@atproto/jwk-webcrypto 0.1.10 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/index.js.map +1 -1
- package/dist/util.js.map +1 -1
- package/dist/webcrypto-key.d.ts +4 -531
- package/dist/webcrypto-key.d.ts.map +1 -1
- package/dist/webcrypto-key.js +6 -21
- package/dist/webcrypto-key.js.map +1 -1
- package/package.json +3 -3
- package/src/webcrypto-key.ts +12 -37
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# @atproto/jwk-webcrypto
|
|
2
2
|
|
|
3
|
+
## 0.2.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- Updated dependencies [[`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815)]:
|
|
12
|
+
- @atproto/jwk@0.6.0
|
|
13
|
+
- @atproto/jwk-jose@0.1.11
|
|
14
|
+
|
|
3
15
|
## 0.1.10
|
|
4
16
|
|
|
5
17
|
### Patch Changes
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC","sourcesContent":["export * from './webcrypto-key.js'\n"]}
|
package/dist/util.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC","sourcesContent":["export type JWSAlgorithm =\n // HMAC\n | 'HS256'\n | 'HS384'\n | 'HS512'\n // RSA\n | 'PS256'\n | 'PS384'\n | 'PS512'\n | 'RS256'\n | 'RS384'\n | 'RS512'\n // EC\n | 'ES256'\n | 'ES256K'\n | 'ES384'\n | 'ES512'\n // OKP\n | 'EdDSA'\n\nexport type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams\n\nexport function toSubtleAlgorithm(\n alg: string,\n crv?: string,\n options?: { modulusLength?: number },\n): SubtleAlgorithm {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'ES256':\n case 'ES384':\n return {\n name: 'ECDSA',\n namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,\n }\n case 'ES512':\n return {\n name: 'ECDSA',\n namedCurve: 'P-521',\n }\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unsupported alg \"${alg}\"`)\n }\n}\n\nexport function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {\n switch (algorithm.name) {\n case 'RSA-PSS':\n case 'RSASSA-PKCS1-v1_5': {\n const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name\n switch (hash) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'\n return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`\n }\n default:\n throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')\n }\n }\n case 'ECDSA': {\n const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve\n switch (namedCurve) {\n case 'P-256':\n case 'P-384':\n case 'P-512':\n return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`\n case 'P-521':\n return 'ES512'\n default:\n throw new TypeError('unsupported EcKeyAlgorithm namedCurve')\n }\n }\n case 'Ed448':\n case 'Ed25519':\n return 'EdDSA'\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unexpected algorithm \"${algorithm.name}\"`)\n }\n}\n\nexport function isCryptoKeyPair(\n v: unknown,\n extractable?: boolean,\n): v is CryptoKeyPair {\n return (\n typeof v === 'object' &&\n v !== null &&\n 'privateKey' in v &&\n v.privateKey instanceof CryptoKey &&\n v.privateKey.type === 'private' &&\n (extractable == null || v.privateKey.extractable === extractable) &&\n v.privateKey.usages.includes('sign') &&\n 'publicKey' in v &&\n v.publicKey instanceof CryptoKey &&\n v.publicKey.type === 'public' &&\n v.publicKey.extractable === true &&\n v.publicKey.usages.includes('verify')\n )\n}\n"]}
|
package/dist/webcrypto-key.d.ts
CHANGED
|
@@ -1,538 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Jwk } from '@atproto/jwk';
|
|
2
2
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
|
|
3
|
-
export declare
|
|
4
|
-
kty: z.ZodString;
|
|
5
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
6
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
7
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
8
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
9
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
10
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
11
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
12
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
13
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
14
|
-
}, {
|
|
15
|
-
kty: z.ZodEffects<z.ZodString, string, string>;
|
|
16
|
-
}>, "strip", z.ZodTypeAny, {
|
|
17
|
-
kty: string;
|
|
18
|
-
alg?: string | undefined;
|
|
19
|
-
kid?: string | undefined;
|
|
20
|
-
ext?: boolean | undefined;
|
|
21
|
-
use?: "sig" | "enc" | undefined;
|
|
22
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
23
|
-
x5c?: string[] | undefined;
|
|
24
|
-
x5t?: string | undefined;
|
|
25
|
-
'x5t#S256'?: string | undefined;
|
|
26
|
-
x5u?: string | undefined;
|
|
27
|
-
}, {
|
|
28
|
-
kty: string;
|
|
29
|
-
alg?: string | undefined;
|
|
30
|
-
kid?: string | undefined;
|
|
31
|
-
ext?: boolean | undefined;
|
|
32
|
-
use?: "sig" | "enc" | undefined;
|
|
33
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
34
|
-
x5c?: string[] | undefined;
|
|
35
|
-
x5t?: string | undefined;
|
|
36
|
-
'x5t#S256'?: string | undefined;
|
|
37
|
-
x5u?: string | undefined;
|
|
38
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
39
|
-
kty: z.ZodString;
|
|
40
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
41
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
42
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
43
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
44
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
45
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
46
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
47
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
48
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
49
|
-
}, {
|
|
50
|
-
kty: z.ZodLiteral<"RSA">;
|
|
51
|
-
alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
|
|
52
|
-
n: z.ZodString;
|
|
53
|
-
e: z.ZodString;
|
|
54
|
-
d: z.ZodOptional<z.ZodString>;
|
|
55
|
-
p: z.ZodOptional<z.ZodString>;
|
|
56
|
-
q: z.ZodOptional<z.ZodString>;
|
|
57
|
-
dp: z.ZodOptional<z.ZodString>;
|
|
58
|
-
dq: z.ZodOptional<z.ZodString>;
|
|
59
|
-
qi: z.ZodOptional<z.ZodString>;
|
|
60
|
-
oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
61
|
-
r: z.ZodOptional<z.ZodString>;
|
|
62
|
-
d: z.ZodOptional<z.ZodString>;
|
|
63
|
-
t: z.ZodOptional<z.ZodString>;
|
|
64
|
-
}, "strip", z.ZodTypeAny, {
|
|
65
|
-
d?: string | undefined;
|
|
66
|
-
r?: string | undefined;
|
|
67
|
-
t?: string | undefined;
|
|
68
|
-
}, {
|
|
69
|
-
d?: string | undefined;
|
|
70
|
-
r?: string | undefined;
|
|
71
|
-
t?: string | undefined;
|
|
72
|
-
}>, "atleastone">>;
|
|
73
|
-
}>, "strip", z.ZodTypeAny, {
|
|
74
|
-
kty: "RSA";
|
|
75
|
-
n: string;
|
|
76
|
-
e: string;
|
|
77
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
78
|
-
kid?: string | undefined;
|
|
79
|
-
ext?: boolean | undefined;
|
|
80
|
-
use?: "sig" | "enc" | undefined;
|
|
81
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
82
|
-
x5c?: string[] | undefined;
|
|
83
|
-
x5t?: string | undefined;
|
|
84
|
-
'x5t#S256'?: string | undefined;
|
|
85
|
-
x5u?: string | undefined;
|
|
86
|
-
d?: string | undefined;
|
|
87
|
-
p?: string | undefined;
|
|
88
|
-
q?: string | undefined;
|
|
89
|
-
dp?: string | undefined;
|
|
90
|
-
dq?: string | undefined;
|
|
91
|
-
qi?: string | undefined;
|
|
92
|
-
oth?: [{
|
|
93
|
-
d?: string | undefined;
|
|
94
|
-
r?: string | undefined;
|
|
95
|
-
t?: string | undefined;
|
|
96
|
-
}, ...{
|
|
97
|
-
d?: string | undefined;
|
|
98
|
-
r?: string | undefined;
|
|
99
|
-
t?: string | undefined;
|
|
100
|
-
}[]] | undefined;
|
|
101
|
-
}, {
|
|
102
|
-
kty: "RSA";
|
|
103
|
-
n: string;
|
|
104
|
-
e: string;
|
|
105
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
106
|
-
kid?: string | undefined;
|
|
107
|
-
ext?: boolean | undefined;
|
|
108
|
-
use?: "sig" | "enc" | undefined;
|
|
109
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
110
|
-
x5c?: string[] | undefined;
|
|
111
|
-
x5t?: string | undefined;
|
|
112
|
-
'x5t#S256'?: string | undefined;
|
|
113
|
-
x5u?: string | undefined;
|
|
114
|
-
d?: string | undefined;
|
|
115
|
-
p?: string | undefined;
|
|
116
|
-
q?: string | undefined;
|
|
117
|
-
dp?: string | undefined;
|
|
118
|
-
dq?: string | undefined;
|
|
119
|
-
qi?: string | undefined;
|
|
120
|
-
oth?: [{
|
|
121
|
-
d?: string | undefined;
|
|
122
|
-
r?: string | undefined;
|
|
123
|
-
t?: string | undefined;
|
|
124
|
-
}, ...{
|
|
125
|
-
d?: string | undefined;
|
|
126
|
-
r?: string | undefined;
|
|
127
|
-
t?: string | undefined;
|
|
128
|
-
}[]] | undefined;
|
|
129
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
130
|
-
kty: z.ZodString;
|
|
131
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
132
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
133
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
134
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
135
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
136
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
137
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
138
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
139
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
140
|
-
}, {
|
|
141
|
-
kty: z.ZodLiteral<"EC">;
|
|
142
|
-
alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
|
|
143
|
-
crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
|
|
144
|
-
x: z.ZodString;
|
|
145
|
-
y: z.ZodString;
|
|
146
|
-
d: z.ZodOptional<z.ZodString>;
|
|
147
|
-
}>, "strip", z.ZodTypeAny, {
|
|
148
|
-
kty: "EC";
|
|
149
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
150
|
-
x: string;
|
|
151
|
-
y: string;
|
|
152
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
153
|
-
kid?: string | undefined;
|
|
154
|
-
ext?: boolean | undefined;
|
|
155
|
-
use?: "sig" | "enc" | undefined;
|
|
156
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
157
|
-
x5c?: string[] | undefined;
|
|
158
|
-
x5t?: string | undefined;
|
|
159
|
-
'x5t#S256'?: string | undefined;
|
|
160
|
-
x5u?: string | undefined;
|
|
161
|
-
d?: string | undefined;
|
|
162
|
-
}, {
|
|
163
|
-
kty: "EC";
|
|
164
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
165
|
-
x: string;
|
|
166
|
-
y: string;
|
|
167
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
168
|
-
kid?: string | undefined;
|
|
169
|
-
ext?: boolean | undefined;
|
|
170
|
-
use?: "sig" | "enc" | undefined;
|
|
171
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
172
|
-
x5c?: string[] | undefined;
|
|
173
|
-
x5t?: string | undefined;
|
|
174
|
-
'x5t#S256'?: string | undefined;
|
|
175
|
-
x5u?: string | undefined;
|
|
176
|
-
d?: string | undefined;
|
|
177
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
178
|
-
kty: z.ZodString;
|
|
179
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
180
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
181
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
182
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
183
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
184
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
185
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
186
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
187
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
188
|
-
}, {
|
|
189
|
-
kty: z.ZodLiteral<"EC">;
|
|
190
|
-
alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
|
|
191
|
-
crv: z.ZodEnum<["secp256k1"]>;
|
|
192
|
-
x: z.ZodString;
|
|
193
|
-
y: z.ZodString;
|
|
194
|
-
d: z.ZodOptional<z.ZodString>;
|
|
195
|
-
}>, "strip", z.ZodTypeAny, {
|
|
196
|
-
kty: "EC";
|
|
197
|
-
crv: "secp256k1";
|
|
198
|
-
x: string;
|
|
199
|
-
y: string;
|
|
200
|
-
alg?: "ES256K" | undefined;
|
|
201
|
-
kid?: string | undefined;
|
|
202
|
-
ext?: boolean | undefined;
|
|
203
|
-
use?: "sig" | "enc" | undefined;
|
|
204
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
205
|
-
x5c?: string[] | undefined;
|
|
206
|
-
x5t?: string | undefined;
|
|
207
|
-
'x5t#S256'?: string | undefined;
|
|
208
|
-
x5u?: string | undefined;
|
|
209
|
-
d?: string | undefined;
|
|
210
|
-
}, {
|
|
211
|
-
kty: "EC";
|
|
212
|
-
crv: "secp256k1";
|
|
213
|
-
x: string;
|
|
214
|
-
y: string;
|
|
215
|
-
alg?: "ES256K" | undefined;
|
|
216
|
-
kid?: string | undefined;
|
|
217
|
-
ext?: boolean | undefined;
|
|
218
|
-
use?: "sig" | "enc" | undefined;
|
|
219
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
220
|
-
x5c?: string[] | undefined;
|
|
221
|
-
x5t?: string | undefined;
|
|
222
|
-
'x5t#S256'?: string | undefined;
|
|
223
|
-
x5u?: string | undefined;
|
|
224
|
-
d?: string | undefined;
|
|
225
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
226
|
-
kty: z.ZodString;
|
|
227
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
228
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
229
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
230
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
231
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
232
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
233
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
234
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
235
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
236
|
-
}, {
|
|
237
|
-
kty: z.ZodLiteral<"OKP">;
|
|
238
|
-
alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
|
|
239
|
-
crv: z.ZodEnum<["Ed25519", "Ed448"]>;
|
|
240
|
-
x: z.ZodString;
|
|
241
|
-
d: z.ZodOptional<z.ZodString>;
|
|
242
|
-
}>, "strip", z.ZodTypeAny, {
|
|
243
|
-
kty: "OKP";
|
|
244
|
-
crv: "Ed25519" | "Ed448";
|
|
245
|
-
x: string;
|
|
246
|
-
alg?: "EdDSA" | undefined;
|
|
247
|
-
kid?: string | undefined;
|
|
248
|
-
ext?: boolean | undefined;
|
|
249
|
-
use?: "sig" | "enc" | undefined;
|
|
250
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
251
|
-
x5c?: string[] | undefined;
|
|
252
|
-
x5t?: string | undefined;
|
|
253
|
-
'x5t#S256'?: string | undefined;
|
|
254
|
-
x5u?: string | undefined;
|
|
255
|
-
d?: string | undefined;
|
|
256
|
-
}, {
|
|
257
|
-
kty: "OKP";
|
|
258
|
-
crv: "Ed25519" | "Ed448";
|
|
259
|
-
x: string;
|
|
260
|
-
alg?: "EdDSA" | undefined;
|
|
261
|
-
kid?: string | undefined;
|
|
262
|
-
ext?: boolean | undefined;
|
|
263
|
-
use?: "sig" | "enc" | undefined;
|
|
264
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
265
|
-
x5c?: string[] | undefined;
|
|
266
|
-
x5t?: string | undefined;
|
|
267
|
-
'x5t#S256'?: string | undefined;
|
|
268
|
-
x5u?: string | undefined;
|
|
269
|
-
d?: string | undefined;
|
|
270
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
271
|
-
kty: z.ZodString;
|
|
272
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
273
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
274
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
275
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
276
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
277
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
278
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
279
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
280
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
281
|
-
}, {
|
|
282
|
-
kty: z.ZodLiteral<"oct">;
|
|
283
|
-
alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
|
|
284
|
-
k: z.ZodString;
|
|
285
|
-
}>, "strip", z.ZodTypeAny, {
|
|
286
|
-
kty: "oct";
|
|
287
|
-
k: string;
|
|
288
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
289
|
-
kid?: string | undefined;
|
|
290
|
-
ext?: boolean | undefined;
|
|
291
|
-
use?: "sig" | "enc" | undefined;
|
|
292
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
293
|
-
x5c?: string[] | undefined;
|
|
294
|
-
x5t?: string | undefined;
|
|
295
|
-
'x5t#S256'?: string | undefined;
|
|
296
|
-
x5u?: string | undefined;
|
|
297
|
-
}, {
|
|
298
|
-
kty: "oct";
|
|
299
|
-
k: string;
|
|
300
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
301
|
-
kid?: string | undefined;
|
|
302
|
-
ext?: boolean | undefined;
|
|
303
|
-
use?: "sig" | "enc" | undefined;
|
|
304
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
305
|
-
x5c?: string[] | undefined;
|
|
306
|
-
x5t?: string | undefined;
|
|
307
|
-
'x5t#S256'?: string | undefined;
|
|
308
|
-
x5u?: string | undefined;
|
|
309
|
-
}>]>, {
|
|
310
|
-
kty: "RSA";
|
|
311
|
-
n: string;
|
|
312
|
-
e: string;
|
|
313
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
314
|
-
kid?: string | undefined;
|
|
315
|
-
ext?: boolean | undefined;
|
|
316
|
-
use?: "sig" | "enc" | undefined;
|
|
317
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
318
|
-
x5c?: string[] | undefined;
|
|
319
|
-
x5t?: string | undefined;
|
|
320
|
-
'x5t#S256'?: string | undefined;
|
|
321
|
-
x5u?: string | undefined;
|
|
322
|
-
d?: string | undefined;
|
|
323
|
-
p?: string | undefined;
|
|
324
|
-
q?: string | undefined;
|
|
325
|
-
dp?: string | undefined;
|
|
326
|
-
dq?: string | undefined;
|
|
327
|
-
qi?: string | undefined;
|
|
328
|
-
oth?: [{
|
|
329
|
-
d?: string | undefined;
|
|
330
|
-
r?: string | undefined;
|
|
331
|
-
t?: string | undefined;
|
|
332
|
-
}, ...{
|
|
333
|
-
d?: string | undefined;
|
|
334
|
-
r?: string | undefined;
|
|
335
|
-
t?: string | undefined;
|
|
336
|
-
}[]] | undefined;
|
|
337
|
-
} | {
|
|
338
|
-
kty: "EC";
|
|
339
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
340
|
-
x: string;
|
|
341
|
-
y: string;
|
|
342
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
343
|
-
kid?: string | undefined;
|
|
344
|
-
ext?: boolean | undefined;
|
|
345
|
-
use?: "sig" | "enc" | undefined;
|
|
346
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
347
|
-
x5c?: string[] | undefined;
|
|
348
|
-
x5t?: string | undefined;
|
|
349
|
-
'x5t#S256'?: string | undefined;
|
|
350
|
-
x5u?: string | undefined;
|
|
351
|
-
d?: string | undefined;
|
|
352
|
-
} | {
|
|
353
|
-
kty: "EC";
|
|
354
|
-
crv: "secp256k1";
|
|
355
|
-
x: string;
|
|
356
|
-
y: string;
|
|
357
|
-
alg?: "ES256K" | undefined;
|
|
358
|
-
kid?: string | undefined;
|
|
359
|
-
ext?: boolean | undefined;
|
|
360
|
-
use?: "sig" | "enc" | undefined;
|
|
361
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
362
|
-
x5c?: string[] | undefined;
|
|
363
|
-
x5t?: string | undefined;
|
|
364
|
-
'x5t#S256'?: string | undefined;
|
|
365
|
-
x5u?: string | undefined;
|
|
366
|
-
d?: string | undefined;
|
|
367
|
-
} | {
|
|
368
|
-
kty: "OKP";
|
|
369
|
-
crv: "Ed25519" | "Ed448";
|
|
370
|
-
x: string;
|
|
371
|
-
alg?: "EdDSA" | undefined;
|
|
372
|
-
kid?: string | undefined;
|
|
373
|
-
ext?: boolean | undefined;
|
|
374
|
-
use?: "sig" | "enc" | undefined;
|
|
375
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
376
|
-
x5c?: string[] | undefined;
|
|
377
|
-
x5t?: string | undefined;
|
|
378
|
-
'x5t#S256'?: string | undefined;
|
|
379
|
-
x5u?: string | undefined;
|
|
380
|
-
d?: string | undefined;
|
|
381
|
-
} | {
|
|
382
|
-
kty: "oct";
|
|
383
|
-
k: string;
|
|
384
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
385
|
-
kid?: string | undefined;
|
|
386
|
-
ext?: boolean | undefined;
|
|
387
|
-
use?: "sig" | "enc" | undefined;
|
|
388
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
389
|
-
x5c?: string[] | undefined;
|
|
390
|
-
x5t?: string | undefined;
|
|
391
|
-
'x5t#S256'?: string | undefined;
|
|
392
|
-
x5u?: string | undefined;
|
|
393
|
-
} | {
|
|
394
|
-
kty: string;
|
|
395
|
-
alg?: string | undefined;
|
|
396
|
-
kid?: string | undefined;
|
|
397
|
-
ext?: boolean | undefined;
|
|
398
|
-
use?: "sig" | "enc" | undefined;
|
|
399
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
400
|
-
x5c?: string[] | undefined;
|
|
401
|
-
x5t?: string | undefined;
|
|
402
|
-
'x5t#S256'?: string | undefined;
|
|
403
|
-
x5u?: string | undefined;
|
|
404
|
-
}, {
|
|
405
|
-
kty: "RSA";
|
|
406
|
-
n: string;
|
|
407
|
-
e: string;
|
|
408
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
409
|
-
kid?: string | undefined;
|
|
410
|
-
ext?: boolean | undefined;
|
|
411
|
-
use?: "sig" | "enc" | undefined;
|
|
412
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
413
|
-
x5c?: string[] | undefined;
|
|
414
|
-
x5t?: string | undefined;
|
|
415
|
-
'x5t#S256'?: string | undefined;
|
|
416
|
-
x5u?: string | undefined;
|
|
417
|
-
d?: string | undefined;
|
|
418
|
-
p?: string | undefined;
|
|
419
|
-
q?: string | undefined;
|
|
420
|
-
dp?: string | undefined;
|
|
421
|
-
dq?: string | undefined;
|
|
422
|
-
qi?: string | undefined;
|
|
423
|
-
oth?: [{
|
|
424
|
-
d?: string | undefined;
|
|
425
|
-
r?: string | undefined;
|
|
426
|
-
t?: string | undefined;
|
|
427
|
-
}, ...{
|
|
428
|
-
d?: string | undefined;
|
|
429
|
-
r?: string | undefined;
|
|
430
|
-
t?: string | undefined;
|
|
431
|
-
}[]] | undefined;
|
|
432
|
-
} | {
|
|
433
|
-
kty: "EC";
|
|
434
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
435
|
-
x: string;
|
|
436
|
-
y: string;
|
|
437
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
438
|
-
kid?: string | undefined;
|
|
439
|
-
ext?: boolean | undefined;
|
|
440
|
-
use?: "sig" | "enc" | undefined;
|
|
441
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
442
|
-
x5c?: string[] | undefined;
|
|
443
|
-
x5t?: string | undefined;
|
|
444
|
-
'x5t#S256'?: string | undefined;
|
|
445
|
-
x5u?: string | undefined;
|
|
446
|
-
d?: string | undefined;
|
|
447
|
-
} | {
|
|
448
|
-
kty: "EC";
|
|
449
|
-
crv: "secp256k1";
|
|
450
|
-
x: string;
|
|
451
|
-
y: string;
|
|
452
|
-
alg?: "ES256K" | undefined;
|
|
453
|
-
kid?: string | undefined;
|
|
454
|
-
ext?: boolean | undefined;
|
|
455
|
-
use?: "sig" | "enc" | undefined;
|
|
456
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
457
|
-
x5c?: string[] | undefined;
|
|
458
|
-
x5t?: string | undefined;
|
|
459
|
-
'x5t#S256'?: string | undefined;
|
|
460
|
-
x5u?: string | undefined;
|
|
461
|
-
d?: string | undefined;
|
|
462
|
-
} | {
|
|
463
|
-
kty: "OKP";
|
|
464
|
-
crv: "Ed25519" | "Ed448";
|
|
465
|
-
x: string;
|
|
466
|
-
alg?: "EdDSA" | undefined;
|
|
467
|
-
kid?: string | undefined;
|
|
468
|
-
ext?: boolean | undefined;
|
|
469
|
-
use?: "sig" | "enc" | undefined;
|
|
470
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
471
|
-
x5c?: string[] | undefined;
|
|
472
|
-
x5t?: string | undefined;
|
|
473
|
-
'x5t#S256'?: string | undefined;
|
|
474
|
-
x5u?: string | undefined;
|
|
475
|
-
d?: string | undefined;
|
|
476
|
-
} | {
|
|
477
|
-
kty: "oct";
|
|
478
|
-
k: string;
|
|
479
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
480
|
-
kid?: string | undefined;
|
|
481
|
-
ext?: boolean | undefined;
|
|
482
|
-
use?: "sig" | "enc" | undefined;
|
|
483
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
484
|
-
x5c?: string[] | undefined;
|
|
485
|
-
x5t?: string | undefined;
|
|
486
|
-
'x5t#S256'?: string | undefined;
|
|
487
|
-
x5u?: string | undefined;
|
|
488
|
-
} | {
|
|
489
|
-
kty: string;
|
|
490
|
-
alg?: string | undefined;
|
|
491
|
-
kid?: string | undefined;
|
|
492
|
-
ext?: boolean | undefined;
|
|
493
|
-
use?: "sig" | "enc" | undefined;
|
|
494
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
495
|
-
x5c?: string[] | undefined;
|
|
496
|
-
x5t?: string | undefined;
|
|
497
|
-
'x5t#S256'?: string | undefined;
|
|
498
|
-
x5u?: string | undefined;
|
|
499
|
-
}>, z.ZodObject<{
|
|
500
|
-
alg: z.ZodString;
|
|
501
|
-
}, "strip", z.ZodTypeAny, {
|
|
502
|
-
alg: string;
|
|
503
|
-
}, {
|
|
504
|
-
alg: string;
|
|
505
|
-
}>>;
|
|
506
|
-
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
|
|
507
|
-
export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
|
|
3
|
+
export declare class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
|
|
508
4
|
readonly cryptoKeyPair: CryptoKeyPair;
|
|
509
|
-
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey
|
|
510
|
-
|
|
511
|
-
alg: string;
|
|
512
|
-
kid?: string | undefined | undefined;
|
|
513
|
-
ext?: boolean | undefined | undefined;
|
|
514
|
-
use?: "sig" | "enc" | undefined | undefined;
|
|
515
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
|
|
516
|
-
x5c?: string[] | undefined | undefined;
|
|
517
|
-
x5t?: string | undefined | undefined;
|
|
518
|
-
'x5t#S256'?: string | undefined | undefined;
|
|
519
|
-
x5u?: string | undefined | undefined;
|
|
520
|
-
}>>;
|
|
521
|
-
static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
|
|
522
|
-
kty: string;
|
|
523
|
-
alg: string;
|
|
524
|
-
kid?: string | undefined | undefined;
|
|
525
|
-
ext?: boolean | undefined | undefined;
|
|
526
|
-
use?: "sig" | "enc" | undefined | undefined;
|
|
527
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
|
|
528
|
-
x5c?: string[] | undefined | undefined;
|
|
529
|
-
x5t?: string | undefined | undefined;
|
|
530
|
-
'x5t#S256'?: string | undefined | undefined;
|
|
531
|
-
x5u?: string | undefined | undefined;
|
|
532
|
-
}>>;
|
|
5
|
+
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey>;
|
|
6
|
+
static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey>;
|
|
533
7
|
constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
|
|
534
8
|
get isPrivate(): boolean;
|
|
535
|
-
get privateJwk(): Readonly<J> | undefined;
|
|
536
9
|
protected getKeyObj(alg: string): Promise<CryptoKey>;
|
|
537
10
|
}
|
|
538
11
|
//# sourceMappingURL=webcrypto-key.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAuB,MAAM,cAAc,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAGnE,qBAAa,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,OAAO,CAAC,CAAC,CAAC;IAwC7D,QAAQ,CAAC,aAAa,EAAE,aAAa;WArCjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,YAAY,CAAC;WAWX,WAAW,CACtB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,YAAY,CAAC;gBAkBtB,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAQvC,IAAI,SAAS,YAEZ;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
|
package/dist/webcrypto-key.js
CHANGED
|
@@ -1,12 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.WebcryptoKey =
|
|
4
|
-
const zod_1 = require("zod");
|
|
3
|
+
exports.WebcryptoKey = void 0;
|
|
5
4
|
const jwk_1 = require("@atproto/jwk");
|
|
6
5
|
const jwk_jose_1 = require("@atproto/jwk-jose");
|
|
7
6
|
const util_js_1 = require("./util.js");
|
|
8
|
-
// Webcrypto keys are bound to a single algorithm
|
|
9
|
-
exports.jwkWithAlgSchema = zod_1.z.intersection(jwk_1.jwkSchema, zod_1.z.object({ alg: zod_1.z.string() }));
|
|
10
7
|
class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
11
8
|
// We need to override the static method generate from JoseKey because
|
|
12
9
|
// the browser needs both the private and public keys
|
|
@@ -19,22 +16,15 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
|
19
16
|
return this.fromKeypair(keyPair, kid);
|
|
20
17
|
}
|
|
21
18
|
static async fromKeypair(cryptoKeyPair, kid) {
|
|
22
|
-
|
|
23
|
-
// > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
|
|
24
|
-
// > Applications should specify which of these members they use.
|
|
25
|
-
const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
|
|
19
|
+
const { alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
|
|
26
20
|
? cryptoKeyPair.privateKey
|
|
27
21
|
: cryptoKeyPair.publicKey);
|
|
28
|
-
|
|
29
|
-
throw new TypeError(`Unsupported JWK use "${use}"`);
|
|
30
|
-
}
|
|
31
|
-
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
32
|
-
// Make sure that "key_ops", if present, is compatible with "use"
|
|
33
|
-
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
|
|
34
|
-
}
|
|
35
|
-
return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
|
|
22
|
+
return new WebcryptoKey(jwk_1.jwkSchema.parse({ ...jwk, kid, alg }), cryptoKeyPair);
|
|
36
23
|
}
|
|
37
24
|
constructor(jwk, cryptoKeyPair) {
|
|
25
|
+
// Webcrypto keys are bound to a single algorithm
|
|
26
|
+
if (!jwk.alg)
|
|
27
|
+
throw new jwk_1.JwkError('JWK "alg" is required for Webcrypto keys');
|
|
38
28
|
super(jwk);
|
|
39
29
|
Object.defineProperty(this, "cryptoKeyPair", {
|
|
40
30
|
enumerable: true,
|
|
@@ -46,11 +36,6 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
|
46
36
|
get isPrivate() {
|
|
47
37
|
return true;
|
|
48
38
|
}
|
|
49
|
-
get privateJwk() {
|
|
50
|
-
if (super.isPrivate)
|
|
51
|
-
return this.jwk;
|
|
52
|
-
throw new Error('Private Webcrypto Key not exportable');
|
|
53
|
-
}
|
|
54
39
|
async getKeyObj(alg) {
|
|
55
40
|
if (this.jwk.alg !== alg) {
|
|
56
41
|
throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,sCAAuD;AACvD,gDAAmE;AACnE,uCAAgE;AAEhE,MAAa,YAAkC,SAAQ,kBAAU;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,aAA4B,EAC5B,GAAY;QAEZ,MAAM,EACJ,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,OAAO,IAAI,YAAY,CACrB,eAAS,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EACrC,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,cAAQ,CAAC,0CAA0C,CAAC,CAAA;QAE5E,KAAK,CAAC,GAAG,CAAC,CAAA;QALV;;;;mBAAS,aAAa;WAAe;IAMvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1DD,oCA0DC","sourcesContent":["import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'\nimport { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'\nimport { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'\n\nexport class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {\n // We need to override the static method generate from JoseKey because\n // the browser needs both the private and public keys\n static override async generate(\n allowedAlgos: string[] = ['ES256'],\n kid: string = crypto.randomUUID(),\n options?: GenerateKeyPairOptions,\n ): Promise<WebcryptoKey> {\n const keyPair = await this.generateKeyPair(allowedAlgos, options)\n\n // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair\n if (!isCryptoKeyPair(keyPair)) {\n throw new TypeError('Invalid CryptoKeyPair')\n }\n\n return this.fromKeypair(keyPair, kid)\n }\n\n static async fromKeypair(\n cryptoKeyPair: CryptoKeyPair,\n kid?: string,\n ): Promise<WebcryptoKey> {\n const {\n alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),\n ...jwk\n } = await crypto.subtle.exportKey(\n 'jwk',\n cryptoKeyPair.privateKey.extractable\n ? cryptoKeyPair.privateKey\n : cryptoKeyPair.publicKey,\n )\n\n return new WebcryptoKey<Jwk>(\n jwkSchema.parse({ ...jwk, kid, alg }),\n cryptoKeyPair,\n )\n }\n\n constructor(\n jwk: Readonly<J>,\n readonly cryptoKeyPair: CryptoKeyPair,\n ) {\n // Webcrypto keys are bound to a single algorithm\n if (!jwk.alg) throw new JwkError('JWK \"alg\" is required for Webcrypto keys')\n\n super(jwk)\n }\n\n get isPrivate() {\n return true\n }\n\n protected override async getKeyObj(alg: string) {\n if (this.jwk.alg !== alg) {\n throw new JwkError(`Key cannot be used with algorithm \"${alg}\"`)\n }\n return this.cryptoKeyPair.privateKey\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/jwk-webcrypto",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Webcrypto based implementation of @atproto/jwk Key's",
|
|
6
6
|
"keywords": [
|
|
@@ -25,8 +25,8 @@
|
|
|
25
25
|
},
|
|
26
26
|
"dependencies": {
|
|
27
27
|
"zod": "^3.23.8",
|
|
28
|
-
"@atproto/jwk": "0.
|
|
29
|
-
"@atproto/jwk-jose": "0.1.
|
|
28
|
+
"@atproto/jwk": "0.6.0",
|
|
29
|
+
"@atproto/jwk-jose": "0.1.11"
|
|
30
30
|
},
|
|
31
31
|
"devDependencies": {
|
|
32
32
|
"typescript": "^5.6.3"
|
package/src/webcrypto-key.ts
CHANGED
|
@@ -1,26 +1,15 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { JwkError, jwkSchema } from '@atproto/jwk'
|
|
1
|
+
import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
|
|
3
2
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
|
|
4
3
|
import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
|
|
5
4
|
|
|
6
|
-
|
|
7
|
-
export const jwkWithAlgSchema = z.intersection(
|
|
8
|
-
jwkSchema,
|
|
9
|
-
z.object({ alg: z.string() }),
|
|
10
|
-
)
|
|
11
|
-
|
|
12
|
-
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
|
|
13
|
-
|
|
14
|
-
export class WebcryptoKey<
|
|
15
|
-
J extends JwkWithAlg = JwkWithAlg,
|
|
16
|
-
> extends JoseKey<J> {
|
|
5
|
+
export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
|
|
17
6
|
// We need to override the static method generate from JoseKey because
|
|
18
7
|
// the browser needs both the private and public keys
|
|
19
8
|
static override async generate(
|
|
20
9
|
allowedAlgos: string[] = ['ES256'],
|
|
21
10
|
kid: string = crypto.randomUUID(),
|
|
22
11
|
options?: GenerateKeyPairOptions,
|
|
23
|
-
) {
|
|
12
|
+
): Promise<WebcryptoKey> {
|
|
24
13
|
const keyPair = await this.generateKeyPair(allowedAlgos, options)
|
|
25
14
|
|
|
26
15
|
// Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
|
|
@@ -31,14 +20,11 @@ export class WebcryptoKey<
|
|
|
31
20
|
return this.fromKeypair(keyPair, kid)
|
|
32
21
|
}
|
|
33
22
|
|
|
34
|
-
static async fromKeypair(
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
23
|
+
static async fromKeypair(
|
|
24
|
+
cryptoKeyPair: CryptoKeyPair,
|
|
25
|
+
kid?: string,
|
|
26
|
+
): Promise<WebcryptoKey> {
|
|
39
27
|
const {
|
|
40
|
-
key_ops,
|
|
41
|
-
use,
|
|
42
28
|
alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
|
|
43
29
|
...jwk
|
|
44
30
|
} = await crypto.subtle.exportKey(
|
|
@@ -48,17 +34,8 @@ export class WebcryptoKey<
|
|
|
48
34
|
: cryptoKeyPair.publicKey,
|
|
49
35
|
)
|
|
50
36
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
56
|
-
// Make sure that "key_ops", if present, is compatible with "use"
|
|
57
|
-
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
return new WebcryptoKey(
|
|
61
|
-
jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
|
|
37
|
+
return new WebcryptoKey<Jwk>(
|
|
38
|
+
jwkSchema.parse({ ...jwk, kid, alg }),
|
|
62
39
|
cryptoKeyPair,
|
|
63
40
|
)
|
|
64
41
|
}
|
|
@@ -67,6 +44,9 @@ export class WebcryptoKey<
|
|
|
67
44
|
jwk: Readonly<J>,
|
|
68
45
|
readonly cryptoKeyPair: CryptoKeyPair,
|
|
69
46
|
) {
|
|
47
|
+
// Webcrypto keys are bound to a single algorithm
|
|
48
|
+
if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
|
|
49
|
+
|
|
70
50
|
super(jwk)
|
|
71
51
|
}
|
|
72
52
|
|
|
@@ -74,11 +54,6 @@ export class WebcryptoKey<
|
|
|
74
54
|
return true
|
|
75
55
|
}
|
|
76
56
|
|
|
77
|
-
get privateJwk(): Readonly<J> | undefined {
|
|
78
|
-
if (super.isPrivate) return this.jwk
|
|
79
|
-
throw new Error('Private Webcrypto Key not exportable')
|
|
80
|
-
}
|
|
81
|
-
|
|
82
57
|
protected override async getKeyObj(alg: string) {
|
|
83
58
|
if (this.jwk.alg !== alg) {
|
|
84
59
|
throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
|