deno.land / x / jose@v5.2.4 / key / import.ts
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137import { decode as decodeBase64URL } from '../runtime/base64url.ts'import { fromSPKI, fromPKCS8, fromX509 } from '../runtime/asn1.ts'import asKeyObject from '../runtime/jwk_to_key.ts'
import { JOSENotSupported } from '../util/errors.ts'import isObject from '../lib/is_object.ts'import type { JWK, KeyLike } from '../types.d.ts'
export interface PEMImportOptions { /** * (Only effective in Web Crypto API runtimes) The value to use as * {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey SubtleCrypto.importKey()} * `extractable` argument. Default is false. */ extractable?: boolean}
/** * Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or * CryptoKey). * * Note: The OID id-RSASSA-PSS (1.2.840.113549.1.1.10) is not supported in * {@link https://w3c.github.io/webcrypto/ Web Cryptography API}, use the OID rsaEncryption * (1.2.840.113549.1.1.1) instead for all RSA algorithms. * * @param spki PEM-encoded SPKI string * @param alg (Only effective in Web Crypto API runtimes) JSON Web Algorithm identifier to be used * with the imported key, its presence is only enforced in Web Crypto API runtimes. See * {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}. */export async function importSPKI<KeyLikeType extends KeyLike = KeyLike>( spki: string, alg: string, options?: PEMImportOptions,): Promise<KeyLikeType> { if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) { throw new TypeError('"spki" must be SPKI formatted string') } // @ts-ignore return fromSPKI(spki, alg, options)}
/** * Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation * (KeyObject or CryptoKey). * * Note: The OID id-RSASSA-PSS (1.2.840.113549.1.1.10) is not supported in * {@link https://w3c.github.io/webcrypto/ Web Cryptography API}, use the OID rsaEncryption * (1.2.840.113549.1.1.1) instead for all RSA algorithms. * * @param x509 X.509 certificate string * @param alg (Only effective in Web Crypto API runtimes) JSON Web Algorithm identifier to be used * with the imported key, its presence is only enforced in Web Crypto API runtimes. See * {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}. */export async function importX509<KeyLikeType extends KeyLike = KeyLike>( x509: string, alg: string, options?: PEMImportOptions,): Promise<KeyLikeType> { if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) { throw new TypeError('"x509" must be X.509 formatted string') } // @ts-ignore return fromX509(x509, alg, options)}
/** * Imports a PEM-encoded PKCS#8 string as a runtime-specific private key representation (KeyObject * or CryptoKey). * * Note: The OID id-RSASSA-PSS (1.2.840.113549.1.1.10) is not supported in * {@link https://w3c.github.io/webcrypto/ Web Cryptography API}, use the OID rsaEncryption * (1.2.840.113549.1.1.1) instead for all RSA algorithms. * * @param pkcs8 PEM-encoded PKCS#8 string * @param alg (Only effective in Web Crypto API runtimes) JSON Web Algorithm identifier to be used * with the imported key, its presence is only enforced in Web Crypto API runtimes. See * {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}. */export async function importPKCS8<KeyLikeType extends KeyLike = KeyLike>( pkcs8: string, alg: string, options?: PEMImportOptions,): Promise<KeyLikeType> { if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) { throw new TypeError('"pkcs8" must be PKCS#8 formatted string') } // @ts-ignore return fromPKCS8(pkcs8, alg, options)}
/** * Imports a JWK to a runtime-specific key representation (KeyLike). Either the JWK "alg" * (Algorithm) Parameter, or the optional "alg" argument, must be present. * * Note: When the runtime is using {@link https://w3c.github.io/webcrypto/ Web Cryptography API} the * jwk parameters "use", "key_ops", and "ext" are also used in the resulting `CryptoKey`. * * @param jwk JSON Web Key. * @param alg (Only effective in Web Crypto API runtimes) JSON Web Algorithm identifier to be used * with the imported key. Default is the "alg" property on the JWK, its presence is only enforced * in Web Crypto API runtimes. See * {@link https://github.com/panva/jose/issues/210 Algorithm Key Requirements}. */export async function importJWK<KeyLikeType extends KeyLike = KeyLike>( jwk: JWK, alg?: string,): Promise<KeyLikeType | Uint8Array> { if (!isObject(jwk)) { throw new TypeError('JWK must be an object') }
alg ||= jwk.alg
switch (jwk.kty) { case 'oct': if (typeof jwk.k !== 'string' || !jwk.k) { throw new TypeError('missing "k" (Key Value) Parameter value') }
return decodeBase64URL(jwk.k) case 'RSA': if (jwk.oth !== undefined) { throw new JOSENotSupported( 'RSA JWK "oth" (Other Primes Info) Parameter value is not supported', ) } case 'EC': case 'OKP': // @ts-ignore return asKeyObject({ ...jwk, alg }) default: throw new JOSENotSupported('Unsupported "kty" (Key Type) Parameter value') }}
Version Info