1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import type QUnit from 'qunit'import * as lib from '../src/index.js'
const client = <lib.Client>{  client_id: 'urn:example:client_id',}const identifier = 'https://op.example.com'const issuer = <lib.AuthorizationServer>{  issuer: identifier,}
export default async (QUnit: QUnit) => {  const { module, test } = QUnit  module('modulus_length.ts')
  for (const [alg, { privateKey, publicKey }] of Object.entries({    RS256: await lib.generateKeyPair('RS256', { modulusLength: 1024 }),    PS256: await lib.generateKeyPair('PS256', { modulusLength: 1024 }),  })) {    test(`(DPoP) ${alg} private key modulus length must be at least 2048 bits long`, async (t) => {      await t.rejects(        lib.protectedResourceRequest(          'accessToken',          'GET',          new URL('https://rs.example.com/api'),          new Headers(),          null,          { DPoP: { privateKey, publicKey } },        ),        (err: Error) => {          t.propContains(err, {            message: `${privateKey.algorithm.name} modulusLength must be at least 2048 bits`,          })          return true        },      )    })
    test(`(private_key_jwt) ${alg} private key modulus length must be at least 2048 bits long`, async (t) => {      await t.rejects(        lib.pushedAuthorizationRequest(          {            ...issuer,            pushed_authorization_request_endpoint: `${issuer.issuer}/par`,          },          {            ...client,            token_endpoint_auth_method: 'private_key_jwt',          },          new URLSearchParams(),          { clientPrivateKey: privateKey },        ),        (err: Error) => {          t.propContains(err, {            message: `${privateKey.algorithm.name} modulusLength must be at least 2048 bits`,          })          return true        },      )    })  }}