{"version":3,"file":"jwt.cjs","sources":["../crypto/jwt.js"],"sourcesContent":["import * as error from '../error.js'\nimport * as buffer from '../buffer.js'\nimport * as string from '../string.js'\nimport * as json from '../json.js'\nimport * as ecdsa from '../crypto/ecdsa.js'\nimport * as time from '../time.js'\n\n/**\n * @param {Object} data\n */\nconst _stringify = data => buffer.toBase64UrlEncoded(string.encodeUtf8(json.stringify(data)))\n\n/**\n * @param {string} base64url\n */\nconst _parse = base64url => json.parse(string.decodeUtf8(buffer.fromBase64UrlEncoded(base64url)))\n\n/**\n * @param {CryptoKey} privateKey\n * @param {Object} payload\n */\nexport const encodeJwt = (privateKey, payload) => {\n const { name: algName, namedCurve: algCurve } = /** @type {any} */ (privateKey.algorithm)\n /* c8 ignore next 3 */\n if (algName !== 'ECDSA' || algCurve !== 'P-384') {\n error.unexpectedCase()\n }\n const header = {\n alg: 'ES384',\n typ: 'JWT'\n }\n const jwt = _stringify(header) + '.' + _stringify(payload)\n return ecdsa.sign(privateKey, string.encodeUtf8(jwt)).then(signature =>\n jwt + '.' + buffer.toBase64UrlEncoded(signature)\n )\n}\n\n/**\n * @param {CryptoKey} publicKey\n * @param {string} jwt\n */\nexport const verifyJwt = async (publicKey, jwt) => {\n const [headerBase64, payloadBase64, signatureBase64] = jwt.split('.')\n const verified = await ecdsa.verify(publicKey, buffer.fromBase64UrlEncoded(signatureBase64), string.encodeUtf8(headerBase64 + '.' + payloadBase64))\n /* c8 ignore next 3 */\n if (!verified) {\n throw new Error('Invalid JWT')\n }\n const payload = _parse(payloadBase64)\n if (payload.exp != null && time.getUnixTime() > payload.exp) {\n throw new Error('Expired JWT')\n }\n return {\n header: _parse(headerBase64),\n payload\n }\n}\n\n/**\n * Decode a jwt without verifying it. Probably a bad idea to use this. Only use if you know the jwt was already verified!\n *\n * @param {string} jwt\n */\nexport const unsafeDecode = jwt => {\n const [headerBase64, payloadBase64] = jwt.split('.')\n return {\n header: _parse(headerBase64),\n payload: _parse(payloadBase64)\n }\n}\n"],"names":["buffer.toBase64UrlEncoded","string.encodeUtf8","json.stringify","json.parse","string.decodeUtf8","buffer.fromBase64UrlEncoded","error.unexpectedCase","ecdsa.sign","ecdsa.verify","time.getUnixTime"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA;AACA;AACA;AACA,MAAM,UAAU,GAAG,IAAI,IAAIA,yBAAyB,CAACC,iBAAiB,CAACC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAC;AAC7F;AACA;AACA;AACA;AACA,MAAM,MAAM,GAAG,SAAS,IAAIC,UAAU,CAACC,iBAAiB,CAACC,2BAA2B,CAAC,SAAS,CAAC,CAAC,EAAC;AACjG;AACA;AACA;AACA;AACA;AACY,MAAC,SAAS,GAAG,CAAC,UAAU,EAAE,OAAO,KAAK;AAClD,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,uBAAuB,UAAU,CAAC,SAAS,EAAC;AAC3F;AACA,EAAE,IAAI,OAAO,KAAK,OAAO,IAAI,QAAQ,KAAK,OAAO,EAAE;AACnD,IAAIC,oBAAoB,GAAE;AAC1B,GAAG;AACH,EAAE,MAAM,MAAM,GAAG;AACjB,IAAI,GAAG,EAAE,OAAO;AAChB,IAAI,GAAG,EAAE,KAAK;AACd,IAAG;AACH,EAAE,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,GAAG,GAAG,UAAU,CAAC,OAAO,EAAC;AAC5D,EAAE,OAAOC,UAAU,CAAC,UAAU,EAAEN,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS;AACtE,IAAI,GAAG,GAAG,GAAG,GAAGD,yBAAyB,CAAC,SAAS,CAAC;AACpD,GAAG;AACH,EAAC;AACD;AACA;AACA;AACA;AACA;AACY,MAAC,SAAS,GAAG,OAAO,SAAS,EAAE,GAAG,KAAK;AACnD,EAAE,MAAM,CAAC,YAAY,EAAE,aAAa,EAAE,eAAe,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAC;AACvE,EAAE,MAAM,QAAQ,GAAG,MAAMQ,YAAY,CAAC,SAAS,EAAEH,2BAA2B,CAAC,eAAe,CAAC,EAAEJ,iBAAiB,CAAC,YAAY,GAAG,GAAG,GAAG,aAAa,CAAC,EAAC;AACrJ;AACA,EAAE,IAAI,CAAC,QAAQ,EAAE;AACjB,IAAI,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC;AAClC,GAAG;AACH,EAAE,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,EAAC;AACvC,EAAE,IAAI,OAAO,CAAC,GAAG,IAAI,IAAI,IAAIQ,gBAAgB,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;AAC/D,IAAI,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC;AAClC,GAAG;AACH,EAAE,OAAO;AACT,IAAI,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC;AAChC,IAAI,OAAO;AACX,GAAG;AACH,EAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACY,MAAC,YAAY,GAAG,GAAG,IAAI;AACnC,EAAE,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAC;AACtD,EAAE,OAAO;AACT,IAAI,MAAM,EAAE,MAAM,CAAC,YAAY,CAAC;AAChC,IAAI,OAAO,EAAE,MAAM,CAAC,aAAa,CAAC;AAClC,GAAG;AACH;;;;;;"}