@sphereon/ssi-sdk-ext.jwt-service 0.28.1-feature.jose.vcdm.25 → 0.28.1-feature.jose.vcdm.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.cjs +45 -13
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +40 -8
  4. package/dist/index.js.map +1 -1
  5. package/package.json +13 -11
  6. package/src/functions/index.ts +25 -17
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.jwt-service",
3
- "version": "0.28.1-feature.jose.vcdm.25+2116977",
3
+ "version": "0.28.1-feature.jose.vcdm.26+1aa66d6",
4
4
  "source": "./src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -27,11 +27,11 @@
27
27
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
28
28
  },
29
29
  "dependencies": {
30
- "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.jose.vcdm.25+2116977",
31
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.1-feature.jose.vcdm.25+2116977",
32
- "@sphereon/ssi-sdk-ext.key-manager": "0.28.1-feature.jose.vcdm.25+2116977",
33
- "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.25+2116977",
34
- "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.25+2116977",
30
+ "@sphereon/ssi-sdk-ext.did-utils": "0.28.1-feature.jose.vcdm.26+1aa66d6",
31
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.28.1-feature.jose.vcdm.26+1aa66d6",
32
+ "@sphereon/ssi-sdk-ext.key-manager": "0.28.1-feature.jose.vcdm.26+1aa66d6",
33
+ "@sphereon/ssi-sdk-ext.key-utils": "0.28.1-feature.jose.vcdm.26+1aa66d6",
34
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.28.1-feature.jose.vcdm.26+1aa66d6",
35
35
  "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.56",
36
36
  "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.56",
37
37
  "@stablelib/random": "^1.0.2",
@@ -43,9 +43,10 @@
43
43
  "uint8arrays": " 3.1.1"
44
44
  },
45
45
  "devDependencies": {
46
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.28.1-feature.jose.vcdm.25+2116977",
47
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.1-feature.jose.vcdm.25+2116977",
48
- "@sphereon/ssi-sdk-ext.kms-local": "0.28.1-feature.jose.vcdm.25+2116977",
46
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.28.1-feature.jose.vcdm.26+1aa66d6",
47
+ "@sphereon/ssi-sdk-ext.did-provider-web": "0.28.1-feature.jose.vcdm.26+1aa66d6",
48
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.28.1-feature.jose.vcdm.26+1aa66d6",
49
+ "@sphereon/ssi-sdk-ext.kms-local": "0.28.1-feature.jose.vcdm.26+1aa66d6",
49
50
  "@sphereon/ssi-sdk.dev": "0.33.1-feature.jose.vcdm.56",
50
51
  "@veramo/data-store": "4.2.0",
51
52
  "@veramo/did-manager": "4.2.0",
@@ -57,7 +58,8 @@
57
58
  "did-resolver": "^4.1.0",
58
59
  "express": "^4.21.2",
59
60
  "js-crypto-key-utils": "^1.0.7",
60
- "typeorm": "0.3.20"
61
+ "typeorm": "0.3.20",
62
+ "web-did-resolver": "^2.0.30"
61
63
  },
62
64
  "files": [
63
65
  "dist",
@@ -81,5 +83,5 @@
81
83
  "X.509 Certificates",
82
84
  "ARF"
83
85
  ],
84
- "gitHead": "2116977b572c00af55b280f2ee954526b2e7af00"
86
+ "gitHead": "1aa66d64d3e4050f5bc798f6f903f7aa64246d72"
85
87
  }
package/src/functions/index.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { jwkTtoPublicKeyHex } from '@sphereon/ssi-sdk-ext.did-utils'
1
2
  import {
2
3
  ensureManagedIdentifierResult,
3
4
  type ExternalIdentifierDidOpts,
@@ -9,14 +10,13 @@ import {
9
10
  type ManagedIdentifierResult,
10
11
  resolveExternalJwkIdentifier,
11
12
  } from '@sphereon/ssi-sdk-ext.identifier-resolution'
12
- import { verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'
13
- import type { JWK } from '@sphereon/ssi-types'
13
+ import { keyTypeFromCryptographicSuite, signatureAlgorithmFromKeyType, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'
14
+ import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
15
+ import type { JoseSignatureAlgorithm, JWK } from '@sphereon/ssi-types'
14
16
  import type { IAgentContext } from '@veramo/core'
15
17
  import { base64ToBytes, bytesToBase64url, decodeJoseBlob, encodeJoseBlob } from '@veramo/utils'
16
18
  // @ts-ignore
17
19
  import * as u8a from 'uint8arrays'
18
- const { fromString } = u8a
19
-
20
20
  import type {
21
21
  CreateJwsCompactArgs,
22
22
  CreateJwsFlattenedArgs,
@@ -37,13 +37,9 @@ import type {
37
37
  PreparedJwsObject,
38
38
  VerifyJwsArgs,
39
39
  } from '../types/IJwtService'
40
+ import { isJwsCompact, isJwsJsonFlattened, isJwsJsonGeneral } from '../types/IJwtService'
40
41
 
41
- import {
42
- isJwsCompact,
43
- isJwsJsonFlattened,
44
- isJwsJsonGeneral,
45
- } from '../types/IJwtService'
46
-
42
+ const { fromString } = u8a
47
43
 
48
44
  const payloadToBytes = (payload: string | JwsPayload | Uint8Array): Uint8Array => {
49
45
  const isBytes = payload instanceof Uint8Array
@@ -118,11 +114,15 @@ export const createJwsJsonGeneral = async (args: CreateJwsJsonArgs, context: IRe
118
114
  },
119
115
  context
120
116
  )
117
+
118
+ const alg: string | undefined = protectedHeader.alg ?? signatureAlgorithmFromKeyType({ type: identifier.key.type })
119
+
121
120
  // const algorithm = await signatureAlgorithmFromKey({ key: identifier.key })
122
121
  const signature = await context.agent.keyManagerSign({
123
122
  keyRef: identifier.kmsKeyRef,
124
123
  data: `${b64.protectedHeader}.${b64.payload}`,
125
124
  encoding: undefined,
125
+ algorithm: alg,
126
126
  })
127
127
  const jsonSignature = {
128
128
  protected: b64.protectedHeader,
@@ -158,6 +158,8 @@ export const checkAndUpdateJwsHeader = async (
158
158
  },
159
159
  context: IRequiredContext
160
160
  ) => {
161
+ // Make sure we have an alg in the header (https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1)
162
+ header.alg = header.alg ?? signatureAlgorithmFromKeyType({ type: identifier.key.type })
161
163
  if (isIdentifierMode(mode, identifier.method, 'did')) {
162
164
  // kid is VM of the DID
163
165
  // @see https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4
@@ -321,23 +323,29 @@ export const verifyJws = async (args: VerifyJwsArgs, context: IAgentContext<IIde
321
323
  let valid: boolean
322
324
  const data = fromString(`${sigWithId.protected}.${jws.payload}`, 'utf-8')
323
325
  const jwkInfo = sigWithId.identifier.jwks[0]
324
- /* if (sigWithId.header?.alg === 'RSA' && contextHasPlugin(context, 'keyManagerVerify')) {
326
+ let signatureAlg : JoseSignatureAlgorithm | undefined = undefined
327
+ if (sigWithId.protected.startsWith(`ey`)) {
328
+ const header = decodeJoseBlob(sigWithId.protected)
329
+ signatureAlg = header.alg as JoseSignatureAlgorithm | undefined
330
+ }
331
+
332
+ if (false && signatureAlg?.startsWith('PS') && contextHasPlugin(context, 'keyManagerVerify')) {
325
333
  const publicKeyHex = jwkTtoPublicKeyHex(jwkInfo.jwk)
326
334
  valid = await context.agent.keyManagerVerify({
327
335
  signature: sigWithId.signature,
328
336
  data,
329
337
  publicKeyHex,
330
- type: keyTypeFromCryptographicSuite({ crv: jwkInfo.jwk.crv ?? 'ES256' }),
338
+ type: keyTypeFromCryptographicSuite({ ...(jwkInfo.jwk.crv && { crv: jwkInfo.jwk.crv }), alg: signatureAlg as string }),
331
339
  // no kms arg, as the current key manager needs a bit more work
332
340
  })
333
- } else {*/
334
- const signature = base64ToBytes(sigWithId.signature)
335
- valid = await verifyRawSignature({ data, signature, key: jwkInfo.jwk })
336
- // }
341
+ } else {
342
+ const signature = base64ToBytes(sigWithId.signature)
343
+ valid = await verifyRawSignature({ data, signature, key: jwkInfo.jwk, opts: {signatureAlg: signatureAlg} })
344
+ // }
345
+ }
337
346
  if (!valid) {
338
347
  errorMessages.push(`Signature ${index} was not valid`)
339
348
  }
340
-
341
349
  return {
342
350
  sigWithId,
343
351
  valid,