@sphereon/ssi-sdk-ext.jwt-service 0.28.1-feature.oyd.cmsm.improv.20 → 0.28.1-next.53

package/src/agent/JwtService.ts

@@ -1,31 +1,34 @@
-import { IAgentPlugin } from '@veramo/core'
-import debug from 'debug'
+import { Loggers } from '@sphereon/ssi-types'
+import type { IAgentPlugin } from '@veramo/core'
+const logger = Loggers.DEFAULT.get('sphereon:jwt-service')
 import { importJWK } from 'jose'
 
+// @ts-ignore
 import * as u8a from 'uint8arrays'
+const { fromString } = u8a
 import {
   createJwsCompact,
-  CreateJwsCompactArgs,
-  CreateJwsFlattenedArgs,
-  CreateJwsJsonArgs,
+  type CreateJwsCompactArgs,
+  type CreateJwsFlattenedArgs,
+  type CreateJwsJsonArgs,
   createJwsJsonFlattened,
   createJwsJsonGeneral,
-  DecryptJweCompactJwtArgs,
-  EncryptJweCompactJwtArgs,
-  IJwsValidationResult,
-  IJwtService,
-  IRequiredContext,
+  type DecryptJweCompactJwtArgs,
+  type EncryptJweCompactJwtArgs,
+  type IJwsValidationResult,
+  type IJwtService,
+  type IRequiredContext,
   jweAlg,
   jweEnc,
-  JwsJsonFlattened,
-  JwsJsonGeneral,
-  JwtCompactResult,
+  type JwsJsonFlattened,
+  type JwsJsonGeneral,
+  type JwtCompactResult,
   JwtLogger,
-  PreparedJwsObject,
+  type PreparedJwsObject,
   prepareJwsObject,
   schema,
   verifyJws,
-  VerifyJwsArgs,
+  type VerifyJwsArgs,
 } from '..'
 import { CompactJwtEncrypter } from '../functions/JWE'
 
@@ -69,7 +72,7 @@ export class JwtService implements IAgentPlugin {
     const { payload, protectedHeader = { alg: args.alg, enc: args.enc }, recipientKey, issuer, expirationTime, audience } = args
 
     try {
-      debug(`JWE Encrypt: ${JSON.stringify(args, null, 2)}`)
+      logger.debug(`JWE Encrypt: ${JSON.stringify(args, null, 2)}`)
 
       const alg = jweAlg(args.alg) ?? jweAlg(protectedHeader.alg) ?? 'ECDH-ES'
       const enc = jweEnc(args.enc) ?? jweEnc(protectedHeader.enc) ?? 'A256GCM'
@@ -88,9 +91,9 @@ export class JwtService implements IAgentPlugin {
         return Promise.reject(Error(`Currently only ECDH-ES is supported for encryption. JWK alg ${jwkInfo.jwk.kty}, header alg ${alg}`)) // TODO: Probably we support way more already
       }
       const apuVal = protectedHeader.apu ?? args.apu
-      const apu = apuVal ? u8a.fromString(apuVal, 'base64url') : undefined
+      const apu = apuVal ? fromString(apuVal, 'base64url') : undefined
       const apvVal = protectedHeader.apv ?? args.apv
-      const apv = apvVal ? u8a.fromString(apvVal, 'base64url') : undefined
+      const apv = apvVal ? fromString(apvVal, 'base64url') : undefined
 
       const pubKey = await importJWK(jwkInfo.jwk)
       const encrypter = new CompactJwtEncrypter({

package/src/functions/JWE.ts

@@ -1,20 +1,24 @@
-import { defaultRandomSource, randomBytes, RandomSource } from '@stablelib/random'
+import { defaultRandomSource, randomBytes, type RandomSource } from '@stablelib/random'
 import { base64ToBytes, bytesToBase64url, decodeBase64url } from '@veramo/utils'
 import * as jose from 'jose'
-import { JWEKeyManagementHeaderParameters, JWTDecryptOptions } from 'jose'
-import type { KeyLike } from 'jose/dist/types/types'
+import type { JWEKeyManagementHeaderParameters, JWTDecryptOptions } from 'jose'
+// // @ts-ignore
+// import type { KeyLike } from 'jose/dist/types/types'
+export type KeyLike = { type: string }
+// @ts-ignore
 import * as u8a from 'uint8arrays'
+const { fromString, toString, concat } = u8a
 import {
-  JweAlg,
+  type JweAlg,
   JweAlgs,
-  JweEnc,
+  type JweEnc,
   JweEncs,
-  JweHeader,
-  JweJsonGeneral,
-  JweProtectedHeader,
-  JweRecipient,
-  JweRecipientUnprotectedHeader,
-  JwsPayload,
+  type JweHeader,
+  type JweJsonGeneral,
+  type JweProtectedHeader,
+  type JweRecipient,
+  type JweRecipientUnprotectedHeader,
+  type JwsPayload,
 } from '../types/IJwtService'
 
 export interface EncryptionResult {
@@ -237,7 +241,7 @@ export class CompactJwtEncrypter implements JweEncrypter {
   }
 
   async encrypt(payload: Uint8Array, jweProtectedHeader: JweProtectedHeader, aad?: Uint8Array | undefined): Promise<EncryptionResult> {
-    const jwt = await this.encryptCompactJWT(JSON.parse(u8a.toString(payload)), jweProtectedHeader, aad)
+    const jwt = await this.encryptCompactJWT(JSON.parse(toString(payload)), jweProtectedHeader, aad)
     const [protectedHeader, encryptedKey, ivB64, payloadB64, tagB64] = jwt.split('.')
     //[jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join('.');
     console.log(`FIXME: TO EncryptionResult`)
@@ -335,7 +339,7 @@ export async function decryptJwe(jwe: JweJsonGeneral, decrypter: JweDecrypter):
     return Promise.reject(Error(`Decrypter enc '${decrypter.enc}' does not support header enc '${protectedHeader.enc}'`))
   }
   const sealed = toWebCryptoCiphertext(jwe.ciphertext, jwe.tag)
-  const aad = u8a.fromString(jwe.aad ? `${jwe.protected}.${jwe.aad}` : jwe.protected)
+  const aad = fromString(jwe.aad ? `${jwe.protected}.${jwe.aad}` : jwe.protected)
   let cleartext = null
   if (protectedHeader.alg === 'dir' && decrypter.alg === 'dir') {
     cleartext = await decrypter.decrypt(sealed, base64ToBytes(jwe.iv), aad)
@@ -355,5 +359,5 @@ export async function decryptJwe(jwe: JweJsonGeneral, decrypter: JweDecrypter):
 }
 
 export function toWebCryptoCiphertext(ciphertext: string, tag: string): Uint8Array {
-  return u8a.concat([base64ToBytes(ciphertext), base64ToBytes(tag)])
+  return concat([base64ToBytes(ciphertext), base64ToBytes(tag)])
 }

package/src/functions/index.ts

@@ -1,28 +1,28 @@
+import { jwkTtoPublicKeyHex } from '@sphereon/ssi-sdk-ext.did-utils'
 import {
   ensureManagedIdentifierResult,
-  ExternalIdentifierDidOpts,
-  ExternalIdentifierX5cOpts,
-  IIdentifierResolution,
+  type ExternalIdentifierDidOpts,
+  type ExternalIdentifierX5cOpts,
+  type IIdentifierResolution,
   isManagedIdentifierDidResult,
   isManagedIdentifierX5cResult,
-  ManagedIdentifierMethod,
-  ManagedIdentifierResult,
+  type ManagedIdentifierMethod,
+  type ManagedIdentifierResult,
   resolveExternalJwkIdentifier,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import { verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'
-import { JWK } from '@sphereon/ssi-types'
-import { IAgentContext } from '@veramo/core'
+import { keyTypeFromCryptographicSuite, signatureAlgorithmFromKeyType, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils'
+import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
+import type { JoseSignatureAlgorithm, JWK } from '@sphereon/ssi-types'
+import type { IAgentContext } from '@veramo/core'
 import { base64ToBytes, bytesToBase64url, decodeJoseBlob, encodeJoseBlob } from '@veramo/utils'
+// @ts-ignore
 import * as u8a from 'uint8arrays'
-import {
+import type {
   CreateJwsCompactArgs,
   CreateJwsFlattenedArgs,
   CreateJwsJsonArgs,
   IJwsValidationResult,
   IRequiredContext,
-  isJwsCompact,
-  isJwsJsonFlattened,
-  isJwsJsonGeneral,
   JweHeader,
   Jws,
   JwsCompact,
@@ -37,11 +37,14 @@ import {
   PreparedJwsObject,
   VerifyJwsArgs,
 } from '../types/IJwtService'
+import { isJwsCompact, isJwsJsonFlattened, isJwsJsonGeneral } from '../types/IJwtService'
+
+const { fromString } = u8a
 
 const payloadToBytes = (payload: string | JwsPayload | Uint8Array): Uint8Array => {
   const isBytes = payload instanceof Uint8Array
   const isString = typeof payload === 'string'
-  return isBytes ? payload : isString ? u8a.fromString(payload, 'base64url') : u8a.fromString(JSON.stringify(payload), 'utf-8')
+  return isBytes ? payload : isString ? fromString(payload, 'base64url') : fromString(JSON.stringify(payload), 'utf-8')
 }
 
 export const prepareJwsObject = async (args: CreateJwsJsonArgs, context: IRequiredContext): Promise<PreparedJwsObject> => {
@@ -111,11 +114,15 @@ export const createJwsJsonGeneral = async (args: CreateJwsJsonArgs, context: IRe
     },
     context
   )
+
+  const alg: string | undefined = protectedHeader.alg ?? signatureAlgorithmFromKeyType({ type: identifier.key.type })
+
   // const algorithm = await signatureAlgorithmFromKey({ key: identifier.key })
   const signature = await context.agent.keyManagerSign({
     keyRef: identifier.kmsKeyRef,
     data: `${b64.protectedHeader}.${b64.payload}`,
     encoding: undefined,
+    algorithm: alg,
   })
   const jsonSignature = {
     protected: b64.protectedHeader,
@@ -151,6 +158,8 @@ export const checkAndUpdateJwsHeader = async (
   },
   context: IRequiredContext
 ) => {
+  // Make sure we have an alg in the header (https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1)
+  header.alg = header.alg ?? signatureAlgorithmFromKeyType({ type: identifier.key.type })
   if (isIdentifierMode(mode, identifier.method, 'did')) {
     // kid is VM of the DID
     // @see https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.4
@@ -312,25 +321,31 @@ export const verifyJws = async (args: VerifyJwsArgs, context: IAgentContext<IIde
       // If we have a specific KMS agent plugin that can do the verification prefer that over the generic verification
       index++
       let valid: boolean
-      const data = u8a.fromString(`${sigWithId.protected}.${jws.payload}`, 'utf-8')
+      const data = fromString(`${sigWithId.protected}.${jws.payload}`, 'utf-8')
       const jwkInfo = sigWithId.identifier.jwks[0]
-      /* if (sigWithId.header?.alg === 'RSA' && contextHasPlugin(context, 'keyManagerVerify')) {
+      let signatureAlg: JoseSignatureAlgorithm | undefined = undefined
+      if (sigWithId.protected.startsWith(`ey`)) {
+        const header = decodeJoseBlob(sigWithId.protected)
+        signatureAlg = header.alg as JoseSignatureAlgorithm | undefined
+      }
+
+      if (false && signatureAlg?.startsWith('PS') && contextHasPlugin(context, 'keyManagerVerify')) {
         const publicKeyHex = jwkTtoPublicKeyHex(jwkInfo.jwk)
         valid = await context.agent.keyManagerVerify({
           signature: sigWithId.signature,
           data,
           publicKeyHex,
-          type: keyTypeFromCryptographicSuite({ crv: jwkInfo.jwk.crv ?? 'ES256' }),
+          type: keyTypeFromCryptographicSuite({ ...(jwkInfo.jwk.crv && { crv: jwkInfo.jwk.crv }), alg: signatureAlg as string }),
           // no kms arg, as the current key manager needs a bit more work
         })
-      } else {*/
-      const signature = base64ToBytes(sigWithId.signature)
-      valid = await verifyRawSignature({ data, signature, key: jwkInfo.jwk })
-      // }
+      } else {
+        const signature = base64ToBytes(sigWithId.signature)
+        valid = await verifyRawSignature({ data, signature, key: jwkInfo.jwk, opts: { signatureAlg: signatureAlg } })
+        // }
+      }
       if (!valid) {
         errorMessages.push(`Signature ${index} was not valid`)
       }
-
       return {
         sigWithId,
         valid,

package/src/types/IJwtService.ts

@@ -1,4 +1,4 @@
-import {
+import type {
   ExternalIdentifierDidOpts,
   ExternalIdentifierResult,
   ExternalIdentifierX5cOpts,
@@ -6,9 +6,9 @@ import {
   ManagedIdentifierOptsOrResult,
   ManagedIdentifierResult,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
-import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
-import { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types'
-import { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core'
+import type { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
+import type { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types'
+import type { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core'
 
 export type IRequiredContext = IAgentContext<IIdentifierResolution & IKeyManager> // could we still interop with Veramo?
 

package/dist/agent/JwtService.d.ts

@@ -1,17 +0,0 @@
-import { IAgentPlugin } from '@veramo/core';
-import { IJwtService } from '..';
-/**
- * @public
- */
-export declare class JwtService implements IAgentPlugin {
-    readonly schema: any;
-    readonly methods: IJwtService;
-    private jwtPrepareJws;
-    private jwtCreateJwsJsonGeneralSignature;
-    private jwtCreateJwsJsonFlattenedSignature;
-    private jwtCreateJwsCompactSignature;
-    private jwtVerifyJwsSignature;
-    private jwtEncryptJweCompactJwt;
-    private jwtDecryptJweCompactJwt;
-}
-//# sourceMappingURL=JwtService.d.ts.map

package/dist/agent/JwtService.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwtService.d.ts","sourceRoot":"","sources":["../../src/agent/JwtService.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAK3C,OAAO,EAUL,WAAW,EAaZ,MAAM,IAAI,CAAA;AAGX;;GAEG;AACH,qBAAa,UAAW,YAAW,YAAY;IAC7C,QAAQ,CAAC,MAAM,MAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAQ5B;YAEa,aAAa;YAIb,gCAAgC;YAIhC,kCAAkC;YAIlC,4BAA4B;YAK5B,qBAAqB;YAIrB,uBAAuB;YA8CvB,uBAAuB;CAGtC"}

package/dist/agent/JwtService.js

@@ -1,137 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JwtService = void 0;
-const debug_1 = __importDefault(require("debug"));
-const jose_1 = require("jose");
-const u8a = __importStar(require("uint8arrays"));
-const __1 = require("..");
-const JWE_1 = require("../functions/JWE");
-/**
- * @public
- */
-class JwtService {
-    constructor() {
-        this.schema = __1.schema.IJwtService;
-        this.methods = {
-            jwtPrepareJws: this.jwtPrepareJws.bind(this),
-            jwtCreateJwsJsonGeneralSignature: this.jwtCreateJwsJsonGeneralSignature.bind(this),
-            jwtCreateJwsJsonFlattenedSignature: this.jwtCreateJwsJsonFlattenedSignature.bind(this),
-            jwtCreateJwsCompactSignature: this.jwtCreateJwsCompactSignature.bind(this),
-            jwtVerifyJwsSignature: this.jwtVerifyJwsSignature.bind(this),
-            jwtEncryptJweCompactJwt: this.jwtEncryptJweCompactJwt.bind(this),
-            jwtDecryptJweCompactJwt: this.jwtDecryptJweCompactJwt.bind(this),
-        };
-    }
-    jwtPrepareJws(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, __1.prepareJwsObject)(args, context);
-        });
-    }
-    jwtCreateJwsJsonGeneralSignature(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, __1.createJwsJsonGeneral)(args, context);
-        });
-    }
-    jwtCreateJwsJsonFlattenedSignature(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, __1.createJwsJsonFlattened)(args, context);
-        });
-    }
-    jwtCreateJwsCompactSignature(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // We wrap it in a json object for remote REST calls
-            return { jwt: yield (0, __1.createJwsCompact)(args, context) };
-        });
-    }
-    jwtVerifyJwsSignature(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, __1.verifyJws)(args, context);
-        });
-    }
-    jwtEncryptJweCompactJwt(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d, _e, _f, _g;
-            const { payload, protectedHeader = { alg: args.alg, enc: args.enc }, recipientKey, issuer, expirationTime, audience } = args;
-            try {
-                (0, debug_1.default)(`JWE Encrypt: ${JSON.stringify(args, null, 2)}`);
-                const alg = (_b = (_a = (0, __1.jweAlg)(args.alg)) !== null && _a !== void 0 ? _a : (0, __1.jweAlg)(protectedHeader.alg)) !== null && _b !== void 0 ? _b : 'ECDH-ES';
-                const enc = (_d = (_c = (0, __1.jweEnc)(args.enc)) !== null && _c !== void 0 ? _c : (0, __1.jweEnc)(protectedHeader.enc)) !== null && _d !== void 0 ? _d : 'A256GCM';
-                const encJwks = recipientKey.jwks.length === 1
-                    ? [recipientKey.jwks[0]]
-                    : recipientKey.jwks.filter((jwk) => (jwk.kid && (jwk.kid === jwk.jwk.kid || jwk.kid === jwk.jwkThumbprint)) || jwk.jwk.use === 'enc');
-                if (encJwks.length === 0) {
-                    return Promise.reject(Error(`No public JWK found that can be used to encrypt against`));
-                }
-                const jwkInfo = encJwks[0];
-                if (encJwks.length > 0) {
-                    __1.JwtLogger.warning(`More than one JWK with 'enc' usage found. Selected the first one as no 'kid' was provided`, encJwks);
-                }
-                if (((_e = jwkInfo.jwk.kty) === null || _e === void 0 ? void 0 : _e.startsWith('EC')) !== true || !alg.startsWith('ECDH')) {
-                    return Promise.reject(Error(`Currently only ECDH-ES is supported for encryption. JWK alg ${jwkInfo.jwk.kty}, header alg ${alg}`)); // TODO: Probably we support way more already
-                }
-                const apuVal = (_f = protectedHeader.apu) !== null && _f !== void 0 ? _f : args.apu;
-                const apu = apuVal ? u8a.fromString(apuVal, 'base64url') : undefined;
-                const apvVal = (_g = protectedHeader.apv) !== null && _g !== void 0 ? _g : args.apv;
-                const apv = apvVal ? u8a.fromString(apvVal, 'base64url') : undefined;
-                const pubKey = yield (0, jose_1.importJWK)(jwkInfo.jwk);
-                const encrypter = new JWE_1.CompactJwtEncrypter({
-                    enc,
-                    alg,
-                    keyManagementParams: { apu, apv },
-                    key: pubKey,
-                    issuer,
-                    expirationTime,
-                    audience,
-                });
-                const jwe = yield encrypter.encryptCompactJWT(payload, {});
-                return { jwt: jwe };
-            }
-            catch (error) {
-                console.error(`Error encrypting JWE: ${error.message}`, error);
-                throw error;
-            }
-        });
-    }
-    jwtDecryptJweCompactJwt(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return { jwt: 'FIXME' };
-        });
-    }
-}
-exports.JwtService = JwtService;
-//# sourceMappingURL=JwtService.js.map

package/dist/agent/JwtService.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"JwtService.js","sourceRoot":"","sources":["../../src/agent/JwtService.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,kDAAyB;AACzB,+BAAgC;AAEhC,iDAAkC;AAClC,0BAuBW;AACX,0CAAsD;AAEtD;;GAEG;AACH,MAAa,UAAU;IAAvB;QACW,WAAM,GAAG,UAAM,CAAC,WAAW,CAAA;QAC3B,YAAO,GAAgB;YAC9B,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,gCAAgC,EAAE,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC;YAClF,kCAAkC,EAAE,IAAI,CAAC,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC;YACtF,4BAA4B,EAAE,IAAI,CAAC,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1E,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5D,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;SACjE,CAAA;IAwEH,CAAC;IAtEe,aAAa,CAAC,IAAuB,EAAE,OAAyB;;YAC5E,OAAO,MAAM,IAAA,oBAAgB,EAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC9C,CAAC;KAAA;IAEa,gCAAgC,CAAC,IAAuB,EAAE,OAAyB;;YAC/F,OAAO,MAAM,IAAA,wBAAoB,EAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAClD,CAAC;KAAA;IAEa,kCAAkC,CAAC,IAA4B,EAAE,OAAyB;;YACtG,OAAO,MAAM,IAAA,0BAAsB,EAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QACpD,CAAC;KAAA;IAEa,4BAA4B,CAAC,IAA0B,EAAE,OAAyB;;YAC9F,oDAAoD;YACpD,OAAO,EAAE,GAAG,EAAE,MAAM,IAAA,oBAAgB,EAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAA;QACvD,CAAC;KAAA;IAEa,qBAAqB,CAAC,IAAmB,EAAE,OAAyB;;YAChF,OAAO,MAAM,IAAA,aAAS,EAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QACvC,CAAC;KAAA;IAEa,uBAAuB,CAAC,IAA8B,EAAE,OAAyB;;;YAC7F,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;YAE5H,IAAI,CAAC;gBACH,IAAA,eAAK,EAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAA;gBAEtD,MAAM,GAAG,GAAG,MAAA,MAAA,IAAA,UAAM,EAAC,IAAI,CAAC,GAAG,CAAC,mCAAI,IAAA,UAAM,EAAC,eAAe,CAAC,GAAG,CAAC,mCAAI,SAAS,CAAA;gBACxE,MAAM,GAAG,GAAG,MAAA,MAAA,IAAA,UAAM,EAAC,IAAI,CAAC,GAAG,CAAC,mCAAI,IAAA,UAAM,EAAC,eAAe,CAAC,GAAG,CAAC,mCAAI,SAAS,CAAA;gBACxE,MAAM,OAAO,GACX,YAAY,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;oBAC5B,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACxB,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC,CAAA;gBACzI,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACzB,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC,CAAA;gBACzF,CAAC;gBACD,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;gBAC1B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACvB,aAAS,CAAC,OAAO,CAAC,2FAA2F,EAAE,OAAO,CAAC,CAAA;gBACzH,CAAC;gBACD,IAAI,CAAA,MAAA,OAAO,CAAC,GAAG,CAAC,GAAG,0CAAE,UAAU,CAAC,IAAI,CAAC,MAAK,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1E,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+DAA+D,OAAO,CAAC,GAAG,CAAC,GAAG,gBAAgB,GAAG,EAAE,CAAC,CAAC,CAAA,CAAC,6CAA6C;gBACjL,CAAC;gBACD,MAAM,MAAM,GAAG,MAAA,eAAe,CAAC,GAAG,mCAAI,IAAI,CAAC,GAAG,CAAA;gBAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;gBACpE,MAAM,MAAM,GAAG,MAAA,eAAe,CAAC,GAAG,mCAAI,IAAI,CAAC,GAAG,CAAA;gBAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;gBAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,gBAAS,EAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC3C,MAAM,SAAS,GAAG,IAAI,yBAAmB,CAAC;oBACxC,GAAG;oBACH,GAAG;oBACH,mBAAmB,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;oBACjC,GAAG,EAAE,MAAM;oBACX,MAAM;oBACN,cAAc;oBACd,QAAQ;iBACT,CAAC,CAAA;gBAEF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;gBAC1D,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;YACrB,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAA;gBAC9D,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC;KAAA;IAEa,uBAAuB,CAAC,IAA8B,EAAE,OAAyB;;YAC7F,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAA;QACzB,CAAC;KAAA;CACF;AAlFD,gCAkFC"}

package/dist/functions/JWE.d.ts

@@ -1,75 +0,0 @@
-import { RandomSource } from '@stablelib/random';
-import * as jose from 'jose';
-import { JWEKeyManagementHeaderParameters, JWTDecryptOptions } from 'jose';
-import type { KeyLike } from 'jose/dist/types/types';
-import { JweAlg, JweEnc, JweHeader, JweJsonGeneral, JweProtectedHeader, JweRecipient, JweRecipientUnprotectedHeader, JwsPayload } from '../types/IJwtService';
-export interface EncryptionResult {
-    ciphertext: Uint8Array;
-    tag: Uint8Array;
-    iv: Uint8Array;
-    protectedHeader?: string;
-    recipients?: JweRecipient[];
-    cek?: Uint8Array;
-}
-export declare const generateContentEncryptionKey: ({ alg, randomSource, }: {
-    alg: JweEnc;
-    randomSource?: RandomSource;
-}) => Promise<Uint8Array>;
-export interface JwtEncrypter {
-    alg: string;
-    enc: string;
-    encrypt: (payload: JwsPayload, protectedHeader: JweProtectedHeader, aad?: Uint8Array) => Promise<EncryptionResult>;
-    encryptCek?: (cek: Uint8Array) => Promise<JweRecipient>;
-}
-export interface JweEncrypter {
-    alg: string;
-    enc: string;
-    encrypt: (payload: Uint8Array, protectedHeader: JweProtectedHeader, aad?: Uint8Array) => Promise<EncryptionResult>;
-    encryptCek?: (cek: Uint8Array) => Promise<JweRecipient>;
-}
-export interface JweDecrypter {
-    alg: string;
-    enc: string;
-    decrypt: (sealed: Uint8Array, iv: Uint8Array, aad?: Uint8Array, recipient?: JweRecipient) => Promise<Uint8Array | null>;
-}
-export declare class CompactJwtEncrypter implements JweEncrypter {
-    private _alg;
-    private _enc;
-    private _keyManagementParams;
-    private recipientKey;
-    private expirationTime;
-    private issuer;
-    private audience;
-    constructor(args: {
-        key: Uint8Array | jose.KeyLike;
-        alg?: JweAlg;
-        enc?: JweEnc;
-        keyManagementParams?: JWEKeyManagementHeaderParameters;
-        expirationTime?: number | string | Date;
-        issuer?: string;
-        audience?: string | string[];
-    });
-    get enc(): string;
-    set enc(value: JweEnc | string);
-    get alg(): string;
-    set alg(value: JweAlg | string);
-    encryptCompactJWT(payload: JwsPayload, jweProtectedHeader: JweProtectedHeader, aad?: Uint8Array | undefined): Promise<string>;
-    static decryptCompactJWT(jwt: string, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<jose.JWTDecryptResult<jose.JWTPayload>>;
-    encrypt(payload: Uint8Array, jweProtectedHeader: JweProtectedHeader, aad?: Uint8Array | undefined): Promise<EncryptionResult>;
-}
-export declare function createJwe(cleartext: Uint8Array, encrypters: JweEncrypter[], protectedHeader: JweProtectedHeader, aad?: Uint8Array): Promise<JweJsonGeneral>;
-/**
- * Merges all headers, so we get a unified header.
- *
- * @param protectedHeader
- * @param unprotectedHeader
- * @param recipientUnprotectedHeader
- */
-export declare function jweMergeHeaders({ protectedHeader, unprotectedHeader, recipientUnprotectedHeader, }: {
-    protectedHeader?: JweProtectedHeader;
-    unprotectedHeader?: JweHeader;
-    recipientUnprotectedHeader?: JweRecipientUnprotectedHeader;
-}): JweHeader;
-export declare function decryptJwe(jwe: JweJsonGeneral, decrypter: JweDecrypter): Promise<Uint8Array>;
-export declare function toWebCryptoCiphertext(ciphertext: string, tag: string): Uint8Array;
-//# sourceMappingURL=JWE.d.ts.map

package/dist/functions/JWE.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"JWE.d.ts","sourceRoot":"","sources":["../../src/functions/JWE.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoC,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAElF,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAC5B,OAAO,EAAE,gCAAgC,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAC1E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAEpD,OAAO,EACL,MAAM,EAEN,MAAM,EAEN,SAAS,EACT,cAAc,EACd,kBAAkB,EAClB,YAAY,EACZ,6BAA6B,EAC7B,UAAU,EACX,MAAM,sBAAsB,CAAA;AAE7B,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,UAAU,CAAA;IACtB,GAAG,EAAE,UAAU,CAAA;IACf,EAAE,EAAE,UAAU,CAAA;IACd,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,UAAU,CAAC,EAAE,YAAY,EAAE,CAAA;IAC3B,GAAG,CAAC,EAAE,UAAU,CAAA;CACjB;AAED,eAAO,MAAM,4BAA4B,2BAGtC;IACD,GAAG,EAAE,MAAM,CAAA;IACX,YAAY,CAAC,EAAE,YAAY,CAAA;CAC5B,KAAG,OAAO,CAAC,UAAU,CAuBrB,CAAA;AAaD,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,GAAG,CAAC,EAAE,UAAU,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClH,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,CAAA;CACxD;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,GAAG,CAAC,EAAE,UAAU,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAClH,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,UAAU,KAAK,OAAO,CAAC,YAAY,CAAC,CAAA;CACxD;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,YAAY,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;CACxH;AAyCD,qBAAa,mBAAoB,YAAW,YAAY;IACtD,OAAO,CAAC,IAAI,CAAoB;IAChC,OAAO,CAAC,IAAI,CAAoB;IAChC,OAAO,CAAC,oBAAoB,CAA8C;IAC1E,OAAO,CAAC,YAAY,CAA2B;IAC/C,OAAO,CAAC,cAAc,CAAA;IACtB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAA+B;gBAEnC,IAAI,EAAE;QAChB,GAAG,EAAE,UAAU,GAAG,IAAI,CAAC,OAAO,CAAA;QAC9B,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,mBAAmB,CAAC,EAAE,gCAAgC,CAAA;QACtD,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAA;QACvC,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;KAC7B;IAcD,IAAI,GAAG,IAAI,MAAM,CAKhB;IAED,IAAI,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAM7B;IAED,IAAI,GAAG,IAAI,MAAM,CAKhB;IAED,IAAI,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAM7B;IAEK,iBAAiB,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;WA4C/G,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG,UAAU,EAAE,OAAO,CAAC,EAAE,iBAAiB;IAInG,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;CAsBpI;AAED,wBAAsB,SAAS,CAC7B,SAAS,EAAE,UAAU,EACrB,UAAU,EAAE,YAAY,EAAE,EAC1B,eAAe,EAAE,kBAAkB,EACnC,GAAG,CAAC,EAAE,UAAU,GACf,OAAO,CAAC,cAAc,CAAC,CAkCzB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,EAC9B,eAAe,EACf,iBAAiB,EACjB,0BAA0B,GAC3B,EAAE;IACD,eAAe,CAAC,EAAE,kBAAkB,CAAA;IACpC,iBAAiB,CAAC,EAAE,SAAS,CAAA;IAC7B,0BAA0B,CAAC,EAAE,6BAA6B,CAAA;CAC3D,GAAG,SAAS,CAQZ;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,cAAc,EAAE,SAAS,EAAE,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BlG;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,UAAU,CAEjF"}