"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.generateKeyPair = exports.generateSecret = void 0; const crypto_1 = require("crypto"); const util_1 = require("util"); const random_js_1 = require("./random.js"); const check_modulus_length_js_1 = require("./check_modulus_length.js"); const errors_js_1 = require("../util/errors.js"); const generate = (0, util_1.promisify)(crypto_1.generateKeyPair); async function generateSecret(alg, options) { let length; switch (alg) { case 'HS256': case 'HS384': case 'HS512': case 'A128CBC-HS256': case 'A192CBC-HS384': case 'A256CBC-HS512': length = parseInt(alg.slice(-3), 10); break; case 'A128KW': case 'A192KW': case 'A256KW': case 'A128GCMKW': case 'A192GCMKW': case 'A256GCMKW': case 'A128GCM': case 'A192GCM': case 'A256GCM': length = parseInt(alg.slice(1, 4), 10); break; default: throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); } return (0, crypto_1.createSecretKey)((0, random_js_1.default)(new Uint8Array(length >> 3))); } exports.generateSecret = generateSecret; async function generateKeyPair(alg, options) { var _a, _b; switch (alg) { case 'RS256': case 'RS384': case 'RS512': case 'PS256': case 'PS384': case 'PS512': case 'RSA-OAEP': case 'RSA-OAEP-256': case 'RSA-OAEP-384': case 'RSA-OAEP-512': case 'RSA1_5': { const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048; if (typeof modulusLength !== 'number' || modulusLength < 2048) { throw new errors_js_1.JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used'); } const keypair = await generate('rsa', { modulusLength, publicExponent: 0x10001, }); (0, check_modulus_length_js_1.setModulusLength)(keypair.privateKey, modulusLength); (0, check_modulus_length_js_1.setModulusLength)(keypair.publicKey, modulusLength); return keypair; } case 'ES256': return generate('ec', { namedCurve: 'P-256' }); case 'ES256K': return generate('ec', { namedCurve: 'secp256k1' }); case 'ES384': return generate('ec', { namedCurve: 'P-384' }); case 'ES512': return generate('ec', { namedCurve: 'P-521' }); case 'EdDSA': { switch (options === null || options === void 0 ? void 0 : options.crv) { case undefined: case 'Ed25519': return generate('ed25519'); case 'Ed448': return generate('ed448'); default: throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448'); } } case 'ECDH-ES': case 'ECDH-ES+A128KW': case 'ECDH-ES+A192KW': case 'ECDH-ES+A256KW': const crv = (_b = options === null || options === void 0 ? void 0 : options.crv) !== null && _b !== void 0 ? _b : 'P-256'; switch (crv) { case undefined: case 'P-256': case 'P-384': case 'P-521': return generate('ec', { namedCurve: crv }); case 'X25519': return generate('x25519'); case 'X448': return generate('x448'); default: throw new errors_js_1.JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448'); } default: throw new errors_js_1.JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value'); } } exports.generateKeyPair = generateKeyPair;