Merge remote-tracking branch 'thibault/upgrade-privacypass-ts' into arbitrary_batched_toknes

Author: lbaquerofierro

package-lock.json

@@ -34,15 +34,15 @@
 		}
 	},
 	"devDependencies": {
-		"@cloudflare/blindrsa-ts": "0.3.2",
+		"@cloudflare/blindrsa-ts": "file:./vendor/cloudflare-blindrsa-ts-0.4.2.tgz",
 		"@cloudflare/workers-types": "4.20240605.0",
 		"@types/jest": "29.5.11",
 		"@typescript-eslint/eslint-plugin": "6.21.0",
 		"@typescript-eslint/parser": "6.21.0",
 		"commander": "12.1.0",
 		"dotenv": "16.4.0",
 		"esbuild": "0.25.0",
-		"eslint": "8.56.0",
+		"eslint": "8.57.0",
 		"eslint-config-prettier": "9.1.0",
 		"eslint-config-typescript": "3.0.0",
 		"git-rev-sync": "3.0.2",
@@ -63,5 +63,8 @@
 		"promjs": "0.4.2",
 		"toucan-js": "3.3.1",
 		"typescript": "5.3.3"
+	},
+	"overrides": {
+		"@cloudflare/blindrsa-ts": "file:./vendor/cloudflare-blindrsa-ts-0.4.2.tgz"
 	}
 }

package.json

@@ -149,15 +149,19 @@ export async function testTokenRequest(client, origin, issuerName: string, mTLS?
 	});
 
 	if (!response.ok) {
-		throw new Error(`Issuer request failed: ${response.status} ${response.statusText}`);
+		throw new Error(
+			`Issuer request failed: ${response.status} ${response.statusText}\n${await response.text()}`
+		);
 	}
 
 	const tokenResponse = publicVerif.TokenResponse.deserialize(
 		new Uint8Array(await response.arrayBuffer())
 	);
 	const token = await client.finalize(tokenResponse);
 
+	const origin = new Origin(BlindRSAMode.PSS);
 	return (
+		(await origin.verify(token, issuerPublicKey)) &&
 		(await origin.verify(token, issuerPublicKey)) &&
 		response.headers.get('Content-Type') === MediaType.PRIVATE_TOKEN_RESPONSE
 	);

test/e2e/issuer.ts

@@ -21,6 +21,7 @@ import {
 	MediaType,
 	PRIVATE_TOKEN_ISSUER_DIRECTORY,
 	publicVerif,
+	TOKEN_TYPES,
 	util,
 } from '@cloudflare/privacypass-ts';
 import { getDirectoryCache } from '../src/cache';
@@ -77,7 +78,7 @@ describe('challenge handlers', () => {
 		const tokenKeyId = await keyToTokenKeyID(new TextEncoder().encode(publicKeyEnc));
 
 		// note that blindedMsg should be the payload and not the message directly
-		const tokenRequest = new TokenRequest(tokenKeyId, blindedMsg, BLIND_RSA);
+		const tokenRequest = new TokenRequest(tokenKeyId, blindedMsg, TOKEN_TYPES.BLIND_RSA);
 
 		const request = new Request(tokenRequestURL, {
 			method: 'POST',