@sphereon/ssi-sdk-ext.jwt-service 0.26.1-next.5 → 0.26.1-next.86

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/agent/JwtService.d.ts.map +1 -1
  2. package/dist/agent/JwtService.js +44 -34
  3. package/dist/agent/JwtService.js.map +1 -1
  4. package/dist/functions/JWE.d.ts +6 -6
  5. package/dist/functions/JWE.d.ts.map +1 -1
  6. package/dist/functions/JWE.js +13 -13
  7. package/dist/functions/JWE.js.map +1 -1
  8. package/dist/functions/index.d.ts +1 -1
  9. package/dist/functions/index.d.ts.map +1 -1
  10. package/dist/functions/index.js +18 -19
  11. package/dist/functions/index.js.map +1 -1
  12. package/dist/index.js.map +1 -1
  13. package/dist/types/IJwtService.d.ts +2 -2
  14. package/dist/types/IJwtService.d.ts.map +1 -1
  15. package/dist/types/IJwtService.js +20 -2
  16. package/dist/types/IJwtService.js.map +1 -1
  17. package/package.json +10 -10
  18. package/plugin.schema.json +12 -0
  19. package/src/agent/JwtService.ts +97 -91
  20. package/src/functions/JWE.ts +281 -282
  21. package/src/functions/index.ts +19 -20
  22. package/src/index.ts +1 -1
  23. package/src/types/IJwtService.ts +166 -170
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.jwt-service",
3
- "version": "0.26.1-next.5+3dbfe73",
3
+ "version": "0.26.1-next.86+650ee51",
4
4
  "source": "src/index.ts",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -15,11 +15,11 @@
15
15
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
16
16
  },
17
17
  "dependencies": {
18
- "@sphereon/ssi-sdk-ext.did-utils": "0.26.1-next.5+3dbfe73",
19
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.26.1-next.5+3dbfe73",
20
- "@sphereon/ssi-sdk-ext.key-manager": "0.26.1-next.5+3dbfe73",
21
- "@sphereon/ssi-sdk-ext.key-utils": "0.26.1-next.5+3dbfe73",
22
- "@sphereon/ssi-sdk-ext.x509-utils": "0.26.1-next.5+3dbfe73",
18
+ "@sphereon/ssi-sdk-ext.did-utils": "0.26.1-next.86+650ee51",
19
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.26.1-next.86+650ee51",
20
+ "@sphereon/ssi-sdk-ext.key-manager": "0.26.1-next.86+650ee51",
21
+ "@sphereon/ssi-sdk-ext.key-utils": "0.26.1-next.86+650ee51",
22
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.26.1-next.86+650ee51",
23
23
  "@sphereon/ssi-sdk.agent-config": "0.30.2-feature.SDK.41.oidf.support.286",
24
24
  "@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
25
25
  "@stablelib/random": "^1.0.2",
@@ -31,9 +31,9 @@
31
31
  "uint8arrays": "^3.1.1"
32
32
  },
33
33
  "devDependencies": {
34
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.26.1-next.5+3dbfe73",
35
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.26.1-next.5+3dbfe73",
36
- "@sphereon/ssi-sdk-ext.kms-local": "0.26.1-next.5+3dbfe73",
34
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.26.1-next.86+650ee51",
35
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.26.1-next.86+650ee51",
36
+ "@sphereon/ssi-sdk-ext.kms-local": "0.26.1-next.86+650ee51",
37
37
  "@sphereon/ssi-sdk.dev": "0.30.2-feature.SDK.41.oidf.support.286",
38
38
  "@veramo/data-store": "4.2.0",
39
39
  "@veramo/did-manager": "4.2.0",
@@ -68,5 +68,5 @@
68
68
  "X.509 Certificates",
69
69
  "ARF"
70
70
  ],
71
- "gitHead": "3dbfe73665f102d9c51e180199348cc8288f2a9c"
71
+ "gitHead": "650ee51e31a6dfa4abaf1227a5dbfdc0905f4670"
72
72
  }
package/plugin.schema.json CHANGED
@@ -4726,6 +4726,9 @@
4726
4726
  "message": {
4727
4727
  "type": "string"
4728
4728
  },
4729
+ "detailMessage": {
4730
+ "type": "string"
4731
+ },
4729
4732
  "verificationTime": {
4730
4733
  "type": "string",
4731
4734
  "format": "date-time"
@@ -4736,6 +4739,9 @@
4736
4739
  "$ref": "#/components/schemas/CertificateInfo"
4737
4740
  }
4738
4741
  },
4742
+ "trustAnchor": {
4743
+ "$ref": "#/components/schemas/CertificateInfo"
4744
+ },
4739
4745
  "client": {
4740
4746
  "type": "object",
4741
4747
  "properties": {
@@ -5478,6 +5484,9 @@
5478
5484
  "x5c": {
5479
5485
  "type": "object",
5480
5486
  "properties": {
5487
+ "allowNoTrustAnchorsFound": {
5488
+ "type": "boolean"
5489
+ },
5481
5490
  "trustRootWhenNoAnchors": {
5482
5491
  "type": "boolean"
5483
5492
  },
@@ -5498,6 +5507,9 @@
5498
5507
  }
5499
5508
  ]
5500
5509
  },
5510
+ "disallowReversedChain": {
5511
+ "type": "boolean"
5512
+ },
5501
5513
  "client": {
5502
5514
  "type": "object",
5503
5515
  "properties": {
package/src/agent/JwtService.ts CHANGED
@@ -1,111 +1,117 @@
1
- import {IAgentPlugin} from '@veramo/core'
2
- import {
3
- createJwsCompact,
4
- CreateJwsCompactArgs,
5
- CreateJwsFlattenedArgs,
6
- CreateJwsJsonArgs,
7
- createJwsJsonFlattened,
8
- createJwsJsonGeneral,
9
- DecryptJweCompactJwtArgs,
10
- EncryptJweCompactJwtArgs,
11
- IJwsValidationResult,
12
- IJwtService,
13
- IRequiredContext,
14
- jweAlg,
15
- jweEnc,
16
- JwsJsonFlattened,
17
- JwsJsonGeneral,
18
- JwtCompactResult,
19
- JwtLogger,
20
- PreparedJwsObject,
21
- prepareJwsObject,
22
- schema,
23
- verifyJws,
24
- VerifyJwsArgs,
25
- } from '..'
26
- import {CompactJwtEncrypter} from "../functions/JWE";
1
+ import { IAgentPlugin } from '@veramo/core'
2
+ import debug from 'debug'
3
+ import { importJWK } from 'jose'
27
4
 
28
5
  import * as u8a from 'uint8arrays'
6
+ import {
7
+ createJwsCompact,
8
+ CreateJwsCompactArgs,
9
+ CreateJwsFlattenedArgs,
10
+ CreateJwsJsonArgs,
11
+ createJwsJsonFlattened,
12
+ createJwsJsonGeneral,
13
+ DecryptJweCompactJwtArgs,
14
+ EncryptJweCompactJwtArgs,
15
+ IJwsValidationResult,
16
+ IJwtService,
17
+ IRequiredContext,
18
+ jweAlg,
19
+ jweEnc,
20
+ JwsJsonFlattened,
21
+ JwsJsonGeneral,
22
+ JwtCompactResult,
23
+ JwtLogger,
24
+ PreparedJwsObject,
25
+ prepareJwsObject,
26
+ schema,
27
+ verifyJws,
28
+ VerifyJwsArgs,
29
+ } from '..'
30
+ import { CompactJwtEncrypter } from '../functions/JWE'
29
31
 
30
32
  /**
31
33
  * @public
32
34
  */
33
35
  export class JwtService implements IAgentPlugin {
34
- readonly schema = schema.IJwtService
35
- readonly methods: IJwtService = {
36
- jwtPrepareJws: this.jwtPrepareJws.bind(this),
37
- jwtCreateJwsJsonGeneralSignature: this.jwtCreateJwsJsonGeneralSignature.bind(this),
38
- jwtCreateJwsJsonFlattenedSignature: this.jwtCreateJwsJsonFlattenedSignature.bind(this),
39
- jwtCreateJwsCompactSignature: this.jwtCreateJwsCompactSignature.bind(this),
40
- jwtVerifyJwsSignature: this.jwtVerifyJwsSignature.bind(this),
41
- jwtEncryptJweCompactJwt: this.jwtEncryptJweCompactJwt.bind(this),
42
- jwtDecryptJweCompactJwt: this.jwtDecryptJweCompactJwt.bind(this)
43
- }
36
+ readonly schema = schema.IJwtService
37
+ readonly methods: IJwtService = {
38
+ jwtPrepareJws: this.jwtPrepareJws.bind(this),
39
+ jwtCreateJwsJsonGeneralSignature: this.jwtCreateJwsJsonGeneralSignature.bind(this),
40
+ jwtCreateJwsJsonFlattenedSignature: this.jwtCreateJwsJsonFlattenedSignature.bind(this),
41
+ jwtCreateJwsCompactSignature: this.jwtCreateJwsCompactSignature.bind(this),
42
+ jwtVerifyJwsSignature: this.jwtVerifyJwsSignature.bind(this),
43
+ jwtEncryptJweCompactJwt: this.jwtEncryptJweCompactJwt.bind(this),
44
+ jwtDecryptJweCompactJwt: this.jwtDecryptJweCompactJwt.bind(this),
45
+ }
44
46
 
45
- private async jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject> {
46
- return await prepareJwsObject(args, context)
47
- }
47
+ private async jwtPrepareJws(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject> {
48
+ return await prepareJwsObject(args, context)
49
+ }
48
50
 
49
- private async jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral> {
50
- return await createJwsJsonGeneral(args, context)
51
- }
51
+ private async jwtCreateJwsJsonGeneralSignature(args: CreateJwsJsonArgs, context: IRequiredContext): Promise<JwsJsonGeneral> {
52
+ return await createJwsJsonGeneral(args, context)
53
+ }
52
54
 
53
- private async jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened> {
54
- return await createJwsJsonFlattened(args, context)
55
- }
55
+ private async jwtCreateJwsJsonFlattenedSignature(args: CreateJwsFlattenedArgs, context: IRequiredContext): Promise<JwsJsonFlattened> {
56
+ return await createJwsJsonFlattened(args, context)
57
+ }
56
58
 
57
- private async jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult> {
58
- // We wrap it in a json object for remote REST calls
59
- return {jwt: await createJwsCompact(args, context)}
60
- }
59
+ private async jwtCreateJwsCompactSignature(args: CreateJwsCompactArgs, context: IRequiredContext): Promise<JwtCompactResult> {
60
+ // We wrap it in a json object for remote REST calls
61
+ return { jwt: await createJwsCompact(args, context) }
62
+ }
61
63
 
62
- private async jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult> {
63
- return await verifyJws(args, context)
64
- }
64
+ private async jwtVerifyJwsSignature(args: VerifyJwsArgs, context: IRequiredContext): Promise<IJwsValidationResult> {
65
+ return await verifyJws(args, context)
66
+ }
65
67
 
66
- private async jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult> {
67
- const {payload, protectedHeader = {alg: args.alg, enc: args.enc}, recipientKey, issuer, expirationTime, audience} = args
68
+ private async jwtEncryptJweCompactJwt(args: EncryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult> {
69
+ const { payload, protectedHeader = { alg: args.alg, enc: args.enc }, recipientKey, issuer, expirationTime, audience } = args
68
70
 
69
- console.log(JSON.stringify(args, null, 2))
71
+ try {
72
+ debug(`JWE Encrypt: ${JSON.stringify(args, null, 2)}`)
70
73
 
71
- const alg = jweAlg(args.alg) ?? jweAlg(protectedHeader.alg) ?? 'ECDH-ES'
72
- const enc = jweEnc(args.enc) ?? jweEnc(protectedHeader.enc) ?? 'A256GCM'
73
- const encJwks = recipientKey.jwks.length === 1 ? [recipientKey.jwks[0]] : recipientKey.jwks.filter(jwk => (jwk.kid && (jwk.kid === jwk.jwk.kid || jwk.kid === jwk.jwkThumbprint)) || jwk.jwk.use === 'enc')
74
- if (encJwks.length === 0) {
75
- return Promise.reject(Error(`No public JWK found that can be used to encrypt against`))
76
- }
77
- const jwkInfo = encJwks[0]
78
- if (encJwks.length > 0) {
79
- JwtLogger.warning(`More than one JWK with 'enc' usage found. Selected the first one as no 'kid' was provided`, encJwks)
80
- }
81
- if (jwkInfo.jwk.kty?.startsWith('EC') !== true || !alg.startsWith('ECDH')) {
82
- return Promise.reject(Error(`Currently only ECDH-ES is supported for encryption. JWK alg ${jwkInfo.jwk.kty}, header alg ${alg}`)) // TODO: Probably we support way more already
83
- }
84
- const apuVal = protectedHeader.apu ?? args.apu
85
- const apu = apuVal ? u8a.fromString(apuVal, 'base64url') : undefined
86
- const apvVal = protectedHeader.apv ?? args.apv
87
- const apv = apvVal ? u8a.fromString(apvVal, 'base64url') : undefined
74
+ const alg = jweAlg(args.alg) ?? jweAlg(protectedHeader.alg) ?? 'ECDH-ES'
75
+ const enc = jweEnc(args.enc) ?? jweEnc(protectedHeader.enc) ?? 'A256GCM'
76
+ const encJwks =
77
+ recipientKey.jwks.length === 1
78
+ ? [recipientKey.jwks[0]]
79
+ : recipientKey.jwks.filter((jwk) => (jwk.kid && (jwk.kid === jwk.jwk.kid || jwk.kid === jwk.jwkThumbprint)) || jwk.jwk.use === 'enc')
80
+ if (encJwks.length === 0) {
81
+ return Promise.reject(Error(`No public JWK found that can be used to encrypt against`))
82
+ }
83
+ const jwkInfo = encJwks[0]
84
+ if (encJwks.length > 0) {
85
+ JwtLogger.warning(`More than one JWK with 'enc' usage found. Selected the first one as no 'kid' was provided`, encJwks)
86
+ }
87
+ if (jwkInfo.jwk.kty?.startsWith('EC') !== true || !alg.startsWith('ECDH')) {
88
+ return Promise.reject(Error(`Currently only ECDH-ES is supported for encryption. JWK alg ${jwkInfo.jwk.kty}, header alg ${alg}`)) // TODO: Probably we support way more already
89
+ }
90
+ const apuVal = protectedHeader.apu ?? args.apu
91
+ const apu = apuVal ? u8a.fromString(apuVal, 'base64url') : undefined
92
+ const apvVal = protectedHeader.apv ?? args.apv
93
+ const apv = apvVal ? u8a.fromString(apvVal, 'base64url') : undefined
88
94
 
89
- const pubKey = await crypto.subtle.importKey('jwk', jwkInfo.jwk, {
90
- name: 'ECDH',
91
- namedCurve: 'P-256',
92
- }, true, [])
93
- const encrypter = new CompactJwtEncrypter({
94
- enc,
95
- alg,
96
- keyManagementParams: {apu, apv},
97
- key: pubKey,
98
- issuer,
99
- expirationTime,
100
- audience
101
- })
95
+ const pubKey = await importJWK(jwkInfo.jwk)
96
+ const encrypter = new CompactJwtEncrypter({
97
+ enc,
98
+ alg,
99
+ keyManagementParams: { apu, apv },
100
+ key: pubKey,
101
+ issuer,
102
+ expirationTime,
103
+ audience,
104
+ })
102
105
 
103
- const jwe = await encrypter.encryptCompactJWT(payload, {})
104
- return {jwt: jwe}
106
+ const jwe = await encrypter.encryptCompactJWT(payload, {})
107
+ return { jwt: jwe }
108
+ } catch (error: any) {
109
+ console.error(`Error encrypting JWE: ${error.message}`, error)
110
+ throw error
105
111
  }
112
+ }
106
113
 
107
- private async jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult> {
108
-
109
- return {jwt: "FIXME"}
110
- }
114
+ private async jwtDecryptJweCompactJwt(args: DecryptJweCompactJwtArgs, context: IRequiredContext): Promise<JwtCompactResult> {
115
+ return { jwt: 'FIXME' }
116
+ }
111
117
  }