import crypto from 'isomorphic-webcrypto';
import * as algos from 'jose-algorithms';
import { importKey } from 'jwk-lite';
import { fromBase64Url, fromBinaryString, toBase64Url, toBinaryString } from 'b64u-lite';
import { fromBuffer, toUint8Array } from 'str2buf';

function decode(token) {
    if ( token === void 0 ) token = '';

    var parts = token.split('.');
    if (parts.length !== 3) 
        { throw new Error('token must have 3 parts'); }
    return {
        header: JSON.parse(fromBase64Url(parts[0])),
        payload: fromBase64Url(parts[1]),
        signedContent: toUint8Array(parts[0] + '.' + parts[1]),
        signature: toUint8Array(toBinaryString(parts[2]))
    };
}

function sign(payload, key, header) {
    if ( header === void 0 ) header = {};

    var alg = header.alg;
    return new Promise(function (resolve) {
        header.alg = (alg = alg || key.alg);
        if (!algos[alg]) 
            { throw new Error(("alg must be one of " + (Object.keys(algos)))); }
        resolve(toBase64Url(JSON.stringify(header)) + '.' + toBase64Url(payload));
    }).then(function (payloadString) {
        var buffer = toUint8Array(payloadString);
        return importKey(key, {
            alg: alg
        }).then(function (signingKey) {
            var algo = Object.assign({}, algos[alg]);
            delete algo.namedCurve;
            return crypto.subtle.sign(algo, signingKey, buffer);
        }).then(function (signature) { return payloadString + '.' + fromBinaryString(fromBuffer(signature)); });
    });
}

function verify(token, key, ref) {
    if ( ref === void 0 ) ref = {};
    var algorithms = ref.algorithms;

    algorithms = algorithms || Object.keys(algos);
    return new Promise(function (resolve) {
        resolve(decode(token));
    }).then(function (jws) {
        if (algorithms && !algorithms.includes(jws.header.alg)) 
            { throw new Error(("alg must be one of " + algorithms)); }
        if (!algos[jws.header.alg]) 
            { throw new Error(("alg must be one of " + (Object.keys(algos)))); }
        return importKey(key, {
            alg: jws.header.alg
        }).then(function (verifyingKey) { return crypto.subtle.verify(algos[jws.header.alg], verifyingKey, jws.signature, jws.signedContent); }).then(function (result) {
            if (!result) 
                { throw new Error('invalid token signature'); }
            return jws.payload;
        });
    });
}

export { decode, sign, verify };
//# sourceMappingURL=jws-lite.mjs.map