refactor: cleanup NODE-ED25519 workerd workarounds

panva · panva · commit 072e83de5bf3 · 2023-04-30T08:03:18.000+02:00
Both workerd and the live service now support the Ed25519 and X25519
identifiers.
diff --git a/src/jwks/remote.ts b/src/jwks/remote.ts
@@ -1,11 +1,21 @@
 import fetchJwks from '../runtime/fetch_jwks.js'
-import { isCloudflareWorkers } from '../runtime/env.js'
 
 import type { KeyLike, JWSHeaderParameters, FlattenedJWSInput } from '../types.d'
 import { JWKSInvalid, JWKSNoMatchingKey } from '../util/errors.js'
 
 import { isJWKSLike, LocalJWKSet } from './local.js'
 
+function isCloudflareWorkers() {
+  return (
+    // @ts-ignore
+    typeof WebSocketPair !== 'undefined' ||
+    // @ts-ignore
+    (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||
+    // @ts-ignore
+    (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel')
+  )
+}
+
 /** Options for the remote JSON Web Key Set. */
 export interface RemoteJWKSetOptions {
   /**
diff --git a/src/lib/crypto_key.ts b/src/lib/crypto_key.ts
@@ -1,5 +1,3 @@
-import { isCloudflareWorkers } from '../runtime/env.js'
-
 function unusable(name: string | number, prop = 'algorithm.name') {
   return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`)
 }
@@ -73,10 +71,6 @@ export function checkSigCryptoKey(key: CryptoKey, alg: string, ...usages: KeyUsa
     }
     case 'EdDSA': {
       if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {
-        if (isCloudflareWorkers()) {
-          if (isAlgorithm(key.algorithm, 'NODE-ED25519')) break
-          throw unusable('Ed25519, Ed448, or NODE-ED25519')
-        }
         throw unusable('Ed25519 or Ed448')
       }
       break
diff --git a/src/runtime/browser/asn1.ts b/src/runtime/browser/asn1.ts
@@ -1,4 +1,3 @@
-import { isCloudflareWorkers } from './env.js'
 import crypto, { isCryptoKey } from './webcrypto.js'
 import type { PEMExportFunction, PEMImportFunction } from '../interfaces.d'
 import invalidKeyInput from '../../lib/invalid_key_input.js'
@@ -143,31 +142,13 @@ const genericImport = async (
       throw new JOSENotSupported('Invalid or unsupported "alg" (Algorithm) value')
   }
 
-  try {
-    return await crypto.subtle.importKey(
-      keyFormat,
-      keyData,
-      algorithm,
-      options?.extractable ?? false,
-      keyUsages,
-    )
-  } catch (err) {
-    if (
-      algorithm.name === 'Ed25519' &&
-      (<Error>err)?.name === 'NotSupportedError' &&
-      isCloudflareWorkers()
-    ) {
-      algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' }
-      return await crypto.subtle.importKey(
-        keyFormat,
-        keyData,
-        algorithm,
-        options?.extractable ?? false,
-        keyUsages,
-      )
-    }
-    throw err
-  }
+  return crypto.subtle.importKey(
+    keyFormat,
+    keyData,
+    algorithm,
+    options?.extractable ?? false,
+    keyUsages,
+  )
 }
 
 export const fromPKCS8: PEMImportFunction = (pem, alg, options?) => {
diff --git a/src/runtime/browser/env.ts b/src/runtime/browser/env.ts
diff --git a/src/runtime/browser/generate.ts b/src/runtime/browser/generate.ts
@@ -1,4 +1,3 @@
-import { isCloudflareWorkers } from './env.js'
 import crypto from './webcrypto.js'
 import { JOSENotSupported } from '../../util/errors.js'
 import random from './random.js'
@@ -149,21 +148,7 @@ export async function generateKeyPair(alg: string, options?: GenerateKeyPairOpti
       throw new JOSENotSupported('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')
   }
 
-  try {
-    return <{ publicKey: CryptoKey; privateKey: CryptoKey }>(
-      await crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages)
-    )
-  } catch (err) {
-    if (
-      algorithm.name === 'Ed25519' &&
-      (<Error>err)?.name === 'NotSupportedError' &&
-      isCloudflareWorkers()
-    ) {
-      algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' }
-      return <{ publicKey: CryptoKey; privateKey: CryptoKey }>(
-        await crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages)
-      )
-    }
-    throw err
-  }
+  return <Promise<{ publicKey: CryptoKey; privateKey: CryptoKey }>>(
+    crypto.subtle.generateKey(algorithm, options?.extractable ?? false, keyUsages)
+  )
 }
diff --git a/src/runtime/browser/jwk_to_key.ts b/src/runtime/browser/jwk_to_key.ts
@@ -1,4 +1,3 @@
-import { isCloudflareWorkers } from './env.js'
 import crypto from './webcrypto.js'
 import type { JWKImportFunction } from '../interfaces.d'
 import { JOSENotSupported } from '../../util/errors.js'
@@ -150,18 +149,6 @@ const parse: JWKImportFunction = async (jwk: JWK): Promise<CryptoKey> => {
   const keyData: JWK = { ...jwk }
   delete keyData.alg
   delete keyData.use
-  try {
-    return await crypto.subtle.importKey('jwk', keyData, ...rest)
-  } catch (err) {
-    if (
-      algorithm.name === 'Ed25519' &&
-      (<Error>err)?.name === 'NotSupportedError' &&
-      isCloudflareWorkers()
-    ) {
-      rest[0] = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' }
-      return await crypto.subtle.importKey('jwk', keyData, ...rest)
-    }
-    throw err
-  }
+  return crypto.subtle.importKey('jwk', keyData, ...rest)
 }
 export default parse
diff --git a/src/runtime/browser/subtle_dsa.ts b/src/runtime/browser/subtle_dsa.ts
@@ -1,4 +1,3 @@
-import { isCloudflareWorkers } from './env.js'
 import { JOSENotSupported } from '../../util/errors.js'
 
 export default function subtleDsa(alg: string, algorithm: KeyAlgorithm | EcKeyAlgorithm) {
@@ -22,10 +21,6 @@ export default function subtleDsa(alg: string, algorithm: KeyAlgorithm | EcKeyAl
     case 'ES512':
       return { hash, name: 'ECDSA', namedCurve: (<EcKeyAlgorithm>algorithm).namedCurve }
     case 'EdDSA':
-      if (isCloudflareWorkers() && algorithm.name === 'NODE-ED25519') {
-        return { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' }
-      }
-
       return { name: algorithm.name }
     default:
       throw new JOSENotSupported(
diff --git a/src/runtime/node/env.ts b/src/runtime/node/env.ts

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,3 @@`
`1`		`-import { isCloudflareWorkers } from '../runtime/env.js'`
`2`		`-`
`3`	`1`	`function unusable(name: string \| number, prop = 'algorithm.name') {`
`4`	`2`	return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`)
`5`	`3`	`}`
`@@ -73,10 +71,6 @@ export function checkSigCryptoKey(key: CryptoKey, alg: string, ...usages: KeyUsa`
`73`	`71`	`}`
`74`	`72`	`case 'EdDSA': {`
`75`	`73`	`if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {`
`76`		`- if (isCloudflareWorkers()) {`
`77`		`- if (isAlgorithm(key.algorithm, 'NODE-ED25519')) break`
`78`		`- throw unusable('Ed25519, Ed448, or NODE-ED25519')`
`79`		`- }`
`80`	`74`	`throw unusable('Ed25519 or Ed448')`
`81`	`75`	`}`
`82`	`76`	`break`