@atproto/jwk-webcrypto 0.1.9 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,25 @@
1
1
  # @atproto/jwk-webcrypto
2
2
 
3
+ ## 0.2.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
8
+
9
+ ### Patch Changes
10
+
11
+ - Updated dependencies [[`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815)]:
12
+ - @atproto/jwk@0.6.0
13
+ - @atproto/jwk-jose@0.1.11
14
+
15
+ ## 0.1.10
16
+
17
+ ### Patch Changes
18
+
19
+ - Updated dependencies [[`8a88e2c15`](https://github.com/bluesky-social/atproto/commit/8a88e2c15451f5e8239400eeb277ad31d178b8e6), [`8a88e2c15`](https://github.com/bluesky-social/atproto/commit/8a88e2c15451f5e8239400eeb277ad31d178b8e6)]:
20
+ - @atproto/jwk@0.5.0
21
+ - @atproto/jwk-jose@0.1.10
22
+
3
23
  ## 0.1.9
4
24
 
5
25
  ### Patch Changes
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAkC","sourcesContent":["export * from './webcrypto-key.js'\n"]}
package/dist/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;AAsBA,8CAwCC;AAED,kDAqCC;AAED,0CAkBC;AAnGD,SAAgB,iBAAiB,CAC/B,GAAW,EACX,GAAY,EACZ,OAAoC;IAEpC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,mBAAmB;gBACzB,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE;gBACrD,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,IAAI;gBAC7C,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;aACnD,CAAA;QACH,KAAK,OAAO,CAAC;QACb,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAkB,EAAE;aAClD,CAAA;QACH,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;aACpB,CAAA;QACH;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,SAAuB;IACzD,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,SAAS,CAAC;QACf,KAAK,mBAAmB,CAAC,CAAC,CAAC;YACzB,MAAM,IAAI,GAA2B,SAAU,CAAC,IAAI,CAAC,IAAI,CAAA;YACzD,QAAQ,IAAI,EAAE,CAAC;gBACb,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC;gBACf,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzD,OAAO,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC9D,CAAC;gBACD;oBACE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAA;YACjE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAoB,SAAU,CAAC,UAAU,CAAA;YACzD,QAAQ,UAAU,EAAE,CAAC;gBACnB,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO,CAAC;gBACb,KAAK,OAAO;oBACV,OAAO,KAAK,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAA0B,EAAE,CAAA;gBAC7D,KAAK,OAAO;oBACV,OAAO,OAAO,CAAA;gBAChB;oBACE,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAA;YAChE,CAAC;QACH,CAAC;QACD,KAAK,OAAO,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,OAAO,CAAA;QAChB;YACE,oEAAoE;YAEpE,MAAM,IAAI,SAAS,CAAC,yBAAyB,SAAS,CAAC,IAAI,GAAG,CAAC,CAAA;IACnE,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,CAAU,EACV,WAAqB;IAErB,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,KAAK,IAAI;QACV,YAAY,IAAI,CAAC;QACjB,CAAC,CAAC,UAAU,YAAY,SAAS;QACjC,CAAC,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;QAC/B,CAAC,WAAW,IAAI,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,WAAW,KAAK,WAAW,CAAC;QACjE,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACpC,WAAW,IAAI,CAAC;QAChB,CAAC,CAAC,SAAS,YAAY,SAAS;QAChC,CAAC,CAAC,SAAS,CAAC,IAAI,KAAK,QAAQ;QAC7B,CAAC,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI;QAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACtC,CAAA;AACH,CAAC","sourcesContent":["export type JWSAlgorithm =\n // HMAC\n | 'HS256'\n | 'HS384'\n | 'HS512'\n // RSA\n | 'PS256'\n | 'PS384'\n | 'PS512'\n | 'RS256'\n | 'RS384'\n | 'RS512'\n // EC\n | 'ES256'\n | 'ES256K'\n | 'ES384'\n | 'ES512'\n // OKP\n | 'EdDSA'\n\nexport type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams\n\nexport function toSubtleAlgorithm(\n alg: string,\n crv?: string,\n options?: { modulusLength?: number },\n): SubtleAlgorithm {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n }\n case 'ES256':\n case 'ES384':\n return {\n name: 'ECDSA',\n namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,\n }\n case 'ES512':\n return {\n name: 'ECDSA',\n namedCurve: 'P-521',\n }\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unsupported alg \"${alg}\"`)\n }\n}\n\nexport function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {\n switch (algorithm.name) {\n case 'RSA-PSS':\n case 'RSASSA-PKCS1-v1_5': {\n const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name\n switch (hash) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512': {\n const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'\n return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`\n }\n default:\n throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')\n }\n }\n case 'ECDSA': {\n const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve\n switch (namedCurve) {\n case 'P-256':\n case 'P-384':\n case 'P-512':\n return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`\n case 'P-521':\n return 'ES512'\n default:\n throw new TypeError('unsupported EcKeyAlgorithm namedCurve')\n }\n }\n case 'Ed448':\n case 'Ed25519':\n return 'EdDSA'\n default:\n // https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773\n\n throw new TypeError(`Unexpected algorithm \"${algorithm.name}\"`)\n }\n}\n\nexport function isCryptoKeyPair(\n v: unknown,\n extractable?: boolean,\n): v is CryptoKeyPair {\n return (\n typeof v === 'object' &&\n v !== null &&\n 'privateKey' in v &&\n v.privateKey instanceof CryptoKey &&\n v.privateKey.type === 'private' &&\n (extractable == null || v.privateKey.extractable === extractable) &&\n v.privateKey.usages.includes('sign') &&\n 'publicKey' in v &&\n v.publicKey instanceof CryptoKey &&\n v.publicKey.type === 'public' &&\n v.publicKey.extractable === true &&\n v.publicKey.usages.includes('verify')\n )\n}\n"]}
@@ -1,348 +1,11 @@
1
- import { z } from 'zod';
1
+ import { Jwk } from '@atproto/jwk';
2
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose';
3
- export declare const jwkWithAlgSchema: z.ZodIntersection<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
4
- kty: z.ZodString;
5
- alg: z.ZodOptional<z.ZodString>;
6
- kid: z.ZodOptional<z.ZodString>;
7
- ext: z.ZodOptional<z.ZodBoolean>;
8
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
9
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
10
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
11
- x5t: z.ZodOptional<z.ZodString>;
12
- 'x5t#S256': z.ZodOptional<z.ZodString>;
13
- x5u: z.ZodOptional<z.ZodString>;
14
- }, {
15
- kty: z.ZodEffects<z.ZodString, string, string>;
16
- }>, "strip", z.ZodTypeAny, {
17
- kty: string;
18
- alg?: string | undefined;
19
- kid?: string | undefined;
20
- ext?: boolean | undefined;
21
- use?: "sig" | "enc" | undefined;
22
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
23
- x5c?: string[] | undefined;
24
- x5t?: string | undefined;
25
- 'x5t#S256'?: string | undefined;
26
- x5u?: string | undefined;
27
- }, {
28
- kty: string;
29
- alg?: string | undefined;
30
- kid?: string | undefined;
31
- ext?: boolean | undefined;
32
- use?: "sig" | "enc" | undefined;
33
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
34
- x5c?: string[] | undefined;
35
- x5t?: string | undefined;
36
- 'x5t#S256'?: string | undefined;
37
- x5u?: string | undefined;
38
- }>, z.ZodObject<z.objectUtil.extendShape<{
39
- kty: z.ZodString;
40
- alg: z.ZodOptional<z.ZodString>;
41
- kid: z.ZodOptional<z.ZodString>;
42
- ext: z.ZodOptional<z.ZodBoolean>;
43
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
44
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
45
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
46
- x5t: z.ZodOptional<z.ZodString>;
47
- 'x5t#S256': z.ZodOptional<z.ZodString>;
48
- x5u: z.ZodOptional<z.ZodString>;
49
- }, {
50
- kty: z.ZodLiteral<"RSA">;
51
- alg: z.ZodOptional<z.ZodEnum<["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]>>;
52
- n: z.ZodString;
53
- e: z.ZodString;
54
- d: z.ZodOptional<z.ZodString>;
55
- p: z.ZodOptional<z.ZodString>;
56
- q: z.ZodOptional<z.ZodString>;
57
- dp: z.ZodOptional<z.ZodString>;
58
- dq: z.ZodOptional<z.ZodString>;
59
- qi: z.ZodOptional<z.ZodString>;
60
- oth: z.ZodOptional<z.ZodArray<z.ZodObject<{
61
- r: z.ZodOptional<z.ZodString>;
62
- d: z.ZodOptional<z.ZodString>;
63
- t: z.ZodOptional<z.ZodString>;
64
- }, "strip", z.ZodTypeAny, {
65
- d?: string | undefined;
66
- r?: string | undefined;
67
- t?: string | undefined;
68
- }, {
69
- d?: string | undefined;
70
- r?: string | undefined;
71
- t?: string | undefined;
72
- }>, "atleastone">>;
73
- }>, "strip", z.ZodTypeAny, {
74
- kty: "RSA";
75
- n: string;
76
- e: string;
77
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
78
- kid?: string | undefined;
79
- ext?: boolean | undefined;
80
- use?: "sig" | "enc" | undefined;
81
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
82
- x5c?: string[] | undefined;
83
- x5t?: string | undefined;
84
- 'x5t#S256'?: string | undefined;
85
- x5u?: string | undefined;
86
- d?: string | undefined;
87
- p?: string | undefined;
88
- q?: string | undefined;
89
- dp?: string | undefined;
90
- dq?: string | undefined;
91
- qi?: string | undefined;
92
- oth?: [{
93
- d?: string | undefined;
94
- r?: string | undefined;
95
- t?: string | undefined;
96
- }, ...{
97
- d?: string | undefined;
98
- r?: string | undefined;
99
- t?: string | undefined;
100
- }[]] | undefined;
101
- }, {
102
- kty: "RSA";
103
- n: string;
104
- e: string;
105
- alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
106
- kid?: string | undefined;
107
- ext?: boolean | undefined;
108
- use?: "sig" | "enc" | undefined;
109
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
110
- x5c?: string[] | undefined;
111
- x5t?: string | undefined;
112
- 'x5t#S256'?: string | undefined;
113
- x5u?: string | undefined;
114
- d?: string | undefined;
115
- p?: string | undefined;
116
- q?: string | undefined;
117
- dp?: string | undefined;
118
- dq?: string | undefined;
119
- qi?: string | undefined;
120
- oth?: [{
121
- d?: string | undefined;
122
- r?: string | undefined;
123
- t?: string | undefined;
124
- }, ...{
125
- d?: string | undefined;
126
- r?: string | undefined;
127
- t?: string | undefined;
128
- }[]] | undefined;
129
- }>, z.ZodObject<z.objectUtil.extendShape<{
130
- kty: z.ZodString;
131
- alg: z.ZodOptional<z.ZodString>;
132
- kid: z.ZodOptional<z.ZodString>;
133
- ext: z.ZodOptional<z.ZodBoolean>;
134
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
135
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
136
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
137
- x5t: z.ZodOptional<z.ZodString>;
138
- 'x5t#S256': z.ZodOptional<z.ZodString>;
139
- x5u: z.ZodOptional<z.ZodString>;
140
- }, {
141
- kty: z.ZodLiteral<"EC">;
142
- alg: z.ZodOptional<z.ZodEnum<["ES256", "ES384", "ES512"]>>;
143
- crv: z.ZodEnum<["P-256", "P-384", "P-521"]>;
144
- x: z.ZodString;
145
- y: z.ZodString;
146
- d: z.ZodOptional<z.ZodString>;
147
- }>, "strip", z.ZodTypeAny, {
148
- kty: "EC";
149
- crv: "P-256" | "P-384" | "P-521";
150
- x: string;
151
- y: string;
152
- alg?: "ES256" | "ES384" | "ES512" | undefined;
153
- kid?: string | undefined;
154
- ext?: boolean | undefined;
155
- use?: "sig" | "enc" | undefined;
156
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
157
- x5c?: string[] | undefined;
158
- x5t?: string | undefined;
159
- 'x5t#S256'?: string | undefined;
160
- x5u?: string | undefined;
161
- d?: string | undefined;
162
- }, {
163
- kty: "EC";
164
- crv: "P-256" | "P-384" | "P-521";
165
- x: string;
166
- y: string;
167
- alg?: "ES256" | "ES384" | "ES512" | undefined;
168
- kid?: string | undefined;
169
- ext?: boolean | undefined;
170
- use?: "sig" | "enc" | undefined;
171
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
172
- x5c?: string[] | undefined;
173
- x5t?: string | undefined;
174
- 'x5t#S256'?: string | undefined;
175
- x5u?: string | undefined;
176
- d?: string | undefined;
177
- }>, z.ZodObject<z.objectUtil.extendShape<{
178
- kty: z.ZodString;
179
- alg: z.ZodOptional<z.ZodString>;
180
- kid: z.ZodOptional<z.ZodString>;
181
- ext: z.ZodOptional<z.ZodBoolean>;
182
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
183
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
184
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
185
- x5t: z.ZodOptional<z.ZodString>;
186
- 'x5t#S256': z.ZodOptional<z.ZodString>;
187
- x5u: z.ZodOptional<z.ZodString>;
188
- }, {
189
- kty: z.ZodLiteral<"EC">;
190
- alg: z.ZodOptional<z.ZodEnum<["ES256K"]>>;
191
- crv: z.ZodEnum<["secp256k1"]>;
192
- x: z.ZodString;
193
- y: z.ZodString;
194
- d: z.ZodOptional<z.ZodString>;
195
- }>, "strip", z.ZodTypeAny, {
196
- kty: "EC";
197
- crv: "secp256k1";
198
- x: string;
199
- y: string;
200
- alg?: "ES256K" | undefined;
201
- kid?: string | undefined;
202
- ext?: boolean | undefined;
203
- use?: "sig" | "enc" | undefined;
204
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
205
- x5c?: string[] | undefined;
206
- x5t?: string | undefined;
207
- 'x5t#S256'?: string | undefined;
208
- x5u?: string | undefined;
209
- d?: string | undefined;
210
- }, {
211
- kty: "EC";
212
- crv: "secp256k1";
213
- x: string;
214
- y: string;
215
- alg?: "ES256K" | undefined;
216
- kid?: string | undefined;
217
- ext?: boolean | undefined;
218
- use?: "sig" | "enc" | undefined;
219
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
220
- x5c?: string[] | undefined;
221
- x5t?: string | undefined;
222
- 'x5t#S256'?: string | undefined;
223
- x5u?: string | undefined;
224
- d?: string | undefined;
225
- }>, z.ZodObject<z.objectUtil.extendShape<{
226
- kty: z.ZodString;
227
- alg: z.ZodOptional<z.ZodString>;
228
- kid: z.ZodOptional<z.ZodString>;
229
- ext: z.ZodOptional<z.ZodBoolean>;
230
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
231
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
232
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
233
- x5t: z.ZodOptional<z.ZodString>;
234
- 'x5t#S256': z.ZodOptional<z.ZodString>;
235
- x5u: z.ZodOptional<z.ZodString>;
236
- }, {
237
- kty: z.ZodLiteral<"OKP">;
238
- alg: z.ZodOptional<z.ZodEnum<["EdDSA"]>>;
239
- crv: z.ZodEnum<["Ed25519", "Ed448"]>;
240
- x: z.ZodString;
241
- d: z.ZodOptional<z.ZodString>;
242
- }>, "strip", z.ZodTypeAny, {
243
- kty: "OKP";
244
- crv: "Ed25519" | "Ed448";
245
- x: string;
246
- alg?: "EdDSA" | undefined;
247
- kid?: string | undefined;
248
- ext?: boolean | undefined;
249
- use?: "sig" | "enc" | undefined;
250
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
251
- x5c?: string[] | undefined;
252
- x5t?: string | undefined;
253
- 'x5t#S256'?: string | undefined;
254
- x5u?: string | undefined;
255
- d?: string | undefined;
256
- }, {
257
- kty: "OKP";
258
- crv: "Ed25519" | "Ed448";
259
- x: string;
260
- alg?: "EdDSA" | undefined;
261
- kid?: string | undefined;
262
- ext?: boolean | undefined;
263
- use?: "sig" | "enc" | undefined;
264
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
265
- x5c?: string[] | undefined;
266
- x5t?: string | undefined;
267
- 'x5t#S256'?: string | undefined;
268
- x5u?: string | undefined;
269
- d?: string | undefined;
270
- }>, z.ZodObject<z.objectUtil.extendShape<{
271
- kty: z.ZodString;
272
- alg: z.ZodOptional<z.ZodString>;
273
- kid: z.ZodOptional<z.ZodString>;
274
- ext: z.ZodOptional<z.ZodBoolean>;
275
- use: z.ZodOptional<z.ZodEnum<["sig", "enc"]>>;
276
- key_ops: z.ZodOptional<z.ZodArray<z.ZodEnum<["sign", "verify", "encrypt", "decrypt", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]>, "many">>;
277
- x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
278
- x5t: z.ZodOptional<z.ZodString>;
279
- 'x5t#S256': z.ZodOptional<z.ZodString>;
280
- x5u: z.ZodOptional<z.ZodString>;
281
- }, {
282
- kty: z.ZodLiteral<"oct">;
283
- alg: z.ZodOptional<z.ZodEnum<["HS256", "HS384", "HS512"]>>;
284
- k: z.ZodString;
285
- }>, "strip", z.ZodTypeAny, {
286
- kty: "oct";
287
- k: string;
288
- alg?: "HS256" | "HS384" | "HS512" | undefined;
289
- kid?: string | undefined;
290
- ext?: boolean | undefined;
291
- use?: "sig" | "enc" | undefined;
292
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
293
- x5c?: string[] | undefined;
294
- x5t?: string | undefined;
295
- 'x5t#S256'?: string | undefined;
296
- x5u?: string | undefined;
297
- }, {
298
- kty: "oct";
299
- k: string;
300
- alg?: "HS256" | "HS384" | "HS512" | undefined;
301
- kid?: string | undefined;
302
- ext?: boolean | undefined;
303
- use?: "sig" | "enc" | undefined;
304
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
305
- x5c?: string[] | undefined;
306
- x5t?: string | undefined;
307
- 'x5t#S256'?: string | undefined;
308
- x5u?: string | undefined;
309
- }>]>, z.ZodObject<{
310
- alg: z.ZodString;
311
- }, "strip", z.ZodTypeAny, {
312
- alg: string;
313
- }, {
314
- alg: string;
315
- }>>;
316
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>;
317
- export declare class WebcryptoKey<J extends JwkWithAlg = JwkWithAlg> extends JoseKey<J> {
3
+ export declare class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
318
4
  readonly cryptoKeyPair: CryptoKeyPair;
319
- static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey<{
320
- kty: string;
321
- alg: string;
322
- kid?: string | undefined | undefined;
323
- ext?: boolean | undefined | undefined;
324
- use?: "sig" | "enc" | undefined | undefined;
325
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
326
- x5c?: string[] | undefined | undefined;
327
- x5t?: string | undefined | undefined;
328
- 'x5t#S256'?: string | undefined | undefined;
329
- x5u?: string | undefined | undefined;
330
- }>>;
331
- static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey<{
332
- kty: string;
333
- alg: string;
334
- kid?: string | undefined | undefined;
335
- ext?: boolean | undefined | undefined;
336
- use?: "sig" | "enc" | undefined | undefined;
337
- key_ops?: ("sign" | "verify" | "encrypt" | "decrypt" | "wrapKey" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined | undefined;
338
- x5c?: string[] | undefined | undefined;
339
- x5t?: string | undefined | undefined;
340
- 'x5t#S256'?: string | undefined | undefined;
341
- x5u?: string | undefined | undefined;
342
- }>>;
5
+ static generate(allowedAlgos?: string[], kid?: string, options?: GenerateKeyPairOptions): Promise<WebcryptoKey>;
6
+ static fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string): Promise<WebcryptoKey>;
343
7
  constructor(jwk: Readonly<J>, cryptoKeyPair: CryptoKeyPair);
344
8
  get isPrivate(): boolean;
345
- get privateJwk(): Readonly<J> | undefined;
346
9
  protected getKeyObj(alg: string): Promise<CryptoKey>;
347
10
  }
348
11
  //# sourceMappingURL=webcrypto-key.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAInE,eAAO,MAAM,gBAAgB;SAkFuiW,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;SAA44B,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAiE,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;OAAS,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;QAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;WAAa,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,UAAU;SAAa,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAAwC,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAA8uB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;;;;;;;;;;;;;;;;;;;;SAAotB,CAAC;SAA+B,CAAC;SAA+B,CAAC;;SAA2C,CAAC;SAA+B,CAAC;SAA+B,CAAC;;;SAA+F,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAwC,EAAG,OAAO;OAAqC,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAAkmC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAgB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAuB,EAAG,OAAO;OAAuB,EAAG,SAAS;OAAQ,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA4hC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;SAAsB,EAAG,OAAO;OAA8B,EAAG,SAAS;OAAQ,EAAG,WAAW,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAA8gC,EAAG,SAAS;SAAU,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,UAAU;SAAW,EAAG,WAAW,CAAC,EAAE,OAAO;aAA+B,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;SAAiH,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;SAAoB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,SAAS;SAAW,EAAG,WAAW,CAAC,EAAE,SAAS;;SAAgB,EAAG,UAAU;SAAiB,EAAG,WAAW,CAAC,EAAE,OAAO;OAAsC,EAAG,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA/E13qB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,qBAAa,YAAY,CACvB,CAAC,SAAS,UAAU,GAAG,UAAU,CACjC,SAAQ,OAAO,CAAC,CAAC,CAAC;IAoDhB,QAAQ,CAAC,aAAa,EAAE,aAAa;WAjDjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;WAYrB,WAAW,CAAC,aAAa,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,MAAM;;;;;;;;;;;;gBAiCjE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAKvC,IAAI,SAAS,YAEZ;IAED,IAAI,UAAU,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAGxC;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
1
+ {"version":3,"file":"webcrypto-key.d.ts","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAuB,MAAM,cAAc,CAAA;AACvD,OAAO,EAAE,sBAAsB,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAA;AAGnE,qBAAa,YAAY,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,SAAQ,OAAO,CAAC,CAAC,CAAC;IAwC7D,QAAQ,CAAC,aAAa,EAAE,aAAa;WArCjB,QAAQ,CAC5B,YAAY,GAAE,MAAM,EAAc,EAClC,GAAG,GAAE,MAA4B,EACjC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,YAAY,CAAC;WAWX,WAAW,CACtB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,YAAY,CAAC;gBAkBtB,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,EACP,aAAa,EAAE,aAAa;IAQvC,IAAI,SAAS,YAEZ;cAEwB,SAAS,CAAC,GAAG,EAAE,MAAM;CAM/C"}
@@ -1,12 +1,9 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.WebcryptoKey = exports.jwkWithAlgSchema = void 0;
4
- const zod_1 = require("zod");
3
+ exports.WebcryptoKey = void 0;
5
4
  const jwk_1 = require("@atproto/jwk");
6
5
  const jwk_jose_1 = require("@atproto/jwk-jose");
7
6
  const util_js_1 = require("./util.js");
8
- // Webcrypto keys are bound to a single algorithm
9
- exports.jwkWithAlgSchema = zod_1.z.intersection(jwk_1.jwkSchema, zod_1.z.object({ alg: zod_1.z.string() }));
10
7
  class WebcryptoKey extends jwk_jose_1.JoseKey {
11
8
  // We need to override the static method generate from JoseKey because
12
9
  // the browser needs both the private and public keys
@@ -19,22 +16,15 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
19
16
  return this.fromKeypair(keyPair, kid);
20
17
  }
21
18
  static async fromKeypair(cryptoKeyPair, kid) {
22
- // https://datatracker.ietf.org/doc/html/rfc7517
23
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
24
- // > Applications should specify which of these members they use.
25
- const { key_ops, use, alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
19
+ const { alg = (0, util_js_1.fromSubtleAlgorithm)(cryptoKeyPair.privateKey.algorithm), ...jwk } = await crypto.subtle.exportKey('jwk', cryptoKeyPair.privateKey.extractable
26
20
  ? cryptoKeyPair.privateKey
27
21
  : cryptoKeyPair.publicKey);
28
- if (use && use !== 'sig') {
29
- throw new TypeError(`Unsupported JWK use "${use}"`);
30
- }
31
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
32
- // Make sure that "key_ops", if present, is compatible with "use"
33
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`);
34
- }
35
- return new WebcryptoKey(exports.jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }), cryptoKeyPair);
22
+ return new WebcryptoKey(jwk_1.jwkSchema.parse({ ...jwk, kid, alg }), cryptoKeyPair);
36
23
  }
37
24
  constructor(jwk, cryptoKeyPair) {
25
+ // Webcrypto keys are bound to a single algorithm
26
+ if (!jwk.alg)
27
+ throw new jwk_1.JwkError('JWK "alg" is required for Webcrypto keys');
38
28
  super(jwk);
39
29
  Object.defineProperty(this, "cryptoKeyPair", {
40
30
  enumerable: true,
@@ -46,11 +36,6 @@ class WebcryptoKey extends jwk_jose_1.JoseKey {
46
36
  get isPrivate() {
47
37
  return true;
48
38
  }
49
- get privateJwk() {
50
- if (super.isPrivate)
51
- return this.jwk;
52
- throw new Error('Private Webcrypto Key not exportable');
53
- }
54
39
  async getKeyObj(alg) {
55
40
  if (this.jwk.alg !== alg) {
56
41
  throw new jwk_1.JwkError(`Key cannot be used with algorithm "${alg}"`);
@@ -1 +1 @@
1
- {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sCAAkD;AAClD,gDAAmE;AACnE,uCAAgE;AAEhE,iDAAiD;AACpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,YAAY,CAC5C,eAAS,EACT,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAC9B,CAAA;AAID,MAAa,YAEX,SAAQ,kBAAU;IAClB,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,aAA4B,EAAE,GAAY;QACjE,gDAAgD;QAChD,2EAA2E;QAC3E,iEAAiE;QAEjE,MAAM,EACJ,OAAO,EACP,GAAG,EACH,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,IAAI,GAAG,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,SAAS,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAA;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACpE,iEAAiE;YACjE,MAAM,IAAI,SAAS,CAAC,oBAAoB,OAAO,iBAAiB,CAAC,CAAA;QACnE,CAAC;QAED,OAAO,IAAI,YAAY,CACrB,wBAAgB,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EACxD,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,KAAK,CAAC,GAAG,CAAC,CAAA;QAFV;;;;mBAAS,aAAa;WAAe;IAGvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,KAAK,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,GAAG,CAAA;QACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1ED,oCA0EC"}
1
+ {"version":3,"file":"webcrypto-key.js","sourceRoot":"","sources":["../src/webcrypto-key.ts"],"names":[],"mappings":";;;AAAA,sCAAuD;AACvD,gDAAmE;AACnE,uCAAgE;AAEhE,MAAa,YAAkC,SAAQ,kBAAU;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,MAAM,CAAU,KAAK,CAAC,QAAQ,CAC5B,eAAyB,CAAC,OAAO,CAAC,EAClC,MAAc,MAAM,CAAC,UAAU,EAAE,EACjC,OAAgC;QAEhC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,CAAA;QAEjE,4EAA4E;QAC5E,IAAI,CAAC,IAAA,yBAAe,EAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,aAA4B,EAC5B,GAAY;QAEZ,MAAM,EACJ,GAAG,GAAG,IAAA,6BAAmB,EAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAC7D,GAAG,GAAG,EACP,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC/B,KAAK,EACL,aAAa,CAAC,UAAU,CAAC,WAAW;YAClC,CAAC,CAAC,aAAa,CAAC,UAAU;YAC1B,CAAC,CAAC,aAAa,CAAC,SAAS,CAC5B,CAAA;QAED,OAAO,IAAI,YAAY,CACrB,eAAS,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EACrC,aAAa,CACd,CAAA;IACH,CAAC;IAED,YACE,GAAgB,EACP,aAA4B;QAErC,iDAAiD;QACjD,IAAI,CAAC,GAAG,CAAC,GAAG;YAAE,MAAM,IAAI,cAAQ,CAAC,0CAA0C,CAAC,CAAA;QAE5E,KAAK,CAAC,GAAG,CAAC,CAAA;QALV;;;;mBAAS,aAAa;WAAe;IAMvC,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAA;IACb,CAAC;IAEkB,KAAK,CAAC,SAAS,CAAC,GAAW;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACzB,MAAM,IAAI,cAAQ,CAAC,sCAAsC,GAAG,GAAG,CAAC,CAAA;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAA;IACtC,CAAC;CACF;AA1DD,oCA0DC","sourcesContent":["import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'\nimport { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'\nimport { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'\n\nexport class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {\n // We need to override the static method generate from JoseKey because\n // the browser needs both the private and public keys\n static override async generate(\n allowedAlgos: string[] = ['ES256'],\n kid: string = crypto.randomUUID(),\n options?: GenerateKeyPairOptions,\n ): Promise<WebcryptoKey> {\n const keyPair = await this.generateKeyPair(allowedAlgos, options)\n\n // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair\n if (!isCryptoKeyPair(keyPair)) {\n throw new TypeError('Invalid CryptoKeyPair')\n }\n\n return this.fromKeypair(keyPair, kid)\n }\n\n static async fromKeypair(\n cryptoKeyPair: CryptoKeyPair,\n kid?: string,\n ): Promise<WebcryptoKey> {\n const {\n alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),\n ...jwk\n } = await crypto.subtle.exportKey(\n 'jwk',\n cryptoKeyPair.privateKey.extractable\n ? cryptoKeyPair.privateKey\n : cryptoKeyPair.publicKey,\n )\n\n return new WebcryptoKey<Jwk>(\n jwkSchema.parse({ ...jwk, kid, alg }),\n cryptoKeyPair,\n )\n }\n\n constructor(\n jwk: Readonly<J>,\n readonly cryptoKeyPair: CryptoKeyPair,\n ) {\n // Webcrypto keys are bound to a single algorithm\n if (!jwk.alg) throw new JwkError('JWK \"alg\" is required for Webcrypto keys')\n\n super(jwk)\n }\n\n get isPrivate() {\n return true\n }\n\n protected override async getKeyObj(alg: string) {\n if (this.jwk.alg !== alg) {\n throw new JwkError(`Key cannot be used with algorithm \"${alg}\"`)\n }\n return this.cryptoKeyPair.privateKey\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@atproto/jwk-webcrypto",
3
- "version": "0.1.9",
3
+ "version": "0.2.0",
4
4
  "license": "MIT",
5
5
  "description": "Webcrypto based implementation of @atproto/jwk Key's",
6
6
  "keywords": [
@@ -25,8 +25,8 @@
25
25
  },
26
26
  "dependencies": {
27
27
  "zod": "^3.23.8",
28
- "@atproto/jwk": "0.4.0",
29
- "@atproto/jwk-jose": "0.1.9"
28
+ "@atproto/jwk": "0.6.0",
29
+ "@atproto/jwk-jose": "0.1.11"
30
30
  },
31
31
  "devDependencies": {
32
32
  "typescript": "^5.6.3"
@@ -1,26 +1,15 @@
1
- import { z } from 'zod'
2
- import { JwkError, jwkSchema } from '@atproto/jwk'
1
+ import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
3
2
  import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
4
3
  import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
5
4
 
6
- // Webcrypto keys are bound to a single algorithm
7
- export const jwkWithAlgSchema = z.intersection(
8
- jwkSchema,
9
- z.object({ alg: z.string() }),
10
- )
11
-
12
- export type JwkWithAlg = z.infer<typeof jwkWithAlgSchema>
13
-
14
- export class WebcryptoKey<
15
- J extends JwkWithAlg = JwkWithAlg,
16
- > extends JoseKey<J> {
5
+ export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
17
6
  // We need to override the static method generate from JoseKey because
18
7
  // the browser needs both the private and public keys
19
8
  static override async generate(
20
9
  allowedAlgos: string[] = ['ES256'],
21
10
  kid: string = crypto.randomUUID(),
22
11
  options?: GenerateKeyPairOptions,
23
- ) {
12
+ ): Promise<WebcryptoKey> {
24
13
  const keyPair = await this.generateKeyPair(allowedAlgos, options)
25
14
 
26
15
  // Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
@@ -31,14 +20,11 @@ export class WebcryptoKey<
31
20
  return this.fromKeypair(keyPair, kid)
32
21
  }
33
22
 
34
- static async fromKeypair(cryptoKeyPair: CryptoKeyPair, kid?: string) {
35
- // https://datatracker.ietf.org/doc/html/rfc7517
36
- // > The "use" and "key_ops" JWK members SHOULD NOT be used together; [...]
37
- // > Applications should specify which of these members they use.
38
-
23
+ static async fromKeypair(
24
+ cryptoKeyPair: CryptoKeyPair,
25
+ kid?: string,
26
+ ): Promise<WebcryptoKey> {
39
27
  const {
40
- key_ops,
41
- use,
42
28
  alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
43
29
  ...jwk
44
30
  } = await crypto.subtle.exportKey(
@@ -48,17 +34,8 @@ export class WebcryptoKey<
48
34
  : cryptoKeyPair.publicKey,
49
35
  )
50
36
 
51
- if (use && use !== 'sig') {
52
- throw new TypeError(`Unsupported JWK use "${use}"`)
53
- }
54
-
55
- if (key_ops && !key_ops.some((o) => o === 'sign' || o === 'verify')) {
56
- // Make sure that "key_ops", if present, is compatible with "use"
57
- throw new TypeError(`Invalid key_ops "${key_ops}" for "sig" use`)
58
- }
59
-
60
- return new WebcryptoKey(
61
- jwkWithAlgSchema.parse({ ...jwk, kid, alg, use: 'sig' }),
37
+ return new WebcryptoKey<Jwk>(
38
+ jwkSchema.parse({ ...jwk, kid, alg }),
62
39
  cryptoKeyPair,
63
40
  )
64
41
  }
@@ -67,6 +44,9 @@ export class WebcryptoKey<
67
44
  jwk: Readonly<J>,
68
45
  readonly cryptoKeyPair: CryptoKeyPair,
69
46
  ) {
47
+ // Webcrypto keys are bound to a single algorithm
48
+ if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
49
+
70
50
  super(jwk)
71
51
  }
72
52
 
@@ -74,11 +54,6 @@ export class WebcryptoKey<
74
54
  return true
75
55
  }
76
56
 
77
- get privateJwk(): Readonly<J> | undefined {
78
- if (super.isPrivate) return this.jwk
79
- throw new Error('Private Webcrypto Key not exportable')
80
- }
81
-
82
57
  protected override async getKeyObj(alg: string) {
83
58
  if (this.jwk.alg !== alg) {
84
59
  throw new JwkError(`Key cannot be used with algorithm "${alg}"`)