首页 发现 帮助
注册 登录
chengnan
/
s202226701001
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: LMF
分支列表 标签列表
s202226701001
/
sever-test
/
node_modules
/
jsonwebtoken
/
lib
/
validateAsymmetricKey.js

validateAsymmetricKey.js 2.2 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. const ASYMMETRIC_KEY_DETAILS_SUPPORTED = require('./asymmetricKeyDetailsSupported');
    2. 

  2. const RSA_PSS_KEY_DETAILS_SUPPORTED = require('./rsaPssKeyDetailsSupported');
    3. 

  3. 

  4. const allowedAlgorithmsForKeys = {
    5. 

  5.   'ec': ['ES256', 'ES384', 'ES512'],
    6. 

  6.   'rsa': ['RS256', 'PS256', 'RS384', 'PS384', 'RS512', 'PS512'],
    7. 

  7.   'rsa-pss': ['PS256', 'PS384', 'PS512']
    8. 

  8. };
    9. 

  9. 

  10. const allowedCurves = {
    11. 

  11.   ES256: 'prime256v1',
    12. 

  12.   ES384: 'secp384r1',
    13. 

  13.   ES512: 'secp521r1',
    14. 

  14. };
    15. 

  15. 

  16. module.exports = function(algorithm, key) {
    17. 

  17.   if (!algorithm || !key) return;
    18. 

  18. 

  19.   const keyType = key.asymmetricKeyType;
    20. 

  20.   if (!keyType) return;
    21. 

  21. 

  22.   const allowedAlgorithms = allowedAlgorithmsForKeys[keyType];
    23. 

  23. 

  24.   if (!allowedAlgorithms) {
    25. 

  25.     throw new Error(`Unknown key type "${keyType}".`);
    26. 

  26.   }
    27. 

  27. 

  28.   if (!allowedAlgorithms.includes(algorithm)) {
    29. 

  29.     throw new Error(`"alg" parameter for "${keyType}" key type must be one of: ${allowedAlgorithms.join(', ')}.`)
    30. 

  30.   }
    31. 

  31. 

  32.   /*
    33. 

  33.    * Ignore the next block from test coverage because it gets executed
    34. 

  34.    * conditionally depending on the Node version. Not ignoring it would
    35. 

  35.    * prevent us from reaching the target % of coverage for versions of
    36. 

  36.    * Node under 15.7.0.
    37. 

  37.    */
    38. 

  38.   /* istanbul ignore next */
    39. 

  39.   if (ASYMMETRIC_KEY_DETAILS_SUPPORTED) {
    40. 

  40.     switch (keyType) {
    41. 

  41.     case 'ec':
    42. 

  42.       const keyCurve = key.asymmetricKeyDetails.namedCurve;
    43. 

  43.       const allowedCurve = allowedCurves[algorithm];
    44. 

  44. 

  45.       if (keyCurve !== allowedCurve) {
    46. 

  46.         throw new Error(`"alg" parameter "${algorithm}" requires curve "${allowedCurve}".`);
    47. 

  47.       }
    48. 

  48.       break;
    49. 

  49. 

  50.     case 'rsa-pss':
    51. 

  51.       if (RSA_PSS_KEY_DETAILS_SUPPORTED) {
    52. 

  52.         const length = parseInt(algorithm.slice(-3), 10);
    53. 

  53.         const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;
    54. 

  54. 

  55.         if (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm) {
    56. 

  56.           throw new Error(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${algorithm}.`);
    57. 

  57.         }
    58. 

  58. 

  59.         if (saltLength !== undefined && saltLength > length >> 3) {
    60. 

  60.           throw new Error(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${algorithm}.`)
    61. 

  61.         }
    62. 

  62.       }
    63. 

  63.       break;
    64. 

  64.     }
    65. 

  65.   }
    66. 

  66. }
    67.