@atproto/jwk-webcrypto 0.1.2-rc.0 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -3
- package/dist/util.js +3 -4
- package/dist/util.js.map +1 -1
- package/dist/webcrypto-key.d.ts +343 -7
- package/dist/webcrypto-key.d.ts.map +1 -1
- package/dist/webcrypto-key.js +19 -8
- package/dist/webcrypto-key.js.map +1 -1
- package/package.json +5 -4
- package/src/webcrypto-key.ts +32 -12
- package/tsconfig.build.tsbuildinfo +1 -0
package/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,19 @@
|
|
|
1
1
|
# @atproto/jwk-webcrypto
|
|
2
2
|
|
|
3
|
-
## 0.1.
|
|
3
|
+
## 0.1.3
|
|
4
4
|
|
|
5
5
|
### Patch Changes
|
|
6
6
|
|
|
7
|
-
- Updated dependencies []:
|
|
8
|
-
- @atproto/jwk
|
|
7
|
+
- Updated dependencies [[`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0), [`2889c7699`](https://github.com/bluesky-social/atproto/commit/2889c76995ce3c569f595ac3c678218e9ce659f0)]:
|
|
8
|
+
- @atproto/jwk@0.1.2
|
|
9
|
+
- @atproto/jwk-jose@0.1.3
|
|
10
|
+
|
|
11
|
+
## 0.1.2
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- Updated dependencies [[`b934b396b`](https://github.com/bluesky-social/atproto/commit/b934b396b13ba32bf2bf7e75ecdf6871e5f310dd), [`b934b396b`](https://github.com/bluesky-social/atproto/commit/b934b396b13ba32bf2bf7e75ecdf6871e5f310dd)]:
|
|
16
|
+
- @atproto/jwk-jose@0.1.2
|
|
9
17
|
|
|
10
18
|
## 0.1.1
|
|
11
19
|
|
package/dist/util.js
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.toSubtleAlgorithm = toSubtleAlgorithm;
|
|
4
|
+
exports.fromSubtleAlgorithm = fromSubtleAlgorithm;
|
|
5
|
+
exports.isCryptoKeyPair = isCryptoKeyPair;
|
|
4
6
|
function toSubtleAlgorithm(alg, crv, options) {
|
|
5
7
|
switch (alg) {
|
|
6
8
|
case 'PS256':
|
|
@@ -37,7 +39,6 @@ function toSubtleAlgorithm(alg, crv, options) {
|
|
|
37
39
|
throw new TypeError(`Unsupported alg "${alg}"`);
|
|
38
40
|
}
|
|
39
41
|
}
|
|
40
|
-
exports.toSubtleAlgorithm = toSubtleAlgorithm;
|
|
41
42
|
function fromSubtleAlgorithm(algorithm) {
|
|
42
43
|
switch (algorithm.name) {
|
|
43
44
|
case 'RSA-PSS':
|
|
@@ -75,7 +76,6 @@ function fromSubtleAlgorithm(algorithm) {
|
|
|
75
76
|
throw new TypeError(`Unexpected algorithm "${algorithm.name}"`);
|
|
76
77
|
}
|
|
77
78
|
}
|
|
78
|
-
exports.fromSubtleAlgorithm = fromSubtleAlgorithm;
|
|
79
79
|
function isCryptoKeyPair(v, extractable) {
|
|
80
80
|
return (typeof v === 'object' &&
|
|
81
81
|
v !== null &&
|
|
@@ -90,5 +90,4 @@ function isCryptoKeyPair(v, extractable) {
|
|
|
90
90
|
v.publicKey.extractable === true &&
|
|
91
91
|
v.publicKey.usages.includes('verify'));
|
|
92
92
|
}
|
|
93
|
-
exports.isCryptoKeyPair = isCryptoKeyPair;
|
|
94
93
|
//# sourceMappingURL=util.js.map
|
package/dist/util.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC"}
|
package/dist/webcrypto-key.d.ts
CHANGED
|
@@ -1,12 +1,348 @@
|
|
|
1
|
-
import { Jwk } from '@atproto/jwk';
|
|
2
1
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
|
|
3
|
-
|
|
2
|
+
import z from 'zod';
|
|
3
|
+
export declare const jwkWithAlgSchema: z.ZodIntersection<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
|
|
4
|
+
kty: z.ZodString;
|
|
5
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
6
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
7
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
8
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
9
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
10
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
11
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
12
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
13
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
14
|
+
}, {
|
|
15
|
+
kty: z.ZodEffects<z.ZodString, string, string>;
|
|
16
|
+
}>, "strip", z.ZodTypeAny, {
|
|
17
|
+
kty: string;
|
|
18
|
+
alg?: string | undefined;
|
|
19
|
+
kid?: string | undefined;
|
|
20
|
+
ext?: boolean | undefined;
|
|
21
|
+
use?: "sig" | "enc" | undefined;
|
|
22
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
23
|
+
x5c?: string[] | undefined;
|
|
24
|
+
x5t?: string | undefined;
|
|
25
|
+
'x5t#S256'?: string | undefined;
|
|
26
|
+
x5u?: string | undefined;
|
|
27
|
+
}, {
|
|
28
|
+
kty: string;
|
|
29
|
+
alg?: string | undefined;
|
|
30
|
+
kid?: string | undefined;
|
|
31
|
+
ext?: boolean | undefined;
|
|
32
|
+
use?: "sig" | "enc" | undefined;
|
|
33
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
34
|
+
x5c?: string[] | undefined;
|
|
35
|
+
x5t?: string | undefined;
|
|
36
|
+
'x5t#S256'?: string | undefined;
|
|
37
|
+
x5u?: string | undefined;
|
|
38
|
+
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
39
|
+
kty: z.ZodString;
|
|
40
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
41
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
42
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
43
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
44
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
45
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
46
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
47
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
48
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
49
|
+
}, {
|
|
50
|
+
kty: z.ZodLiteral<"RSA">;
|
|
51
|
+
alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
|
|
52
|
+
n: z.ZodString;
|
|
53
|
+
e: z.ZodString;
|
|
54
|
+
d: z.ZodOptional<z.ZodString>;
|
|
55
|
+
p: z.ZodOptional<z.ZodString>;
|
|
56
|
+
q: z.ZodOptional<z.ZodString>;
|
|
57
|
+
dp: z.ZodOptional<z.ZodString>;
|
|
58
|
+
dq: z.ZodOptional<z.ZodString>;
|
|
59
|
+
qi: z.ZodOptional<z.ZodString>;
|
|
60
|
+
oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
61
|
+
r: z.ZodOptional<z.ZodString>;
|
|
62
|
+
d: z.ZodOptional<z.ZodString>;
|
|
63
|
+
t: z.ZodOptional<z.ZodString>;
|
|
64
|
+
}, "strip", z.ZodTypeAny, {
|
|
65
|
+
d?: string | undefined;
|
|
66
|
+
r?: string | undefined;
|
|
67
|
+
t?: string | undefined;
|
|
68
|
+
}, {
|
|
69
|
+
d?: string | undefined;
|
|
70
|
+
r?: string | undefined;
|
|
71
|
+
t?: string | undefined;
|
|
72
|
+
}>, "atleastone">>;
|
|
73
|
+
}>, "strip", z.ZodTypeAny, {
|
|
74
|
+
kty: "RSA";
|
|
75
|
+
n: string;
|
|
76
|
+
e: string;
|
|
77
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
78
|
+
kid?: string | undefined;
|
|
79
|
+
ext?: boolean | undefined;
|
|
80
|
+
use?: "sig" | "enc" | undefined;
|
|
81
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
82
|
+
x5c?: string[] | undefined;
|
|
83
|
+
x5t?: string | undefined;
|
|
84
|
+
'x5t#S256'?: string | undefined;
|
|
85
|
+
x5u?: string | undefined;
|
|
86
|
+
d?: string | undefined;
|
|
87
|
+
p?: string | undefined;
|
|
88
|
+
q?: string | undefined;
|
|
89
|
+
dp?: string | undefined;
|
|
90
|
+
dq?: string | undefined;
|
|
91
|
+
qi?: string | undefined;
|
|
92
|
+
oth?: [{
|
|
93
|
+
d?: string | undefined;
|
|
94
|
+
r?: string | undefined;
|
|
95
|
+
t?: string | undefined;
|
|
96
|
+
}, ...{
|
|
97
|
+
d?: string | undefined;
|
|
98
|
+
r?: string | undefined;
|
|
99
|
+
t?: string | undefined;
|
|
100
|
+
}[]] | undefined;
|
|
101
|
+
}, {
|
|
102
|
+
kty: "RSA";
|
|
103
|
+
n: string;
|
|
104
|
+
e: string;
|
|
105
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
106
|
+
kid?: string | undefined;
|
|
107
|
+
ext?: boolean | undefined;
|
|
108
|
+
use?: "sig" | "enc" | undefined;
|
|
109
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
110
|
+
x5c?: string[] | undefined;
|
|
111
|
+
x5t?: string | undefined;
|
|
112
|
+
'x5t#S256'?: string | undefined;
|
|
113
|
+
x5u?: string | undefined;
|
|
114
|
+
d?: string | undefined;
|
|
115
|
+
p?: string | undefined;
|
|
116
|
+
q?: string | undefined;
|
|
117
|
+
dp?: string | undefined;
|
|
118
|
+
dq?: string | undefined;
|
|
119
|
+
qi?: string | undefined;
|
|
120
|
+
oth?: [{
|
|
121
|
+
d?: string | undefined;
|
|
122
|
+
r?: string | undefined;
|
|
123
|
+
t?: string | undefined;
|
|
124
|
+
}, ...{
|
|
125
|
+
d?: string | undefined;
|
|
126
|
+
r?: string | undefined;
|
|
127
|
+
t?: string | undefined;
|
|
128
|
+
}[]] | undefined;
|
|
129
|
+
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
130
|
+
kty: z.ZodString;
|
|
131
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
132
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
133
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
134
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
135
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
136
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
137
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
138
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
139
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
140
|
+
}, {
|
|
141
|
+
kty: z.ZodLiteral<"EC">;
|
|
142
|
+
alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
|
|
143
|
+
crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
|
|
144
|
+
x: z.ZodString;
|
|
145
|
+
y: z.ZodString;
|
|
146
|
+
d: z.ZodOptional<z.ZodString>;
|
|
147
|
+
}>, "strip", z.ZodTypeAny, {
|
|
148
|
+
kty: "EC";
|
|
149
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
150
|
+
x: string;
|
|
151
|
+
y: string;
|
|
152
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
153
|
+
kid?: string | undefined;
|
|
154
|
+
ext?: boolean | undefined;
|
|
155
|
+
use?: "sig" | "enc" | undefined;
|
|
156
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
157
|
+
x5c?: string[] | undefined;
|
|
158
|
+
x5t?: string | undefined;
|
|
159
|
+
'x5t#S256'?: string | undefined;
|
|
160
|
+
x5u?: string | undefined;
|
|
161
|
+
d?: string | undefined;
|
|
162
|
+
}, {
|
|
163
|
+
kty: "EC";
|
|
164
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
165
|
+
x: string;
|
|
166
|
+
y: string;
|
|
167
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
168
|
+
kid?: string | undefined;
|
|
169
|
+
ext?: boolean | undefined;
|
|
170
|
+
use?: "sig" | "enc" | undefined;
|
|
171
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
172
|
+
x5c?: string[] | undefined;
|
|
173
|
+
x5t?: string | undefined;
|
|
174
|
+
'x5t#S256'?: string | undefined;
|
|
175
|
+
x5u?: string | undefined;
|
|
176
|
+
d?: string | undefined;
|
|
177
|
+
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
178
|
+
kty: z.ZodString;
|
|
179
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
180
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
181
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
182
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
183
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
184
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
185
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
186
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
187
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
188
|
+
}, {
|
|
189
|
+
kty: z.ZodLiteral<"EC">;
|
|
190
|
+
alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
|
|
191
|
+
crv: z.ZodEnum<["secp256k1"]>;
|
|
192
|
+
x: z.ZodString;
|
|
193
|
+
y: z.ZodString;
|
|
194
|
+
d: z.ZodOptional<z.ZodString>;
|
|
195
|
+
}>, "strip", z.ZodTypeAny, {
|
|
196
|
+
kty: "EC";
|
|
197
|
+
crv: "secp256k1";
|
|
198
|
+
x: string;
|
|
199
|
+
y: string;
|
|
200
|
+
alg?: "ES256K" | undefined;
|
|
201
|
+
kid?: string | undefined;
|
|
202
|
+
ext?: boolean | undefined;
|
|
203
|
+
use?: "sig" | "enc" | undefined;
|
|
204
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
205
|
+
x5c?: string[] | undefined;
|
|
206
|
+
x5t?: string | undefined;
|
|
207
|
+
'x5t#S256'?: string | undefined;
|
|
208
|
+
x5u?: string | undefined;
|
|
209
|
+
d?: string | undefined;
|
|
210
|
+
}, {
|
|
211
|
+
kty: "EC";
|
|
212
|
+
crv: "secp256k1";
|
|
213
|
+
x: string;
|
|
214
|
+
y: string;
|
|
215
|
+
alg?: "ES256K" | undefined;
|
|
216
|
+
kid?: string | undefined;
|
|
217
|
+
ext?: boolean | undefined;
|
|
218
|
+
use?: "sig" | "enc" | undefined;
|
|
219
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
220
|
+
x5c?: string[] | undefined;
|
|
221
|
+
x5t?: string | undefined;
|
|
222
|
+
'x5t#S256'?: string | undefined;
|
|
223
|
+
x5u?: string | undefined;
|
|
224
|
+
d?: string | undefined;
|
|
225
|
+
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
226
|
+
kty: z.ZodString;
|
|
227
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
228
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
229
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
230
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
231
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
232
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
233
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
234
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
235
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
236
|
+
}, {
|
|
237
|
+
kty: z.ZodLiteral<"OKP">;
|
|
238
|
+
alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
|
|
239
|
+
crv: z.ZodEnum<["Ed25519", "Ed448"]>;
|
|
240
|
+
x: z.ZodString;
|
|
241
|
+
d: z.ZodOptional<z.ZodString>;
|
|
242
|
+
}>, "strip", z.ZodTypeAny, {
|
|
243
|
+
kty: "OKP";
|
|
244
|
+
crv: "Ed25519" | "Ed448";
|
|
245
|
+
x: string;
|
|
246
|
+
alg?: "EdDSA" | undefined;
|
|
247
|
+
kid?: string | undefined;
|
|
248
|
+
ext?: boolean | undefined;
|
|
249
|
+
use?: "sig" | "enc" | undefined;
|
|
250
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
251
|
+
x5c?: string[] | undefined;
|
|
252
|
+
x5t?: string | undefined;
|
|
253
|
+
'x5t#S256'?: string | undefined;
|
|
254
|
+
x5u?: string | undefined;
|
|
255
|
+
d?: string | undefined;
|
|
256
|
+
}, {
|
|
257
|
+
kty: "OKP";
|
|
258
|
+
crv: "Ed25519" | "Ed448";
|
|
259
|
+
x: string;
|
|
260
|
+
alg?: "EdDSA" | undefined;
|
|
261
|
+
kid?: string | undefined;
|
|
262
|
+
ext?: boolean | undefined;
|
|
263
|
+
use?: "sig" | "enc" | undefined;
|
|
264
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
265
|
+
x5c?: string[] | undefined;
|
|
266
|
+
x5t?: string | undefined;
|
|
267
|
+
'x5t#S256'?: string | undefined;
|
|
268
|
+
x5u?: string | undefined;
|
|
269
|
+
d?: string | undefined;
|
|
270
|
+
}>, z.ZodObject<z.objectUtil.extendShape<{
|
|
271
|
+
kty: z.ZodString;
|
|
272
|
+
alg: z.ZodOptional<z.ZodString>;
|
|
273
|
+
kid: z.ZodOptional<z.ZodString>;
|
|
274
|
+
ext: z.ZodOptional<z.ZodBoolean>;
|
|
275
|
+
use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
|
|
276
|
+
key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
|
|
277
|
+
x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
278
|
+
x5t: z.ZodOptional<z.ZodString>;
|
|
279
|
+
'x5t#S256': z.ZodOptional<z.ZodString>;
|
|
280
|
+
x5u: z.ZodOptional<z.ZodString>;
|
|
281
|
+
}, {
|
|
282
|
+
kty: z.ZodLiteral<"oct">;
|
|
283
|
+
alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
|
|
284
|
+
k: z.ZodString;
|
|
285
|
+
}>, "strip", z.ZodTypeAny, {
|
|
286
|
+
kty: "oct";
|
|
287
|
+
k: string;
|
|
288
|
+
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
289
|
+
kid?: string | undefined;
|
|
290
|
+
ext?: boolean | undefined;
|
|
291
|
+
use?: "sig" | "enc" | undefined;
|
|
292
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
293
|
+
x5c?: string[] | undefined;
|
|
294
|
+
x5t?: string | undefined;
|
|
295
|
+
'x5t#S256'?: string | undefined;
|
|
296
|
+
x5u?: string | undefined;
|
|
297
|
+
}, {
|
|
298
|
+
kty: "oct";
|
|
299
|
+
k: string;
|
|
300
|
+
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
301
|
+
kid?: string | undefined;
|
|
302
|
+
ext?: boolean | undefined;
|
|
303
|
+
use?: "sig" | "enc" | undefined;
|
|
304
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
305
|
+
x5c?: string[] | undefined;
|
|
306
|
+
x5t?: string | undefined;
|
|
307
|
+
'x5t#S256'?: string | undefined;
|
|
308
|
+
x5u?: string | undefined;
|
|
309
|
+
}>]>, z.ZodObject<{
|
|
310
|
+
alg: z.ZodString;
|
|
311
|
+
}, "strip", z.ZodTypeAny, {
|
|
312
|
+
alg: string;
|
|
313
|
+
}, {
|
|
314
|
+
alg: string;
|
|
315
|
+
}>>;
|
|
316
|
+
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
|
|
317
|
+
export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
|
|
4
318
|
readonly cryptoKeyPair: CryptoKeyPair;
|
|
5
|
-
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey
|
|
6
|
-
|
|
7
|
-
|
|
319
|
+
static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey<{
|
|
320
|
+
kty: string;
|
|
321
|
+
alg: string;
|
|
322
|
+
kid?: string | undefined;
|
|
323
|
+
ext?: boolean | undefined;
|
|
324
|
+
use?: "sig" | "enc" | undefined;
|
|
325
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
326
|
+
x5c?: string[] | undefined;
|
|
327
|
+
x5t?: string | undefined;
|
|
328
|
+
'x5t#S256'?: string | undefined;
|
|
329
|
+
x5u?: string | undefined;
|
|
330
|
+
}>>;
|
|
331
|
+
static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
|
|
332
|
+
kty: string;
|
|
333
|
+
alg: string;
|
|
334
|
+
kid?: string | undefined;
|
|
335
|
+
ext?: boolean | undefined;
|
|
336
|
+
use?: "sig" | "enc" | undefined;
|
|
337
|
+
key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
338
|
+
x5c?: string[] | undefined;
|
|
339
|
+
x5t?: string | undefined;
|
|
340
|
+
'x5t#S256'?: string | undefined;
|
|
341
|
+
x5u?: string | undefined;
|
|
342
|
+
}>>;
|
|
343
|
+
constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
|
|
8
344
|
get isPrivate(): boolean;
|
|
9
|
-
get privateJwk():
|
|
10
|
-
protected
|
|
345
|
+
get privateJwk(): Readonly<J> | undefined;
|
|
346
|
+
protected getKeyObj(alg: string): Promise<CryptoKey>;
|
|
11
347
|
}
|
|
12
348
|
//# sourceMappingURL=webcrypto-key.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AACnE,OAAO,CAAC,MAAM,KAAK,CAAA;AAKnB,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAkFqhb,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAAwC,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAA8uB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAAotB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA/Ev/e,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,qBAAa,YAAY,CACvB,CAAC,SAAS,UAAU,GAAG,UAAU,CACjC,SAAQ,OAAO,CAAC,CAAC,CAAC;IAoDhB,QAAQ,CAAC,aAAa,EAAE,aAAa;WAjDjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;WAYrB,WAAW,CAAC,aAAa,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,MAAM;;;;;;;;;;;;gBAiCjE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAKvC,IAAI,SAAS,YAEZ;IAED,IAAI,UAAU,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAGxC;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
|
package/dist/webcrypto-key.js
CHANGED
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.WebcryptoKey = void 0;
|
|
6
|
+
exports.WebcryptoKey = exports.jwkWithAlgSchema = void 0;
|
|
4
7
|
const jwk_1 = require("@atproto/jwk");
|
|
5
8
|
const jwk_jose_1 = require("@atproto/jwk-jose");
|
|
9
|
+
const zod_1 = __importDefault(require("zod"));
|
|
6
10
|
const util_js_1 = require("./util.js");
|
|
11
|
+
// Webcrypto keys are bound to a single algorithm
|
|
12
|
+
exports.jwkWithAlgSchema = zod_1.default.intersection(jwk_1.jwkSchema, zod_1.default.object({ alg: zod_1.default.string() }));
|
|
7
13
|
class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
8
14
|
// We need to override the static method generate from JoseKey because
|
|
9
15
|
// the browser needs both the private and public keys
|
|
@@ -19,15 +25,17 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
|
19
25
|
// https://datatracker.ietf.org/doc/html/rfc7517
|
|
20
26
|
// > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
|
|
21
27
|
// > Applications should specify which of these members they use.
|
|
22
|
-
const { key_ops
|
|
28
|
+
const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
|
|
23
29
|
? cryptoKeyPair.privateKey
|
|
24
30
|
: cryptoKeyPair.publicKey);
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
if (use !== 'sig') {
|
|
28
|
-
throw new TypeError('Unsupported JWK use');
|
|
31
|
+
if (use && use !== 'sig') {
|
|
32
|
+
throw new TypeError(`Unsupported JWK use "${use}"`);
|
|
29
33
|
}
|
|
30
|
-
|
|
34
|
+
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
35
|
+
// Make sure that "key_ops", if present, is compatible with "use"
|
|
36
|
+
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
|
|
37
|
+
}
|
|
38
|
+
return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
|
|
31
39
|
}
|
|
32
40
|
constructor(jwk, cryptoKeyPair) {
|
|
33
41
|
super(jwk);
|
|
@@ -46,7 +54,10 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
|
|
|
46
54
|
return this.jwk;
|
|
47
55
|
throw new Error('Private Webcrypto Key not exportable');
|
|
48
56
|
}
|
|
49
|
-
async
|
|
57
|
+
async getKeyObj(alg) {
|
|
58
|
+
if (this.jwk.alg !== alg) {
|
|
59
|
+
throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`);
|
|
60
|
+
}
|
|
50
61
|
return this.cryptoKeyPair.privateKey;
|
|
51
62
|
}
|
|
52
63
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;;;;AAAA,sCAAkD;AAClD,gDAAmE;AACnE,8CAAmB;AAEnB,uCAAgE;AAEhE,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,aAAC,CAAC,YAAY,CAC5C,eAAS,EACT,aAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,aAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAC9B,CAAA;AAID,MAAa,YAEX,SAAQ,kBAAU;IAClB,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,aAA4B,EAAE,GAAY;QACjE,gDAAgD;QAChD,2EAA2E;QAC3E,iEAAiE;QAEjE,MAAM,EACJ,OAAO,EACP,GAAG,EACH,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAA;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACpE,iEAAiE;YACjE,MAAM,IAAI,SAAS,CAAC,oBAAoB,OAAO,iBAAiB,CAAC,CAAA;QACnE,CAAC;QAED,OAAO,IAAI,YAAY,CACrB,wBAAgB,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EACxD,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,KAAK,CAAC,GAAG,CAAC,CAAA;QAFV;;;;mBAAS,aAAa;WAAe;IAGvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,KAAK,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,GAAG,CAAA;QACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1ED,oCA0EC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/jwk-webcrypto",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.3",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "Webcrypto based implementation of @atproto/jwk Key's",
|
|
6
6
|
"keywords": [
|
|
@@ -24,11 +24,12 @@
|
|
|
24
24
|
}
|
|
25
25
|
},
|
|
26
26
|
"dependencies": {
|
|
27
|
-
"
|
|
28
|
-
"@atproto/jwk": "0.1.
|
|
27
|
+
"zod": "^3.23.8",
|
|
28
|
+
"@atproto/jwk": "0.1.2",
|
|
29
|
+
"@atproto/jwk-jose": "0.1.3"
|
|
29
30
|
},
|
|
30
31
|
"devDependencies": {
|
|
31
|
-
"typescript": "^5.
|
|
32
|
+
"typescript": "^5.6.3"
|
|
32
33
|
},
|
|
33
34
|
"scripts": {
|
|
34
35
|
"build": "tsc --build tsconfig.build.json"
|
package/src/webcrypto-key.ts
CHANGED
|
@@ -1,9 +1,20 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { JwkError, jwkSchema } from '@atproto/jwk'
|
|
2
2
|
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
|
|
3
|
+
import z from 'zod'
|
|
3
4
|
|
|
4
5
|
import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
|
|
5
6
|
|
|
6
|
-
|
|
7
|
+
// Webcrypto keys are bound to a single algorithm
|
|
8
|
+
export const jwkWithAlgSchema = z.intersection(
|
|
9
|
+
jwkSchema,
|
|
10
|
+
z.object({ alg: z.string() }),
|
|
11
|
+
)
|
|
12
|
+
|
|
13
|
+
export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
|
|
14
|
+
|
|
15
|
+
export class WebcryptoKey<
|
|
16
|
+
J extends JwkWithAlg = JwkWithAlg,
|
|
17
|
+
> extends JoseKey<J> {
|
|
7
18
|
// We need to override the static method generate from JoseKey because
|
|
8
19
|
// the browser needs both the private and public keys
|
|
9
20
|
static override async generate(
|
|
@@ -26,29 +37,35 @@ export class WebcryptoKey extends JoseKey {
|
|
|
26
37
|
// > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
|
|
27
38
|
// > Applications should specify which of these members they use.
|
|
28
39
|
|
|
29
|
-
const {
|
|
40
|
+
const {
|
|
41
|
+
key_ops,
|
|
42
|
+
use,
|
|
43
|
+
alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
|
|
44
|
+
...jwk
|
|
45
|
+
} = await crypto.subtle.exportKey(
|
|
30
46
|
'jwk',
|
|
31
47
|
cryptoKeyPair.privateKey.extractable
|
|
32
48
|
? cryptoKeyPair.privateKey
|
|
33
49
|
: cryptoKeyPair.publicKey,
|
|
34
50
|
)
|
|
35
51
|
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
52
|
+
if (use && use !== 'sig') {
|
|
53
|
+
throw new TypeError(`Unsupported JWK use "${use}"`)
|
|
54
|
+
}
|
|
39
55
|
|
|
40
|
-
if (
|
|
41
|
-
|
|
56
|
+
if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
|
|
57
|
+
// Make sure that "key_ops", if present, is compatible with "use"
|
|
58
|
+
throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
|
|
42
59
|
}
|
|
43
60
|
|
|
44
61
|
return new WebcryptoKey(
|
|
45
|
-
|
|
62
|
+
jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
|
|
46
63
|
cryptoKeyPair,
|
|
47
64
|
)
|
|
48
65
|
}
|
|
49
66
|
|
|
50
67
|
constructor(
|
|
51
|
-
jwk:
|
|
68
|
+
jwk: Readonly<J>,
|
|
52
69
|
readonly cryptoKeyPair: CryptoKeyPair,
|
|
53
70
|
) {
|
|
54
71
|
super(jwk)
|
|
@@ -58,12 +75,15 @@ export class WebcryptoKey extends JoseKey {
|
|
|
58
75
|
return true
|
|
59
76
|
}
|
|
60
77
|
|
|
61
|
-
get privateJwk():
|
|
78
|
+
get privateJwk(): Readonly<J> | undefined {
|
|
62
79
|
if (super.isPrivate) return this.jwk
|
|
63
80
|
throw new Error('Private Webcrypto Key not exportable')
|
|
64
81
|
}
|
|
65
82
|
|
|
66
|
-
protected override async
|
|
83
|
+
protected override async getKeyObj(alg: string) {
|
|
84
|
+
if (this.jwk.alg !== alg) {
|
|
85
|
+
throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
|
|
86
|
+
}
|
|
67
87
|
return this.cryptoKeyPair.privateKey
|
|
68
88
|
}
|
|
69
89
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"],"version":"5.6.3"}
|