planetazuzu
5d7a6500fe
- ✅ Ticket 1.1: Estructura Clean Architecture en backend - ✅ Ticket 1.2: Schemas Zod compartidos - ✅ Ticket 1.3: Refactorización drugs.ts (1362 → 8 archivos modulares) - ✅ Ticket 1.4: Refactorización procedures.ts (3583 → 6 archivos modulares) - ✅ Ticket 1.5: Eliminación de duplicidades (~50 líneas) Cambios principales: - Creada estructura Clean Architecture en backend/src/ - Schemas Zod compartidos en backend/src/shared/schemas/ - Refactorización modular de drugs y procedures - Utilidades genéricas en src/utils/ (filter, validation) - Eliminados scripts obsoletos y documentación antigua - Corregidos errores: QueryClient, import test-error-handling - Build verificado y funcionando correctamente
67 lines
2.2 KiB
JavaScript
67 lines
2.2 KiB
JavaScript
const ASYMMETRIC_KEY_DETAILS_SUPPORTED = require('./asymmetricKeyDetailsSupported');
|
|
const RSA_PSS_KEY_DETAILS_SUPPORTED = require('./rsaPssKeyDetailsSupported');
|
|
|
|
const allowedAlgorithmsForKeys = {
|
|
'ec': ['ES256', 'ES384', 'ES512'],
|
|
'rsa': ['RS256', 'PS256', 'RS384', 'PS384', 'RS512', 'PS512'],
|
|
'rsa-pss': ['PS256', 'PS384', 'PS512']
|
|
};
|
|
|
|
const allowedCurves = {
|
|
ES256: 'prime256v1',
|
|
ES384: 'secp384r1',
|
|
ES512: 'secp521r1',
|
|
};
|
|
|
|
module.exports = function(algorithm, key) {
|
|
if (!algorithm || !key) return;
|
|
|
|
const keyType = key.asymmetricKeyType;
|
|
if (!keyType) return;
|
|
|
|
const allowedAlgorithms = allowedAlgorithmsForKeys[keyType];
|
|
|
|
if (!allowedAlgorithms) {
|
|
throw new Error(`Unknown key type "${keyType}".`);
|
|
}
|
|
|
|
if (!allowedAlgorithms.includes(algorithm)) {
|
|
throw new Error(`"alg" parameter for "${keyType}" key type must be one of: ${allowedAlgorithms.join(', ')}.`)
|
|
}
|
|
|
|
/*
|
|
* Ignore the next block from test coverage because it gets executed
|
|
* conditionally depending on the Node version. Not ignoring it would
|
|
* prevent us from reaching the target % of coverage for versions of
|
|
* Node under 15.7.0.
|
|
*/
|
|
/* istanbul ignore next */
|
|
if (ASYMMETRIC_KEY_DETAILS_SUPPORTED) {
|
|
switch (keyType) {
|
|
case 'ec':
|
|
const keyCurve = key.asymmetricKeyDetails.namedCurve;
|
|
const allowedCurve = allowedCurves[algorithm];
|
|
|
|
if (keyCurve !== allowedCurve) {
|
|
throw new Error(`"alg" parameter "${algorithm}" requires curve "${allowedCurve}".`);
|
|
}
|
|
break;
|
|
|
|
case 'rsa-pss':
|
|
if (RSA_PSS_KEY_DETAILS_SUPPORTED) {
|
|
const length = parseInt(algorithm.slice(-3), 10);
|
|
const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;
|
|
|
|
if (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm) {
|
|
throw new Error(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${algorithm}.`);
|
|
}
|
|
|
|
if (saltLength !== undefined && saltLength > length >> 3) {
|
|
throw new Error(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${algorithm}.`)
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|