diff --git a/ChangeLog.txt b/ChangeLog.txt index 17761692..d53d4705 100755 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -2,7 +2,8 @@ ChangeLog for jsrsasign * Changes between 5.0.4 to next release - - node sample 'jwssign' added. + - node sample 'jwssign', 'jwtverify', 'asn1dump' + and 'pemtobin' added. * Changes between 5.0.2 to 5.0.4 (2015-Nov-23) - jwtverify, asn1dump and pemtobin sample Node script in diff --git a/index.html b/index.html index f58c723c..5fe6464b 100755 --- a/index.html +++ b/index.html @@ -27,9 +27,11 @@

opensource free pure JavaScript cryptographic library s jsjws | DOWNLOADS | TUTORIALS | +Wiki | API REFERENCE | DEMOS | NEW DEMOS | +Node sample | NPM | diff --git a/sample_node/README.md b/sample_node/README.md index 8b9c0780..2398b4c6 100644 --- a/sample_node/README.md +++ b/sample_node/README.md @@ -8,35 +8,9 @@ Here is sample node utility scripts using 'jsrsasign' module. 1. [jwtverify](https://github.com/kjur/jsrsasign/tree/master/sample_node/jwtverify) - JWT and JWS verification tool -This script is to verify JWT(JSON Web Token) or JWS(JSON Web Signature) file or string -using [KJUR.jws.JWS.verifyJWT()](http://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT) method. It has following features: - -* HS256/384/512,RS256/384/512,PS256/384/512,ES256/384 signature algorithm support - -* string, hexadecimal and Base64URL passcode support for HS* signatures - -* JWS and JWT validation - -* JWT/JWS signature can be provided by a file or a string argument. - -* Verbose mode for validation in detail. - -To verify JWS, provide simply passcode or public key: - - % jwtverify -s password aaa.jws // passcode is 'password' - % jwtverify -x 616161 aaa.jws // passcode is 0x616161 (i.e. aaa) - % jwtverify -k aaa.pub aaa.jws // verify by PKCS#8 public key - -You can specify a JWS signature to verify as script argument not a file. - - % jwtverify -s aaa eyJhbGciOiJIUzI1NiIsInR5c... - -Verifying JWT is very similar to JWS however you can specify optional arguments: - - % jwtverify -s aaa --verify_at 20051231235959Z aaa.jwt // verify at 2005 Dec 31. - // current time by default. - % jwtverify -s aaa --accept_iss "http://example.com" aaa.jwt // acceptable issuer - % jwtverify -s aaa --accept_sub "http://example.com" aaa.jwt // acceptable subject +This script is to verify JWT(JSON Web Token) or JWS(JSON Web Signature) for HMAC password or public key. +using [KJUR.jws.JWS.verifyJWT()](http://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT) method. +See [here](https://github.com/kjur/jsrsasign/wiki/Sample-Node-Script---jwtverify) in detail. 1. [asn1dump](https://github.com/kjur/jsrsasign/tree/master/sample_node/asn1dump) - simple ASN.1 dumper @@ -68,26 +42,3 @@ To execute above scripts some npm packages are reuiqred: % npm install -g commander % npm install -g jsrsasign - -## ONLINE HELP - -All above scripts supports '-h' or '--help' option: - - % ./jwtverify -h - - Usage: jwtverify [options] - - verify JWT/jWS file or string - - Options: - - -h, --help output usage information - -V, --version output the version number - -s, --hmacpassstr Hmac(HS*) pass string (ex. passwd) - -x, --hmacpasshex Hmac(HS*) pass hex (ex. 7e5f...) - -b, --hmacpassb64u Hmac(HS*) pass base 64 url encoding) - -k, --pubkey public key file (ex. PKCS#8 PEM or JWK) - -v, --verbose show header and payload - --accept_iss check iss is in the iss list (ex. a@a.com,b@b.com) - --accept_sub check sub is in the sub list (ex. a@a.com,b@b.com) - --verify_at verify at specified UTC time(ex. 20151123235959Z) diff --git a/sample_node/jwtverify b/sample_node/jwtverify index 0e0a9279..c07fb78f 100755 --- a/sample_node/jwtverify +++ b/sample_node/jwtverify @@ -17,14 +17,14 @@ var program = require('commander'); var rs = require('jsrsasign'); var path = require('path'); +var JWS = rs.jws.JWS; program - .version('0.0.1') + .version('1.0.0 (2015-Nov-25)') .usage('[options] ') .description('verify JWT/jWS file or string') - .option('-s, --hmacpassstr ', 'Hmac(HS*) pass string (ex. passwd)') - .option('-x, --hmacpasshex ', 'Hmac(HS*) pass hex (ex. 7e5f...)') - .option('-b, --hmacpassb64u ', 'Hmac(HS*) pass base 64 url encoding)') + .option('-t, --passtype ', 'Hmac(HS*) pass type', 'utf8') + .option('-p, --pass ', 'Hmac(HS*) password in specfied type', 'passwd') .option('-k, --pubkey ', 'public key file (ex. PKCS#8 PEM or JWK)') .option('-v, --verbose', 'show header and payload') .option('--accept_iss ', 'check iss is in the iss list (ex. a@a.com,b@b.com)') @@ -48,12 +48,12 @@ var pass; var pubKeyObj; var acceptField = {}; -if (program.hmacpassstr !== undefined) - pass = {utf8: program.hmacpassstr}; -if (program.hmacpasshex !== undefined) - pass = {hex: program.hmacpasshex}; -if (program.hmacpassb64u !== undefined) - pass = {b64u: program.hmacpassb64u}; +if (! JWS.inArray(program.passtype, ['utf8', 'hex', 'b64', 'b64u'])) + throw "unsupported HS* password type: " + program.passtype; +if (program.passtype !== undefined && program.pass !== undefined) { + pass = {}; + pass[program.passtype] = program.pass; +} if (program.pubkey !== undefined) { var pubKeyPEM = rs.readFile(program.pubkey);