Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | 2x 2x 2x 2x 2x 2x 2x 120x 40x 40x 40x 2x 40x 39x 34x 34x 34x 34x 4x 4x 2x 2x 30x 30x 28x 28x 28x 2x 26x 26x 33x 2x 31x 31x 1x 30x 30x 30x 30x 26x 26x 4x 4x 30x 26x 1x 25x 25x 23x 23x 23x 1x 23x 22x 11x 11x 11x | import debug from 'debug'; import request from 'request'; import ArgumentError from './errors/ArgumentError'; import JwksError from './errors/JwksError'; import SigningKeyNotFoundError from './errors/SigningKeyNotFoundError'; import { certToPEM, rsaPublicKeyToPEM } from './utils'; import { cacheSigningKey, rateLimitSigningKey } from './wrappers'; export class JwksClient { constructor(options) { this.options = { rateLimit: false, cache: true, strictSsl: true, ...options }; this.logger = debug('jwks'); // Initialize wrappers. if (this.options.rateLimit) { this.getSigningKey = rateLimitSigningKey(this, options); } if (this.options.cache) { this.getSigningKey = cacheSigningKey(this, options); } } getKeys(cb) { this.logger(`Fetching keys from '${this.options.jwksUri}'`); request({ json: true, uri: this.options.jwksUri, strictSSL: this.options.strictSsl, headers: this.options.requestHeaders, agentOptions: this.options.requestAgentOptions }, (err, res) => { if (err || res.statusCode < 200 || res.statusCode >= 300) { this.logger('Failure:', res && res.body || err); if (res) { return cb(new JwksError(res.body && (res.body.message || res.body) || res.statusMessage || `Http Error ${res.statusCode}`)); } return cb(err); } this.logger('Keys:', res.body.keys); return cb(null, res.body.keys); }); } getSigningKeys(cb) { this.getKeys((err, keys) => { if (err) { return cb(err); } Iif (!keys || !keys.length) { return cb(new JwksError('The JWKS endpoint did not contain any keys')); } const signingKeys = keys .filter((key) => { if(key.kty !== 'RSA'){ return false; } Iif(!key.kid){ return false; } if(key.hasOwnProperty('use') && key.use !== 'sig'){ return false; } return ((key.x5c && key.x5c.length) || (key.n && key.e)); }) .map(key => { const jwk = { kid: key.kid, nbf: key.nbf }; const hasCertificateChain = key.x5c && key.x5c.length; if (hasCertificateChain){ jwk.publicKey = certToPEM(key.x5c[0]); jwk.getPublicKey = () => jwk.publicKey; } else { jwk.rsaPublicKey = rsaPublicKeyToPEM(key.n, key.e); jwk.getPublicKey = () => jwk.rsaPublicKey; } return jwk; }); if (!signingKeys.length) { return cb(new JwksError('The JWKS endpoint did not contain any signing keys')); } this.logger('Signing Keys:', signingKeys); return cb(null, signingKeys); }); } getSigningKey = (kid, cb) => { this.logger(`Fetching signing key for '${kid}'`); this.getSigningKeys((err, keys) => { if (err) { return cb(err); } const key = keys.find(k => k.kid === kid); if (key) { return cb(null, key); } else { this.logger(`Unable to find a signing key that matches '${kid}'`); return cb(new SigningKeyNotFoundError(`Unable to find a signing key that matches '${kid}'`)); } }); } } |