-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6ed9d45
commit 92ae677
Showing
5 changed files
with
530 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
/** | ||
* @author cplussharp | ||
* @copyright Crown Copyright 2021 | ||
* @license Apache-2.0 | ||
*/ | ||
|
||
import r from "jsrsasign"; | ||
import Operation from "../Operation.mjs"; | ||
import OperationError from "../errors/OperationError.mjs"; | ||
|
||
/** | ||
* PEM to JWK operation | ||
*/ | ||
class PEMToJWK extends Operation { | ||
|
||
/** | ||
* PEMToJWK constructor | ||
*/ | ||
constructor() { | ||
super(); | ||
|
||
this.name = "JWK to PEM"; | ||
this.module = "PublicKey"; | ||
this.description = "Converts Keys in JSON Web Key format to PEM format (PKCS#8)."; | ||
this.infoURL = "https://datatracker.ietf.org/doc/html/rfc7517"; | ||
this.inputType = "string"; | ||
this.outputType = "string"; | ||
this.args = []; | ||
this.checks = [ | ||
{ | ||
"pattern": "\"kty\":\\s*\"(EC|RSA)\"", | ||
"flags": "gm", | ||
"args": [] | ||
} | ||
]; | ||
} | ||
|
||
/** | ||
* @param {string} input | ||
* @param {Object[]} args | ||
* @returns {string} | ||
*/ | ||
run(input, args) { | ||
const inputJson = JSON.parse(input); | ||
|
||
let keys = []; | ||
if (Array.isArray(inputJson)) { | ||
// list of keys => transform all keys | ||
keys = inputJson; | ||
} else if (Array.isArray(inputJson.keys)) { | ||
// JSON Web Key Set => transform all keys | ||
keys = inputJson.keys; | ||
} else if (typeof inputJson === "object") { | ||
// single key | ||
keys.push(inputJson); | ||
} else { | ||
throw new OperationError("Input is not a JSON Web Key"); | ||
} | ||
|
||
let output = ""; | ||
for (let i=0; i<keys.length; i++) { | ||
const jwk = keys[i]; | ||
if (typeof jwk.kty !== "string") { | ||
throw new OperationError("Invalid JWK format"); | ||
} else if ("|RSA|EC|".indexOf(jwk.kty) === -1) { | ||
throw new OperationError(`Unsupported JWK key type '${inputJson.kty}'`); | ||
} | ||
|
||
const key = r.KEYUTIL.getKey(jwk); | ||
const pem = key.isPrivate ? r.KEYUTIL.getPEM(key, "PKCS8PRV") : r.KEYUTIL.getPEM(key); | ||
|
||
// PEM ends with '\n', so a new key always starts on a new line | ||
output += pem; | ||
} | ||
|
||
return output; | ||
} | ||
} | ||
|
||
export default PEMToJWK; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
/** | ||
* @author cplussharp | ||
* @copyright Crown Copyright 2021 | ||
* @license Apache-2.0 | ||
*/ | ||
|
||
import r from "jsrsasign"; | ||
import Operation from "../Operation.mjs"; | ||
import OperationError from "../errors/OperationError.mjs"; | ||
|
||
/** | ||
* PEM to JWK operation | ||
*/ | ||
class PEMToJWK extends Operation { | ||
|
||
/** | ||
* PEMToJWK constructor | ||
*/ | ||
constructor() { | ||
super(); | ||
|
||
this.name = "PEM to JWK"; | ||
this.module = "PublicKey"; | ||
this.description = "Converts Keys in PEM format to a JSON Web Key format."; | ||
this.infoURL = "https://datatracker.ietf.org/doc/html/rfc7517"; | ||
this.inputType = "string"; | ||
this.outputType = "string"; | ||
this.args = []; | ||
this.checks = [ | ||
{ | ||
"pattern": "-----BEGIN ((RSA |EC )?(PRIVATE|PUBLIC) KEY|CERTIFICATE)-----", | ||
"args": [] | ||
} | ||
]; | ||
} | ||
|
||
/** | ||
* @param {string} input | ||
* @param {Object[]} args | ||
* @returns {string} | ||
*/ | ||
run(input, args) { | ||
let output = ""; | ||
let match; | ||
const regex = /-----BEGIN ([A-Z][A-Z ]+[A-Z])-----/g; | ||
while ((match = regex.exec(input)) !== null) { | ||
// find corresponding end tag | ||
const indexBase64 = match.index + match[0].length; | ||
const header = input.substring(match.index, indexBase64); | ||
const footer = `-----END ${match[1]}-----`; | ||
const indexFooter = input.indexOf(footer, indexBase64); | ||
if (indexFooter === -1) { | ||
throw new OperationError(`PEM footer '${footer}' not found`); | ||
} | ||
|
||
const pem = input.substring(match.index, indexFooter + footer.length); | ||
if (match[1].indexOf("KEY") !== -1) { | ||
if (header === "-----BEGIN RSA PUBLIC KEY-----") { | ||
throw new OperationError("Unsupported RSA public key format. Only PKCS#8 is supported."); | ||
} | ||
|
||
const key = r.KEYUTIL.getKey(pem); | ||
if (key.type === "DSA") { | ||
throw new OperationError("DSA keys are not supported for JWK"); | ||
} | ||
const jwk = r.KEYUTIL.getJWKFromKey(key); | ||
if (output.length > 0) { | ||
output += "\n"; | ||
} | ||
output += JSON.stringify(jwk); | ||
} else if (match[1] === "CERTIFICATE") { | ||
const cert = new r.X509(); | ||
cert.readCertPEM(pem); | ||
const key = cert.getPublicKey(); | ||
const jwk = r.KEYUTIL.getJWKFromKey(key); | ||
if (output.length > 0) { | ||
output += "\n"; | ||
} | ||
output += JSON.stringify(jwk); | ||
} else { | ||
throw new OperationError(`Unsupported PEM type '${match[1]}'`); | ||
} | ||
} | ||
return output; | ||
} | ||
} | ||
|
||
export default PEMToJWK; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.