Skip to content

Commit

Permalink
fix(ext/crypto): various cleanup in JWK imports (#13092)
Browse files Browse the repository at this point in the history 
This aligns all of the error messages, and makes falsey comparisons
more strict.
  • Loading branch information
@lucacasonato
lucacasonato authored Dec 15, 2021
1 parent ee49cce commit ec7d906
Showing 1 changed file with 38 additions and 36 deletions.
74 changes: 38 additions & 36 deletions ext/crypto/00_crypto.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1869,18 +1869,19 @@
case "jwk": {
// 1.
const jwk = keyData;

// 2.
if (jwk.kty !== "oct") {
throw new DOMException(
"`kty` member of JsonWebKey must be `oct`",
"'kty' property of JsonWebKey must be 'oct'",
"DataError",
);
}

// Section 6.4.1 of RFC7518
if (jwk.k === undefined) {
throw new DOMException(
"`k` member of JsonWebKey must be present",
"'k' property of JsonWebKey must be present",
"DataError",
);
}
Expand Down Expand Up @@ -1927,21 +1928,23 @@
}

// 6.
if (keyUsages.length > 0 && jwk.use && jwk.use !== "enc") {
if (
keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== "enc"
) {
throw new DOMException("Invalid key usages", "DataError");
}

// 7.
// Section 4.3 of RFC7517
if (jwk.key_ops) {
if (jwk.key_ops !== undefined) {
if (
ArrayPrototypeFind(
jwk.key_ops,
(u) => !ArrayPrototypeIncludes(recognisedUsages, u),
) !== undefined
) {
throw new DOMException(
"`key_ops` member of JsonWebKey is invalid",
"'key_ops' property of JsonWebKey is invalid",
"DataError",
);
}
Expand All @@ -1953,16 +1956,16 @@
)
) {
throw new DOMException(
"`key_ops` member of JsonWebKey is invalid",
"'key_ops' property of JsonWebKey is invalid",
"DataError",
);
}
}

// 8.
if (jwk.ext === false && extractable == true) {
if (jwk.ext === false && extractable === true) {
throw new DOMException(
"`ext` member of JsonWebKey is invalid",
"'ext' property of JsonWebKey must not be false if extractable is true",
"DataError",
);
}
Expand Down Expand Up @@ -2026,21 +2029,20 @@
break;
}
case "jwk": {
// TODO(@littledivy): Why does the spec validate JWK twice?
const jwk = keyData;

// 2.
if (jwk.kty !== "oct") {
throw new DOMException(
"`kty` member of JsonWebKey must be `oct`",
"'kty' property of JsonWebKey must be 'oct'",
"DataError",
);
}

// Section 6.4.1 of RFC7518
if (!jwk.k) {
if (jwk.k === undefined) {
throw new DOMException(
"`k` member of JsonWebKey must be present",
"'k' property of JsonWebKey must be present",
"DataError",
);
}
Expand All @@ -2061,7 +2063,7 @@
case "SHA-1": {
if (jwk.alg !== undefined && jwk.alg !== "HS1") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS1`",
"'alg' property of JsonWebKey must be 'HS1'",
"DataError",
);
}
Expand All @@ -2070,7 +2072,7 @@
case "SHA-256": {
if (jwk.alg !== undefined && jwk.alg !== "HS256") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS256`",
"'alg' property of JsonWebKey must be 'HS256'",
"DataError",
);
}
Expand All @@ -2079,7 +2081,7 @@
case "SHA-384": {
if (jwk.alg !== undefined && jwk.alg !== "HS384") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS384`",
"'alg' property of JsonWebKey must be 'HS384'",
"DataError",
);
}
Expand All @@ -2088,7 +2090,7 @@
case "SHA-512": {
if (jwk.alg !== undefined && jwk.alg !== "HS512") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS512`",
"'alg' property of JsonWebKey must be 'HS512'",
"DataError",
);
}
Expand All @@ -2099,24 +2101,26 @@
}

// 7.
if (keyUsages.length > 0 && jwk.use && jwk.use !== "sign") {
if (
keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== "sign"
) {
throw new DOMException(
"`use` member of JsonWebKey must be `sign`",
"'use' property of JsonWebKey must be 'sign'",
"DataError",
);
}

// 8.
// Section 4.3 of RFC7517
if (jwk.key_ops) {
if (jwk.key_ops !== undefined) {
if (
ArrayPrototypeFind(
jwk.key_ops,
(u) => !ArrayPrototypeIncludes(recognisedUsages, u),
) !== undefined
) {
throw new DOMException(
"`key_ops` member of JsonWebKey is invalid",
"'key_ops' property of JsonWebKey is invalid",
"DataError",
);
}
Expand All @@ -2128,16 +2132,16 @@
)
) {
throw new DOMException(
"`key_ops` member of JsonWebKey is invalid",
"'key_ops' property of JsonWebKey is invalid",
"DataError",
);
}
}

// 9.
if (jwk.ext === false && extractable == true) {
if (jwk.ext === false && extractable === true) {
throw new DOMException(
"`ext` member of JsonWebKey is invalid",
"'ext' property of JsonWebKey must not be false if extractable is true",
"DataError",
);
}
Expand Down Expand Up @@ -2390,19 +2394,17 @@
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
} else {
if (
ArrayPrototypeFind(
keyUsages,
(u) =>
!ArrayPrototypeIncludes(
SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].public,
u,
),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
} else if (
ArrayPrototypeFind(
keyUsages,
(u) =>
!ArrayPrototypeIncludes(
SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].public,
u,
),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}

// 3.
Expand Down

0 comments on commit ec7d906

Please sign in to comment.