JS 解码 JWS 字符串：解析和验证 JSON Web 签名

这是一段 JavaScript 代码，其中包含一个名为_0x1a2ae8的异步函数和一些辅助函数。要解码该代码，我们需要对其进行逆向工程。/n/n经过反混淆和重命名变量，以下是解码后的代码：/n/njavascript/nasync function decodeJWS(payload, key, options) {/n if (payload instanceof Uint8Array) {/n payload = TextDecoder.decode(payload);/n }/n/n if (typeof payload !== 'string') {/n throw new Error('Invalid JWS payload');/n }/n/n const [header, protectedHeader, signature] = payload.split('.');/n/n if (header.length !== 3) {/n throw new Error('Invalid JWS format');/n }/n/n const decodedPayload = await async function (jws, verifyKey, additionalOptions) {/n if (!isObject(jws)) {/n throw new Error('Flattened JWS must be an object');/n }/n/n if (jws.payload === undefined && jws.header === undefined) {/n throw new Error('Invalid JWS');/n }/n/n if (jws.protected !== undefined && typeof jws.protected !== 'string') {/n throw new Error('Invalid JWS protected header');/n }/n/n if (jws.payload === undefined) {/n throw new Error('JWS Payload missing');/n }/n/n if (typeof jws.signature !== 'string') {/n throw new Error('JWS Signature missing or incorrect type');/n }/n/n if (jws.unprotected !== undefined && !isObject(jws.unprotected)) {/n throw new Error('JWS Unprotected Header incorrect type');/n }/n/n let header = {};/n/n if (jws.protected) {/n try {/n const decodedHeader = JSON.parse(base64url.decode(jws.protected));/n header = { ...decodedHeader };/n } catch (error) {/n throw new Error('Invalid JWS protected header');/n }/n }/n/n if (!deepEqual(header, jws.header)) {/n throw new Error('Invalid JWS header');/n }/n/n const mergedHeader = { ...header, ...jws.unprotected };/n/n let isFlattened = true;/n/n if (isBooleanClaim('crit', new Map([['crit', true]]), additionalOptions?.crit, header, mergedHeader).result) {/n isFlattened = header.crit;/n/n if (typeof isFlattened !== 'boolean') {/n throw new Error('Invalid JWS flattened');/n }/n }/n/n const { alg: algorithm } = mergedHeader;/n/n if (typeof algorithm !== 'string' || !algorithm) {/n throw new Error('Invalid JWS algorithm');/n }/n/n const allowedAlgorithms = options && options.algorithms;/n/n if (allowedAlgorithms && !allowedAlgorithms.includes(algorithm)) {/n throw new Error('Invalid JWS algorithm');/n }/n/n let verified = false;/n/n if (typeof verifyKey === 'function') {/n verifyKey = await verifyKey(header, jws);/n verified = true;/n }/n/n checkAlgorithm(algorithm, verifyKey, 'JWS Signing');/n/n const signingInput = base64url.encode((jws.protected ?? '') + '.' + (typeof jws.payload === 'string' ? base64url.encode(jws.payload) : jws.payload));/n const signature = base64url.decode(jws.signature);/n/n if (!await verify(algorithm, verifyKey, signature, signingInput)) {/n throw new Error('Invalid JWS signature');/n }/n/n let decodedPayload;/n/n if (isFlattened) {/n decodedPayload = base64url.decode(jws.payload);/n } else if (typeof jws.payload === 'string' || jws.payload instanceof Uint8Array) {/n decodedPayload = jws.payload;/n }/n/n const result = {/n payload: decodedPayload/n };/n/n if (jws.protected !== undefined) {/n result.protectedHeader = header;/n }/n/n if (jws.header !== undefined) {/n result.unprotectedHeader = jws.header;/n }/n/n return verified ? { ...result, key: verifyKey } : result;/n }({ /n payload: payload,/n protected: protectedHeader,/n signature: signature/n }, key, options);/n/n const output = {/n payload: decodedPayload.payload,/n protectedHeader: decodedPayload.protectedHeader/n };/n/n if (typeof key === 'function') {/n output.key = decodedPayload.key;/n }/n/n return output;/n}/n/nconst secondsPerDay = 86400;/nconst durationRegex = /^(/d+|/d+/./d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i;/n/nconst parseDuration = (duration) => {/n const match = durationRegex.exec(duration);/n/n if (!match) {/n throw new TypeError('Invalid duration');/n }/n/n const value = parseFloat(match[1]);/n/n switch (match[2].toLowerCase()) {/n case 'sec':/n case 'secs':/n case 's':/n return Math.round(value);/n case 'min':/n case 'mins':/n case 'm':/n return Math.round(60 * value);/n case 'hour':/n case 'hours':/n case 'hr':/n case 'hrs':/n case 'h':/n return Math.round(3600 * value);/n case 'day':/n case 'days':/n case 'd':/n return Math.round(value * secondsPerDay);/n case 'week':/n case 'weeks':/n case 'w':/n return Math.round(7 * secondsPerDay * value);/n default:/n return Math.round(365 * secondsPerDay * value);/n }/n}/n/n/n这段代码是一个用于解码JWS（JSON Web Signature）的函数。它接受一个JWS字符串作为输入，解码并验证该JWS，然后返回解码后的payload和header。/n/n注意：该代码中使用了一些辅助函数和常量，这些函数和常量没有包含在给出的代码片段中。为了让这段代码能够正常工作，你需要在代码中添加这些辅