Description: Re-apply missing code with DFSG-nonfree RDF content stripped Some source files were excluded from repackaged source due to embedded DFSG-nonfree RFC content. . This patch re-applies that code with the problematic content removed. Copyright: 2016, Anvil Research, Inc. License: Expat Last-Update: 2019-09-11 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- /dev/null +++ b/src/schemas/JOSEHeaderSchema.js @@ -0,0 +1,273 @@ +/** + * Dependencies + */ +const JWKSchema = require('./JWKSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JOSEHeaderSchema + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-5 + * + * 5. JOSE Header + */ +const JOSEHeaderSchema = new JSONSchema({ + type: 'object', + properties: { + + /** + * typ + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-5.1 + * + * 5.1. "typ" (Type) Header Parameter + * + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.9 + * + * 4.1.9. "typ" (Type) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.11 + * + * 4.1.11. "typ" (Type) Header Parameter + */ + typ: { + type: 'string' + }, + + /** + * cty + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-5.2 + * + * 5.2. "cty" (Content Type) Header Parameter + * + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.10 + * + * 4.1.10. "cty" (Content Type) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.12 + * + * 4.1.12. "cty" (Content Type) Header Parameter + */ + cty: { + type: 'string', + enum: ['JWT', 'JWD'] + }, + + /** + * alg + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.1 + * + * 4.1.1. "alg" (Algorithm) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.1 + * + * 4.1.1. "alg" (Algorithm) Header Parameter + */ + alg: { + type: 'string', + format: 'StringOrURI' + }, + + /** + * jku + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.2 + * + * 4.1.2. "jku" (JWK Set URL) Header Parameter (JWS) + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.4 + * + * 4.1.4. "jku" (JWK Set URL) Header Parameter (JWE) + */ + jku: { + type: 'string', + format: 'URI' + }, + + /** + * jwk + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.3 + * + * 4.1.3. "jwk" (JSON Web Key) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.5 + * + * 4.1.5. "jwk" (JSON Web Key) Header Parameter + */ + //jwk: JWKSchema, + + /** + * kid + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.4 + * + * 4.1.4. "kid" (Key ID) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.6 + * + * 4.1.6. "kid" (Key ID) Header Parameter + */ + kid: { + type: 'string' + }, + + /** + * x5u + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.5 + * + * 4.1.5. "x5u" (X.509 URL) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.7 + * + * 4.1.7. "x5u" (X.509 URL) Header Parameter + */ + x5u: { + type: 'string', + format: 'URI' + }, + + /** + * x5c + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.6 + * + * 4.1.6. "x5c" (X.509 Certificate Chain) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.8 + * + * 4.1.8. "x5c" (X.509 Certificate Chain) Header Parameter + */ + x5c: { + type: 'array', + items: { + type: 'string', + format: 'base64' + } + }, + + /** + * x5t + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.7 + * + * 4.1.7. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.9 + * + * 4.1.9. "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter + */ + x5t: { + type: 'string', + format: 'base64url' + }, + + /** + * x5t#S256 + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.8 + * + * 4.1.8. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header + * Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.10 + * + * 4.1.10. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Header + * Parameter + */ + //'x5t#S256': { + // type: 'string', + // format: 'base64url' + //}, + + /** + * crit + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-4.1.11 + * + * 4.1.11. "crit" (Critical) Header Parameter + * + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.13 + * + * 4.1.13. "crit" (Critical) Header Parameter + */ + crit: { + type: 'array', + items: { + type: 'string' + }, + minItems: 1 + }, + + /** + * enc + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.2 + * + * 4.1.2. "enc" (Encryption Algorithm) Header Parameter + */ + enc: { + type: 'string', + format: 'StringOrURI' + }, + + /** + * zip + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-4.1.3 + * + * 4.1.3. "zip" (Compression Algorithm) Header Parameter + */ + zip: { + type: 'string' + } + } +}) + +/** + * Export + */ +module.exports = JOSEHeaderSchema --- /dev/null +++ b/src/schemas/JWECompactSerializationSchema.js @@ -0,0 +1,30 @@ +/** + * Dependencies + */ +const JOSEHeaderSchema = require('./JOSEHeaderSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JWECompactSerializationSchema + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-7.1 + * + * 7.1. JWE Compact Serialization + */ +const JWECompactSerializationSchema = new JSONSchema({ + type: 'object', + additionalProperties: false, + properties: { + protected: JOSEHeaderSchema, + encrypted_key: { type: 'string', format: 'base64url' }, + iv: { type: 'string', format: 'base64url' }, + ciphertext: { type: 'string', format: 'base64url' }, + tag: { type: 'string', format: 'base64url' } + } +}) + +/** + * Export + */ +module.exports = JWECompactSerializationSchema --- /dev/null +++ b/src/schemas/JWEFlattenedSerializationSchema.js @@ -0,0 +1,33 @@ +/** + * Dependencies + */ +const JOSEHeaderSchema = require('./JOSEHeaderSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JWEFlattenedSerializationSchema + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-7.2 + * + * 7.2.2. Flattened JWE JSON Serialization Syntax + */ +const JWEFlattenedSerializationSchema = new JSONSchema({ + type: 'object', + additionalProperties: false, + properties: { + protected: JOSEHeaderSchema, + unprotected: JOSEHeaderSchema, + header: JOSEHeaderSchema, + encrypted_key: { type: 'string', format: 'base64url' }, + iv: { type: 'string', format: 'base64url' }, + aad: { type: 'string', format: 'base64url' }, + ciphertext: { type: 'string', format: 'base64url' }, + tag: { type: 'string', format: 'base64url' }, + } +}) + +/** + * Export + */ +module.exports = JWEFlattenedSerializationSchema --- /dev/null +++ b/src/schemas/JWEJSONSerializationSchema.js @@ -0,0 +1,46 @@ +/** + * Dependencies + */ +const JOSEHeaderSchema = require('./JOSEHeaderSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JWEJSONSerializationSchema + * + * JSON Web Encryption (JWE) + * https://tools.ietf.org/html/rfc7516#section-7.2 + * + * 7.2. JWE JSON Serialization + * + * + * 7.2.1. General JWE JSON Serialization Syntax + */ +const JWEJSONSerializationSchema = new JSONSchema({ + type: 'object', + additionalProperties: false, + properties: { + protected: JOSEHeaderSchema, + unprotected: JOSEHeaderSchema, + iv: { type: 'string', format: 'base64url' }, + aad: { type: 'string', format: 'base64url' }, + ciphertext: { type: 'string', format: 'base64url' }, + tag: { type: 'string', format: 'base64url' }, + recipients: { + type: 'array', + items: [ + { + type: 'object', + properties: { + header: JOSEHeaderSchema, + encrypted_key: { type: 'string', format: 'base64url' } + } + } + ] + } + } +}) + +/** + * Export + */ +//module.exports = JWEJSONSerializationSchema --- /dev/null +++ b/src/schemas/JWSFlattenedSerializationSchema.js @@ -0,0 +1,33 @@ +/** + * Dependencies + */ +const JOSEHeaderSchema = require('./JOSEHeaderSchema') +const JWTClaimsSetSchema = require('./JWTClaimsSetSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JWSFlattenedSerializationSchema + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-7.2.2 + * + * 7.2.2. Flattened JWS JSON Serialization Syntax + */ +const JWSFlattenedSerializationSchema = new JSONSchema({ + type: 'object', + additionalProperties: false, + properties: { + payload: JWTClaimsSetSchema, + protected: JOSEHeaderSchema, + header: JOSEHeaderSchema, + signature: { + type: 'string', + format: 'base64url' + } + } +}) + +/** + * Export + */ +module.exports = JWSFlattenedSerializationSchema --- /dev/null +++ b/src/schemas/JWSJSONSerializationSchema.js @@ -0,0 +1,43 @@ +/** + * Dependencies + */ +const JOSEHeaderSchema = require('./JOSEHeaderSchema') +const JWTClaimsSetSchema = require('./JWTClaimsSetSchema') +const {JSONSchema} = require('@trust/json-document') + +/** + * JWSJSONSerializationSchema + * + * JSON Web Signature (JWS) + * https://tools.ietf.org/html/rfc7515#section-7.2.1 + * + * 7.2.1. General JWS JSON Serialization Syntax + */ +const JWSJSONSerializationSchema = new JSONSchema({ + type: 'object', + additionalProperties: false, + properties: { + payload: JWTClaimsSetSchema, + signatures: { + type: 'array', + items: [ + { + type: 'object', + properties: { + protected: JOSEHeaderSchema, + header: JOSEHeaderSchema, + signature: { + type: 'string', + format: 'base64url' + } + } + } + ] + } + } +}) + +/** + * Export + */ +module.exports = JWSJSONSerializationSchema --- /dev/null +++ b/src/schemas/JWTClaimsSetSchema.js @@ -0,0 +1,123 @@ +/** + * Dependencies + */ +const {JSONSchema} = require('@trust/json-document') + +/** + * JWTClaimsSetSchema + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4 + * + * 4. JWT Claims + */ +const JWTClaimsSetSchema = new JSONSchema({ + // additionalProperties: true, + properties: { + + /** + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1 + * + * 4.1. Registered Claim Names + */ + + /** + * iss + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.1 + * + * 4.1.1. "iss" (Issuer) Claim + */ + iss: { + type: 'string', + format: 'StringOrURI' + }, + + /** + * sub + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.2 + * + * 4.1.2. "sub" (Subject) Claim + */ + sub: { + type: 'string', + format: 'StringOrURI' + }, + + /** + * aud + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.3 + * + * 4.1.3. "aud" (Audience) Claim + */ + aud: { + type: ['array', 'string'], + format: 'StringOrURI', + items: { + format: 'StringOrURI' + } + }, + + /** + * exp + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.4 + * + * 4.1.4. "exp" (Expiration Time) Claim + */ + exp: { + type: 'number', + format: 'NumericDate' + }, + + /** + * nbf + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.5 + * + * 4.1.5. "nbf" (Not Before) Claim + */ + nbf: { + type: 'number', + format: 'NumericDate' + }, + + /** + * iat + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.6 + * + * 4.1.6. "iat" (Issued At) Claim + */ + iat: { + type: 'number', + format: 'NumericDate' + }, + + /** + * jti + * + * JSON Web Token (JWT) + * https://tools.ietf.org/html/rfc7519#section-4.1.7 + * + * 4.1.7. "jti" (JWT ID) Claim + */ + jti: { + type: 'string' + } + } +}) + +/** + * Export + */ +module.exports = JWTClaimsSetSchema --- /dev/null +++ b/test/schemas/JWKSchemaSpec.js @@ -0,0 +1,173 @@ +'use strict' + +/** + * Test dependencies + */ +const chai = require('chai') + +/** + * Assertions + */ +chai.should() +let expect = chai.expect + +/** + * Code under test + */ +const JWK = require('../../src/jose/JWK') + +/** + * Tests + */ +describe('JWK', () => { + describe('schema', () => { + let {schema: {properties}} = JWK + + /** + * 4. JSON Web Key (JWK) Format + * https://tools.ietf.org/html/rfc7517#section-4 + */ + + /** + * 4.1. "kty" (Key Type) Parameter + */ + it('should define type of "kty"', () => { + properties.kty.type.should.equal('string') + }) + + it.skip('should define format of "kty"', () => { + properties.kty.format.should.equal('case-sensitive') + }) + + it('should define enum of "kty"', () => { + properties.kty.enum.should.eql([ + 'RSA', + 'EC', + 'oct' + ]) + }) + + /** + * 4.2. "use" (Public Key Use) Parameter + */ + it('should define type of "use"', () => { + properties.use.type.should.equal('string') + }) + + it.skip('should define format of "use"', () => { + properties.use.format.should.equal('case-sensitive') + }) + + it('should define enum of "use"', () => { + properties.use.enum.should.eql([ + 'sig', + 'enc' + ]) + }) + + /** + * 4.3. "key_ops" (Key Operations) Parameter + */ + it('should define type of "key_ops"', () => { + properties.key_ops.type.should.equal('array') + }) + + it.skip('should define format of "key_ops"', () => { + properties.key_ops.items.format.should.equal('case-sensitive') + }) + + it('should define enum of "key_ops"', () => { + properties.key_ops.items.enum.should.eql([ + 'sign', + 'verify', + 'encrypt', + 'decrypt', + 'wrapKey', + 'unwrapKey', + 'deriveKey', + 'deriveBits' + ]) + }) + + /** + * 4.4. "alg" (Algorithm) Parameter + */ + it('should define type of "alg"', () => { + properties.alg.type.should.equal('string') + }) + + it.skip('should define format of "alg"', () => { + properties.alg.format.should.equal('case-sensitive') + }) + + it('should define enum of "alg"', () => { + properties.alg.enum.should.eql([ + 'HS256', + 'HS384', + 'HS512', + 'RS256', + 'RS384', + 'RS512', + 'ES256', + 'ES384', + 'ES512', + 'PS256', + 'PS384', + 'PS512', + 'none' + ]) + }) + + /** + * 4.5. "kid" (Key ID) Parameter + */ + it('should define type of "kid"', () => { + properties.kid.type.should.equal('string') + }) + + + /** + * 4.6. "x5u" (X.509 URL) Parameter + */ + it('should define type of "x5u"', () => { + properties.x5u.type.should.equal('string') + }) + + it.skip('should define format of "x5u"', () => { + properties.x5u.format.should.equal('url') + }) + + /** + * 4.7. "x5c" (X.509 Certificate Chain) Parameter + */ + it('should define type of "x5c"', () => { + properties.x5c.type.should.equal('array') + }) + + it.skip('should define format of "x5c"', () => { + properties.x5c.format.should.be.instanceof(RegExp) + }) + + /** + * 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter + */ + it('should define type of "x5t"', () => { + properties.x5t.type.should.equal('string') + }) + + it.skip('should define format of "x5t"', () => { + properties.x5t.format.should.be.instanceof(RegExp) + }) + + /** + * 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter + */ + it.skip('should define type of "x5t#S256"', () => { + properties['x5t#S256'].type.should.equal('string') + }) + + it.skip('should define format of "x5t#S256"', () => { + properties['x5t#S256'].format.should.be.instanceof(RegExp) + }) + }) +})