@sphereon/ssi-sdk-ext.jwt-service 0.26.1-next.3 → 0.26.1-next.31

package/src/functions/index.ts

@@ -10,7 +10,7 @@ import {
   ManagedIdentifierResult,
   resolveExternalJwkIdentifier,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import { keyTypeFromCryptographicSuite, verifySignatureWithSubtle } from '@sphereon/ssi-sdk-ext.key-utils'
+import { keyTypeFromCryptographicSuite, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 import { JWK } from '@sphereon/ssi-types'
 import { IAgentContext } from '@veramo/core'
@@ -32,11 +32,13 @@ import {
   JwsJsonFlattened,
   JwsJsonGeneral,
   JwsJsonGeneralWithIdentifiers,
-  JwsJsonSignature, JwsJsonSignatureWithIdentifier,
+  JwsJsonSignature,
+  JwsJsonSignatureWithIdentifier,
   JwsHeader,
   JwsPayload,
   PreparedJwsObject,
-  VerifyJwsArgs, JweHeader,
+  VerifyJwsArgs,
+  JweHeader,
 } from '../types/IJwtService'
 
 const payloadToBytes = (payload: string | JwsPayload | Uint8Array): Uint8Array => {
@@ -321,12 +323,12 @@ export const verifyJws = async (args: VerifyJwsArgs, context: IAgentContext<IIde
           signature: sigWithId.signature,
           data,
           publicKeyHex,
-          type: keyTypeFromCryptographicSuite({ suite: jwkInfo.jwk.crv ?? 'ES256' }),
+          type: keyTypeFromCryptographicSuite({ crv: jwkInfo.jwk.crv ?? 'ES256' }),
           // no kms arg, as the current key manager needs a bit more work
         })
       } else {
         const signature = base64ToBytes(sigWithId.signature)
-        valid = await verifySignatureWithSubtle({ data, signature, key: jwkInfo.jwk })
+        valid = await verifyRawSignature({ data, signature, key: jwkInfo.jwk })
       }
       if (!valid) {
         errorMessages.push(`Signature ${index} was not valid`)
@@ -412,11 +414,7 @@ async function resolveExternalIdentifierFromJwsHeader(
   }
 }
 
-function loadJWK(
-  providedJwk: JWK | undefined,
-  protectedHeader: JwsHeader,
-  jws: JwsJsonGeneral,
-): JWK | undefined {
+function loadJWK(providedJwk: JWK | undefined, protectedHeader: JwsHeader, jws: JwsJsonGeneral): JWK | undefined {
   if (providedJwk) {
     return providedJwk
   }

package/src/index.ts

@@ -1,4 +1,4 @@
-import {Loggers} from "@sphereon/ssi-types";
+import { Loggers } from '@sphereon/ssi-types'
 
 /**
  * @internal

package/src/types/IJwtService.ts

@@ -1,67 +1,60 @@
 import {
-    ExternalIdentifierDidOpts,
-    ExternalIdentifierResult,
-    ExternalIdentifierX5cOpts,
-    IIdentifierResolution,
-    ManagedIdentifierOptsOrResult,
-    ManagedIdentifierResult,
+  ExternalIdentifierDidOpts,
+  ExternalIdentifierResult,
+  ExternalIdentifierX5cOpts,
+  IIdentifierResolution,
+  ManagedIdentifierOptsOrResult,
+  ManagedIdentifierResult,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import {ClientIdScheme} from '@sphereon/ssi-sdk-ext.x509-utils'
-import {
-    BaseJWK,
-    IValidationResult,
-    JoseSignatureAlgorithm,
-    JoseSignatureAlgorithmString,
-    JWK
-} from '@sphereon/ssi-types'
-import {IAgentContext, IKeyManager, IPluginMethodMap} from '@veramo/core'
+import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
+import { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types'
+import { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core'
 
 export type IRequiredContext = IAgentContext<IIdentifierResolution & IKeyManager> // could we still interop with Veramo?
 
 export const jwtServiceContextMethods: Array<string> = [
-    'jwtPrepareJws',
-    'jwtCreateJwsJsonGeneralSignature',
-    'jwtCreateJwsJsonFlattenedSignature',
-    'jwtCreateJwsCompactSignature',
-    'jwtVerifyJwsSignature',
-    'jwtEncryptJweCompactJwt',
-    'jwtDecryptJweCompactJwt'
+  'jwtPrepareJws',
+  'jwtCreateJwsJsonGeneralSignature',
+  'jwtCreateJwsJsonFlattenedSignature',
+  'jwtCreateJwsCompactSignature',
+  'jwtVerifyJwsSignature',
+  'jwtEncryptJweCompactJwt',
+  'jwtDecryptJweCompactJwt',
 ]
 
 export interface IJwtService extends IPluginMethodMap {
-    jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject>
+  jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject>
 
-    jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral>
+  jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral>
 
-    jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened>
+  jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened>
 
-    jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult>
+  jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult>
 
-    jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult>
+  jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult>
 
-    jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
+  jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
 
-    jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
+  jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult>
 
-    // TODO: JWE/encryption general methods
+  // TODO: JWE/encryption general methods
 }
 
 export type IJwsValidationResult = IValidationResult & {
-    jws: JwsJsonGeneralWithIdentifiers // We always translate to general as that is the most flexible format allowing multiple sigs
-    
+  jws: JwsJsonGeneralWithIdentifiers // We always translate to general as that is the most flexible format allowing multiple sigs
 }
 
 export interface PreparedJws {
-    protectedHeader: JwsHeader
-    payload: Uint8Array
-    unprotectedHeader?: JwsHeader // only for jws json and also then optional
-    existingSignatures?: Array<JwsJsonSignature> // only for jws json and also then optional
+  protectedHeader: JwsHeader
+  payload: Uint8Array
+  unprotectedHeader?: JwsHeader // only for jws json and also then optional
+  existingSignatures?: Array<JwsJsonSignature> // only for jws json and also then optional
 }
 
 export interface JwsJsonSignature {
-    protected: string
-    header?: JwsHeader
-    signature: string
+  protected: string
+  header?: JwsHeader
+  signature: string
 }
 
 /**
@@ -74,258 +67,261 @@ export type EphemeralPublicKey = Omit<BaseJWK, 'alg'>
 // export function isEcJWK(v)
 
 export interface JweHeader extends Omit<BaseJwtHeader, 'alg'> {
-    alg: string,
-    enc: string,
-    jku?: string,
-    jwk?: BaseJWK,
-    epk?: EphemeralPublicKey,
-    x5u?: string
-    x5c?: string[]
-    x5t?: string,
-    cty?: string,
-    crit?: string[]
-
-    [k: string]: any
+  alg: string
+  enc: string
+  jku?: string
+  jwk?: BaseJWK
+  epk?: EphemeralPublicKey
+  x5u?: string
+  x5c?: string[]
+  x5t?: string
+  cty?: string
+  crit?: string[]
 
+  [k: string]: any
 }
 
-
 export interface JweRecipientUnprotectedHeader {
-    alg: string
-    iv: string
-    tag: string
-    epk?: EphemeralPublicKey
-    kid?: string
-    apv?: string
-    apu?: string
+  alg: string
+  iv: string
+  tag: string
+  epk?: EphemeralPublicKey
+  kid?: string
+  apv?: string
+  apu?: string
 }
 
 export interface JweProtectedHeader extends Partial<JweHeader> {
-    zip?: 'DEF' | string
+  zip?: 'DEF' | string
 }
 
-
 export type Jws = JwsCompact | JwsJsonFlattened | JwsJsonGeneral
 
 export type JwsCompact = string
 
 export interface JwsJsonFlattened {
-    payload: string
-    protected: string
-    header?: JwsHeader
-    signature: string
+  payload: string
+  protected: string
+  header?: JwsHeader
+  signature: string
 }
 
 export interface JwsJsonGeneral {
-    payload: string
-    signatures: Array<JwsJsonSignature>
+  payload: string
+  signatures: Array<JwsJsonSignature>
 }
 
 export interface JwsJsonGeneralWithIdentifiers extends JwsJsonGeneral {
-    signatures: Array<JwsJsonSignatureWithIdentifier>
+  signatures: Array<JwsJsonSignatureWithIdentifier>
 }
 
 export interface JwsJsonSignatureWithIdentifier extends JwsJsonSignature {
-    identifier: ExternalIdentifierResult
+  identifier: ExternalIdentifierResult
 }
 
-
 export type Jwe = JweCompact | JweJsonFlattened | JweJsonGeneral
 export type JweCompact = string
 
 export interface JweJsonFlattened {
-    protected: string
-    unprotected: JweHeader
-    header: JweHeader | JweRecipientUnprotectedHeader
-    encrypted_key?: string
-    aad?: string
-    iv: string
-    ciphertext: string
-    tag?: string
+  protected: string
+  unprotected: JweHeader
+  header: JweHeader | JweRecipientUnprotectedHeader
+  encrypted_key?: string
+  aad?: string
+  iv: string
+  ciphertext: string
+  tag?: string
 }
 
-
 export interface JweRecipient {
-    header?: JweRecipientUnprotectedHeader
-    encrypted_key?: string
+  header?: JweRecipientUnprotectedHeader
+  encrypted_key?: string
 }
 
 export interface JweJsonGeneral {
-    protected: string
-    unprotected?: JweHeader
-    recipients: Array<JweRecipient>
-    aad?: string
-    iv: string
-    ciphertext: string
-    tag?: string
+  protected: string
+  unprotected?: JweHeader
+  recipients: Array<JweRecipient>
+  aad?: string
+  iv: string
+  ciphertext: string
+  tag?: string
 }
 
-
 export interface PreparedJwsObject {
-    jws: PreparedJws
-    b64: { payload: string; protectedHeader: string } // header is always json, as it can only be used in JwsJson
-    identifier: ManagedIdentifierResult
+  jws: PreparedJws
+  b64: { payload: string; protectedHeader: string } // header is always json, as it can only be used in JwsJson
+  identifier: ManagedIdentifierResult
 }
 
 export interface BaseJwtHeader {
-    typ?: string
-    alg?: string
-    kid?: string
+  typ?: string
+  alg?: string
+  kid?: string
 }
 
 export interface BaseJwtPayload {
-    iss?: string
-    sub?: string
-    aud?: string[] | string
-    exp?: number
-    nbf?: number
-    iat?: number
-    jti?: string
+  iss?: string
+  sub?: string
+  aud?: string[] | string
+  exp?: number
+  nbf?: number
+  iat?: number
+  jti?: string
 }
 
 export interface JwsHeader extends BaseJwtHeader {
-    kid?: string
-    jwk?: JWK
-    x5c?: string[]
+  kid?: string
+  jwk?: JWK
+  x5c?: string[]
 
-    [key: string]: unknown
+  [key: string]: unknown
 }
 
 export interface JwsPayload extends BaseJwtPayload {
-    [key: string]: unknown
+  [key: string]: unknown
 }
 
 export interface JwsHeaderOpts {
-    alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString
+  alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString
 }
 
 export type JwsIdentifierMode = 'x5c' | 'kid' | 'jwk' | 'did' | 'auto'
 
 export type EncryptJweCompactJwtArgs = {
-    payload: JwsPayload,
-    protectedHeader?: JweProtectedHeader | undefined,
-    aad?: Uint8Array | undefined
-    recipientKey:  ExternalIdentifierResult & { kid?: string}
-    alg?: JweAlg
-    enc?: JweEnc
-    apu?: string // base64url
-    apv?: string // base64url
-    expirationTime?: number | string | Date
-    issuer?: string
-    audience?: string | string[]
+  payload: JwsPayload
+  protectedHeader?: JweProtectedHeader | undefined
+  aad?: Uint8Array | undefined
+  recipientKey: ExternalIdentifierResult & { kid?: string }
+  alg?: JweAlg
+  enc?: JweEnc
+  apu?: string // base64url
+  apv?: string // base64url
+  expirationTime?: number | string | Date
+  issuer?: string
+  audience?: string | string[]
 }
 
 export type DecryptJweCompactJwtArgs = {
-    jwe: JweCompact
-    idOpts: ManagedIdentifierOptsOrResult
+  jwe: JweCompact
+  idOpts: ManagedIdentifierOptsOrResult
 }
 
 export type CreateJwsArgs = {
-    mode?: JwsIdentifierMode
-    issuer: ManagedIdentifierOptsOrResult & {
-        noIssPayloadUpdate?: boolean
-        noIdentifierInHeader?: boolean
-    }
-    clientId?: string
-    clientIdScheme?: ClientIdScheme | 'did' | string
-    protectedHeader: JwsHeader
-    payload: JwsPayload | Uint8Array | string
+  mode?: JwsIdentifierMode
+  issuer: ManagedIdentifierOptsOrResult & {
+    noIssPayloadUpdate?: boolean
+    noIdentifierInHeader?: boolean
+  }
+  clientId?: string
+  clientIdScheme?: ClientIdScheme | 'did' | string
+  protectedHeader: JwsHeader
+  payload: JwsPayload | Uint8Array | string
 }
 
-
 export type CreateJweArgs = {
-    mode?: JwsIdentifierMode
-    issuer: ManagedIdentifierOptsOrResult & {
-        noIssPayloadUpdate?: boolean
-        noIdentifierInHeader?: boolean
-    }
-    protectedHeader: JweProtectedHeader
-    encryptedKey: string | EphemeralPublicKey // In case it is a string it is already encrypted; otherwise encrypt //TODO ??
-    iv: string
-    ciphertext: string
-    tag: string
+  mode?: JwsIdentifierMode
+  issuer: ManagedIdentifierOptsOrResult & {
+    noIssPayloadUpdate?: boolean
+    noIdentifierInHeader?: boolean
+  }
+  protectedHeader: JweProtectedHeader
+  encryptedKey: string | EphemeralPublicKey // In case it is a string it is already encrypted; otherwise encrypt //TODO ??
+  iv: string
+  ciphertext: string
+  tag: string
 }
 export type CreateJwsCompactArgs = CreateJwsArgs
 
 export type CreateJwsFlattenedArgs = Exclude<CreateJwsJsonArgs, 'existingSignatures'>
 
-
-
-
 export type VerifyJwsArgs = {
-    jws: Jws
-    jwk?: JWK // Jwk will be resolved from jws, but you can also provide one
-    opts?: { x5c?: Omit<ExternalIdentifierX5cOpts, 'identifier'>; did?: Omit<ExternalIdentifierDidOpts, 'identifier'> }
+  jws: Jws
+  jwk?: JWK // Jwk will be resolved from jws, but you can also provide one
+  opts?: { x5c?: Omit<ExternalIdentifierX5cOpts, 'identifier'>; did?: Omit<ExternalIdentifierDidOpts, 'identifier'> }
 }
 
 /**
  * @public
  */
 export type CreateJwsJsonArgs = CreateJwsArgs & {
-    unprotectedHeader?: JwsHeader // only for jws json
-    existingSignatures?: Array<JwsJsonSignature> // Only for jws json
+  unprotectedHeader?: JwsHeader // only for jws json
+  existingSignatures?: Array<JwsJsonSignature> // Only for jws json
 }
 
 export type CreateJweJsonArgs = CreateJweArgs & {
-    unprotectedHeader?: JweHeader
+  unprotectedHeader?: JweHeader
 }
 
 /**
  * @public
  */
 export interface JwtCompactResult {
-    jwt: JwsCompact | JweCompact
+  jwt: JwsCompact | JweCompact
 }
 
 export function isJwsCompact(jws: Jws): jws is JwsCompact {
-    return typeof jws === 'string' && jws.split('~')[0].match(COMPACT_JWS_REGEX) !== null
+  return typeof jws === 'string' && jws.split('~')[0].match(COMPACT_JWS_REGEX) !== null
 }
 
 export function isJweCompact(jwe: Jwe): jwe is JweCompact {
-    return typeof jwe === 'string' && jwe.split('~')[0].match(COMPACT_JWE_REGEX) !== null
+  return typeof jwe === 'string' && jwe.split('~')[0].match(COMPACT_JWE_REGEX) !== null
 }
 
-
 export function isJwsJsonFlattened(jws: Jws): jws is JwsJsonFlattened {
-    return typeof jws === 'object' && 'signature' in jws && 'protected' in jws && !('ciphertext' in jws)
+  return typeof jws === 'object' && 'signature' in jws && 'protected' in jws && !('ciphertext' in jws)
 }
 
 export function isJwsJsonGeneral(jws: Jws): jws is JwsJsonGeneral {
-    return typeof jws === 'object' && 'signatures' in jws && !('ciphertext' in jws)
+  return typeof jws === 'object' && 'signatures' in jws && !('ciphertext' in jws)
 }
 
-
 export function isJweJsonFlattened(jwe: Jwe): jwe is JweJsonFlattened {
-    return typeof jwe === 'object' && 'signature' in jwe && 'ciphertext' in jwe && !('payload' in jwe)
+  return typeof jwe === 'object' && 'signature' in jwe && 'ciphertext' in jwe && !('payload' in jwe)
 }
 
 export function isJweJsonGeneral(jwe: Jwe): jwe is JweJsonGeneral {
-    return typeof jwe === 'object' && 'signatures' in jwe && 'ciphertext' in jwe && !('payload' in jwe)
+  return typeof jwe === 'object' && 'signatures' in jwe && 'ciphertext' in jwe && !('payload' in jwe)
 }
 
-
 export function isJwsHeader(header: BaseJwtHeader & Record<string, any>): header is JwsHeader {
-    return header && !isJweHeader(header)
+  return header && !isJweHeader(header)
 }
 
 export function isJweHeader(header: BaseJwtHeader & Record<string, any>): header is JweHeader {
-    return ('enc' in header && header.enc && jweEnc(header.enc)) || (header.alg && jweAlg(header.alg))
+  return ('enc' in header && header.enc && jweEnc(header.enc)) || (header.alg && jweAlg(header.alg))
 }
 
 export const COMPACT_JWS_REGEX = /^([a-zA-Z0-9_=-]+).([a-zA-Z0-9_=-]+)?.([a-zA-Z0-9_=-]+)?$/
 export const COMPACT_JWE_REGEX = /^([a-zA-Z0-9_=-]+)\.([a-zA-Z0-9_=-]+)?\.([a-zA-Z0-9_=-]+)\.([a-zA-Z0-9_=-]+)?\.([a-zA-Z0-9_=-]+)?$/
 
-export const JweAlgs = ['RSA1_5', 'RSA-OAEP', 'RSA-OAEP-256', 'A128KW', 'A192KW', 'A256KW', 'dir', 'ECDH-ES'/*interop value*/, 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW'] as const;
-export type JweAlg = typeof JweAlgs[number]
+export const JweAlgs = [
+  'RSA1_5',
+  'RSA-OAEP',
+  'RSA-OAEP-256',
+  'A128KW',
+  'A192KW',
+  'A256KW',
+  'dir',
+  'ECDH-ES' /*interop value*/,
+  'ECDH-ES+A128KW',
+  'ECDH-ES+A192KW',
+  'ECDH-ES+A256KW',
+  'A128GCMKW',
+  'A192GCMKW',
+  'A256GCMKW',
+  'PBES2-HS256+A128KW',
+  'PBES2-HS384+A192KW',
+  'PBES2-HS512+A256KW',
+] as const
+export type JweAlg = (typeof JweAlgs)[number]
 export function jweAlg(alg?: string | JweAlg): JweAlg | undefined {
-    return JweAlgs.find((supportedVal) => supportedVal === alg);
+  return JweAlgs.find((supportedVal) => supportedVal === alg)
 }
 
-
-export const JweEncs = ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM'/*interop value*/] as const
-export type JweEnc = typeof JweEncs[number]
+export const JweEncs = ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM' /*interop value*/] as const
+export type JweEnc = (typeof JweEncs)[number]
 
 export function jweEnc(alg?: string | JweEnc): JweEnc | undefined {
-    return JweEncs.find((supportedVal) => supportedVal === alg);
+  return JweEncs.find((supportedVal) => supportedVal === alg)
 }
-