From 8559f5c8eab3ba09565ff4be051b9c6c8c5f431d Mon Sep 17 00:00:00 2001 From: GCHQ 77703 Date: Sun, 26 Aug 2018 23:16:13 +0100 Subject: [PATCH] Add JWT Verify, Decode and Sign --- package.json | 1 + src/core/config/Categories.json | 5 +- src/core/operations/JWTDecode.mjs | 46 +++++++++++++++ src/core/operations/JWTSign.mjs | 94 +++++++++++++++++++++++++++++++ src/core/operations/JWTVerify.mjs | 53 +++++++++++++++++ 5 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 src/core/operations/JWTDecode.mjs create mode 100644 src/core/operations/JWTSign.mjs create mode 100644 src/core/operations/JWTVerify.mjs diff --git a/package.json b/package.json index a978f947..6fa99dd1 100644 --- a/package.json +++ b/package.json @@ -99,6 +99,7 @@ "jsbn": "^1.1.0", "jsesc": "^2.5.1", "jsonpath": "^1.0.0", + "jsonwebtoken": "^8.3.0", "jsrsasign": "8.0.12", "kbpgp": "^2.0.77", "lodash": "^4.17.10", diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json index 66663f4a..5d32aef2 100755 --- a/src/core/config/Categories.json +++ b/src/core/config/Categories.json @@ -89,7 +89,10 @@ "Derive EVP key", "Bcrypt", "Scrypt", - "Pseudo-Random Number Generator" + "Pseudo-Random Number Generator", + "JWT Sign", + "JWT Verify", + "JWT Decode" ] }, { diff --git a/src/core/operations/JWTDecode.mjs b/src/core/operations/JWTDecode.mjs new file mode 100644 index 00000000..cf7945ac --- /dev/null +++ b/src/core/operations/JWTDecode.mjs @@ -0,0 +1,46 @@ +/** + * @author gchq77703 [] + * @copyright Crown Copyright 2018 + * @license Apache-2.0 + */ + +import Operation from "../Operation"; +import jwt from "jsonwebtoken"; + +/** + * JWT Decode operation + */ +class JWTDecode extends Operation { + + /** + * JWTDecode constructor + */ + constructor() { + super(); + + this.name = "JWT Decode"; + this.module = "Crypto"; + this.description = "Decodes a JSON Web Token without checking whether the provided secret / private key is valid."; + this.infoURL = "https://jwt.io"; + this.inputType = "string"; + this.outputType = "JSON"; + this.args = [ + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {JSON} + */ + run(input, args) { + try { + return jwt.decode(input); + } catch (err) { + return err; + } + } + +} + +export default JWTDecode; diff --git a/src/core/operations/JWTSign.mjs b/src/core/operations/JWTSign.mjs new file mode 100644 index 00000000..7bf62308 --- /dev/null +++ b/src/core/operations/JWTSign.mjs @@ -0,0 +1,94 @@ +/** + * @author gchq77703 [] + * @copyright Crown Copyright 2018 + * @license Apache-2.0 + */ + +import Operation from "../Operation"; +import jwt from "jsonwebtoken"; + +/** + * JWT Sign operation + */ +class JWTSign extends Operation { + + /** + * JWTSign constructor + */ + constructor() { + super(); + + this.name = "JWT Sign"; + this.module = "Crypto"; + this.description = "Signs a JSON object as a JSON Web Token using a provided secret / private key."; + this.infoURL = "https://jwt.io/"; + this.inputType = "JSON"; + this.outputType = "string"; + this.args = [ + { + name: "Private / Secret Key", + type: "shortString", + value: "secret_cat" + }, + { + name: "Signing Algorithm", + type: "populateOption", + value: [ + { + name: "HS256", + value: "HS256" + }, + { + name: "HS384", + value: "HS384", + }, + { + name: "HS512", + value: "HS512", + }, + { + name: "RS256", + value: "RS256", + }, + { + name: "RS384", + value: "RS384", + }, + { + name: "RS512", + value: "RS512", + }, + { + name: "ES256", + value: "ES256", + }, + { + name: "ES384", + value: "ES384", + }, + { + name: "ES512", + value: "ES512", + }, + { + name: "None", + value: "none", + }, + ] + } + ]; + } + + /** + * @param {JSON} input + * @param {Object[]} args + * @returns {string} + */ + run(input, args) { + const [key, algorithm] = args; + return jwt.sign(input, key, { algorithm: algorithm === "None" ? "none" : algorithm }); + } + +} + +export default JWTSign; diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs new file mode 100644 index 00000000..cd1df74d --- /dev/null +++ b/src/core/operations/JWTVerify.mjs @@ -0,0 +1,53 @@ +/** + * @author gchq77703 [] + * @copyright Crown Copyright 2018 + * @license Apache-2.0 + */ + +import Operation from "../Operation"; +import jwt from "jsonwebtoken"; + +/** + * JWT Verify operation + */ +class JWTVerify extends Operation { + + /** + * JWTVerify constructor + */ + constructor() { + super(); + + this.name = "JWT Verify"; + this.module = "Crypto"; + this.description = "Verifies that a JSON Web Token is valid and has been signed with the provided secret / private key."; + this.infoURL = "https://jwt.io/"; + this.inputType = "string"; + this.outputType = "JSON"; + this.args = [ + { + name: "Private / Secret Key", + type: "shortString", + value: "secret_cat" + }, + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + run(input, args) { + const [key] = args; + + try { + return jwt.verify(input, key); + } catch (err) { + return err; + } + } + +} + +export default JWTVerify;