@atproto/jwk-webcrypto 0.1.10 → 0.3.0-next.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/LICENSE.txt +1 -1
- package/dist/index.js +1 -17
- package/dist/index.js.map +1 -1
- package/dist/util.js +3 -8
- package/dist/util.js.map +1 -1
- package/dist/webcrypto-key.d.ts +4 -531
- package/dist/webcrypto-key.d.ts.map +1 -1
- package/dist/webcrypto-key.js +12 -36
- package/dist/webcrypto-key.js.map +1 -1
- package/package.json +8 -7
- package/src/webcrypto-key.ts +12 -37
- package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,37 @@
|
|
|
1
1
|
# @atproto/jwk-webcrypto
|
|
2
2
|
|
|
3
|
+
## 0.3.0-next.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
|
|
8
|
+
|
|
9
|
+
- [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
|
|
10
|
+
|
|
11
|
+
Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
|
|
12
|
+
|
|
13
|
+
- [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0. Emitted `.d.ts` files now use TypeScript 6's stricter `Uint8Array<ArrayBuffer>` typing in places where Web/Node APIs require buffer-backed (not shared-memory) byte arrays. Consumers compiling against these types on older TypeScript should see no runtime impact, but may need to widen or cast in spots that previously relied on `Uint8Array` defaulting to `<ArrayBufferLike>`.
|
|
14
|
+
|
|
15
|
+
Internal: tsconfig `moduleResolution: "node"` is silenced via `ignoreDeprecations: "6.0"` for now; the proper migration to `node16`/`bundler` resolution is deferred.
|
|
16
|
+
|
|
17
|
+
### Patch Changes
|
|
18
|
+
|
|
19
|
+
- Updated dependencies [[`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b), [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028), [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9)]:
|
|
20
|
+
- @atproto/jwk@0.7.0-next.0
|
|
21
|
+
- @atproto/jwk-jose@0.2.0-next.0
|
|
22
|
+
|
|
23
|
+
## 0.2.0
|
|
24
|
+
|
|
25
|
+
### Minor Changes
|
|
26
|
+
|
|
27
|
+
- [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
|
|
28
|
+
|
|
29
|
+
### Patch Changes
|
|
30
|
+
|
|
31
|
+
- Updated dependencies [[`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815)]:
|
|
32
|
+
- @atproto/jwk@0.6.0
|
|
33
|
+
- @atproto/jwk-jose@0.1.11
|
|
34
|
+
|
|
3
35
|
## 0.1.10
|
|
4
36
|
|
|
5
37
|
### Patch Changes
|
package/LICENSE.txt
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Dual MIT/Apache-2.0 License
|
|
2
2
|
|
|
3
|
-
Copyright (c) 2022-
|
|
3
|
+
Copyright (c) 2022-2026 Bluesky Social PBC, and Contributors
|
|
4
4
|
|
|
5
5
|
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
6
|
|
package/dist/index.js
CHANGED
|
@@ -1,18 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
-
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
-
};
|
|
16
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./webcrypto-key.js"), exports);
|
|
1
|
+
export * from './webcrypto-key.js';
|
|
18
2
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAA","sourcesContent":["export * from './webcrypto-key.js'\n"]}
|
package/dist/util.js
CHANGED
|
@@ -1,9 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.toSubtleAlgorithm = toSubtleAlgorithm;
|
|
4
|
-
exports.fromSubtleAlgorithm = fromSubtleAlgorithm;
|
|
5
|
-
exports.isCryptoKeyPair = isCryptoKeyPair;
|
|
6
|
-
function toSubtleAlgorithm(alg, crv, options) {
|
|
1
|
+
export function toSubtleAlgorithm(alg, crv, options) {
|
|
7
2
|
switch (alg) {
|
|
8
3
|
case 'PS256':
|
|
9
4
|
case 'PS384':
|
|
@@ -39,7 +34,7 @@ function toSubtleAlgorithm(alg, crv, options) {
|
|
|
39
34
|
throw new TypeError(`Unsupported alg "${alg}"`);
|
|
40
35
|
}
|
|
41
36
|
}
|
|
42
|
-
function fromSubtleAlgorithm(algorithm) {
|
|
37
|
+
export function fromSubtleAlgorithm(algorithm) {
|
|
43
38
|
switch (algorithm.name) {
|
|
44
39
|
case 'RSA-PSS':
|
|
45
40
|
case 'RSASSA-PKCS1-v1_5': {
|
|
@@ -76,7 +71,7 @@ function fromSubtleAlgorithm(algorithm) {
|
|
|
76
71
|
throw new TypeError(`Unexpected algorithm "${algorithm.name}"`);
|
|
77
72
|
}
|
|
78
73
|
}
|
|
79
|
-
function isCryptoKeyPair(v, extractable) {
|
|
74
|
+
export function isCryptoKeyPair(v, extractable) {
|
|
80
75
|
return (typeof v === 'object' &&
|
|
81
76
|
v !== null &&
|
|
82
77
|
'privateKey' in v &&
|
package/dist/util.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAsBA,MAAM,UAAU,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC","sourcesContent":["export type JWSAlgorithm =\n // HMAC\n | 'HS256'\n | 'HS384'\n | 'HS512'\n // RSA\n | 'PS256'\n | 'PS384'\n | 'PS512'\n | 'RS256'\n | 'RS384'\n | 'RS512'\n // EC\n | 'ES256'\n | 'ES256K'\n | 'ES384'\n | 'ES512'\n // OKP\n | 'EdDSA'\n\nexport type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams\n\nexport function toSubtleAlgorithm(\n alg: string,\n crv?: string,\n options?: { modulusLength?: number },\n): SubtleAlgorithm {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'ES256':\n case 'ES384':\n return {\n name: 'ECDSA',\n namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,\n }\n case 'ES512':\n return {\n name: 'ECDSA',\n namedCurve: 'P-521',\n }\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unsupported alg \"${alg}\"`)\n }\n}\n\nexport function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {\n switch (algorithm.name) {\n case 'RSA-PSS':\n case 'RSASSA-PKCS1-v1_5': {\n const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name\n switch (hash) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'\n return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`\n }\n default:\n throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')\n }\n }\n case 'ECDSA': {\n const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve\n switch (namedCurve) {\n case 'P-256':\n case 'P-384':\n case 'P-512':\n return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`\n case 'P-521':\n return 'ES512'\n default:\n throw new TypeError('unsupported EcKeyAlgorithm namedCurve')\n }\n }\n case 'Ed448':\n case 'Ed25519':\n return 'EdDSA'\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unexpected algorithm \"${algorithm.name}\"`)\n }\n}\n\nexport function isCryptoKeyPair(\n v: unknown,\n extractable?: boolean,\n): v is CryptoKeyPair {\n return (\n typeof v === 'object' &&\n v !== null &&\n 'privateKey' in v &&\n v.privateKey instanceof CryptoKey &&\n v.privateKey.type === 'private' &&\n (extractable == null || v.privateKey.extractable === extractable) &&\n v.privateKey.usages.includes('sign') &&\n 'publicKey' in v &&\n v.publicKey instanceof CryptoKey &&\n v.publicKey.type === 'public' &&\n v.publicKey.extractable === true &&\n v.publicKey.usages.includes('verify')\n )\n}\n"]}
|
package/dist/webcrypto-key.d.ts
CHANGED
|
@@ -1,538 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Jwk } from '@atproto/jwk';
|
|
2
2
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
|
|
3
|
-
export declare
|
|
4
|
-
kty: z.ZodString;
|
|
5
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
6
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
7
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
8
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
9
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
10
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
11
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
12
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
13
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
14
|
-
}, {
|
|
15
|
-
kty: z.ZodEffects<z.ZodString, string, string>;
|
|
16
|
-
}>, "strip", z.ZodTypeAny, {
|
|
17
|
-
kty: string;
|
|
18
|
-
alg?: string | undefined;
|
|
19
|
-
kid?: string | undefined;
|
|
20
|
-
ext?: boolean | undefined;
|
|
21
|
-
use?: "sig" | "enc" | undefined;
|
|
22
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
23
|
-
x5c?: string[] | undefined;
|
|
24
|
-
x5t?: string | undefined;
|
|
25
|
-
'x5t#S256'?: string | undefined;
|
|
26
|
-
x5u?: string | undefined;
|
|
27
|
-
}, {
|
|
28
|
-
kty: string;
|
|
29
|
-
alg?: string | undefined;
|
|
30
|
-
kid?: string | undefined;
|
|
31
|
-
ext?: boolean | undefined;
|
|
32
|
-
use?: "sig" | "enc" | undefined;
|
|
33
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
34
|
-
x5c?: string[] | undefined;
|
|
35
|
-
x5t?: string | undefined;
|
|
36
|
-
'x5t#S256'?: string | undefined;
|
|
37
|
-
x5u?: string | undefined;
|
|
38
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
39
|
-
kty: z.ZodString;
|
|
40
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
41
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
42
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
43
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
44
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
45
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
46
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
47
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
48
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
49
|
-
}, {
|
|
50
|
-
kty: z.ZodLiteral<"RSA">;
|
|
51
|
-
alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
|
|
52
|
-
n: z.ZodString;
|
|
53
|
-
e: z.ZodString;
|
|
54
|
-
d: z.ZodOptional<z.ZodString>;
|
|
55
|
-
p: z.ZodOptional<z.ZodString>;
|
|
56
|
-
q: z.ZodOptional<z.ZodString>;
|
|
57
|
-
dp: z.ZodOptional<z.ZodString>;
|
|
58
|
-
dq: z.ZodOptional<z.ZodString>;
|
|
59
|
-
qi: z.ZodOptional<z.ZodString>;
|
|
60
|
-
oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
61
|
-
r: z.ZodOptional<z.ZodString>;
|
|
62
|
-
d: z.ZodOptional<z.ZodString>;
|
|
63
|
-
t: z.ZodOptional<z.ZodString>;
|
|
64
|
-
}, "strip", z.ZodTypeAny, {
|
|
65
|
-
d?: string | undefined;
|
|
66
|
-
r?: string | undefined;
|
|
67
|
-
t?: string | undefined;
|
|
68
|
-
}, {
|
|
69
|
-
d?: string | undefined;
|
|
70
|
-
r?: string | undefined;
|
|
71
|
-
t?: string | undefined;
|
|
72
|
-
}>, "atleastone">>;
|
|
73
|
-
}>, "strip", z.ZodTypeAny, {
|
|
74
|
-
kty: "RSA";
|
|
75
|
-
n: string;
|
|
76
|
-
e: string;
|
|
77
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
78
|
-
kid?: string | undefined;
|
|
79
|
-
ext?: boolean | undefined;
|
|
80
|
-
use?: "sig" | "enc" | undefined;
|
|
81
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
82
|
-
x5c?: string[] | undefined;
|
|
83
|
-
x5t?: string | undefined;
|
|
84
|
-
'x5t#S256'?: string | undefined;
|
|
85
|
-
x5u?: string | undefined;
|
|
86
|
-
d?: string | undefined;
|
|
87
|
-
p?: string | undefined;
|
|
88
|
-
q?: string | undefined;
|
|
89
|
-
dp?: string | undefined;
|
|
90
|
-
dq?: string | undefined;
|
|
91
|
-
qi?: string | undefined;
|
|
92
|
-
oth?: [{
|
|
93
|
-
d?: string | undefined;
|
|
94
|
-
r?: string | undefined;
|
|
95
|
-
t?: string | undefined;
|
|
96
|
-
}, ...{
|
|
97
|
-
d?: string | undefined;
|
|
98
|
-
r?: string | undefined;
|
|
99
|
-
t?: string | undefined;
|
|
100
|
-
}[]] | undefined;
|
|
101
|
-
}, {
|
|
102
|
-
kty: "RSA";
|
|
103
|
-
n: string;
|
|
104
|
-
e: string;
|
|
105
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
106
|
-
kid?: string | undefined;
|
|
107
|
-
ext?: boolean | undefined;
|
|
108
|
-
use?: "sig" | "enc" | undefined;
|
|
109
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
110
|
-
x5c?: string[] | undefined;
|
|
111
|
-
x5t?: string | undefined;
|
|
112
|
-
'x5t#S256'?: string | undefined;
|
|
113
|
-
x5u?: string | undefined;
|
|
114
|
-
d?: string | undefined;
|
|
115
|
-
p?: string | undefined;
|
|
116
|
-
q?: string | undefined;
|
|
117
|
-
dp?: string | undefined;
|
|
118
|
-
dq?: string | undefined;
|
|
119
|
-
qi?: string | undefined;
|
|
120
|
-
oth?: [{
|
|
121
|
-
d?: string | undefined;
|
|
122
|
-
r?: string | undefined;
|
|
123
|
-
t?: string | undefined;
|
|
124
|
-
}, ...{
|
|
125
|
-
d?: string | undefined;
|
|
126
|
-
r?: string | undefined;
|
|
127
|
-
t?: string | undefined;
|
|
128
|
-
}[]] | undefined;
|
|
129
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
130
|
-
kty: z.ZodString;
|
|
131
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
132
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
133
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
134
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
135
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
136
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
137
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
138
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
139
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
140
|
-
}, {
|
|
141
|
-
kty: z.ZodLiteral<"EC">;
|
|
142
|
-
alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
|
|
143
|
-
crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
|
|
144
|
-
x: z.ZodString;
|
|
145
|
-
y: z.ZodString;
|
|
146
|
-
d: z.ZodOptional<z.ZodString>;
|
|
147
|
-
}>, "strip", z.ZodTypeAny, {
|
|
148
|
-
kty: "EC";
|
|
149
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
150
|
-
x: string;
|
|
151
|
-
y: string;
|
|
152
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
153
|
-
kid?: string | undefined;
|
|
154
|
-
ext?: boolean | undefined;
|
|
155
|
-
use?: "sig" | "enc" | undefined;
|
|
156
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
157
|
-
x5c?: string[] | undefined;
|
|
158
|
-
x5t?: string | undefined;
|
|
159
|
-
'x5t#S256'?: string | undefined;
|
|
160
|
-
x5u?: string | undefined;
|
|
161
|
-
d?: string | undefined;
|
|
162
|
-
}, {
|
|
163
|
-
kty: "EC";
|
|
164
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
165
|
-
x: string;
|
|
166
|
-
y: string;
|
|
167
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
168
|
-
kid?: string | undefined;
|
|
169
|
-
ext?: boolean | undefined;
|
|
170
|
-
use?: "sig" | "enc" | undefined;
|
|
171
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
172
|
-
x5c?: string[] | undefined;
|
|
173
|
-
x5t?: string | undefined;
|
|
174
|
-
'x5t#S256'?: string | undefined;
|
|
175
|
-
x5u?: string | undefined;
|
|
176
|
-
d?: string | undefined;
|
|
177
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
178
|
-
kty: z.ZodString;
|
|
179
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
180
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
181
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
182
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
183
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
184
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
185
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
186
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
187
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
188
|
-
}, {
|
|
189
|
-
kty: z.ZodLiteral<"EC">;
|
|
190
|
-
alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
|
|
191
|
-
crv: z.ZodEnum<["secp256k1"]>;
|
|
192
|
-
x: z.ZodString;
|
|
193
|
-
y: z.ZodString;
|
|
194
|
-
d: z.ZodOptional<z.ZodString>;
|
|
195
|
-
}>, "strip", z.ZodTypeAny, {
|
|
196
|
-
kty: "EC";
|
|
197
|
-
crv: "secp256k1";
|
|
198
|
-
x: string;
|
|
199
|
-
y: string;
|
|
200
|
-
alg?: "ES256K" | undefined;
|
|
201
|
-
kid?: string | undefined;
|
|
202
|
-
ext?: boolean | undefined;
|
|
203
|
-
use?: "sig" | "enc" | undefined;
|
|
204
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
205
|
-
x5c?: string[] | undefined;
|
|
206
|
-
x5t?: string | undefined;
|
|
207
|
-
'x5t#S256'?: string | undefined;
|
|
208
|
-
x5u?: string | undefined;
|
|
209
|
-
d?: string | undefined;
|
|
210
|
-
}, {
|
|
211
|
-
kty: "EC";
|
|
212
|
-
crv: "secp256k1";
|
|
213
|
-
x: string;
|
|
214
|
-
y: string;
|
|
215
|
-
alg?: "ES256K" | undefined;
|
|
216
|
-
kid?: string | undefined;
|
|
217
|
-
ext?: boolean | undefined;
|
|
218
|
-
use?: "sig" | "enc" | undefined;
|
|
219
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
220
|
-
x5c?: string[] | undefined;
|
|
221
|
-
x5t?: string | undefined;
|
|
222
|
-
'x5t#S256'?: string | undefined;
|
|
223
|
-
x5u?: string | undefined;
|
|
224
|
-
d?: string | undefined;
|
|
225
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
226
|
-
kty: z.ZodString;
|
|
227
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
228
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
229
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
230
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
231
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
232
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
233
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
234
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
235
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
236
|
-
}, {
|
|
237
|
-
kty: z.ZodLiteral<"OKP">;
|
|
238
|
-
alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
|
|
239
|
-
crv: z.ZodEnum<["Ed25519", "Ed448"]>;
|
|
240
|
-
x: z.ZodString;
|
|
241
|
-
d: z.ZodOptional<z.ZodString>;
|
|
242
|
-
}>, "strip", z.ZodTypeAny, {
|
|
243
|
-
kty: "OKP";
|
|
244
|
-
crv: "Ed25519" | "Ed448";
|
|
245
|
-
x: string;
|
|
246
|
-
alg?: "EdDSA" | undefined;
|
|
247
|
-
kid?: string | undefined;
|
|
248
|
-
ext?: boolean | undefined;
|
|
249
|
-
use?: "sig" | "enc" | undefined;
|
|
250
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
251
|
-
x5c?: string[] | undefined;
|
|
252
|
-
x5t?: string | undefined;
|
|
253
|
-
'x5t#S256'?: string | undefined;
|
|
254
|
-
x5u?: string | undefined;
|
|
255
|
-
d?: string | undefined;
|
|
256
|
-
}, {
|
|
257
|
-
kty: "OKP";
|
|
258
|
-
crv: "Ed25519" | "Ed448";
|
|
259
|
-
x: string;
|
|
260
|
-
alg?: "EdDSA" | undefined;
|
|
261
|
-
kid?: string | undefined;
|
|
262
|
-
ext?: boolean | undefined;
|
|
263
|
-
use?: "sig" | "enc" | undefined;
|
|
264
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
265
|
-
x5c?: string[] | undefined;
|
|
266
|
-
x5t?: string | undefined;
|
|
267
|
-
'x5t#S256'?: string | undefined;
|
|
268
|
-
x5u?: string | undefined;
|
|
269
|
-
d?: string | undefined;
|
|
270
|
-
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
271
|
-
kty: z.ZodString;
|
|
272
|
-
alg: z.ZodOptional<z.ZodString>;
|
|
273
|
-
kid: z.ZodOptional<z.ZodString>;
|
|
274
|
-
ext: z.ZodOptional<z.ZodBoolean>;
|
|
275
|
-
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
276
|
-
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
277
|
-
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
278
|
-
x5t: z.ZodOptional<z.ZodString>;
|
|
279
|
-
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
280
|
-
x5u: z.ZodOptional<z.ZodString>;
|
|
281
|
-
}, {
|
|
282
|
-
kty: z.ZodLiteral<"oct">;
|
|
283
|
-
alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
|
|
284
|
-
k: z.ZodString;
|
|
285
|
-
}>, "strip", z.ZodTypeAny, {
|
|
286
|
-
kty: "oct";
|
|
287
|
-
k: string;
|
|
288
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
289
|
-
kid?: string | undefined;
|
|
290
|
-
ext?: boolean | undefined;
|
|
291
|
-
use?: "sig" | "enc" | undefined;
|
|
292
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
293
|
-
x5c?: string[] | undefined;
|
|
294
|
-
x5t?: string | undefined;
|
|
295
|
-
'x5t#S256'?: string | undefined;
|
|
296
|
-
x5u?: string | undefined;
|
|
297
|
-
}, {
|
|
298
|
-
kty: "oct";
|
|
299
|
-
k: string;
|
|
300
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
301
|
-
kid?: string | undefined;
|
|
302
|
-
ext?: boolean | undefined;
|
|
303
|
-
use?: "sig" | "enc" | undefined;
|
|
304
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
305
|
-
x5c?: string[] | undefined;
|
|
306
|
-
x5t?: string | undefined;
|
|
307
|
-
'x5t#S256'?: string | undefined;
|
|
308
|
-
x5u?: string | undefined;
|
|
309
|
-
}>]>, {
|
|
310
|
-
kty: "RSA";
|
|
311
|
-
n: string;
|
|
312
|
-
e: string;
|
|
313
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
314
|
-
kid?: string | undefined;
|
|
315
|
-
ext?: boolean | undefined;
|
|
316
|
-
use?: "sig" | "enc" | undefined;
|
|
317
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
318
|
-
x5c?: string[] | undefined;
|
|
319
|
-
x5t?: string | undefined;
|
|
320
|
-
'x5t#S256'?: string | undefined;
|
|
321
|
-
x5u?: string | undefined;
|
|
322
|
-
d?: string | undefined;
|
|
323
|
-
p?: string | undefined;
|
|
324
|
-
q?: string | undefined;
|
|
325
|
-
dp?: string | undefined;
|
|
326
|
-
dq?: string | undefined;
|
|
327
|
-
qi?: string | undefined;
|
|
328
|
-
oth?: [{
|
|
329
|
-
d?: string | undefined;
|
|
330
|
-
r?: string | undefined;
|
|
331
|
-
t?: string | undefined;
|
|
332
|
-
}, ...{
|
|
333
|
-
d?: string | undefined;
|
|
334
|
-
r?: string | undefined;
|
|
335
|
-
t?: string | undefined;
|
|
336
|
-
}[]] | undefined;
|
|
337
|
-
} | {
|
|
338
|
-
kty: "EC";
|
|
339
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
340
|
-
x: string;
|
|
341
|
-
y: string;
|
|
342
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
343
|
-
kid?: string | undefined;
|
|
344
|
-
ext?: boolean | undefined;
|
|
345
|
-
use?: "sig" | "enc" | undefined;
|
|
346
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
347
|
-
x5c?: string[] | undefined;
|
|
348
|
-
x5t?: string | undefined;
|
|
349
|
-
'x5t#S256'?: string | undefined;
|
|
350
|
-
x5u?: string | undefined;
|
|
351
|
-
d?: string | undefined;
|
|
352
|
-
} | {
|
|
353
|
-
kty: "EC";
|
|
354
|
-
crv: "secp256k1";
|
|
355
|
-
x: string;
|
|
356
|
-
y: string;
|
|
357
|
-
alg?: "ES256K" | undefined;
|
|
358
|
-
kid?: string | undefined;
|
|
359
|
-
ext?: boolean | undefined;
|
|
360
|
-
use?: "sig" | "enc" | undefined;
|
|
361
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
362
|
-
x5c?: string[] | undefined;
|
|
363
|
-
x5t?: string | undefined;
|
|
364
|
-
'x5t#S256'?: string | undefined;
|
|
365
|
-
x5u?: string | undefined;
|
|
366
|
-
d?: string | undefined;
|
|
367
|
-
} | {
|
|
368
|
-
kty: "OKP";
|
|
369
|
-
crv: "Ed25519" | "Ed448";
|
|
370
|
-
x: string;
|
|
371
|
-
alg?: "EdDSA" | undefined;
|
|
372
|
-
kid?: string | undefined;
|
|
373
|
-
ext?: boolean | undefined;
|
|
374
|
-
use?: "sig" | "enc" | undefined;
|
|
375
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
376
|
-
x5c?: string[] | undefined;
|
|
377
|
-
x5t?: string | undefined;
|
|
378
|
-
'x5t#S256'?: string | undefined;
|
|
379
|
-
x5u?: string | undefined;
|
|
380
|
-
d?: string | undefined;
|
|
381
|
-
} | {
|
|
382
|
-
kty: "oct";
|
|
383
|
-
k: string;
|
|
384
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
385
|
-
kid?: string | undefined;
|
|
386
|
-
ext?: boolean | undefined;
|
|
387
|
-
use?: "sig" | "enc" | undefined;
|
|
388
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
389
|
-
x5c?: string[] | undefined;
|
|
390
|
-
x5t?: string | undefined;
|
|
391
|
-
'x5t#S256'?: string | undefined;
|
|
392
|
-
x5u?: string | undefined;
|
|
393
|
-
} | {
|
|
394
|
-
kty: string;
|
|
395
|
-
alg?: string | undefined;
|
|
396
|
-
kid?: string | undefined;
|
|
397
|
-
ext?: boolean | undefined;
|
|
398
|
-
use?: "sig" | "enc" | undefined;
|
|
399
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
400
|
-
x5c?: string[] | undefined;
|
|
401
|
-
x5t?: string | undefined;
|
|
402
|
-
'x5t#S256'?: string | undefined;
|
|
403
|
-
x5u?: string | undefined;
|
|
404
|
-
}, {
|
|
405
|
-
kty: "RSA";
|
|
406
|
-
n: string;
|
|
407
|
-
e: string;
|
|
408
|
-
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
409
|
-
kid?: string | undefined;
|
|
410
|
-
ext?: boolean | undefined;
|
|
411
|
-
use?: "sig" | "enc" | undefined;
|
|
412
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
413
|
-
x5c?: string[] | undefined;
|
|
414
|
-
x5t?: string | undefined;
|
|
415
|
-
'x5t#S256'?: string | undefined;
|
|
416
|
-
x5u?: string | undefined;
|
|
417
|
-
d?: string | undefined;
|
|
418
|
-
p?: string | undefined;
|
|
419
|
-
q?: string | undefined;
|
|
420
|
-
dp?: string | undefined;
|
|
421
|
-
dq?: string | undefined;
|
|
422
|
-
qi?: string | undefined;
|
|
423
|
-
oth?: [{
|
|
424
|
-
d?: string | undefined;
|
|
425
|
-
r?: string | undefined;
|
|
426
|
-
t?: string | undefined;
|
|
427
|
-
}, ...{
|
|
428
|
-
d?: string | undefined;
|
|
429
|
-
r?: string | undefined;
|
|
430
|
-
t?: string | undefined;
|
|
431
|
-
}[]] | undefined;
|
|
432
|
-
} | {
|
|
433
|
-
kty: "EC";
|
|
434
|
-
crv: "P-256" | "P-384" | "P-521";
|
|
435
|
-
x: string;
|
|
436
|
-
y: string;
|
|
437
|
-
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
438
|
-
kid?: string | undefined;
|
|
439
|
-
ext?: boolean | undefined;
|
|
440
|
-
use?: "sig" | "enc" | undefined;
|
|
441
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
442
|
-
x5c?: string[] | undefined;
|
|
443
|
-
x5t?: string | undefined;
|
|
444
|
-
'x5t#S256'?: string | undefined;
|
|
445
|
-
x5u?: string | undefined;
|
|
446
|
-
d?: string | undefined;
|
|
447
|
-
} | {
|
|
448
|
-
kty: "EC";
|
|
449
|
-
crv: "secp256k1";
|
|
450
|
-
x: string;
|
|
451
|
-
y: string;
|
|
452
|
-
alg?: "ES256K" | undefined;
|
|
453
|
-
kid?: string | undefined;
|
|
454
|
-
ext?: boolean | undefined;
|
|
455
|
-
use?: "sig" | "enc" | undefined;
|
|
456
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
457
|
-
x5c?: string[] | undefined;
|
|
458
|
-
x5t?: string | undefined;
|
|
459
|
-
'x5t#S256'?: string | undefined;
|
|
460
|
-
x5u?: string | undefined;
|
|
461
|
-
d?: string | undefined;
|
|
462
|
-
} | {
|
|
463
|
-
kty: "OKP";
|
|
464
|
-
crv: "Ed25519" | "Ed448";
|
|
465
|
-
x: string;
|
|
466
|
-
alg?: "EdDSA" | undefined;
|
|
467
|
-
kid?: string | undefined;
|
|
468
|
-
ext?: boolean | undefined;
|
|
469
|
-
use?: "sig" | "enc" | undefined;
|
|
470
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
471
|
-
x5c?: string[] | undefined;
|
|
472
|
-
x5t?: string | undefined;
|
|
473
|
-
'x5t#S256'?: string | undefined;
|
|
474
|
-
x5u?: string | undefined;
|
|
475
|
-
d?: string | undefined;
|
|
476
|
-
} | {
|
|
477
|
-
kty: "oct";
|
|
478
|
-
k: string;
|
|
479
|
-
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
480
|
-
kid?: string | undefined;
|
|
481
|
-
ext?: boolean | undefined;
|
|
482
|
-
use?: "sig" | "enc" | undefined;
|
|
483
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
484
|
-
x5c?: string[] | undefined;
|
|
485
|
-
x5t?: string | undefined;
|
|
486
|
-
'x5t#S256'?: string | undefined;
|
|
487
|
-
x5u?: string | undefined;
|
|
488
|
-
} | {
|
|
489
|
-
kty: string;
|
|
490
|
-
alg?: string | undefined;
|
|
491
|
-
kid?: string | undefined;
|
|
492
|
-
ext?: boolean | undefined;
|
|
493
|
-
use?: "sig" | "enc" | undefined;
|
|
494
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
495
|
-
x5c?: string[] | undefined;
|
|
496
|
-
x5t?: string | undefined;
|
|
497
|
-
'x5t#S256'?: string | undefined;
|
|
498
|
-
x5u?: string | undefined;
|
|
499
|
-
}>, z.ZodObject<{
|
|
500
|
-
alg: z.ZodString;
|
|
501
|
-
}, "strip", z.ZodTypeAny, {
|
|
502
|
-
alg: string;
|
|
503
|
-
}, {
|
|
504
|
-
alg: string;
|
|
505
|
-
}>>;
|
|
506
|
-
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
|
|
507
|
-
export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
|
|
3
|
+
export declare class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
|
|
508
4
|
readonly cryptoKeyPair: CryptoKeyPair;
|
|
509
|
-
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey
|
|
510
|
-
|
|
511
|
-
alg: string;
|
|
512
|
-
kid?: string | undefined | undefined;
|
|
513
|
-
ext?: boolean | undefined | undefined;
|
|
514
|
-
use?: "sig" | "enc" | undefined | undefined;
|
|
515
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
|
|
516
|
-
x5c?: string[] | undefined | undefined;
|
|
517
|
-
x5t?: string | undefined | undefined;
|
|
518
|
-
'x5t#S256'?: string | undefined | undefined;
|
|
519
|
-
x5u?: string | undefined | undefined;
|
|
520
|
-
}>>;
|
|
521
|
-
static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
|
|
522
|
-
kty: string;
|
|
523
|
-
alg: string;
|
|
524
|
-
kid?: string | undefined | undefined;
|
|
525
|
-
ext?: boolean | undefined | undefined;
|
|
526
|
-
use?: "sig" | "enc" | undefined | undefined;
|
|
527
|
-
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
|
|
528
|
-
x5c?: string[] | undefined | undefined;
|
|
529
|
-
x5t?: string | undefined | undefined;
|
|
530
|
-
'x5t#S256'?: string | undefined | undefined;
|
|
531
|
-
x5u?: string | undefined | undefined;
|
|
532
|
-
}>>;
|
|
5
|
+
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey>;
|
|
6
|
+
static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey>;
|
|
533
7
|
constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
|
|
534
8
|
get isPrivate(): boolean;
|
|
535
|
-
get privateJwk(): Readonly<J> | undefined;
|
|
536
9
|
protected getKeyObj(alg: string): Promise<CryptoKey>;
|
|
537
10
|
}
|
|
538
11
|
//# sourceMappingURL=webcrypto-key.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAuB,MAAM,cAAc,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAGnE,qBAAa,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,OAAO,CAAC,CAAC,CAAC;IAwC7D,QAAQ,CAAC,aAAa,EAAE,aAAa;WArCjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,YAAY,CAAC;WAWX,WAAW,CACtB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,YAAY,CAAC;gBAkBtB,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAQvC,IAAI,SAAS,YAEZ;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
|
package/dist/webcrypto-key.js
CHANGED
|
@@ -1,62 +1,38 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
const jwk_1 = require("@atproto/jwk");
|
|
6
|
-
const jwk_jose_1 = require("@atproto/jwk-jose");
|
|
7
|
-
const util_js_1 = require("./util.js");
|
|
8
|
-
// Webcrypto keys are bound to a single algorithm
|
|
9
|
-
exports.jwkWithAlgSchema = zod_1.z.intersection(jwk_1.jwkSchema, zod_1.z.object({ alg: zod_1.z.string() }));
|
|
10
|
-
class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
1
|
+
import { JwkError, jwkSchema } from '@atproto/jwk';
|
|
2
|
+
import { JoseKey } from '@atproto/jwk-jose';
|
|
3
|
+
import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js';
|
|
4
|
+
export class WebcryptoKey extends JoseKey {
|
|
11
5
|
// We need to override the static method generate from JoseKey because
|
|
12
6
|
// the browser needs both the private and public keys
|
|
13
7
|
static async generate(allowedAlgos = ['ES256'], kid = crypto.randomUUID(), options) {
|
|
14
8
|
const keyPair = await this.generateKeyPair(allowedAlgos, options);
|
|
15
9
|
// Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
|
|
16
|
-
if (!
|
|
10
|
+
if (!isCryptoKeyPair(keyPair)) {
|
|
17
11
|
throw new TypeError('Invalid CryptoKeyPair');
|
|
18
12
|
}
|
|
19
13
|
return this.fromKeypair(keyPair, kid);
|
|
20
14
|
}
|
|
21
15
|
static async fromKeypair(cryptoKeyPair, kid) {
|
|
22
|
-
|
|
23
|
-
// > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
|
|
24
|
-
// > Applications should specify which of these members they use.
|
|
25
|
-
const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
|
|
16
|
+
const { alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
|
|
26
17
|
? cryptoKeyPair.privateKey
|
|
27
18
|
: cryptoKeyPair.publicKey);
|
|
28
|
-
|
|
29
|
-
throw new TypeError(`Unsupported JWK use "${use}"`);
|
|
30
|
-
}
|
|
31
|
-
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
32
|
-
// Make sure that "key_ops", if present, is compatible with "use"
|
|
33
|
-
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
|
|
34
|
-
}
|
|
35
|
-
return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
|
|
19
|
+
return new WebcryptoKey(jwkSchema.parse({ ...jwk, kid, alg }), cryptoKeyPair);
|
|
36
20
|
}
|
|
37
21
|
constructor(jwk, cryptoKeyPair) {
|
|
22
|
+
// Webcrypto keys are bound to a single algorithm
|
|
23
|
+
if (!jwk.alg)
|
|
24
|
+
throw new JwkError('JWK "alg" is required for Webcrypto keys');
|
|
38
25
|
super(jwk);
|
|
39
|
-
|
|
40
|
-
enumerable: true,
|
|
41
|
-
configurable: true,
|
|
42
|
-
writable: true,
|
|
43
|
-
value: cryptoKeyPair
|
|
44
|
-
});
|
|
26
|
+
this.cryptoKeyPair = cryptoKeyPair;
|
|
45
27
|
}
|
|
46
28
|
get isPrivate() {
|
|
47
29
|
return true;
|
|
48
30
|
}
|
|
49
|
-
get privateJwk() {
|
|
50
|
-
if (super.isPrivate)
|
|
51
|
-
return this.jwk;
|
|
52
|
-
throw new Error('Private Webcrypto Key not exportable');
|
|
53
|
-
}
|
|
54
31
|
async getKeyObj(alg) {
|
|
55
32
|
if (this.jwk.alg !== alg) {
|
|
56
|
-
throw new
|
|
33
|
+
throw new JwkError(`Key cannot be used with algorithm "${alg}"`);
|
|
57
34
|
}
|
|
58
35
|
return this.cryptoKeyPair.privateKey;
|
|
59
36
|
}
|
|
60
37
|
}
|
|
61
|
-
exports.WebcryptoKey = WebcryptoKey;
|
|
62
38
|
//# sourceMappingURL=webcrypto-key.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACvD,OAAO,EAA0B,OAAO,EAAE,MAAM,mBAAmB,CAAA;AACnE,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAEhE,MAAM,OAAO,YAAkC,SAAQ,OAAU;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,aAA4B,EAC5B,GAAY;QAEZ,MAAM,EACJ,GAAG,GAAG,mBAAmB,CAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,OAAO,IAAI,YAAY,CACrB,SAAS,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EACrC,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,QAAQ,CAAC,0CAA0C,CAAC,CAAA;QAE5E,KAAK,CAAC,GAAG,CAAC,CAAA;QALD,kBAAa,GAAb,aAAa,CAAe;IAMvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,QAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF","sourcesContent":["import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'\nimport { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'\nimport { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'\n\nexport class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {\n // We need to override the static method generate from JoseKey because\n // the browser needs both the private and public keys\n static override async generate(\n allowedAlgos: string[] = ['ES256'],\n kid: string = crypto.randomUUID(),\n options?: GenerateKeyPairOptions,\n ): Promise<WebcryptoKey> {\n const keyPair = await this.generateKeyPair(allowedAlgos, options)\n\n // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair\n if (!isCryptoKeyPair(keyPair)) {\n throw new TypeError('Invalid CryptoKeyPair')\n }\n\n return this.fromKeypair(keyPair, kid)\n }\n\n static async fromKeypair(\n cryptoKeyPair: CryptoKeyPair,\n kid?: string,\n ): Promise<WebcryptoKey> {\n const {\n alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),\n ...jwk\n } = await crypto.subtle.exportKey(\n 'jwk',\n cryptoKeyPair.privateKey.extractable\n ? cryptoKeyPair.privateKey\n : cryptoKeyPair.publicKey,\n )\n\n return new WebcryptoKey<Jwk>(\n jwkSchema.parse({ ...jwk, kid, alg }),\n cryptoKeyPair,\n )\n }\n\n constructor(\n jwk: Readonly<J>,\n readonly cryptoKeyPair: CryptoKeyPair,\n ) {\n // Webcrypto keys are bound to a single algorithm\n if (!jwk.alg) throw new JwkError('JWK \"alg\" is required for Webcrypto keys')\n\n super(jwk)\n }\n\n get isPrivate() {\n return true\n }\n\n protected override async getKeyObj(alg: string) {\n if (this.jwk.alg !== alg) {\n throw new JwkError(`Key cannot be used with algorithm \"${alg}\"`)\n }\n return this.cryptoKeyPair.privateKey\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/jwk-webcrypto",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0-next.0",
|
|
4
|
+
"engines": {
|
|
5
|
+
"node": ">=22"
|
|
6
|
+
},
|
|
4
7
|
"license": "MIT",
|
|
5
8
|
"description": "Webcrypto based implementation of @atproto/jwk Key's",
|
|
6
9
|
"keywords": [
|
|
@@ -14,9 +17,7 @@
|
|
|
14
17
|
"url": "https://github.com/bluesky-social/atproto",
|
|
15
18
|
"directory": "packages/oauth/jwk-webcrypto"
|
|
16
19
|
},
|
|
17
|
-
"type": "
|
|
18
|
-
"main": "dist/index.js",
|
|
19
|
-
"types": "dist/index.d.ts",
|
|
20
|
+
"type": "module",
|
|
20
21
|
"exports": {
|
|
21
22
|
".": {
|
|
22
23
|
"types": "./dist/index.d.ts",
|
|
@@ -25,11 +26,11 @@
|
|
|
25
26
|
},
|
|
26
27
|
"dependencies": {
|
|
27
28
|
"zod": "^3.23.8",
|
|
28
|
-
"@atproto/jwk": "0.
|
|
29
|
-
"@atproto/jwk-jose": "0.
|
|
29
|
+
"@atproto/jwk": "^0.7.0-next.0",
|
|
30
|
+
"@atproto/jwk-jose": "^0.2.0-next.0"
|
|
30
31
|
},
|
|
31
32
|
"devDependencies": {
|
|
32
|
-
"typescript": "^
|
|
33
|
+
"typescript": "^6.0.3"
|
|
33
34
|
},
|
|
34
35
|
"scripts": {
|
|
35
36
|
"build": "tsc --build tsconfig.build.json"
|
package/src/webcrypto-key.ts
CHANGED
|
@@ -1,26 +1,15 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { JwkError, jwkSchema } from '@atproto/jwk'
|
|
1
|
+
import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
|
|
3
2
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
|
|
4
3
|
import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
|
|
5
4
|
|
|
6
|
-
|
|
7
|
-
export const jwkWithAlgSchema = z.intersection(
|
|
8
|
-
jwkSchema,
|
|
9
|
-
z.object({ alg: z.string() }),
|
|
10
|
-
)
|
|
11
|
-
|
|
12
|
-
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
|
|
13
|
-
|
|
14
|
-
export class WebcryptoKey<
|
|
15
|
-
J extends JwkWithAlg = JwkWithAlg,
|
|
16
|
-
> extends JoseKey<J> {
|
|
5
|
+
export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
|
|
17
6
|
// We need to override the static method generate from JoseKey because
|
|
18
7
|
// the browser needs both the private and public keys
|
|
19
8
|
static override async generate(
|
|
20
9
|
allowedAlgos: string[] = ['ES256'],
|
|
21
10
|
kid: string = crypto.randomUUID(),
|
|
22
11
|
options?: GenerateKeyPairOptions,
|
|
23
|
-
) {
|
|
12
|
+
): Promise<WebcryptoKey> {
|
|
24
13
|
const keyPair = await this.generateKeyPair(allowedAlgos, options)
|
|
25
14
|
|
|
26
15
|
// Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
|
|
@@ -31,14 +20,11 @@ export class WebcryptoKey<
|
|
|
31
20
|
return this.fromKeypair(keyPair, kid)
|
|
32
21
|
}
|
|
33
22
|
|
|
34
|
-
static async fromKeypair(
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
23
|
+
static async fromKeypair(
|
|
24
|
+
cryptoKeyPair: CryptoKeyPair,
|
|
25
|
+
kid?: string,
|
|
26
|
+
): Promise<WebcryptoKey> {
|
|
39
27
|
const {
|
|
40
|
-
key_ops,
|
|
41
|
-
use,
|
|
42
28
|
alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
|
|
43
29
|
...jwk
|
|
44
30
|
} = await crypto.subtle.exportKey(
|
|
@@ -48,17 +34,8 @@ export class WebcryptoKey<
|
|
|
48
34
|
: cryptoKeyPair.publicKey,
|
|
49
35
|
)
|
|
50
36
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
56
|
-
// Make sure that "key_ops", if present, is compatible with "use"
|
|
57
|
-
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
|
|
58
|
-
}
|
|
59
|
-
|
|
60
|
-
return new WebcryptoKey(
|
|
61
|
-
jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
|
|
37
|
+
return new WebcryptoKey<Jwk>(
|
|
38
|
+
jwkSchema.parse({ ...jwk, kid, alg }),
|
|
62
39
|
cryptoKeyPair,
|
|
63
40
|
)
|
|
64
41
|
}
|
|
@@ -67,6 +44,9 @@ export class WebcryptoKey<
|
|
|
67
44
|
jwk: Readonly<J>,
|
|
68
45
|
readonly cryptoKeyPair: CryptoKeyPair,
|
|
69
46
|
) {
|
|
47
|
+
// Webcrypto keys are bound to a single algorithm
|
|
48
|
+
if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
|
|
49
|
+
|
|
70
50
|
super(jwk)
|
|
71
51
|
}
|
|
72
52
|
|
|
@@ -74,11 +54,6 @@ export class WebcryptoKey<
|
|
|
74
54
|
return true
|
|
75
55
|
}
|
|
76
56
|
|
|
77
|
-
get privateJwk(): Readonly<J> | undefined {
|
|
78
|
-
if (super.isPrivate) return this.jwk
|
|
79
|
-
throw new Error('Private Webcrypto Key not exportable')
|
|
80
|
-
}
|
|
81
|
-
|
|
82
57
|
protected override async getKeyObj(alg: string) {
|
|
83
58
|
if (this.jwk.alg !== alg) {
|
|
84
59
|
throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"],"version":"
|
|
1
|
+
{"root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"],"version":"6.0.3"}
|