Solving buffer.readUIntBE is not a function reading a JWKS key with NodeRSA 

Recently while trying to read a public key in from a JWKS endpoint I was stumped by an error when importing the public key using [NodeRSA](https://github.com/rzcoder/node-rsa). My code looked like this:

```Typescript
  return rsa.importKey(
    {
      n: Buffer.from(jwksKey.n),
      e: jwksKey.e,
    },
    "components-public"
  );
```

The error was:

```bash
TypeError: buffer.readUIntBE is not a function
    at Object.module.exports.get32IntFromBuffer (C:\dev\jwttest\node_modules\node-rsa\src\utils.js:43:27)
    at RSAKey.module.exports.Key.RSAKey.setPublic (C:\dev\jwttest\node_modules\node-rsa\src\libs\rsa.js:172:48)
    at Object.publicImport (C:\dev\jwttest\node_modules\node-rsa\src\formats\components.js:44:17)
    at Object.detectAndImport (C:\dev\jwttest\node_modules\node-rsa\src\formats\formats.js:65:48)
    at NodeRSA.module.exports.NodeRSA.importKey (C:\dev\jwttest\node_modules\node-rsa\src\NodeRSA.js:183:22)
    at C:\dev\jwttest\dist\jwks.js:53:20
    at Generator.next ()
    at fulfilled (C:\dev\jwttest\dist\jwks.js:5:58)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
```

I couldn't see any issue with the way I was setting up the buffer. I was able to log the contents out. Everything looked correct. When I searched for `buffer.readUIntBE is not a function` I found nothing useful. It left my scratching my head and saying "What the damn hell!?".



Eventually I worked it out. The issue wasn't with th buffer I had so much as the one I didn't. I had been let down by own poor use of the Typescript type system. I had assumed that since the code was compiling that I was passing correct values and skipping reading the documentation. The mistake I had made was that the JWKS spec sets up the [`e` (Exponent) parameter](https://tools.ietf.org/html/rfc7518#section-6.3.1.2) as a Base64urlUInt-encoded string value and the `new NodeRSA().importKey({n,e}, "public-components")` api takes a `number`or a `Buffer` as the `n` parameter.  

In this case the error I was saying that `buffer.readUIntBE is not a function` where `buffer` is a `string` not a `Buffer`

Comments

Post a Comment

Popular posts from this blog

Solving `Empty reply from server` in DotNet Core

tldr; If you’re getting  curl: (52) Empty reply from server  check that you’ve configured Kestrel correctly. Long version I’ve started playing with Dotnet Core and Docker and have had a few issues getting started. I’ve had a little bit of experience with Docker, though only a little. I’ve worked with DotNet previously but never with Core. Environment The setup I’m using is a Windows laptop running Vagrant. Via Vagrant I’m running an Ubuntu Virtual Machine with the Docker run time installed. Feels a litle like inception. Key Problem The key problem that I’ve had getting started was having my Docker container not responding correctly to my curl commands. I get this: curl: (56) Recv failure: Connection reset by peer curl: (52) Empty reply from server Given that I’m not all that familliar with Docker or Dotnet Core I decided to remove one of the variables and set up a simple Express app in a different docker container. This validated that the commmand I was using to run
Read more

Testing functions that use local storage with Jest

Testing functions that use the browsers local storage API seems easy when you know how. Here's a quick run down on how to mock it out with Jest if, like me, you're not familiar with how to test it. In the end it's very little code. Consider the following TypeScript code. import { get, save, key } from "./storage"; describe(save, () => { let setItem: jest.Mock; beforeEach(() => { setItem = jest.fn(); Storage.prototype.setItem = setItem; }); it("should call set item with predefined key and json object", () => { const valueToStore = { value: "toStore" }; save(valueToStore); expect(setItem).toHaveBeenCalledWith(key, JSON.stringify(valueToStore)); }); }); The key lines are in the beforeEach call where the setItem function of the Storage prototype is assigned to an instance of jest.fn() . This allows us to make assertions on what is passed to the local storage setItem API.
Read more

Building a verify JWT function in TypeScript

# Verifying an RS232 signed JWT JSON Web Tokens (JWT) are used as a way to verify the identity of the caller of an API. **The best way to verify a JWT is to use a verification library.** I wanted to have a look at some of what those libraries are doing under the hood by putting together a function that will return if a given token is valid. In this blog I'll go through what I have done to get a validation function working. To simplify things assume: - That the signing algorithm is RS232 all others are considered invalid. - That the public keys are available on a JWKS url provided to the function eg [https://klee-test.au.auth0.com/.well-known/jwks.json](https://klee-test.au.auth0.com/.well-known/jwks.json) - I only want to know if the token was signed by a key available at the above url. I wont be checking if the token has expired, if the scopes or other claims are valid. # Break up the token A JWT is made up to 3 parts. The first thing to do in validating the token is to brea
Read more