Add node modules and compiled JavaScript from main (#54)

Co-authored-by: Oliver King <oking3@uncc.edu>

node_modules/jose/lib/jwk/generate.js

@@ -0,0 +1,53 @@
+const errors = require('../errors')
+
+const importKey = require('./import')
+
+const RSAKey = require('./key/rsa')
+const ECKey = require('./key/ec')
+const OKPKey = require('./key/okp')
+const OctKey = require('./key/oct')
+
+const generate = async (kty, crvOrSize, params, generatePrivate = true) => {
+  switch (kty) {
+    case 'RSA':
+      return importKey(
+        await RSAKey.generate(crvOrSize, generatePrivate),
+        params
+      )
+    case 'EC':
+      return importKey(
+        await ECKey.generate(crvOrSize, generatePrivate),
+        params
+      )
+    case 'OKP':
+      return importKey(
+        await OKPKey.generate(crvOrSize, generatePrivate),
+        params
+      )
+    case 'oct':
+      return importKey(
+        await OctKey.generate(crvOrSize, generatePrivate),
+        params
+      )
+    default:
+      throw new errors.JOSENotSupported(`unsupported key type: ${kty}`)
+  }
+}
+
+const generateSync = (kty, crvOrSize, params, generatePrivate = true) => {
+  switch (kty) {
+    case 'RSA':
+      return importKey(RSAKey.generateSync(crvOrSize, generatePrivate), params)
+    case 'EC':
+      return importKey(ECKey.generateSync(crvOrSize, generatePrivate), params)
+    case 'OKP':
+      return importKey(OKPKey.generateSync(crvOrSize, generatePrivate), params)
+    case 'oct':
+      return importKey(OctKey.generateSync(crvOrSize, generatePrivate), params)
+    default:
+      throw new errors.JOSENotSupported(`unsupported key type: ${kty}`)
+  }
+}
+
+module.exports.generate = generate
+module.exports.generateSync = generateSync

node_modules/jose/lib/jwk/import.js

@@ -0,0 +1,134 @@
+const { createPublicKey, createPrivateKey, createSecretKey, KeyObject } = require('../help/key_object')
+const base64url = require('../help/base64url')
+const isObject = require('../help/is_object')
+const { jwkToPem } = require('../help/key_utils')
+const errors = require('../errors')
+
+const RSAKey = require('./key/rsa')
+const ECKey = require('./key/ec')
+const OKPKey = require('./key/okp')
+const OctKey = require('./key/oct')
+
+const importable = new Set(['string', 'buffer', 'object'])
+
+const mergedParameters = (target = {}, source = {}) => {
+  return {
+    alg: source.alg,
+    key_ops: source.key_ops,
+    kid: source.kid,
+    use: source.use,
+    x5c: source.x5c,
+    x5t: source.x5t,
+    'x5t#S256': source['x5t#S256'],
+    ...target
+  }
+}
+
+const openSSHpublicKey = /^[a-zA-Z0-9-]+ AAAA(?:[0-9A-Za-z+/])+(?:==|=)?(?: .*)?$/
+
+const asKey = (key, parameters, { calculateMissingRSAPrimes = false } = {}) => {
+  let privateKey, publicKey, secret
+
+  if (!importable.has(typeof key)) {
+    throw new TypeError('key argument must be a string, buffer or an object')
+  }
+
+  if (parameters !== undefined && !isObject(parameters)) {
+    throw new TypeError('parameters argument must be a plain object when provided')
+  }
+
+  if (key instanceof KeyObject) {
+    switch (key.type) {
+      case 'private':
+        privateKey = key
+        break
+      case 'public':
+        publicKey = key
+        break
+      case 'secret':
+        secret = key
+        break
+    }
+  } else if (typeof key === 'object' && key && 'kty' in key && key.kty === 'oct') { // symmetric key <Object>
+    try {
+      secret = createSecretKey(base64url.decodeToBuffer(key.k))
+    } catch (err) {
+      if (!('k' in key)) {
+        secret = { type: 'secret' }
+      }
+    }
+    parameters = mergedParameters(parameters, key)
+  } else if (typeof key === 'object' && key && 'kty' in key) { // assume JWK formatted asymmetric key <Object>
+    ({ calculateMissingRSAPrimes = false } = parameters || { calculateMissingRSAPrimes })
+    let pem
+
+    try {
+      pem = jwkToPem(key, { calculateMissingRSAPrimes })
+    } catch (err) {
+      if (err instanceof errors.JOSEError) {
+        throw err
+      }
+    }
+
+    if (pem && key.d) {
+      privateKey = createPrivateKey(pem)
+    } else if (pem) {
+      publicKey = createPublicKey(pem)
+    }
+
+    parameters = mergedParameters({}, key)
+  } else if (key && (typeof key === 'object' || typeof key === 'string')) { // <Object> | <string> | <Buffer> passed to crypto.createPrivateKey or crypto.createPublicKey or <Buffer> passed to crypto.createSecretKey
+    try {
+      privateKey = createPrivateKey(key)
+    } catch (err) {
+      if (err instanceof errors.JOSEError) {
+        throw err
+      }
+    }
+
+    try {
+      publicKey = createPublicKey(key)
+      if (key.startsWith('-----BEGIN CERTIFICATE-----') && (!parameters || !('x5c' in parameters))) {
+        parameters = mergedParameters(parameters, {
+          x5c: [key.replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '')]
+        })
+      }
+    } catch (err) {
+      if (err instanceof errors.JOSEError) {
+        throw err
+      }
+    }
+
+    try {
+      // this is to filter out invalid PEM keys and certs, i'll rather have them fail import then
+      // have them imported as symmetric "oct" keys
+      if (!key.includes('-----BEGIN') && !openSSHpublicKey.test(key.toString('ascii').replace(/[\r\n]/g, ''))) {
+        secret = createSecretKey(Buffer.isBuffer(key) ? key : Buffer.from(key))
+      }
+    } catch (err) {}
+  }
+
+  const keyObject = privateKey || publicKey || secret
+
+  if (privateKey || publicKey) {
+    switch (keyObject.asymmetricKeyType) {
+      case 'rsa':
+        return new RSAKey(keyObject, parameters)
+      case 'ec':
+        return new ECKey(keyObject, parameters)
+      case 'ed25519':
+      case 'ed448':
+      case 'x25519':
+      case 'x448':
+        return new OKPKey(keyObject, parameters)
+      default:
+        throw new errors.JOSENotSupported('only RSA, EC and OKP asymmetric keys are supported')
+    }
+  } else if (secret) {
+    return new OctKey(keyObject, parameters)
+  }
+
+  throw new errors.JWKImportFailed('key import failed')
+}
+
+module.exports = asKey

node_modules/jose/lib/jwk/index.js

@@ -0,0 +1,15 @@
+const Key = require('./key/base')
+const None = require('./key/none')
+const EmbeddedJWK = require('./key/embedded.jwk')
+const EmbeddedX5C = require('./key/embedded.x5c')
+const importKey = require('./import')
+const generate = require('./generate')
+
+module.exports = {
+  ...generate,
+  asKey: importKey,
+  isKey: input => input instanceof Key,
+  None,
+  EmbeddedJWK,
+  EmbeddedX5C
+}

node_modules/jose/lib/jwk/key/base.js

@@ -0,0 +1,339 @@
+const { strict: assert } = require('assert')
+const { inspect } = require('util')
+const { EOL } = require('os')
+
+const { keyObjectSupported } = require('../../help/runtime_support')
+const { createPublicKey } = require('../../help/key_object')
+const { keyObjectToJWK } = require('../../help/key_utils')
+const {
+  THUMBPRINT_MATERIAL, PUBLIC_MEMBERS, PRIVATE_MEMBERS, JWK_MEMBERS, KEYOBJECT,
+  USES_MAPPING, OPS, USES
+} = require('../../help/consts')
+const isObject = require('../../help/is_object')
+const thumbprint = require('../thumbprint')
+const errors = require('../../errors')
+
+const privateApi = Symbol('privateApi')
+const { JWK } = require('../../registry')
+
+class Key {
+  constructor (keyObject, { alg, use, kid, key_ops: ops, x5c, x5t, 'x5t#S256': x5t256 } = {}) {
+    if (use !== undefined) {
+      if (typeof use !== 'string' || !USES.has(use)) {
+        throw new TypeError('`use` must be either "sig" or "enc" string when provided')
+      }
+    }
+
+    if (alg !== undefined) {
+      if (typeof alg !== 'string' || !alg) {
+        throw new TypeError('`alg` must be a non-empty string when provided')
+      }
+    }
+
+    if (kid !== undefined) {
+      if (typeof kid !== 'string' || !kid) {
+        throw new TypeError('`kid` must be a non-empty string when provided')
+      }
+    }
+
+    if (ops !== undefined) {
+      if (!Array.isArray(ops) || !ops.length || ops.some(o => typeof o !== 'string')) {
+        throw new TypeError('`key_ops` must be a non-empty array of strings when provided')
+      }
+      ops = Array.from(new Set(ops)).filter(x => OPS.has(x))
+    }
+
+    if (ops && use) {
+      if (
+        (use === 'enc' && ops.some(x => USES_MAPPING.sig.has(x))) ||
+        (use === 'sig' && ops.some(x => USES_MAPPING.enc.has(x)))
+      ) {
+        throw new errors.JWKInvalid('inconsistent JWK "use" and "key_ops"')
+      }
+    }
+
+    if (keyObjectSupported && x5c !== undefined) {
+      if (!Array.isArray(x5c) || !x5c.length || x5c.some(c => typeof c !== 'string')) {
+        throw new TypeError('`x5c` must be an array of one or more PKIX certificates when provided')
+      }
+
+      x5c.forEach((cert, i) => {
+        let publicKey
+        try {
+          publicKey = createPublicKey({
+            key: `-----BEGIN CERTIFICATE-----${EOL}${(cert.match(/.{1,64}/g) || []).join(EOL)}${EOL}-----END CERTIFICATE-----`, format: 'pem'
+          })
+        } catch (err) {
+          throw new errors.JWKInvalid(`\`x5c\` member at index ${i} is not a valid base64-encoded DER PKIX certificate`)
+        }
+        if (i === 0) {
+          try {
+            assert.deepEqual(
+              publicKey.export({ type: 'spki', format: 'der' }),
+              (keyObject.type === 'public' ? keyObject : createPublicKey(keyObject)).export({ type: 'spki', format: 'der' })
+            )
+          } catch (err) {
+            throw new errors.JWKInvalid('The key in the first `x5c` certificate MUST match the public key represented by the JWK')
+          }
+        }
+      })
+    }
+
+    Object.defineProperties(this, {
+      [KEYOBJECT]: { value: isObject(keyObject) ? undefined : keyObject },
+      keyObject: {
+        get () {
+          if (!keyObjectSupported) {
+            throw new errors.JOSENotSupported('KeyObject class is not supported in your Node.js runtime version')
+          }
+
+          return this[KEYOBJECT]
+        }
+      },
+      type: { value: keyObject.type },
+      private: { value: keyObject.type === 'private' },
+      public: { value: keyObject.type === 'public' },
+      secret: { value: keyObject.type === 'secret' },
+      alg: { value: alg, enumerable: alg !== undefined },
+      use: { value: use, enumerable: use !== undefined },
+      x5c: {
+        enumerable: x5c !== undefined,
+        ...(x5c ? { get () { return [...x5c] } } : { value: undefined })
+      },
+      key_ops: {
+        enumerable: ops !== undefined,
+        ...(ops ? { get () { return [...ops] } } : { value: undefined })
+      },
+      kid: {
+        enumerable: true,
+        ...(kid
+          ? { value: kid }
+          : {
+              get () {
+                Object.defineProperty(this, 'kid', { value: this.thumbprint, configurable: false })
+                return this.kid
+              },
+              configurable: true
+            })
+      },
+      ...(x5c
+        ? {
+            x5t: {
+              enumerable: true,
+              ...(x5t
+                ? { value: x5t }
+                : {
+                    get () {
+                      Object.defineProperty(this, 'x5t', { value: thumbprint.x5t(this.x5c[0]), configurable: false })
+                      return this.x5t
+                    },
+                    configurable: true
+                  })
+            }
+          }
+        : undefined),
+      ...(x5c
+        ? {
+            'x5t#S256': {
+              enumerable: true,
+              ...(x5t256
+                ? { value: x5t256 }
+                : {
+                    get () {
+                      Object.defineProperty(this, 'x5t#S256', { value: thumbprint['x5t#S256'](this.x5c[0]), configurable: false })
+                      return this['x5t#S256']
+                    },
+                    configurable: true
+                  })
+            }
+          }
+        : undefined),
+      thumbprint: {
+        get () {
+          Object.defineProperty(this, 'thumbprint', { value: thumbprint.kid(this[THUMBPRINT_MATERIAL]()), configurable: false })
+          return this.thumbprint
+        },
+        configurable: true
+      }
+    })
+  }
+
+  toPEM (priv = false, encoding = {}) {
+    if (this.secret) {
+      throw new TypeError('symmetric keys cannot be exported as PEM')
+    }
+
+    if (priv && this.public === true) {
+      throw new TypeError('public key cannot be exported as private')
+    }
+
+    const { type = priv ? 'pkcs8' : 'spki', cipher, passphrase } = encoding
+
+    let keyObject = this[KEYOBJECT]
+
+    if (!priv) {
+      if (this.private) {
+        keyObject = createPublicKey(keyObject)
+      }
+      if (cipher || passphrase) {
+        throw new TypeError('cipher and passphrase can only be applied when exporting private keys')
+      }
+    }
+
+    if (priv) {
+      return keyObject.export({ format: 'pem', type, cipher, passphrase })
+    }
+
+    return keyObject.export({ format: 'pem', type })
+  }
+
+  toJWK (priv = false) {
+    if (priv && this.public === true) {
+      throw new TypeError('public key cannot be exported as private')
+    }
+
+    const components = [...this.constructor[priv ? PRIVATE_MEMBERS : PUBLIC_MEMBERS]]
+      .map(k => [k, this[k]])
+
+    const result = {}
+
+    Object.keys(components).forEach((key) => {
+      const [k, v] = components[key]
+
+      result[k] = v
+    })
+
+    result.kty = this.kty
+    result.kid = this.kid
+
+    if (this.alg) {
+      result.alg = this.alg
+    }
+
+    if (this.key_ops && this.key_ops.length) {
+      result.key_ops = this.key_ops
+    }
+
+    if (this.use) {
+      result.use = this.use
+    }
+
+    if (this.x5c) {
+      result.x5c = this.x5c
+    }
+
+    if (this.x5t) {
+      result.x5t = this.x5t
+    }
+
+    if (this['x5t#S256']) {
+      result['x5t#S256'] = this['x5t#S256']
+    }
+
+    return result
+  }
+
+  [JWK_MEMBERS] () {
+    const props = this[KEYOBJECT].type === 'private' ? this.constructor[PRIVATE_MEMBERS] : this.constructor[PUBLIC_MEMBERS]
+    Object.defineProperties(this, [...props].reduce((acc, component) => {
+      acc[component] = {
+        get () {
+          const jwk = keyObjectToJWK(this[KEYOBJECT])
+          Object.defineProperties(
+            this,
+            Object.entries(jwk)
+              .filter(([key]) => props.has(key))
+              .reduce((acc, [key, value]) => {
+                acc[key] = { value, enumerable: this.constructor[PUBLIC_MEMBERS].has(key), configurable: false }
+                return acc
+              }, {})
+          )
+
+          return this[component]
+        },
+        enumerable: this.constructor[PUBLIC_MEMBERS].has(component),
+        configurable: true
+      }
+      return acc
+    }, {}))
+  }
+
+  /* c8 ignore next 8 */
+  [inspect.custom] () {
+    return `${this.constructor.name} ${inspect(this.toJWK(false), {
+      depth: Infinity,
+      colors: process.stdout.isTTY,
+      compact: false,
+      sorted: true
+    })}`
+  }
+
+  /* c8 ignore next 3 */
+  [THUMBPRINT_MATERIAL] () {
+    throw new Error(`"[THUMBPRINT_MATERIAL]()" is not implemented on ${this.constructor.name}`)
+  }
+
+  algorithms (operation, /* the rest is private API */ int, opts) {
+    const { use = this.use, alg = this.alg, key_ops: ops = this.key_ops } = int === privateApi ? opts : {}
+    if (alg) {
+      return new Set(this.algorithms(operation, privateApi, { alg: null, use, key_ops: ops }).has(alg) ? [alg] : undefined)
+    }
+
+    if (typeof operation === 'symbol') {
+      try {
+        return this[operation]()
+      } catch (err) {
+        return new Set()
+      }
+    }
+
+    if (operation && ops && !ops.includes(operation)) {
+      return new Set()
+    }
+
+    switch (operation) {
+      case 'decrypt':
+      case 'deriveKey':
+      case 'encrypt':
+      case 'sign':
+      case 'unwrapKey':
+      case 'verify':
+      case 'wrapKey':
+        return new Set(Object.entries(JWK[this.kty][operation]).map(([alg, fn]) => fn(this) ? alg : undefined).filter(Boolean))
+      case undefined:
+        return new Set([
+          ...this.algorithms('sign'),
+          ...this.algorithms('verify'),
+          ...this.algorithms('decrypt'),
+          ...this.algorithms('encrypt'),
+          ...this.algorithms('unwrapKey'),
+          ...this.algorithms('wrapKey'),
+          ...this.algorithms('deriveKey')
+        ])
+      default:
+        throw new TypeError('invalid key operation')
+    }
+  }
+
+  /* c8 ignore next 3 */
+  static async generate () {
+    throw new Error(`"static async generate()" is not implemented on ${this.name}`)
+  }
+
+  /* c8 ignore next 3 */
+  static generateSync () {
+    throw new Error(`"static generateSync()" is not implemented on ${this.name}`)
+  }
+
+  /* c8 ignore next 3 */
+  static get [PUBLIC_MEMBERS] () {
+    throw new Error(`"static get [PUBLIC_MEMBERS]()" is not implemented on ${this.name}`)
+  }
+
+  /* c8 ignore next 3 */
+  static get [PRIVATE_MEMBERS] () {
+    throw new Error(`"static get [PRIVATE_MEMBERS]()" is not implemented on ${this.name}`)
+  }
+}
+
+module.exports = Key

node_modules/jose/lib/jwk/key/ec.js

@@ -0,0 +1,110 @@
+const { generateKeyPairSync, generateKeyPair: async } = require('crypto')
+const { promisify } = require('util')
+
+const {
+  THUMBPRINT_MATERIAL, JWK_MEMBERS, PUBLIC_MEMBERS,
+  PRIVATE_MEMBERS, KEY_MANAGEMENT_DECRYPT, KEY_MANAGEMENT_ENCRYPT
+} = require('../../help/consts')
+const { EC_CURVES } = require('../../registry')
+const { keyObjectSupported } = require('../../help/runtime_support')
+const { createPublicKey, createPrivateKey } = require('../../help/key_object')
+
+const errors = require('../../errors')
+
+const Key = require('./base')
+
+const generateKeyPair = promisify(async)
+
+const EC_PUBLIC = new Set(['crv', 'x', 'y'])
+Object.freeze(EC_PUBLIC)
+const EC_PRIVATE = new Set([...EC_PUBLIC, 'd'])
+Object.freeze(EC_PRIVATE)
+
+// Elliptic Curve Key Type
+class ECKey extends Key {
+  constructor (...args) {
+    super(...args)
+    this[JWK_MEMBERS]()
+    Object.defineProperty(this, 'kty', { value: 'EC', enumerable: true })
+    if (!EC_CURVES.has(this.crv)) {
+      throw new errors.JOSENotSupported('unsupported EC key curve')
+    }
+  }
+
+  static get [PUBLIC_MEMBERS] () {
+    return EC_PUBLIC
+  }
+
+  static get [PRIVATE_MEMBERS] () {
+    return EC_PRIVATE
+  }
+
+  // https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys no need for any special
+  // JSON.stringify handling in V8
+  [THUMBPRINT_MATERIAL] () {
+    return { crv: this.crv, kty: 'EC', x: this.x, y: this.y }
+  }
+
+  [KEY_MANAGEMENT_ENCRYPT] () {
+    return this.algorithms('deriveKey')
+  }
+
+  [KEY_MANAGEMENT_DECRYPT] () {
+    if (this.public) {
+      return new Set()
+    }
+    return this.algorithms('deriveKey')
+  }
+
+  static async generate (crv = 'P-256', privat = true) {
+    if (!EC_CURVES.has(crv)) {
+      throw new errors.JOSENotSupported(`unsupported EC key curve: ${crv}`)
+    }
+
+    let privateKey, publicKey
+
+    if (keyObjectSupported) {
+      ({ privateKey, publicKey } = await generateKeyPair('ec', { namedCurve: crv }))
+      return privat ? privateKey : publicKey
+    }
+
+    ({ privateKey, publicKey } = await generateKeyPair('ec', {
+      namedCurve: crv,
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    }))
+
+    if (privat) {
+      return createPrivateKey(privateKey)
+    } else {
+      return createPublicKey(publicKey)
+    }
+  }
+
+  static generateSync (crv = 'P-256', privat = true) {
+    if (!EC_CURVES.has(crv)) {
+      throw new errors.JOSENotSupported(`unsupported EC key curve: ${crv}`)
+    }
+
+    let privateKey, publicKey
+
+    if (keyObjectSupported) {
+      ({ privateKey, publicKey } = generateKeyPairSync('ec', { namedCurve: crv }))
+      return privat ? privateKey : publicKey
+    }
+
+    ({ privateKey, publicKey } = generateKeyPairSync('ec', {
+      namedCurve: crv,
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    }))
+
+    if (privat) {
+      return createPrivateKey(privateKey)
+    } else {
+      return createPublicKey(publicKey)
+    }
+  }
+}
+
+module.exports = ECKey

node_modules/jose/lib/jwk/key/embedded.jwk.js

@@ -0,0 +1,27 @@
+const { inspect } = require('util')
+
+const Key = require('./base')
+
+class EmbeddedJWK extends Key {
+  constructor () {
+    super({ type: 'embedded' })
+    Object.defineProperties(this, {
+      kid: { value: undefined },
+      kty: { value: undefined },
+      thumbprint: { value: undefined },
+      toJWK: { value: undefined },
+      toPEM: { value: undefined }
+    })
+  }
+
+  /* c8 ignore next 3 */
+  [inspect.custom] () {
+    return 'Embedded.JWK {}'
+  }
+
+  algorithms () {
+    return new Set()
+  }
+}
+
+module.exports = new EmbeddedJWK()

node_modules/jose/lib/jwk/key/embedded.x5c.js

@@ -0,0 +1,27 @@
+const { inspect } = require('util')
+
+const Key = require('./base')
+
+class EmbeddedX5C extends Key {
+  constructor () {
+    super({ type: 'embedded' })
+    Object.defineProperties(this, {
+      kid: { value: undefined },
+      kty: { value: undefined },
+      thumbprint: { value: undefined },
+      toJWK: { value: undefined },
+      toPEM: { value: undefined }
+    })
+  }
+
+  /* c8 ignore next 3 */
+  [inspect.custom] () {
+    return 'Embedded.X5C {}'
+  }
+
+  algorithms () {
+    return new Set()
+  }
+}
+
+module.exports = new EmbeddedX5C()

node_modules/jose/lib/jwk/key/none.js

@@ -0,0 +1,34 @@
+const { inspect } = require('util')
+
+const Key = require('./base')
+
+class NoneKey extends Key {
+  constructor () {
+    super({ type: 'unsecured' }, { alg: 'none' })
+    Object.defineProperties(this, {
+      kid: { value: undefined },
+      kty: { value: undefined },
+      thumbprint: { value: undefined },
+      toJWK: { value: undefined },
+      toPEM: { value: undefined }
+    })
+  }
+
+  /* c8 ignore next 3 */
+  [inspect.custom] () {
+    return 'None {}'
+  }
+
+  algorithms (operation) {
+    switch (operation) {
+      case 'sign':
+      case 'verify':
+      case undefined:
+        return new Set(['none'])
+      default:
+        return new Set()
+    }
+  }
+}
+
+module.exports = new NoneKey()

node_modules/jose/lib/jwk/key/oct.js

@@ -0,0 +1,103 @@
+const { randomBytes } = require('crypto')
+
+const { createSecretKey } = require('../../help/key_object')
+const base64url = require('../../help/base64url')
+const {
+  THUMBPRINT_MATERIAL, PUBLIC_MEMBERS, PRIVATE_MEMBERS,
+  KEY_MANAGEMENT_DECRYPT, KEY_MANAGEMENT_ENCRYPT, KEYOBJECT
+} = require('../../help/consts')
+
+const Key = require('./base')
+
+const OCT_PUBLIC = new Set()
+Object.freeze(OCT_PUBLIC)
+const OCT_PRIVATE = new Set(['k'])
+Object.freeze(OCT_PRIVATE)
+
+// Octet sequence Key Type
+class OctKey extends Key {
+  constructor (...args) {
+    super(...args)
+    Object.defineProperties(this, {
+      kty: {
+        value: 'oct',
+        enumerable: true
+      },
+      length: {
+        value: this[KEYOBJECT] ? this[KEYOBJECT].symmetricKeySize * 8 : undefined
+      },
+      k: {
+        enumerable: false,
+        get () {
+          if (this[KEYOBJECT]) {
+            Object.defineProperty(this, 'k', {
+              value: base64url.encodeBuffer(this[KEYOBJECT].export()),
+              configurable: false
+            })
+          } else {
+            Object.defineProperty(this, 'k', {
+              value: undefined,
+              configurable: false
+            })
+          }
+
+          return this.k
+        },
+        configurable: true
+      }
+    })
+  }
+
+  static get [PUBLIC_MEMBERS] () {
+    return OCT_PUBLIC
+  }
+
+  static get [PRIVATE_MEMBERS] () {
+    return OCT_PRIVATE
+  }
+
+  // https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys no need for any special
+  // JSON.stringify handling in V8
+  [THUMBPRINT_MATERIAL] () {
+    if (!this[KEYOBJECT]) {
+      throw new TypeError('reference "oct" keys without "k" cannot have their thumbprint calculated')
+    }
+    return { k: this.k, kty: 'oct' }
+  }
+
+  [KEY_MANAGEMENT_ENCRYPT] () {
+    return new Set([
+      ...this.algorithms('wrapKey'),
+      ...this.algorithms('deriveKey')
+    ])
+  }
+
+  [KEY_MANAGEMENT_DECRYPT] () {
+    return this[KEY_MANAGEMENT_ENCRYPT]()
+  }
+
+  algorithms (...args) {
+    if (!this[KEYOBJECT]) {
+      return new Set()
+    }
+
+    return Key.prototype.algorithms.call(this, ...args)
+  }
+
+  static async generate (...args) {
+    return this.generateSync(...args)
+  }
+
+  static generateSync (len = 256, privat = true) {
+    if (!privat) {
+      throw new TypeError('"oct" keys cannot be generated as public')
+    }
+    if (!Number.isSafeInteger(len) || !len || len % 8 !== 0) {
+      throw new TypeError('invalid bit length')
+    }
+
+    return createSecretKey(randomBytes(len / 8))
+  }
+}
+
+module.exports = OctKey

node_modules/jose/lib/jwk/key/okp.js

@@ -0,0 +1,86 @@
+const { generateKeyPairSync, generateKeyPair: async } = require('crypto')
+const { promisify } = require('util')
+
+const {
+  THUMBPRINT_MATERIAL, JWK_MEMBERS, PUBLIC_MEMBERS,
+  PRIVATE_MEMBERS, KEY_MANAGEMENT_DECRYPT, KEY_MANAGEMENT_ENCRYPT
+} = require('../../help/consts')
+const { OKP_CURVES } = require('../../registry')
+const { edDSASupported } = require('../../help/runtime_support')
+const errors = require('../../errors')
+
+const Key = require('./base')
+
+const generateKeyPair = promisify(async)
+
+const OKP_PUBLIC = new Set(['crv', 'x'])
+Object.freeze(OKP_PUBLIC)
+const OKP_PRIVATE = new Set([...OKP_PUBLIC, 'd'])
+Object.freeze(OKP_PRIVATE)
+
+// Octet string key pairs Key Type
+class OKPKey extends Key {
+  constructor (...args) {
+    super(...args)
+    this[JWK_MEMBERS]()
+    Object.defineProperty(this, 'kty', { value: 'OKP', enumerable: true })
+    if (!OKP_CURVES.has(this.crv)) {
+      throw new errors.JOSENotSupported('unsupported OKP key curve')
+    }
+  }
+
+  static get [PUBLIC_MEMBERS] () {
+    return OKP_PUBLIC
+  }
+
+  static get [PRIVATE_MEMBERS] () {
+    return OKP_PRIVATE
+  }
+
+  // https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys no need for any special
+  // JSON.stringify handling in V8
+  [THUMBPRINT_MATERIAL] () {
+    return { crv: this.crv, kty: 'OKP', x: this.x }
+  }
+
+  [KEY_MANAGEMENT_ENCRYPT] () {
+    return this.algorithms('deriveKey')
+  }
+
+  [KEY_MANAGEMENT_DECRYPT] () {
+    if (this.public) {
+      return new Set()
+    }
+    return this.algorithms('deriveKey')
+  }
+
+  static async generate (crv = 'Ed25519', privat = true) {
+    if (!edDSASupported) {
+      throw new errors.JOSENotSupported('OKP keys are not supported in your Node.js runtime version')
+    }
+
+    if (!OKP_CURVES.has(crv)) {
+      throw new errors.JOSENotSupported(`unsupported OKP key curve: ${crv}`)
+    }
+
+    const { privateKey, publicKey } = await generateKeyPair(crv.toLowerCase())
+
+    return privat ? privateKey : publicKey
+  }
+
+  static generateSync (crv = 'Ed25519', privat = true) {
+    if (!edDSASupported) {
+      throw new errors.JOSENotSupported('OKP keys are not supported in your Node.js runtime version')
+    }
+
+    if (!OKP_CURVES.has(crv)) {
+      throw new errors.JOSENotSupported(`unsupported OKP key curve: ${crv}`)
+    }
+
+    const { privateKey, publicKey } = generateKeyPairSync(crv.toLowerCase())
+
+    return privat ? privateKey : publicKey
+  }
+}
+
+module.exports = OKPKey

node_modules/jose/lib/jwk/key/rsa.js

@@ -0,0 +1,117 @@
+const { generateKeyPairSync, generateKeyPair: async } = require('crypto')
+const { promisify } = require('util')
+
+const {
+  THUMBPRINT_MATERIAL, JWK_MEMBERS, PUBLIC_MEMBERS,
+  PRIVATE_MEMBERS, KEY_MANAGEMENT_DECRYPT, KEY_MANAGEMENT_ENCRYPT
+} = require('../../help/consts')
+const { keyObjectSupported } = require('../../help/runtime_support')
+const { createPublicKey, createPrivateKey } = require('../../help/key_object')
+
+const Key = require('./base')
+
+const generateKeyPair = promisify(async)
+
+const RSA_PUBLIC = new Set(['e', 'n'])
+Object.freeze(RSA_PUBLIC)
+const RSA_PRIVATE = new Set([...RSA_PUBLIC, 'd', 'p', 'q', 'dp', 'dq', 'qi'])
+Object.freeze(RSA_PRIVATE)
+
+// RSA Key Type
+class RSAKey extends Key {
+  constructor (...args) {
+    super(...args)
+    this[JWK_MEMBERS]()
+    Object.defineProperties(this, {
+      kty: {
+        value: 'RSA',
+        enumerable: true
+      },
+      length: {
+        get () {
+          Object.defineProperty(this, 'length', {
+            value: Buffer.byteLength(this.n, 'base64') * 8,
+            configurable: false
+          })
+
+          return this.length
+        },
+        configurable: true
+      }
+    })
+  }
+
+  static get [PUBLIC_MEMBERS] () {
+    return RSA_PUBLIC
+  }
+
+  static get [PRIVATE_MEMBERS] () {
+    return RSA_PRIVATE
+  }
+
+  // https://tc39.github.io/ecma262/#sec-ordinaryownpropertykeys no need for any special
+  // JSON.stringify handling in V8
+  [THUMBPRINT_MATERIAL] () {
+    return { e: this.e, kty: 'RSA', n: this.n }
+  }
+
+  [KEY_MANAGEMENT_ENCRYPT] () {
+    return this.algorithms('wrapKey')
+  }
+
+  [KEY_MANAGEMENT_DECRYPT] () {
+    return this.algorithms('unwrapKey')
+  }
+
+  static async generate (len = 2048, privat = true) {
+    if (!Number.isSafeInteger(len) || len < 512 || len % 8 !== 0 || (('electron' in process.versions) && len % 128 !== 0)) {
+      throw new TypeError('invalid bit length')
+    }
+
+    let privateKey, publicKey
+
+    if (keyObjectSupported) {
+      ({ privateKey, publicKey } = await generateKeyPair('rsa', { modulusLength: len }))
+      return privat ? privateKey : publicKey
+    }
+
+    ({ privateKey, publicKey } = await generateKeyPair('rsa', {
+      modulusLength: len,
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    }))
+
+    if (privat) {
+      return createPrivateKey(privateKey)
+    } else {
+      return createPublicKey(publicKey)
+    }
+  }
+
+  static generateSync (len = 2048, privat = true) {
+    if (!Number.isSafeInteger(len) || len < 512 || len % 8 !== 0 || (('electron' in process.versions) && len % 128 !== 0)) {
+      throw new TypeError('invalid bit length')
+    }
+
+    let privateKey, publicKey
+
+    if (keyObjectSupported) {
+      ({ privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: len }))
+      return privat ? privateKey : publicKey
+    }
+
+    ({ privateKey, publicKey } = generateKeyPairSync('rsa', {
+      modulusLength: len,
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    }))
+
+    if (privat) {
+      return createPrivateKey(privateKey)
+    } else {
+      return createPublicKey(publicKey)
+    }
+  }
+}
+
+module.exports = RSAKey

node_modules/jose/lib/jwk/thumbprint.js

@@ -0,0 +1,9 @@
+const { createHash } = require('crypto')
+
+const base64url = require('../help/base64url')
+
+const x5t = (hash, cert) => base64url.encodeBuffer(createHash(hash).update(Buffer.from(cert, 'base64')).digest())
+
+module.exports.kid = components => base64url.encodeBuffer(createHash('sha256').update(JSON.stringify(components)).digest())
+module.exports.x5t = x5t.bind(undefined, 'sha1')
+module.exports['x5t#S256'] = x5t.bind(undefined, 'sha256')