Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trying to convert a PEM public key to JWK #495

Closed
2 tasks done
dagnelies opened this issue Jan 27, 2023 · 3 comments
Closed
2 tasks done

Trying to convert a PEM public key to JWK #495

dagnelies opened this issue Jan 27, 2023 · 3 comments
Labels
external An issue that's caused by an external factor, not this module. triage

Comments

@dagnelies
Copy link

What happened?

Hi,

I'm trying to convert the PEM public key as follows:

  const publicPem = "-----BEGIN PUBLIC KEY-----...."
  const publicKey = await jose.importSPKI(publicPem, 'RS256', {extractable:true})
  console.log(publicKey)
// OK, prints "CryptoKey {...}"

  const publicJwk = await jose.exportJWK(publicKey) // <- Error
  console.log(publicJwk)

But it generates the following error:

TypeError: Right-hand side of 'instanceof' is not an object
    at isCryptoKey (...\node_modules\jose\dist\browser\runtime\webcrypto.js:2:37)
    at keyToJWK (...\node_modules\jose\dist\browser\runtime\key_to_jwk.js:12:10)
    at exportJWK (...\node_modules\jose\dist\browser\key\export.js:11:12)

Strangely enough the code works when deployed on Cloudflare.

Here is the related code: https://github.com/panva/jose/blob/main/src/runtime/browser/key_to_jwk.ts

I think it has to do with the node vs browser runtime, it is a bit weird though.

Version

4.11.2

Runtime

Cloudflare Workers

Runtime Details

Node v19.4.0 / Wrangler

Code to reproduce

const publicPem = "-----BEGIN PUBLIC KEY-----...."
  const publicKey = await jose.importSPKI(publicPem, 'RS256', {extractable:true})
  console.log(publicKey)
// OK, prints "CryptoKey {...}"

  const publicJwk = await jose.exportJWK(publicKey) // <- Error
  console.log(publicJwk)

Required

  • I have searched the issues tracker and discussions for similar topics and couldn't find anything related.
  • I agree to follow this project's Code of Conduct
@panva panva added the external An issue that's caused by an external factor, not this module. label Jan 27, 2023
@panva
Copy link
Owner

panva commented Jan 27, 2023
edited

Node v19.4.0 / Wrangler

Sorry @dagnelies, I have no clue how to replicate this.

Strangely enough the code works when deployed on Cloudflare.

Not strange at all.

Obviously the problem is not with the library but whatever runtime you're executing your code in - it lacks the CryptoKey in its globals.

  • CF Workers (workerd) is part of the CI pipeline and the WebCryptoAPI runtime build works there.
  • Node v19.x is also part of the CI pipeline and the WebCryptoAPI build works there too because WebCryptoAPI is finally made global in 19.x onward.

@panva
Copy link
Owner

panva commented Jan 29, 2023

If this is the same runtime issue miniflare had, downgrading to v18.x node will help. Be sure to open an issue with your respective runtime.

Ref: cloudflare/miniflare#457

@panva panva closed this as not planned Won't fix, can't repro, duplicate, stale Jan 29, 2023
@dagnelies
Copy link
Author

Thanks for checking. It is indeed an issue with miniflare.

panva added a commit that referenced this issue Feb 7, 2023
@panva
fix(CF Workers): improve miniflare compat with different Node.js vers…
3406b9f 
…ions, get ready for future non-proprietary support

closes #446
closes #495
closes #497
patrickdevivo added a commit to mergestat/mergestat that referenced this issue Mar 5, 2023
@patrickdevivo
[Snyk] Upgrade jose from 4.9.2 to 4.11.4 (#881)
7726f9d 
<h3>Snyk has created this PR to upgrade jose from 4.9.2 to 4.11.4.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>

- The recommended version is **11 versions** ahead of your current
version.
- The recommended version was released **25 days ago**, on 2023-02-07.


<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>jose</b></summary>
    <ul>
      <li>
<b>4.11.4</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.11.4">2023-02-07</a></br><h3>Fixes</h3>
<ul>
<li><strong>build:</strong> ignore deno files in npm publishes (<a
href="https://snyk.io/redirect/github/panva/jose/commit/b3d6a11bf0803c37e1e9d0368ccec1f1264eef74">b3d6a11</a>)</li>
</ul>
      </li>
      <li>
<b>4.11.3</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.11.3">2023-02-07</a></br><h3>Fixes</h3>
<ul>
<li><strong>CF Workers:</strong> improve miniflare compat with different
Node.js versions, get ready for future non-proprietary support (<a
href="https://snyk.io/redirect/github/panva/jose/commit/3406b9f73b1884b5db9c60675a68fe85794d48e0">3406b9f</a>),
closes <a href="https://snyk.io/redirect/github/panva/jose/issues/446"
data-hovercard-type="issue"
data-hovercard-url="/panva/jose/issues/446/hovercard">#446</a> <a
href="https://snyk.io/redirect/github/panva/jose/issues/495"
data-hovercard-type="issue"
data-hovercard-url="/panva/jose/issues/495/hovercard">#495</a> <a
href="https://snyk.io/redirect/github/panva/jose/issues/497">#497</a></li>
</ul>
      </li>
      <li>
<b>4.11.2</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.11.2">2023-01-01</a></br><h3>Refactor</h3>
<ul>
<li><strong>node:</strong> dry node version checks (<a
href="https://snyk.io/redirect/github/panva/jose/commit/aff2f7c00f28b599ee72dd9f0a36c3783f1e195f">aff2f7c</a>)</li>
</ul>
      </li>
      <li>
<b>4.11.1</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.11.1">2022-11-22</a></br><p>This
release contains only code refactoring, documentation updates, and
Node.js CITGM related test updates.</p>
      </li>
      <li>
<b>4.11.0</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.11.0">2022-11-08</a></br><h3>Features</h3>
<ul>
<li>add bun as a supported runtime (<a
href="https://snyk.io/redirect/github/panva/jose/commit/3a636318914866decd934d455d7c3789d304992c">3a63631</a>)</li>
</ul>
<h3>Fixes</h3>
<ul>
<li>respect JWK ext for symmetric keys (<a
href="https://snyk.io/redirect/github/panva/jose/commit/20557fccf1ce0ebd7dd5d18cc33aa64d6f7b35ba">20557fc</a>)</li>
</ul>
      </li>
      <li>
<b>4.10.4</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.10.4">2022-10-28</a></br><h3>Fixes</h3>
<ul>
<li>typo in importPKSC8 error message (<a
href="https://snyk.io/redirect/github/panva/jose/issues/468"
data-hovercard-type="pull_request"
data-hovercard-url="/panva/jose/pull/468/hovercard">#468</a>) (<a
href="https://snyk.io/redirect/github/panva/jose/commit/746bc64675636f2a09a6745e71cba8a2bdf3718f">746bc64</a>)</li>
<li>workaround for invalid use checks on CF Workers and Deno (<a
href="https://snyk.io/redirect/github/panva/jose/commit/e4d04eb65f72041784d948eaa8432e4b64193729">e4d04eb</a>)</li>
</ul>
      </li>
      <li>
<b>4.10.3</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.10.3">2022-10-20</a></br><p>v4.10.1,
v4.10.2, and v4.10.3 contain only code refactoring, documentation
updates, and updates necessary to include <code>jose</code> in the
Node.js CITGM builds.</p>
      </li>
      <li>
<b>4.10.2</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.10.2">2022-10-20</a></br><p>chore(release):
4.10.2</p>
      </li>
      <li>
<b>4.10.1</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.10.1">2022-10-20</a></br><p>chore(release):
4.10.1</p>
      </li>
      <li>
<b>4.10.0</b> - <a
href="https://snyk.io/redirect/github/panva/jose/releases/tag/v4.10.0">2022-09-27</a></br><h3>Features</h3>
<ul>
<li>Curve25519, and Curve448 support for WebCryptoAPI runtimes based on
<a href="https://wicg.github.io/webcrypto-secure-curves/"
rel="nofollow">Secure Curves in the Web Cryptography API</a> (<a
href="https://snyk.io/redirect/github/panva/jose/commit/fea359a2055aa1b65170999a7f8e1bb23a3a1cb5">fea359a</a>)</li>
</ul>
<h3>Fixes</h3>
<ul>
<li><strong>importX509:</strong> handle length encodings better (<a
href="https://snyk.io/redirect/github/panva/jose/commit/47d0d777a1ac90ff2ed0368fdab536db3d17aa8c">47d0d77</a>),
closes <a href="https://snyk.io/redirect/github/panva/jose/issues/459"
data-hovercard-type="issue"
data-hovercard-url="/panva/jose/issues/459/hovercard">#459</a></li>
</ul>
      </li>
      <li>
        <b>4.9.3</b> - 2022-09-15
      </li>
      <li>
        <b>4.9.2</b> - 2022-09-01
      </li>
    </ul>
from <a href="https://snyk.io/redirect/github/panva/jose/releases">jose
GitHub release notes</a>
  </details>
</details>


<details>
  <summary><b>Commit messages</b></summary>
  </br>
  <details>
    <summary>Package name: <b>jose</b></summary>
    <ul>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/a4610ca887f8aefb2b5f919238717004b49921a1">a4610ca</a>
chore(release): 4.11.4</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/b3d6a11bf0803c37e1e9d0368ccec1f1264eef74">b3d6a11</a>
fix(build): ignore deno files in npm publishes</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/7a9e4b7be4cc325c6571d3b07fe583ef50d4b8fc">7a9e4b7</a>
chore: cleanup after publish</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/bd30a5c952ff8876f5d8d666e0753893b63fcdf1">bd30a5c</a>
chore(release): 4.11.3</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/48d356526fd6d9bbf8726e8362d800f35a89aca5">48d3565</a>
chore: upgrade dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/3406b9f73b1884b5db9c60675a68fe85794d48e0">3406b9f</a>
fix(CF Workers): improve miniflare compat with different Node.js
versions, get ready for future non-proprietary support</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/2d783e06c8bd09f9abfdca8a1b8d03901f68a2f1">2d783e0</a>
build(deps-dev): bump edge-runtime from 2.0.3 to 2.0.4 (#496)</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/d8faafe9730be786b398d4d3beffafe88eeb76ac">d8faafe</a>
ci: update ci triggers</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/1132e91c3f746a4fa6313fd1ca2c74b5b132314a">1132e91</a>
ci: update ci triggers</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/914833313d315c073e95fb8d49e48202d4fd4e59">9148333</a>
ci: add envinfo, switch workerd to ubuntu-latest</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/b73eace68f555789f450e13b1965c9a80468e2a6">b73eace</a>
test: update TAP to add key import export roundtrips</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/a91d79d302abf5a7b474a2c0014c16ebb3dc7077">a91d79d</a>
test: update TAP jws cookbook to always do verification too</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/c458615ce07ff3db7e987fed944dee7b887876b8">c458615</a>
chore: upgrade dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/6703d77b3591f4a734285a3043344d12fa57e64b">6703d77</a>
test: update node and electron flags</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/9cc08c49f16112281d6c7682b03f853188815ad5">9cc08c4</a>
ci: dry tap/browserstack.cjs</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/cfb8d8f8d6733198d01816586bed377dd24ce9ef">cfb8d8f</a>
ci: update browserstack safari selection</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/c1a417dfbfb9d192c444e3917e71004eceb9b480">c1a417d</a>
ci: update lock.yml</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/1c149020d84134dac0bde549e67bd970eb72d750">1c14902</a>
chore: bump dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/72166fd804dbad797df78b1deda8a9c8189efbd8">72166fd</a>
chore: update dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/9a918a88c5fded3b17bcf356dd58fafefb34a4d0">9a918a8</a>
chore: update dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/c80d0e1bf751093a73b1bc6973ccb6c81ab48373">c80d0e1</a>
chore: update dev deps</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/3a9ba405001cc9b34a3360c81aa75e660882b174">3a9ba40</a>
chore: cleanup after publish</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/8420f04625b232ae8a9288e62e60a423b30ded5c">8420f04</a>
chore(release): 4.11.2</li>
<li><a
href="https://snyk.io/redirect/github/panva/jose/commit/aff2f7c00f28b599ee72dd9f0a36c3783f1e195f">aff2f7c</a>
refactor(node): dry node version checks</li>
    </ul>

<a
href="https://snyk.io/redirect/github/panva/jose/compare/db71b3d15254b27666754fa2ec85b666b4cf1306...a4610ca887f8aefb2b5f919238717004b49921a1">Compare</a>
  </details>
</details>
<hr/>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkNTkwYTRiNC1kOTY5LTQ3OTMtYmI1Zi02YmQ3YmRmODUxOGIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQ1OTBhNGI0LWQ5NjktNDc5My1iYjVmLTZiZDdiZGY4NTE4YiJ9fQ=="
width="0" height="0"/>

🧐 [View latest project
report](https://app.snyk.io/org/mergestat/project/e267d993-52da-4f6e-9de9-0012cd8b1835?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/mergestat/project/e267d993-52da-4f6e-9de9-0012cd8b1835/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)

🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/mergestat/project/e267d993-52da-4f6e-9de9-0012cd8b1835/settings/integration?pkg&#x3D;jose&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

<!---
(snyk:metadata:{"prId":"d590a4b4-d969-4793-bb5f-6bd7bdf8518b","prPublicId":"d590a4b4-d969-4793-bb5f-6bd7bdf8518b","dependencies":[{"name":"jose","from":"4.9.2","to":"4.11.4"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/mergestat/project/e267d993-52da-4f6e-9de9-0012cd8b1835?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"e267d993-52da-4f6e-9de9-0012cd8b1835","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":11,"publishedDate":"2023-02-07T11:20:43.279Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
@github-actions github-actions bot locked and limited conversation to collaborators Jun 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
external An issue that's caused by an external factor, not this module. triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panva @dagnelies