import { invalidKeyInput } from './invalid_key_input.js'; import { encodeBase64, decodeBase64 } from '../lib/base64.js'; import { JOSENotSupported } from '../util/errors.js'; import { isCryptoKey, isKeyObject } from './is_key_like.js'; const formatPEM = (b64, descriptor) => { const newlined = (b64.match(/.{1,64}/g) || []).join('\n'); return `-----BEGIN ${descriptor}-----\n${newlined}\n-----END ${descriptor}-----`; }; const genericExport = async (keyType, keyFormat, key) => { if (isKeyObject(key)) { if (key.type !== keyType) { throw new TypeError(`key is not a ${keyType} key`); } return key.export({ format: 'pem', type: keyFormat }); } if (!isCryptoKey(key)) { throw new TypeError(invalidKeyInput(key, 'CryptoKey', 'KeyObject')); } if (!key.extractable) { throw new TypeError('CryptoKey is not extractable'); } if (key.type !== keyType) { throw new TypeError(`key is not a ${keyType} key`); } return formatPEM(encodeBase64(new Uint8Array(await crypto.subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`); }; export const toSPKI = (key) => genericExport('public', 'spki', key); export const toPKCS8 = (key) => genericExport('private', 'pkcs8', key); const bytesEqual = (a, b) => { if (a.byteLength !== b.length) return false; for (let i = 0; i < a.byteLength; i++) { if (a[i] !== b[i]) return false; } return true; }; const createASN1State = (data) => ({ data, pos: 0 }); const parseLength = (state) => { const first = state.data[state.pos++]; if (first & 0x80) { const lengthOfLen = first & 0x7f; let length = 0; for (let i = 0; i < lengthOfLen; i++) { length = (length << 8) | state.data[state.pos++]; } return length; } return first; }; const skipElement = (state, count = 1) => { if (count <= 0) return; state.pos++; const length = parseLength(state); state.pos += length; if (count > 1) { skipElement(state, count - 1); } }; const expectTag = (state, expectedTag, errorMessage) => { if (state.data[state.pos++] !== expectedTag) { throw new Error(errorMessage); } }; const getSubarray = (state, length) => { const result = state.data.subarray(state.pos, state.pos + length); state.pos += length; return result; }; const parseAlgorithmOID = (state) => { expectTag(state, 0x06, 'Expected algorithm OID'); const oidLen = parseLength(state); return getSubarray(state, oidLen); }; function parsePKCS8Header(state) { expectTag(state, 0x30, 'Invalid PKCS#8 structure'); parseLength(state); expectTag(state, 0x02, 'Expected version field'); const verLen = parseLength(state); state.pos += verLen; expectTag(state, 0x30, 'Expected algorithm identifier'); const algIdLen = parseLength(state); const algIdStart = state.pos; return { algIdStart, algIdLength: algIdLen }; } function parseSPKIHeader(state) { expectTag(state, 0x30, 'Invalid SPKI structure'); parseLength(state); expectTag(state, 0x30, 'Expected algorithm identifier'); const algIdLen = parseLength(state); const algIdStart = state.pos; return { algIdStart, algIdLength: algIdLen }; } const parseECAlgorithmIdentifier = (state) => { const algOid = parseAlgorithmOID(state); if (bytesEqual(algOid, [0x2b, 0x65, 0x6e])) { return 'X25519'; } if (!bytesEqual(algOid, [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01])) { throw new Error('Unsupported key algorithm'); } expectTag(state, 0x06, 'Expected curve OID'); const curveOidLen = parseLength(state); const curveOid = getSubarray(state, curveOidLen); for (const { name, oid } of [ { name: 'P-256', oid: [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07] }, { name: 'P-384', oid: [0x2b, 0x81, 0x04, 0x00, 0x22] }, { name: 'P-521', oid: [0x2b, 0x81, 0x04, 0x00, 0x23] }, ]) { if (bytesEqual(curveOid, oid)) { return name; } } throw new Error('Unsupported named curve'); }; const genericImport = async (keyFormat, keyData, alg, options) => { let algorithm; let keyUsages; const isPublic = keyFormat === 'spki'; const getSigUsages = () => (isPublic ? ['verify'] : ['sign']); const getEncUsages = () => isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey']; switch (alg) { case 'PS256': case 'PS384': case 'PS512': algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` }; keyUsages = getSigUsages(); break; case 'RS256': case 'RS384': case 'RS512': algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` }; keyUsages = getSigUsages(); break; case 'RSA-OAEP': case 'RSA-OAEP-256': case 'RSA-OAEP-384': case 'RSA-OAEP-512': algorithm = { name: 'RSA-OAEP', hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`, }; keyUsages = getEncUsages(); break; case 'ES256': case 'ES384': case 'ES512': { const curveMap = { ES256: 'P-256', ES384: 'P-384', ES512: 'P-521' }; algorithm = { name: 'ECDSA', namedCurve: curveMap[alg] }; keyUsages = getSigUsages(); break; } case 'ECDH-ES': case 'ECDH-ES+A128KW': case 'ECDH-ES+A192KW': case 'ECDH-ES+A256KW': { try { const namedCurve = options.getNamedCurve(keyData); algorithm = namedCurve === 'X25519' ? { name: 'X25519' } : { name: 'ECDH', namedCurve }; } catch (cause) { throw new JOSENotSupported('Invalid or unsupported key format'); } keyUsages = isPublic ? [] : ['deriveBits']; break; } case 'Ed25519': case 'EdDSA': algorithm = { name: 'Ed25519' }; keyUsages = getSigUsages(); break; case 'ML-DSA-44': case 'ML-DSA-65': case 'ML-DSA-87': algorithm = { name: alg }; keyUsages = getSigUsages(); break; default: throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value'); } return crypto.subtle.importKey(keyFormat, keyData, algorithm, options?.extractable ?? (isPublic ? true : false), keyUsages); }; const processPEMData = (pem, pattern) => { return decodeBase64(pem.replace(pattern, '')); }; export const fromPKCS8 = (pem, alg, options) => { const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g); let opts = options; if (alg?.startsWith?.('ECDH-ES')) { opts ||= {}; opts.getNamedCurve = (keyData) => { const state = createASN1State(keyData); parsePKCS8Header(state); return parseECAlgorithmIdentifier(state); }; } return genericImport('pkcs8', keyData, alg, opts); }; export const fromSPKI = (pem, alg, options) => { const keyData = processPEMData(pem, /(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g); let opts = options; if (alg?.startsWith?.('ECDH-ES')) { opts ||= {}; opts.getNamedCurve = (keyData) => { const state = createASN1State(keyData); parseSPKIHeader(state); return parseECAlgorithmIdentifier(state); }; } return genericImport('spki', keyData, alg, opts); }; function spkiFromX509(buf) { const state = createASN1State(buf); expectTag(state, 0x30, 'Invalid certificate structure'); parseLength(state); expectTag(state, 0x30, 'Invalid tbsCertificate structure'); parseLength(state); if (buf[state.pos] === 0xa0) { skipElement(state, 6); } else { skipElement(state, 5); } const spkiStart = state.pos; expectTag(state, 0x30, 'Invalid SPKI structure'); const spkiContentLen = parseLength(state); return buf.subarray(spkiStart, spkiStart + spkiContentLen + (state.pos - spkiStart)); } function extractX509SPKI(x509) { const derBytes = processPEMData(x509, /(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g); return spkiFromX509(derBytes); } export const fromX509 = (pem, alg, options) => { let spki; try { spki = extractX509SPKI(pem); } catch (cause) { throw new TypeError('Failed to parse the X.509 certificate', { cause }); } return fromSPKI(formatPEM(encodeBase64(spki), 'PUBLIC KEY'), alg, options); };