@atproto/jwk-webcrypto 0.1.10 → 0.3.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,37 @@
1
1
  # @atproto/jwk-webcrypto
2
2
 
3
+ ## 0.3.0-next.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
8
+
9
+ - [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
10
+
11
+ Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
12
+
13
+ - [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0. Emitted `.d.ts` files now use TypeScript 6's stricter `Uint8Array<ArrayBuffer>` typing in places where Web/Node APIs require buffer-backed (not shared-memory) byte arrays. Consumers compiling against these types on older TypeScript should see no runtime impact, but may need to widen or cast in spots that previously relied on `Uint8Array` defaulting to `<ArrayBufferLike>`.
14
+
15
+ Internal: tsconfig `moduleResolution: "node"` is silenced via `ignoreDeprecations: "6.0"` for now; the proper migration to `node16`/`bundler` resolution is deferred.
16
+
17
+ ### Patch Changes
18
+
19
+ - Updated dependencies [[`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b), [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028), [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9)]:
20
+ - @atproto/jwk@0.7.0-next.0
21
+ - @atproto/jwk-jose@0.2.0-next.0
22
+
23
+ ## 0.2.0
24
+
25
+ ### Minor Changes
26
+
27
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
28
+
29
+ ### Patch Changes
30
+
31
+ - Updated dependencies [[`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815)]:
32
+ - @atproto/jwk@0.6.0
33
+ - @atproto/jwk-jose@0.1.11
34
+
3
35
  ## 0.1.10
4
36
 
5
37
  ### Patch Changes
package/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  Dual MIT/Apache-2.0 License
2
2
 
3
- Copyright (c) 2022-2025 Bluesky Social PBC, and Contributors
3
+ Copyright (c) 2022-2026 Bluesky Social PBC, and Contributors
4
4
 
5
5
  Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
6
 
package/dist/index.js CHANGED
@@ -1,18 +1,2 @@
1
- "use strict";
2
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
- if (k2 === undefined) k2 = k;
4
- var desc = Object.getOwnPropertyDescriptor(m, k);
5
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
- desc = { enumerable: true, get: function() { return m[k]; } };
7
- }
8
- Object.defineProperty(o, k2, desc);
9
- }) : (function(o, m, k, k2) {
10
- if (k2 === undefined) k2 = k;
11
- o[k2] = m[k];
12
- }));
13
- var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
- for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
- };
16
- Object.defineProperty(exports, "__esModule", { value: true });
17
- __exportStar(require("./webcrypto-key.js"), exports);
1
+ export * from './webcrypto-key.js';
18
2
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA","sourcesContent":["export * from './webcrypto-key.js'\n"]}
package/dist/util.js CHANGED
@@ -1,9 +1,4 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.toSubtleAlgorithm = toSubtleAlgorithm;
4
- exports.fromSubtleAlgorithm = fromSubtleAlgorithm;
5
- exports.isCryptoKeyPair = isCryptoKeyPair;
6
- function toSubtleAlgorithm(alg, crv, options) {
1
+ export function toSubtleAlgorithm(alg, crv, options) {
7
2
  switch (alg) {
8
3
  case 'PS256':
9
4
  case 'PS384':
@@ -39,7 +34,7 @@ function toSubtleAlgorithm(alg, crv, options) {
39
34
  throw new TypeError(`Unsupported alg "${alg}"`);
40
35
  }
41
36
  }
42
- function fromSubtleAlgorithm(algorithm) {
37
+ export function fromSubtleAlgorithm(algorithm) {
43
38
  switch (algorithm.name) {
44
39
  case 'RSA-PSS':
45
40
  case 'RSASSA-PKCS1-v1_5': {
@@ -76,7 +71,7 @@ function fromSubtleAlgorithm(algorithm) {
76
71
  throw new TypeError(`Unexpected algorithm "${algorithm.name}"`);
77
72
  }
78
73
  }
79
- function isCryptoKeyPair(v, extractable) {
74
+ export function isCryptoKeyPair(v, extractable) {
80
75
  return (typeof v === 'object' &&
81
76
  v !== null &&
82
77
  'privateKey' in v &&
package/dist/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAsBA,MAAM,UAAU,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC","sourcesContent":["export type JWSAlgorithm =\n // HMAC\n | 'HS256'\n | 'HS384'\n | 'HS512'\n // RSA\n | 'PS256'\n | 'PS384'\n | 'PS512'\n | 'RS256'\n | 'RS384'\n | 'RS512'\n // EC\n | 'ES256'\n | 'ES256K'\n | 'ES384'\n | 'ES512'\n // OKP\n | 'EdDSA'\n\nexport type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams\n\nexport function toSubtleAlgorithm(\n alg: string,\n crv?: string,\n options?: { modulusLength?: number },\n): SubtleAlgorithm {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'ES256':\n case 'ES384':\n return {\n name: 'ECDSA',\n namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,\n }\n case 'ES512':\n return {\n name: 'ECDSA',\n namedCurve: 'P-521',\n }\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unsupported alg \"${alg}\"`)\n }\n}\n\nexport function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {\n switch (algorithm.name) {\n case 'RSA-PSS':\n case 'RSASSA-PKCS1-v1_5': {\n const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name\n switch (hash) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'\n return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`\n }\n default:\n throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')\n }\n }\n case 'ECDSA': {\n const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve\n switch (namedCurve) {\n case 'P-256':\n case 'P-384':\n case 'P-512':\n return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`\n case 'P-521':\n return 'ES512'\n default:\n throw new TypeError('unsupported EcKeyAlgorithm namedCurve')\n }\n }\n case 'Ed448':\n case 'Ed25519':\n return 'EdDSA'\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unexpected algorithm \"${algorithm.name}\"`)\n }\n}\n\nexport function isCryptoKeyPair(\n v: unknown,\n extractable?: boolean,\n): v is CryptoKeyPair {\n return (\n typeof v === 'object' &&\n v !== null &&\n 'privateKey' in v &&\n v.privateKey instanceof CryptoKey &&\n v.privateKey.type === 'private' &&\n (extractable == null || v.privateKey.extractable === extractable) &&\n v.privateKey.usages.includes('sign') &&\n 'publicKey' in v &&\n v.publicKey instanceof CryptoKey &&\n v.publicKey.type === 'public' &&\n v.publicKey.extractable === true &&\n v.publicKey.usages.includes('verify')\n )\n}\n"]}
@@ -1,538 +1,11 @@
1
- import { z } from 'zod';
1
+ import { Jwk } from '@atproto/jwk';
2
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
3
- export declare const jwkWithAlgSchema: z.ZodIntersection<z.ZodEffects<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
4
- kty: z.ZodString;
5
- alg: z.ZodOptional<z.ZodString>;
6
- kid: z.ZodOptional<z.ZodString>;
7
- ext: z.ZodOptional<z.ZodBoolean>;
8
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
9
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
10
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
11
- x5t: z.ZodOptional<z.ZodString>;
12
- 'x5t#S256': z.ZodOptional<z.ZodString>;
13
- x5u: z.ZodOptional<z.ZodString>;
14
- }, {
15
- kty: z.ZodEffects<z.ZodString, string, string>;
16
- }>, "strip", z.ZodTypeAny, {
17
- kty: string;
18
- alg?: string | undefined;
19
- kid?: string | undefined;
20
- ext?: boolean | undefined;
21
- use?: "sig" | "enc" | undefined;
22
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
23
- x5c?: string[] | undefined;
24
- x5t?: string | undefined;
25
- 'x5t#S256'?: string | undefined;
26
- x5u?: string | undefined;
27
- }, {
28
- kty: string;
29
- alg?: string | undefined;
30
- kid?: string | undefined;
31
- ext?: boolean | undefined;
32
- use?: "sig" | "enc" | undefined;
33
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
34
- x5c?: string[] | undefined;
35
- x5t?: string | undefined;
36
- 'x5t#S256'?: string | undefined;
37
- x5u?: string | undefined;
38
- }>, z.ZodObject<z.objectUtil.extendShape<{
39
- kty: z.ZodString;
40
- alg: z.ZodOptional<z.ZodString>;
41
- kid: z.ZodOptional<z.ZodString>;
42
- ext: z.ZodOptional<z.ZodBoolean>;
43
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
44
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
45
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
46
- x5t: z.ZodOptional<z.ZodString>;
47
- 'x5t#S256': z.ZodOptional<z.ZodString>;
48
- x5u: z.ZodOptional<z.ZodString>;
49
- }, {
50
- kty: z.ZodLiteral<"RSA">;
51
- alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
52
- n: z.ZodString;
53
- e: z.ZodString;
54
- d: z.ZodOptional<z.ZodString>;
55
- p: z.ZodOptional<z.ZodString>;
56
- q: z.ZodOptional<z.ZodString>;
57
- dp: z.ZodOptional<z.ZodString>;
58
- dq: z.ZodOptional<z.ZodString>;
59
- qi: z.ZodOptional<z.ZodString>;
60
- oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
61
- r: z.ZodOptional<z.ZodString>;
62
- d: z.ZodOptional<z.ZodString>;
63
- t: z.ZodOptional<z.ZodString>;
64
- }, "strip", z.ZodTypeAny, {
65
- d?: string | undefined;
66
- r?: string | undefined;
67
- t?: string | undefined;
68
- }, {
69
- d?: string | undefined;
70
- r?: string | undefined;
71
- t?: string | undefined;
72
- }>, "atleastone">>;
73
- }>, "strip", z.ZodTypeAny, {
74
- kty: "RSA";
75
- n: string;
76
- e: string;
77
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
78
- kid?: string | undefined;
79
- ext?: boolean | undefined;
80
- use?: "sig" | "enc" | undefined;
81
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
82
- x5c?: string[] | undefined;
83
- x5t?: string | undefined;
84
- 'x5t#S256'?: string | undefined;
85
- x5u?: string | undefined;
86
- d?: string | undefined;
87
- p?: string | undefined;
88
- q?: string | undefined;
89
- dp?: string | undefined;
90
- dq?: string | undefined;
91
- qi?: string | undefined;
92
- oth?: [{
93
- d?: string | undefined;
94
- r?: string | undefined;
95
- t?: string | undefined;
96
- }, ...{
97
- d?: string | undefined;
98
- r?: string | undefined;
99
- t?: string | undefined;
100
- }[]] | undefined;
101
- }, {
102
- kty: "RSA";
103
- n: string;
104
- e: string;
105
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
106
- kid?: string | undefined;
107
- ext?: boolean | undefined;
108
- use?: "sig" | "enc" | undefined;
109
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
110
- x5c?: string[] | undefined;
111
- x5t?: string | undefined;
112
- 'x5t#S256'?: string | undefined;
113
- x5u?: string | undefined;
114
- d?: string | undefined;
115
- p?: string | undefined;
116
- q?: string | undefined;
117
- dp?: string | undefined;
118
- dq?: string | undefined;
119
- qi?: string | undefined;
120
- oth?: [{
121
- d?: string | undefined;
122
- r?: string | undefined;
123
- t?: string | undefined;
124
- }, ...{
125
- d?: string | undefined;
126
- r?: string | undefined;
127
- t?: string | undefined;
128
- }[]] | undefined;
129
- }>, z.ZodObject<z.objectUtil.extendShape<{
130
- kty: z.ZodString;
131
- alg: z.ZodOptional<z.ZodString>;
132
- kid: z.ZodOptional<z.ZodString>;
133
- ext: z.ZodOptional<z.ZodBoolean>;
134
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
135
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
136
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
137
- x5t: z.ZodOptional<z.ZodString>;
138
- 'x5t#S256': z.ZodOptional<z.ZodString>;
139
- x5u: z.ZodOptional<z.ZodString>;
140
- }, {
141
- kty: z.ZodLiteral<"EC">;
142
- alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
143
- crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
144
- x: z.ZodString;
145
- y: z.ZodString;
146
- d: z.ZodOptional<z.ZodString>;
147
- }>, "strip", z.ZodTypeAny, {
148
- kty: "EC";
149
- crv: "P-256" | "P-384" | "P-521";
150
- x: string;
151
- y: string;
152
- alg?: "ES256" | "ES384" | "ES512" | undefined;
153
- kid?: string | undefined;
154
- ext?: boolean | undefined;
155
- use?: "sig" | "enc" | undefined;
156
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
157
- x5c?: string[] | undefined;
158
- x5t?: string | undefined;
159
- 'x5t#S256'?: string | undefined;
160
- x5u?: string | undefined;
161
- d?: string | undefined;
162
- }, {
163
- kty: "EC";
164
- crv: "P-256" | "P-384" | "P-521";
165
- x: string;
166
- y: string;
167
- alg?: "ES256" | "ES384" | "ES512" | undefined;
168
- kid?: string | undefined;
169
- ext?: boolean | undefined;
170
- use?: "sig" | "enc" | undefined;
171
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
172
- x5c?: string[] | undefined;
173
- x5t?: string | undefined;
174
- 'x5t#S256'?: string | undefined;
175
- x5u?: string | undefined;
176
- d?: string | undefined;
177
- }>, z.ZodObject<z.objectUtil.extendShape<{
178
- kty: z.ZodString;
179
- alg: z.ZodOptional<z.ZodString>;
180
- kid: z.ZodOptional<z.ZodString>;
181
- ext: z.ZodOptional<z.ZodBoolean>;
182
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
183
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
184
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
185
- x5t: z.ZodOptional<z.ZodString>;
186
- 'x5t#S256': z.ZodOptional<z.ZodString>;
187
- x5u: z.ZodOptional<z.ZodString>;
188
- }, {
189
- kty: z.ZodLiteral<"EC">;
190
- alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
191
- crv: z.ZodEnum<["secp256k1"]>;
192
- x: z.ZodString;
193
- y: z.ZodString;
194
- d: z.ZodOptional<z.ZodString>;
195
- }>, "strip", z.ZodTypeAny, {
196
- kty: "EC";
197
- crv: "secp256k1";
198
- x: string;
199
- y: string;
200
- alg?: "ES256K" | undefined;
201
- kid?: string | undefined;
202
- ext?: boolean | undefined;
203
- use?: "sig" | "enc" | undefined;
204
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
205
- x5c?: string[] | undefined;
206
- x5t?: string | undefined;
207
- 'x5t#S256'?: string | undefined;
208
- x5u?: string | undefined;
209
- d?: string | undefined;
210
- }, {
211
- kty: "EC";
212
- crv: "secp256k1";
213
- x: string;
214
- y: string;
215
- alg?: "ES256K" | undefined;
216
- kid?: string | undefined;
217
- ext?: boolean | undefined;
218
- use?: "sig" | "enc" | undefined;
219
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
220
- x5c?: string[] | undefined;
221
- x5t?: string | undefined;
222
- 'x5t#S256'?: string | undefined;
223
- x5u?: string | undefined;
224
- d?: string | undefined;
225
- }>, z.ZodObject<z.objectUtil.extendShape<{
226
- kty: z.ZodString;
227
- alg: z.ZodOptional<z.ZodString>;
228
- kid: z.ZodOptional<z.ZodString>;
229
- ext: z.ZodOptional<z.ZodBoolean>;
230
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
231
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
232
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
233
- x5t: z.ZodOptional<z.ZodString>;
234
- 'x5t#S256': z.ZodOptional<z.ZodString>;
235
- x5u: z.ZodOptional<z.ZodString>;
236
- }, {
237
- kty: z.ZodLiteral<"OKP">;
238
- alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
239
- crv: z.ZodEnum<["Ed25519", "Ed448"]>;
240
- x: z.ZodString;
241
- d: z.ZodOptional<z.ZodString>;
242
- }>, "strip", z.ZodTypeAny, {
243
- kty: "OKP";
244
- crv: "Ed25519" | "Ed448";
245
- x: string;
246
- alg?: "EdDSA" | undefined;
247
- kid?: string | undefined;
248
- ext?: boolean | undefined;
249
- use?: "sig" | "enc" | undefined;
250
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
251
- x5c?: string[] | undefined;
252
- x5t?: string | undefined;
253
- 'x5t#S256'?: string | undefined;
254
- x5u?: string | undefined;
255
- d?: string | undefined;
256
- }, {
257
- kty: "OKP";
258
- crv: "Ed25519" | "Ed448";
259
- x: string;
260
- alg?: "EdDSA" | undefined;
261
- kid?: string | undefined;
262
- ext?: boolean | undefined;
263
- use?: "sig" | "enc" | undefined;
264
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
265
- x5c?: string[] | undefined;
266
- x5t?: string | undefined;
267
- 'x5t#S256'?: string | undefined;
268
- x5u?: string | undefined;
269
- d?: string | undefined;
270
- }>, z.ZodObject<z.objectUtil.extendShape<{
271
- kty: z.ZodString;
272
- alg: z.ZodOptional<z.ZodString>;
273
- kid: z.ZodOptional<z.ZodString>;
274
- ext: z.ZodOptional<z.ZodBoolean>;
275
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
276
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
277
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
278
- x5t: z.ZodOptional<z.ZodString>;
279
- 'x5t#S256': z.ZodOptional<z.ZodString>;
280
- x5u: z.ZodOptional<z.ZodString>;
281
- }, {
282
- kty: z.ZodLiteral<"oct">;
283
- alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
284
- k: z.ZodString;
285
- }>, "strip", z.ZodTypeAny, {
286
- kty: "oct";
287
- k: string;
288
- alg?: "HS256" | "HS384" | "HS512" | undefined;
289
- kid?: string | undefined;
290
- ext?: boolean | undefined;
291
- use?: "sig" | "enc" | undefined;
292
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
293
- x5c?: string[] | undefined;
294
- x5t?: string | undefined;
295
- 'x5t#S256'?: string | undefined;
296
- x5u?: string | undefined;
297
- }, {
298
- kty: "oct";
299
- k: string;
300
- alg?: "HS256" | "HS384" | "HS512" | undefined;
301
- kid?: string | undefined;
302
- ext?: boolean | undefined;
303
- use?: "sig" | "enc" | undefined;
304
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
305
- x5c?: string[] | undefined;
306
- x5t?: string | undefined;
307
- 'x5t#S256'?: string | undefined;
308
- x5u?: string | undefined;
309
- }>]>, {
310
- kty: "RSA";
311
- n: string;
312
- e: string;
313
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
314
- kid?: string | undefined;
315
- ext?: boolean | undefined;
316
- use?: "sig" | "enc" | undefined;
317
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
318
- x5c?: string[] | undefined;
319
- x5t?: string | undefined;
320
- 'x5t#S256'?: string | undefined;
321
- x5u?: string | undefined;
322
- d?: string | undefined;
323
- p?: string | undefined;
324
- q?: string | undefined;
325
- dp?: string | undefined;
326
- dq?: string | undefined;
327
- qi?: string | undefined;
328
- oth?: [{
329
- d?: string | undefined;
330
- r?: string | undefined;
331
- t?: string | undefined;
332
- }, ...{
333
- d?: string | undefined;
334
- r?: string | undefined;
335
- t?: string | undefined;
336
- }[]] | undefined;
337
- } | {
338
- kty: "EC";
339
- crv: "P-256" | "P-384" | "P-521";
340
- x: string;
341
- y: string;
342
- alg?: "ES256" | "ES384" | "ES512" | undefined;
343
- kid?: string | undefined;
344
- ext?: boolean | undefined;
345
- use?: "sig" | "enc" | undefined;
346
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
347
- x5c?: string[] | undefined;
348
- x5t?: string | undefined;
349
- 'x5t#S256'?: string | undefined;
350
- x5u?: string | undefined;
351
- d?: string | undefined;
352
- } | {
353
- kty: "EC";
354
- crv: "secp256k1";
355
- x: string;
356
- y: string;
357
- alg?: "ES256K" | undefined;
358
- kid?: string | undefined;
359
- ext?: boolean | undefined;
360
- use?: "sig" | "enc" | undefined;
361
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
362
- x5c?: string[] | undefined;
363
- x5t?: string | undefined;
364
- 'x5t#S256'?: string | undefined;
365
- x5u?: string | undefined;
366
- d?: string | undefined;
367
- } | {
368
- kty: "OKP";
369
- crv: "Ed25519" | "Ed448";
370
- x: string;
371
- alg?: "EdDSA" | undefined;
372
- kid?: string | undefined;
373
- ext?: boolean | undefined;
374
- use?: "sig" | "enc" | undefined;
375
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
376
- x5c?: string[] | undefined;
377
- x5t?: string | undefined;
378
- 'x5t#S256'?: string | undefined;
379
- x5u?: string | undefined;
380
- d?: string | undefined;
381
- } | {
382
- kty: "oct";
383
- k: string;
384
- alg?: "HS256" | "HS384" | "HS512" | undefined;
385
- kid?: string | undefined;
386
- ext?: boolean | undefined;
387
- use?: "sig" | "enc" | undefined;
388
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
389
- x5c?: string[] | undefined;
390
- x5t?: string | undefined;
391
- 'x5t#S256'?: string | undefined;
392
- x5u?: string | undefined;
393
- } | {
394
- kty: string;
395
- alg?: string | undefined;
396
- kid?: string | undefined;
397
- ext?: boolean | undefined;
398
- use?: "sig" | "enc" | undefined;
399
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
400
- x5c?: string[] | undefined;
401
- x5t?: string | undefined;
402
- 'x5t#S256'?: string | undefined;
403
- x5u?: string | undefined;
404
- }, {
405
- kty: "RSA";
406
- n: string;
407
- e: string;
408
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
409
- kid?: string | undefined;
410
- ext?: boolean | undefined;
411
- use?: "sig" | "enc" | undefined;
412
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
413
- x5c?: string[] | undefined;
414
- x5t?: string | undefined;
415
- 'x5t#S256'?: string | undefined;
416
- x5u?: string | undefined;
417
- d?: string | undefined;
418
- p?: string | undefined;
419
- q?: string | undefined;
420
- dp?: string | undefined;
421
- dq?: string | undefined;
422
- qi?: string | undefined;
423
- oth?: [{
424
- d?: string | undefined;
425
- r?: string | undefined;
426
- t?: string | undefined;
427
- }, ...{
428
- d?: string | undefined;
429
- r?: string | undefined;
430
- t?: string | undefined;
431
- }[]] | undefined;
432
- } | {
433
- kty: "EC";
434
- crv: "P-256" | "P-384" | "P-521";
435
- x: string;
436
- y: string;
437
- alg?: "ES256" | "ES384" | "ES512" | undefined;
438
- kid?: string | undefined;
439
- ext?: boolean | undefined;
440
- use?: "sig" | "enc" | undefined;
441
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
442
- x5c?: string[] | undefined;
443
- x5t?: string | undefined;
444
- 'x5t#S256'?: string | undefined;
445
- x5u?: string | undefined;
446
- d?: string | undefined;
447
- } | {
448
- kty: "EC";
449
- crv: "secp256k1";
450
- x: string;
451
- y: string;
452
- alg?: "ES256K" | undefined;
453
- kid?: string | undefined;
454
- ext?: boolean | undefined;
455
- use?: "sig" | "enc" | undefined;
456
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
457
- x5c?: string[] | undefined;
458
- x5t?: string | undefined;
459
- 'x5t#S256'?: string | undefined;
460
- x5u?: string | undefined;
461
- d?: string | undefined;
462
- } | {
463
- kty: "OKP";
464
- crv: "Ed25519" | "Ed448";
465
- x: string;
466
- alg?: "EdDSA" | undefined;
467
- kid?: string | undefined;
468
- ext?: boolean | undefined;
469
- use?: "sig" | "enc" | undefined;
470
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
471
- x5c?: string[] | undefined;
472
- x5t?: string | undefined;
473
- 'x5t#S256'?: string | undefined;
474
- x5u?: string | undefined;
475
- d?: string | undefined;
476
- } | {
477
- kty: "oct";
478
- k: string;
479
- alg?: "HS256" | "HS384" | "HS512" | undefined;
480
- kid?: string | undefined;
481
- ext?: boolean | undefined;
482
- use?: "sig" | "enc" | undefined;
483
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
484
- x5c?: string[] | undefined;
485
- x5t?: string | undefined;
486
- 'x5t#S256'?: string | undefined;
487
- x5u?: string | undefined;
488
- } | {
489
- kty: string;
490
- alg?: string | undefined;
491
- kid?: string | undefined;
492
- ext?: boolean | undefined;
493
- use?: "sig" | "enc" | undefined;
494
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
495
- x5c?: string[] | undefined;
496
- x5t?: string | undefined;
497
- 'x5t#S256'?: string | undefined;
498
- x5u?: string | undefined;
499
- }>, z.ZodObject<{
500
- alg: z.ZodString;
501
- }, "strip", z.ZodTypeAny, {
502
- alg: string;
503
- }, {
504
- alg: string;
505
- }>>;
506
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
507
- export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
3
+ export declare class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
508
4
  readonly cryptoKeyPair: CryptoKeyPair;
509
- static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey<{
510
- kty: string;
511
- alg: string;
512
- kid?: string | undefined | undefined;
513
- ext?: boolean | undefined | undefined;
514
- use?: "sig" | "enc" | undefined | undefined;
515
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
516
- x5c?: string[] | undefined | undefined;
517
- x5t?: string | undefined | undefined;
518
- 'x5t#S256'?: string | undefined | undefined;
519
- x5u?: string | undefined | undefined;
520
- }>>;
521
- static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
522
- kty: string;
523
- alg: string;
524
- kid?: string | undefined | undefined;
525
- ext?: boolean | undefined | undefined;
526
- use?: "sig" | "enc" | undefined | undefined;
527
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
528
- x5c?: string[] | undefined | undefined;
529
- x5t?: string | undefined | undefined;
530
- 'x5t#S256'?: string | undefined | undefined;
531
- x5u?: string | undefined | undefined;
532
- }>>;
5
+ static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey>;
6
+ static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey>;
533
7
  constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
534
8
  get isPrivate(): boolean;
535
- get privateJwk(): Readonly<J> | undefined;
536
9
  protected getKeyObj(alg: string): Promise<CryptoKey>;
537
10
  }
538
11
  //# sourceMappingURL=webcrypto-key.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAInE,eAAO,MAAM,gBAAgB;SAkFojW,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;SAA44B,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAiE,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,UAAU;SAAa,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAAwC,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAA8uB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAAotB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;SAA+F,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAwC,EAAG,OAAO;OAAqC,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAkmC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAuB,EAAG,OAAO;OAAuB,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA4hC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAsB,EAAG,OAAO;OAA8B,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA8gC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAsC,EAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAyjD,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA2/F,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA/Erx0B,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,qBAAa,YAAY,CACvB,CAAC,SAAS,UAAU,GAAG,UAAU,CACjC,SAAQ,OAAO,CAAC,CAAC,CAAC;IAoDhB,QAAQ,CAAC,aAAa,EAAE,aAAa;WAjDjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;WAYrB,WAAW,CAAC,aAAa,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,MAAM;;;;;;;;;;;;gBAiCjE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAKvC,IAAI,SAAS,YAEZ;IAED,IAAI,UAAU,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAGxC;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
1
+ {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAuB,MAAM,cAAc,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAGnE,qBAAa,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,OAAO,CAAC,CAAC,CAAC;IAwC7D,QAAQ,CAAC,aAAa,EAAE,aAAa;WArCjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,YAAY,CAAC;WAWX,WAAW,CACtB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,YAAY,CAAC;gBAkBtB,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAQvC,IAAI,SAAS,YAEZ;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
@@ -1,62 +1,38 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.WebcryptoKey = exports.jwkWithAlgSchema = void 0;
4
- const zod_1 = require("zod");
5
- const jwk_1 = require("@atproto/jwk");
6
- const jwk_jose_1 = require("@atproto/jwk-jose");
7
- const util_js_1 = require("./util.js");
8
- // Webcrypto keys are bound to a single algorithm
9
- exports.jwkWithAlgSchema = zod_1.z.intersection(jwk_1.jwkSchema, zod_1.z.object({ alg: zod_1.z.string() }));
10
- class WebcryptoKey extends jwk_jose_1.JoseKey {
1
+ import { JwkError, jwkSchema } from '@atproto/jwk';
2
+ import { JoseKey } from '@atproto/jwk-jose';
3
+ import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js';
4
+ export class WebcryptoKey extends JoseKey {
11
5
  // We need to override the static method generate from JoseKey because
12
6
  // the browser needs both the private and public keys
13
7
  static async generate(allowedAlgos = ['ES256'], kid = crypto.randomUUID(), options) {
14
8
  const keyPair = await this.generateKeyPair(allowedAlgos, options);
15
9
  // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
16
- if (!(0, util_js_1.isCryptoKeyPair)(keyPair)) {
10
+ if (!isCryptoKeyPair(keyPair)) {
17
11
  throw new TypeError('Invalid CryptoKeyPair');
18
12
  }
19
13
  return this.fromKeypair(keyPair, kid);
20
14
  }
21
15
  static async fromKeypair(cryptoKeyPair, kid) {
22
- // https://datatracker.ietf.org/doc/html/rfc7517
23
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
24
- // > Applications should specify which of these members they use.
25
- const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
16
+ const { alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
26
17
  ? cryptoKeyPair.privateKey
27
18
  : cryptoKeyPair.publicKey);
28
- if (use && use !== 'sig') {
29
- throw new TypeError(`Unsupported JWK use "${use}"`);
30
- }
31
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
32
- // Make sure that "key_ops", if present, is compatible with "use"
33
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
34
- }
35
- return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
19
+ return new WebcryptoKey(jwkSchema.parse({ ...jwk, kid, alg }), cryptoKeyPair);
36
20
  }
37
21
  constructor(jwk, cryptoKeyPair) {
22
+ // Webcrypto keys are bound to a single algorithm
23
+ if (!jwk.alg)
24
+ throw new JwkError('JWK "alg" is required for Webcrypto keys');
38
25
  super(jwk);
39
- Object.defineProperty(this, "cryptoKeyPair", {
40
- enumerable: true,
41
- configurable: true,
42
- writable: true,
43
- value: cryptoKeyPair
44
- });
26
+ this.cryptoKeyPair = cryptoKeyPair;
45
27
  }
46
28
  get isPrivate() {
47
29
  return true;
48
30
  }
49
- get privateJwk() {
50
- if (super.isPrivate)
51
- return this.jwk;
52
- throw new Error('Private Webcrypto Key not exportable');
53
- }
54
31
  async getKeyObj(alg) {
55
32
  if (this.jwk.alg !== alg) {
56
- throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`);
33
+ throw new JwkError(`Key cannot be used with algorithm "${alg}"`);
57
34
  }
58
35
  return this.cryptoKeyPair.privateKey;
59
36
  }
60
37
  }
61
- exports.WebcryptoKey = WebcryptoKey;
62
38
  //# sourceMappingURL=webcrypto-key.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAAkD;AAClD,gDAAmE;AACnE,uCAAgE;AAEhE,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,YAAY,CAC5C,eAAS,EACT,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAC9B,CAAA;AAID,MAAa,YAEX,SAAQ,kBAAU;IAClB,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,aAA4B,EAAE,GAAY;QACjE,gDAAgD;QAChD,2EAA2E;QAC3E,iEAAiE;QAEjE,MAAM,EACJ,OAAO,EACP,GAAG,EACH,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAA;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACpE,iEAAiE;YACjE,MAAM,IAAI,SAAS,CAAC,oBAAoB,OAAO,iBAAiB,CAAC,CAAA;QACnE,CAAC;QAED,OAAO,IAAI,YAAY,CACrB,wBAAgB,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EACxD,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,KAAK,CAAC,GAAG,CAAC,CAAA;QAFV;;;;mBAAS,aAAa;WAAe;IAGvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,KAAK,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,GAAG,CAAA;QACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1ED,oCA0EC"}
1
+ {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EAA0B,OAAO,EAAE,MAAM,mBAAmB,CAAA;AACnE,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAEhE,MAAM,OAAO,YAAkC,SAAQ,OAAU;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,aAA4B,EAC5B,GAAY;QAEZ,MAAM,EACJ,GAAG,GAAG,mBAAmB,CAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,OAAO,IAAI,YAAY,CACrB,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EACrC,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,QAAQ,CAAC,0CAA0C,CAAC,CAAA;QAE5E,KAAK,CAAC,GAAG,CAAC,CAAA;QALD,kBAAa,GAAb,aAAa,CAAe;IAMvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,QAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF","sourcesContent":["import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'\nimport { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'\nimport { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'\n\nexport class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {\n // We need to override the static method generate from JoseKey because\n // the browser needs both the private and public keys\n static override async generate(\n allowedAlgos: string[] = ['ES256'],\n kid: string = crypto.randomUUID(),\n options?: GenerateKeyPairOptions,\n ): Promise<WebcryptoKey> {\n const keyPair = await this.generateKeyPair(allowedAlgos, options)\n\n // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair\n if (!isCryptoKeyPair(keyPair)) {\n throw new TypeError('Invalid CryptoKeyPair')\n }\n\n return this.fromKeypair(keyPair, kid)\n }\n\n static async fromKeypair(\n cryptoKeyPair: CryptoKeyPair,\n kid?: string,\n ): Promise<WebcryptoKey> {\n const {\n alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),\n ...jwk\n } = await crypto.subtle.exportKey(\n 'jwk',\n cryptoKeyPair.privateKey.extractable\n ? cryptoKeyPair.privateKey\n : cryptoKeyPair.publicKey,\n )\n\n return new WebcryptoKey<Jwk>(\n jwkSchema.parse({ ...jwk, kid, alg }),\n cryptoKeyPair,\n )\n }\n\n constructor(\n jwk: Readonly<J>,\n readonly cryptoKeyPair: CryptoKeyPair,\n ) {\n // Webcrypto keys are bound to a single algorithm\n if (!jwk.alg) throw new JwkError('JWK \"alg\" is required for Webcrypto keys')\n\n super(jwk)\n }\n\n get isPrivate() {\n return true\n }\n\n protected override async getKeyObj(alg: string) {\n if (this.jwk.alg !== alg) {\n throw new JwkError(`Key cannot be used with algorithm \"${alg}\"`)\n }\n return this.cryptoKeyPair.privateKey\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,9 @@
1
1
  {
2
2
  "name": "@atproto/jwk-webcrypto",
3
- "version": "0.1.10",
3
+ "version": "0.3.0-next.0",
4
+ "engines": {
5
+ "node": ">=22"
6
+ },
4
7
  "license": "MIT",
5
8
  "description": "Webcrypto based implementation of @atproto/jwk Key's",
6
9
  "keywords": [
@@ -14,9 +17,7 @@
14
17
  "url": "https://github.com/bluesky-social/atproto",
15
18
  "directory": "packages/oauth/jwk-webcrypto"
16
19
  },
17
- "type": "commonjs",
18
- "main": "dist/index.js",
19
- "types": "dist/index.d.ts",
20
+ "type": "module",
20
21
  "exports": {
21
22
  ".": {
22
23
  "types": "./dist/index.d.ts",
@@ -25,11 +26,11 @@
25
26
  },
26
27
  "dependencies": {
27
28
  "zod": "^3.23.8",
28
- "@atproto/jwk": "0.5.0",
29
- "@atproto/jwk-jose": "0.1.10"
29
+ "@atproto/jwk": "^0.7.0-next.0",
30
+ "@atproto/jwk-jose": "^0.2.0-next.0"
30
31
  },
31
32
  "devDependencies": {
32
- "typescript": "^5.6.3"
33
+ "typescript": "^6.0.3"
33
34
  },
34
35
  "scripts": {
35
36
  "build": "tsc --build tsconfig.build.json"
@@ -1,26 +1,15 @@
1
- import { z } from 'zod'
2
- import { JwkError, jwkSchema } from '@atproto/jwk'
1
+ import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
3
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
4
3
  import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
5
4
 
6
- // Webcrypto keys are bound to a single algorithm
7
- export const jwkWithAlgSchema = z.intersection(
8
- jwkSchema,
9
- z.object({ alg: z.string() }),
10
- )
11
-
12
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
13
-
14
- export class WebcryptoKey<
15
- J extends JwkWithAlg = JwkWithAlg,
16
- > extends JoseKey<J> {
5
+ export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
17
6
  // We need to override the static method generate from JoseKey because
18
7
  // the browser needs both the private and public keys
19
8
  static override async generate(
20
9
  allowedAlgos: string[] = ['ES256'],
21
10
  kid: string = crypto.randomUUID(),
22
11
  options?: GenerateKeyPairOptions,
23
- ) {
12
+ ): Promise<WebcryptoKey> {
24
13
  const keyPair = await this.generateKeyPair(allowedAlgos, options)
25
14
 
26
15
  // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
@@ -31,14 +20,11 @@ export class WebcryptoKey<
31
20
  return this.fromKeypair(keyPair, kid)
32
21
  }
33
22
 
34
- static async fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string) {
35
- // https://datatracker.ietf.org/doc/html/rfc7517
36
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
37
- // > Applications should specify which of these members they use.
38
-
23
+ static async fromKeypair(
24
+ cryptoKeyPair: CryptoKeyPair,
25
+ kid?: string,
26
+ ): Promise<WebcryptoKey> {
39
27
  const {
40
- key_ops,
41
- use,
42
28
  alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
43
29
  ...jwk
44
30
  } = await crypto.subtle.exportKey(
@@ -48,17 +34,8 @@ export class WebcryptoKey<
48
34
  : cryptoKeyPair.publicKey,
49
35
  )
50
36
 
51
- if (use && use !== 'sig') {
52
- throw new TypeError(`Unsupported JWK use "${use}"`)
53
- }
54
-
55
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
56
- // Make sure that "key_ops", if present, is compatible with "use"
57
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
58
- }
59
-
60
- return new WebcryptoKey(
61
- jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
37
+ return new WebcryptoKey<Jwk>(
38
+ jwkSchema.parse({ ...jwk, kid, alg }),
62
39
  cryptoKeyPair,
63
40
  )
64
41
  }
@@ -67,6 +44,9 @@ export class WebcryptoKey<
67
44
  jwk: Readonly<J>,
68
45
  readonly cryptoKeyPair: CryptoKeyPair,
69
46
  ) {
47
+ // Webcrypto keys are bound to a single algorithm
48
+ if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
49
+
70
50
  super(jwk)
71
51
  }
72
52
 
@@ -74,11 +54,6 @@ export class WebcryptoKey<
74
54
  return true
75
55
  }
76
56
 
77
- get privateJwk(): Readonly<J> | undefined {
78
- if (super.isPrivate) return this.jwk
79
- throw new Error('Private Webcrypto Key not exportable')
80
- }
81
-
82
57
  protected override async getKeyObj(alg: string) {
83
58
  if (this.jwk.alg !== alg) {
84
59
  throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
@@ -1 +1 @@
1
- {"root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"],"version":"5.8.2"}
1
+ {"root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"],"version":"6.0.3"}