@sphereon/oid4vc-common 0.16.1-unstable.5 → 0.16.1-unstable.68
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/hasher.d.ts.map +1 -1
- package/dist/hasher.js +3 -2
- package/dist/hasher.js.map +1 -1
- package/dist/jwt/JwkThumbprint.js +1 -1
- package/dist/jwt/JwkThumbprint.js.map +1 -1
- package/dist/jwt/JwtIssuer.d.ts +0 -1
- package/dist/jwt/JwtIssuer.d.ts.map +1 -1
- package/dist/jwt/JwtVerifier.d.ts.map +1 -1
- package/dist/jwt/JwtVerifier.js +20 -4
- package/dist/jwt/JwtVerifier.js.map +1 -1
- package/lib/hasher.ts +3 -2
- package/lib/jwt/JwkThumbprint.ts +1 -1
- package/lib/jwt/JwtIssuer.ts +0 -2
- package/lib/jwt/JwtVerifier.ts +22 -5
- package/lib/jwt/__tests__/JwkThumbprint.spec.ts +16 -0
- package/package.json +3 -3
package/dist/hasher.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAM7C,eAAO,MAAM,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"hasher.d.ts","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAM7C,eAAO,MAAM,aAAa,EAAE,MAW3B,CAAC"}
|
package/dist/hasher.js
CHANGED
|
@@ -7,10 +7,11 @@ exports.defaultHasher = void 0;
|
|
|
7
7
|
const sha_js_1 = __importDefault(require("sha.js"));
|
|
8
8
|
const supportedAlgorithms = ['sha256', 'sha384', 'sha512'];
|
|
9
9
|
const defaultHasher = (data, algorithm) => {
|
|
10
|
-
|
|
10
|
+
const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
|
|
11
|
+
if (!supportedAlgorithms.includes(sanitizedAlgorithm)) {
|
|
11
12
|
throw new Error(`Unsupported hashing algorithm ${algorithm}`);
|
|
12
13
|
}
|
|
13
|
-
return new Uint8Array((0, sha_js_1.default)(
|
|
14
|
+
return new Uint8Array((0, sha_js_1.default)(sanitizedAlgorithm)
|
|
14
15
|
.update(data)
|
|
15
16
|
.digest());
|
|
16
17
|
};
|
package/dist/hasher.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":";;;;;;AACA,oDAAyB;AAEzB,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAG7D,MAAM,aAAa,GAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE;IACvD,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,
|
|
1
|
+
{"version":3,"file":"hasher.js","sourceRoot":"","sources":["../lib/hasher.ts"],"names":[],"mappings":";;;;;;AACA,oDAAyB;AAEzB,MAAM,mBAAmB,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAU,CAAC;AAG7D,MAAM,aAAa,GAAW,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,kBAAyC,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,iCAAiC,SAAS,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,IAAI,UAAU,CACnB,IAAA,gBAAG,EAAC,kBAAyC,CAAC;SAC3C,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,EAAE,CACZ,CAAC;AACJ,CAAC,CAAC;AAXW,QAAA,aAAa,iBAWxB"}
|
|
@@ -74,7 +74,7 @@ function calculateJwkThumbprint(jwk, digestAlgorithm) {
|
|
|
74
74
|
default:
|
|
75
75
|
throw Error('"kty" (Key Type) Parameter missing or unsupported');
|
|
76
76
|
}
|
|
77
|
-
return u8a.toString((0, hasher_1.defaultHasher)(
|
|
77
|
+
return u8a.toString((0, hasher_1.defaultHasher)(JSON.stringify(components), algorithm), 'base64url');
|
|
78
78
|
});
|
|
79
79
|
}
|
|
80
80
|
exports.calculateJwkThumbprint = calculateJwkThumbprint;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwkThumbprint.js","sourceRoot":"","sources":["../../lib/jwt/JwkThumbprint.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,sCAA0C;AAK1C,MAAM,KAAK,GAAG,CAAC,KAAc,EAAE,WAAmB,EAAE,EAAE;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,KAAK,CAAC,GAAG,WAAW,qBAAqB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC,CAAC;AAEF,SAAsB,sBAAsB,CAAC,GAAQ,EAAE,eAAiC;;QACtF,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,SAAS,GAAG,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,QAAQ,CAAC;QAC9C,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC/E,MAAM,IAAI,SAAS,CAAC,6DAA6D,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,UAAU,CAAC;QACf,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI;gBACP,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC1C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChE,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAC;gBACxD,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC;gBAC3C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBACtD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;gBACxC,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAClD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;gBAC1C,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;gBACxC,MAAM;YACR;gBACE,MAAM,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAA,sBAAa,EAAC,
|
|
1
|
+
{"version":3,"file":"JwkThumbprint.js","sourceRoot":"","sources":["../../lib/jwt/JwkThumbprint.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,sCAA0C;AAK1C,MAAM,KAAK,GAAG,CAAC,KAAc,EAAE,WAAmB,EAAE,EAAE;IACpD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,KAAK,CAAC,GAAG,WAAW,qBAAqB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC,CAAC;AAEF,SAAsB,sBAAsB,CAAC,GAAQ,EAAE,eAAiC;;QACtF,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC;QACD,MAAM,SAAS,GAAG,eAAe,aAAf,eAAe,cAAf,eAAe,GAAI,QAAQ,CAAC;QAC9C,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC/E,MAAM,IAAI,SAAS,CAAC,6DAA6D,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,UAAU,CAAC;QACf,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;YAChB,KAAK,IAAI;gBACP,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBAC1C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAC;gBAC7C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChE,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAC;gBACxD,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAC;gBAC3C,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBACtD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;gBACzC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAC;gBACxC,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;gBAClD,MAAM;YACR,KAAK,KAAK;gBACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,2BAA2B,CAAC,CAAC;gBAC1C,UAAU,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;gBACxC,MAAM;YACR;gBACE,MAAM,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACrE,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,EAAE,WAAW,CAAC,CAAC;IACzF,CAAC;CAAA;AAlCD,wDAkCC;AAED,SAAsB,sCAAsC,CAAC,GAAW;;QACtE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAC5E,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,EAAqB,CAAC;QACtD,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,+CAA+C,GAAG,EAAE,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CAAA;AAVD,wFAUC;AAED,SAAsB,yBAAyB;yDAAC,GAAQ,EAAE,kBAAmC,QAAQ;QACnG,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;QACtE,OAAO,4CAA4C,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;IAC/F,CAAC;CAAA;AAHD,8DAGC"}
|
package/dist/jwt/JwtIssuer.d.ts
CHANGED
|
@@ -31,7 +31,6 @@ export interface JwtIssuerX5c extends JwtIssuerBase {
|
|
|
31
31
|
* It must match an entry in the x5c certificate leaf entry dnsName / uriName
|
|
32
32
|
*/
|
|
33
33
|
issuer: string;
|
|
34
|
-
clientIdScheme: 'x509_san_dns' | 'x509_san_uri';
|
|
35
34
|
}
|
|
36
35
|
export interface JwtIssuerJwk extends JwtIssuerBase {
|
|
37
36
|
method: 'jwk';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtIssuer.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAElF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,mBAAmB,CAAC;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;;;OAQG;IACH,MAAM,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"JwtIssuer.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtIssuer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAElF,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,mBAAmB,CAAC;IAC5B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;;;OAQG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAa,SAAQ,aAAa;IACjD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,eAAgB,SAAQ,aAAa;IACpD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,SAAS,GAAG,YAAY,GAAG,YAAY,GAAG,YAAY,GAAG,eAAe,CAAC;AAErF,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,SAAS,GAAG,sBAAsB,IAAI,CAC5E,SAAS,EAAE,CAAC,EACZ,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,KAC5C,OAAO,CAAC,MAAM,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtVerifier.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE,MAAM,EAAE,mBAAmB,CAAC;IAE5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,2BAA2B,CAAC;AAE7H,eAAO,MAAM,iBAAiB,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAS/G,CAAC;
|
|
1
|
+
{"version":3,"file":"JwtVerifier.d.ts","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,mBAAmB,CAAC;CAC7B;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IAEd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B;;;;;OAKG;IACH,GAAG,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA4B,SAAQ,eAAe;IAClE,MAAM,EAAE,mBAAmB,CAAC;IAE5B;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,MAAM,EAAE,KAAK,CAAC;IACd,GAAG,EAAE,WAAW,GAAG,MAAM,CAAC;IAE1B,GAAG,EAAE,GAAG,CAAC;CACV;AAED,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,MAAM,EAAE,QAAQ,CAAC;CAClB;AAED,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,2BAA2B,CAAC;AAE7H,eAAO,MAAM,iBAAiB,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAS/G,CAAC;AAiBF,eAAO,MAAM,cAAc,QAAS;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,cAgB5G,CAAC;AAEF,eAAO,MAAM,cAAc,QAAe;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WAAW;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KAAG,QAAQ,cAAc,CAUxI,CAAC;AAEF,eAAO,MAAM,yBAAyB,QAC/B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,WACtC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,KACzB,QAAQ,WAAW,CAQrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,CAAC,CAAC,SAAS,WAAW,IAAI,CACzD,WAAW,EAAE,CAAC,EACd,GAAG,EAAE;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,KACzD,OAAO,CAAC,OAAO,CAAC,CAAC"}
|
package/dist/jwt/JwtVerifier.js
CHANGED
|
@@ -22,6 +22,19 @@ const getDidJwtVerifier = (jwt, options) => {
|
|
|
22
22
|
return { method: 'did', didUrl: jwt.header.kid, type: type, alg: jwt.header.alg };
|
|
23
23
|
};
|
|
24
24
|
exports.getDidJwtVerifier = getDidJwtVerifier;
|
|
25
|
+
const getIssuer = (type, payload) => {
|
|
26
|
+
// For 'request-object' the `iss` value is not required so we map the issuer to client_id
|
|
27
|
+
if (type === 'request-object') {
|
|
28
|
+
if (!payload.client_id) {
|
|
29
|
+
throw new Error('Missing required field client_id in request object JWT');
|
|
30
|
+
}
|
|
31
|
+
return payload.client_id;
|
|
32
|
+
}
|
|
33
|
+
if (typeof payload.iss !== 'string') {
|
|
34
|
+
throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
|
|
35
|
+
}
|
|
36
|
+
return payload.iss;
|
|
37
|
+
};
|
|
25
38
|
const getX5cVerifier = (jwt, options) => {
|
|
26
39
|
const { type } = options;
|
|
27
40
|
if (!jwt.header.x5c)
|
|
@@ -31,10 +44,13 @@ const getX5cVerifier = (jwt, options) => {
|
|
|
31
44
|
if (!Array.isArray(jwt.header.x5c) || jwt.header.x5c.length === 0 || !jwt.header.x5c.every((cert) => typeof cert === 'string')) {
|
|
32
45
|
throw new Error(`Received an invalid JWT.. '${type}' contains an invalid x5c header.`);
|
|
33
46
|
}
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
47
|
+
return {
|
|
48
|
+
method: 'x5c',
|
|
49
|
+
x5c: jwt.header.x5c,
|
|
50
|
+
issuer: getIssuer(type, jwt.payload),
|
|
51
|
+
type: type,
|
|
52
|
+
alg: jwt.header.alg,
|
|
53
|
+
};
|
|
38
54
|
};
|
|
39
55
|
exports.getX5cVerifier = getX5cVerifier;
|
|
40
56
|
const getJwkVerifier = (jwt, options) => __awaiter(void 0, void 0, void 0, function* () {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JwtVerifier.js","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAyDO,MAAM,iBAAiB,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC/H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AACpF,CAAC,CAAC;AATW,QAAA,iBAAiB,qBAS5B;AAEK,MAAM,cAAc,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC5H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QAC/H,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"JwtVerifier.js","sourceRoot":"","sources":["../../lib/jwt/JwtVerifier.ts"],"names":[],"mappings":";;;;;;;;;;;;AAyDO,MAAM,iBAAiB,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC/H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AACpF,CAAC,CAAC;AATW,QAAA,iBAAiB,qBAS5B;AAEF,MAAM,SAAS,GAAG,CAAC,IAAa,EAAE,OAAmB,EAAU,EAAE;IAC/D,yFAAyF;IACzF,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QAC9B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,OAAO,OAAO,CAAC,SAAmB,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,mDAAmD,CAAC,CAAC;IACxG,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC;AACrB,CAAC,CAAC;AAEK,MAAM,cAAc,GAAG,CAAC,GAA+C,EAAE,OAA0B,EAAkB,EAAE;IAC5H,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;QAC/H,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,mCAAmC,CAAC,CAAC;IACzF,CAAC;IAED,OAAO;QACL,MAAM,EAAE,KAAK;QACb,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;QACnB,MAAM,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC;QACpC,IAAI,EAAE,IAAI;QACV,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;KACpB,CAAC;AACJ,CAAC,CAAC;AAhBW,QAAA,cAAc,kBAgBzB;AAEK,MAAM,cAAc,GAAG,CAAO,GAA+C,EAAE,OAA0B,EAA2B,EAAE;IAC3I,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACtF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAErF,IAAI,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,mCAAmC,CAAC,CAAC;IACxF,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;AAC3E,CAAC,CAAA,CAAC;AAVW,QAAA,cAAc,kBAUzB;AAEK,MAAM,yBAAyB,GAAG,CACvC,GAA+C,EAC/C,OAA0B,EACJ,EAAE;;IACxB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAEhC,IAAI,MAAA,MAAM,CAAC,GAAG,0CAAE,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAA,yBAAiB,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;SACtF,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,OAAO,IAAA,sBAAc,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;SACxE,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG;QAAE,OAAO,IAAA,sBAAc,EAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;IAE7E,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;AAClD,CAAC,CAAA,CAAC;AAXW,QAAA,yBAAyB,6BAWpC"}
|
package/lib/hasher.ts
CHANGED
|
@@ -5,12 +5,13 @@ const supportedAlgorithms = ['sha256', 'sha384', 'sha512'] as const;
|
|
|
5
5
|
type SupportedAlgorithms = (typeof supportedAlgorithms)[number];
|
|
6
6
|
|
|
7
7
|
export const defaultHasher: Hasher = (data, algorithm) => {
|
|
8
|
-
|
|
8
|
+
const sanitizedAlgorithm = algorithm.toLowerCase().replace(/[-_]/g, '');
|
|
9
|
+
if (!supportedAlgorithms.includes(sanitizedAlgorithm as SupportedAlgorithms)) {
|
|
9
10
|
throw new Error(`Unsupported hashing algorithm ${algorithm}`);
|
|
10
11
|
}
|
|
11
12
|
|
|
12
13
|
return new Uint8Array(
|
|
13
|
-
sha(
|
|
14
|
+
sha(sanitizedAlgorithm as SupportedAlgorithms)
|
|
14
15
|
.update(data)
|
|
15
16
|
.digest(),
|
|
16
17
|
);
|
package/lib/jwt/JwkThumbprint.ts
CHANGED
|
@@ -44,7 +44,7 @@ export async function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: DigestA
|
|
|
44
44
|
default:
|
|
45
45
|
throw Error('"kty" (Key Type) Parameter missing or unsupported');
|
|
46
46
|
}
|
|
47
|
-
return u8a.toString(defaultHasher(
|
|
47
|
+
return u8a.toString(defaultHasher(JSON.stringify(components), algorithm), 'base64url');
|
|
48
48
|
}
|
|
49
49
|
|
|
50
50
|
export async function getDigestAlgorithmFromJwkThumbprintUri(uri: string): Promise<DigestAlgorithm> {
|
package/lib/jwt/JwtIssuer.ts
CHANGED
|
@@ -36,8 +36,6 @@ export interface JwtIssuerX5c extends JwtIssuerBase {
|
|
|
36
36
|
* It must match an entry in the x5c certificate leaf entry dnsName / uriName
|
|
37
37
|
*/
|
|
38
38
|
issuer: string;
|
|
39
|
-
|
|
40
|
-
clientIdScheme: 'x509_san_dns' | 'x509_san_uri';
|
|
41
39
|
}
|
|
42
40
|
|
|
43
41
|
export interface JwtIssuerJwk extends JwtIssuerBase {
|
package/lib/jwt/JwtVerifier.ts
CHANGED
|
@@ -66,6 +66,21 @@ export const getDidJwtVerifier = (jwt: { header: JwtHeader; payload: JwtPayload
|
|
|
66
66
|
return { method: 'did', didUrl: jwt.header.kid, type: type, alg: jwt.header.alg };
|
|
67
67
|
};
|
|
68
68
|
|
|
69
|
+
const getIssuer = (type: JwtType, payload: JwtPayload): string => {
|
|
70
|
+
// For 'request-object' the `iss` value is not required so we map the issuer to client_id
|
|
71
|
+
if (type === 'request-object') {
|
|
72
|
+
if (!payload.client_id) {
|
|
73
|
+
throw new Error('Missing required field client_id in request object JWT');
|
|
74
|
+
}
|
|
75
|
+
return payload.client_id as string;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
if (typeof payload.iss !== 'string') {
|
|
79
|
+
throw new Error(`Received an invalid JWT. '${type}' contains an invalid iss claim or it is missing.`);
|
|
80
|
+
}
|
|
81
|
+
return payload.iss;
|
|
82
|
+
};
|
|
83
|
+
|
|
69
84
|
export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): X5cJwtVerifier => {
|
|
70
85
|
const { type } = options;
|
|
71
86
|
if (!jwt.header.x5c) throw new Error(`Received an invalid JWT. Missing x5c header.`);
|
|
@@ -75,11 +90,13 @@ export const getX5cVerifier = (jwt: { header: JwtHeader; payload: JwtPayload },
|
|
|
75
90
|
throw new Error(`Received an invalid JWT.. '${type}' contains an invalid x5c header.`);
|
|
76
91
|
}
|
|
77
92
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
93
|
+
return {
|
|
94
|
+
method: 'x5c',
|
|
95
|
+
x5c: jwt.header.x5c,
|
|
96
|
+
issuer: getIssuer(type, jwt.payload),
|
|
97
|
+
type: type,
|
|
98
|
+
alg: jwt.header.alg,
|
|
99
|
+
};
|
|
83
100
|
};
|
|
84
101
|
|
|
85
102
|
export const getJwkVerifier = async (jwt: { header: JwtHeader; payload: JwtPayload }, options: { type: JwtType }): Promise<JwkJwtVerifier> => {
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { calculateJwkThumbprint } from '../JwkThumbprint';
|
|
2
|
+
|
|
3
|
+
describe('JwkThumbprint', () => {
|
|
4
|
+
test('correctly calculates jwk thumbprint', async () => {
|
|
5
|
+
// Based on https://www.rfc-editor.org/rfc/rfc7638.html#section-3.1
|
|
6
|
+
expect(
|
|
7
|
+
await calculateJwkThumbprint({
|
|
8
|
+
kty: 'RSA',
|
|
9
|
+
n: '0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw',
|
|
10
|
+
e: 'AQAB',
|
|
11
|
+
alg: 'RS256',
|
|
12
|
+
kid: '2011-04-29',
|
|
13
|
+
}),
|
|
14
|
+
).toEqual('NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs');
|
|
15
|
+
});
|
|
16
|
+
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/oid4vc-common",
|
|
3
|
-
"version": "0.16.1-unstable.
|
|
3
|
+
"version": "0.16.1-unstable.68+505ee0d",
|
|
4
4
|
"description": "OpenID 4 Verifiable Credentials Common",
|
|
5
5
|
"source": "lib/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"build:clean": "tsc --build --clean && tsc --build"
|
|
11
11
|
},
|
|
12
12
|
"dependencies": {
|
|
13
|
-
"@sphereon/ssi-types": "0.
|
|
13
|
+
"@sphereon/ssi-types": "0.29.1-unstable.121",
|
|
14
14
|
"jwt-decode": "^4.0.0",
|
|
15
15
|
"sha.js": "^2.4.11",
|
|
16
16
|
"uint8arrays": "3.1.1",
|
|
@@ -52,5 +52,5 @@
|
|
|
52
52
|
"publishConfig": {
|
|
53
53
|
"access": "public"
|
|
54
54
|
},
|
|
55
|
-
"gitHead": "
|
|
55
|
+
"gitHead": "505ee0db404e9b7a31434d4e91d70cfb94a30841"
|
|
56
56
|
}
|