@fedify/vocab-runtime 2.1.0-dev.592 → 2.1.0-dev.599

package/dist/tests/internal/multicodec.test.cjs

@@ -1,5 +1,5 @@
 const require_chunk = require('../chunk-DWy1uDak.cjs');
-const require_multicodec = require('../multicodec-mHcRzSGY.cjs');
+const require_multicodec = require('../multicodec--6hQ74zI.cjs');
 const node_assert = require_chunk.__toESM(require("node:assert"));
 const node_test = require_chunk.__toESM(require("node:test"));
 

package/dist/tests/internal/multicodec.test.js

@@ -1,4 +1,4 @@
-import { addMulticodecPrefix, getMulticodecPrefix, removeMulticodecPrefix } from "../multicodec-DvC5xnX2.js";
+import { addMulticodecPrefix, getMulticodecPrefix, removeMulticodecPrefix } from "../multicodec-Dq3IiOV4.js";
 import { deepStrictEqual, throws } from "node:assert";
 import { test } from "node:test";
 

package/dist/tests/key-ByCmSI2y.js

@@ -0,0 +1,183 @@
+import { addMulticodecPrefix, getMulticodecPrefix, removeMulticodecPrefix } from "./multicodec-Dq3IiOV4.js";
+import { decodeMultibase, encodeMultibase } from "./multibase-B4g8pz6F.js";
+import { Integer, Sequence } from "asn1js";
+import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
+import { decodeBase64Url } from "byte-encodings/base64url";
+import { createPublicKey } from "node:crypto";
+import { PublicKeyInfo } from "pkijs";
+
+//#region src/jwk.ts
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		const algorithm = key.algorithm;
+		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+
+//#endregion
+//#region src/key.ts
+const algorithms = {
+	"1.2.840.113549.1.1.1": {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	},
+	"1.3.101.112": "Ed25519"
+};
+/**
+* Imports a PEM-SPKI formatted public key.
+* @param pem The PEM-SPKI formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function importSpki(pem) {
+	pem = pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "");
+	let spki;
+	try {
+		spki = decodeBase64(pem);
+	} catch (_) {
+		throw new TypeError("Invalid PEM-SPKI format.");
+	}
+	const pki = PublicKeyInfo.fromBER(spki);
+	const oid = pki.algorithm.algorithmId;
+	const algorithm = algorithms[oid];
+	if (algorithm == null) throw new TypeError("Unsupported algorithm: " + oid);
+	return await crypto.subtle.importKey("spki", spki, algorithm, true, ["verify"]);
+}
+/**
+* Exports a public key in PEM-SPKI format.
+* @param key The public key to export.
+* @returns The exported public key in PEM-SPKI format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function exportSpki(key) {
+	validateCryptoKey(key);
+	const spki = await crypto.subtle.exportKey("spki", key);
+	let pem = encodeBase64(spki);
+	pem = (pem.match(/.{1,64}/g) || []).join("\n");
+	return `-----BEGIN PUBLIC KEY-----\n${pem}\n-----END PUBLIC KEY-----\n`;
+}
+/**
+* Imports a PEM-PKCS#1 formatted public key.
+* @param pem The PEM-PKCS#1 formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPkcs1(pem) {
+	const key = createPublicKey({
+		key: pem,
+		format: "pem",
+		type: "pkcs1"
+	});
+	const spki = key.export({
+		type: "spki",
+		format: "pem"
+	});
+	return importSpki(spki);
+}
+const PKCS1_HEADER = /^\s*-----BEGIN\s+RSA\s+PUBLIC\s+KEY-----\s*\n/;
+/**
+* Imports a PEM formatted public key (SPKI or PKCS#1).
+* @param pem The PEM formatted public key to import (SPKI or PKCS#1).
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPem(pem) {
+	return PKCS1_HEADER.test(pem) ? importPkcs1(pem) : importSpki(pem);
+}
+/**
+* Imports a [Multibase]-encoded public key.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The Multibase-encoded public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function importMultibaseKey(key) {
+	const decoded = decodeMultibase(key);
+	const { code } = getMulticodecPrefix(decoded);
+	const content = removeMulticodecPrefix(decoded);
+	if (code === 4613) {
+		const keyObject = createPublicKey({
+			key: content,
+			format: "der",
+			type: "pkcs1"
+		});
+		const exported = keyObject.export({
+			type: "spki",
+			format: "der"
+		});
+		const spki = exported instanceof Uint8Array ? exported : new Uint8Array(exported);
+		return await crypto.subtle.importKey("spki", new Uint8Array(spki), {
+			name: "RSASSA-PKCS1-v1_5",
+			hash: "SHA-256"
+		}, true, ["verify"]);
+	} else if (code === 237) return await crypto.subtle.importKey("raw", content.slice(), "Ed25519", true, ["verify"]);
+	else throw new TypeError("Unsupported key type: 0x" + code.toString(16));
+}
+/**
+* Exports a public key in [Multibase] format.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The public key to export.
+* @returns The exported public key in Multibase format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function exportMultibaseKey(key) {
+	let content;
+	let code;
+	if (key.algorithm.name === "Ed25519") {
+		content = await crypto.subtle.exportKey("raw", key);
+		code = 237;
+	} else if (key.algorithm.name === "RSASSA-PKCS1-v1_5" && key.algorithm.hash.name === "SHA-256") {
+		const jwk = await crypto.subtle.exportKey("jwk", key);
+		const decodedN = decodeBase64Url(jwk.n);
+		const n = new Uint8Array(decodedN.length + 1);
+		n.set(decodedN, 1);
+		const sequence = new Sequence({ value: [new Integer({
+			isHexOnly: true,
+			valueHex: n
+		}), new Integer({
+			isHexOnly: true,
+			valueHex: decodeBase64Url(jwk.e)
+		})] });
+		content = sequence.toBER(false);
+		code = 4613;
+	} else throw new TypeError("Unsupported key type: " + JSON.stringify(key.algorithm));
+	const prefixed = addMulticodecPrefix(code, new Uint8Array(content));
+	const encoded = encodeMultibase("base58btc", prefixed);
+	return new TextDecoder().decode(encoded);
+}
+
+//#endregion
+export { exportJwk, exportMultibaseKey, exportSpki, importJwk, importMultibaseKey, importPem, importPkcs1, importSpki };

package/dist/tests/key-CCPn6TEY.cjs

@@ -0,0 +1,231 @@
+const require_chunk = require('./chunk-DWy1uDak.cjs');
+const require_multicodec = require('./multicodec--6hQ74zI.cjs');
+const require_multibase = require('./multibase-o_ovPHYJ.cjs');
+const asn1js = require_chunk.__toESM(require("asn1js"));
+const byte_encodings_base64 = require_chunk.__toESM(require("byte-encodings/base64"));
+const byte_encodings_base64url = require_chunk.__toESM(require("byte-encodings/base64url"));
+const node_crypto = require_chunk.__toESM(require("node:crypto"));
+const pkijs = require_chunk.__toESM(require("pkijs"));
+
+//#region src/jwk.ts
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		const algorithm = key.algorithm;
+		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+
+//#endregion
+//#region src/key.ts
+const algorithms = {
+	"1.2.840.113549.1.1.1": {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	},
+	"1.3.101.112": "Ed25519"
+};
+/**
+* Imports a PEM-SPKI formatted public key.
+* @param pem The PEM-SPKI formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function importSpki(pem) {
+	pem = pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "");
+	let spki;
+	try {
+		spki = (0, byte_encodings_base64.decodeBase64)(pem);
+	} catch (_) {
+		throw new TypeError("Invalid PEM-SPKI format.");
+	}
+	const pki = pkijs.PublicKeyInfo.fromBER(spki);
+	const oid = pki.algorithm.algorithmId;
+	const algorithm = algorithms[oid];
+	if (algorithm == null) throw new TypeError("Unsupported algorithm: " + oid);
+	return await crypto.subtle.importKey("spki", spki, algorithm, true, ["verify"]);
+}
+/**
+* Exports a public key in PEM-SPKI format.
+* @param key The public key to export.
+* @returns The exported public key in PEM-SPKI format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.5.0
+*/
+async function exportSpki(key) {
+	validateCryptoKey(key);
+	const spki = await crypto.subtle.exportKey("spki", key);
+	let pem = (0, byte_encodings_base64.encodeBase64)(spki);
+	pem = (pem.match(/.{1,64}/g) || []).join("\n");
+	return `-----BEGIN PUBLIC KEY-----\n${pem}\n-----END PUBLIC KEY-----\n`;
+}
+/**
+* Imports a PEM-PKCS#1 formatted public key.
+* @param pem The PEM-PKCS#1 formatted public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPkcs1(pem) {
+	const key = (0, node_crypto.createPublicKey)({
+		key: pem,
+		format: "pem",
+		type: "pkcs1"
+	});
+	const spki = key.export({
+		type: "spki",
+		format: "pem"
+	});
+	return importSpki(spki);
+}
+const PKCS1_HEADER = /^\s*-----BEGIN\s+RSA\s+PUBLIC\s+KEY-----\s*\n/;
+/**
+* Imports a PEM formatted public key (SPKI or PKCS#1).
+* @param pem The PEM formatted public key to import (SPKI or PKCS#1).
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 1.5.0
+*/
+function importPem(pem) {
+	return PKCS1_HEADER.test(pem) ? importPkcs1(pem) : importSpki(pem);
+}
+/**
+* Imports a [Multibase]-encoded public key.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The Multibase-encoded public key.
+* @returns The imported public key.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function importMultibaseKey(key) {
+	const decoded = require_multibase.decodeMultibase(key);
+	const { code } = require_multicodec.getMulticodecPrefix(decoded);
+	const content = require_multicodec.removeMulticodecPrefix(decoded);
+	if (code === 4613) {
+		const keyObject = (0, node_crypto.createPublicKey)({
+			key: content,
+			format: "der",
+			type: "pkcs1"
+		});
+		const exported = keyObject.export({
+			type: "spki",
+			format: "der"
+		});
+		const spki = exported instanceof Uint8Array ? exported : new Uint8Array(exported);
+		return await crypto.subtle.importKey("spki", new Uint8Array(spki), {
+			name: "RSASSA-PKCS1-v1_5",
+			hash: "SHA-256"
+		}, true, ["verify"]);
+	} else if (code === 237) return await crypto.subtle.importKey("raw", content.slice(), "Ed25519", true, ["verify"]);
+	else throw new TypeError("Unsupported key type: 0x" + code.toString(16));
+}
+/**
+* Exports a public key in [Multibase] format.
+*
+* [Multibase]: https://www.w3.org/TR/vc-data-integrity/#multibase-0
+* @param key The public key to export.
+* @returns The exported public key in Multibase format.
+* @throws {TypeError} If the key is invalid or unsupported.
+* @since 0.10.0
+*/
+async function exportMultibaseKey(key) {
+	let content;
+	let code;
+	if (key.algorithm.name === "Ed25519") {
+		content = await crypto.subtle.exportKey("raw", key);
+		code = 237;
+	} else if (key.algorithm.name === "RSASSA-PKCS1-v1_5" && key.algorithm.hash.name === "SHA-256") {
+		const jwk = await crypto.subtle.exportKey("jwk", key);
+		const decodedN = (0, byte_encodings_base64url.decodeBase64Url)(jwk.n);
+		const n = new Uint8Array(decodedN.length + 1);
+		n.set(decodedN, 1);
+		const sequence = new asn1js.Sequence({ value: [new asn1js.Integer({
+			isHexOnly: true,
+			valueHex: n
+		}), new asn1js.Integer({
+			isHexOnly: true,
+			valueHex: (0, byte_encodings_base64url.decodeBase64Url)(jwk.e)
+		})] });
+		content = sequence.toBER(false);
+		code = 4613;
+	} else throw new TypeError("Unsupported key type: " + JSON.stringify(key.algorithm));
+	const prefixed = require_multicodec.addMulticodecPrefix(code, new Uint8Array(content));
+	const encoded = require_multibase.encodeMultibase("base58btc", prefixed);
+	return new TextDecoder().decode(encoded);
+}
+
+//#endregion
+Object.defineProperty(exports, 'exportJwk', {
+  enumerable: true,
+  get: function () {
+    return exportJwk;
+  }
+});
+Object.defineProperty(exports, 'exportMultibaseKey', {
+  enumerable: true,
+  get: function () {
+    return exportMultibaseKey;
+  }
+});
+Object.defineProperty(exports, 'exportSpki', {
+  enumerable: true,
+  get: function () {
+    return exportSpki;
+  }
+});
+Object.defineProperty(exports, 'importJwk', {
+  enumerable: true,
+  get: function () {
+    return importJwk;
+  }
+});
+Object.defineProperty(exports, 'importMultibaseKey', {
+  enumerable: true,
+  get: function () {
+    return importMultibaseKey;
+  }
+});
+Object.defineProperty(exports, 'importPem', {
+  enumerable: true,
+  get: function () {
+    return importPem;
+  }
+});
+Object.defineProperty(exports, 'importPkcs1', {
+  enumerable: true,
+  get: function () {
+    return importPkcs1;
+  }
+});
+Object.defineProperty(exports, 'importSpki', {
+  enumerable: true,
+  get: function () {
+    return importSpki;
+  }
+});