npm - @credo-ts/core - Versions diffs - 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534 - Mend

@credo-ts/core 0.6.0-pr-2392-20251010173905 → 0.6.0-pr-2457-20251016083534

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (985) hide show

package/build/crypto/JwsService.mjs CHANGED Viewed

@@ -5,18 +5,18 @@ import "../error/index.mjs";
 import { injectable } from "../plugins/index.mjs";
 import { __decorate } from "../_virtual/_@oxc-project_runtime@0.94.0/helpers/decorate.mjs";
 import { KeyManagementError } from "../modules/kms/error/KeyManagementError.mjs";
-import { isKnownJwaSignatureAlgorithm } from "../modules/kms/jwk/jwa.mjs";
 import { TypedArrayEncoder } from "../utils/TypedArrayEncoder.mjs";
 import { JsonEncoder } from "../utils/JsonEncoder.mjs";
 import "../utils/index.mjs";
 import { getJwkHumanDescription } from "../modules/kms/jwk/humanDescription.mjs";
-import { assertJwkAsymmetric } from "../modules/kms/jwk/knownJwk.mjs";
 import { assymetricPublicJwkMatches } from "../modules/kms/jwk/equals.mjs";
+import { isKnownJwaSignatureAlgorithm } from "../modules/kms/jwk/jwa.mjs";
+import { assertJwkAsymmetric } from "../modules/kms/jwk/knownJwk.mjs";
 import { PublicJwk } from "../modules/kms/jwk/PublicJwk.mjs";
 import { KeyManagementApi } from "../modules/kms/KeyManagementApi.mjs";
 import "../modules/kms/index.mjs";
-import { X509Service } from "../modules/x509/X509Service.mjs";
 import { X509ModuleConfig } from "../modules/x509/X509ModuleConfig.mjs";
+import { X509Service } from "../modules/x509/X509Service.mjs";
 import "../modules/x509/index.mjs";
 import { isJsonObject } from "../types.mjs";
 import { JWS_COMPACT_FORMAT_MATCHER } from "./JwsTypes.mjs";

package/build/crypto/JwsService.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"JwsService.mjs","names":["JwsService","signatures: JwsDetachedFormat[]","payload: string","jwsSigners: JwsSignerWithJwk[]","jws"],"sources":["../../src/crypto/JwsService.ts"],"sourcesContent":["import type { AgentContext } from '../agent'\nimport type {\n Jws,\n JwsDetachedFormat,\n JwsFlattenedFormat,\n JwsGeneralFormat,\n JwsProtectedHeaderOptions,\n} from './JwsTypes'\n\nimport { CredoError } from '../error'\nimport { type EncodedX509Certificate, X509ModuleConfig } from '../modules/x509'\nimport { injectable } from '../plugins'\nimport { Buffer, JsonEncoder, TypedArrayEncoder } from '../utils'\n\nimport {\n KeyManagementApi,\n KeyManagementError,\n type KnownJwaSignatureAlgorithm,\n PublicJwk,\n assertJwkAsymmetric,\n assymetricPublicJwkMatches,\n getJwkHumanDescription,\n} from '../modules/kms'\nimport { isKnownJwaSignatureAlgorithm } from '../modules/kms/jwk/jwa'\nimport { isJsonObject } from '../types'\nimport { X509Service } from './../modules/x509/X509Service'\nimport type { JwsSigner, JwsSignerWithJwk } from './JwsSigner'\nimport { JWS_COMPACT_FORMAT_MATCHER } from './JwsTypes'\nimport { JwtPayload } from './jose/jwt'\n\n@injectable()\nexport class JwsService {\n private async createJwsBase(agentContext: AgentContext, options: CreateJwsBaseOptions) {\n const { jwk, alg, x5c } = options.protectedHeaderOptions\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const key = await kms.getPublicKey({ keyId: options.keyId })\n assertJwkAsymmetric(key)\n\n const publicJwk = PublicJwk.fromPublicJwk(key)\n\n // Make sure the options.x5c and x5c from protectedHeader are the same.\n if (x5c) {\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: x5c,\n })\n\n if (!assymetricPublicJwkMatches(certificate.publicJwk.toJson(), key)) {\n throw new CredoError('Protected header x5c does not match key for signing.')\n }\n }\n\n const jwkInstance = jwk instanceof PublicJwk ? jwk : jwk ? PublicJwk.fromUnknown(jwk) : undefined\n // Make sure the options.key and jwk from protectedHeader are the same.\n if (jwkInstance && !assymetricPublicJwkMatches(jwkInstance.toJson(), key)) {\n throw new CredoError('Protected header JWK does not match key for signing.')\n }\n\n // Validate the options.key used for signing against the jws options\n if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) {\n throw new CredoError(\n `alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypehumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(\n ', '\n )}`\n )\n }\n\n const payload =\n options.payload instanceof JwtPayload ? JsonEncoder.toBuffer(options.payload.toJson()) : options.payload\n\n const base64Payload = TypedArrayEncoder.toBase64URL(payload)\n const base64UrlProtectedHeader = JsonEncoder.toBase64URL(this.buildProtected(options.protectedHeaderOptions))\n\n const signResult = await kms.sign({\n algorithm: alg,\n data: TypedArrayEncoder.fromString(`${base64UrlProtectedHeader}.${base64Payload}`),\n keyId: options.keyId,\n })\n const signature = TypedArrayEncoder.toBase64URL(signResult.signature)\n\n return {\n base64Payload,\n base64UrlProtectedHeader,\n signature,\n }\n }\n\n public async createJws(\n agentContext: AgentContext,\n { payload, keyId, header, protectedHeaderOptions }: CreateJwsOptions\n ): Promise<JwsGeneralFormat> {\n const { base64UrlProtectedHeader, signature, base64Payload } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n\n return {\n protected: base64UrlProtectedHeader,\n signature,\n header,\n payload: base64Payload,\n }\n }\n\n /*\n @see {@link https://www.rfc-editor.org/rfc/rfc7515#section-3.1}\n * /\n public async createJwsCompact(\n agentContext: AgentContext,\n { payload, keyId, protectedHeaderOptions }: CreateCompactJwsOptions\n ): Promise<string> {\n const { base64Payload, base64UrlProtectedHeader, signature } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n return `${base64UrlProtectedHeader}.${base64Payload}.${signature}`\n }\n\n /\n Verify a JWS\n /\n public async verifyJws(\n agentContext: AgentContext,\n {\n jws,\n resolveJwsSigner,\n trustedCertificates,\n jwsSigner: expectedJwsSigner,\n allowedJwsSignerMethods = ['did', 'jwk', 'x5c'],\n }: VerifyJwsOptions\n ): Promise<VerifyJwsResult> {\n let signatures: JwsDetachedFormat[] = []\n let payload: string\n\n if (expectedJwsSigner && !allowedJwsSignerMethods.includes(expectedJwsSigner.method)) {\n throw new CredoError(\n `jwsSigner provided with method '${\n expectedJwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n if (typeof jws === 'string') {\n if (!JWS_COMPACT_FORMAT_MATCHER.test(jws)) throw new CredoError(`Invalid JWS compact format for value '${jws}'.`)\n\n const [protectedHeader, _payload, signature] = jws.split('.')\n\n payload = _payload\n signatures.push({\n header: {},\n protected: protectedHeader,\n signature,\n })\n } else if ('signatures' in jws) {\n signatures = jws.signatures\n payload = jws.payload\n } else {\n signatures.push(jws)\n payload = jws.payload\n }\n\n if (signatures.length === 0) {\n throw new CredoError('Unable to verify JWS, no signatures present in JWS.')\n }\n\n const jwsFlattened = {\n signatures,\n payload,\n } satisfies JwsFlattenedFormat\n\n const jwsSigners: JwsSignerWithJwk[] = []\n for (const jws of signatures) {\n const protectedJson = JsonEncoder.fromBase64(jws.protected)\n\n if (!isJsonObject(protectedJson)) {\n throw new CredoError('Unable to verify JWS, protected header is not a valid JSON object.')\n }\n\n if (!protectedJson.alg \|\| typeof protectedJson.alg !== 'string') {\n throw new CredoError('Unable to verify JWS, protected header alg is not provided or not a string.')\n }\n\n const jwsSigner =\n expectedJwsSigner ??\n (await this.jwsSignerFromJws(agentContext, {\n jws,\n payload,\n protectedHeader: {\n ...protectedJson,\n alg: protectedJson.alg,\n },\n allowedJwsSignerMethods,\n resolveJwsSigner,\n }))\n\n await this.verifyJwsSigner(agentContext, {\n jwsSigner,\n trustedCertificates,\n })\n\n if (!jwsSigner.jwk.supportedSignatureAlgorithms.includes(protectedJson.alg as KnownJwaSignatureAlgorithm)) {\n throw new CredoError(\n `alg '${protectedJson.alg}' is not a valid JWA signature algorithm for this jwk ${getJwkHumanDescription(jwsSigner.jwk.toJson())}. Supported algorithms are ${jwsSigner.jwk.supportedSignatureAlgorithms.join(', ')}`\n )\n }\n\n const data = TypedArrayEncoder.fromString(`${jws.protected}.${payload}`)\n const signature = TypedArrayEncoder.fromBase64(jws.signature)\n jwsSigners.push(jwsSigner)\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n try {\n const { verified } = await kms.verify({\n key: {\n publicJwk: jwsSigner.jwk.toJson(),\n },\n data,\n signature,\n algorithm: protectedJson.alg as KnownJwaSignatureAlgorithm,\n })\n\n if (!verified) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n } catch (error) {\n // WalletError probably means signature verification failed. Would be useful to add\n // more specific error type in kms.verify method\n if (error instanceof KeyManagementError) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n\n throw error\n }\n }\n\n return { isValid: true, jwsSigners, jws: jwsFlattened }\n }\n\n private buildProtected(options: JwsProtectedHeaderOptions) {\n return {\n ...options,\n alg: options.alg,\n jwk: options.jwk instanceof PublicJwk ? options.jwk.toJson() : options.jwk,\n kid: options.kid,\n }\n }\n\n private async verifyJwsSigner(\n agentContext: AgentContext,\n options: {\n jwsSigner: JwsSignerWithJwk\n trustedCertificates?: EncodedX509Certificate[]\n }\n ) {\n const { jwsSigner } = options\n\n if (jwsSigner.method === 'x5c') {\n const trustedCertificatesFromConfig =\n agentContext.dependencyManager.resolve(X509ModuleConfig).trustedCertificates ?? []\n const trustedCertificates = options.trustedCertificates ?? trustedCertificatesFromConfig\n if (trustedCertificates.length === 0) {\n throw new CredoError(\n `trustedCertificates is required when the JWS protected header contains an 'x5c' property.`\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: jwsSigner.x5c,\n trustedCertificates,\n })\n }\n }\n\n private async jwsSignerFromJws(\n agentContext: AgentContext,\n options: {\n jws: JwsDetachedFormat\n allowedJwsSignerMethods: JwsSigner['method'][]\n protectedHeader: { alg: string; [key: string]: unknown }\n payload: string\n resolveJwsSigner?: JwsSignerResolver\n }\n ): Promise<JwsSignerWithJwk> {\n const { protectedHeader, resolveJwsSigner, jws, payload, allowedJwsSignerMethods } = options\n\n const alg = protectedHeader.alg\n if (!isKnownJwaSignatureAlgorithm(alg)) {\n throw new CredoError(`Unsupported JWA signature algorithm '${protectedHeader.alg}'`)\n }\n\n if (protectedHeader.x5c && allowedJwsSignerMethods.includes('x5c')) {\n if (\n !Array.isArray(protectedHeader.x5c) \|\|\n protectedHeader.x5c.some((certificate) => typeof certificate !== 'string')\n ) {\n throw new CredoError('x5c header is not a valid JSON array of strings.')\n }\n\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: protectedHeader.x5c,\n })\n return {\n method: 'x5c',\n jwk: certificate.publicJwk,\n x5c: protectedHeader.x5c,\n }\n }\n\n // Jwk\n if (protectedHeader.jwk && allowedJwsSignerMethods.includes('jwk')) {\n if (!isJsonObject(protectedHeader.jwk)) throw new CredoError('JWK is not a valid JSON object.')\n\n const protectedJwk = PublicJwk.fromUnknown(protectedHeader.jwk)\n\n return {\n method: 'jwk',\n jwk: protectedJwk,\n }\n }\n\n if (!resolveJwsSigner) {\n throw new CredoError(`resolveJwsSigner is required for resolving jws signers other than 'jwk' and 'x5c'.`)\n }\n\n try {\n const jwsSigner = await resolveJwsSigner({\n jws,\n protectedHeader: {\n ...protectedHeader,\n alg,\n },\n payload,\n })\n\n if (!allowedJwsSignerMethods.includes(jwsSigner.method)) {\n throw new CredoError(\n `resolveJwsSigner returned jws signer with method '${\n jwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n return jwsSigner\n } catch (error) {\n throw new CredoError(`Error when resolving jws signer for jws in resolveJwsSigner. ${error.message}`, {\n cause: error,\n })\n }\n }\n}\n\nexport interface CreateJwsOptions {\n payload: Buffer \| JwtPayload\n keyId: string\n header: Record<string, unknown>\n protectedHeaderOptions: JwsProtectedHeaderOptions\n}\n\ntype CreateJwsBaseOptions = Omit<CreateJwsOptions, 'header'>\ntype CreateCompactJwsOptions = Omit<CreateJwsOptions, 'header'>\n\nexport interface VerifyJwsOptions {\n jws: Jws\n\n /\n The expected signer of the JWS. If provided the signer won't be dynamically\n * detected based on the values in the JWS.\n /\n jwsSigner?: JwsSignerWithJwk\n\n /\n Allowed jws signer methods when dynamically inferring the jws signer method.\n /\n allowedJwsSignerMethods?: JwsSigner['method'][]\n\n /\n * Method that should return the JWS signer was used\n * to sign the JWS.\n \n This method is called by the JWS Service when it could not determine the public key.\n \n Currently the JWS Service can only determine the public key if the JWS protected header\n * contains a `jwk` or `x5c` property. In all other cases, it's up to the caller to resolve the public\n * key based on the JWS.\n \n A common use case is the `kid` property in the JWS protected header. Or determining the key\n * base on the `iss` property in the JWT payload.\n */\n resolveJwsSigner?: JwsSignerResolver\n\n trustedCertificates?: EncodedX509Certificate[]\n}\n\nexport type JwsSignerResolver = (options: {\n jws: JwsDetachedFormat\n payload: string\n protectedHeader: {\n alg: KnownJwaSignatureAlgorithm\n jwk?: string\n kid?: string\n [key: string]: unknown\n }\n}) => Promise<JwsSignerWithJwk> \| JwsSignerWithJwk\n\nexport interface VerifyJwsResult {\n isValid: boolean\n jwsSigners: JwsSignerWithJwk[]\n\n jws: JwsFlattenedFormat\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA+BO,uBAAMA,aAAW;CACtB,MAAc,cAAc,cAA4B,SAA+B;EACrF,MAAM,EAAE,KAAK,KAAK,QAAQ,QAAQ;EAElC,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;EAEpE,MAAM,MAAM,MAAM,IAAI,aAAa,EAAE,OAAO,QAAQ,OAAO,CAAC;AAC5D,sBAAoB,IAAI;EAExB,MAAM,YAAY,UAAU,cAAc,IAAI;AAG9C,MAAI,KAKF;OAAI,CAAC,2BAJe,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,KACnB,CAAC,CAE0C,UAAU,QAAQ,EAAE,IAAI,CAClE,OAAM,IAAI,WAAW,uDAAuD;;EAIhF,MAAM,cAAc,eAAe,YAAY,MAAM,MAAM,UAAU,YAAY,IAAI,GAAG;AAExF,MAAI,eAAe,CAAC,2BAA2B,YAAY,QAAQ,EAAE,IAAI,CACvE,OAAM,IAAI,WAAW,uDAAuD;AAI9E,MAAI,CAAC,UAAU,6BAA6B,SAAS,IAAI,CACvD,OAAM,IAAI,WACR,QAAQ,IAAI,6DAA6D,UAAU,wBAAwB,6BAA6B,UAAU,6BAA6B,KAC7K,KACD,GACF;EAGH,MAAM,UACJ,QAAQ,mBAAmB,aAAa,YAAY,SAAS,QAAQ,QAAQ,QAAQ,CAAC,GAAG,QAAQ;EAEnG,MAAM,gBAAgB,kBAAkB,YAAY,QAAQ;EAC5D,MAAM,2BAA2B,YAAY,YAAY,KAAK,eAAe,QAAQ,uBAAuB,CAAC;EAE7G,MAAM,aAAa,MAAM,IAAI,KAAK;GAChC,WAAW;GACX,MAAM,kBAAkB,WAAW,GAAG,yBAAyB,GAAG,gBAAgB;GAClF,OAAO,QAAQ;GAChB,CAAC;AAGF,SAAO;GACL;GACA;GACA,WALgB,kBAAkB,YAAY,WAAW,UAAU;GAMpE;;CAGH,MAAa,UACX,cACA,EAAE,SAAS,OAAO,QAAQ,0BACC;EAC3B,MAAM,EAAE,0BAA0B,WAAW,kBAAkB,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AAEF,SAAO;GACL,WAAW;GACX;GACA;GACA,SAAS;GACV;;;;;CAMH,MAAa,iBACX,cACA,EAAE,SAAS,OAAO,0BACD;EACjB,MAAM,EAAE,eAAe,0BAA0B,cAAc,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AACF,SAAO,GAAG,yBAAyB,GAAG,cAAc,GAAG;;;;;CAMzD,MAAa,UACX,cACA,EACE,KACA,kBACA,qBACA,WAAW,mBACX,0BAA0B;EAAC;EAAO;EAAO;EAAM,IAEvB;EAC1B,IAAIC,aAAkC,EAAE;EACxC,IAAIC;AAEJ,MAAI,qBAAqB,CAAC,wBAAwB,SAAS,kBAAkB,OAAO,CAClF,OAAM,IAAI,WACR,mCACE,kBAAkB,OACnB,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,MAAI,OAAO,QAAQ,UAAU;AAC3B,OAAI,CAAC,2BAA2B,KAAK,IAAI,CAAE,OAAM,IAAI,WAAW,yCAAyC,IAAI,IAAI;GAEjH,MAAM,CAAC,iBAAiB,UAAU,aAAa,IAAI,MAAM,IAAI;AAE7D,aAAU;AACV,cAAW,KAAK;IACd,QAAQ,EAAE;IACV,WAAW;IACX;IACD,CAAC;aACO,gBAAgB,KAAK;AAC9B,gBAAa,IAAI;AACjB,aAAU,IAAI;SACT;AACL,cAAW,KAAK,IAAI;AACpB,aAAU,IAAI;;AAGhB,MAAI,WAAW,WAAW,EACxB,OAAM,IAAI,WAAW,sDAAsD;EAG7E,MAAM,eAAe;GACnB;GACA;GACD;EAED,MAAMC,aAAiC,EAAE;AACzC,OAAK,MAAMC,SAAO,YAAY;GAC5B,MAAM,gBAAgB,YAAY,WAAWA,MAAI,UAAU;AAE3D,OAAI,CAAC,aAAa,cAAc,CAC9B,OAAM,IAAI,WAAW,qEAAqE;AAG5F,OAAI,CAAC,cAAc,OAAO,OAAO,cAAc,QAAQ,SACrD,OAAM,IAAI,WAAW,8EAA8E;GAGrG,MAAM,YACJ,qBACC,MAAM,KAAK,iBAAiB,cAAc;IACzC;IACA;IACA,iBAAiB;KACf,GAAG;KACH,KAAK,cAAc;KACpB;IACD;IACA;IACD,CAAC;AAEJ,SAAM,KAAK,gBAAgB,cAAc;IACvC;IACA;IACD,CAAC;AAEF,OAAI,CAAC,UAAU,IAAI,6BAA6B,SAAS,cAAc,IAAkC,CACvG,OAAM,IAAI,WACR,QAAQ,cAAc,IAAI,wDAAwD,uBAAuB,UAAU,IAAI,QAAQ,CAAC,CAAC,6BAA6B,UAAU,IAAI,6BAA6B,KAAK,KAAK,GACpN;GAGH,MAAM,OAAO,kBAAkB,WAAW,GAAGA,MAAI,UAAU,GAAG,UAAU;GACxE,MAAM,YAAY,kBAAkB,WAAWA,MAAI,UAAU;AAC7D,cAAW,KAAK,UAAU;GAE1B,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;AAEpE,OAAI;IACF,MAAM,EAAE,aAAa,MAAM,IAAI,OAAO;KACpC,KAAK,EACH,WAAW,UAAU,IAAI,QAAQ,EAClC;KACD;KACA;KACA,WAAW,cAAc;KAC1B,CAAC;AAEF,QAAI,CAAC,SACH,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;YAEI,OAAO;AAGd,QAAI,iBAAiB,mBACnB,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;AAGH,UAAM;;;AAIV,SAAO;GAAE,SAAS;GAAM;GAAY,KAAK;GAAc;;CAGzD,AAAQ,eAAe,SAAoC;AACzD,SAAO;GACL,GAAG;GACH,KAAK,QAAQ;GACb,KAAK,QAAQ,eAAe,YAAY,QAAQ,IAAI,QAAQ,GAAG,QAAQ;GACvE,KAAK,QAAQ;GACd;;CAGH,MAAc,gBACZ,cACA,SAIA;EACA,MAAM,EAAE,cAAc;AAEtB,MAAI,UAAU,WAAW,OAAO;GAC9B,MAAM,gCACJ,aAAa,kBAAkB,QAAQ,iBAAiB,CAAC,uBAAuB,EAAE;GACpF,MAAM,sBAAsB,QAAQ,uBAAuB;AAC3D,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,4FACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,UAAU;IAC5B;IACD,CAAC;;;CAIN,MAAc,iBACZ,cACA,SAO2B;EAC3B,MAAM,EAAE,iBAAiB,kBAAkB,KAAK,SAAS,4BAA4B;EAErF,MAAM,MAAM,gBAAgB;AAC5B,MAAI,CAAC,6BAA6B,IAAI,CACpC,OAAM,IAAI,WAAW,wCAAwC,gBAAgB,IAAI,GAAG;AAGtF,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OACE,CAAC,MAAM,QAAQ,gBAAgB,IAAI,IACnC,gBAAgB,IAAI,MAAM,gBAAgB,OAAO,gBAAgB,SAAS,CAE1E,OAAM,IAAI,WAAW,mDAAmD;AAM1E,UAAO;IACL,QAAQ;IACR,KALkB,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,gBAAgB,KACnC,CAAC,CAGiB;IACjB,KAAK,gBAAgB;IACtB;;AAIH,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OAAI,CAAC,aAAa,gBAAgB,IAAI,CAAE,OAAM,IAAI,WAAW,kCAAkC;AAI/F,UAAO;IACL,QAAQ;IACR,KAJmB,UAAU,YAAY,gBAAgB,IAAI;IAK9D;;AAGH,MAAI,CAAC,iBACH,OAAM,IAAI,WAAW,qFAAqF;AAG5G,MAAI;GACF,MAAM,YAAY,MAAM,iBAAiB;IACvC;IACA,iBAAiB;KACf,GAAG;KACH;KACD;IACD;IACD,CAAC;AAEF,OAAI,CAAC,wBAAwB,SAAS,UAAU,OAAO,CACrD,OAAM,IAAI,WACR,qDACE,UAAU,OACX,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,UAAO;WACA,OAAO;AACd,SAAM,IAAI,WAAW,gEAAgE,MAAM,WAAW,EACpG,OAAO,OACR,CAAC;;;;yBAxUP,YAAY"}
1	+ {"version":3,"file":"JwsService.mjs","names":["JwsService","signatures: JwsDetachedFormat[]","payload: string","jwsSigners: JwsSignerWithJwk[]","jws"],"sources":["../../src/crypto/JwsService.ts"],"sourcesContent":["import type { AgentContext } from '../agent'\nimport { CredoError } from '../error'\nimport {\n assertJwkAsymmetric,\n assymetricPublicJwkMatches,\n getJwkHumanDescription,\n KeyManagementApi,\n KeyManagementError,\n type KnownJwaSignatureAlgorithm,\n PublicJwk,\n} from '../modules/kms'\nimport { isKnownJwaSignatureAlgorithm } from '../modules/kms/jwk/jwa'\nimport { type EncodedX509Certificate, X509ModuleConfig } from '../modules/x509'\nimport { X509Service } from './../modules/x509/X509Service'\nimport { injectable } from '../plugins'\nimport { type AnyUint8Array, isJsonObject } from '../types'\nimport { JsonEncoder, TypedArrayEncoder } from '../utils'\nimport type { JwsSigner, JwsSignerWithJwk } from './JwsSigner'\nimport type {\n Jws,\n JwsDetachedFormat,\n JwsFlattenedFormat,\n JwsGeneralFormat,\n JwsProtectedHeaderOptions,\n} from './JwsTypes'\nimport { JWS_COMPACT_FORMAT_MATCHER } from './JwsTypes'\nimport { JwtPayload } from './jose/jwt'\n\n@injectable()\nexport class JwsService {\n private async createJwsBase(agentContext: AgentContext, options: CreateJwsBaseOptions) {\n const { jwk, alg, x5c } = options.protectedHeaderOptions\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const key = await kms.getPublicKey({ keyId: options.keyId })\n assertJwkAsymmetric(key)\n\n const publicJwk = PublicJwk.fromPublicJwk(key)\n\n // Make sure the options.x5c and x5c from protectedHeader are the same.\n if (x5c) {\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: x5c,\n })\n\n if (!assymetricPublicJwkMatches(certificate.publicJwk.toJson(), key)) {\n throw new CredoError('Protected header x5c does not match key for signing.')\n }\n }\n\n const jwkInstance = jwk instanceof PublicJwk ? jwk : jwk ? PublicJwk.fromUnknown(jwk) : undefined\n // Make sure the options.key and jwk from protectedHeader are the same.\n if (jwkInstance && !assymetricPublicJwkMatches(jwkInstance.toJson(), key)) {\n throw new CredoError('Protected header JWK does not match key for signing.')\n }\n\n // Validate the options.key used for signing against the jws options\n if (!publicJwk.supportedSignatureAlgorithms.includes(alg)) {\n throw new CredoError(\n `alg '${alg}' is not a valid JWA signature algorithm for this jwk with ${publicJwk.jwkTypehumanDescription}. Supported algorithms are ${publicJwk.supportedSignatureAlgorithms.join(\n ', '\n )}`\n )\n }\n\n const payload =\n options.payload instanceof JwtPayload ? JsonEncoder.toBuffer(options.payload.toJson()) : options.payload\n\n const base64Payload = TypedArrayEncoder.toBase64URL(payload)\n const base64UrlProtectedHeader = JsonEncoder.toBase64URL(this.buildProtected(options.protectedHeaderOptions))\n\n const signResult = await kms.sign({\n algorithm: alg,\n data: TypedArrayEncoder.fromString(`${base64UrlProtectedHeader}.${base64Payload}`),\n keyId: options.keyId,\n })\n const signature = TypedArrayEncoder.toBase64URL(signResult.signature)\n\n return {\n base64Payload,\n base64UrlProtectedHeader,\n signature,\n }\n }\n\n public async createJws(\n agentContext: AgentContext,\n { payload, keyId, header, protectedHeaderOptions }: CreateJwsOptions\n ): Promise<JwsGeneralFormat> {\n const { base64UrlProtectedHeader, signature, base64Payload } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n\n return {\n protected: base64UrlProtectedHeader,\n signature,\n header,\n payload: base64Payload,\n }\n }\n\n /*\n @see {@link https://www.rfc-editor.org/rfc/rfc7515#section-3.1}\n * /\n public async createJwsCompact(\n agentContext: AgentContext,\n { payload, keyId, protectedHeaderOptions }: CreateCompactJwsOptions\n ): Promise<string> {\n const { base64Payload, base64UrlProtectedHeader, signature } = await this.createJwsBase(agentContext, {\n payload,\n keyId,\n protectedHeaderOptions,\n })\n return `${base64UrlProtectedHeader}.${base64Payload}.${signature}`\n }\n\n /\n Verify a JWS\n /\n public async verifyJws(\n agentContext: AgentContext,\n {\n jws,\n resolveJwsSigner,\n trustedCertificates,\n jwsSigner: expectedJwsSigner,\n allowedJwsSignerMethods = ['did', 'jwk', 'x5c'],\n }: VerifyJwsOptions\n ): Promise<VerifyJwsResult> {\n let signatures: JwsDetachedFormat[] = []\n let payload: string\n\n if (expectedJwsSigner && !allowedJwsSignerMethods.includes(expectedJwsSigner.method)) {\n throw new CredoError(\n `jwsSigner provided with method '${\n expectedJwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n if (typeof jws === 'string') {\n if (!JWS_COMPACT_FORMAT_MATCHER.test(jws)) throw new CredoError(`Invalid JWS compact format for value '${jws}'.`)\n\n const [protectedHeader, _payload, signature] = jws.split('.')\n\n payload = _payload\n signatures.push({\n header: {},\n protected: protectedHeader,\n signature,\n })\n } else if ('signatures' in jws) {\n signatures = jws.signatures\n payload = jws.payload\n } else {\n signatures.push(jws)\n payload = jws.payload\n }\n\n if (signatures.length === 0) {\n throw new CredoError('Unable to verify JWS, no signatures present in JWS.')\n }\n\n const jwsFlattened = {\n signatures,\n payload,\n } satisfies JwsFlattenedFormat\n\n const jwsSigners: JwsSignerWithJwk[] = []\n for (const jws of signatures) {\n const protectedJson = JsonEncoder.fromBase64(jws.protected)\n\n if (!isJsonObject(protectedJson)) {\n throw new CredoError('Unable to verify JWS, protected header is not a valid JSON object.')\n }\n\n if (!protectedJson.alg \|\| typeof protectedJson.alg !== 'string') {\n throw new CredoError('Unable to verify JWS, protected header alg is not provided or not a string.')\n }\n\n const jwsSigner =\n expectedJwsSigner ??\n (await this.jwsSignerFromJws(agentContext, {\n jws,\n payload,\n protectedHeader: {\n ...protectedJson,\n alg: protectedJson.alg,\n },\n allowedJwsSignerMethods,\n resolveJwsSigner,\n }))\n\n await this.verifyJwsSigner(agentContext, {\n jwsSigner,\n trustedCertificates,\n })\n\n if (!jwsSigner.jwk.supportedSignatureAlgorithms.includes(protectedJson.alg as KnownJwaSignatureAlgorithm)) {\n throw new CredoError(\n `alg '${protectedJson.alg}' is not a valid JWA signature algorithm for this jwk ${getJwkHumanDescription(jwsSigner.jwk.toJson())}. Supported algorithms are ${jwsSigner.jwk.supportedSignatureAlgorithms.join(', ')}`\n )\n }\n\n const data = TypedArrayEncoder.fromString(`${jws.protected}.${payload}`)\n const signature = TypedArrayEncoder.fromBase64(jws.signature)\n jwsSigners.push(jwsSigner)\n\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n try {\n const { verified } = await kms.verify({\n key: {\n publicJwk: jwsSigner.jwk.toJson(),\n },\n data,\n signature,\n algorithm: protectedJson.alg as KnownJwaSignatureAlgorithm,\n })\n\n if (!verified) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n } catch (error) {\n // WalletError probably means signature verification failed. Would be useful to add\n // more specific error type in kms.verify method\n if (error instanceof KeyManagementError) {\n return {\n isValid: false,\n jwsSigners: [],\n jws: jwsFlattened,\n }\n }\n\n throw error\n }\n }\n\n return { isValid: true, jwsSigners, jws: jwsFlattened }\n }\n\n private buildProtected(options: JwsProtectedHeaderOptions) {\n return {\n ...options,\n alg: options.alg,\n jwk: options.jwk instanceof PublicJwk ? options.jwk.toJson() : options.jwk,\n kid: options.kid,\n }\n }\n\n private async verifyJwsSigner(\n agentContext: AgentContext,\n options: {\n jwsSigner: JwsSignerWithJwk\n trustedCertificates?: EncodedX509Certificate[]\n }\n ) {\n const { jwsSigner } = options\n\n if (jwsSigner.method === 'x5c') {\n const trustedCertificatesFromConfig =\n agentContext.dependencyManager.resolve(X509ModuleConfig).trustedCertificates ?? []\n const trustedCertificates = options.trustedCertificates ?? trustedCertificatesFromConfig\n if (trustedCertificates.length === 0) {\n throw new CredoError(\n `trustedCertificates is required when the JWS protected header contains an 'x5c' property.`\n )\n }\n\n await X509Service.validateCertificateChain(agentContext, {\n certificateChain: jwsSigner.x5c,\n trustedCertificates,\n })\n }\n }\n\n private async jwsSignerFromJws(\n agentContext: AgentContext,\n options: {\n jws: JwsDetachedFormat\n allowedJwsSignerMethods: JwsSigner['method'][]\n protectedHeader: { alg: string; [key: string]: unknown }\n payload: string\n resolveJwsSigner?: JwsSignerResolver\n }\n ): Promise<JwsSignerWithJwk> {\n const { protectedHeader, resolveJwsSigner, jws, payload, allowedJwsSignerMethods } = options\n\n const alg = protectedHeader.alg\n if (!isKnownJwaSignatureAlgorithm(alg)) {\n throw new CredoError(`Unsupported JWA signature algorithm '${protectedHeader.alg}'`)\n }\n\n if (protectedHeader.x5c && allowedJwsSignerMethods.includes('x5c')) {\n if (\n !Array.isArray(protectedHeader.x5c) \|\|\n protectedHeader.x5c.some((certificate) => typeof certificate !== 'string')\n ) {\n throw new CredoError('x5c header is not a valid JSON array of strings.')\n }\n\n const certificate = X509Service.getLeafCertificate(agentContext, {\n certificateChain: protectedHeader.x5c,\n })\n return {\n method: 'x5c',\n jwk: certificate.publicJwk,\n x5c: protectedHeader.x5c,\n }\n }\n\n // Jwk\n if (protectedHeader.jwk && allowedJwsSignerMethods.includes('jwk')) {\n if (!isJsonObject(protectedHeader.jwk)) throw new CredoError('JWK is not a valid JSON object.')\n\n const protectedJwk = PublicJwk.fromUnknown(protectedHeader.jwk)\n\n return {\n method: 'jwk',\n jwk: protectedJwk,\n }\n }\n\n if (!resolveJwsSigner) {\n throw new CredoError(`resolveJwsSigner is required for resolving jws signers other than 'jwk' and 'x5c'.`)\n }\n\n try {\n const jwsSigner = await resolveJwsSigner({\n jws,\n protectedHeader: {\n ...protectedHeader,\n alg,\n },\n payload,\n })\n\n if (!allowedJwsSignerMethods.includes(jwsSigner.method)) {\n throw new CredoError(\n `resolveJwsSigner returned jws signer with method '${\n jwsSigner.method\n }', but allowed jws signer methods are ${allowedJwsSignerMethods.join(', ')}.`\n )\n }\n\n return jwsSigner\n } catch (error) {\n throw new CredoError(`Error when resolving jws signer for jws in resolveJwsSigner. ${error.message}`, {\n cause: error,\n })\n }\n }\n}\n\nexport interface CreateJwsOptions {\n payload: AnyUint8Array \| JwtPayload\n keyId: string\n header: Record<string, unknown>\n protectedHeaderOptions: JwsProtectedHeaderOptions\n}\n\ntype CreateJwsBaseOptions = Omit<CreateJwsOptions, 'header'>\ntype CreateCompactJwsOptions = Omit<CreateJwsOptions, 'header'>\n\nexport interface VerifyJwsOptions {\n jws: Jws\n\n /\n The expected signer of the JWS. If provided the signer won't be dynamically\n * detected based on the values in the JWS.\n /\n jwsSigner?: JwsSignerWithJwk\n\n /\n Allowed jws signer methods when dynamically inferring the jws signer method.\n /\n allowedJwsSignerMethods?: JwsSigner['method'][]\n\n /\n * Method that should return the JWS signer was used\n * to sign the JWS.\n \n This method is called by the JWS Service when it could not determine the public key.\n \n Currently the JWS Service can only determine the public key if the JWS protected header\n * contains a `jwk` or `x5c` property. In all other cases, it's up to the caller to resolve the public\n * key based on the JWS.\n \n A common use case is the `kid` property in the JWS protected header. Or determining the key\n * base on the `iss` property in the JWT payload.\n */\n resolveJwsSigner?: JwsSignerResolver\n\n trustedCertificates?: EncodedX509Certificate[]\n}\n\nexport type JwsSignerResolver = (options: {\n jws: JwsDetachedFormat\n payload: string\n protectedHeader: {\n alg: KnownJwaSignatureAlgorithm\n jwk?: string\n kid?: string\n [key: string]: unknown\n }\n}) => Promise<JwsSignerWithJwk> \| JwsSignerWithJwk\n\nexport interface VerifyJwsResult {\n isValid: boolean\n jwsSigners: JwsSignerWithJwk[]\n\n jws: JwsFlattenedFormat\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AA6BO,uBAAMA,aAAW;CACtB,MAAc,cAAc,cAA4B,SAA+B;EACrF,MAAM,EAAE,KAAK,KAAK,QAAQ,QAAQ;EAElC,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;EAEpE,MAAM,MAAM,MAAM,IAAI,aAAa,EAAE,OAAO,QAAQ,OAAO,CAAC;AAC5D,sBAAoB,IAAI;EAExB,MAAM,YAAY,UAAU,cAAc,IAAI;AAG9C,MAAI,KAKF;OAAI,CAAC,2BAJe,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,KACnB,CAAC,CAE0C,UAAU,QAAQ,EAAE,IAAI,CAClE,OAAM,IAAI,WAAW,uDAAuD;;EAIhF,MAAM,cAAc,eAAe,YAAY,MAAM,MAAM,UAAU,YAAY,IAAI,GAAG;AAExF,MAAI,eAAe,CAAC,2BAA2B,YAAY,QAAQ,EAAE,IAAI,CACvE,OAAM,IAAI,WAAW,uDAAuD;AAI9E,MAAI,CAAC,UAAU,6BAA6B,SAAS,IAAI,CACvD,OAAM,IAAI,WACR,QAAQ,IAAI,6DAA6D,UAAU,wBAAwB,6BAA6B,UAAU,6BAA6B,KAC7K,KACD,GACF;EAGH,MAAM,UACJ,QAAQ,mBAAmB,aAAa,YAAY,SAAS,QAAQ,QAAQ,QAAQ,CAAC,GAAG,QAAQ;EAEnG,MAAM,gBAAgB,kBAAkB,YAAY,QAAQ;EAC5D,MAAM,2BAA2B,YAAY,YAAY,KAAK,eAAe,QAAQ,uBAAuB,CAAC;EAE7G,MAAM,aAAa,MAAM,IAAI,KAAK;GAChC,WAAW;GACX,MAAM,kBAAkB,WAAW,GAAG,yBAAyB,GAAG,gBAAgB;GAClF,OAAO,QAAQ;GAChB,CAAC;AAGF,SAAO;GACL;GACA;GACA,WALgB,kBAAkB,YAAY,WAAW,UAAU;GAMpE;;CAGH,MAAa,UACX,cACA,EAAE,SAAS,OAAO,QAAQ,0BACC;EAC3B,MAAM,EAAE,0BAA0B,WAAW,kBAAkB,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AAEF,SAAO;GACL,WAAW;GACX;GACA;GACA,SAAS;GACV;;;;;CAMH,MAAa,iBACX,cACA,EAAE,SAAS,OAAO,0BACD;EACjB,MAAM,EAAE,eAAe,0BAA0B,cAAc,MAAM,KAAK,cAAc,cAAc;GACpG;GACA;GACA;GACD,CAAC;AACF,SAAO,GAAG,yBAAyB,GAAG,cAAc,GAAG;;;;;CAMzD,MAAa,UACX,cACA,EACE,KACA,kBACA,qBACA,WAAW,mBACX,0BAA0B;EAAC;EAAO;EAAO;EAAM,IAEvB;EAC1B,IAAIC,aAAkC,EAAE;EACxC,IAAIC;AAEJ,MAAI,qBAAqB,CAAC,wBAAwB,SAAS,kBAAkB,OAAO,CAClF,OAAM,IAAI,WACR,mCACE,kBAAkB,OACnB,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,MAAI,OAAO,QAAQ,UAAU;AAC3B,OAAI,CAAC,2BAA2B,KAAK,IAAI,CAAE,OAAM,IAAI,WAAW,yCAAyC,IAAI,IAAI;GAEjH,MAAM,CAAC,iBAAiB,UAAU,aAAa,IAAI,MAAM,IAAI;AAE7D,aAAU;AACV,cAAW,KAAK;IACd,QAAQ,EAAE;IACV,WAAW;IACX;IACD,CAAC;aACO,gBAAgB,KAAK;AAC9B,gBAAa,IAAI;AACjB,aAAU,IAAI;SACT;AACL,cAAW,KAAK,IAAI;AACpB,aAAU,IAAI;;AAGhB,MAAI,WAAW,WAAW,EACxB,OAAM,IAAI,WAAW,sDAAsD;EAG7E,MAAM,eAAe;GACnB;GACA;GACD;EAED,MAAMC,aAAiC,EAAE;AACzC,OAAK,MAAMC,SAAO,YAAY;GAC5B,MAAM,gBAAgB,YAAY,WAAWA,MAAI,UAAU;AAE3D,OAAI,CAAC,aAAa,cAAc,CAC9B,OAAM,IAAI,WAAW,qEAAqE;AAG5F,OAAI,CAAC,cAAc,OAAO,OAAO,cAAc,QAAQ,SACrD,OAAM,IAAI,WAAW,8EAA8E;GAGrG,MAAM,YACJ,qBACC,MAAM,KAAK,iBAAiB,cAAc;IACzC;IACA;IACA,iBAAiB;KACf,GAAG;KACH,KAAK,cAAc;KACpB;IACD;IACA;IACD,CAAC;AAEJ,SAAM,KAAK,gBAAgB,cAAc;IACvC;IACA;IACD,CAAC;AAEF,OAAI,CAAC,UAAU,IAAI,6BAA6B,SAAS,cAAc,IAAkC,CACvG,OAAM,IAAI,WACR,QAAQ,cAAc,IAAI,wDAAwD,uBAAuB,UAAU,IAAI,QAAQ,CAAC,CAAC,6BAA6B,UAAU,IAAI,6BAA6B,KAAK,KAAK,GACpN;GAGH,MAAM,OAAO,kBAAkB,WAAW,GAAGA,MAAI,UAAU,GAAG,UAAU;GACxE,MAAM,YAAY,kBAAkB,WAAWA,MAAI,UAAU;AAC7D,cAAW,KAAK,UAAU;GAE1B,MAAM,MAAM,aAAa,kBAAkB,QAAQ,iBAAiB;AAEpE,OAAI;IACF,MAAM,EAAE,aAAa,MAAM,IAAI,OAAO;KACpC,KAAK,EACH,WAAW,UAAU,IAAI,QAAQ,EAClC;KACD;KACA;KACA,WAAW,cAAc;KAC1B,CAAC;AAEF,QAAI,CAAC,SACH,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;YAEI,OAAO;AAGd,QAAI,iBAAiB,mBACnB,QAAO;KACL,SAAS;KACT,YAAY,EAAE;KACd,KAAK;KACN;AAGH,UAAM;;;AAIV,SAAO;GAAE,SAAS;GAAM;GAAY,KAAK;GAAc;;CAGzD,AAAQ,eAAe,SAAoC;AACzD,SAAO;GACL,GAAG;GACH,KAAK,QAAQ;GACb,KAAK,QAAQ,eAAe,YAAY,QAAQ,IAAI,QAAQ,GAAG,QAAQ;GACvE,KAAK,QAAQ;GACd;;CAGH,MAAc,gBACZ,cACA,SAIA;EACA,MAAM,EAAE,cAAc;AAEtB,MAAI,UAAU,WAAW,OAAO;GAC9B,MAAM,gCACJ,aAAa,kBAAkB,QAAQ,iBAAiB,CAAC,uBAAuB,EAAE;GACpF,MAAM,sBAAsB,QAAQ,uBAAuB;AAC3D,OAAI,oBAAoB,WAAW,EACjC,OAAM,IAAI,WACR,4FACD;AAGH,SAAM,YAAY,yBAAyB,cAAc;IACvD,kBAAkB,UAAU;IAC5B;IACD,CAAC;;;CAIN,MAAc,iBACZ,cACA,SAO2B;EAC3B,MAAM,EAAE,iBAAiB,kBAAkB,KAAK,SAAS,4BAA4B;EAErF,MAAM,MAAM,gBAAgB;AAC5B,MAAI,CAAC,6BAA6B,IAAI,CACpC,OAAM,IAAI,WAAW,wCAAwC,gBAAgB,IAAI,GAAG;AAGtF,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OACE,CAAC,MAAM,QAAQ,gBAAgB,IAAI,IACnC,gBAAgB,IAAI,MAAM,gBAAgB,OAAO,gBAAgB,SAAS,CAE1E,OAAM,IAAI,WAAW,mDAAmD;AAM1E,UAAO;IACL,QAAQ;IACR,KALkB,YAAY,mBAAmB,cAAc,EAC/D,kBAAkB,gBAAgB,KACnC,CAAC,CAGiB;IACjB,KAAK,gBAAgB;IACtB;;AAIH,MAAI,gBAAgB,OAAO,wBAAwB,SAAS,MAAM,EAAE;AAClE,OAAI,CAAC,aAAa,gBAAgB,IAAI,CAAE,OAAM,IAAI,WAAW,kCAAkC;AAI/F,UAAO;IACL,QAAQ;IACR,KAJmB,UAAU,YAAY,gBAAgB,IAAI;IAK9D;;AAGH,MAAI,CAAC,iBACH,OAAM,IAAI,WAAW,qFAAqF;AAG5G,MAAI;GACF,MAAM,YAAY,MAAM,iBAAiB;IACvC;IACA,iBAAiB;KACf,GAAG;KACH;KACD;IACD;IACD,CAAC;AAEF,OAAI,CAAC,wBAAwB,SAAS,UAAU,OAAO,CACrD,OAAM,IAAI,WACR,qDACE,UAAU,OACX,wCAAwC,wBAAwB,KAAK,KAAK,CAAC,GAC7E;AAGH,UAAO;WACA,OAAO;AACd,SAAM,IAAI,WAAW,gEAAgE,MAAM,WAAW,EACpG,OAAO,OACR,CAAC;;;;yBAxUP,YAAY"}

package/build/crypto/KmsKeyPair.js CHANGED Viewed

@@ -1,10 +1,8 @@
-const require_rolldown_runtime = require('../_virtual/rolldown_runtime.js');
 const require_CredoError = require('../error/CredoError.js');
 require('../error/index.js');
 require('../agent/index.js');
-require('../utils/buffer.js');
 const require_MessageValidator = require('../utils/MessageValidator.js');
 const require_JsonTransformer = require('../utils/JsonTransformer.js');
 require('../utils/index.js');
@@ -14,8 +12,6 @@ const require_VerificationMethod = require('../modules/dids/domain/verificationM
 const require_keyDidMapping = require('../modules/dids/domain/key-type/keyDidMapping.js');
 require('../modules/dids/index.js');
 const require_LdKeyPair = require('../modules/vc/data-integrity/models/LdKeyPair.js');
-let buffer_index_js = require("buffer/index.js");
-buffer_index_js = require_rolldown_runtime.__toESM(buffer_index_js);
 //#region src/crypto/KmsKeyPair.ts
 function createKmsKeyPairClass(agentContext) {
@@ -66,7 +62,7 @@ function createKmsKeyPairClass(agentContext) {
 				if (Array.isArray(data.data)) throw new require_CredoError.CredoError("Verifying array of data entries is not supported");
 				const { verified } = await agentContext.dependencyManager.resolve(require_KeyManagementApi.KeyManagementApi).verify({
 					data: data.data,
-					signature: buffer_index_js.Buffer.from(data.signature),
+					signature: data.signature,
 					key: { publicJwk: this.publicJwk.toJson() },
 					algorithm: this.publicJwk.signatureAlgorithm
 				});

package/build/crypto/KmsKeyPair.mjs CHANGED Viewed

@@ -3,7 +3,6 @@
 import { CredoError } from "../error/CredoError.mjs";
 import "../error/index.mjs";
 import "../agent/index.mjs";
-import { Buffer } from "../utils/buffer.mjs";
 import { MessageValidator } from "../utils/MessageValidator.mjs";
 import { JsonTransformer } from "../utils/JsonTransformer.mjs";
 import "../utils/index.mjs";
@@ -63,7 +62,7 @@ function createKmsKeyPairClass(agentContext) {
 				if (Array.isArray(data.data)) throw new CredoError("Verifying array of data entries is not supported");
 				const { verified } = await agentContext.dependencyManager.resolve(KeyManagementApi).verify({
 					data: data.data,
-					signature: Buffer.from(data.signature),
+					signature: data.signature,
 					key: { publicJwk: this.publicJwk.toJson() },
 					algorithm: this.publicJwk.signatureAlgorithm
 				});

package/build/crypto/KmsKeyPair.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"KmsKeyPair.mjs","names":[],"sources":["../../src/crypto/KmsKeyPair.ts"],"sourcesContent":["import ~~type~~ { ~~LdKeyPairOptions } from '../modules/vc/data-integrity/models/LdKeyPair'\n\nimport {~~ AgentContext } from '../agent'\nimport { CredoError } from '../error'\nimport { VerificationMethod } from '../modules/dids'\nimport { getPublicJwkFromVerificationMethod } from '../modules/dids/domain/key-type/keyDidMapping'\nimport { KeyManagementApi, PublicJwk } from '../modules/kms'\nimport { LdKeyPair } from '../modules/vc/data-integrity/models/LdKeyPair'\nimport { ~~JsonTransformer~~, ~~MessageValidator~~ } from '../~~utils~~'\nimport { ~~Buffer~~ } from '../utils~~/buffer~~'\n\ninterface KmsKeyPairOptions extends LdKeyPairOptions {\n publicJwk: PublicJwk\n}\n\nexport function createKmsKeyPairClass(agentContext: AgentContext) {\n return class KmsKeyPair extends LdKeyPair {\n public publicJwk: PublicJwk\n public type = 'KmsKeyPair'\n\n public constructor(options: KmsKeyPairOptions) {\n super(options)\n this.publicJwk = options.publicJwk\n }\n\n public static async generate(): Promise<KmsKeyPair> {\n throw new Error('Not implemented')\n }\n\n public fingerprint(): string {\n throw new Error('Method not implemented.')\n }\n\n public verifyFingerprint(_fingerprint: string): boolean {\n throw new Error('Method not implemented.')\n }\n\n public static async from(verificationMethod: VerificationMethod): Promise<KmsKeyPair> {\n const vMethod = JsonTransformer.fromJSON(verificationMethod, VerificationMethod)\n MessageValidator.validateSync(vMethod)\n const publicJwk = getPublicJwkFromVerificationMethod(vMethod)\n\n return new KmsKeyPair({\n id: vMethod.id,\n controller: vMethod.controller,\n publicJwk,\n })\n }\n\n /*\n This method returns a wrapped wallet.sign method. The method is being wrapped so we can covert between Uint8Array and Buffer. This is to make it compatible with the external signature libraries.\n /\n public signer(): { sign: (data: { data: ~~Uint8Array~~ \| ~~Uint8Array~~[] }) => Promise<~~Uint8Array~~> } {\n // wrap function for conversion\n const wrappedSign = async (data: { data: ~~Uint8Array~~ \| ~~Uint8Array~~[] }): Promise<~~Uint8Array~~> => {\n if (Array.isArray(data.data)) {\n throw new CredoError('Signing array of data entries is not supported')\n }\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const result = await kms.sign({\n data: data.data,\n keyId: this.publicJwk.keyId,\n algorithm: this.publicJwk.signatureAlgorithm,\n })\n\n return result.signature\n }\n\n return {\n sign: wrappedSign.bind(this),\n }\n }\n\n /\n This method returns a wrapped wallet.verify method. The method is being wrapped so we can covert between Uint8Array and Buffer. This is to make it compatible with the external signature libraries.\n */\n public verifier(): {\n verify: (data: { data: ~~Uint8Array~~ \| ~~Uint8Array~~[]; signature: ~~Uint8Array~~ }) => Promise<boolean>\n } {\n const wrappedVerify = async (data: {\n data: ~~Uint8Array~~ \| ~~Uint8Array~~[]\n signature: ~~Uint8Array~~\n }): Promise<boolean> => {\n if (Array.isArray(data.data)) {\n throw new CredoError('Verifying array of data entries is not supported')\n }\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const { verified } = await kms.verify({\n data: data.data,\n signature: ~~Buffer.from(~~data.signature),\n key: {\n publicJwk: this.publicJwk.toJson(),\n },\n algorithm: this.publicJwk.signatureAlgorithm,\n })\n\n return verified\n }\n return {\n verify: wrappedVerify.bind(this),\n }\n }\n\n public get publicKeyBuffer(): ~~Uint8Array~~ {\n const publicKey = this.publicJwk.publicKey\n\n if (publicKey.kty === 'RSA') {\n throw new CredoError(`kty 'RSA' not supported for publicKeyBuffer`)\n }\n\n return publicKey.publicKey\n }\n }\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;AAeA~~,SAAgB,sBAAsB,cAA4B;AAChE,QAAO,MAAM,mBAAmB,UAAU;EAIxC,AAAO,YAAY,SAA4B;AAC7C,SAAM,QAAQ;QAHT,OAAO;AAIZ,QAAK,YAAY,QAAQ;;EAG3B,aAAoB,WAAgC;AAClD,SAAM,IAAI,MAAM,kBAAkB;;EAGpC,AAAO,cAAsB;AAC3B,SAAM,IAAI,MAAM,0BAA0B;;EAG5C,AAAO,kBAAkB,cAA+B;AACtD,SAAM,IAAI,MAAM,0BAA0B;;EAG5C,aAAoB,KAAK,oBAA6D;GACpF,MAAM,UAAU,gBAAgB,SAAS,oBAAoB,mBAAmB;AAChF,oBAAiB,aAAa,QAAQ;GACtC,MAAM,YAAY,mCAAmC,QAAQ;AAE7D,UAAO,IAAI,WAAW;IACpB,IAAI,QAAQ;IACZ,YAAY,QAAQ;IACpB;IACD,CAAC;;;;;EAMJ,AAAO,~~SAAuF~~;~~GAE5F~~,MAAM,cAAc,OAAO,~~SAAmE~~;~~AAC5F~~,QAAI,MAAM,QAAQ,KAAK,KAAK,CAC1B,OAAM,IAAI,WAAW,iDAAiD;AAUxE,YANe,MAFH,aAAa,kBAAkB,QAAQ,iBAAiB,CAE3C,KAAK;KAC5B,MAAM,KAAK;KACX,OAAO,KAAK,UAAU;KACtB,WAAW,KAAK,UAAU;KAC3B,CAAC,EAEY;;AAGhB,UAAO,EACL,MAAM,YAAY,KAAK,KAAK,EAC7B;;;;;EAMH,AAAO,WAEL;GACA,MAAM,gBAAgB,OAAO,SAGL;AACtB,QAAI,MAAM,QAAQ,KAAK,KAAK,CAC1B,OAAM,IAAI,WAAW,mDAAmD;IAI1E,MAAM,EAAE,aAAa,MAFT,aAAa,kBAAkB,QAAQ,iBAAiB,CAErC,OAAO;KACpC,MAAM,KAAK;KACX,WAAW,~~OAAO,~~KAAK~~,KAAK,UAAU~~;~~KACtC~~,KAAK,EACH,WAAW,KAAK,UAAU,QAAQ,EACnC;KACD,WAAW,KAAK,UAAU;KAC3B,CAAC;AAEF,WAAO;;AAET,UAAO,EACL,QAAQ,cAAc,KAAK,KAAK,EACjC;;EAGH,IAAW,~~kBAA8B~~;~~GACvC~~,MAAM,YAAY,KAAK,UAAU;AAEjC,OAAI,UAAU,QAAQ,MACpB,OAAM,IAAI,WAAW,8CAA8C;AAGrE,UAAO,UAAU"}
1	+ {"version":3,"file":"KmsKeyPair.mjs","names":[],"sources":["../../src/crypto/KmsKeyPair.ts"],"sourcesContent":["import { AgentContext } from '../agent'\nimport { CredoError } from '../error'\nimport { VerificationMethod } from '../modules/dids'\nimport { getPublicJwkFromVerificationMethod } from '../modules/dids/domain/key-type/keyDidMapping'\nimport { KeyManagementApi, PublicJwk } from '../modules/kms'\nimport type { LdKeyPairOptions } from '../modules/vc/data-integrity/models/LdKeyPair'\nimport { LdKeyPair } from '../modules/vc/data-integrity/models/LdKeyPair'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../types'\nimport { JsonTransformer, MessageValidator } from '../utils'\n\ninterface KmsKeyPairOptions extends LdKeyPairOptions {\n publicJwk: PublicJwk\n}\n\nexport function createKmsKeyPairClass(agentContext: AgentContext) {\n return class KmsKeyPair extends LdKeyPair {\n public publicJwk: PublicJwk\n public type = 'KmsKeyPair'\n\n public constructor(options: KmsKeyPairOptions) {\n super(options)\n this.publicJwk = options.publicJwk\n }\n\n public static async generate(): Promise<KmsKeyPair> {\n throw new Error('Not implemented')\n }\n\n public fingerprint(): string {\n throw new Error('Method not implemented.')\n }\n\n public verifyFingerprint(_fingerprint: string): boolean {\n throw new Error('Method not implemented.')\n }\n\n public static async from(verificationMethod: VerificationMethod): Promise<KmsKeyPair> {\n const vMethod = JsonTransformer.fromJSON(verificationMethod, VerificationMethod)\n MessageValidator.validateSync(vMethod)\n const publicJwk = getPublicJwkFromVerificationMethod(vMethod)\n\n return new KmsKeyPair({\n id: vMethod.id,\n controller: vMethod.controller,\n publicJwk,\n })\n }\n\n /*\n This method returns a wrapped wallet.sign method. The method is being wrapped so we can covert between Uint8Array and Buffer. This is to make it compatible with the external signature libraries.\n /\n public signer(): { sign: (data: { data: AnyUint8Array \| AnyUint8Array[] }) => Promise<Uint8ArrayBuffer> } {\n // wrap function for conversion\n const wrappedSign = async (data: { data: AnyUint8Array \| AnyUint8Array[] }): Promise<Uint8ArrayBuffer> => {\n if (Array.isArray(data.data)) {\n throw new CredoError('Signing array of data entries is not supported')\n }\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const result = await kms.sign({\n data: data.data,\n keyId: this.publicJwk.keyId,\n algorithm: this.publicJwk.signatureAlgorithm,\n })\n\n return result.signature\n }\n\n return {\n sign: wrappedSign.bind(this),\n }\n }\n\n /\n This method returns a wrapped wallet.verify method. The method is being wrapped so we can covert between Uint8Array and Buffer. This is to make it compatible with the external signature libraries.\n */\n public verifier(): {\n verify: (data: { data: AnyUint8Array \| AnyUint8Array[]; signature: AnyUint8Array }) => Promise<boolean>\n } {\n const wrappedVerify = async (data: {\n data: AnyUint8Array \| AnyUint8Array[]\n signature: AnyUint8Array\n }): Promise<boolean> => {\n if (Array.isArray(data.data)) {\n throw new CredoError('Verifying array of data entries is not supported')\n }\n const kms = agentContext.dependencyManager.resolve(KeyManagementApi)\n\n const { verified } = await kms.verify({\n data: data.data,\n signature: data.signature,\n key: {\n publicJwk: this.publicJwk.toJson(),\n },\n algorithm: this.publicJwk.signatureAlgorithm,\n })\n\n return verified\n }\n return {\n verify: wrappedVerify.bind(this),\n }\n }\n\n public get publicKeyBuffer(): Uint8ArrayBuffer {\n const publicKey = this.publicJwk.publicKey\n\n if (publicKey.kty === 'RSA') {\n throw new CredoError(`kty 'RSA' not supported for publicKeyBuffer`)\n }\n\n return publicKey.publicKey as Uint8ArrayBuffer\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAcA,SAAgB,sBAAsB,cAA4B;AAChE,QAAO,MAAM,mBAAmB,UAAU;EAIxC,AAAO,YAAY,SAA4B;AAC7C,SAAM,QAAQ;QAHT,OAAO;AAIZ,QAAK,YAAY,QAAQ;;EAG3B,aAAoB,WAAgC;AAClD,SAAM,IAAI,MAAM,kBAAkB;;EAGpC,AAAO,cAAsB;AAC3B,SAAM,IAAI,MAAM,0BAA0B;;EAG5C,AAAO,kBAAkB,cAA+B;AACtD,SAAM,IAAI,MAAM,0BAA0B;;EAG5C,aAAoB,KAAK,oBAA6D;GACpF,MAAM,UAAU,gBAAgB,SAAS,oBAAoB,mBAAmB;AAChF,oBAAiB,aAAa,QAAQ;GACtC,MAAM,YAAY,mCAAmC,QAAQ;AAE7D,UAAO,IAAI,WAAW;IACpB,IAAI,QAAQ;IACZ,YAAY,QAAQ;IACpB;IACD,CAAC;;;;;EAMJ,AAAO,SAAmG;GAExG,MAAM,cAAc,OAAO,SAA+E;AACxG,QAAI,MAAM,QAAQ,KAAK,KAAK,CAC1B,OAAM,IAAI,WAAW,iDAAiD;AAUxE,YANe,MAFH,aAAa,kBAAkB,QAAQ,iBAAiB,CAE3C,KAAK;KAC5B,MAAM,KAAK;KACX,OAAO,KAAK,UAAU;KACtB,WAAW,KAAK,UAAU;KAC3B,CAAC,EAEY;;AAGhB,UAAO,EACL,MAAM,YAAY,KAAK,KAAK,EAC7B;;;;;EAMH,AAAO,WAEL;GACA,MAAM,gBAAgB,OAAO,SAGL;AACtB,QAAI,MAAM,QAAQ,KAAK,KAAK,CAC1B,OAAM,IAAI,WAAW,mDAAmD;IAI1E,MAAM,EAAE,aAAa,MAFT,aAAa,kBAAkB,QAAQ,iBAAiB,CAErC,OAAO;KACpC,MAAM,KAAK;KACX,WAAW,KAAK;KAChB,KAAK,EACH,WAAW,KAAK,UAAU,QAAQ,EACnC;KACD,WAAW,KAAK,UAAU;KAC3B,CAAC;AAEF,WAAO;;AAET,UAAO,EACL,QAAQ,cAAc,KAAK,KAAK,EACjC;;EAGH,IAAW,kBAAoC;GAC7C,MAAM,YAAY,KAAK,UAAU;AAEjC,OAAI,UAAU,QAAQ,MACpB,OAAM,IAAI,WAAW,8CAA8C;AAGrE,UAAO,UAAU"}

package/build/crypto/hashes/Hasher.d.mts CHANGED Viewed

@@ -1,7 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.mjs";
 //#region src/crypto/hashes/Hasher.d.ts
-type HashName = 'sha-512' | 'sha-256' | 'sha-1';
+type HashName = 'sha-512' | 'sha-384' | 'sha-256' | 'sha-1';
 declare class Hasher {
-  static hash(data: Uint8Array | string, hashName: HashName | string): Uint8Array<ArrayBufferLike>;
+  static hash(data: AnyUint8Array | string, hashName: HashName | ({} & string)): Uint8ArrayBuffer;
 }
 //#endregion
 export { HashName, Hasher };

package/build/crypto/hashes/Hasher.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Hasher.d.mts","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":[],"mappings":"~~;KAMY~~,QAAA;cAGC,MAAA;oBACc~~,+BAA+B~~,~~oBAAiB~~,~~WAAA;AAJ3E~~"}
1	+ {"version":3,"file":"Hasher.d.mts","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":[],"mappings":";;;KASY,QAAA;cAGC,MAAA;oBACc,kCAAkC,2BAA2B"}

package/build/crypto/hashes/Hasher.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.js";
 //#region src/crypto/hashes/Hasher.d.ts
-type HashName = 'sha-512' | 'sha-256' | 'sha-1';
+type HashName = 'sha-512' | 'sha-384' | 'sha-256' | 'sha-1';
 declare class Hasher {
-  static hash(data: Uint8Array | string, hashName: HashName | string): Uint8Array<ArrayBufferLike>;
+  static hash(data: AnyUint8Array | string, hashName: HashName | ({} & string)): Uint8ArrayBuffer;
 }
 //#endregion
 export { HashName, Hasher };

package/build/crypto/hashes/Hasher.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Hasher.d.ts","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":[],"mappings":"~~;KAMY~~,QAAA;~~AAAA,~~cAGC,MAAA~~,CAHO~~;~~EAGP~~,OAAA,~~IAAM~~,CAAA,IAAA,~~EACQ~~,~~UADR~~,GAAA,MAAA,EAAA,QAAA,~~EACuC~~,~~QADvC~~,GAAA,~~MAAA~~,CAAA,~~EACwD~~,~~UADxD~~,~~CACwD~~,~~eADxD~~,CAAA"}
1	+ {"version":3,"file":"Hasher.d.ts","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":[],"mappings":";;;KASY,QAAA;cAGC,MAAA;EAHD,OAAA,IAAQ,CAAA,IAAA,EAIO,aAJP,GAAA,MAAA,EAAA,QAAA,EAIyC,QAJzC,GAAA,CAAA,CAAA,CAAA,GAAA,MAAA,CAAA,CAAA,EAIoE,gBAJpE;AAGpB"}

package/build/crypto/hashes/Hasher.js CHANGED Viewed

@@ -2,17 +2,22 @@
 const require_CredoError = require('../../error/CredoError.js');
 require('../../error/index.js');
+const require_TypedArrayEncoder = require('../../utils/TypedArrayEncoder.js');
 const require_Sha1 = require('./Sha1.js');
 const require_Sha256 = require('./Sha256.js');
+const require_Sha384 = require('./Sha384.js');
 const require_Sha512 = require('./Sha512.js');
+require('../../utils/index.js');
 //#region src/crypto/hashes/Hasher.ts
 var Hasher = class {
 	static hash(data, hashName) {
+		const dataInput = typeof data === "string" ? require_TypedArrayEncoder.TypedArrayEncoder.fromString(data) : data;
 		switch (hashName.toUpperCase()) {
-			case "SHA-512": return new require_Sha512.Sha512().hash(data);
-			case "SHA-256": return new require_Sha256.Sha256().hash(data);
-			case "SHA-1": return new require_Sha1.Sha1().hash(data);
+			case "SHA-512": return new require_Sha512.Sha512().hash(dataInput);
+			case "SHA-384": return new require_Sha384.Sha384().hash(dataInput);
+			case "SHA-256": return new require_Sha256.Sha256().hash(dataInput);
+			case "SHA-1": return new require_Sha1.Sha1().hash(dataInput);
 			default: throw new require_CredoError.CredoError(`Hash name: '${hashName}' is not supported.`);
 		}
 	}

package/build/crypto/hashes/Hasher.mjs CHANGED Viewed

@@ -2,17 +2,22 @@
 import { CredoError } from "../../error/CredoError.mjs";
 import "../../error/index.mjs";
+import { TypedArrayEncoder } from "../../utils/TypedArrayEncoder.mjs";
 import { Sha1 } from "./Sha1.mjs";
 import { Sha256 } from "./Sha256.mjs";
+import { Sha384 } from "./Sha384.mjs";
 import { Sha512 } from "./Sha512.mjs";
+import "../../utils/index.mjs";
 //#region src/crypto/hashes/Hasher.ts
 var Hasher = class {
 	static hash(data, hashName) {
+		const dataInput = typeof data === "string" ? TypedArrayEncoder.fromString(data) : data;
 		switch (hashName.toUpperCase()) {
-			case "SHA-512": return new Sha512().hash(data);
-			case "SHA-256": return new Sha256().hash(data);
-			case "SHA-1": return new Sha1().hash(data);
+			case "SHA-512": return new Sha512().hash(dataInput);
+			case "SHA-384": return new Sha384().hash(dataInput);
+			case "SHA-256": return new Sha256().hash(dataInput);
+			case "SHA-1": return new Sha1().hash(dataInput);
 			default: throw new CredoError(`Hash name: '${hashName}' is not supported.`);
 		}
 	}

package/build/crypto/hashes/Hasher.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Hasher.mjs","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":["import { CredoError } from '../../error'\n\nimport { Sha1 } from './Sha1'\nimport { Sha256 } from './Sha256'\nimport { Sha512 } from './Sha512'\n\nexport type HashName = 'sha-512' \| 'sha-256' \| 'sha-1'\n\n// biome-ignore lint/complexity/noStaticOnlyClass: <explanation>\nexport class Hasher {\n public static hash(data: ~~Uint8Array~~ \| string, hashName: HashName \| string) {\n switch (hashName.toUpperCase()) {\n case 'SHA-512':\n return new Sha512().hash(~~data~~)\n case 'SHA-256':\n return new Sha256().hash(~~data~~)\n case 'SHA-1':\n return new Sha1().hash(~~data~~)\n default:\n throw new CredoError(`Hash name: '${hashName}' is not supported.`)\n }\n }\n}\n"],"mappings":"~~;;;;;;;;;AASA~~,IAAa,SAAb,MAAoB;CAClB,OAAc,KAAK,~~MAA2B~~,~~UAA6B~~;~~AACzE~~,UAAQ,SAAS,aAAa,EAA9B;GACE,KAAK,UACH,QAAO,IAAI,QAAQ,CAAC,KAAK,KAAK;~~GAChC~~,KAAK,UACH,QAAO,IAAI,QAAQ,CAAC,KAAK,~~KAAK~~;~~GAChC~~,KAAK,QACH,QAAO,IAAI,MAAM,CAAC,KAAK,~~KAAK~~;~~GAC9B~~,QACE,OAAM,IAAI,WAAW,eAAe,SAAS,qBAAqB"}
1	+ {"version":3,"file":"Hasher.mjs","names":[],"sources":["../../../src/crypto/hashes/Hasher.ts"],"sourcesContent":["import { CredoError } from '../../error'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../../types'\nimport { TypedArrayEncoder } from '../../utils'\n\nimport { Sha1 } from './Sha1'\nimport { Sha256 } from './Sha256'\nimport { Sha384 } from './Sha384'\nimport { Sha512 } from './Sha512'\n\nexport type HashName = 'sha-512' \| 'sha-384' \| 'sha-256' \| 'sha-1'\n\n// biome-ignore lint/complexity/noStaticOnlyClass: no explanation\nexport class Hasher {\n public static hash(data: AnyUint8Array \| string, hashName: HashName \| ({} & string)): Uint8ArrayBuffer {\n const dataInput = typeof data === 'string' ? TypedArrayEncoder.fromString(data) : data\n switch (hashName.toUpperCase()) {\n case 'SHA-512':\n return new Sha512().hash(dataInput)\n case 'SHA-384':\n return new Sha384().hash(dataInput)\n case 'SHA-256':\n return new Sha256().hash(dataInput)\n case 'SHA-1':\n return new Sha1().hash(dataInput)\n default:\n throw new CredoError(`Hash name: '${hashName}' is not supported.`)\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;AAYA,IAAa,SAAb,MAAoB;CAClB,OAAc,KAAK,MAA8B,UAAsD;EACrG,MAAM,YAAY,OAAO,SAAS,WAAW,kBAAkB,WAAW,KAAK,GAAG;AAClF,UAAQ,SAAS,aAAa,EAA9B;GACE,KAAK,UACH,QAAO,IAAI,QAAQ,CAAC,KAAK,UAAU;GACrC,KAAK,UACH,QAAO,IAAI,QAAQ,CAAC,KAAK,UAAU;GACrC,KAAK,UACH,QAAO,IAAI,QAAQ,CAAC,KAAK,UAAU;GACrC,KAAK,QACH,QAAO,IAAI,MAAM,CAAC,KAAK,UAAU;GACnC,QACE,OAAM,IAAI,WAAW,eAAe,SAAS,qBAAqB"}

package/build/crypto/hashes/IHash.d.mts CHANGED Viewed

@@ -1,6 +1,8 @@
+import { Uint8ArrayBuffer } from "../../types.mjs";
 //#region src/crypto/hashes/IHash.d.ts
 interface IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: Uint8ArrayBuffer): Uint8ArrayBuffer;
 }
 //#endregion
 export { IHash };

package/build/crypto/hashes/IHash.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"IHash.d.mts","names":[],"sources":["../../../src/crypto/hashes/IHash.ts"],"sourcesContent":[],"mappings":"~~;UAAiB~~,KAAA;aACJ,~~sBAAsB~~"}
1	+ {"version":3,"file":"IHash.d.mts","names":[],"sources":["../../../src/crypto/hashes/IHash.ts"],"sourcesContent":[],"mappings":";;;UAEiB,KAAA;aACJ,mBAAmB"}

package/build/crypto/hashes/IHash.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
+import { Uint8ArrayBuffer } from "../../types.js";
 //#region src/crypto/hashes/IHash.d.ts
 interface IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: Uint8ArrayBuffer): Uint8ArrayBuffer;
 }
 //#endregion
 export { IHash };

package/build/crypto/hashes/IHash.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"IHash.d.ts","names":[],"sources":["../../../src/crypto/hashes/IHash.ts"],"sourcesContent":[],"mappings":"~~;UAAiB~~,KAAA;~~EAAA~~,~~IAAA,CAAA,IAAK,EACT,UADS,GAAA,MAAA,CAAA,EACa,UADb~~"}
1	+ {"version":3,"file":"IHash.d.ts","names":[],"sources":["../../../src/crypto/hashes/IHash.ts"],"sourcesContent":[],"mappings":";;;UAEiB,KAAA;aACJ,mBAAmB;AADhC"}

package/build/crypto/hashes/Sha1.d.mts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.mjs";
 import { IHash } from "./IHash.mjs";
 //#region src/crypto/hashes/Sha1.d.ts
 declare class Sha1 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha1 };

package/build/crypto/hashes/Sha1.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha1.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,IAAA,YAAgB;aACT,~~sBAAsB~~"}
1	+ {"version":3,"file":"Sha1.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":[],"mappings":";;;;cAIa,IAAA,YAAgB;aACT,gBAAgB"}

package/build/crypto/hashes/Sha1.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.js";
 import { IHash } from "./IHash.js";
 //#region src/crypto/hashes/Sha1.d.ts
 declare class Sha1 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha1 };

package/build/crypto/hashes/Sha1.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha1.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,IAAA,YAAgB;aACT,~~sBAAsB~~;~~AAD1C~~"}
1	+ {"version":3,"file":"Sha1.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":[],"mappings":";;;;cAIa,IAAA,YAAgB;aACT,gBAAgB;AADpC"}

package/build/crypto/hashes/Sha1.js CHANGED Viewed

@@ -1,13 +1,13 @@
 const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
-let __noble_hashes_legacy = require("@noble/hashes/legacy");
-__noble_hashes_legacy = require_rolldown_runtime.__toESM(__noble_hashes_legacy);
+let __noble_hashes_legacy_js = require("@noble/hashes/legacy.js");
+__noble_hashes_legacy_js = require_rolldown_runtime.__toESM(__noble_hashes_legacy_js);
 //#region src/crypto/hashes/Sha1.ts
 var Sha1 = class {
 	hash(data) {
-		return (0, __noble_hashes_legacy.sha1)(data);
+		return (0, __noble_hashes_legacy_js.sha1)(data);
 	}
 };

package/build/crypto/hashes/Sha1.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
-import { sha1 } from "@noble/hashes/legacy";
+import { sha1 } from "@noble/hashes/legacy.js";
 //#region src/crypto/hashes/Sha1.ts
 var Sha1 = class {

package/build/crypto/hashes/Sha1.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha1.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":["import type { ~~IHash~~ } from '~~./IHash~~'\n\nimport { ~~sha1~~ } from '~~@noble/hashes/legacy~~'\n\nexport class Sha1 implements IHash {\n public hash(data: ~~Uint8Array \| string~~): ~~Uint8Array~~ {\n return sha1(data)\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,OAAb,MAAmC;CACjC,AAAO,KAAK,MAAuC;AACjD,SAAO,KAAK,KAAK"}
1	+ {"version":3,"file":"Sha1.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha1.ts"],"sourcesContent":["import { sha1 } from '@noble/hashes/legacy.js'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../../types'\nimport type { IHash } from './IHash'\n\nexport class Sha1 implements IHash {\n public hash(data: AnyUint8Array): Uint8ArrayBuffer {\n return sha1(data) as Uint8ArrayBuffer\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,OAAb,MAAmC;CACjC,AAAO,KAAK,MAAuC;AACjD,SAAO,KAAK,KAAK"}

package/build/crypto/hashes/Sha256.d.mts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.mjs";
 import { IHash } from "./IHash.mjs";
 //#region src/crypto/hashes/Sha256.d.ts
 declare class Sha256 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha256 };

package/build/crypto/hashes/Sha256.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha256.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,MAAA,YAAkB;aACX,~~sBAAsB~~"}
1	+ {"version":3,"file":"Sha256.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB"}

package/build/crypto/hashes/Sha256.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.js";
 import { IHash } from "./IHash.js";
 //#region src/crypto/hashes/Sha256.d.ts
 declare class Sha256 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha256 };

package/build/crypto/hashes/Sha256.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha256.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,MAAA,YAAkB;aACX,~~sBAAsB~~;~~AAD1C~~"}
1	+ {"version":3,"file":"Sha256.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB;AADpC"}

package/build/crypto/hashes/Sha256.js CHANGED Viewed

@@ -1,13 +1,13 @@
 const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
-let __noble_hashes_sha2 = require("@noble/hashes/sha2");
-__noble_hashes_sha2 = require_rolldown_runtime.__toESM(__noble_hashes_sha2);
+let __noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
+__noble_hashes_sha2_js = require_rolldown_runtime.__toESM(__noble_hashes_sha2_js);
 //#region src/crypto/hashes/Sha256.ts
 var Sha256 = class {
 	hash(data) {
-		return (0, __noble_hashes_sha2.sha256)(data);
+		return (0, __noble_hashes_sha2_js.sha256)(data);
 	}
 };

package/build/crypto/hashes/Sha256.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
-import { sha256 } from "@noble/hashes/sha2";
+import { sha256 } from "@noble/hashes/sha2.js";
 //#region src/crypto/hashes/Sha256.ts
 var Sha256 = class {

package/build/crypto/hashes/Sha256.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha256.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":["import type { ~~IHash~~ } from '~~./IHash~~'\n\nimport { ~~sha256~~ } from '~~@noble/hashes/sha2~~'\n\nexport class Sha256 implements IHash {\n public hash(data: ~~Uint8Array \| string~~): ~~Uint8Array~~ {\n return sha256(data)\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,SAAb,MAAqC;CACnC,AAAO,KAAK,MAAuC;AACjD,SAAO,OAAO,KAAK"}
1	+ {"version":3,"file":"Sha256.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha256.ts"],"sourcesContent":["import { sha256 } from '@noble/hashes/sha2.js'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../../types'\nimport type { IHash } from './IHash'\n\nexport class Sha256 implements IHash {\n public hash(data: AnyUint8Array): Uint8ArrayBuffer {\n return sha256(data) as Uint8ArrayBuffer\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,SAAb,MAAqC;CACnC,AAAO,KAAK,MAAuC;AACjD,SAAO,OAAO,KAAK"}

package/build/crypto/hashes/Sha384.d.mts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.mjs";
+import { IHash } from "./IHash.mjs";
+//#region src/crypto/hashes/Sha384.d.ts
+declare class Sha384 implements IHash {
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
+}
+//#endregion
+export { Sha384 };
+//# sourceMappingURL=Sha384.d.mts.map

package/build/crypto/hashes/Sha384.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"Sha384.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha384.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB"}

package/build/crypto/hashes/Sha384.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.js";
+import { IHash } from "./IHash.js";
+//#region src/crypto/hashes/Sha384.d.ts
+declare class Sha384 implements IHash {
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
+}
+//#endregion
+export { Sha384 };
+//# sourceMappingURL=Sha384.d.ts.map

package/build/crypto/hashes/Sha384.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"Sha384.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha384.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB;AADpC"}

package/build/crypto/hashes/Sha384.js ADDED Viewed

@@ -0,0 +1,15 @@
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
+let __noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
+__noble_hashes_sha2_js = require_rolldown_runtime.__toESM(__noble_hashes_sha2_js);
+//#region src/crypto/hashes/Sha384.ts
+var Sha384 = class {
+	hash(data) {
+		return (0, __noble_hashes_sha2_js.sha384)(data);
+	}
+};
+//#endregion
+exports.Sha384 = Sha384;

package/build/crypto/hashes/Sha384.mjs ADDED Viewed

@@ -0,0 +1,14 @@
+import { sha384 } from "@noble/hashes/sha2.js";
+//#region src/crypto/hashes/Sha384.ts
+var Sha384 = class {
+	hash(data) {
+		return sha384(data);
+	}
+};
+//#endregion
+export { Sha384 };
+//# sourceMappingURL=Sha384.mjs.map

package/build/crypto/hashes/Sha384.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"Sha384.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha384.ts"],"sourcesContent":["import { sha384 } from '@noble/hashes/sha2.js'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../../types'\nimport type { IHash } from './IHash'\n\nexport class Sha384 implements IHash {\n public hash(data: AnyUint8Array): Uint8ArrayBuffer {\n return sha384(data) as Uint8ArrayBuffer\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,SAAb,MAAqC;CACnC,AAAO,KAAK,MAAuC;AACjD,SAAO,OAAO,KAAK"}

package/build/crypto/hashes/Sha512.d.mts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.mjs";
 import { IHash } from "./IHash.mjs";
 //#region src/crypto/hashes/Sha512.d.ts
 declare class Sha512 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha512 };

package/build/crypto/hashes/Sha512.d.mts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha512.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,MAAA,YAAkB;aACX,~~sBAAsB~~"}
1	+ {"version":3,"file":"Sha512.d.mts","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB"}

package/build/crypto/hashes/Sha512.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
+import { AnyUint8Array, Uint8ArrayBuffer } from "../../types.js";
 import { IHash } from "./IHash.js";
 //#region src/crypto/hashes/Sha512.d.ts
 declare class Sha512 implements IHash {
-  hash(data: Uint8Array | string): Uint8Array;
+  hash(data: AnyUint8Array): Uint8ArrayBuffer;
 }
 //#endregion
 export { Sha512 };

package/build/crypto/hashes/Sha512.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha512.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":[],"mappings":"~~;;;~~cAIa,MAAA,YAAkB;aACX,~~sBAAsB~~;~~AAD1C~~"}
1	+ {"version":3,"file":"Sha512.d.ts","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":[],"mappings":";;;;cAIa,MAAA,YAAkB;aACX,gBAAgB;AADpC"}

package/build/crypto/hashes/Sha512.js CHANGED Viewed

@@ -1,13 +1,13 @@
 const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
-let __noble_hashes_sha2 = require("@noble/hashes/sha2");
-__noble_hashes_sha2 = require_rolldown_runtime.__toESM(__noble_hashes_sha2);
+let __noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
+__noble_hashes_sha2_js = require_rolldown_runtime.__toESM(__noble_hashes_sha2_js);
 //#region src/crypto/hashes/Sha512.ts
 var Sha512 = class {
 	hash(data) {
-		return (0, __noble_hashes_sha2.sha512)(data);
+		return (0, __noble_hashes_sha2_js.sha512)(data);
 	}
 };

package/build/crypto/hashes/Sha512.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
-import { sha512 } from "@noble/hashes/sha2";
+import { sha512 } from "@noble/hashes/sha2.js";
 //#region src/crypto/hashes/Sha512.ts
 var Sha512 = class {

package/build/crypto/hashes/Sha512.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"Sha512.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":["import type { ~~IHash~~ } from '~~./IHash~~'\n\nimport { ~~sha512~~ } from '~~@noble/hashes/sha2~~'\n\nexport class Sha512 implements IHash {\n public hash(data: ~~Uint8Array \| string~~): ~~Uint8Array~~ {\n return sha512(data)\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,SAAb,MAAqC;CACnC,AAAO,KAAK,MAAuC;AACjD,SAAO,OAAO,KAAK"}
1	+ {"version":3,"file":"Sha512.mjs","names":[],"sources":["../../../src/crypto/hashes/Sha512.ts"],"sourcesContent":["import { sha512 } from '@noble/hashes/sha2.js'\nimport type { AnyUint8Array, Uint8ArrayBuffer } from '../../types'\nimport type { IHash } from './IHash'\n\nexport class Sha512 implements IHash {\n public hash(data: AnyUint8Array): Uint8ArrayBuffer {\n return sha512(data) as Uint8ArrayBuffer\n }\n}\n"],"mappings":";;;;;AAIA,IAAa,SAAb,MAAqC;CACnC,AAAO,KAAK,MAAuC;AACjD,SAAO,OAAO,KAAK"}

package/build/crypto/hashes/index.js CHANGED Viewed

@@ -2,5 +2,6 @@
 const require_Sha1 = require('./Sha1.js');
 const require_Sha256 = require('./Sha256.js');
+const require_Sha384 = require('./Sha384.js');
 const require_Sha512 = require('./Sha512.js');
 const require_Hasher = require('./Hasher.js');