@sphereon/ssi-sdk-ext.key-utils 0.14.1-unstable.7 → 0.14.2-next.3

package/dist/jwk-jcs.js

@@ -0,0 +1,178 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.jcsCanonicalize = exports.jwkJcsDecode = exports.jwkJcsEncode = void 0;
+const web_encoding_1 = require("web-encoding");
+const lodash_isplainobject_1 = __importDefault(require("lodash.isplainobject"));
+const textEncoder = new web_encoding_1.TextEncoder();
+const textDecoder = new web_encoding_1.TextDecoder();
+/**
+ * Checks if the value is a non-empty string.
+ *
+ * @param value - The value to check.
+ * @param description - Description of the value to check.
+ */
+function check(value, description) {
+    if (typeof value !== 'string' || !value) {
+        throw new Error(`${description} missing or invalid`);
+    }
+}
+/**
+ * Checks if the value is a valid JSON object.
+ *
+ * @param value - The value to check.
+ */
+function validatePlainObject(value) {
+    if (!(0, lodash_isplainobject_1.default)(value)) {
+        throw new Error('JWK must be an object');
+    }
+}
+/**
+ * Checks if the JWK is valid. It must contain all the required members.
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc7518#section-6
+ * @see https://www.rfc-editor.org/rfc/rfc8037#section-2
+ *
+ * @param jwk - The JWK to check.
+ */
+function validateJwk(jwk) {
+    validatePlainObject(jwk);
+    // Check JWK required members based on the key type
+    switch (jwk.kty) {
+        /**
+         * @see https://www.rfc-editor.org/rfc/rfc7518#section-6.2.1
+         */
+        case 'EC':
+            check(jwk.crv, '"crv" (Curve) Parameter');
+            check(jwk.x, '"x" (X Coordinate) Parameter');
+            check(jwk.y, '"y" (Y Coordinate) Parameter');
+            break;
+        /**
+         * @see https://www.rfc-editor.org/rfc/rfc8037#section-2
+         */
+        case 'OKP':
+            check(jwk.crv, '"crv" (Subtype of Key Pair) Parameter');
+            check(jwk.x, '"x" (Public Key) Parameter');
+            break;
+        /**
+         * @see https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1
+         */
+        case 'RSA':
+            check(jwk.e, '"e" (Exponent) Parameter');
+            check(jwk.n, '"n" (Modulus) Parameter');
+            break;
+        default:
+            throw new Error('"kty" (Key Type) Parameter missing or unsupported');
+    }
+}
+/**
+ * Extracts the required members of the JWK and canonicalizes it.
+ *
+ * @param jwk - The JWK to canonicalize.
+ * @returns The JWK with only the required members, ordered lexicographically.
+ */
+function minimalJwk(jwk) {
+    // "default" case is not needed
+    // eslint-disable-next-line default-case
+    switch (jwk.kty) {
+        case 'EC':
+            return { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };
+        case 'OKP':
+            return { crv: jwk.crv, kty: jwk.kty, x: jwk.x };
+        case 'RSA':
+            return { e: jwk.e, kty: jwk.kty, n: jwk.n };
+    }
+    throw Error(`Unsupported key type (kty) provided: ${jwk.kty}`);
+}
+/**
+ * Encodes a JWK into a Uint8Array. Only the required JWK members are encoded.
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc7518#section-6
+ * @see https://www.rfc-editor.org/rfc/rfc8037#section-2
+ * @see https://github.com/panva/jose/blob/3b8aa47b92d07a711bf5c3125276cc9a011794a4/src/jwk/thumbprint.ts#L37
+ *
+ * @param jwk - JSON Web Key.
+ * @returns Uint8Array-encoded JWK.
+ */
+function jwkJcsEncode(jwk) {
+    validateJwk(jwk);
+    const strippedJwk = minimalJwk(jwk);
+    return textEncoder.encode(jcsCanonicalize(strippedJwk));
+}
+exports.jwkJcsEncode = jwkJcsEncode;
+/**
+ * Decodes an array of bytes into a JWK. Throws an error if the JWK is not valid.
+ *
+ * @param bytes - The array of bytes to decode.
+ * @returns The corresponding JSON Web Key.
+ */
+function jwkJcsDecode(bytes) {
+    const jwk = JSON.parse(textDecoder.decode(bytes));
+    validateJwk(jwk);
+    if (JSON.stringify(jwk) !== jcsCanonicalize(minimalJwk(jwk))) {
+        throw new Error('The JWK embedded in the DID is not correctly formatted');
+    }
+    return jwk;
+}
+exports.jwkJcsDecode = jwkJcsDecode;
+// From: https://github.com/cyberphone/json-canonicalization
+function jcsCanonicalize(object) {
+    let buffer = '';
+    serialize(object);
+    return buffer;
+    function serialize(object) {
+        if (object === null || typeof object !== 'object' || object.toJSON != null) {
+            /////////////////////////////////////////////////
+            // Primitive type or toJSON - Use ES6/JSON     //
+            /////////////////////////////////////////////////
+            buffer += JSON.stringify(object);
+        }
+        else if (Array.isArray(object)) {
+            /////////////////////////////////////////////////
+            // Array - Maintain element order              //
+            /////////////////////////////////////////////////
+            buffer += '[';
+            let next = false;
+            object.forEach((element) => {
+                if (next) {
+                    buffer += ',';
+                }
+                next = true;
+                /////////////////////////////////////////
+                // Array element - Recursive expansion //
+                /////////////////////////////////////////
+                serialize(element);
+            });
+            buffer += ']';
+        }
+        else {
+            /////////////////////////////////////////////////
+            // Object - Sort properties before serializing //
+            /////////////////////////////////////////////////
+            buffer += '{';
+            let next = false;
+            Object.keys(object)
+                .sort()
+                .forEach((property) => {
+                if (next) {
+                    buffer += ',';
+                }
+                next = true;
+                ///////////////////////////////////////////////
+                // Property names are strings - Use ES6/JSON //
+                ///////////////////////////////////////////////
+                buffer += JSON.stringify(property);
+                buffer += ':';
+                //////////////////////////////////////////
+                // Property value - Recursive expansion //
+                //////////////////////////////////////////
+                serialize(object[property]);
+            });
+            buffer += '}';
+        }
+    }
+}
+exports.jcsCanonicalize = jcsCanonicalize;
+//# sourceMappingURL=jwk-jcs.js.map

package/dist/jwk-jcs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwk-jcs.js","sourceRoot":"","sources":["../src/jwk-jcs.ts"],"names":[],"mappings":";;;;;;AAAA,+CAAuD;AACvD,gFAAgD;AAIhD,MAAM,WAAW,GAAG,IAAI,0BAAW,EAAE,CAAA;AACrC,MAAM,WAAW,GAAG,IAAI,0BAAW,EAAE,CAAA;AAErC;;;;;GAKG;AACH,SAAS,KAAK,CAAC,KAAc,EAAE,WAAmB;IAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,GAAG,WAAW,qBAAqB,CAAC,CAAA;KACrD;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,KAAc;IACzC,IAAI,CAAC,IAAA,8BAAa,EAAC,KAAK,CAAC,EAAE;QACzB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;KACzC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,WAAW,CAAC,GAAQ;IAC3B,mBAAmB,CAAC,GAAG,CAAC,CAAA;IACxB,mDAAmD;IACnD,QAAQ,GAAG,CAAC,GAAG,EAAE;QACf;;WAEG;QACH,KAAK,IAAI;YACP,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;YACzC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAA;YAC5C,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC,CAAA;YAC5C,MAAK;QACP;;WAEG;QACH,KAAK,KAAK;YACR,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAA;YACvD,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC,CAAA;YAC1C,MAAK;QACP;;WAEG;QACH,KAAK,KAAK;YACR,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAA;YACxC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC,CAAA;YACvC,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;KACvE;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAC,GAAQ;IAC1B,+BAA+B;IAC/B,wCAAwC;IACxC,QAAQ,GAAG,CAAC,GAAG,EAAE;QACf,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;QAC3D,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;QACjD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAA;KAC9C;IACD,MAAM,KAAK,CAAC,wCAAwC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;AAChE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,YAAY,CAAC,GAAY;IACvC,WAAW,CAAC,GAAG,CAAC,CAAA;IAChB,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,CAAA;IACnC,OAAO,WAAW,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAA;AACzD,CAAC;AAJD,oCAIC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,KAA2B;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;IACjD,WAAW,CAAC,GAAG,CAAC,CAAA;IAChB,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE;QAC5D,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;KAC1E;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAPD,oCAOC;AAED,4DAA4D;AAC5D,SAAgB,eAAe,CAAC,MAAW;IACzC,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,SAAS,CAAC,MAAM,CAAC,CAAA;IACjB,OAAO,MAAM,CAAA;IAEb,SAAS,SAAS,CAAC,MAAW;QAC5B,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,IAAI,IAAI,EAAE;YAC1E,iDAAiD;YACjD,iDAAiD;YACjD,iDAAiD;YACjD,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAA;SACjC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YAChC,iDAAiD;YACjD,iDAAiD;YACjD,iDAAiD;YACjD,MAAM,IAAI,GAAG,CAAA;YACb,IAAI,IAAI,GAAG,KAAK,CAAA;YAChB,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBACzB,IAAI,IAAI,EAAE;oBACR,MAAM,IAAI,GAAG,CAAA;iBACd;gBACD,IAAI,GAAG,IAAI,CAAA;gBACX,yCAAyC;gBACzC,yCAAyC;gBACzC,yCAAyC;gBACzC,SAAS,CAAC,OAAO,CAAC,CAAA;YACpB,CAAC,CAAC,CAAA;YACF,MAAM,IAAI,GAAG,CAAA;SACd;aAAM;YACL,iDAAiD;YACjD,iDAAiD;YACjD,iDAAiD;YACjD,MAAM,IAAI,GAAG,CAAA;YACb,IAAI,IAAI,GAAG,KAAK,CAAA;YAChB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;iBAChB,IAAI,EAAE;iBACN,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBACpB,IAAI,IAAI,EAAE;oBACR,MAAM,IAAI,GAAG,CAAA;iBACd;gBACD,IAAI,GAAG,IAAI,CAAA;gBACX,+CAA+C;gBAC/C,+CAA+C;gBAC/C,+CAA+C;gBAC/C,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;gBAClC,MAAM,IAAI,GAAG,CAAA;gBACb,0CAA0C;gBAC1C,0CAA0C;gBAC1C,0CAA0C;gBAC1C,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAA;YAC7B,CAAC,CAAC,CAAA;YACJ,MAAM,IAAI,GAAG,CAAA;SACd;IACH,CAAC;AACH,CAAC;AAtDD,0CAsDC"}

package/dist/types/index.d.ts

@@ -0,0 +1,2 @@
+export * from './key-util-types';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAA"}

package/dist/types/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./key-util-types"), exports);
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAgC"}

package/dist/types/key-util-types.d.ts

@@ -0,0 +1,49 @@
+import { MinimalImportableKey } from '@veramo/core';
+export declare const JWK_JCS_PUB_NAME = "jwk_jcs-pub";
+export declare const JWK_JCS_PUB_PREFIX = 60241;
+export type TKeyType = 'Ed25519' | 'Secp256k1' | 'Secp256r1' | 'X25519' | 'Bls12381G1' | 'Bls12381G2' | 'RSA';
+export declare enum Key {
+    Ed25519 = "Ed25519",
+    Secp256k1 = "Secp256k1",
+    Secp256r1 = "Secp256r1"
+}
+export declare enum JwkKeyUse {
+    Encryption = "enc",
+    Signature = "sig"
+}
+export declare enum KeyCurve {
+    Secp256k1 = "secp256k1",
+    P_256 = "P-256",
+    Ed25519 = "Ed25519",
+    X25519 = "X25519"
+}
+export declare enum KeyType {
+    EC = "EC",
+    OKP = "OKP",
+    RSA = "RSA"
+}
+export declare const SIG_KEY_ALGS: string[];
+export declare const ENC_KEY_ALGS: string[];
+export interface JWK extends JsonWebKey {
+    x5c?: string;
+    x5u?: string;
+}
+export type KeyVisibility = 'public' | 'private';
+export interface X509Opts {
+    cn?: string;
+    privateKeyPEM?: string;
+    certificatePEM?: string;
+    certificateChainURL?: string;
+    certificateChainPEM?: string;
+}
+export interface IImportProvidedOrGeneratedKeyArgs {
+    kms?: string;
+    options?: IKeyOpts;
+}
+export interface IKeyOpts {
+    key?: Partial<MinimalImportableKey>;
+    type?: TKeyType;
+    use?: JwkKeyUse;
+    x509?: X509Opts;
+}
+//# sourceMappingURL=key-util-types.d.ts.map

package/dist/types/key-util-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-util-types.d.ts","sourceRoot":"","sources":["../../src/types/key-util-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AAEnD,eAAO,MAAM,gBAAgB,gBAAgB,CAAA;AAC7C,eAAO,MAAM,kBAAkB,QAAS,CAAA;AAExC,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,GAAG,QAAQ,GAAG,YAAY,GAAG,YAAY,GAAG,KAAK,CAAA;AAE7G,oBAAY,GAAG;IACb,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,SAAS,cAAc;CACxB;AAED,oBAAY,SAAS;IACnB,UAAU,QAAQ;IAClB,SAAS,QAAQ;CAClB;AAED,oBAAY,QAAQ;IAClB,SAAS,cAAc;IACvB,KAAK,UAAU;IACf,OAAO,YAAY;IACnB,MAAM,WAAW;CAClB;AAED,oBAAY,OAAO;IACjB,EAAE,OAAO;IACT,GAAG,QAAQ;IACX,GAAG,QAAQ;CACZ;AAED,eAAO,MAAM,YAAY,UAAkH,CAAA;AAC3I,eAAO,MAAM,YAAY,UAA+C,CAAA;AAExE,MAAM,WAAW,GAAI,SAAQ,UAAU;IACrC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,SAAS,CAAA;AAEhD,MAAM,WAAW,QAAQ;IACvB,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,WAAW,iCAAiC;IAChD,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,QAAQ,CAAA;CACnB;AACD,MAAM,WAAW,QAAQ;IACvB,GAAG,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAA;IACnC,IAAI,CAAC,EAAE,QAAQ,CAAA;IACf,GAAG,CAAC,EAAE,SAAS,CAAA;IACf,IAAI,CAAC,EAAE,QAAQ,CAAA;CAChB"}

package/dist/types/key-util-types.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ENC_KEY_ALGS = exports.SIG_KEY_ALGS = exports.KeyType = exports.KeyCurve = exports.JwkKeyUse = exports.Key = exports.JWK_JCS_PUB_PREFIX = exports.JWK_JCS_PUB_NAME = void 0;
+exports.JWK_JCS_PUB_NAME = 'jwk_jcs-pub';
+exports.JWK_JCS_PUB_PREFIX = 0xeb51;
+var Key;
+(function (Key) {
+    Key["Ed25519"] = "Ed25519";
+    Key["Secp256k1"] = "Secp256k1";
+    Key["Secp256r1"] = "Secp256r1";
+})(Key = exports.Key || (exports.Key = {}));
+var JwkKeyUse;
+(function (JwkKeyUse) {
+    JwkKeyUse["Encryption"] = "enc";
+    JwkKeyUse["Signature"] = "sig";
+})(JwkKeyUse = exports.JwkKeyUse || (exports.JwkKeyUse = {}));
+var KeyCurve;
+(function (KeyCurve) {
+    KeyCurve["Secp256k1"] = "secp256k1";
+    KeyCurve["P_256"] = "P-256";
+    KeyCurve["Ed25519"] = "Ed25519";
+    KeyCurve["X25519"] = "X25519";
+})(KeyCurve = exports.KeyCurve || (exports.KeyCurve = {}));
+var KeyType;
+(function (KeyType) {
+    KeyType["EC"] = "EC";
+    KeyType["OKP"] = "OKP";
+    KeyType["RSA"] = "RSA";
+})(KeyType = exports.KeyType || (exports.KeyType = {}));
+exports.SIG_KEY_ALGS = ['ES256', 'ES384', 'ES512', 'EdDSA', 'ES256K', 'Ed25519', 'Secp256k1', 'Secp256r1', 'Bls12381G1', 'Bls12381G2'];
+exports.ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256'];
+/*
+// Needed to make a single property required
+type WithRequiredProperty<Type, Key extends keyof Type> = Type & {
+  [Property in Key]-?: Type[Property]
+}*/
+//# sourceMappingURL=key-util-types.js.map

package/dist/types/key-util-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-util-types.js","sourceRoot":"","sources":["../../src/types/key-util-types.ts"],"names":[],"mappings":";;;AAEa,QAAA,gBAAgB,GAAG,aAAa,CAAA;AAChC,QAAA,kBAAkB,GAAG,MAAM,CAAA;AAIxC,IAAY,GAIX;AAJD,WAAY,GAAG;IACb,0BAAmB,CAAA;IACnB,8BAAuB,CAAA;IACvB,8BAAuB,CAAA;AACzB,CAAC,EAJW,GAAG,GAAH,WAAG,KAAH,WAAG,QAId;AAED,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,+BAAkB,CAAA;IAClB,8BAAiB,CAAA;AACnB,CAAC,EAHW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAGpB;AAED,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,mCAAuB,CAAA;IACvB,2BAAe,CAAA;IACf,+BAAmB,CAAA;IACnB,6BAAiB,CAAA;AACnB,CAAC,EALW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAKnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,oBAAS,CAAA;IACT,sBAAW,CAAA;IACX,sBAAW,CAAA;AACb,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAEY,QAAA,YAAY,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,CAAA;AAC9H,QAAA,YAAY,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAA;AA2BxE;;;;GAIG"}

package/dist/x509/index.d.ts

@@ -0,0 +1,4 @@
+export * from './rsa-key';
+export * from './rsa-signer';
+export * from './x509-utils';
+//# sourceMappingURL=index.d.ts.map

package/dist/x509/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA"}

package/dist/x509/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./rsa-key"), exports);
+__exportStar(require("./rsa-signer"), exports);
+__exportStar(require("./x509-utils"), exports);
+//# sourceMappingURL=index.js.map

package/dist/x509/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,+CAA4B;AAC5B,+CAA4B"}

package/dist/x509/rsa-key.d.ts

@@ -0,0 +1,11 @@
+import { HashAlgorithm } from '../digest-methods';
+import { JWK } from '../types';
+export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS';
+export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP';
+export declare const signAlgorithmToSchemeAndHashAlg: (signingAlg: string) => {
+    scheme: "RSASSA-PKCS1-V1_5" | "RSA-PSS";
+    hashAlgorithm: HashAlgorithm;
+};
+export declare const cryptoSubtleImportRSAKey: (jwk: JWK, scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm) => Promise<CryptoKey>;
+export declare const generateRSAKeyAsPEM: (scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm, modulusLength?: number) => Promise<string>;
+//# sourceMappingURL=rsa-key.d.ts.map

package/dist/x509/rsa-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rsa-key.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,GAAG,SAAS,CAAA;AAEjE,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,GAAG,YAAY,CAAA;AAOpE,eAAO,MAAM,+BAA+B,eAAgB,MAAM;;;CAajE,CAAA;AAED,eAAO,MAAM,wBAAwB,QAC9B,GAAG,UACA,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,KAC5B,QAAQ,SAAS,CAKnB,CAAA;AAED,eAAO,MAAM,mBAAmB,WACtB,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,kBACb,MAAM,KACrB,QAAQ,MAAM,CAgBhB,CAAA"}

package/dist/x509/rsa-key.js

@@ -0,0 +1,83 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRSAKeyAsPEM = exports.cryptoSubtleImportRSAKey = exports.signAlgorithmToSchemeAndHashAlg = void 0;
+const isomorphic_webcrypto_1 = __importDefault(require("@sphereon/isomorphic-webcrypto"));
+const u8a = __importStar(require("uint8arrays"));
+const x509_utils_1 = require("./x509-utils");
+const usage = (jwk) => {
+    // "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
+    return jwk.d ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify', 'encrypt'];
+};
+const signAlgorithmToSchemeAndHashAlg = (signingAlg) => {
+    const alg = signingAlg.toUpperCase();
+    let scheme;
+    if (alg.startsWith('RS')) {
+        scheme = 'RSASSA-PKCS1-V1_5';
+    }
+    else if (alg.startsWith('PS')) {
+        scheme = 'RSA-PSS';
+    }
+    else {
+        throw Error(`Invalid signing algorithm supplied ${signingAlg}`);
+    }
+    const hashAlgorithm = `SHA-${alg.substring(2)}`;
+    return { scheme, hashAlgorithm };
+};
+exports.signAlgorithmToSchemeAndHashAlg = signAlgorithmToSchemeAndHashAlg;
+const cryptoSubtleImportRSAKey = (jwk, scheme, hashAlgorithm) => __awaiter(void 0, void 0, void 0, function* () {
+    const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256';
+    const importParams = { name: scheme, hash: hashName };
+    return yield isomorphic_webcrypto_1.default.subtle.importKey('jwk', jwk, importParams, false, usage(jwk));
+});
+exports.cryptoSubtleImportRSAKey = cryptoSubtleImportRSAKey;
+const generateRSAKeyAsPEM = (scheme, hashAlgorithm, modulusLength) => __awaiter(void 0, void 0, void 0, function* () {
+    const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256';
+    const params = {
+        name: scheme,
+        hash: hashName,
+        modulusLength: modulusLength ? modulusLength : 2048,
+        publicExponent: new Uint8Array([1, 0, 1]),
+    };
+    const keyUsage = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
+    const keypair = yield isomorphic_webcrypto_1.default.subtle.generateKey(params, true, keyUsage);
+    const pkcs8 = yield isomorphic_webcrypto_1.default.subtle.exportKey('pkcs8', keypair.privateKey);
+    const uint8Array = new Uint8Array(pkcs8);
+    return (0, x509_utils_1.base64ToPEM)(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY');
+});
+exports.generateRSAKeyAsPEM = generateRSAKeyAsPEM;
+//# sourceMappingURL=rsa-key.js.map

package/dist/x509/rsa-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rsa-key.js","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0FAAmD;AACnD,iDAAkC;AAGlC,6CAA0C;AAM1C,MAAM,KAAK,GAAG,CAAC,GAAQ,EAAc,EAAE;IACrC,oGAAoG;IACpG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;AACjF,CAAC,CAAA;AAEM,MAAM,+BAA+B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACpE,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;IACpC,IAAI,MAAkD,CAAA;IACtD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QACxB,MAAM,GAAG,mBAAmB,CAAA;KAC7B;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC/B,MAAM,GAAG,SAAS,CAAA;KACnB;SAAM;QACL,MAAM,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAA;KAChE;IAED,MAAM,aAAa,GAAG,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAmB,CAAA;IAChE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAA;AAClC,CAAC,CAAA;AAbY,QAAA,+BAA+B,mCAa3C;AAEM,MAAM,wBAAwB,GAAG,CACtC,GAAQ,EACR,MAAkD,EAClD,aAA6B,EACT,EAAE;IACtB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;IAEpG,MAAM,YAAY,GAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC5E,OAAO,MAAM,8BAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;AACjG,CAAC,CAAA,CAAA;AATY,QAAA,wBAAwB,4BASpC;AAEM,MAAM,mBAAmB,GAAG,CACjC,MAAkD,EAClD,aAA6B,EAC7B,aAAsB,EACL,EAAE;IACnB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;IAE1D,MAAM,MAAM,GAA0B;QACpC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI;QACnD,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;KAC1C,CAAA;IACD,MAAM,QAAQ,GAAe,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;IAEjI,MAAM,OAAO,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvE,MAAM,KAAK,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAExE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,IAAA,wBAAW,EAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,iBAAiB,CAAC,CAAA;AAC9E,CAAC,CAAA,CAAA;AApBY,QAAA,mBAAmB,uBAoB/B"}

package/dist/x509/rsa-signer.d.ts

@@ -0,0 +1,25 @@
+import { HashAlgorithm } from '../digest-methods';
+import { JWK, KeyVisibility } from '../types';
+import { RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key';
+export declare class RSASigner {
+    private readonly hashAlgorithm;
+    private readonly jwk;
+    private key;
+    private readonly scheme;
+    /**
+     *
+     * @param key Either in PEM or JWK format (no raw hex keys here!)
+     * @param opts The algorithm and signature/encryption schemes
+     */
+    constructor(key: string | JWK, opts?: {
+        hashAlgorithm?: HashAlgorithm;
+        scheme?: RSAEncryptionSchemes | RSASignatureSchemes;
+        visibility?: KeyVisibility;
+    });
+    private getImportParams;
+    private getKey;
+    private bufferToString;
+    sign(data: Uint8Array): Promise<string>;
+    verify(data: string | Uint8Array, signature: string): Promise<boolean>;
+}
+//# sourceMappingURL=rsa-signer.d.ts.map

package/dist/x509/rsa-signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rsa-signer.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAA4B,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAG/F,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IAEzB,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;IAEnE;;;;OAIG;gBAED,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,aAAa,CAAC;QAAC,MAAM,CAAC,EAAE,oBAAoB,GAAG,mBAAmB,CAAC;QAAC,UAAU,CAAC,EAAE,aAAa,CAAA;KAAE;IAY3H,OAAO,CAAC,eAAe;YAQT,MAAM;IAOpB,OAAO,CAAC,cAAc;IAKT,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAYvC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAOpF"}

package/dist/x509/rsa-signer.js

@@ -0,0 +1,101 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RSASigner = void 0;
+const u8a = __importStar(require("uint8arrays"));
+const isomorphic_webcrypto_1 = __importDefault(require("@sphereon/isomorphic-webcrypto"));
+const rsa_key_1 = require("./rsa-key");
+const x509_utils_1 = require("./x509-utils");
+class RSASigner {
+    /**
+     *
+     * @param key Either in PEM or JWK format (no raw hex keys here!)
+     * @param opts The algorithm and signature/encryption schemes
+     */
+    constructor(key, opts) {
+        var _a, _b;
+        if (typeof key === 'string') {
+            this.jwk = (0, x509_utils_1.PEMToJwk)(key, opts === null || opts === void 0 ? void 0 : opts.visibility);
+        }
+        else {
+            this.jwk = key;
+        }
+        this.hashAlgorithm = (_a = opts === null || opts === void 0 ? void 0 : opts.hashAlgorithm) !== null && _a !== void 0 ? _a : 'SHA-256';
+        this.scheme = (_b = opts === null || opts === void 0 ? void 0 : opts.scheme) !== null && _b !== void 0 ? _b : 'RSA-PSS';
+    }
+    getImportParams() {
+        if (this.scheme === 'RSA-PSS') {
+            return { name: this.scheme, saltLength: 32 };
+        }
+        // console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
+        return { name: this.scheme /*, hash: this.hashAlgorithm*/ };
+    }
+    getKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.key) {
+                this.key = yield (0, rsa_key_1.cryptoSubtleImportRSAKey)(this.jwk, this.scheme, this.hashAlgorithm);
+            }
+            return this.key;
+        });
+    }
+    bufferToString(buf) {
+        const uint8Array = new Uint8Array(buf);
+        return u8a.toString(uint8Array, 'base64url'); // Needs to be base64url for JsonWebSignature2020. Don't change!
+    }
+    sign(data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const input = data;
+            const key = yield this.getKey();
+            const signature = this.bufferToString(yield isomorphic_webcrypto_1.default.subtle.sign(this.getImportParams(), key, input));
+            if (!signature) {
+                throw Error('Could not sign input data');
+            }
+            //  base64url signature
+            return signature;
+        });
+    }
+    verify(data, signature) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const jws = signature.includes('.') ? signature.split('.')[2] : signature;
+            const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data;
+            const verificationResult = yield isomorphic_webcrypto_1.default.subtle.verify(this.getImportParams(), yield this.getKey(), u8a.fromString(jws, 'base64url'), input);
+            return verificationResult;
+        });
+    }
+}
+exports.RSASigner = RSASigner;
+//# sourceMappingURL=rsa-signer.js.map

package/dist/x509/rsa-signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rsa-signer.js","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAClC,0FAAmD;AAGnD,uCAA+F;AAC/F,6CAAuC;AAEvC,MAAa,SAAS;IAOpB;;;;OAIG;IACH,YACE,GAAiB,EACjB,IAAyH;;QAEzH,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;YAC3B,IAAI,CAAC,GAAG,GAAG,IAAA,qBAAQ,EAAC,GAAG,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,CAAC,CAAA;SAC3C;aAAM;YACL,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;SACf;QAED,IAAI,CAAC,aAAa,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,SAAS,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,SAAS,CAAA;IACzC,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE;YAC7B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;SAC7C;QACD,oEAAoE;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAA;IAC7D,CAAC;IAEa,MAAM;;YAClB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACb,IAAI,CAAC,GAAG,GAAG,MAAM,IAAA,kCAAwB,EAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;aACrF;YACD,OAAO,IAAI,CAAC,GAAG,CAAA;QACjB,CAAC;KAAA;IAEO,cAAc,CAAC,GAAgB;QACrC,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;QACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA,CAAC,gEAAgE;IAC/G,CAAC;IAEY,IAAI,CAAC,IAAgB;;YAChC,MAAM,KAAK,GAAG,IAAI,CAAA;YAClB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,8BAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,SAAS,EAAE;gBACd,MAAM,KAAK,CAAC,2BAA2B,CAAC,CAAA;aACzC;YAED,uBAAuB;YACvB,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAEY,MAAM,CAAC,IAAyB,EAAE,SAAiB;;YAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAEzE,MAAM,KAAK,GAAG,OAAO,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC5E,MAAM,kBAAkB,GAAG,MAAM,8BAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,MAAM,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAA;YAC3I,OAAO,kBAAkB,CAAA;QAC3B,CAAC;KAAA;CACF;AAjED,8BAiEC"}

package/dist/x509/x509-utils.d.ts

@@ -0,0 +1,24 @@
+import { JWK, KeyVisibility } from '../types';
+export declare function pemCertChainTox5c(cert: string, maxDepth?: number): string[];
+export declare function x5cToPemCertChain(x5c: string[], maxDepth?: number): string;
+export declare const toKeyObject: (PEM: string, visibility?: KeyVisibility) => {
+    pem: string;
+    jwk: JWK;
+    keyHex: string;
+    keyType: KeyVisibility;
+};
+export declare const jwkToPEM: (jwk: JWK, visibility?: KeyVisibility) => string;
+export declare const PEMToJwk: (pem: string, visibility?: KeyVisibility) => JWK;
+export declare const privateKeyHexFromPEM: (PEM: string) => string;
+export declare const hexKeyFromPEMBasedJwk: (jwk: JWK, visibility?: KeyVisibility) => string;
+export declare const publicKeyHexFromPEM: (PEM: string) => string;
+export declare const PEMToHex: (PEM: string, headerKey?: string) => string;
+/**
+ * Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
+ * @param input The input in base64, with optional newlines
+ * @param inputEncoding
+ */
+export declare const base64ToHex: (input: string, inputEncoding?: 'base64pad' | 'base64urlpad') => string;
+export declare const hexToPEM: (hex: string, type: KeyVisibility) => string;
+export declare function base64ToPEM(cert: string, headerKey?: 'PUBLIC KEY' | 'RSA PRIVATE KEY' | 'PRIVATE KEY' | 'CERTIFICATE'): string;
+//# sourceMappingURL=x509-utils.d.ts.map

package/dist/x509/x509-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"x509-utils.d.ts","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAI7C,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAuB3E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAU1E;AAED,eAAO,MAAM,WAAW,QAAS,MAAM,eAAc,aAAa;;;;;CAWjE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,GAAG,eAAc,aAAa,KAAc,MAEzE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,eAAc,aAAa,KAAc,GAE5E,CAAA;AACD,eAAO,MAAM,oBAAoB,QAAS,MAAM,WAE/C,CAAA;AAED,eAAO,MAAM,qBAAqB,QAAS,GAAG,eAAc,aAAa,KAAc,MAMtF,CAAA;AAED,eAAO,MAAM,mBAAmB,QAAS,MAAM,WAU9C,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,cAAc,MAAM,KAAG,MAc1D,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,WAAW,UAAW,MAAM,kBAAkB,WAAW,GAAG,cAAc,WAGtF,CAAA;AAUD,eAAO,MAAM,QAAQ,QAAS,MAAM,QAAQ,aAAa,KAAG,MAa3D,CAAA;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,YAAY,GAAG,iBAAiB,GAAG,aAAa,GAAG,aAAa,GAAG,MAAM,CAO9H"}