bug: keystore.toJWKS throws on windows about jose HOT 16 CLOSED

ok with your workaround all test pass

E:\HAS\jose>npm run test
> @panva/[email protected] test E:\HAS\jose
> ava



  1355 tests passed

from jose.

Are you saying this snippet does not work for you?

const { JWKS: { KeyStore } } = require('@panva/jose');
const keystore = new KeyStore();
keystore.generateSync('RSA', 2048, {
  alg: 'RS256',
  use: 'sig',
});
console.log(keystore.toJWKS())

from jose.

Yes and my version is

E:\HAS\OpenId>node -v
v11.11.0

from jose.

and package is

"dependencies": {
"@panva/jose": "^0.11.1",
"koa": "^2.7.0",
"koa-body": "^4.1.0",
"koa-ejs": "^4.2.0",
"koa-helmet": "^4.1.0",
"koa-mount": "^4.0.0",
"koa-router": "^7.4.0",
"lodash": "^4.17.11",
"nanoid": "^2.0.1"
}

from jose.

The only thing i can think of is that the keyobject export does not honour const EOL = require('os').EOL;

from jose.

can you try going to your node_modules/@trust/keyto/src/index.js file and changing line 219 to let lines = key.split('\n')? I don't have a windows machine available so this would help me out a lot to confirm.

from jose.

also run this for me and paste the output please

const { generateKeyPairSync } = require('crypto')

generateKeyPairSync('rsa', { modulusLength: 2048 }).privateKey.export({ format: 'pem', type: 'pkcs8' })

from jose.

It works when i change the line you gave me. I'll run the second command

from jose.

i ran this

const { generateKeyPairSync } = require('crypto')

let res = generateKeyPairSync('rsa', { modulusLength: 2048 }).privateKey.export({ format: 'pem', type: 'pkcs8' })
console.log(JSON.stringify(res))

Which gave me
"-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzw77UxBXgwWov\nTFbjXmqWF33a9V0D4Vjk1YLarvSSEM07tzn1oe8WdZ+AnhRIgw1HSn+VK2RonZMV\nPQ+27n1FIgvtYyzN3Xg2TU5fN7KRF7WCs3CDkh+npHvCpJK6ssTccWTcwY4F9HGU\nbz9Ui/5o7Gbqvb6QKlr3sjOKj2BmyIsyA+ypU3mYexozr4uiS+OmMpc08ekZh5ew\nu3IsAoKmLw4OhW6JGpzYQ2aCX+9KR/56Z5OCbCgvunG33IKkogtqZm5cJC7dG/la\nkRi/andQHDBatuvoqUTRzX99siX/P2B8tuRyklpdVigNYXXi/JthRyEtJgt7HB9x\n4v00o2E7AgMBAAECggEAZHw0/gYmHJ7BVnMb1rj+Z6v2BCFHv1WGNVRMcyV9PPD7\naDgBxBai6TES2fiDag0nrQQt0RqSZBBBGYwqbp1dlPl1JVtcvi7gdao89ujRfl18\nbvUTHdjerP062RDZnFc1x+vy75uaYiXEH68X/ZDLw6bx2KH8FeY3N2J7gSaoQotD\nrJF9263Tg9V420aM2jrNgHESKg9DSzoRGoIT67YVYyRDoc6zqWwAqeUx8NJl5fg6\n5C0g6B+4M8/SQq197kHH9+VVK4Sxw0Xanw6Td3GQtjJKlhI8AYV/UJbP9RcOTtng\nysBfvJ5oaoNQ68l4g3ztuMJMvpIXfizlBSVuZfviQQKBgQDb1GbKtZXsfnkg/Ppu\ntZK94d5/ECOWWCQYdDSPvewosnHQ9PFTJYpSFrtdWF/J8x/+WExhznTRu2/pPhdJ\nUs4WzGifVa/+Km9GBXIrlNCGfNeKAHAjDkfgQAVJ5omxKehuSlnDRseLBzyUZnQi\nlKWD8GJ+nHhbj/NLC9wycHWkkQKBgQDRV7xWl4OyIGp0MrNSuikAAkCmOxLoj8rA\nAvcRSxdWBCnekK4wqN+XfERSouCcW7YoxdmVNDhoeQPQSARrZdDWWOJzNdkEzJ3t\ntEojB7W1yrxZe0vX6DE5tEYvnAAq4vN3fwrc56hkv40mJEad1XNwytQ+miJqPvUY\niBxuIwvfCwKBgAwiw7H5KFev+7voe2LVP06gQ4o8N9q67vMypxwwXfM5NrNUcmYm\nsmYpvxo+ILujYmbGNSFJJoXVlS4JMXvoyFvV2QjC0D511ULGVjE1u/VQuw1xTL+C\nsFEe96vGwF85cw1zqVTweV+hfKSsq0ilcCXChY170eEsJ0BDXVqjfrshAoGAafhG\nr3K9SLMeEDoGCm+QB6AcR8mJlc4MLUyS8t8XLgSniTGl653gqVdPYqFun9fRCyy0\nKtInZ8MyigGasx70Kz0NTJLKi6Jko4prKPZjJmY9F/LQ/rdcC8DU8o6+ivcdlbTq\ns85UsMNCWTdtw8HkUQlrjVEK8Mtz2Ho2Ig59mOcCgYBQ9zZu9XNYcUtwCRrta2wK\nGhOWKSl2z3yFVYfocKjsU8ILrPO9ui8tWGvldcsF64Ie7qi6i5Q9N8WlEo30ldDm\nCHg/VQ79bADb7qj12XRrfhWKtjAMGcyTHQqWdSuFQOEA7A0meCzxDW8ar6O7KTWb\nq2WlQN5l1Z/vejSd2tA+Lg==\n-----END PRIVATE KEY-----\n"

from jose.

ok, please revert everything and change lib/help/key_utils.js to

const { EOL } = require('os')
const keyto = require('@trust/keyto')

const errors = require('../errors')

const SUPPORTED = new Set(['EC', 'RSA'])

module.exports.keyObjectToJWK = (keyObject) => {
  const type = keyObject.type === 'private' ? 'pkcs8' : 'spki'
  const format = 'pem'

  const pem = keyObject.export({ type, format }).replace(/\n/g, EOL)

  return keyto.from(pem, 'pem').toJwk(keyObject.type)
}

module.exports.jwkToPem = (jwk) => {
  if (!SUPPORTED.has(jwk.kty)) {
    throw new errors.JOSENotSupported(`unsupported key type: ${jwk.kty}`)
  }

  return keyto.from(jwk, 'jwk').toString('pem', jwk.d ? 'private_pkcs8' : 'public_pkcs8')
}

I think this might work as a temporary workaround to the @trust/keyto implementation. Upon confirmation i'll work that one in.

from jose.

Your workaround works and when i check my JSON.stringify(require('os').EOL) i get a "\r\n" and i suppose the generation of the token is something made with just \n so its not based on the OS end of line but something like openssl? Maybe its something i should post on the @trust/keyto? If i can be of some help :x

from jose.

Yes, i think @trust/keyto should not rely on os.EOL, for one the key might be coming from a different system.

That being said i'll work around it for now and in the future the work being done the KeyObject API will remove the need to use the pem -> jwk path in keyto.

from jose.

@DarkSorrow while we're at it and you're willing to help. Can you clone this repo, make the above change in your source and run

npm i
npm test

Maybe there are more windows specific bugs that we could uncover.

from jose.

Yes sure i'll do that and post something on their channel too later

from jose.

Thanks for your help @DarkSorrow, i'll get this sorted later today.

from jose.

Well thanks for being so reactive, i sent a PR to keyto as well

from jose.