feat(sdk): Updates to jose 6.x

- Jose 6.x drops support for node key objects, instead requiring/using CryptoKeys natively - This means it removes support for node 18.x, but we have already dropped support for it - While here, updates other deps, including ones dependabot has been suggesting typescript and related fixes 🤖 🎨 Autoformat Signed-off-by: David Mihalcik <[email protected]>
opentdf · Mar 3, 2025 · 1746f27 · 1746f27
1 parent 82f30de
commit 1746f27
Show file tree

Hide file tree

Showing 11 changed files with 327 additions and 1,576 deletions.
diff --git a/cli/package-lock.json b/cli/package-lock.json
diff --git a/cli/package.json b/cli/package.json
@@ -29,26 +29,26 @@
     "opentdf": "./bin/opentdf.mjs"
   },
   "devDependencies": {
-    "@eslint/eslintrc": "^3.2.0",
-    "@eslint/js": "^9.20.0",
+    "@eslint/eslintrc": "^3.3.0",
+    "@eslint/js": "^9.21.0",
     "@esm-bundle/chai": "4.3.4-fix.0",
     "@types/mocha": "10.0.10",
-    "@types/node": "^22.13.4",
+    "@types/node": "^22.13.5",
     "@types/readable-stream": "^4.0.18",
-    "@types/sinon": "^17.0.3",
+    "@types/sinon": "^17.0.4",
     "@types/yargs": "^17.0.33",
     "chai": "^5.2.0",
-    "eslint-config-prettier": "^10.0.1",
+    "eslint-config-prettier": "^10.0.2",
     "eslint-plugin-chai-friendly": "^1.0.1",
     "eslint-plugin-prettier": "^5.2.3",
-    "globals": "^15.15.0",
+    "globals": "^16.0.0",
     "license-checker-rseidelsohn": "^4.4.2",
     "mocha": "^11.1.0",
-    "prettier": "^3.5.1",
+    "prettier": "^3.5.2",
     "sinon": "^19.0.2",
     "ts-node": "^10.9.2",
     "typescript": "^5.7.3",
-    "typescript-eslint": "^8.24.1"
+    "typescript-eslint": "^8.25.0"
   },
   "dependencies": {
     "@opentdf/sdk": "file:../lib/opentdf-sdk-0.3.0.tgz",

diff --git a/cli/src/cli.ts b/cli/src/cli.ts
@@ -22,7 +22,7 @@ import { webcrypto } from 'crypto';
 import * as assertions from '@opentdf/sdk/assertions';
 import { attributeFQNsAsValues } from '@opentdf/sdk/nano';
 import { base64 } from '@opentdf/sdk/encodings';
-import { importPKCS8, importSPKI, KeyLike } from 'jose'; // for RS256
+import { type CryptoKey, importPKCS8, importSPKI } from 'jose'; // for RS256
 
 type AuthToProcess = {
   auth?: string;
@@ -143,20 +143,20 @@ async function parseAssertionVerificationKeys(
     }
   }
   for (const assertionName in u.Keys) {
-    const assertionKey = u.Keys[assertionName];
+    const assertionKey: assertions.AssertionKey = u.Keys[assertionName];
     // Ensure each entry has the required 'key' and 'alg' fields
     if (typeof assertionKey !== 'object' || assertionKey === null) {
       throw new CLIError('CRITICAL', `Invalid assertion for ${assertionName}: Must be an object`);
     }
 
-    if (typeof assertionKey.key !== 'string' || typeof assertionKey.alg !== 'string') {
+    if (typeof assertionKey.alg !== 'string') {
       throw new CLIError(
         'CRITICAL',
         `Invalid assertion for ${assertionName}: Missing or invalid 'key' or 'alg'`
       );
     }
     try {
-      u.Keys[assertionName].key = await correctAssertionKeys(assertionKey.alg, assertionKey.key);
+      u.Keys[assertionName].key = await correctAssertionKeys(assertionKey);
     } catch (err) {
       throw new CLIError('CRITICAL', `Issue converting assertion key from string: ${err.message}`);
     }
@@ -182,10 +182,10 @@ async function parseReadOptions(argv: Partial<mainArgs>): Promise<ReadOptions> {
   return r;
 }
 
-async function correctAssertionKeys(
-  alg: string,
-  key: KeyLike | Uint8Array
-): Promise<KeyLike | Uint8Array> {
+async function correctAssertionKeys({
+  alg,
+  key,
+}: assertions.AssertionKey): Promise<CryptoKey | Uint8Array> {
   if (alg === 'HS256') {
     // Convert key string to Uint8Array
     if (typeof key !== 'string') {
@@ -240,17 +240,17 @@ async function parseAssertionConfig(s: string): Promise<assertions.AssertionConf
     if (!assertions.isAssertionConfig(assertion)) {
       throw new CLIError('CRITICAL', `invalid assertion config ${JSON.stringify(assertion)}`);
     }
-    if (assertion.signingKey) {
-      const { alg, key } = assertion.signingKey;
-      try {
-        assertion.signingKey.key = await correctAssertionKeys(alg, key);
-      } catch (err) {
-        throw new CLIError(
-          'CRITICAL',
-          `Issue converting assertion key from string: ${err.message}`,
-          err
-        );
-      }
+    if (!assertion.signingKey) {
+      continue;
+    }
+    try {
+      assertion.signingKey.key = await correctAssertionKeys(assertion.signingKey);
+    } catch (err) {
+      throw new CLIError(
+        'CRITICAL',
+        `Issue converting assertion key from string: ${err.message}`,
+        err
+      );
     }
   }
   return a;