npm - @libpdf/core - Versions diffs - 0.3.0 → 0.3.1 - Mend

@libpdf/core 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -10508,6 +10508,8 @@ declare class GoogleKmsSigner implements Signer {
   /**
    * Hash data using the specified algorithm.
    *
+   * Uses the Web Crypto API for native-speed hashing.
+   *
    * @returns The digest bytes and the KMS digest key name
    */
   private hashData;

package/dist/index.mjs CHANGED Viewed

@@ -11,7 +11,7 @@ import { createCMSECDSASignature } from "pkijs";
 import { base64 } from "@scure/base";
 //#region package.json
-var version = "0.3.0";
+var version = "0.3.1";
 //#endregion
 //#region src/objects/pdf-array.ts
@@ -38222,9 +38222,6 @@ const OID_AD_CA_ISSUERS = "1.3.6.1.5.5.7.48.2";
 //#endregion
 //#region src/signatures/utils.ts
 /**
-* Shared utilities for signature operations.
-*/
-/**
 * Escape special characters in PDF literal string.
 *
 * PDF strings use backslash escapes for special characters.
@@ -38238,16 +38235,17 @@ function escapePdfString(str) {
 /**
 * Hash data using the specified algorithm.
 *
+* Uses the Web Crypto API for native-speed hashing, which is significantly
+* faster than pure-JS implementations for large inputs (e.g. hashing an
+* entire PDF during signing).
+*
 * @param data - Data to hash
 * @param algorithm - Digest algorithm
 * @returns Hash bytes
 */
-function hashData(data, algorithm) {
-	switch (algorithm) {
-		case "SHA-256": return sha256(data);
-		case "SHA-384": return sha384(data);
-		case "SHA-512": return sha512(data);
-	}
+async function hashData(data, algorithm) {
+	const digest = await crypto.subtle.digest(algorithm, data);
+	return new Uint8Array(digest);
 }
 //#endregion
@@ -38363,7 +38361,7 @@ var CAdESDetachedBuilder = class {
 		const { signer, documentHash, digestAlgorithm, signingTime } = options;
 		const signerCert = parseCertificate$1(signer.certificate);
 		const allCerts = [signerCert, ...(signer.certificateChain ?? []).map(parseCertificate$1)];
-		const signedAttrs = this.buildSignedAttributes(documentHash, digestAlgorithm, signer, signerCert, signingTime);
+		const signedAttrs = await this.buildSignedAttributes(documentHash, digestAlgorithm, signer, signerCert, signingTime);
 		const signedAttrsForSigning = encodeSignedAttributesForSigning(signedAttrs);
 		this.signatureValue = await signer.sign(new Uint8Array(signedAttrsForSigning), digestAlgorithm);
 		this.signerInfo = new pkijs.SignerInfo({
@@ -38414,7 +38412,7 @@ var CAdESDetachedBuilder = class {
 	/**
 	* Build the signed attributes for CAdES signature.
 	*/
-	buildSignedAttributes(documentHash, digestAlgorithm, signer, signerCert, signingTime) {
+	async buildSignedAttributes(documentHash, digestAlgorithm, signer, signerCert, signingTime) {
 		const attrs = [];
 		attrs.push(new pkijs.Attribute({
 			type: OID_CONTENT_TYPE,
@@ -38429,7 +38427,7 @@ var CAdESDetachedBuilder = class {
 			type: OID_MESSAGE_DIGEST,
 			values: [new OctetString({ valueHex: toArrayBuffer(documentHash) })]
 		}));
-		attrs.push(this.buildSigningCertificateV2(signerCert, digestAlgorithm));
+		attrs.push(await this.buildSigningCertificateV2(signerCert, digestAlgorithm));
 		return attrs;
 	}
 	/**
@@ -38450,9 +38448,9 @@ var CAdESDetachedBuilder = class {
 	*   issuerSerial            IssuerSerial OPTIONAL
 	* }
 	*/
-	buildSigningCertificateV2(signerCert, digestAlgorithm) {
+	async buildSigningCertificateV2(signerCert, digestAlgorithm) {
 		const certDer = signerCert.toSchema().toBER(false);
-		const certHash = hashData(new Uint8Array(certDer), digestAlgorithm);
+		const certHash = await hashData(new Uint8Array(certDer), digestAlgorithm);
 		const generalName = new pkijs.GeneralName({
 			type: 4,
 			value: signerCert.issuer
@@ -41609,7 +41607,7 @@ var PDFSignature = class {
 		const placeholders = findPlaceholders(pdfBytes);
 		const byteRange = calculateByteRange(pdfBytes, placeholders);
 		patchByteRange(pdfBytes, placeholders, byteRange);
-		const documentHash = hashData(extractSignedBytes(pdfBytes, byteRange), resolved.digestAlgorithm);
+		const documentHash = await hashData(extractSignedBytes(pdfBytes, byteRange), resolved.digestAlgorithm);
 		const signedData = await this.getFormatBuilder(resolved.subFilter).create({
 			signer: resolved.signer,
 			documentHash,
@@ -41617,7 +41615,7 @@ var PDFSignature = class {
 			signingTime: resolved.signingTime
 		});
 		if (resolved.timestampAuthority) {
-			const signatureHash = hashData(signedData.getSignatureValue(), resolved.digestAlgorithm);
+			const signatureHash = await hashData(signedData.getSignatureValue(), resolved.digestAlgorithm);
 			const timestampToken = await resolved.timestampAuthority.timestamp(signatureHash, resolved.digestAlgorithm);
 			signedData.addTimestampToken(timestampToken);
 		}
@@ -41769,7 +41767,7 @@ var PDFSignature = class {
 		const placeholders = findPlaceholders(savedBytes);
 		const byteRange = calculateByteRange(savedBytes, placeholders);
 		patchByteRange(savedBytes, placeholders, byteRange);
-		const documentHash = hashData(extractSignedBytes(savedBytes, byteRange), digestAlgorithm);
+		const documentHash = await hashData(extractSignedBytes(savedBytes, byteRange), digestAlgorithm);
 		const timestampToken = await timestampAuthority.timestamp(documentHash, digestAlgorithm);
 		patchContents(savedBytes, placeholders, timestampToken);
 		await this.pdf.reload(savedBytes);
@@ -44531,7 +44529,7 @@ var GoogleKmsSigner = class GoogleKmsSigner {
 	*/
 	async sign(data, algorithm) {
 		if (algorithm !== this.digestAlgorithm) throw new KmsSignerError(`Digest algorithm mismatch: this KMS key requires ${this.digestAlgorithm}, but ${algorithm} was requested`);
-		const { digest, digestKey } = this.hashData(data, algorithm);
+		const { digest, digestKey } = await this.hashData(data, algorithm);
 		try {
 			const [response] = await this.client.asymmetricSign({
 				name: this.keyVersionName,
@@ -44549,23 +44547,21 @@ var GoogleKmsSigner = class GoogleKmsSigner {
 	/**
 	* Hash data using the specified algorithm.
 	*
+	* Uses the Web Crypto API for native-speed hashing.
+	*
 	* @returns The digest bytes and the KMS digest key name
 	*/
-	hashData(data, algorithm) {
-		switch (algorithm) {
-			case "SHA-256": return {
-				digest: sha256(data),
-				digestKey: "sha256"
-			};
-			case "SHA-384": return {
-				digest: sha384(data),
-				digestKey: "sha384"
-			};
-			case "SHA-512": return {
-				digest: sha512(data),
-				digestKey: "sha512"
-			};
-		}
+	async hashData(data, algorithm) {
+		const digestKeyMap = {
+			"SHA-256": "sha256",
+			"SHA-384": "sha384",
+			"SHA-512": "sha512"
+		};
+		const arrayBuffer = await crypto.subtle.digest(algorithm, data);
+		return {
+			digest: new Uint8Array(arrayBuffer),
+			digestKey: digestKeyMap[algorithm]
+		};
 	}
 };