@atproto/jwk-webcrypto 0.3.1 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +22 -0
- package/package.json +10 -7
- package/src/index.ts +0 -1
- package/src/util.ts +0 -122
- package/src/webcrypto-key.ts +0 -63
- package/tsconfig.build.json +0 -8
- package/tsconfig.build.tsbuildinfo +0 -1
- package/tsconfig.json +0 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,27 @@
|
|
|
1
1
|
# @atproto/jwk-webcrypto
|
|
2
2
|
|
|
3
|
+
## 0.3.3
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#5099](https://github.com/bluesky-social/atproto/pull/5099) [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update TypeScript build to rely on references to composite internal projects
|
|
8
|
+
|
|
9
|
+
- [#5099](https://github.com/bluesky-social/atproto/pull/5099) [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Bundle only necessary files in the NPM tarball, including the `CHANGELOG.md` and `README.md` files (if present).
|
|
10
|
+
|
|
11
|
+
- Updated dependencies [[`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07), [`b43ec31`](https://github.com/bluesky-social/atproto/commit/b43ec31f247f4461725b01226885f88bd430ca07)]:
|
|
12
|
+
- @atproto/jwk-jose@0.2.3
|
|
13
|
+
- @atproto/jwk@0.7.3
|
|
14
|
+
|
|
15
|
+
## 0.3.2
|
|
16
|
+
|
|
17
|
+
### Patch Changes
|
|
18
|
+
|
|
19
|
+
- [#5151](https://github.com/bluesky-social/atproto/pull/5151) [`a51c45d`](https://github.com/bluesky-social/atproto/commit/a51c45d38f6bd7b8765f640e564cf921d52162e7) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update dependencies
|
|
20
|
+
|
|
21
|
+
- Updated dependencies [[`a51c45d`](https://github.com/bluesky-social/atproto/commit/a51c45d38f6bd7b8765f640e564cf921d52162e7)]:
|
|
22
|
+
- @atproto/jwk@0.7.2
|
|
23
|
+
- @atproto/jwk-jose@0.2.2
|
|
24
|
+
|
|
3
25
|
## 0.3.1
|
|
4
26
|
|
|
5
27
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/jwk-webcrypto",
|
|
3
|
-
"version": "0.3.
|
|
4
|
-
"engines": {
|
|
5
|
-
"node": ">=22"
|
|
6
|
-
},
|
|
3
|
+
"version": "0.3.3",
|
|
7
4
|
"license": "MIT",
|
|
8
5
|
"description": "Webcrypto based implementation of @atproto/jwk Key's",
|
|
9
6
|
"keywords": [
|
|
@@ -17,6 +14,10 @@
|
|
|
17
14
|
"url": "https://github.com/bluesky-social/atproto",
|
|
18
15
|
"directory": "packages/oauth/jwk-webcrypto"
|
|
19
16
|
},
|
|
17
|
+
"files": [
|
|
18
|
+
"./dist",
|
|
19
|
+
"./CHANGELOG.md"
|
|
20
|
+
],
|
|
20
21
|
"type": "module",
|
|
21
22
|
"exports": {
|
|
22
23
|
".": {
|
|
@@ -24,12 +25,14 @@
|
|
|
24
25
|
"default": "./dist/index.js"
|
|
25
26
|
}
|
|
26
27
|
},
|
|
28
|
+
"engines": {
|
|
29
|
+
"node": ">=22"
|
|
30
|
+
},
|
|
27
31
|
"dependencies": {
|
|
28
32
|
"zod": "^3.23.8",
|
|
29
|
-
"@atproto/jwk": "^0.7.
|
|
30
|
-
"@atproto/jwk-jose": "^0.2.
|
|
33
|
+
"@atproto/jwk": "^0.7.3",
|
|
34
|
+
"@atproto/jwk-jose": "^0.2.3"
|
|
31
35
|
},
|
|
32
|
-
"devDependencies": {},
|
|
33
36
|
"scripts": {
|
|
34
37
|
"build": "tsgo --build tsconfig.build.json"
|
|
35
38
|
}
|
package/src/index.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export * from './webcrypto-key.js'
|
package/src/util.ts
DELETED
|
@@ -1,122 +0,0 @@
|
|
|
1
|
-
export type JWSAlgorithm =
|
|
2
|
-
// HMAC
|
|
3
|
-
| 'HS256'
|
|
4
|
-
| 'HS384'
|
|
5
|
-
| 'HS512'
|
|
6
|
-
// RSA
|
|
7
|
-
| 'PS256'
|
|
8
|
-
| 'PS384'
|
|
9
|
-
| 'PS512'
|
|
10
|
-
| 'RS256'
|
|
11
|
-
| 'RS384'
|
|
12
|
-
| 'RS512'
|
|
13
|
-
// EC
|
|
14
|
-
| 'ES256'
|
|
15
|
-
| 'ES256K'
|
|
16
|
-
| 'ES384'
|
|
17
|
-
| 'ES512'
|
|
18
|
-
// OKP
|
|
19
|
-
| 'EdDSA'
|
|
20
|
-
|
|
21
|
-
export type SubtleAlgorithm = RsaHashedKeyGenParams | EcKeyGenParams
|
|
22
|
-
|
|
23
|
-
export function toSubtleAlgorithm(
|
|
24
|
-
alg: string,
|
|
25
|
-
crv?: string,
|
|
26
|
-
options?: { modulusLength?: number },
|
|
27
|
-
): SubtleAlgorithm {
|
|
28
|
-
switch (alg) {
|
|
29
|
-
case 'PS256':
|
|
30
|
-
case 'PS384':
|
|
31
|
-
case 'PS512':
|
|
32
|
-
return {
|
|
33
|
-
name: 'RSA-PSS',
|
|
34
|
-
hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,
|
|
35
|
-
modulusLength: options?.modulusLength ?? 2048,
|
|
36
|
-
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
|
|
37
|
-
}
|
|
38
|
-
case 'RS256':
|
|
39
|
-
case 'RS384':
|
|
40
|
-
case 'RS512':
|
|
41
|
-
return {
|
|
42
|
-
name: 'RSASSA-PKCS1-v1_5',
|
|
43
|
-
hash: `SHA-${alg.slice(-3) as '256' | '384' | '512'}`,
|
|
44
|
-
modulusLength: options?.modulusLength ?? 2048,
|
|
45
|
-
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
|
|
46
|
-
}
|
|
47
|
-
case 'ES256':
|
|
48
|
-
case 'ES384':
|
|
49
|
-
return {
|
|
50
|
-
name: 'ECDSA',
|
|
51
|
-
namedCurve: `P-${alg.slice(-3) as '256' | '384'}`,
|
|
52
|
-
}
|
|
53
|
-
case 'ES512':
|
|
54
|
-
return {
|
|
55
|
-
name: 'ECDSA',
|
|
56
|
-
namedCurve: 'P-521',
|
|
57
|
-
}
|
|
58
|
-
default:
|
|
59
|
-
// https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773
|
|
60
|
-
|
|
61
|
-
throw new TypeError(`Unsupported alg "${alg}"`)
|
|
62
|
-
}
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
export function fromSubtleAlgorithm(algorithm: KeyAlgorithm): JWSAlgorithm {
|
|
66
|
-
switch (algorithm.name) {
|
|
67
|
-
case 'RSA-PSS':
|
|
68
|
-
case 'RSASSA-PKCS1-v1_5': {
|
|
69
|
-
const hash = (<RsaHashedKeyAlgorithm>algorithm).hash.name
|
|
70
|
-
switch (hash) {
|
|
71
|
-
case 'SHA-256':
|
|
72
|
-
case 'SHA-384':
|
|
73
|
-
case 'SHA-512': {
|
|
74
|
-
const prefix = algorithm.name === 'RSA-PSS' ? 'PS' : 'RS'
|
|
75
|
-
return `${prefix}${hash.slice(-3) as '256' | '384' | '512'}`
|
|
76
|
-
}
|
|
77
|
-
default:
|
|
78
|
-
throw new TypeError('unsupported RsaHashedKeyAlgorithm hash')
|
|
79
|
-
}
|
|
80
|
-
}
|
|
81
|
-
case 'ECDSA': {
|
|
82
|
-
const namedCurve = (<EcKeyAlgorithm>algorithm).namedCurve
|
|
83
|
-
switch (namedCurve) {
|
|
84
|
-
case 'P-256':
|
|
85
|
-
case 'P-384':
|
|
86
|
-
case 'P-512':
|
|
87
|
-
return `ES${namedCurve.slice(-3) as '256' | '384' | '512'}`
|
|
88
|
-
case 'P-521':
|
|
89
|
-
return 'ES512'
|
|
90
|
-
default:
|
|
91
|
-
throw new TypeError('unsupported EcKeyAlgorithm namedCurve')
|
|
92
|
-
}
|
|
93
|
-
}
|
|
94
|
-
case 'Ed448':
|
|
95
|
-
case 'Ed25519':
|
|
96
|
-
return 'EdDSA'
|
|
97
|
-
default:
|
|
98
|
-
// https://github.com/w3c/webcrypto/issues/82#issuecomment-849856773
|
|
99
|
-
|
|
100
|
-
throw new TypeError(`Unexpected algorithm "${algorithm.name}"`)
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
export function isCryptoKeyPair(
|
|
105
|
-
v: unknown,
|
|
106
|
-
extractable?: boolean,
|
|
107
|
-
): v is CryptoKeyPair {
|
|
108
|
-
return (
|
|
109
|
-
typeof v === 'object' &&
|
|
110
|
-
v !== null &&
|
|
111
|
-
'privateKey' in v &&
|
|
112
|
-
v.privateKey instanceof CryptoKey &&
|
|
113
|
-
v.privateKey.type === 'private' &&
|
|
114
|
-
(extractable == null || v.privateKey.extractable === extractable) &&
|
|
115
|
-
v.privateKey.usages.includes('sign') &&
|
|
116
|
-
'publicKey' in v &&
|
|
117
|
-
v.publicKey instanceof CryptoKey &&
|
|
118
|
-
v.publicKey.type === 'public' &&
|
|
119
|
-
v.publicKey.extractable === true &&
|
|
120
|
-
v.publicKey.usages.includes('verify')
|
|
121
|
-
)
|
|
122
|
-
}
|
package/src/webcrypto-key.ts
DELETED
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
import { Jwk, JwkError, jwkSchema } from '@atproto/jwk'
|
|
2
|
-
import { GenerateKeyPairOptions, JoseKey } from '@atproto/jwk-jose'
|
|
3
|
-
import { fromSubtleAlgorithm, isCryptoKeyPair } from './util.js'
|
|
4
|
-
|
|
5
|
-
export class WebcryptoKey<J extends Jwk = Jwk> extends JoseKey<J> {
|
|
6
|
-
// We need to override the static method generate from JoseKey because
|
|
7
|
-
// the browser needs both the private and public keys
|
|
8
|
-
static override async generate(
|
|
9
|
-
allowedAlgos: string[] = ['ES256'],
|
|
10
|
-
kid: string = crypto.randomUUID(),
|
|
11
|
-
options?: GenerateKeyPairOptions,
|
|
12
|
-
): Promise<WebcryptoKey> {
|
|
13
|
-
const keyPair = await this.generateKeyPair(allowedAlgos, options)
|
|
14
|
-
|
|
15
|
-
// Type safety only: in the browser, 'jose' always generates a CryptoKeyPair
|
|
16
|
-
if (!isCryptoKeyPair(keyPair)) {
|
|
17
|
-
throw new TypeError('Invalid CryptoKeyPair')
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
return this.fromKeypair(keyPair, kid)
|
|
21
|
-
}
|
|
22
|
-
|
|
23
|
-
static async fromKeypair(
|
|
24
|
-
cryptoKeyPair: CryptoKeyPair,
|
|
25
|
-
kid?: string,
|
|
26
|
-
): Promise<WebcryptoKey> {
|
|
27
|
-
const {
|
|
28
|
-
alg = fromSubtleAlgorithm(cryptoKeyPair.privateKey.algorithm),
|
|
29
|
-
...jwk
|
|
30
|
-
} = await crypto.subtle.exportKey(
|
|
31
|
-
'jwk',
|
|
32
|
-
cryptoKeyPair.privateKey.extractable
|
|
33
|
-
? cryptoKeyPair.privateKey
|
|
34
|
-
: cryptoKeyPair.publicKey,
|
|
35
|
-
)
|
|
36
|
-
|
|
37
|
-
return new WebcryptoKey<Jwk>(
|
|
38
|
-
jwkSchema.parse({ ...jwk, kid, alg }),
|
|
39
|
-
cryptoKeyPair,
|
|
40
|
-
)
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
constructor(
|
|
44
|
-
jwk: Readonly<J>,
|
|
45
|
-
readonly cryptoKeyPair: CryptoKeyPair,
|
|
46
|
-
) {
|
|
47
|
-
// Webcrypto keys are bound to a single algorithm
|
|
48
|
-
if (!jwk.alg) throw new JwkError('JWK "alg" is required for Webcrypto keys')
|
|
49
|
-
|
|
50
|
-
super(jwk)
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
get isPrivate() {
|
|
54
|
-
return true
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
protected override async getKeyObj(alg: string) {
|
|
58
|
-
if (this.jwk.alg !== alg) {
|
|
59
|
-
throw new JwkError(`Key cannot be used with algorithm "${alg}"`)
|
|
60
|
-
}
|
|
61
|
-
return this.cryptoKeyPair.privateKey
|
|
62
|
-
}
|
|
63
|
-
}
|
package/tsconfig.build.json
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":"7.0.0-dev.20260614.1","root":["./src/index.ts","./src/util.ts","./src/webcrypto-key.ts"]}
|
package/tsconfig.json
DELETED