crypto: fix subtle.getPublicKey error for secret type key inputs

panva · targos · commit b7383186c748 · 2025-08-24T09:09:10.000+02:00
PR-URL: #59558 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -1090,7 +1090,8 @@ async function getPublicKey(key, keyUsages){
 });
 
 if (key[kKeyType] !== 'private')
- throw lazyDOMException('key must be a private key', 'InvalidAccessError');
+ throw lazyDOMException('key must be a private key',
+ key[kKeyType] === 'secret' ? 'NotSupportedError' : 'InvalidAccessError');
 
 const keyObject = createPublicKey(key[kKeyObject]);
 
diff --git a/test/parallel/test-webcrypto-get-public-key.mjs b/test/parallel/test-webcrypto-get-public-key.mjs
@@ -41,11 +41,16 @@ for await (const{privateKey } of [
 name: 'SyntaxError',
 message: /Unsupported key usage/
 });
+
+ await assert.rejects(() => subtle.getPublicKey(publicKey, publicKey.usages),{
+ name: 'InvalidAccessError',
+ message: 'key must be a private key'
+ });
 }
 
 const secretKey = await subtle.generateKey(
{name: 'AES-CBC', length: 128 }, true, ['encrypt', 'decrypt']);
 await assert.rejects(() => subtle.getPublicKey(secretKey, ['encrypt', 'decrypt']),{
- name: 'InvalidAccessError',
+ name: 'NotSupportedError',
 message: 'key must be a private key'
 });

-Original file line number
+Diff line change
 });
 if(key[kKeyType]!=='private')
 -throwlazyDOMException('key must be a private key','InvalidAccessError');
 +throwlazyDOMException('key must be a private key',
 +key[kKeyType]==='secret' ? 'NotSupportedError' : 'InvalidAccessError');
 constkeyObject=createPublicKey(key[kKeyObject]);