diff options
Diffstat (limited to 'backend/node_modules/jwa')
| -rw-r--r-- | backend/node_modules/jwa/LICENSE | 17 | ||||
| -rw-r--r-- | backend/node_modules/jwa/README.md | 150 | ||||
| -rw-r--r-- | backend/node_modules/jwa/index.js | 252 | ||||
| -rw-r--r-- | backend/node_modules/jwa/package.json | 37 |
4 files changed, 0 insertions, 456 deletions
diff --git a/backend/node_modules/jwa/LICENSE b/backend/node_modules/jwa/LICENSE deleted file mode 100644 index caeb849..0000000 --- a/backend/node_modules/jwa/LICENSE +++ /dev/null @@ -1,17 +0,0 @@ -Copyright (c) 2013 Brian J. Brennan - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to use, -copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the -Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, -INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR -PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE -FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/backend/node_modules/jwa/README.md b/backend/node_modules/jwa/README.md deleted file mode 100644 index fb433e2..0000000 --- a/backend/node_modules/jwa/README.md +++ /dev/null @@ -1,150 +0,0 @@ -# node-jwa [](https://travis-ci.org/brianloveswords/node-jwa) - -A -[JSON Web Algorithms](http://tools.ietf.org/id/draft-ietf-jose-json-web-algorithms-08.html) -implementation focusing (exclusively, at this point) on the algorithms necessary for -[JSON Web Signatures](http://self-issued.info/docs/draft-ietf-jose-json-web-signature.html). - -This library supports all of the required, recommended and optional cryptographic algorithms for JWS: - -alg Parameter Value | Digital Signature or MAC Algorithm -----------------|---------------------------- -HS256 | HMAC using SHA-256 hash algorithm -HS384 | HMAC using SHA-384 hash algorithm -HS512 | HMAC using SHA-512 hash algorithm -RS256 | RSASSA using SHA-256 hash algorithm -RS384 | RSASSA using SHA-384 hash algorithm -RS512 | RSASSA using SHA-512 hash algorithm -PS256 | RSASSA-PSS using SHA-256 hash algorithm -PS384 | RSASSA-PSS using SHA-384 hash algorithm -PS512 | RSASSA-PSS using SHA-512 hash algorithm -ES256 | ECDSA using P-256 curve and SHA-256 hash algorithm -ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm -ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm -none | No digital signature or MAC value included - -Please note that PS* only works on Node 6.12+ (excluding 7.x). - -# Requirements - -In order to run the tests, a recent version of OpenSSL is -required. **The version that comes with OS X (OpenSSL 0.9.8r 8 Feb -2011) is not recent enough**, as it does not fully support ECDSA -keys. You'll need to use a version > 1.0.0; I tested with OpenSSL 1.0.1c 10 May 2012. - -# Testing - -To run the tests, do - -```bash -$ npm test -``` - -This will generate a bunch of keypairs to use in testing. If you want to -generate new keypairs, do `make clean` before running `npm test` again. - -## Methodology - -I spawn `openssl dgst -sign` to test OpenSSL sign → JS verify and -`openssl dgst -verify` to test JS sign → OpenSSL verify for each of the -RSA and ECDSA algorithms. - -# Usage - -## jwa(algorithm) - -Creates a new `jwa` object with `sign` and `verify` methods for the -algorithm. Valid values for algorithm can be found in the table above -(`'HS256'`, `'HS384'`, etc) and are case-insensitive. Passing an invalid -algorithm value will throw a `TypeError`. - - -## jwa#sign(input, secretOrPrivateKey) - -Sign some input with either a secret for HMAC algorithms, or a private -key for RSA and ECDSA algorithms. - -If input is not already a string or buffer, `JSON.stringify` will be -called on it to attempt to coerce it. - -For the HMAC algorithm, `secretOrPrivateKey` should be a string or a -buffer. For ECDSA and RSA, the value should be a string representing a -PEM encoded **private** key. - -Output [base64url](http://en.wikipedia.org/wiki/Base64#URL_applications) -formatted. This is for convenience as JWS expects the signature in this -format. If your application needs the output in a different format, -[please open an issue](https://github.com/brianloveswords/node-jwa/issues). In -the meantime, you can use -[brianloveswords/base64url](https://github.com/brianloveswords/base64url) -to decode the signature. - -As of nodejs *v0.11.8*, SPKAC support was introduce. If your nodeJs -version satisfies, then you can pass an object `{ key: '..', passphrase: '...' }` - - -## jwa#verify(input, signature, secretOrPublicKey) - -Verify a signature. Returns `true` or `false`. - -`signature` should be a base64url encoded string. - -For the HMAC algorithm, `secretOrPublicKey` should be a string or a -buffer. For ECDSA and RSA, the value should be a string represented a -PEM encoded **public** key. - - -# Example - -HMAC -```js -const jwa = require('jwa'); - -const hmac = jwa('HS256'); -const input = 'super important stuff'; -const secret = 'shhhhhh'; - -const signature = hmac.sign(input, secret); -hmac.verify(input, signature, secret) // === true -hmac.verify(input, signature, 'trickery!') // === false -``` - -With keys -```js -const fs = require('fs'); -const jwa = require('jwa'); -const privateKey = fs.readFileSync(__dirname + '/ecdsa-p521-private.pem'); -const publicKey = fs.readFileSync(__dirname + '/ecdsa-p521-public.pem'); - -const ecdsa = jwa('ES512'); -const input = 'very important stuff'; - -const signature = ecdsa.sign(input, privateKey); -ecdsa.verify(input, signature, publicKey) // === true -``` -## License - -MIT - -``` -Copyright (c) 2013 Brian J. Brennan - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -``` diff --git a/backend/node_modules/jwa/index.js b/backend/node_modules/jwa/index.js deleted file mode 100644 index e71e6d1..0000000 --- a/backend/node_modules/jwa/index.js +++ /dev/null @@ -1,252 +0,0 @@ -var bufferEqual = require('buffer-equal-constant-time'); -var Buffer = require('safe-buffer').Buffer; -var crypto = require('crypto'); -var formatEcdsa = require('ecdsa-sig-formatter'); -var util = require('util'); - -var MSG_INVALID_ALGORITHM = '"%s" is not a valid algorithm.\n Supported algorithms are:\n "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384", "ES512" and "none".' -var MSG_INVALID_SECRET = 'secret must be a string or buffer'; -var MSG_INVALID_VERIFIER_KEY = 'key must be a string or a buffer'; -var MSG_INVALID_SIGNER_KEY = 'key must be a string, a buffer or an object'; - -var supportsKeyObjects = typeof crypto.createPublicKey === 'function'; -if (supportsKeyObjects) { - MSG_INVALID_VERIFIER_KEY += ' or a KeyObject'; - MSG_INVALID_SECRET += 'or a KeyObject'; -} - -function checkIsPublicKey(key) { - if (Buffer.isBuffer(key)) { - return; - } - - if (typeof key === 'string') { - return; - } - - if (!supportsKeyObjects) { - throw typeError(MSG_INVALID_VERIFIER_KEY); - } - - if (typeof key !== 'object') { - throw typeError(MSG_INVALID_VERIFIER_KEY); - } - - if (typeof key.type !== 'string') { - throw typeError(MSG_INVALID_VERIFIER_KEY); - } - - if (typeof key.asymmetricKeyType !== 'string') { - throw typeError(MSG_INVALID_VERIFIER_KEY); - } - - if (typeof key.export !== 'function') { - throw typeError(MSG_INVALID_VERIFIER_KEY); - } -}; - -function checkIsPrivateKey(key) { - if (Buffer.isBuffer(key)) { - return; - } - - if (typeof key === 'string') { - return; - } - - if (typeof key === 'object') { - return; - } - - throw typeError(MSG_INVALID_SIGNER_KEY); -}; - -function checkIsSecretKey(key) { - if (Buffer.isBuffer(key)) { - return; - } - - if (typeof key === 'string') { - return key; - } - - if (!supportsKeyObjects) { - throw typeError(MSG_INVALID_SECRET); - } - - if (typeof key !== 'object') { - throw typeError(MSG_INVALID_SECRET); - } - - if (key.type !== 'secret') { - throw typeError(MSG_INVALID_SECRET); - } - - if (typeof key.export !== 'function') { - throw typeError(MSG_INVALID_SECRET); - } -} - -function fromBase64(base64) { - return base64 - .replace(/=/g, '') - .replace(/\+/g, '-') - .replace(/\//g, '_'); -} - -function toBase64(base64url) { - base64url = base64url.toString(); - - var padding = 4 - base64url.length % 4; - if (padding !== 4) { - for (var i = 0; i < padding; ++i) { - base64url += '='; - } - } - - return base64url - .replace(/\-/g, '+') - .replace(/_/g, '/'); -} - -function typeError(template) { - var args = [].slice.call(arguments, 1); - var errMsg = util.format.bind(util, template).apply(null, args); - return new TypeError(errMsg); -} - -function bufferOrString(obj) { - return Buffer.isBuffer(obj) || typeof obj === 'string'; -} - -function normalizeInput(thing) { - if (!bufferOrString(thing)) - thing = JSON.stringify(thing); - return thing; -} - -function createHmacSigner(bits) { - return function sign(thing, secret) { - checkIsSecretKey(secret); - thing = normalizeInput(thing); - var hmac = crypto.createHmac('sha' + bits, secret); - var sig = (hmac.update(thing), hmac.digest('base64')) - return fromBase64(sig); - } -} - -function createHmacVerifier(bits) { - return function verify(thing, signature, secret) { - var computedSig = createHmacSigner(bits)(thing, secret); - return bufferEqual(Buffer.from(signature), Buffer.from(computedSig)); - } -} - -function createKeySigner(bits) { - return function sign(thing, privateKey) { - checkIsPrivateKey(privateKey); - thing = normalizeInput(thing); - // Even though we are specifying "RSA" here, this works with ECDSA - // keys as well. - var signer = crypto.createSign('RSA-SHA' + bits); - var sig = (signer.update(thing), signer.sign(privateKey, 'base64')); - return fromBase64(sig); - } -} - -function createKeyVerifier(bits) { - return function verify(thing, signature, publicKey) { - checkIsPublicKey(publicKey); - thing = normalizeInput(thing); - signature = toBase64(signature); - var verifier = crypto.createVerify('RSA-SHA' + bits); - verifier.update(thing); - return verifier.verify(publicKey, signature, 'base64'); - } -} - -function createPSSKeySigner(bits) { - return function sign(thing, privateKey) { - checkIsPrivateKey(privateKey); - thing = normalizeInput(thing); - var signer = crypto.createSign('RSA-SHA' + bits); - var sig = (signer.update(thing), signer.sign({ - key: privateKey, - padding: crypto.constants.RSA_PKCS1_PSS_PADDING, - saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST - }, 'base64')); - return fromBase64(sig); - } -} - -function createPSSKeyVerifier(bits) { - return function verify(thing, signature, publicKey) { - checkIsPublicKey(publicKey); - thing = normalizeInput(thing); - signature = toBase64(signature); - var verifier = crypto.createVerify('RSA-SHA' + bits); - verifier.update(thing); - return verifier.verify({ - key: publicKey, - padding: crypto.constants.RSA_PKCS1_PSS_PADDING, - saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST - }, signature, 'base64'); - } -} - -function createECDSASigner(bits) { - var inner = createKeySigner(bits); - return function sign() { - var signature = inner.apply(null, arguments); - signature = formatEcdsa.derToJose(signature, 'ES' + bits); - return signature; - }; -} - -function createECDSAVerifer(bits) { - var inner = createKeyVerifier(bits); - return function verify(thing, signature, publicKey) { - signature = formatEcdsa.joseToDer(signature, 'ES' + bits).toString('base64'); - var result = inner(thing, signature, publicKey); - return result; - }; -} - -function createNoneSigner() { - return function sign() { - return ''; - } -} - -function createNoneVerifier() { - return function verify(thing, signature) { - return signature === ''; - } -} - -module.exports = function jwa(algorithm) { - var signerFactories = { - hs: createHmacSigner, - rs: createKeySigner, - ps: createPSSKeySigner, - es: createECDSASigner, - none: createNoneSigner, - } - var verifierFactories = { - hs: createHmacVerifier, - rs: createKeyVerifier, - ps: createPSSKeyVerifier, - es: createECDSAVerifer, - none: createNoneVerifier, - } - var match = algorithm.match(/^(RS|PS|ES|HS)(256|384|512)$|^(none)$/i); - if (!match) - throw typeError(MSG_INVALID_ALGORITHM, algorithm); - var algo = (match[1] || match[3]).toLowerCase(); - var bits = match[2]; - - return { - sign: signerFactories[algo](bits), - verify: verifierFactories[algo](bits), - } -}; diff --git a/backend/node_modules/jwa/package.json b/backend/node_modules/jwa/package.json deleted file mode 100644 index 0777d53..0000000 --- a/backend/node_modules/jwa/package.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "name": "jwa", - "version": "1.4.1", - "description": "JWA implementation (supports all JWS algorithms)", - "main": "index.js", - "directories": { - "test": "test" - }, - "dependencies": { - "buffer-equal-constant-time": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - }, - "devDependencies": { - "base64url": "^2.0.0", - "jwk-to-pem": "^2.0.1", - "semver": "4.3.6", - "tap": "6.2.0" - }, - "scripts": { - "test": "make test" - }, - "repository": { - "type": "git", - "url": "git://github.com/brianloveswords/node-jwa.git" - }, - "keywords": [ - "jwa", - "jws", - "jwt", - "rsa", - "ecdsa", - "hmac" - ], - "author": "Brian J. Brennan <brianloveswords@gmail.com>", - "license": "MIT" -} |