0, import_js_1.importJWK)(jwk, alg, octAsKeyObject);
+    return import_js_1.importJWK(jwk, alg, octAsKeyObject);
 }
 exports.parseJwk = parseJwk;
 exports.default = parseJwk;
diff --git a/dist/node/cjs/jwk/thumbprint.js b/dist/node/cjs/jwk/thumbprint.js
@@ -12,7 +12,7 @@ const check = (value, description) => {
     }
 };
 async function calculateThumbprint(jwk, digestAlgorithm = 'sha256') {
-    if (!(0, is_object_js_1.default)(jwk)) {
+    if (!is_object_js_1.default(jwk)) {
         throw new TypeError('JWK must be an object');
     }
     let components;
@@ -41,7 +41,7 @@ async function calculateThumbprint(jwk, digestAlgorithm = 'sha256') {
             throw new errors_js_1.JOSENotSupported('"kty" (Key Type) Parameter missing or unsupported');
     }
     const data = buffer_utils_js_1.encoder.encode(JSON.stringify(components));
-    return (0, base64url_js_1.encode)(await (0, digest_js_1.default)(digestAlgorithm, data));
+    return base64url_js_1.encode(await digest_js_1.default(digestAlgorithm, data));
 }
 exports.calculateThumbprint = calculateThumbprint;
 exports.default = calculateThumbprint;