bundle sizes

Author: manfredsteyer

angular.json

@@ -130,28 +130,7 @@
         }
       }
     },
-    "sample-e2e": {
-      "root": "projects/sample-e2e/",
-      "projectType": "application",
-      "architect": {
-        "e2e": {
-          "builder": "@angular-devkit/build-angular:protractor",
-          "options": {
-            "protractorConfig": "projects/sample-e2e/protractor.conf.js",
-            "devServerTarget": "sample:serve"
-          }
-        },
-        "lint": {
-          "builder": "@angular-devkit/build-angular:tslint",
-          "options": {
-            "tsConfig": "projects/sample-e2e/tsconfig.e2e.json",
-            "exclude": [
-              "**/node_modules/**"
-            ]
-          }
-        }
-      }
-    },
+
     "quickstart-demo": {
       "projectType": "application",
       "schematics": {},
@@ -264,6 +243,42 @@
           }
         }
       }
+    },
+
+    "angular-oauth2-oidc-jwks": {
+      "projectType": "library",
+      "root": "projects/angular-oauth2-oidc-jwks",
+      "sourceRoot": "projects/angular-oauth2-oidc-jwks/src",
+      "prefix": "lib",
+      "architect": {
+        "build": {
+          "builder": "@angular-devkit/build-ng-packagr:build",
+          "options": {
+            "tsConfig": "projects/angular-oauth2-oidc-jwks/tsconfig.lib.json",
+            "project": "projects/angular-oauth2-oidc-jwks/ng-package.json"
+          }
+        },
+        "test": {
+          "builder": "@angular-devkit/build-angular:karma",
+          "options": {
+            "main": "projects/angular-oauth2-oidc-jwks/src/test.ts",
+            "tsConfig": "projects/angular-oauth2-oidc-jwks/tsconfig.spec.json",
+            "karmaConfig": "projects/angular-oauth2-oidc-jwks/karma.conf.js"
+          }
+        },
+        "lint": {
+          "builder": "@angular-devkit/build-angular:tslint",
+          "options": {
+            "tsConfig": [
+              "projects/angular-oauth2-oidc-jwks/tsconfig.lib.json",
+              "projects/angular-oauth2-oidc-jwks/tsconfig.spec.json"
+            ],
+            "exclude": [
+              "**/node_modules/**"
+            ]
+          }
+        }
+      }
     }
   },
   "schematics": {

package.json

@@ -36,6 +36,7 @@
     "rxjs-compat": "^6.5.2",
     "text-encoder-lite": "^1.0.1",
     "tsickle": "^0.35.0",
+    "tslib": "^1.9.0",
     "zone.js": "^0.9.1"
   },
   "devDependencies": {
@@ -63,6 +64,7 @@
     "prettier": "1.18.2",
     "protractor": "~5.4.2",
     "ts-node": "~8.3.0",
+    "tsickle": "^0.35.0",
     "tslib": "^1.9.0",
     "tslint": "~5.18.0",
     "typescript": "3.4.5"

projects/angular-oauth2-oidc-jwks/README.md

@@ -0,0 +1,24 @@
+# AngularOauth2OidcJwks
+
+This library was generated with [Angular CLI](https://github.com/angular/angular-cli) version 8.0.1.
+
+## Code scaffolding
+
+Run `ng generate component component-name --project angular-oauth2-oidc-jwks` to generate a new component. You can also use `ng generate directive|pipe|service|class|guard|interface|enum|module --project angular-oauth2-oidc-jwks`.
+> Note: Don't forget to add `--project angular-oauth2-oidc-jwks` or else it will be added to the default project in your `angular.json` file. 
+
+## Build
+
+Run `ng build angular-oauth2-oidc-jwks` to build the project. The build artifacts will be stored in the `dist/` directory.
+
+## Publishing
+
+After building your library with `ng build angular-oauth2-oidc-jwks`, go to the dist folder `cd dist/angular-oauth2-oidc-jwks` and run `npm publish`.
+
+## Running unit tests
+
+Run `ng test angular-oauth2-oidc-jwks` to execute the unit tests via [Karma](https://karma-runner.github.io).
+
+## Further help
+
+To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI README](https://github.com/angular/angular-cli/blob/master/README.md).

projects/angular-oauth2-oidc-jwks/karma.conf.js

@@ -0,0 +1,32 @@
+// Karma configuration file, see link for more information
+// https://karma-runner.github.io/1.0/config/configuration-file.html
+
+module.exports = function (config) {
+  config.set({
+    basePath: '',
+    frameworks: ['jasmine', '@angular-devkit/build-angular'],
+    plugins: [
+      require('karma-jasmine'),
+      require('karma-chrome-launcher'),
+      require('karma-jasmine-html-reporter'),
+      require('karma-coverage-istanbul-reporter'),
+      require('@angular-devkit/build-angular/plugins/karma')
+    ],
+    client: {
+      clearContext: false // leave Jasmine Spec Runner output visible in browser
+    },
+    coverageIstanbulReporter: {
+      dir: require('path').join(__dirname, '../../coverage/angular-oauth2-oidc-jwks'),
+      reports: ['html', 'lcovonly'],
+      fixWebpackSourcePaths: true
+    },
+    reporters: ['progress', 'kjhtml'],
+    port: 9876,
+    colors: true,
+    logLevel: config.LOG_INFO,
+    autoWatch: true,
+    browsers: ['Chrome'],
+    singleRun: false,
+    restartOnFileChange: true
+  });
+};

projects/angular-oauth2-oidc-jwks/ng-package.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "../../node_modules/ng-packagr/ng-package.schema.json",
+  "dest": "../../dist/angular-oauth2-oidc-jwks",
+  "lib": {
+    "entryFile": "src/public-api.ts"
+  }
+}

projects/angular-oauth2-oidc-jwks/package.json

@@ -0,0 +1,7 @@
+{
+  "name": "angular-oauth2-oidc-jwks",
+  "version": "9.0.0",
+  "dependencies": {
+    "jsrsasign": "^8.0.12"
+  }
+}

projects/angular-oauth2-oidc-jwks/src/lib/jwks-validation-handler.ts

@@ -0,0 +1,150 @@
+import * as rs from 'jsrsasign';
+import { AbstractValidationHandler, ValidationParams } from 'angular-oauth2-oidc';
+
+/**
+ * Validates the signature of an id_token against one
+ * of the keys of an JSON Web Key Set (jwks).
+ *
+ * This jwks can be provided by the discovery document.
+ */
+export class JwksValidationHandler extends AbstractValidationHandler {
+  /**
+   * Allowed algorithms
+   */
+  allowedAlgorithms: string[] = [
+    'HS256',
+    'HS384',
+    'HS512',
+    'RS256',
+    'RS384',
+    'RS512',
+    'ES256',
+    'ES384',
+    'PS256',
+    'PS384',
+    'PS512'
+  ];
+
+  /**
+   * Time period in seconds the timestamp in the signature can
+   * differ from the current time.
+   */
+  gracePeriodInSec = 600;
+
+  validateSignature(params: ValidationParams, retry = false): Promise<any> {
+    if (!params.idToken) throw new Error('Parameter idToken expected!');
+    if (!params.idTokenHeader)
+      throw new Error('Parameter idTokenHandler expected.');
+    if (!params.jwks) throw new Error('Parameter jwks expected!');
+
+    if (
+      !params.jwks['keys'] ||
+      !Array.isArray(params.jwks['keys']) ||
+      params.jwks['keys'].length === 0
+    ) {
+      throw new Error('Array keys in jwks missing!');
+    }
+
+    // console.debug('validateSignature: retry', retry);
+
+    let kid: string = params.idTokenHeader['kid'];
+    let keys: object[] = params.jwks['keys'];
+    let key: object;
+
+    let alg = params.idTokenHeader['alg'];
+
+    if (kid) {
+      key = keys.find(k => k['kid'] === kid /* && k['use'] === 'sig' */);
+    } else {
+      let kty = this.alg2kty(alg);
+      let matchingKeys = keys.filter(
+        k => k['kty'] === kty && k['use'] === 'sig'
+      );
+
+      /*
+            if (matchingKeys.length == 0) {
+                let error = 'No matching key found.';
+                console.error(error);
+                return Promise.reject(error);
+            }*/
+      if (matchingKeys.length > 1) {
+        let error =
+          'More than one matching key found. Please specify a kid in the id_token header.';
+        console.error(error);
+        return Promise.reject(error);
+      } else if (matchingKeys.length === 1) {
+        key = matchingKeys[0];
+      }
+    }
+
+    if (!key && !retry && params.loadKeys) {
+      return params
+        .loadKeys()
+        .then(loadedKeys => (params.jwks = loadedKeys))
+        .then(_ => this.validateSignature(params, true));
+    }
+
+    if (!key && retry && !kid) {
+      let error = 'No matching key found.';
+      console.error(error);
+      return Promise.reject(error);
+    }
+
+    if (!key && retry && kid) {
+      let error =
+        'expected key not found in property jwks. ' +
+        'This property is most likely loaded with the ' +
+        'discovery document. ' +
+        'Expected key id (kid): ' +
+        kid;
+
+      console.error(error);
+      return Promise.reject(error);
+    }
+
+    let keyObj = rs.KEYUTIL.getKey(key);
+    let validationOptions = {
+      alg: this.allowedAlgorithms,
+      gracePeriod: this.gracePeriodInSec
+    };
+    let isValid = rs.KJUR.jws.JWS.verifyJWT(
+      params.idToken,
+      keyObj,
+      validationOptions
+    );
+
+    if (isValid) {
+      return Promise.resolve();
+    } else {
+      return Promise.reject('Signature not valid');
+    }
+  }
+
+  private alg2kty(alg: string) {
+    switch (alg.charAt(0)) {
+      case 'R':
+        return 'RSA';
+      case 'E':
+        return 'EC';
+      default:
+        throw new Error('Cannot infer kty from alg: ' + alg);
+    }
+  }
+
+  calcHash(valueToHash: string, algorithm: string): Promise<string> {
+    let hashAlg = new rs.KJUR.crypto.MessageDigest({ alg: algorithm });
+    let result = hashAlg.digestString(valueToHash);
+    let byteArrayAsString = this.toByteArrayAsString(result);
+    return Promise.resolve(byteArrayAsString);
+  }
+
+  toByteArrayAsString(hexString: string) {
+    let result = '';
+    for (let i = 0; i < hexString.length; i += 2) {
+      let hexDigit = hexString.charAt(i) + hexString.charAt(i + 1);
+      let num = parseInt(hexDigit, 16);
+      result += String.fromCharCode(num);
+    }
+    return result;
+  }
+}

projects/angular-oauth2-oidc-jwks/src/public-api.ts

@@ -0,0 +1 @@
+export * from './lib/jwks-validation-handler';

projects/angular-oauth2-oidc-jwks/src/test.ts

@@ -0,0 +1,21 @@
+// This file is required by karma.conf.js and loads recursively all the .spec and framework files
+
+import 'zone.js/dist/zone';
+import 'zone.js/dist/zone-testing';
+import { getTestBed } from '@angular/core/testing';
+import {
+  BrowserDynamicTestingModule,
+  platformBrowserDynamicTesting
+} from '@angular/platform-browser-dynamic/testing';
+
+declare const require: any;
+
+// First, initialize the Angular testing environment.
+getTestBed().initTestEnvironment(
+  BrowserDynamicTestingModule,
+  platformBrowserDynamicTesting()
+);
+// Then we find all the tests.
+const context = require.context('./', true, /\.spec\.ts$/);
+// And load the modules.
+context.keys().map(context);

projects/angular-oauth2-oidc-jwks/tsconfig.lib.json

@@ -0,0 +1,26 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "../../out-tsc/lib",
+    "target": "es2015",
+    "declaration": true,
+    "inlineSources": true,
+    "types": [],
+    "lib": [
+      "dom",
+      "es2018"
+    ]
+  },
+  "angularCompilerOptions": {
+    "annotateForClosureCompiler": true,
+    "skipTemplateCodegen": true,
+    "strictMetadataEmit": true,
+    "fullTemplateTypeCheck": true,
+    "strictInjectionParameters": true,
+    "enableResourceInlining": true
+  },
+  "exclude": [
+    "src/test.ts",
+    "**/*.spec.ts"
+  ]
+}