CyberChef/src/core/operations/JWTVerify.mjs

64 lines
1.7 KiB
JavaScript
Raw Normal View History

2018-08-27 00:16:13 +02:00
/**
* @author gchq77703 []
* @copyright Crown Copyright 2018
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
2018-08-27 00:16:13 +02:00
import jwt from "jsonwebtoken";
import OperationError from "../errors/OperationError.mjs";
import {JWT_ALGORITHMS} from "../lib/JWT.mjs";
2021-02-09 15:14:59 +01:00
2018-08-27 00:16:13 +02:00
/**
* JWT Verify operation
*/
class JWTVerify extends Operation {
/**
* JWTVerify constructor
*/
constructor() {
super();
this.name = "JWT Verify";
this.module = "Crypto";
2018-08-31 15:58:06 +02:00
this.description = "Verifies that a JSON Web Token is valid and has been signed with the provided secret / private key.<br><br>The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.";
this.infoURL = "https://wikipedia.org/wiki/JSON_Web_Token";
2018-08-27 00:16:13 +02:00
this.inputType = "string";
this.outputType = "JSON";
this.args = [
{
2021-02-06 09:35:46 +01:00
name: "Public/Secret Key",
2018-08-29 23:43:10 +02:00
type: "text",
2018-08-31 15:58:06 +02:00
value: "secret"
2018-08-27 00:16:13 +02:00
},
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [key] = args;
2021-02-09 15:23:02 +01:00
const algos = JWT_ALGORITHMS;
algos[algos.indexOf("None")] = "none";
2018-08-27 00:16:13 +02:00
try {
2021-02-09 15:23:02 +01:00
const verified = jwt.verify(input, key, { algorithms: algos });
2018-08-31 15:58:06 +02:00
2019-07-05 13:22:52 +02:00
if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") {
2018-08-31 15:58:06 +02:00
throw new OperationError(verified.message);
}
return verified;
2018-08-27 00:16:13 +02:00
} catch (err) {
2018-08-31 15:58:06 +02:00
throw new OperationError(err);
2018-08-27 00:16:13 +02:00
}
}
}
export default JWTVerify;