npm - @sphereon/ssi-sdk-ext.jwt-service - Versions diffs - 0.28.1-feature.jose.vcdm.25 → 0.28.1-feature.jose.vcdm.28 - Mend

@sphereon/ssi-sdk-ext.jwt-service 0.28.1-feature.jose.vcdm.25 → 0.28.1-feature.jose.vcdm.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -37309,8 +37309,10 @@ var JwtService = class {
 };
 // src/functions/index.ts
+import { jwkTtoPublicKeyHex } from "@sphereon/ssi-sdk-ext.did-utils";
 import { ensureManagedIdentifierResult, isManagedIdentifierDidResult, isManagedIdentifierX5cResult, resolveExternalJwkIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { verifyRawSignature } from "@sphereon/ssi-sdk-ext.key-utils";
+import { keyTypeFromCryptographicSuite, signatureAlgorithmFromKeyType, verifyRawSignature } from "@sphereon/ssi-sdk-ext.key-utils";
+import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
 import { base64ToBytes as base64ToBytes2, bytesToBase64url as bytesToBase64url2, decodeJoseBlob, encodeJoseBlob } from "@veramo/utils";
 import * as u8a3 from "uint8arrays";
 var { fromString: fromString3 } = u8a3;
@@ -37383,10 +37385,14 @@ var createJwsJsonGeneral = /* @__PURE__ */ __name(async (args, context) => {
     issuer,
     mode
   }, context);
+  const alg = protectedHeader.alg ?? signatureAlgorithmFromKeyType({
+    type: identifier.key.type
+  });
   const signature = await context.agent.keyManagerSign({
     keyRef: identifier.kmsKeyRef,
     data: `${b64.protectedHeader}.${b64.payload}`,
-    encoding: void 0
+    encoding: void 0,
+    algorithm: alg
   });
   const jsonSignature = {
     protected: b64.protectedHeader,
@@ -37402,6 +37408,9 @@ var createJwsJsonGeneral = /* @__PURE__ */ __name(async (args, context) => {
   };
 }, "createJwsJsonGeneral");
 var checkAndUpdateJwsHeader = /* @__PURE__ */ __name(async ({ mode = "auto", identifier, header, noIdentifierInHeader = false }, context) => {
+  header.alg = header.alg ?? signatureAlgorithmFromKeyType({
+    type: identifier.key.type
+  });
   if (isIdentifierMode(mode, identifier.method, "did")) {
     await checkAndUpdateDidHeader({
       header,
@@ -37519,12 +37528,35 @@ var verifyJws = /* @__PURE__ */ __name(async (args, context) => {
     let valid;
     const data = fromString3(`${sigWithId.protected}.${jws.payload}`, "utf-8");
     const jwkInfo = sigWithId.identifier.jwks[0];
-    const signature = base64ToBytes2(sigWithId.signature);
-    valid = await verifyRawSignature({
-      data,
-      signature,
-      key: jwkInfo.jwk
-    });
+    let signatureAlg = void 0;
+    if (sigWithId.protected.startsWith(`ey`)) {
+      const header = decodeJoseBlob(sigWithId.protected);
+      signatureAlg = header.alg;
+    }
+    if (false) {
+      const publicKeyHex = jwkTtoPublicKeyHex(jwkInfo.jwk);
+      valid = await context.agent.keyManagerVerify({
+        signature: sigWithId.signature,
+        data,
+        publicKeyHex,
+        type: keyTypeFromCryptographicSuite({
+          ...jwkInfo.jwk.crv && {
+            crv: jwkInfo.jwk.crv
+          },
+          alg: signatureAlg
+        })
+      });
+    } else {
+      const signature = base64ToBytes2(sigWithId.signature);
+      valid = await verifyRawSignature({
+        data,
+        signature,
+        key: jwkInfo.jwk,
+        opts: {
+          signatureAlg
+        }
+      });
+    }
     if (!valid) {
       errorMessages.push(`Signature ${index} was not valid`);
     }