From 35109160ca5d439116bedeb3302ec3745e2895d5 Mon Sep 17 00:00:00 2001
From: Ciro Spaciari <ciro.spaciari@gmail.com>
Date: Sat, 7 Oct 2023 19:22:45 -0300
Subject: feat(KeyObject) (#5940)

* oops

* createSecretKey but weird error

* use the right prototype, do not add a function called export lol

* HMAC JWT export + base64 fix

* Fix Equals, Fix Get KeySize, add complete export RSA

* fix RSA export

* add EC exports

* X25519 and ED25519 export + fixes

* fix default exports

* better asymmetricKeyType

* fix private exports

* fix symmetricKeySize

* createPublicKey validations + refactor

* jwt + der fixes

* oopsies

* add PEM into createPublicKey

* cleanup

* WIP

* bunch of fixes

* public from private + private OKP

* encrypted keys fixes

* oops

* fix clear tls error, add some support to jwk and other formats on publicEncrypt/publicDecrypt

* more fixes and tests working

* more fixes more tests

* more clear hmac errors

* more tests and fixes

* add generateKeyPair

* more tests passing, some skips

* fix EC key from private

* fix OKP JWK

* nodejs ignores ext and key_ops on KeyObject.exports

* add EC sign verify test

* some fixes

* add crypto.generateKeyPairSync(type, options)

* more fixes and more tests

* fix hmac tests

* jsonwebtoken tests

* oops

* oops2

* generated files

* revert package.json

* vm tests

* todos instead of failues

* toBunString -> toString

* undo simdutf

* improvements

* unlikely

* cleanup

* cleanup 2

* oops

* move _generateKeyPairSync checks to native
---
 test/js/third_party/jsonwebtoken/schema.test.js | 72 +++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 test/js/third_party/jsonwebtoken/schema.test.js

(limited to 'test/js/third_party/jsonwebtoken/schema.test.js')

diff --git a/test/js/third_party/jsonwebtoken/schema.test.js b/test/js/third_party/jsonwebtoken/schema.test.js
new file mode 100644
index 000000000..5d3845d46
--- /dev/null
+++ b/test/js/third_party/jsonwebtoken/schema.test.js
@@ -0,0 +1,72 @@
+var PS_SUPPORTED = true;
+import jwt from "jsonwebtoken";
+import { expect, describe, it } from "bun:test";
+import fs from "fs";
+
+describe("schema", function () {
+  describe("sign options", function () {
+    var cert_rsa_priv = fs.readFileSync(__dirname + "/rsa-private.pem");
+    var cert_ecdsa_priv = fs.readFileSync(__dirname + "/ecdsa-private.pem");
+    var cert_secp384r1_priv = fs.readFileSync(__dirname + "/secp384r1-private.pem");
+    var cert_secp521r1_priv = fs.readFileSync(__dirname + "/secp521r1-private.pem");
+
+    function sign(options, secretOrPrivateKey) {
+      jwt.sign({ foo: 123 }, secretOrPrivateKey, options);
+    }
+
+    it("should validate algorithm", function () {
+      expect(function () {
+        sign({ algorithm: "foo" }, cert_rsa_priv);
+      }).toThrow(/"algorithm" must be a valid string enum value/);
+      sign({ algorithm: "none" }, null);
+      sign({ algorithm: "RS256" }, cert_rsa_priv);
+      sign({ algorithm: "RS384" }, cert_rsa_priv);
+      sign({ algorithm: "RS512" }, cert_rsa_priv);
+      if (PS_SUPPORTED) {
+        sign({ algorithm: "PS256" }, cert_rsa_priv);
+        sign({ algorithm: "PS384" }, cert_rsa_priv);
+        sign({ algorithm: "PS512" }, cert_rsa_priv);
+      }
+      sign({ algorithm: "ES256" }, cert_ecdsa_priv);
+      sign({ algorithm: "ES384" }, cert_secp384r1_priv);
+      sign({ algorithm: "ES512" }, cert_secp521r1_priv);
+      sign({ algorithm: "HS256" }, "superSecret");
+      sign({ algorithm: "HS384" }, "superSecret");
+      sign({ algorithm: "HS512" }, "superSecret");
+    });
+
+    it("should validate header", function () {
+      expect(function () {
+        sign({ header: "foo" }, "superSecret");
+      }).toThrow(/"header" must be an object/);
+      sign({ header: {} }, "superSecret");
+    });
+
+    it("should validate encoding", function () {
+      expect(function () {
+        sign({ encoding: 10 }, "superSecret");
+      }).toThrow(/"encoding" must be a string/);
+      sign({ encoding: "utf8" }, "superSecret");
+    });
+
+    it("should validate noTimestamp", function () {
+      expect(function () {
+        sign({ noTimestamp: 10 }, "superSecret");
+      }).toThrow(/"noTimestamp" must be a boolean/);
+      sign({ noTimestamp: true }, "superSecret");
+    });
+  });
+
+  describe("sign payload registered claims", function () {
+    function sign(payload) {
+      jwt.sign(payload, "foo123");
+    }
+
+    it("should validate exp", function () {
+      expect(function () {
+        sign({ exp: "1 monkey" });
+      }).toThrow(/"exp" should be a number of seconds/);
+      sign({ exp: 10.1 });
+    });
+  });
+});
-- 
cgit v1.2.3