Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
chengnan
/
s202226701001
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 3e26c58256
Ramos Etiquetas
s202226701001
/
sever-test
/
node_modules
/
jose
/
dist
/
node
/
esm
/
jwe
/
flattened
/
decrypt.js

decrypt.js 6.4 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. import { decode as base64url } from '../../runtime/base64url.js';
    2. 

  2. import decrypt from '../../runtime/decrypt.js';
    3. 

  3. import { inflate } from '../../runtime/zlib.js';
    4. 

  4. import { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js';
    5. 

  5. import isDisjoint from '../../lib/is_disjoint.js';
    6. 

  6. import isObject from '../../lib/is_object.js';
    7. 

  7. import decryptKeyManagement from '../../lib/decrypt_key_management.js';
    8. 

  8. import { encoder, decoder, concat } from '../../lib/buffer_utils.js';
    9. 

  9. import generateCek from '../../lib/cek.js';
    10. 

  10. import validateCrit from '../../lib/validate_crit.js';
    11. 

  11. import validateAlgorithms from '../../lib/validate_algorithms.js';
    12. 

  12. export async function flattenedDecrypt(jwe, key, options) {
    13. 

  13.     var _a;
    14. 

  14.     if (!isObject(jwe)) {
    15. 

  15.         throw new JWEInvalid('Flattened JWE must be an object');
    16. 

  16.     }
    17. 

  17.     if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) {
    18. 

  18.         throw new JWEInvalid('JOSE Header missing');
    19. 

  19.     }
    20. 

  20.     if (typeof jwe.iv !== 'string') {
    21. 

  21.         throw new JWEInvalid('JWE Initialization Vector missing or incorrect type');
    22. 

  22.     }
    23. 

  23.     if (typeof jwe.ciphertext !== 'string') {
    24. 

  24.         throw new JWEInvalid('JWE Ciphertext missing or incorrect type');
    25. 

  25.     }
    26. 

  26.     if (typeof jwe.tag !== 'string') {
    27. 

  27.         throw new JWEInvalid('JWE Authentication Tag missing or incorrect type');
    28. 

  28.     }
    29. 

  29.     if (jwe.protected !== undefined && typeof jwe.protected !== 'string') {
    30. 

  30.         throw new JWEInvalid('JWE Protected Header incorrect type');
    31. 

  31.     }
    32. 

  32.     if (jwe.encrypted_key !== undefined && typeof jwe.encrypted_key !== 'string') {
    33. 

  33.         throw new JWEInvalid('JWE Encrypted Key incorrect type');
    34. 

  34.     }
    35. 

  35.     if (jwe.aad !== undefined && typeof jwe.aad !== 'string') {
    36. 

  36.         throw new JWEInvalid('JWE AAD incorrect type');
    37. 

  37.     }
    38. 

  38.     if (jwe.header !== undefined && !isObject(jwe.header)) {
    39. 

  39.         throw new JWEInvalid('JWE Shared Unprotected Header incorrect type');
    40. 

  40.     }
    41. 

  41.     if (jwe.unprotected !== undefined && !isObject(jwe.unprotected)) {
    42. 

  42.         throw new JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type');
    43. 

  43.     }
    44. 

  44.     let parsedProt;
    45. 

  45.     if (jwe.protected) {
    46. 

  46.         try {
    47. 

  47.             const protectedHeader = base64url(jwe.protected);
    48. 

  48.             parsedProt = JSON.parse(decoder.decode(protectedHeader));
    49. 

  49.         }
    50. 

  50.         catch {
    51. 

  51.             throw new JWEInvalid('JWE Protected Header is invalid');
    52. 

  52.         }
    53. 

  53.     }
    54. 

  54.     if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) {
    55. 

  55.         throw new JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint');
    56. 

  56.     }
    57. 

  57.     const joseHeader = {
    58. 

  58.         ...parsedProt,
    59. 

  59.         ...jwe.header,
    60. 

  60.         ...jwe.unprotected,
    61. 

  61.     };
    62. 

  62.     validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);
    63. 

  63.     if (joseHeader.zip !== undefined) {
    64. 

  64.         if (!parsedProt || !parsedProt.zip) {
    65. 

  65.             throw new JWEInvalid('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');
    66. 

  66.         }
    67. 

  67.         if (joseHeader.zip !== 'DEF') {
    68. 

  68.             throw new JOSENotSupported('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value');
    69. 

  69.         }
    70. 

  70.     }
    71. 

  71.     const { alg, enc } = joseHeader;
    72. 

  72.     if (typeof alg !== 'string' || !alg) {
    73. 

  73.         throw new JWEInvalid('missing JWE Algorithm (alg) in JWE Header');
    74. 

  74.     }
    75. 

  75.     if (typeof enc !== 'string' || !enc) {
    76. 

  76.         throw new JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header');
    77. 

  77.     }
    78. 

  78.     const keyManagementAlgorithms = options && validateAlgorithms('keyManagementAlgorithms', options.keyManagementAlgorithms);
    79. 

  79.     const contentEncryptionAlgorithms = options &&
    80. 

  80.         validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);
    81. 

  81.     if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) {
    82. 

  82.         throw new JOSEAlgNotAllowed('"alg" (Algorithm) Header Parameter not allowed');
    83. 

  83.     }
    84. 

  84.     if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) {
    85. 

  85.         throw new JOSEAlgNotAllowed('"enc" (Encryption Algorithm) Header Parameter not allowed');
    86. 

  86.     }
    87. 

  87.     let encryptedKey;
    88. 

  88.     if (jwe.encrypted_key !== undefined) {
    89. 

  89.         try {
    90. 

  90.             encryptedKey = base64url(jwe.encrypted_key);
    91. 

  91.         }
    92. 

  92.         catch {
    93. 

  93.             throw new JWEInvalid('Failed to base64url decode the encrypted_key');
    94. 

  94.         }
    95. 

  95.     }
    96. 

  96.     let resolvedKey = false;
    97. 

  97.     if (typeof key === 'function') {
    98. 

  98.         key = await key(parsedProt, jwe);
    99. 

  99.         resolvedKey = true;
    100. 

  100.     }
    101. 

  101.     let cek;
    102. 

  102.     try {
    103. 

  103.         cek = await decryptKeyManagement(alg, key, encryptedKey, joseHeader, options);
    104. 

  104.     }
    105. 

  105.     catch (err) {
    106. 

  106.         if (err instanceof TypeError || err instanceof JWEInvalid || err instanceof JOSENotSupported) {
    107. 

  107.             throw err;
    108. 

  108.         }
    109. 

  109.         cek = generateCek(enc);
    110. 

  110.     }
    111. 

  111.     let iv;
    112. 

  112.     let tag;
    113. 

  113.     try {
    114. 

  114.         iv = base64url(jwe.iv);
    115. 

  115.     }
    116. 

  116.     catch {
    117. 

  117.         throw new JWEInvalid('Failed to base64url decode the iv');
    118. 

  118.     }
    119. 

  119.     try {
    120. 

  120.         tag = base64url(jwe.tag);
    121. 

  121.     }
    122. 

  122.     catch {
    123. 

  123.         throw new JWEInvalid('Failed to base64url decode the tag');
    124. 

  124.     }
    125. 

  125.     const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');
    126. 

  126.     let additionalData;
    127. 

  127.     if (jwe.aad !== undefined) {
    128. 

  128.         additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(jwe.aad));
    129. 

  129.     }
    130. 

  130.     else {
    131. 

  131.         additionalData = protectedHeader;
    132. 

  132.     }
    133. 

  133.     let ciphertext;
    134. 

  134.     try {
    135. 

  135.         ciphertext = base64url(jwe.ciphertext);
    136. 

  136.     }
    137. 

  137.     catch {
    138. 

  138.         throw new JWEInvalid('Failed to base64url decode the ciphertext');
    139. 

  139.     }
    140. 

  140.     let plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData);
    141. 

  141.     if (joseHeader.zip === 'DEF') {
    142. 

  142.         plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext);
    143. 

  143.     }
    144. 

  144.     const result = { plaintext };
    145. 

  145.     if (jwe.protected !== undefined) {
    146. 

  146.         result.protectedHeader = parsedProt;
    147. 

  147.     }
    148. 

  148.     if (jwe.aad !== undefined) {
    149. 

  149.         try {
    150. 

  150.             result.additionalAuthenticatedData = base64url(jwe.aad);
    151. 

  151.         }
    152. 

  152.         catch {
    153. 

  153.             throw new JWEInvalid('Failed to base64url decode the aad');
    154. 

  154.         }
    155. 

  155.     }
    156. 

  156.     if (jwe.unprotected !== undefined) {
    157. 

  157.         result.sharedUnprotectedHeader = jwe.unprotected;
    158. 

  158.     }
    159. 

  159.     if (jwe.header !== undefined) {
    160. 

  160.         result.unprotectedHeader = jwe.header;
    161. 

  161.     }
    162. 

  162.     if (resolvedKey) {
    163. 

  163.         return { ...result, key };
    164. 

  164.     }
    165. 

  165.     return result;
    166. 

  166. }
    167.