All files / src JwksClient.js

96.77% Statements 60/62
91.49% Branches 43/47
100% Functions 12/12
96.61% Lines 57/59

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 1242x 2x   2x 2x 2x   2x       2x           120x 40x           40x     40x 2x   40x 39x       34x 34x 34x             34x 4x 4x 2x   2x     30x 30x       28x 28x 28x 2x     26x       26x   33x 2x   31x     31x 1x   30x     30x       30x 30x 26x 26x   4x 4x   30x     26x 1x     25x 25x         23x   23x 23x 1x     23x 22x 11x   11x 11x          
import debug from 'debug';
import request from 'request';
 
import ArgumentError from './errors/ArgumentError';
import JwksError from './errors/JwksError';
import SigningKeyNotFoundError from './errors/SigningKeyNotFoundError';
 
import {
  certToPEM,
  rsaPublicKeyToPEM
} from './utils';
import {
  cacheSigningKey,
  rateLimitSigningKey
} from './wrappers';
 
export class JwksClient {
  constructor(options) {
    this.options = {
      rateLimit: false,
      cache: true,
      strictSsl: true,
      ...options
    };
    this.logger = debug('jwks');
 
    // Initialize wrappers.
    if (this.options.rateLimit) {
      this.getSigningKey = rateLimitSigningKey(this, options);
    }
    if (this.options.cache) {
      this.getSigningKey = cacheSigningKey(this, options);
    }
  }
 
  getKeys(cb) {
    this.logger(`Fetching keys from '${this.options.jwksUri}'`);
    request({
      json: true,
      uri: this.options.jwksUri,
      strictSSL: this.options.strictSsl,
      headers: this.options.requestHeaders,
      agentOptions: this.options.requestAgentOptions
    }, (err, res) => {
      if (err || res.statusCode < 200 || res.statusCode >= 300) {
        this.logger('Failure:', res && res.body || err);
        if (res) {
          return cb(new JwksError(res.body && (res.body.message || res.body) || res.statusMessage || `Http Error ${res.statusCode}`));
        }
        return cb(err);
      }
 
      this.logger('Keys:', res.body.keys);
      return cb(null, res.body.keys);
    });
  }
 
  getSigningKeys(cb) {
    this.getKeys((err, keys) => {
      if (err) {
        return cb(err);
      }
 
      Iif (!keys || !keys.length) {
        return cb(new JwksError('The JWKS endpoint did not contain any keys'));
      }
 
      const signingKeys = keys
          .filter((key) => {
            if(key.kty !== 'RSA'){
              return false;
            }
            Iif(!key.kid){
              return false;
            }
            if(key.hasOwnProperty('use') && key.use !== 'sig'){
              return false;
            }  
            return ((key.x5c && key.x5c.length) || (key.n && key.e));
        })
          .map(key => {
            const jwk = {
              kid: key.kid,
              nbf: key.nbf
            };
            const hasCertificateChain = key.x5c && key.x5c.length;
            if (hasCertificateChain){
              jwk.publicKey = certToPEM(key.x5c[0]);
              jwk.getPublicKey = () => jwk.publicKey;
            } else {
              jwk.rsaPublicKey = rsaPublicKeyToPEM(key.n, key.e);
              jwk.getPublicKey = () => jwk.rsaPublicKey;
            }
            return jwk;
        });
 
      if (!signingKeys.length) {
        return cb(new JwksError('The JWKS endpoint did not contain any signing keys'));
      }
 
      this.logger('Signing Keys:', signingKeys);
      return cb(null, signingKeys);
    });
  }
 
  getSigningKey = (kid, cb) => {
    this.logger(`Fetching signing key for '${kid}'`);
 
    this.getSigningKeys((err, keys) => {
      if (err) {
        return cb(err);
      }
 
      const key = keys.find(k => k.kid === kid);
      if (key) {
        return cb(null, key);
      } else {
        this.logger(`Unable to find a signing key that matches '${kid}'`);
        return cb(new SigningKeyNotFoundError(`Unable to find a signing key that matches '${kid}'`));
      }
    });
  }
}