feat(types): allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike

Author: panva

src/jwe/compact/decrypt.ts

@@ -47,11 +47,11 @@ export async function compactDecrypt(
  * @param getKey Function resolving Private Key or Secret to decrypt the JWE with.
  * @param options JWE Decryption options.
  */
-export async function compactDecrypt(
+export async function compactDecrypt<T extends KeyLike = KeyLike>(
   jwe: string | Uint8Array,
   getKey: CompactDecryptGetKey,
   options?: DecryptOptions,
-): Promise<CompactDecryptResult & ResolvedKey>
+): Promise<CompactDecryptResult & ResolvedKey<T>>
 export async function compactDecrypt(
   jwe: string | Uint8Array,
   key: KeyLike | Uint8Array | CompactDecryptGetKey,

src/jwe/flattened/decrypt.ts

@@ -66,11 +66,11 @@ export function flattenedDecrypt(
  * @param getKey Function resolving Private Key or Secret to decrypt the JWE with.
  * @param options JWE Decryption options.
  */
-export function flattenedDecrypt(
+export function flattenedDecrypt<T extends KeyLike = KeyLike>(
   jwe: FlattenedJWE,
   getKey: FlattenedDecryptGetKey,
   options?: DecryptOptions,
-): Promise<FlattenedDecryptResult & ResolvedKey>
+): Promise<FlattenedDecryptResult & ResolvedKey<T>>
 export async function flattenedDecrypt(
   jwe: FlattenedJWE,
   key: KeyLike | Uint8Array | FlattenedDecryptGetKey,

src/jwe/general/decrypt.ts

@@ -61,11 +61,11 @@ export function generalDecrypt(
  * @param getKey Function resolving Private Key or Secret to decrypt the JWE with.
  * @param options JWE Decryption options.
  */
-export function generalDecrypt(
+export function generalDecrypt<T extends KeyLike = KeyLike>(
   jwe: GeneralJWE,
   getKey: GeneralDecryptGetKey,
   options?: DecryptOptions,
-): Promise<GeneralDecryptResult & ResolvedKey>
+): Promise<GeneralDecryptResult & ResolvedKey<T>>
 export async function generalDecrypt(
   jwe: GeneralJWE,
   key: KeyLike | Uint8Array | GeneralDecryptGetKey,

src/jwk/embedded.ts

@@ -24,10 +24,10 @@ import { JWSInvalid } from '../util/errors.js'
  * console.log(payload)
  * ```
  */
-export async function EmbeddedJWK(
-): Promise<KeyLike> {
+export async function EmbeddedJWK<T extends KeyLike = KeyLike>(
   protectedHeader?: JWSHeaderParameters,
   token?: FlattenedJWSInput,
+): Promise<T> {
   const joseHeader = {
     ...protectedHeader,
     ...token?.header,
@@ -36,7 +36,7 @@ export async function EmbeddedJWK(
     throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a JSON object')
   }
 
-  const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg!, true)
+  const key = await importJWK<T>({ ...joseHeader.jwk, ext: true }, joseHeader.alg!, true)
 
   if (key instanceof Uint8Array || key.type !== 'public') {
     throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key')

src/jwks/local.ts

@@ -28,8 +28,8 @@ function getKtyFromAlg(alg: unknown) {
   }
 }
 
-interface Cache {
-  [alg: string]: KeyLike
+interface Cache<T extends KeyLike = KeyLike> {
+  [alg: string]: T
 }
 
 /** @private */
@@ -59,10 +59,10 @@ function clone<T>(obj: T): T {
 }
 
 /** @private */
-export class LocalJWKSet {
+export class LocalJWKSet<T extends KeyLike = KeyLike> {
   protected _jwks?: JSONWebKeySet
 
-  private _cached: WeakMap<JWK, Cache> = new WeakMap()
+  private _cached: WeakMap<JWK, Cache<T>> = new WeakMap()
 
   constructor(jwks: unknown) {
     if (!isJWKSLike(jwks)) {
@@ -72,7 +72,7 @@ export class LocalJWKSet {
     this._jwks = clone<JSONWebKeySet>(jwks)
   }
 
-  async getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<KeyLike> {
+  async getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<T> {
     const { alg, kid } = { ...protectedHeader, ...token?.header }
     const kty = getKtyFromAlg(alg)
 
@@ -137,7 +137,7 @@ export class LocalJWKSet {
       error[Symbol.asyncIterator] = async function* () {
         for (const jwk of candidates) {
           try {
-            yield await importWithAlgCache(_cached, jwk, alg!)
+            yield await importWithAlgCache<T>(_cached, jwk, alg!)
           } catch {
             continue
           }
@@ -147,20 +147,24 @@ export class LocalJWKSet {
       throw error
     }
 
-    return importWithAlgCache(this._cached, jwk, alg!)
+    return importWithAlgCache<T>(this._cached, jwk, alg!)
   }
 }
 
-async function importWithAlgCache(cache: WeakMap<JWK, Cache>, jwk: JWK, alg: string) {
+async function importWithAlgCache<T extends KeyLike = KeyLike>(
+  cache: WeakMap<JWK, Cache<T>>,
+  jwk: JWK,
+  alg: string,
+) {
   const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk)!
   if (cached[alg] === undefined) {
-    const keyObject = <KeyLike>await importJWK({ ...jwk, ext: true }, alg)
+    const key = await importJWK<T>({ ...jwk, ext: true }, alg)
 
-    if (keyObject.type !== 'public') {
+    if (key instanceof Uint8Array || key.type !== 'public') {
       throw new JWKSInvalid('JSON Web Key Set members must be public keys')
     }
 
-    cached[alg] = keyObject
+    cached[alg] = key
   }
 
   return cached[alg]
@@ -240,6 +244,12 @@ async function importWithAlgCache(cache: WeakMap<JWK, Cache>, jwk: JWK, alg: str
  *
  * @param jwks JSON Web Key Set formatted object.
  */
-export function createLocalJWKSet(jwks: JSONWebKeySet) {
-  return LocalJWKSet.prototype.getKey.bind(new LocalJWKSet(jwks))
+export function createLocalJWKSet<T extends KeyLike = KeyLike>(jwks: JSONWebKeySet) {
+  const set = new LocalJWKSet<T>(jwks)
+  return async function (
+    protectedHeader?: JWSHeaderParameters,
+    token?: FlattenedJWSInput,
+  ): Promise<T> {
+    return set.getKey(protectedHeader, token)
+  }
 }

src/jwks/remote.ts

@@ -40,7 +40,7 @@ export interface RemoteJWKSetOptions {
   headers?: Record<string, string>
 }
 
-class RemoteJWKSet extends LocalJWKSet {
+class RemoteJWKSet<T extends KeyLike = KeyLike> extends LocalJWKSet<T> {
   private _url: URL
 
   private _timeoutDuration: number
@@ -84,7 +84,7 @@ class RemoteJWKSet extends LocalJWKSet {
       : false
   }
 
-  async getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<KeyLike> {
+  async getKey(protectedHeader?: JWSHeaderParameters, token?: FlattenedJWSInput): Promise<T> {
     if (!this._jwks || !this.fresh()) {
       await this.reload()
     }
@@ -199,6 +199,15 @@ class RemoteJWKSet extends LocalJWKSet {
  * @param url URL to fetch the JSON Web Key Set from.
  * @param options Options for the remote JSON Web Key Set.
  */
-export function createRemoteJWKSet(url: URL, options?: RemoteJWKSetOptions) {
-  return RemoteJWKSet.prototype.getKey.bind(new RemoteJWKSet(url, options))
+export function createRemoteJWKSet<T extends KeyLike = KeyLike>(
+  url: URL,
+  options?: RemoteJWKSetOptions,
+) {
+  const set = new RemoteJWKSet<T>(url, options)
+  return async function (
+    protectedHeader?: JWSHeaderParameters,
+    token?: FlattenedJWSInput,
+  ): Promise<T> {
+    return set.getKey(protectedHeader, token)
+  }
 }

src/jws/compact/verify.ts

@@ -51,11 +51,11 @@ export function compactVerify(
  * @param getKey Function resolving a key to verify the JWS with.
  * @param options JWS Verify options.
  */
-export function compactVerify(
+export function compactVerify<T extends KeyLike = KeyLike>(
   jws: string | Uint8Array,
   getKey: CompactVerifyGetKey,
   options?: VerifyOptions,
-): Promise<CompactVerifyResult & ResolvedKey>
+): Promise<CompactVerifyResult & ResolvedKey<T>>
 export async function compactVerify(
   jws: string | Uint8Array,
   key: KeyLike | Uint8Array | CompactVerifyGetKey,

src/jws/flattened/verify.ts

@@ -64,11 +64,11 @@ export function flattenedVerify(
  * @param getKey Function resolving a key to verify the JWS with.
  * @param options JWS Verify options.
  */
-export function flattenedVerify(
+export function flattenedVerify<T extends KeyLike = KeyLike>(
   jws: FlattenedJWSInput,
   getKey: FlattenedVerifyGetKey,
   options?: VerifyOptions,
-): Promise<FlattenedVerifyResult & ResolvedKey>
+): Promise<FlattenedVerifyResult & ResolvedKey<T>>
 export async function flattenedVerify(
   jws: FlattenedJWSInput,
   key: KeyLike | Uint8Array | FlattenedVerifyGetKey,

src/jws/general/verify.ts

@@ -60,11 +60,11 @@ export function generalVerify(
  * @param getKey Function resolving a key to verify the JWS with.
  * @param options JWS Verify options.
  */
-export function generalVerify(
+export function generalVerify<T extends KeyLike = KeyLike>(
   jws: GeneralJWSInput,
   getKey: GeneralVerifyGetKey,
   options?: VerifyOptions,
-): Promise<GeneralVerifyResult & ResolvedKey>
+): Promise<GeneralVerifyResult & ResolvedKey<T>>
 export async function generalVerify(
   jws: GeneralJWSInput,
   key: KeyLike | Uint8Array | GeneralVerifyGetKey,

src/jwt/decrypt.ts

@@ -56,11 +56,11 @@ export async function jwtDecrypt(
  * @param getKey Function resolving Private Key or Secret to decrypt and verify the JWT with.
  * @param options JWT Decryption and JWT Claims Set validation options.
  */
-export async function jwtDecrypt(
+export async function jwtDecrypt<T extends KeyLike = KeyLike>(
   jwt: string | Uint8Array,
   getKey: JWTDecryptGetKey,
   options?: JWTDecryptOptions,
-): Promise<JWTDecryptResult & ResolvedKey>
+): Promise<JWTDecryptResult & ResolvedKey<T>>
 export async function jwtDecrypt(
   jwt: string | Uint8Array,
   key: KeyLike | Uint8Array | JWTDecryptGetKey,