(privateKey: string)
| 119 | } |
| 120 | |
| 121 | async function importSigningKey(privateKey: string): Promise<CryptoKey> { |
| 122 | const pem = normalizePem(privateKey); |
| 123 | const der = pemToDer(pem); |
| 124 | const pkcs8 = /BEGIN RSA PRIVATE KEY/.test(pem) ? pkcs1ToPkcs8(der) : der; |
| 125 | return crypto.subtle.importKey( |
| 126 | "pkcs8", |
| 127 | pkcs8 as BufferSource, |
| 128 | { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, |
| 129 | false, |
| 130 | ["sign"], |
| 131 | ); |
| 132 | } |
| 133 | |
| 134 | /** Mint a short-lived App JWT (valid ~9 min, iat backdated for clock skew). */ |
| 135 | async function mintAppJwt(creds: GithubAppCredentials): Promise<string> { |
no test coverage detected