keypairs.js 11.2 KB
'use strict';

var Eckles = require('eckles');
var Rasha = require('rasha');
var Enc = {};
var Keypairs = module.exports;

/*global Promise*/

Keypairs.generate = function (opts) {
  opts = opts || {};
  var kty = opts.kty || opts.type;
  var p;
  if ('RSA' === kty) {
    p = Rasha.generate(opts);
  } else {
    p = Eckles.generate(opts);
  }
  return p.then(function (pair) {
    return Keypairs.thumbprint({ jwk: pair.public }).then(function (thumb) {
      pair.private.kid = thumb; // maybe not the same id on the private key?
      pair.public.kid = thumb;
      return pair;
    });
  });
};

Keypairs.parse = function (opts) {
  opts = opts || {};

  var err;
  var jwk;
  var pem;
  var p;

  if (!opts.key || !opts.key.kty) {
    try {
      jwk = JSON.parse(opts.key);
      p = Keypairs.export({ jwk: jwk }).catch(function (e) {
        pem = opts.key;
        err = new Error("Not a valid jwk '" + JSON.stringify(jwk) + "':" + e.message);
        err.code = "EINVALID";
        return Promise.reject(err);
      }).then(function () {
        return jwk;
      });
    } catch(e) {
      p = Keypairs.import({ pem: opts.key }).catch(function (e) {
        err = new Error("Could not parse key (type " + typeof opts.key + ") '" + opts.key + "': " + e.message);
        err.code = "EPARSE";
        return Promise.reject(err);
      });
    }
  } else {
    p = Promise.resolve(opts.key);
  }

  return p.then(function (jwk) {
    var pubopts = JSON.parse(JSON.stringify(opts));
    pubopts.jwk = jwk;
    return Keypairs.publish(pubopts).then(function (pub) {
      // 'd' happens to be the name of a private part of both RSA and ECDSA keys
      if (opts.public || opts.publish || !jwk.d) {
        if (opts.private) {
          // TODO test that it can actually sign?
          err = new Error("Not a private key '" + JSON.stringify(jwk) + "'");
          err.code = "ENOTPRIVATE";
          return Promise.reject(err);
        }
        return { public: pub };
      } else {
        return { private: jwk, public: pub };
      }
    });
  });
};

Keypairs.parseOrGenerate = function (opts) {
  if (!opts.key) { return Keypairs.generate(opts); }
  opts.private = true;
  return Keypairs.parse(opts).catch(function (e) {
    console.warn(e.message);
    return Keypairs.generate(opts);
  });
};

Keypairs.import = function (opts) {
  return Eckles.import(opts).catch(function () {
    return Rasha.import(opts);
  }).then(function (jwk) {
    return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) {
      jwk.kid = thumb;
      return jwk;
    });
  });
};

Keypairs.export = function (opts) {
  return Promise.resolve().then(function () {
    if ('RSA' === opts.jwk.kty) {
      return Rasha.export(opts);
    } else {
      return Eckles.export(opts);
    }
  });
};

// Chopping off the private parts is now part of the public API.
// I thought it sounded a little too crude at first, but it really is the best name in every possible way.
Keypairs.neuter = Keypairs._neuter = function (opts) {
  // trying to find the best balance of an immutable copy with custom attributes
  var jwk = {};
  Object.keys(opts.jwk).forEach(function (k) {
    if ('undefined' === typeof opts.jwk[k]) { return; }
    // ignore RSA and EC private parts
    if (-1 !== ['d', 'p', 'q', 'dp', 'dq', 'qi'].indexOf(k)) { return; }
    jwk[k] = JSON.parse(JSON.stringify(opts.jwk[k]));
  });
  return jwk;
};

Keypairs.publish = function (opts) {
  if ('object' !== typeof opts.jwk || !opts.jwk.kty) { throw new Error("invalid jwk: " + JSON.stringify(opts.jwk)); }

  // returns a copy
  var jwk = Keypairs.neuter(opts);

  if (jwk.exp) {
    jwk.exp = setTime(jwk.exp);
  } else {
    if (opts.exp) { jwk.exp = setTime(opts.exp); }
    else if (opts.expiresIn) { jwk.exp = Math.round(Date.now()/1000) + opts.expiresIn; }
    else if (opts.expiresAt) { jwk.exp = opts.expiresAt; }
  }
  if (!jwk.use && false !== jwk.use) { jwk.use = "sig"; }

  if (jwk.kid) { return Promise.resolve(jwk); }
  return Keypairs.thumbprint({ jwk: jwk }).then(function (thumb) { jwk.kid = thumb; return jwk; });
};

Keypairs.thumbprint = function (opts) {
  return Promise.resolve().then(function () {
    if ('RSA' === opts.jwk.kty) {
      return Rasha.thumbprint(opts);
    } else {
      return Eckles.thumbprint(opts);
    }
  });
};

// JWT a.k.a. JWS with Claims using Compact Serialization
Keypairs.signJwt = function (opts) {
  return Keypairs.thumbprint({ jwk: opts.jwk }).then(function (thumb) {
    var header = opts.header || {};
    var claims = JSON.parse(JSON.stringify(opts.claims || {}));
    header.typ = 'JWT';

    if (!header.kid) { header.kid = thumb; }
    if (!header.alg && opts.alg) { header.alg = opts.alg; }
    if (!claims.iat && (false === claims.iat || false === opts.iat)) {
      claims.iat = undefined;
    } else if (!claims.iat) {
      claims.iat = Math.round(Date.now()/1000);
    }

    if (opts.exp) {
      claims.exp = setTime(opts.exp);
    } else if (!claims.exp && (false === claims.exp || false === opts.exp)) {
      claims.exp = undefined;
    } else if (!claims.exp) {
      throw new Error("opts.claims.exp should be the expiration date as seconds, human form (i.e. '1h' or '15m') or false");
    }

    if (opts.iss) { claims.iss = opts.iss; }
    if (!claims.iss && (false === claims.iss || false === opts.iss)) {
      claims.iss = undefined;
    } else if (!claims.iss) {
      throw new Error("opts.claims.iss should be in the form of https://example.com/, a secure OIDC base url");
    }

    return Keypairs.signJws({
      jwk: opts.jwk
    , pem: opts.pem
    , protected: header
    , header: undefined
    , payload: claims
    }).then(function (jws) {
      return [ jws.protected, jws.payload, jws.signature ].join('.');
    });
  });
};

Keypairs.signJws = function (opts) {
  return Keypairs.thumbprint(opts).then(function (thumb) {

    function alg() {
      if (!opts.jwk) {
        throw new Error("opts.jwk must exist and must declare 'typ'");
      }
      return ('RSA' === opts.jwk.kty) ? "RS256" : "ES256";
    }

    function sign(pem) {
      var header = opts.header;
      var protect = opts.protected;
      var payload = opts.payload;

      // Compute JWS signature
      var protectedHeader = "";
      // Because unprotected headers are allowed, regrettably...
      // https://stackoverflow.com/a/46288694
      if (false !== protect) {
        if (!protect) { protect = {}; }
        if (!protect.alg) { protect.alg = alg(); }
        // There's a particular request where Let's Encrypt explicitly doesn't use a kid
        if (!protect.kid && false !== protect.kid) { protect.kid = thumb; }
        protectedHeader = JSON.stringify(protect);
      }

      // Convert payload to Buffer
      if ('string' !== typeof payload && !Buffer.isBuffer(payload)) {
        if (!payload) {
          throw new Error("opts.payload should be JSON, string, or Buffer (it may be empty, but that must be explicit)");
        }
        payload = JSON.stringify(payload);
      }
      if ('string' === typeof payload) {
        payload = Buffer.from(payload, 'binary');
      }

      // node specifies RSA-SHAxxx even whet it's actually ecdsa (it's all encoded x509 shasums anyway)
      var nodeAlg = "SHA" + (((protect||header).alg||'').replace(/^[^\d]+/, '')||'256');
      var protected64 = Enc.strToUrlBase64(protectedHeader);
      var payload64 = Enc.bufToUrlBase64(payload);
      var binsig = require('crypto')
        .createSign(nodeAlg)
        .update(protect ? (protected64 + "." + payload64) : payload64)
        .sign(pem)
      ;
      if ('EC' === opts.jwk.kty) {
        // ECDSA JWT signatures differ from "normal" ECDSA signatures
        // https://tools.ietf.org/html/rfc7518#section-3.4
        binsig = convertIfEcdsa(binsig);
      }

      var sig = binsig.toString('base64')
        .replace(/\+/g, '-')
        .replace(/\//g, '_')
        .replace(/=/g, '')
      ;

      return {
        header: header
      , protected: protected64 || undefined
      , payload: payload64
      , signature: sig
      };
    }

    function convertIfEcdsa(binsig) {
      // should have asn1 sequence header of 0x30
      if (0x30 !== binsig[0]) { throw new Error("Impossible EC SHA head marker"); }
      var index = 2; // first ecdsa "R" header byte
      var len = binsig[1];
      var lenlen = 0;
      // Seek length of length if length is greater than 127 (i.e. two 512-bit / 64-byte R and S values)
      if (0x80 & len) {
        lenlen = len - 0x80; // should be exactly 1
        len = binsig[2]; // should be <= 130 (two 64-bit SHA-512s, plus padding)
        index += lenlen;
      }
      // should be of BigInt type
      if (0x02 !== binsig[index]) { throw new Error("Impossible EC SHA R marker"); }
      index += 1;

      var rlen = binsig[index];
      var bits = 32;
      if (rlen > 49) {
        bits = 64;
      } else if (rlen > 33) {
        bits = 48;
      }
      var r = binsig.slice(index + 1, index + 1 + rlen).toString('hex');
      var slen = binsig[index + 1 + rlen + 1]; // skip header and read length
      var s = binsig.slice(index + 1 + rlen + 1 + 1).toString('hex');
      if (2 *slen !== s.length) { throw new Error("Impossible EC SHA S length"); }
      // There may be one byte of padding on either
      while (r.length < 2*bits) { r = '00' + r; }
      while (s.length < 2*bits) { s = '00' + s; }
      if (2*(bits+1) === r.length) { r = r.slice(2); }
      if (2*(bits+1) === s.length) { s = s.slice(2); }
      return Buffer.concat([Buffer.from(r, 'hex'), Buffer.from(s, 'hex')]);
    }

    if (opts.pem && opts.jwk) {
      return sign(opts.pem);
    } else {
      return Keypairs.export({ jwk: opts.jwk }).then(sign);
    }
  });
};

function setTime(time) {
  if ('number' === typeof time) { return time; }

  var t = time.match(/^(\-?\d+)([dhms])$/i);
  if (!t || !t[0]) {
    throw new Error("'" + time + "' should be datetime in seconds or human-readable format (i.e. 3d, 1h, 15m, 30s");
  }

  var now = Math.round(Date.now()/1000);
  var num = parseInt(t[1], 10);
  var unit = t[2];
  var mult = 1;
  switch(unit) {
    // fancy fallthrough, what fun!
    case 'd':
      mult *= 24;
      /*falls through*/
    case 'h':
      mult *= 60;
      /*falls through*/
    case 'm':
      mult *= 60;
      /*falls through*/
    case 's':
      mult *= 1;
  }

  return now + (mult * num);
}

Enc.strToUrlBase64 = function (str) {
  // node automatically can tell the difference
  // between uc2 (utf-8) strings and binary strings
  // so we don't have to re-encode the strings
  return Buffer.from(str).toString('base64')
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};
Enc.bufToUrlBase64 = function (buf) {
  // allow for Uint8Array as a Buffer
  return Buffer.from(buf).toString('base64')
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};

// For 'rsa-compat' module only
// PLEASE do not use these sync methods, they are deprecated
Keypairs._importSync = function (opts) {
  try {
    return Eckles.importSync(opts);
  } catch(e) {
    try {
      return Rasha.importSync(opts);
    } catch(e) {
      console.error("options.pem does not appear to be a valid RSA or ECDSA public or private key");
    }
  }
};
// PLEASE do not use these, they are deprecated
Keypairs._exportSync = function (opts) {
  if ('RSA' === opts.jwk.kty) {
    return Rasha.exportSync(opts);
  } else {
    return Eckles.exportSync(opts);
  }
};