foster/deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-03-03 17:34:47 -05:00
Code Issues Packages 1 Wiki Activity

fix(ext/crypto): use forgiving base64 encoding for JWK (#13240)

Browse source 
Implements "forgiving" in JWK decode passing suitable config to base64::decode_config
This commit is contained in:
Sean Michael Wykes 2022-01-03 09:24:45 -03:00 committed by GitHub
parent 9a42d65fc7
commit 340764adec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
cli/tests/unit/webcrypto_test.ts
View file

@ -1419,3 +1419,28 @@ Deno.test(async function testImportEcSpkiPkcs8() {
assertEquals(new Uint8Array(expPrivateKeySPKI), spki);*/ assertEquals(new Uint8Array(expPrivateKeySPKI), spki);*/
} }
}); });
Deno.test(async function testBase64Forgiving() {
const keyData = `{
"kty": "oct",
"k": "xxx",
"alg": "HS512",
"key_ops": ["sign", "verify"],
"ext": true
}`;
const key = await crypto.subtle.importKey(
"jwk",
JSON.parse(keyData),
{ name: "HMAC", hash: "SHA-512" },
true,
["sign", "verify"],
);
assert(key instanceof CryptoKey);
assertEquals(key.type, "secret");
assertEquals((key.algorithm as HmacKeyAlgorithm).length, 16);
const exportedKey = await crypto.subtle.exportKey("jwk", key);
assertEquals(exportedKey.k, "xxw");
});

9
ext/crypto/import_key.rs
View file

@ -105,9 +105,12 @@ pub fn op_crypto_import_key(
} }
} }
const URL_SAFE_FORGIVING: base64::Config =
base64::URL_SAFE_NO_PAD.decode_allow_trailing_bits(true);
macro_rules! jwt_b64_int_or_err { macro_rules! jwt_b64_int_or_err {
($name:ident, $b64:expr, $err:expr) => { ($name:ident, $b64:expr, $err:expr) => {
let bytes = base64::decode_config($b64, base64::URL_SAFE) let bytes = base64::decode_config($b64, URL_SAFE_FORGIVING)
.map_err(|_| data_error($err))?; .map_err(|_| data_error($err))?;
let $name = UIntBytes::new(&bytes).map_err(|_| data_error($err))?; let $name = UIntBytes::new(&bytes).map_err(|_| data_error($err))?;
}; };
@ -1001,7 +1004,7 @@ fn import_key_ec(
fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> { fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
Ok(match key_data { Ok(match key_data {
KeyData::JwkSecret { k } => { KeyData::JwkSecret { k } => {
let data = base64::decode_config(k, base64::URL_SAFE) let data = base64::decode_config(k, URL_SAFE_FORGIVING)
.map_err(|_| data_error("invalid key data"))?; .map_err(|_| data_error("invalid key data"))?;
ImportKeyResult::Hmac { ImportKeyResult::Hmac {
raw_data: RawKeyData::Secret(data.into()), raw_data: RawKeyData::Secret(data.into()),
@ -1014,7 +1017,7 @@ fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
fn import_key_hmac(key_data: KeyData) -> Result<ImportKeyResult, AnyError> { fn import_key_hmac(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
Ok(match key_data { Ok(match key_data {
KeyData::JwkSecret { k } => { KeyData::JwkSecret { k } => {
let data = base64::decode_config(k, base64::URL_SAFE) let data = base64::decode_config(k, URL_SAFE_FORGIVING)
.map_err(|_| data_error("invalid key data"))?; .map_err(|_| data_error("invalid key data"))?;
ImportKeyResult::Hmac { ImportKeyResult::Hmac {
raw_data: RawKeyData::Secret(data.into()), raw_data: RawKeyData::Secret(data.into()),