@@ -71,9 +71,15 @@ async function createJktJwt(options: {
7171
7272 // Determine alg from identity key
7373 let alg : string
74- if ( identityPublicJwk . kty === 'OKP' && identityPublicJwk . crv === 'Ed25519' ) {
74+ if (
75+ identityPublicJwk . kty === 'OKP' &&
76+ identityPublicJwk . crv === 'Ed25519'
77+ ) {
7578 alg = 'EdDSA'
76- } else if ( identityPublicJwk . kty === 'EC' && identityPublicJwk . crv === 'P-256' ) {
79+ } else if (
80+ identityPublicJwk . kty === 'EC' &&
81+ identityPublicJwk . crv === 'P-256'
82+ ) {
7783 alg = 'ES256'
7884 } else {
7985 throw new Error ( 'Unsupported identity key type' )
@@ -115,7 +121,9 @@ async function createJktJwt(options: {
115121 const identityKey = await crypto . subtle . importKey (
116122 'jwk' ,
117123 identityPrivateJwk ,
118- alg === 'EdDSA' ? { name : 'Ed25519' } : { name : 'ECDSA' , namedCurve : 'P-256' } ,
124+ alg === 'EdDSA'
125+ ? { name : 'Ed25519' }
126+ : { name : 'ECDSA' , namedCurve : 'P-256' } ,
119127 false ,
120128 [ 'sign' ] ,
121129 )
@@ -156,7 +164,10 @@ test('jkt-jwt: GET request with Ed25519 identity and Ed25519 ephemeral key', asy
156164
157165 // Signature-Key should use jkt-jwt scheme
158166 const sigKeyHeader = result . headers . get ( 'signature-key' ) !
159- assert . ok ( sigKeyHeader . startsWith ( 'sig=jkt-jwt;' ) , `Expected jkt-jwt scheme, got: ${ sigKeyHeader } ` )
167+ assert . ok (
168+ sigKeyHeader . startsWith ( 'sig=jkt-jwt;' ) ,
169+ `Expected jkt-jwt scheme, got: ${ sigKeyHeader } ` ,
170+ )
160171
161172 const verifyResult = await verify ( {
162173 method : 'GET' ,
@@ -165,7 +176,11 @@ test('jkt-jwt: GET request with Ed25519 identity and Ed25519 ephemeral key', asy
165176 headers : result . headers ,
166177 } )
167178
168- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
179+ assert . strictEqual (
180+ verifyResult . verified ,
181+ true ,
182+ `Verification failed: ${ verifyResult . error } ` ,
183+ )
169184 assert . strictEqual ( verifyResult . keyType , 'jkt_jwt' )
170185 assert . ok ( verifyResult . jkt_jwt , 'Should have jkt_jwt data' )
171186 assert . strictEqual ( verifyResult . jkt_jwt ?. raw , jwt )
@@ -209,7 +224,11 @@ test('jkt-jwt: POST request with body', async () => {
209224 body,
210225 } )
211226
212- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
227+ assert . strictEqual (
228+ verifyResult . verified ,
229+ true ,
230+ `Verification failed: ${ verifyResult . error } ` ,
231+ )
213232 assert . strictEqual ( verifyResult . keyType , 'jkt_jwt' )
214233} )
215234
@@ -237,7 +256,11 @@ test('jkt-jwt: P-256 identity key delegating to Ed25519 ephemeral key', async ()
237256 headers : result . headers ,
238257 } )
239258
240- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
259+ assert . strictEqual (
260+ verifyResult . verified ,
261+ true ,
262+ `Verification failed: ${ verifyResult . error } ` ,
263+ )
241264 assert . strictEqual ( verifyResult . keyType , 'jkt_jwt' )
242265 assert . strictEqual ( verifyResult . jkt_jwt ?. identityKey . kty , 'EC' )
243266 assert . strictEqual ( verifyResult . jkt_jwt ?. identityKey . crv , 'P-256' )
@@ -268,7 +291,11 @@ test('jkt-jwt: Ed25519 identity key delegating to P-256 ephemeral key', async ()
268291 headers : result . headers ,
269292 } )
270293
271- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
294+ assert . strictEqual (
295+ verifyResult . verified ,
296+ true ,
297+ `Verification failed: ${ verifyResult . error } ` ,
298+ )
272299 assert . strictEqual ( verifyResult . jkt_jwt ?. identityKey . kty , 'OKP' )
273300 assert . strictEqual ( verifyResult . publicKey . kty , 'EC' )
274301 assert . strictEqual ( verifyResult . publicKey . crv , 'P-256' )
@@ -301,7 +328,10 @@ test('jkt-jwt: Should fail with expired JWT', async () => {
301328 } )
302329
303330 assert . strictEqual ( verifyResult . verified , false )
304- assert . ok ( verifyResult . error ?. includes ( 'expired' ) , `Expected expired error, got: ${ verifyResult . error } ` )
331+ assert . ok (
332+ verifyResult . error ?. includes ( 'expired' ) ,
333+ `Expected expired error, got: ${ verifyResult . error } ` ,
334+ )
305335} )
306336
307337test ( 'jkt-jwt: Should fail with future iat' , async ( ) => {
@@ -331,7 +361,10 @@ test('jkt-jwt: Should fail with future iat', async () => {
331361 } )
332362
333363 assert . strictEqual ( verifyResult . verified , false )
334- assert . ok ( verifyResult . error ?. includes ( 'future' ) , `Expected future error, got: ${ verifyResult . error } ` )
364+ assert . ok (
365+ verifyResult . error ?. includes ( 'future' ) ,
366+ `Expected future error, got: ${ verifyResult . error } ` ,
367+ )
335368} )
336369
337370test ( 'jkt-jwt: Should fail with tampered iss (wrong thumbprint)' , async ( ) => {
@@ -342,7 +375,8 @@ test('jkt-jwt: Should fail with tampered iss (wrong thumbprint)', async () => {
342375 identityPrivateJwk : identity . privateJwk ,
343376 identityPublicJwk : identity . publicJwk ,
344377 ephemeralPublicJwk : ephemeral . publicJwk ,
345- overrideIss : 'urn:jkt:sha-256:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' ,
378+ overrideIss :
379+ 'urn:jkt:sha-256:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' ,
346380 } )
347381
348382 const result = ( await fetch ( 'https://api.example.com/data' , {
@@ -360,7 +394,10 @@ test('jkt-jwt: Should fail with tampered iss (wrong thumbprint)', async () => {
360394 } )
361395
362396 assert . strictEqual ( verifyResult . verified , false )
363- assert . ok ( verifyResult . error ?. includes ( 'iss mismatch' ) , `Expected iss mismatch, got: ${ verifyResult . error } ` )
397+ assert . ok (
398+ verifyResult . error ?. includes ( 'iss mismatch' ) ,
399+ `Expected iss mismatch, got: ${ verifyResult . error } ` ,
400+ )
364401} )
365402
366403test ( 'jkt-jwt: Should fail with tampered JWT signature' , async ( ) => {
@@ -425,7 +462,10 @@ test('jkt-jwt: Should fail with missing cnf.jwk in JWT', async () => {
425462 } )
426463
427464 assert . strictEqual ( verifyResult . verified , false )
428- assert . ok ( verifyResult . error ?. includes ( 'cnf.jwk' ) , `Expected cnf.jwk error, got: ${ verifyResult . error } ` )
465+ assert . ok (
466+ verifyResult . error ?. includes ( 'cnf.jwk' ) ,
467+ `Expected cnf.jwk error, got: ${ verifyResult . error } ` ,
468+ )
429469} )
430470
431471test ( 'jkt-jwt: Should fail with unsupported typ' , async ( ) => {
@@ -522,7 +562,11 @@ test('jkt-jwt: Custom label should work', async () => {
522562 headers : result . headers ,
523563 } )
524564
525- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
565+ assert . strictEqual (
566+ verifyResult . verified ,
567+ true ,
568+ `Verification failed: ${ verifyResult . error } ` ,
569+ )
526570 assert . strictEqual ( verifyResult . label , 'device' )
527571 assert . strictEqual ( verifyResult . keyType , 'jkt_jwt' )
528572} )
@@ -551,16 +595,26 @@ test('jkt-jwt: Thumbprint in result should be for the ephemeral key', async () =
551595 headers : result . headers ,
552596 } )
553597
554- assert . strictEqual ( verifyResult . verified , true , `Verification failed: ${ verifyResult . error } ` )
598+ assert . strictEqual (
599+ verifyResult . verified ,
600+ true ,
601+ `Verification failed: ${ verifyResult . error } ` ,
602+ )
555603
556604 // The top-level thumbprint should be for the ephemeral key (the key that signed the HTTP message)
557- const expectedEphemeralThumbprint = await calculateThumbprint ( ephemeral . publicJwk )
605+ const expectedEphemeralThumbprint = await calculateThumbprint (
606+ ephemeral . publicJwk ,
607+ )
558608 assert . strictEqual ( verifyResult . thumbprint , expectedEphemeralThumbprint )
559609
560610 // The identity thumbprint should be different (for the enclave key)
561- const expectedIdentityThumbprint = await calculateThumbprint ( identity . publicJwk )
611+ const expectedIdentityThumbprint = await calculateThumbprint (
612+ identity . publicJwk ,
613+ )
562614 assert . ok (
563- verifyResult . jkt_jwt ?. identityThumbprint . endsWith ( expectedIdentityThumbprint ) ,
615+ verifyResult . jkt_jwt ?. identityThumbprint . endsWith (
616+ expectedIdentityThumbprint ,
617+ ) ,
564618 'Identity thumbprint URI should contain the identity key thumbprint' ,
565619 )
566620} )
0 commit comments