Skip to main content
Module

x/jose/jwt/encrypt.ts

"JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno.
panva/jose
Extremely Popular
Go to Latest
File
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
import { CompactEncrypt } from '../jwe/compact/encrypt.ts'import type {  EncryptOptions,  CompactJWEHeaderParameters,  JWEKeyManagementHeaderParameters,  KeyLike,} from '../types.d.ts'import { encoder } from '../lib/buffer_utils.ts'import { ProduceJWT } from './produce.ts'
/** * The EncryptJWT class is a utility for creating Compact JWE formatted JWT strings. * * @example Usage * ```js * const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true }) *   .setProtectedHeader({ alg: 'dir', enc: 'A256GCM' }) *   .setIssuedAt() *   .setIssuer('urn:example:issuer') *   .setAudience('urn:example:audience') *   .setExpirationTime('2h') *   .encrypt(secretKey) * * console.log(jwt) * ``` */export class EncryptJWT extends ProduceJWT {  private _cek!: Uint8Array
  private _iv!: Uint8Array
  private _keyManagementParameters!: JWEKeyManagementHeaderParameters
  private _protectedHeader!: CompactJWEHeaderParameters
  private _replicateIssuerAsHeader!: boolean
  private _replicateSubjectAsHeader!: boolean
  private _replicateAudienceAsHeader!: boolean
  /**   * Sets the JWE Protected Header on the EncryptJWT object.   *   * @param protectedHeader JWE Protected Header.   * Must contain an "alg" (JWE Algorithm) and "enc" (JWE   * Encryption Algorithm) properties.   */  setProtectedHeader(protectedHeader: CompactJWEHeaderParameters) {    if (this._protectedHeader) {      throw new TypeError('setProtectedHeader can only be called once')    }    this._protectedHeader = protectedHeader    return this  }
  /**   * Sets the JWE Key Management parameters to be used when encrypting.   * Use of this is method is really only needed for ECDH based algorithms   * when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters.   * Other parameters will always be randomly generated when needed and missing.   *   * @param parameters JWE Key Management parameters.   */  setKeyManagementParameters(parameters: JWEKeyManagementHeaderParameters) {    if (this._keyManagementParameters) {      throw new TypeError('setKeyManagementParameters can only be called once')    }    this._keyManagementParameters = parameters    return this  }
  /**   * Sets a content encryption key to use, by default a random suitable one   * is generated for the JWE enc" (Encryption Algorithm) Header Parameter.   *   * @param cek JWE Content Encryption Key.   *   * @deprecated You should not use this method. It is only really intended   * for test and vector validation purposes.   */  setContentEncryptionKey(cek: Uint8Array) {    if (this._cek) {      throw new TypeError('setContentEncryptionKey can only be called once')    }    this._cek = cek    return this  }
  /**   * Sets the JWE Initialization Vector to use for content encryption, by default   * a random suitable one is generated for the JWE enc" (Encryption Algorithm)   * Header Parameter.   *   * @param iv JWE Initialization Vector.   *   * @deprecated You should not use this method. It is only really intended   * for test and vector validation purposes.   */  setInitializationVector(iv: Uint8Array) {    if (this._iv) {      throw new TypeError('setInitializationVector can only be called once')    }    this._iv = iv    return this  }
  /**   * Replicates the "iss" (Issuer) Claim as a JWE Protected Header Parameter as per   * [RFC7519#section-5.3](https://www.rfc-editor.org/rfc/rfc7519#section-5.3).   */  replicateIssuerAsHeader() {    this._replicateIssuerAsHeader = true    return this  }
  /**   * Replicates the "sub" (Subject) Claim as a JWE Protected Header Parameter as per   * [RFC7519#section-5.3](https://www.rfc-editor.org/rfc/rfc7519#section-5.3).   */  replicateSubjectAsHeader() {    this._replicateSubjectAsHeader = true    return this  }
  /**   * Replicates the "aud" (Audience) Claim as a JWE Protected Header Parameter as per   * [RFC7519#section-5.3](https://www.rfc-editor.org/rfc/rfc7519#section-5.3).   */  replicateAudienceAsHeader() {    this._replicateAudienceAsHeader = true    return this  }
  /**   * Encrypts and returns the JWT.   *   * @param key Public Key or Secret to encrypt the JWT with.   * @param options JWE Encryption options.   */  async encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string> {    const enc = new CompactEncrypt(encoder.encode(JSON.stringify(this._payload)))    if (this._replicateIssuerAsHeader) {      this._protectedHeader = { ...this._protectedHeader, iss: this._payload.iss }    }    if (this._replicateSubjectAsHeader) {      this._protectedHeader = { ...this._protectedHeader, sub: this._payload.sub }    }    if (this._replicateAudienceAsHeader) {      this._protectedHeader = { ...this._protectedHeader, aud: this._payload.aud }    }    enc.setProtectedHeader(this._protectedHeader)    if (this._iv) {      enc.setInitializationVector(this._iv)    }    if (this._cek) {      enc.setContentEncryptionKey(this._cek)    }    if (this._keyManagementParameters) {      enc.setKeyManagementParameters(this._keyManagementParameters)    }    return enc.encrypt(key, options)  }}