This repository has been archived by the owner on Nov 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
87 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| export * as JWKSFactory from './jwks-factory'; | ||
| export * as PrivateKeysProvisioner from './private-keys-provisioner'; | ||
| export * as JWKSFactory from "./jwks-factory"; | ||
| export * as PrivateKeysProvisioner from "./private-keys-provisioner"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| export * from './jwks-factory'; | ||
| export * from './key'; | ||
| export * from "./jwks-factory"; | ||
| export * from "./key"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| import { Key } from './key'; | ||
| import { Key } from "./key"; | ||
|
|
||
| export interface JWKSFactory { | ||
| create: () => Promise<{ | ||
| accessToken: Key, | ||
| refreshToken: Key, | ||
| }> | ||
| } | ||
| create: () => Promise<{ | ||
| accessToken: Key; | ||
| refreshToken: Key; | ||
| }>; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| import { JWK } from 'jose'; | ||
| import { JWK } from "jose"; | ||
|
|
||
| export interface Key { | ||
| keyID: string; | ||
| jwk: JWK; | ||
| publicKey: string; | ||
| privateKey: string; | ||
| } | ||
| keyID: string; | ||
| jwk: JWK; | ||
| publicKey: string; | ||
| privateKey: string; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| import { API } from '..'; | ||
| import * as Implementation from '../implementation'; | ||
| import { API } from ".."; | ||
| import * as Implementation from "../implementation"; | ||
|
|
||
| export const create = (): API.JWKSFactory => { | ||
| const jwksFactory = Implementation.jwksFactory.create(); | ||
| const jwksFactory = Implementation.jwksFactory.create(); | ||
|
|
||
| return jwksFactory | ||
| } | ||
| return jwksFactory; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,34 +1,41 @@ | ||
| import * as crypto from "crypto"; | ||
| import { exportJWK, importSPKI, JWK } from 'jose'; | ||
| import { generateKeyPair } from './generateKeypair'; | ||
| import { exportJWK, importSPKI, JWK } from "jose"; | ||
| import { generateKeyPair } from "./generateKeypair"; | ||
|
|
||
| // Generate a key pair, convert it to JWK, and return the key ID, JWK, public key, and private key | ||
| export const generateKey = async (name: string): Promise<{ keyID: string, jwk: JWK, publicKey: string, privateKey: string }> => { | ||
| // Generate an ES512 key pair | ||
| export const generateKey = async ( | ||
| name: string, | ||
| ): Promise<{ | ||
| keyID: string; | ||
| jwk: JWK; | ||
| publicKey: string; | ||
| privateKey: string; | ||
| }> => { | ||
| // Generate an ES512 key pair | ||
|
|
||
| // Generate a key ID (kid) for the JWK | ||
| const generateKeyId = (keyType: 'ES512', name: string): string => { | ||
| const timestamp = Date.now().toString(); | ||
| const randomComponent = crypto.randomBytes(8).toString('hex'); | ||
| return `${name}-${keyType}-${timestamp}-${randomComponent}`; | ||
| }; | ||
| // Generate a key ID (kid) for the JWK | ||
| const generateKeyId = (keyType: "ES512", name: string): string => { | ||
| const timestamp = Date.now().toString(); | ||
| const randomComponent = crypto.randomBytes(8).toString("hex"); | ||
| return `${name}-${keyType}-${timestamp}-${randomComponent}`; | ||
| }; | ||
|
|
||
| // Convert PEM to JWK | ||
| const convertToJWK = async (publicKey: string, keyId: string) => { | ||
| const key = await importSPKI(publicKey, 'ES512', { extractable: true }); | ||
| const jwkKey = await exportJWK(key); | ||
| jwkKey.kid = keyId; // Add the Key ID | ||
| jwkKey.alg = "ES512"; // Algorithm | ||
| jwkKey.use = "sig"; // Key use: signature | ||
| return jwkKey; | ||
| }; | ||
| // Convert PEM to JWK | ||
| const convertToJWK = async (publicKey: string, keyId: string) => { | ||
| const key = await importSPKI(publicKey, "ES512", { extractable: true }); | ||
| const jwkKey = await exportJWK(key); | ||
| jwkKey.kid = keyId; // Add the Key ID | ||
| jwkKey.alg = "ES512"; // Algorithm | ||
| jwkKey.use = "sig"; // Key use: signature | ||
| return jwkKey; | ||
| }; | ||
|
|
||
| // 1. Generate the key pair | ||
| const { publicKey, privateKey } = generateKeyPair(); | ||
| // 2. Generate the key ID | ||
| const keyID = generateKeyId('ES512', name); | ||
| // 3. Convert the public key to JWK | ||
| const jwk = await convertToJWK(publicKey, keyID); | ||
| // 1. Generate the key pair | ||
| const { publicKey, privateKey } = generateKeyPair(); | ||
| // 2. Generate the key ID | ||
| const keyID = generateKeyId("ES512", name); | ||
| // 3. Convert the public key to JWK | ||
| const jwk = await convertToJWK(publicKey, keyID); | ||
|
|
||
| return { keyID, jwk, publicKey, privateKey }; | ||
| }; | ||
| return { keyID, jwk, publicKey, privateKey }; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,18 +1,20 @@ | ||
|
|
||
| import * as crypto from "crypto"; | ||
|
|
||
| export const generateKeyPair = (): { publicKey: string, privateKey: string } => { | ||
| const { publicKey, privateKey } = crypto.generateKeyPairSync("ec", { | ||
| namedCurve: "P-521", | ||
| publicKeyEncoding: { | ||
| type: "spki", | ||
| format: "pem", | ||
| }, | ||
| privateKeyEncoding: { | ||
| type: "pkcs8", | ||
| format: "pem", | ||
| }, | ||
| }); | ||
| export const generateKeyPair = (): { | ||
| publicKey: string; | ||
| privateKey: string; | ||
| } => { | ||
| const { publicKey, privateKey } = crypto.generateKeyPairSync("ec", { | ||
| namedCurve: "P-521", | ||
| publicKeyEncoding: { | ||
| type: "spki", | ||
| format: "pem", | ||
| }, | ||
| privateKeyEncoding: { | ||
| type: "pkcs8", | ||
| format: "pem", | ||
| }, | ||
| }); | ||
|
|
||
| return { publicKey, privateKey }; | ||
| return { publicKey, privateKey }; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| export * as jwksFactory from './jwks-factory-implementation'; | ||
| export * as jwksFactory from "./jwks-factory-implementation"; |
26 changes: 13 additions & 13 deletions
26
src/jwks-factory/implementation/jwks-factory-implementation.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,16 @@ | ||
| import { API } from '..'; | ||
| import { generateKey } from './generateKey'; | ||
| import { API } from ".."; | ||
| import { generateKey } from "./generateKey"; | ||
|
|
||
| export const create = (): API.JWKSFactory => { | ||
| return { | ||
| create: async () => { | ||
| // 1. Generate a new key pair for the access token | ||
| const accessTokenKey = await generateKey('AccessToken'); | ||
| return { | ||
| create: async () => { | ||
| // 1. Generate a new key pair for the access token | ||
| const accessTokenKey = await generateKey("AccessToken"); | ||
|
|
||
| // 2. Generate a new key pair for the refresh token | ||
| const refreshTokenKey = await generateKey('RefreshToken'); | ||
| return { accessToken: accessTokenKey, refreshToken: refreshTokenKey }; | ||
| }, | ||
| } | ||
| } | ||
| // 2. Generate a new key pair for the refresh token | ||
| const refreshTokenKey = await generateKey("RefreshToken"); | ||
|
|
||
| return { accessToken: accessTokenKey, refreshToken: refreshTokenKey }; | ||
| }, | ||
| }; | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| export * as API from './api'; | ||
| export * as Bindings from './bindings'; | ||
| export * as API from "./api"; | ||
| export * as Bindings from "./bindings"; |