crypto: fix subtle.getPublicKey error for secret type key inputs

PR-URL: https://github.com/nodejs/node/pull/59558 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2025-12-06 12:20:27 +01:00 · 2025-08-22 17:56:56 +02:00 · 2025-08-22 17:56:56 +02:00 · 7178e9141a
commit 7178e9141a
parent 3b4f9b26b1
2 changed files with 8 additions and 2 deletions
--- a/lib/internal/crypto/webcrypto.js
+++ b/lib/internal/crypto/webcrypto.js
@ -1090,7 +1090,8 @@ async function getPublicKey(key, keyUsages) {
  });

  if (key[kKeyType] !== 'private')
-    throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+    throw lazyDOMException('key must be a private key',
+                           key[kKeyType] === 'secret' ? 'NotSupportedError' : 'InvalidAccessError');

  const keyObject = createPublicKey(key[kKeyObject]);

--- a/test/parallel/test-webcrypto-get-public-key.mjs
+++ b/test/parallel/test-webcrypto-get-public-key.mjs
@ -41,11 +41,16 @@ for await (const { privateKey } of [
    name: 'SyntaxError',
    message: /Unsupported key usage/
  });
+
+  await assert.rejects(() => subtle.getPublicKey(publicKey, publicKey.usages), {
+    name: 'InvalidAccessError',
+    message: 'key must be a private key'
+  });
 }

 const secretKey = await subtle.generateKey(
  { name: 'AES-CBC', length: 128 }, true, ['encrypt', 'decrypt']);
 await assert.rejects(() => subtle.getPublicKey(secretKey, ['encrypt', 'decrypt']), {
-  name: 'InvalidAccessError',
+  name: 'NotSupportedError',
  message: 'key must be a private key'
 });