102 lines
3.7 KiB
Plaintext
102 lines
3.7 KiB
Plaintext
|
"use strict";
|
||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||
|
exports.generateKeyPair = exports.generateSecret = void 0;
|
||
|
const node_crypto_1 = require("node:crypto");
|
||
|
const node_util_1 = require("node:util");
|
||
|
const random_js_1 = require("./random.js");
|
||
|
const errors_js_1 = require("../util/errors.js");
|
||
|
const generate = (0, node_util_1.promisify)(node_crypto_1.generateKeyPair);
|
||
|
async function generateSecret(alg, options) {
|
||
|
let length;
|
||
|
switch (alg) {
|
||
|
case 'HS256':
|
||
|
case 'HS384':
|
||
|
case 'HS512':
|
||
|
case 'A128CBC-HS256':
|
||
|
case 'A192CBC-HS384':
|
||
|
case 'A256CBC-HS512':
|
||
|
length = parseInt(alg.slice(-3), 10);
|
||
|
break;
|
||
|
case 'A128KW':
|
||
|
case 'A192KW':
|
||
|
case 'A256KW':
|
||
|
case 'A128GCMKW':
|
||
|
case 'A192GCMKW':
|
||
|
case 'A256GCMKW':
|
||
|
case 'A128GCM':
|
||
|
case 'A192GCM':
|
||
|
case 'A256GCM':
|
||
|
length = parseInt(alg.slice(1, 4), 10);
|
||
|
break;
|
||
|
default:
|
||
|
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
||
|
}
|
||
|
return (0, node_crypto_1.createSecretKey)((0, random_js_1.default)(new Uint8Array(length >> 3)));
|
||
|
}
|
||
|
exports.generateSecret = generateSecret;
|
||
|
async function generateKeyPair(alg, options) {
|
||
|
switch (alg) {
|
||
|
case 'RS256':
|
||
|
case 'RS384':
|
||
|
case 'RS512':
|
||
|
case 'PS256':
|
||
|
case 'PS384':
|
||
|
case 'PS512':
|
||
|
case 'RSA-OAEP':
|
||
|
case 'RSA-OAEP-256':
|
||
|
case 'RSA-OAEP-384':
|
||
|
case 'RSA-OAEP-512':
|
||
|
case 'RSA1_5': {
|
||
|
const modulusLength = options?.modulusLength ?? 2048;
|
||
|
if (typeof modulusLength !== 'number' || modulusLength < 2048) {
|
||
|
throw new errors_js_1.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');
|
||
|
}
|
||
|
const keypair = await generate('rsa', {
|
||
|
modulusLength,
|
||
|
publicExponent: 0x10001,
|
||
|
});
|
||
|
return keypair;
|
||
|
}
|
||
|
case 'ES256':
|
||
|
return generate('ec', { namedCurve: 'P-256' });
|
||
|
case 'ES256K':
|
||
|
return generate('ec', { namedCurve: 'secp256k1' });
|
||
|
case 'ES384':
|
||
|
return generate('ec', { namedCurve: 'P-384' });
|
||
|
case 'ES512':
|
||
|
return generate('ec', { namedCurve: 'P-521' });
|
||
|
case 'EdDSA': {
|
||
|
switch (options?.crv) {
|
||
|
case undefined:
|
||
|
case 'Ed25519':
|
||
|
return generate('ed25519');
|
||
|
case 'Ed448':
|
||
|
return generate('ed448');
|
||
|
default:
|
||
|
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');
|
||
|
}
|
||
|
}
|
||
|
case 'ECDH-ES':
|
||
|
case 'ECDH-ES+A128KW':
|
||
|
case 'ECDH-ES+A192KW':
|
||
|
case 'ECDH-ES+A256KW':
|
||
|
const crv = options?.crv ?? 'P-256';
|
||
|
switch (crv) {
|
||
|
case undefined:
|
||
|
case 'P-256':
|
||
|
case 'P-384':
|
||
|
case 'P-521':
|
||
|
return generate('ec', { namedCurve: crv });
|
||
|
case 'X25519':
|
||
|
return generate('x25519');
|
||
|
case 'X448':
|
||
|
return generate('x448');
|
||
|
default:
|
||
|
throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');
|
||
|
}
|
||
|
default:
|
||
|
throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
|
||
|
}
|
||
|
}
|
||
|
exports.generateKeyPair = generateKeyPair;
|