From 20557fccf1ce0ebd7dd5d18cc33aa64d6f7b35ba Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 7 Nov 2022 13:26:22 +0100
Subject: [PATCH] fix: respect JWK ext for symmetric keys

---
 src/key/import.ts         |  2 +-
 test/jwk/jwk2key.test.mjs | 19 ++++++++++++++++---
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/key/import.ts b/src/key/import.ts
index f51622d4d5..26ded87194 100644
--- a/src/key/import.ts
+++ b/src/key/import.ts
@@ -261,7 +261,7 @@ export async function importJWK(
       octAsKeyObject ??= jwk.ext !== true
 
       if (octAsKeyObject) {
-        return asKeyObject({ ...jwk, alg, ext: false })
+        return asKeyObject({ ...jwk, alg, ext: jwk.ext ?? false })
       }
 
       return decodeBase64URL(jwk.k)
diff --git a/test/jwk/jwk2key.test.mjs b/test/jwk/jwk2key.test.mjs
index aeaed8587a..0cc31fb1ff 100644
--- a/test/jwk/jwk2key.test.mjs
+++ b/test/jwk/jwk2key.test.mjs
@@ -80,6 +80,13 @@ test('oct JWK (ext: true)', async (t) => {
       196, 31, 242, 115, 77, 179, 107, 193, 17, 146, 114,
     ],
   )
+
+  const k = await importJWK(oct, 'HS256', true)
+  t.true('type' in k)
+  t.is(k.type, 'secret')
+  if ('extractable' in k) {
+    t.is(k.extractable, true)
+  }
 })
 
 test('oct JWK (ext: false)', async (t) => {
@@ -89,10 +96,13 @@ test('oct JWK (ext: false)', async (t) => {
     ext: false,
   }
 
-  const k = await importJWK(oct, 'HS256')
+  const k = await importJWK(oct, 'HS256', true)
 
   t.true('type' in k)
   t.is(k.type, 'secret')
+  if ('extractable' in k) {
+    t.is(k.extractable, false)
+  }
 })
 
 test('oct JWK (ext missing)', async (t) => {
@@ -101,10 +111,13 @@ test('oct JWK (ext missing)', async (t) => {
     kty: 'oct',
   }
 
-  const k = await importJWK(oct, 'HS256')
+  const k = await importJWK(oct, 'HS256', true)
 
   t.true('type' in k)
   t.is(k.type, 'secret')
+  if ('extractable' in k) {
+    t.is(k.extractable, false)
+  }
 })
 
 async function testKeyImportExport(t, jwk) {
@@ -221,7 +234,7 @@ test('Uin8tArray can be transformed to a JWK', async (t) => {
   )
 })
 
-conditional({ webcrypto: 0 })('secret key object can be transformed to a JWK', async (t) => {
+test('secret KeyLike can be transformed to a JWK', async (t) => {
   const keylike = await importJWK(
     {
       ext: true,