Added PEM key generation

Author: Frank Schmid

lib/JWKSet.js

@@ -15,7 +15,8 @@ class JWKSet {
 	constructor(data) {
 
 		// Filter unsupported key types and invalid keys (@see RFC-7517 par. 5)
-		this._keys = _.filter(data.keys, key => _.includes(JWA.supportedKeyTypes, key.kty) && JWK.validate(key));
+		const supportedKeys = _.filter(data.keys, key => _.includes(JWA.supportedKeyTypes, key.kty) && JWK.validate(key));
+		this._keys = _.map(supportedKeys, key => JWK.fromObject(key));
 
 	}
 

lib/keytypes/ECKey.js

@@ -5,13 +5,39 @@
 
 const _ = require('lodash');
 const base64url = require('base64url');
+const asn = require('asn1.js');
+
+const COORD_PREFIX_UNCOMPRESSED = new Buffer([0x04]);
 
 const SUPPORTED_CURVES = [
 	'P-256',
 	'P-384',
 	'P-521'
 ];
 
+// @see RFC-6637 par. 11
+const CURVE_OIDS = {
+	'1.2.840.10045.3.1.7': 'P-256',
+	'1.3.132.0.34': 'P-384',
+	'1.3.132.0.35': 'P-521'
+};
+
+const ECPublicKeyHeader = asn.define('ECPublicKeyHeader', function() {
+	this.seq().obj(
+		this.key('keyType').objid({
+			'1.2.840.10045.2.1': 'EC'
+		}),
+		this.key('curve').objid(CURVE_OIDS)
+	);
+});
+
+const ECPublicKey = asn.define('ECPublicKey', function() {
+	this.seq().obj(
+		this.key('header').use(ECPublicKeyHeader),
+		this.key('content').bitstr()
+	);
+});
+
 class ECKey {
 
 	constructor(crv, x, y, d) {
@@ -25,6 +51,22 @@ class ECKey {
 		return !_.isNil(this._d);
 	}
 
+	toPublicKeyPEM() {
+		// Construct x/y coordinate
+		const coordinate = Buffer.concat([COORD_PREFIX_UNCOMPRESSED, this._x, this._y]);
+
+		const params = {
+			header: {
+				keyType: 'EC',
+				curve: this._crv
+			},
+			content: {
+				data: coordinate
+			}
+		};
+		return ECPublicKey.encode(params, 'pem', { label: 'PUBLIC KEY' });
+	}
+
 	static validate(key) {
 		// y must only be defined for the three curves defined in RFC-7517 par. 6.2.1
 		// FIXME: Currently y is treated as mandatory here.

lib/keytypes/RSAKey.js

@@ -5,27 +5,93 @@
 
 const _ = require('lodash');
 const base64url = require('base64url');
+const asn = require('asn1.js');
+const util = require('../util');
 
 const OPTIONAL_PRIVATE_PROPS = [
 	'p', 'q', 'dp', 'dq', 'qi'
 ];
 
+// Define ASN structures
+const RSAPrivateKey = asn.define('RSAPrivateKey', function() {
+	this.seq().obj(
+		this.key('id').int(),
+		this.key('n').int(),
+		this.key('e').int(),
+		this.key('d').int(),
+		this.key('p').int(),
+		this.key('q').int(),
+		this.key('dp').int(),
+		this.key('dq').int(),
+		this.key('qi').int()
+	);
+});
+
+const RSAPublicKeyHeader = asn.define('RSAPublicKeyHeader', function() {
+	this.seq().obj(
+		this.key('keyType').objid({
+			'1.2.840.113549.1.1.1': 'RSA'
+		}),
+		this.null_()
+	);
+});
+
+const RSAPublicKeyParams = asn.define('RSAPublicKeyParams', function() {
+	this.seq().obj(
+		this.key('n').int(),
+		this.key('e').int()
+	);
+});
+
+const RSAPublicKey = asn.define('RSAPublicKey', function() {
+	this.seq().obj(
+		this.key('header').use(RSAPublicKeyHeader),
+		this.key('content').bitstr()
+	);
+});
+
 class RSAKey {
 
-	constructor(n, e, d, p, q, dp, dq, qi, oth) {
-		this._n = n;
-		this._e = e;
-		this._d = d;
-		this._p = p;
-		this._q = q;
-		this._dp = dp;
-		this._dq = dq;
-		this._qi = qi;
-		this._oth = oth;
+	constructor(n, e, d, p, q, dp, dq, qi, oth, r) {
+		this._data = {
+			id: 0,
+			n: util.unsigned(n),
+			e: util.unsigned(e),
+			d: util.unsigned(d),
+			p: util.unsigned(p),
+			q: util.unsigned(q),
+			dp: util.unsigned(dp),
+			dq: util.unsigned(dq),
+			qi: util.unsigned(qi),
+			oth: util.unsigned(oth),
+			r: util.unsigned(r)
+		};
 	}
 
 	get hasPrivateKey() {
-		return !_.isNil(this._d);
+		return !_.isNil(this._data.d);
+	}
+
+	toPublicKeyPEM() {
+		const keyParams = RSAPublicKeyParams.encode(this._data, 'der');
+
+		const params = {
+			header: {
+				keyType: 'RSA'
+			},
+			content: {
+				data: keyParams
+			}
+		};
+		return RSAPublicKey.encode(params, 'pem', { label: 'PUBLIC KEY' });
+	}
+
+	toPrivateKeyPEM() {
+		if (!this.hasPrivateKey) {
+			return null;
+		}
+
+		return RSAPrivateKey.encode(this._data, 'pem', { label: 'RSA PRIVATE KEY' });
 	}
 
 	static validate(key) {
@@ -43,11 +109,18 @@ class RSAKey {
 	}
 
 	static fromKey(key) {
-		const x = base64url.toBuffer(key.x);
-		const y = base64url.toBuffer(key.y);
-		const d = key.d ? base64url.toBuffer(key.d) : undefined;
+		const n = base64url.toBuffer(key.n);
+		const e = base64url.toBuffer(key.e);
+		const d = key.d ? base64url.toBuffer(key.d) : null;
+		const p = key.p ? base64url.toBuffer(key.p) : null;
+		const q = key.q ? base64url.toBuffer(key.q) : null;
+		const dp = key.dp ? base64url.toBuffer(key.dp) : null;
+		const dq = key.dq ? base64url.toBuffer(key.dq) : null;
+		const qi = key.qi ? base64url.toBuffer(key.qi) : null;
+		const oth = key.oth ? base64url.toBuffer(key.oth) : null;
+		const r = key.r ? base64url.toBuffer(key.r) : null;
 
-		return new RSAKey(key.crv, x, y, d);
+		return new RSAKey(n, e, d, p, q, dp, dq, qi, oth, r);
 	}
 
 }

lib/util.js

@@ -0,0 +1,22 @@
+'use strict';
+/**
+ * Utilities
+ */
+
+const _ = require('lodash');
+
+const zeroBuffer = new Buffer([0]);
+
+function unsigned(bignum) {
+	if (_.isNil(bignum) || !_.isBuffer(bignum) || _.isEmpty(bignum)) {
+		return bignum;
+	}
+
+	if (bignum.readInt8(0) < 0) {
+		return Buffer.concat([ zeroBuffer, bignum ], bignum.length + 1);
+	}
+	return bignum;
+}
+
+module.exports.unsigned = unsigned;
+module.exports.zeroBuffer = zeroBuffer;

package.json

@@ -26,6 +26,7 @@
   ],
   "bugs": "https://github.com/HyperBrain/node-jwk/issues",
   "dependencies": {
+    "asn1.js": "^4.9.1",
     "base64url": "^2.0.0",
     "lodash": "^4.17.4"
   },

test/tests/ec.test.js

@@ -0,0 +1,60 @@
+const publicKS = require('../data/publicKeySet.json');
+const privateKS = require('../data/privateKeySet.json');
+
+const JWKSet = require('../../lib/JWKSet');
+
+const expect = require('chai').expect;
+
+describe('EC key', () => {
+
+	it('should be initialized from public key objects', () => {
+
+		const keySet = JWKSet.fromObject(publicKS);
+		const jwk = keySet.findKeyById('2011-04-29');
+
+		expect(keySet.keys).to.satisfy(k => /(?!.*_invalid)$/.test(k.kid));
+
+	});
+
+	it('should be initialized from private key objects', () => {
+
+		const keySet = JWKSet.fromObject(privateKS);
+		const jwk = keySet.findKeyById('k5');
+
+		expect(jwk.kid).to.be.equal('k5');
+		expect(jwk.key.hasPrivateKey).to.be.true;
+
+		const pubKey = jwk.key.toPublicKeyPEM();
+		console.log(pubKey);
+		exit();
+		expect(pubKey).to.be.equal(`-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vx7agoebGcQSuuPiLJX
+ZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tS
+oc/BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ/2W+5JsGY4Hc5n9yBXArwl93lqt
+7/RN5w6Cf0h4QyQ5v+65YGjQR0/FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0
+zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt+bFTWhAI4vMQFh6WeZu0f
+M4lFd2NcRwr3XPksINHaQ+G/xBniIqbw0Ls1jF44+csFCur+kEgU8awapJzKnqDK
+gwIDAQAB
+-----END PUBLIC KEY-----`);
+
+	});
+
+	it('should be initialized from private key objects', () => {
+
+		const keySet = JWKSet.fromObject(privateKS);
+		const jwk = keySet.findKeyById('2011-04-29');
+
+		const pubKey = jwk.key.toPublicKeyPEM();
+		expect(pubKey).to.be.equal(`-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vx7agoebGcQSuuPiLJX
+ZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tS
+oc/BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ/2W+5JsGY4Hc5n9yBXArwl93lqt
+7/RN5w6Cf0h4QyQ5v+65YGjQR0/FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0
+zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt+bFTWhAI4vMQFh6WeZu0f
+M4lFd2NcRwr3XPksINHaQ+G/xBniIqbw0Ls1jF44+csFCur+kEgU8awapJzKnqDK
+gwIDAQAB
+-----END PUBLIC KEY-----`);
+
+	});
+
+});

test/tests/rsa.test.js

@@ -0,0 +1,58 @@
+const publicKS = require('../data/publicKeySet.json');
+const privateKS = require('../data/privateKeySet.json');
+
+const JWKSet = require('../../lib/JWKSet');
+
+const expect = require('chai').expect;
+
+describe('RSA key', () => {
+
+	it('should be initialized from public key objects', () => {
+
+		const keySet = JWKSet.fromObject(publicKS);
+		const jwk = keySet.findKeyById('2011-04-29');
+
+		expect(keySet.keys).to.satisfy(k => /(?!.*_invalid)$/.test(k.kid));
+
+	});
+
+	it('should be initialized from private key objects', () => {
+
+		const keySet = JWKSet.fromObject(privateKS);
+		const jwk = keySet.findKeyById('2011-04-29');
+
+		expect(jwk.kid).to.be.equal('2011-04-29');
+		expect(jwk.key.hasPrivateKey).to.be.true;
+
+		const pubKey = jwk.key.toPublicKeyPEM();
+		expect(pubKey).to.be.equal(`-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vx7agoebGcQSuuPiLJX
+ZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tS
+oc/BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ/2W+5JsGY4Hc5n9yBXArwl93lqt
+7/RN5w6Cf0h4QyQ5v+65YGjQR0/FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0
+zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt+bFTWhAI4vMQFh6WeZu0f
+M4lFd2NcRwr3XPksINHaQ+G/xBniIqbw0Ls1jF44+csFCur+kEgU8awapJzKnqDK
+gwIDAQAB
+-----END PUBLIC KEY-----`);
+
+	});
+
+	it('should be initialized from private key objects', () => {
+
+		const keySet = JWKSet.fromObject(privateKS);
+		const jwk = keySet.findKeyById('2011-04-29');
+
+		const pubKey = jwk.key.toPublicKeyPEM();
+		expect(pubKey).to.be.equal(`-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vx7agoebGcQSuuPiLJX
+ZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tS
+oc/BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ/2W+5JsGY4Hc5n9yBXArwl93lqt
+7/RN5w6Cf0h4QyQ5v+65YGjQR0/FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0
+zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt+bFTWhAI4vMQFh6WeZu0f
+M4lFd2NcRwr3XPksINHaQ+G/xBniIqbw0Ls1jF44+csFCur+kEgU8awapJzKnqDK
+gwIDAQAB
+-----END PUBLIC KEY-----`);
+
+	});
+
+});