@atproto/jwk-webcrypto 0.1.10 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @atproto/jwk-webcrypto
2
2
 
3
+ ## 0.2.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies [[`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815)]:
12
+ - @atproto/jwk@0.6.0
13
+ - @atproto/jwk-jose@0.1.11
14
+
3
15
  ## 0.1.10
4
16
 
5
17
  ### Patch Changes
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC","sourcesContent":["export * from './webcrypto-key.js'\n"]}
package/dist/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC","sourcesContent":["export type JWSAlgorithm =\n // HMAC\n | 'HS256'\n | 'HS384'\n | 'HS512'\n // RSA\n | 'PS256'\n | 'PS384'\n | 'PS512'\n | 'RS256'\n | 'RS384'\n | 'RS512'\n // EC\n | 'ES256'\n | 'ES256K'\n | 'ES384'\n | 'ES512'\n // OKP\n | 'EdDSA'\n\nexport type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams\n\nexport function toSubtleAlgorithm(\n alg: string,\n crv?: string,\n options?: { modulusLength?: number },\n): SubtleAlgorithm {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'ES256':\n case 'ES384':\n return {\n name: 'ECDSA',\n namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,\n }\n case 'ES512':\n return {\n name: 'ECDSA',\n namedCurve: 'P-521',\n }\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unsupported alg \"${alg}\"`)\n }\n}\n\nexport function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {\n switch (algorithm.name) {\n case 'RSA-PSS':\n case 'RSASSA-PKCS1-v1_5': {\n const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name\n switch (hash) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'\n return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`\n }\n default:\n throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')\n }\n }\n case 'ECDSA': {\n const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve\n switch (namedCurve) {\n case 'P-256':\n case 'P-384':\n case 'P-512':\n return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`\n case 'P-521':\n return 'ES512'\n default:\n throw new TypeError('unsupported EcKeyAlgorithm namedCurve')\n }\n }\n case 'Ed448':\n case 'Ed25519':\n return 'EdDSA'\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unexpected algorithm \"${algorithm.name}\"`)\n }\n}\n\nexport function isCryptoKeyPair(\n v: unknown,\n extractable?: boolean,\n): v is CryptoKeyPair {\n return (\n typeof v === 'object' &&\n v !== null &&\n 'privateKey' in v &&\n v.privateKey instanceof CryptoKey &&\n v.privateKey.type === 'private' &&\n (extractable == null || v.privateKey.extractable === extractable) &&\n v.privateKey.usages.includes('sign') &&\n 'publicKey' in v &&\n v.publicKey instanceof CryptoKey &&\n v.publicKey.type === 'public' &&\n v.publicKey.extractable === true &&\n v.publicKey.usages.includes('verify')\n )\n}\n"]}
@@ -1,538 +1,11 @@
1
- import { z } from 'zod';
1
+ import { Jwk } from '@atproto/jwk';
2
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
3
- export declare const jwkWithAlgSchema: z.ZodIntersection<z.ZodEffects<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
4
- kty: z.ZodString;
5
- alg: z.ZodOptional<z.ZodString>;
6
- kid: z.ZodOptional<z.ZodString>;
7
- ext: z.ZodOptional<z.ZodBoolean>;
8
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
9
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
10
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
11
- x5t: z.ZodOptional<z.ZodString>;
12
- 'x5t#S256': z.ZodOptional<z.ZodString>;
13
- x5u: z.ZodOptional<z.ZodString>;
14
- }, {
15
- kty: z.ZodEffects<z.ZodString, string, string>;
16
- }>, "strip", z.ZodTypeAny, {
17
- kty: string;
18
- alg?: string | undefined;
19
- kid?: string | undefined;
20
- ext?: boolean | undefined;
21
- use?: "sig" | "enc" | undefined;
22
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
23
- x5c?: string[] | undefined;
24
- x5t?: string | undefined;
25
- 'x5t#S256'?: string | undefined;
26
- x5u?: string | undefined;
27
- }, {
28
- kty: string;
29
- alg?: string | undefined;
30
- kid?: string | undefined;
31
- ext?: boolean | undefined;
32
- use?: "sig" | "enc" | undefined;
33
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
34
- x5c?: string[] | undefined;
35
- x5t?: string | undefined;
36
- 'x5t#S256'?: string | undefined;
37
- x5u?: string | undefined;
38
- }>, z.ZodObject<z.objectUtil.extendShape<{
39
- kty: z.ZodString;
40
- alg: z.ZodOptional<z.ZodString>;
41
- kid: z.ZodOptional<z.ZodString>;
42
- ext: z.ZodOptional<z.ZodBoolean>;
43
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
44
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
45
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
46
- x5t: z.ZodOptional<z.ZodString>;
47
- 'x5t#S256': z.ZodOptional<z.ZodString>;
48
- x5u: z.ZodOptional<z.ZodString>;
49
- }, {
50
- kty: z.ZodLiteral<"RSA">;
51
- alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
52
- n: z.ZodString;
53
- e: z.ZodString;
54
- d: z.ZodOptional<z.ZodString>;
55
- p: z.ZodOptional<z.ZodString>;
56
- q: z.ZodOptional<z.ZodString>;
57
- dp: z.ZodOptional<z.ZodString>;
58
- dq: z.ZodOptional<z.ZodString>;
59
- qi: z.ZodOptional<z.ZodString>;
60
- oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
61
- r: z.ZodOptional<z.ZodString>;
62
- d: z.ZodOptional<z.ZodString>;
63
- t: z.ZodOptional<z.ZodString>;
64
- }, "strip", z.ZodTypeAny, {
65
- d?: string | undefined;
66
- r?: string | undefined;
67
- t?: string | undefined;
68
- }, {
69
- d?: string | undefined;
70
- r?: string | undefined;
71
- t?: string | undefined;
72
- }>, "atleastone">>;
73
- }>, "strip", z.ZodTypeAny, {
74
- kty: "RSA";
75
- n: string;
76
- e: string;
77
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
78
- kid?: string | undefined;
79
- ext?: boolean | undefined;
80
- use?: "sig" | "enc" | undefined;
81
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
82
- x5c?: string[] | undefined;
83
- x5t?: string | undefined;
84
- 'x5t#S256'?: string | undefined;
85
- x5u?: string | undefined;
86
- d?: string | undefined;
87
- p?: string | undefined;
88
- q?: string | undefined;
89
- dp?: string | undefined;
90
- dq?: string | undefined;
91
- qi?: string | undefined;
92
- oth?: [{
93
- d?: string | undefined;
94
- r?: string | undefined;
95
- t?: string | undefined;
96
- }, ...{
97
- d?: string | undefined;
98
- r?: string | undefined;
99
- t?: string | undefined;
100
- }[]] | undefined;
101
- }, {
102
- kty: "RSA";
103
- n: string;
104
- e: string;
105
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
106
- kid?: string | undefined;
107
- ext?: boolean | undefined;
108
- use?: "sig" | "enc" | undefined;
109
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
110
- x5c?: string[] | undefined;
111
- x5t?: string | undefined;
112
- 'x5t#S256'?: string | undefined;
113
- x5u?: string | undefined;
114
- d?: string | undefined;
115
- p?: string | undefined;
116
- q?: string | undefined;
117
- dp?: string | undefined;
118
- dq?: string | undefined;
119
- qi?: string | undefined;
120
- oth?: [{
121
- d?: string | undefined;
122
- r?: string | undefined;
123
- t?: string | undefined;
124
- }, ...{
125
- d?: string | undefined;
126
- r?: string | undefined;
127
- t?: string | undefined;
128
- }[]] | undefined;
129
- }>, z.ZodObject<z.objectUtil.extendShape<{
130
- kty: z.ZodString;
131
- alg: z.ZodOptional<z.ZodString>;
132
- kid: z.ZodOptional<z.ZodString>;
133
- ext: z.ZodOptional<z.ZodBoolean>;
134
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
135
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
136
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
137
- x5t: z.ZodOptional<z.ZodString>;
138
- 'x5t#S256': z.ZodOptional<z.ZodString>;
139
- x5u: z.ZodOptional<z.ZodString>;
140
- }, {
141
- kty: z.ZodLiteral<"EC">;
142
- alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
143
- crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
144
- x: z.ZodString;
145
- y: z.ZodString;
146
- d: z.ZodOptional<z.ZodString>;
147
- }>, "strip", z.ZodTypeAny, {
148
- kty: "EC";
149
- crv: "P-256" | "P-384" | "P-521";
150
- x: string;
151
- y: string;
152
- alg?: "ES256" | "ES384" | "ES512" | undefined;
153
- kid?: string | undefined;
154
- ext?: boolean | undefined;
155
- use?: "sig" | "enc" | undefined;
156
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
157
- x5c?: string[] | undefined;
158
- x5t?: string | undefined;
159
- 'x5t#S256'?: string | undefined;
160
- x5u?: string | undefined;
161
- d?: string | undefined;
162
- }, {
163
- kty: "EC";
164
- crv: "P-256" | "P-384" | "P-521";
165
- x: string;
166
- y: string;
167
- alg?: "ES256" | "ES384" | "ES512" | undefined;
168
- kid?: string | undefined;
169
- ext?: boolean | undefined;
170
- use?: "sig" | "enc" | undefined;
171
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
172
- x5c?: string[] | undefined;
173
- x5t?: string | undefined;
174
- 'x5t#S256'?: string | undefined;
175
- x5u?: string | undefined;
176
- d?: string | undefined;
177
- }>, z.ZodObject<z.objectUtil.extendShape<{
178
- kty: z.ZodString;
179
- alg: z.ZodOptional<z.ZodString>;
180
- kid: z.ZodOptional<z.ZodString>;
181
- ext: z.ZodOptional<z.ZodBoolean>;
182
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
183
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
184
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
185
- x5t: z.ZodOptional<z.ZodString>;
186
- 'x5t#S256': z.ZodOptional<z.ZodString>;
187
- x5u: z.ZodOptional<z.ZodString>;
188
- }, {
189
- kty: z.ZodLiteral<"EC">;
190
- alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
191
- crv: z.ZodEnum<["secp256k1"]>;
192
- x: z.ZodString;
193
- y: z.ZodString;
194
- d: z.ZodOptional<z.ZodString>;
195
- }>, "strip", z.ZodTypeAny, {
196
- kty: "EC";
197
- crv: "secp256k1";
198
- x: string;
199
- y: string;
200
- alg?: "ES256K" | undefined;
201
- kid?: string | undefined;
202
- ext?: boolean | undefined;
203
- use?: "sig" | "enc" | undefined;
204
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
205
- x5c?: string[] | undefined;
206
- x5t?: string | undefined;
207
- 'x5t#S256'?: string | undefined;
208
- x5u?: string | undefined;
209
- d?: string | undefined;
210
- }, {
211
- kty: "EC";
212
- crv: "secp256k1";
213
- x: string;
214
- y: string;
215
- alg?: "ES256K" | undefined;
216
- kid?: string | undefined;
217
- ext?: boolean | undefined;
218
- use?: "sig" | "enc" | undefined;
219
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
220
- x5c?: string[] | undefined;
221
- x5t?: string | undefined;
222
- 'x5t#S256'?: string | undefined;
223
- x5u?: string | undefined;
224
- d?: string | undefined;
225
- }>, z.ZodObject<z.objectUtil.extendShape<{
226
- kty: z.ZodString;
227
- alg: z.ZodOptional<z.ZodString>;
228
- kid: z.ZodOptional<z.ZodString>;
229
- ext: z.ZodOptional<z.ZodBoolean>;
230
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
231
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
232
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
233
- x5t: z.ZodOptional<z.ZodString>;
234
- 'x5t#S256': z.ZodOptional<z.ZodString>;
235
- x5u: z.ZodOptional<z.ZodString>;
236
- }, {
237
- kty: z.ZodLiteral<"OKP">;
238
- alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
239
- crv: z.ZodEnum<["Ed25519", "Ed448"]>;
240
- x: z.ZodString;
241
- d: z.ZodOptional<z.ZodString>;
242
- }>, "strip", z.ZodTypeAny, {
243
- kty: "OKP";
244
- crv: "Ed25519" | "Ed448";
245
- x: string;
246
- alg?: "EdDSA" | undefined;
247
- kid?: string | undefined;
248
- ext?: boolean | undefined;
249
- use?: "sig" | "enc" | undefined;
250
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
251
- x5c?: string[] | undefined;
252
- x5t?: string | undefined;
253
- 'x5t#S256'?: string | undefined;
254
- x5u?: string | undefined;
255
- d?: string | undefined;
256
- }, {
257
- kty: "OKP";
258
- crv: "Ed25519" | "Ed448";
259
- x: string;
260
- alg?: "EdDSA" | undefined;
261
- kid?: string | undefined;
262
- ext?: boolean | undefined;
263
- use?: "sig" | "enc" | undefined;
264
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
265
- x5c?: string[] | undefined;
266
- x5t?: string | undefined;
267
- 'x5t#S256'?: string | undefined;
268
- x5u?: string | undefined;
269
- d?: string | undefined;
270
- }>, z.ZodObject<z.objectUtil.extendShape<{
271
- kty: z.ZodString;
272
- alg: z.ZodOptional<z.ZodString>;
273
- kid: z.ZodOptional<z.ZodString>;
274
- ext: z.ZodOptional<z.ZodBoolean>;
275
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
276
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
277
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
278
- x5t: z.ZodOptional<z.ZodString>;
279
- 'x5t#S256': z.ZodOptional<z.ZodString>;
280
- x5u: z.ZodOptional<z.ZodString>;
281
- }, {
282
- kty: z.ZodLiteral<"oct">;
283
- alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
284
- k: z.ZodString;
285
- }>, "strip", z.ZodTypeAny, {
286
- kty: "oct";
287
- k: string;
288
- alg?: "HS256" | "HS384" | "HS512" | undefined;
289
- kid?: string | undefined;
290
- ext?: boolean | undefined;
291
- use?: "sig" | "enc" | undefined;
292
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
293
- x5c?: string[] | undefined;
294
- x5t?: string | undefined;
295
- 'x5t#S256'?: string | undefined;
296
- x5u?: string | undefined;
297
- }, {
298
- kty: "oct";
299
- k: string;
300
- alg?: "HS256" | "HS384" | "HS512" | undefined;
301
- kid?: string | undefined;
302
- ext?: boolean | undefined;
303
- use?: "sig" | "enc" | undefined;
304
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
305
- x5c?: string[] | undefined;
306
- x5t?: string | undefined;
307
- 'x5t#S256'?: string | undefined;
308
- x5u?: string | undefined;
309
- }>]>, {
310
- kty: "RSA";
311
- n: string;
312
- e: string;
313
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
314
- kid?: string | undefined;
315
- ext?: boolean | undefined;
316
- use?: "sig" | "enc" | undefined;
317
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
318
- x5c?: string[] | undefined;
319
- x5t?: string | undefined;
320
- 'x5t#S256'?: string | undefined;
321
- x5u?: string | undefined;
322
- d?: string | undefined;
323
- p?: string | undefined;
324
- q?: string | undefined;
325
- dp?: string | undefined;
326
- dq?: string | undefined;
327
- qi?: string | undefined;
328
- oth?: [{
329
- d?: string | undefined;
330
- r?: string | undefined;
331
- t?: string | undefined;
332
- }, ...{
333
- d?: string | undefined;
334
- r?: string | undefined;
335
- t?: string | undefined;
336
- }[]] | undefined;
337
- } | {
338
- kty: "EC";
339
- crv: "P-256" | "P-384" | "P-521";
340
- x: string;
341
- y: string;
342
- alg?: "ES256" | "ES384" | "ES512" | undefined;
343
- kid?: string | undefined;
344
- ext?: boolean | undefined;
345
- use?: "sig" | "enc" | undefined;
346
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
347
- x5c?: string[] | undefined;
348
- x5t?: string | undefined;
349
- 'x5t#S256'?: string | undefined;
350
- x5u?: string | undefined;
351
- d?: string | undefined;
352
- } | {
353
- kty: "EC";
354
- crv: "secp256k1";
355
- x: string;
356
- y: string;
357
- alg?: "ES256K" | undefined;
358
- kid?: string | undefined;
359
- ext?: boolean | undefined;
360
- use?: "sig" | "enc" | undefined;
361
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
362
- x5c?: string[] | undefined;
363
- x5t?: string | undefined;
364
- 'x5t#S256'?: string | undefined;
365
- x5u?: string | undefined;
366
- d?: string | undefined;
367
- } | {
368
- kty: "OKP";
369
- crv: "Ed25519" | "Ed448";
370
- x: string;
371
- alg?: "EdDSA" | undefined;
372
- kid?: string | undefined;
373
- ext?: boolean | undefined;
374
- use?: "sig" | "enc" | undefined;
375
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
376
- x5c?: string[] | undefined;
377
- x5t?: string | undefined;
378
- 'x5t#S256'?: string | undefined;
379
- x5u?: string | undefined;
380
- d?: string | undefined;
381
- } | {
382
- kty: "oct";
383
- k: string;
384
- alg?: "HS256" | "HS384" | "HS512" | undefined;
385
- kid?: string | undefined;
386
- ext?: boolean | undefined;
387
- use?: "sig" | "enc" | undefined;
388
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
389
- x5c?: string[] | undefined;
390
- x5t?: string | undefined;
391
- 'x5t#S256'?: string | undefined;
392
- x5u?: string | undefined;
393
- } | {
394
- kty: string;
395
- alg?: string | undefined;
396
- kid?: string | undefined;
397
- ext?: boolean | undefined;
398
- use?: "sig" | "enc" | undefined;
399
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
400
- x5c?: string[] | undefined;
401
- x5t?: string | undefined;
402
- 'x5t#S256'?: string | undefined;
403
- x5u?: string | undefined;
404
- }, {
405
- kty: "RSA";
406
- n: string;
407
- e: string;
408
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
409
- kid?: string | undefined;
410
- ext?: boolean | undefined;
411
- use?: "sig" | "enc" | undefined;
412
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
413
- x5c?: string[] | undefined;
414
- x5t?: string | undefined;
415
- 'x5t#S256'?: string | undefined;
416
- x5u?: string | undefined;
417
- d?: string | undefined;
418
- p?: string | undefined;
419
- q?: string | undefined;
420
- dp?: string | undefined;
421
- dq?: string | undefined;
422
- qi?: string | undefined;
423
- oth?: [{
424
- d?: string | undefined;
425
- r?: string | undefined;
426
- t?: string | undefined;
427
- }, ...{
428
- d?: string | undefined;
429
- r?: string | undefined;
430
- t?: string | undefined;
431
- }[]] | undefined;
432
- } | {
433
- kty: "EC";
434
- crv: "P-256" | "P-384" | "P-521";
435
- x: string;
436
- y: string;
437
- alg?: "ES256" | "ES384" | "ES512" | undefined;
438
- kid?: string | undefined;
439
- ext?: boolean | undefined;
440
- use?: "sig" | "enc" | undefined;
441
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
442
- x5c?: string[] | undefined;
443
- x5t?: string | undefined;
444
- 'x5t#S256'?: string | undefined;
445
- x5u?: string | undefined;
446
- d?: string | undefined;
447
- } | {
448
- kty: "EC";
449
- crv: "secp256k1";
450
- x: string;
451
- y: string;
452
- alg?: "ES256K" | undefined;
453
- kid?: string | undefined;
454
- ext?: boolean | undefined;
455
- use?: "sig" | "enc" | undefined;
456
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
457
- x5c?: string[] | undefined;
458
- x5t?: string | undefined;
459
- 'x5t#S256'?: string | undefined;
460
- x5u?: string | undefined;
461
- d?: string | undefined;
462
- } | {
463
- kty: "OKP";
464
- crv: "Ed25519" | "Ed448";
465
- x: string;
466
- alg?: "EdDSA" | undefined;
467
- kid?: string | undefined;
468
- ext?: boolean | undefined;
469
- use?: "sig" | "enc" | undefined;
470
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
471
- x5c?: string[] | undefined;
472
- x5t?: string | undefined;
473
- 'x5t#S256'?: string | undefined;
474
- x5u?: string | undefined;
475
- d?: string | undefined;
476
- } | {
477
- kty: "oct";
478
- k: string;
479
- alg?: "HS256" | "HS384" | "HS512" | undefined;
480
- kid?: string | undefined;
481
- ext?: boolean | undefined;
482
- use?: "sig" | "enc" | undefined;
483
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
484
- x5c?: string[] | undefined;
485
- x5t?: string | undefined;
486
- 'x5t#S256'?: string | undefined;
487
- x5u?: string | undefined;
488
- } | {
489
- kty: string;
490
- alg?: string | undefined;
491
- kid?: string | undefined;
492
- ext?: boolean | undefined;
493
- use?: "sig" | "enc" | undefined;
494
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
495
- x5c?: string[] | undefined;
496
- x5t?: string | undefined;
497
- 'x5t#S256'?: string | undefined;
498
- x5u?: string | undefined;
499
- }>, z.ZodObject<{
500
- alg: z.ZodString;
501
- }, "strip", z.ZodTypeAny, {
502
- alg: string;
503
- }, {
504
- alg: string;
505
- }>>;
506
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
507
- export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
3
+ export declare class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
508
4
  readonly cryptoKeyPair: CryptoKeyPair;
509
- static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey<{
510
- kty: string;
511
- alg: string;
512
- kid?: string | undefined | undefined;
513
- ext?: boolean | undefined | undefined;
514
- use?: "sig" | "enc" | undefined | undefined;
515
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
516
- x5c?: string[] | undefined | undefined;
517
- x5t?: string | undefined | undefined;
518
- 'x5t#S256'?: string | undefined | undefined;
519
- x5u?: string | undefined | undefined;
520
- }>>;
521
- static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
522
- kty: string;
523
- alg: string;
524
- kid?: string | undefined | undefined;
525
- ext?: boolean | undefined | undefined;
526
- use?: "sig" | "enc" | undefined | undefined;
527
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
528
- x5c?: string[] | undefined | undefined;
529
- x5t?: string | undefined | undefined;
530
- 'x5t#S256'?: string | undefined | undefined;
531
- x5u?: string | undefined | undefined;
532
- }>>;
5
+ static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey>;
6
+ static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey>;
533
7
  constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
534
8
  get isPrivate(): boolean;
535
- get privateJwk(): Readonly<J> | undefined;
536
9
  protected getKeyObj(alg: string): Promise<CryptoKey>;
537
10
  }
538
11
  //# sourceMappingURL=webcrypto-key.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAInE,eAAO,MAAM,gBAAgB;SAkFojW,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;SAA44B,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAiE,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,UAAU;SAAa,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAAwC,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAA8uB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAAotB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;SAA+F,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAwC,EAAG,OAAO;OAAqC,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAkmC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAuB,EAAG,OAAO;OAAuB,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA4hC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAsB,EAAG,OAAO;OAA8B,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA8gC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAsC,EAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAyjD,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA2/F,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA/Erx0B,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,qBAAa,YAAY,CACvB,CAAC,SAAS,UAAU,GAAG,UAAU,CACjC,SAAQ,OAAO,CAAC,CAAC,CAAC;IAoDhB,QAAQ,CAAC,aAAa,EAAE,aAAa;WAjDjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;WAYrB,WAAW,CAAC,aAAa,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,MAAM;;;;;;;;;;;;gBAiCjE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAKvC,IAAI,SAAS,YAEZ;IAED,IAAI,UAAU,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAGxC;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
1
+ {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAuB,MAAM,cAAc,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAGnE,qBAAa,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,OAAO,CAAC,CAAC,CAAC;IAwC7D,QAAQ,CAAC,aAAa,EAAE,aAAa;WArCjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,YAAY,CAAC;WAWX,WAAW,CACtB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,YAAY,CAAC;gBAkBtB,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAQvC,IAAI,SAAS,YAEZ;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
@@ -1,12 +1,9 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.WebcryptoKey = exports.jwkWithAlgSchema = void 0;
4
- const zod_1 = require("zod");
3
+ exports.WebcryptoKey = void 0;
5
4
  const jwk_1 = require("@atproto/jwk");
6
5
  const jwk_jose_1 = require("@atproto/jwk-jose");
7
6
  const util_js_1 = require("./util.js");
8
- // Webcrypto keys are bound to a single algorithm
9
- exports.jwkWithAlgSchema = zod_1.z.intersection(jwk_1.jwkSchema, zod_1.z.object({ alg: zod_1.z.string() }));
10
7
  class WebcryptoKey extends jwk_jose_1.JoseKey {
11
8
  // We need to override the static method generate from JoseKey because
12
9
  // the browser needs both the private and public keys
@@ -19,22 +16,15 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
19
16
  return this.fromKeypair(keyPair, kid);
20
17
  }
21
18
  static async fromKeypair(cryptoKeyPair, kid) {
22
- // https://datatracker.ietf.org/doc/html/rfc7517
23
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
24
- // > Applications should specify which of these members they use.
25
- const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
19
+ const { alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
26
20
  ? cryptoKeyPair.privateKey
27
21
  : cryptoKeyPair.publicKey);
28
- if (use && use !== 'sig') {
29
- throw new TypeError(`Unsupported JWK use "${use}"`);
30
- }
31
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
32
- // Make sure that "key_ops", if present, is compatible with "use"
33
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
34
- }
35
- return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
22
+ return new WebcryptoKey(jwk_1.jwkSchema.parse({ ...jwk, kid, alg }), cryptoKeyPair);
36
23
  }
37
24
  constructor(jwk, cryptoKeyPair) {
25
+ // Webcrypto keys are bound to a single algorithm
26
+ if (!jwk.alg)
27
+ throw new jwk_1.JwkError('JWK "alg" is required for Webcrypto keys');
38
28
  super(jwk);
39
29
  Object.defineProperty(this, "cryptoKeyPair", {
40
30
  enumerable: true,
@@ -46,11 +36,6 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
46
36
  get isPrivate() {
47
37
  return true;
48
38
  }
49
- get privateJwk() {
50
- if (super.isPrivate)
51
- return this.jwk;
52
- throw new Error('Private Webcrypto Key not exportable');
53
- }
54
39
  async getKeyObj(alg) {
55
40
  if (this.jwk.alg !== alg) {
56
41
  throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`);
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAAkD;AAClD,gDAAmE;AACnE,uCAAgE;AAEhE,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,YAAY,CAC5C,eAAS,EACT,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAC9B,CAAA;AAID,MAAa,YAEX,SAAQ,kBAAU;IAClB,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,aAA4B,EAAE,GAAY;QACjE,gDAAgD;QAChD,2EAA2E;QAC3E,iEAAiE;QAEjE,MAAM,EACJ,OAAO,EACP,GAAG,EACH,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAA;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACpE,iEAAiE;YACjE,MAAM,IAAI,SAAS,CAAC,oBAAoB,OAAO,iBAAiB,CAAC,CAAA;QACnE,CAAC;QAED,OAAO,IAAI,YAAY,CACrB,wBAAgB,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EACxD,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,KAAK,CAAC,GAAG,CAAC,CAAA;QAFV;;;;mBAAS,aAAa;WAAe;IAGvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,KAAK,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,GAAG,CAAA;QACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1ED,oCA0EC"}
1
+ {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,sCAAuD;AACvD,gDAAmE;AACnE,uCAAgE;AAEhE,MAAa,YAAkC,SAAQ,kBAAU;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,aAA4B,EAC5B,GAAY;QAEZ,MAAM,EACJ,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,OAAO,IAAI,YAAY,CACrB,eAAS,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EACrC,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,cAAQ,CAAC,0CAA0C,CAAC,CAAA;QAE5E,KAAK,CAAC,GAAG,CAAC,CAAA;QALV;;;;mBAAS,aAAa;WAAe;IAMvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1DD,oCA0DC","sourcesContent":["import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'\nimport { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'\nimport { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'\n\nexport class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {\n // We need to override the static method generate from JoseKey because\n // the browser needs both the private and public keys\n static override async generate(\n allowedAlgos: string[] = ['ES256'],\n kid: string = crypto.randomUUID(),\n options?: GenerateKeyPairOptions,\n ): Promise<WebcryptoKey> {\n const keyPair = await this.generateKeyPair(allowedAlgos, options)\n\n // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair\n if (!isCryptoKeyPair(keyPair)) {\n throw new TypeError('Invalid CryptoKeyPair')\n }\n\n return this.fromKeypair(keyPair, kid)\n }\n\n static async fromKeypair(\n cryptoKeyPair: CryptoKeyPair,\n kid?: string,\n ): Promise<WebcryptoKey> {\n const {\n alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),\n ...jwk\n } = await crypto.subtle.exportKey(\n 'jwk',\n cryptoKeyPair.privateKey.extractable\n ? cryptoKeyPair.privateKey\n : cryptoKeyPair.publicKey,\n )\n\n return new WebcryptoKey<Jwk>(\n jwkSchema.parse({ ...jwk, kid, alg }),\n cryptoKeyPair,\n )\n }\n\n constructor(\n jwk: Readonly<J>,\n readonly cryptoKeyPair: CryptoKeyPair,\n ) {\n // Webcrypto keys are bound to a single algorithm\n if (!jwk.alg) throw new JwkError('JWK \"alg\" is required for Webcrypto keys')\n\n super(jwk)\n }\n\n get isPrivate() {\n return true\n }\n\n protected override async getKeyObj(alg: string) {\n if (this.jwk.alg !== alg) {\n throw new JwkError(`Key cannot be used with algorithm \"${alg}\"`)\n }\n return this.cryptoKeyPair.privateKey\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/jwk-webcrypto",
3
- "version": "0.1.10",
3
+ "version": "0.2.0",
4
4
  "license": "MIT",
5
5
  "description": "Webcrypto based implementation of @atproto/jwk Key's",
6
6
  "keywords": [
@@ -25,8 +25,8 @@
25
25
  },
26
26
  "dependencies": {
27
27
  "zod": "^3.23.8",
28
- "@atproto/jwk": "0.5.0",
29
- "@atproto/jwk-jose": "0.1.10"
28
+ "@atproto/jwk": "0.6.0",
29
+ "@atproto/jwk-jose": "0.1.11"
30
30
  },
31
31
  "devDependencies": {
32
32
  "typescript": "^5.6.3"
@@ -1,26 +1,15 @@
1
- import { z } from 'zod'
2
- import { JwkError, jwkSchema } from '@atproto/jwk'
1
+ import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
3
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
4
3
  import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
5
4
 
6
- // Webcrypto keys are bound to a single algorithm
7
- export const jwkWithAlgSchema = z.intersection(
8
- jwkSchema,
9
- z.object({ alg: z.string() }),
10
- )
11
-
12
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
13
-
14
- export class WebcryptoKey<
15
- J extends JwkWithAlg = JwkWithAlg,
16
- > extends JoseKey<J> {
5
+ export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
17
6
  // We need to override the static method generate from JoseKey because
18
7
  // the browser needs both the private and public keys
19
8
  static override async generate(
20
9
  allowedAlgos: string[] = ['ES256'],
21
10
  kid: string = crypto.randomUUID(),
22
11
  options?: GenerateKeyPairOptions,
23
- ) {
12
+ ): Promise<WebcryptoKey> {
24
13
  const keyPair = await this.generateKeyPair(allowedAlgos, options)
25
14
 
26
15
  // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
@@ -31,14 +20,11 @@ export class WebcryptoKey<
31
20
  return this.fromKeypair(keyPair, kid)
32
21
  }
33
22
 
34
- static async fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string) {
35
- // https://datatracker.ietf.org/doc/html/rfc7517
36
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
37
- // > Applications should specify which of these members they use.
38
-
23
+ static async fromKeypair(
24
+ cryptoKeyPair: CryptoKeyPair,
25
+ kid?: string,
26
+ ): Promise<WebcryptoKey> {
39
27
  const {
40
- key_ops,
41
- use,
42
28
  alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
43
29
  ...jwk
44
30
  } = await crypto.subtle.exportKey(
@@ -48,17 +34,8 @@ export class WebcryptoKey<
48
34
  : cryptoKeyPair.publicKey,
49
35
  )
50
36
 
51
- if (use && use !== 'sig') {
52
- throw new TypeError(`Unsupported JWK use "${use}"`)
53
- }
54
-
55
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
56
- // Make sure that "key_ops", if present, is compatible with "use"
57
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
58
- }
59
-
60
- return new WebcryptoKey(
61
- jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
37
+ return new WebcryptoKey<Jwk>(
38
+ jwkSchema.parse({ ...jwk, kid, alg }),
62
39
  cryptoKeyPair,
63
40
  )
64
41
  }
@@ -67,6 +44,9 @@ export class WebcryptoKey<
67
44
  jwk: Readonly<J>,
68
45
  readonly cryptoKeyPair: CryptoKeyPair,
69
46
  ) {
47
+ // Webcrypto keys are bound to a single algorithm
48
+ if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
49
+
70
50
  super(jwk)
71
51
  }
72
52
 
@@ -74,11 +54,6 @@ export class WebcryptoKey<
74
54
  return true
75
55
  }
76
56
 
77
- get privateJwk(): Readonly<J> | undefined {
78
- if (super.isPrivate) return this.jwk
79
- throw new Error('Private Webcrypto Key not exportable')
80
- }
81
-
82
57
  protected override async getKeyObj(alg: string) {
83
58
  if (this.jwk.alg !== alg) {
84
59
  throw new JwkError(`Key cannot be used with algorithm "${alg}"`)