@sphereon/ssi-sdk-ext.key-utils 0.24.0 → 0.24.1-next.101

package/dist/x509/rsa-signer.js

@@ -1,105 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RSASigner = void 0;
-const u8a = __importStar(require("uint8arrays"));
-const rsa_key_1 = require("./rsa-key");
-const x509_utils_1 = require("./x509-utils");
-class RSASigner {
-    /**
-     *
-     * @param key Either in PEM or JWK format (no raw hex keys here!)
-     * @param opts The algorithm and signature/encryption schemes
-     */
-    constructor(key, opts) {
-        var _a, _b;
-        if (typeof key === 'string') {
-            this.jwk = (0, x509_utils_1.PEMToJwk)(key, opts === null || opts === void 0 ? void 0 : opts.visibility);
-        }
-        else {
-            this.jwk = key;
-        }
-        this.hashAlgorithm = (_a = opts === null || opts === void 0 ? void 0 : opts.hashAlgorithm) !== null && _a !== void 0 ? _a : 'SHA-256';
-        this.scheme = (_b = opts === null || opts === void 0 ? void 0 : opts.scheme) !== null && _b !== void 0 ? _b : 'RSA-PSS';
-    }
-    getImportParams() {
-        if (this.scheme === 'RSA-PSS') {
-            return { name: this.scheme, saltLength: 32 };
-        }
-        // console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
-        return { name: this.scheme /*, hash: this.hashAlgorithm*/ };
-    }
-    getKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.key) {
-                this.key = yield (0, rsa_key_1.cryptoSubtleImportRSAKey)(this.jwk, this.scheme, this.hashAlgorithm);
-            }
-            return this.key;
-        });
-    }
-    bufferToString(buf) {
-        const uint8Array = new Uint8Array(buf);
-        return u8a.toString(uint8Array, 'base64url'); // Needs to be base64url for JsonWebSignature2020. Don't change!
-    }
-    sign(data) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const input = data;
-            const key = yield this.getKey();
-            const signature = this.bufferToString(yield crypto.subtle.sign(this.getImportParams(), key, input));
-            if (!signature) {
-                throw Error('Could not sign input data');
-            }
-            //  base64url signature
-            return signature;
-        });
-    }
-    verify(data, signature) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const jws = signature.includes('.') ? signature.split('.')[2] : signature;
-            const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data;
-            let key = yield this.getKey();
-            if (!key.usages.includes('verify')) {
-                const verifyJwk = Object.assign({}, this.jwk);
-                delete verifyJwk.d;
-                delete verifyJwk.use;
-                delete verifyJwk.key_ops;
-                key = yield (0, rsa_key_1.cryptoSubtleImportRSAKey)(verifyJwk, this.scheme, this.hashAlgorithm);
-            }
-            const verificationResult = yield crypto.subtle.verify(this.getImportParams(), key, u8a.fromString(jws, 'base64url'), input);
-            return verificationResult;
-        });
-    }
-}
-exports.RSASigner = RSASigner;
-//# sourceMappingURL=rsa-signer.js.map

package/dist/x509/rsa-signer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-signer.js","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAGlC,uCAA+F;AAC/F,6CAAuC;AAEvC,MAAa,SAAS;IAOpB;;;;OAIG;IACH,YACE,GAAiB,EACjB,IAAyH;;QAEzH,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,GAAG,IAAA,qBAAQ,EAAC,GAAG,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,CAAC,CAAA;QAC5C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;QAChB,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,SAAS,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,SAAS,CAAA;IACzC,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;QAC9C,CAAC;QACD,oEAAoE;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAA;IAC7D,CAAC;IAEa,MAAM;;YAClB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,IAAI,CAAC,GAAG,GAAG,MAAM,IAAA,kCAAwB,EAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;YACtF,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAA;QACjB,CAAC;KAAA;IAEO,cAAc,CAAC,GAAgB;QACrC,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;QACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA,CAAC,gEAAgE;IAC/G,CAAC;IAEY,IAAI,CAAC,IAAgB;;YAChC,MAAM,KAAK,GAAG,IAAI,CAAA;YAClB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,2BAA2B,CAAC,CAAA;YAC1C,CAAC;YAED,uBAAuB;YACvB,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAEY,MAAM,CAAC,IAAyB,EAAE,SAAiB;;YAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAEzE,MAAM,KAAK,GAAG,OAAO,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAE5E,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC7B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnC,MAAM,SAAS,qBAAQ,IAAI,CAAC,GAAG,CAAE,CAAA;gBACjC,OAAO,SAAS,CAAC,CAAC,CAAA;gBAClB,OAAO,SAAS,CAAC,GAAG,CAAA;gBACpB,OAAO,SAAS,CAAC,OAAO,CAAA;gBACxB,GAAG,GAAG,MAAM,IAAA,kCAAwB,EAAC,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;YAClF,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAA;YAC3H,OAAO,kBAAkB,CAAA;QAC3B,CAAC;KAAA;CACF;AA1ED,8BA0EC"}

package/dist/x509/x509-utils.d.ts

@@ -1,25 +0,0 @@
-import { JWK, KeyVisibility } from '../types';
-export declare function pemCertChainTox5c(cert: string, maxDepth?: number): string[];
-export declare function x5cToPemCertChain(x5c: string[], maxDepth?: number): string;
-export declare const toKeyObject: (PEM: string, visibility?: KeyVisibility) => {
-    pem: string;
-    jwk: JWK;
-    keyHex: string;
-    keyType: KeyVisibility;
-};
-export declare const jwkToPEM: (jwk: JWK, visibility?: KeyVisibility) => string;
-export declare const PEMToJwk: (pem: string, visibility?: KeyVisibility) => JWK;
-export declare const privateKeyHexFromPEM: (PEM: string) => string;
-export declare const hexKeyFromPEMBasedJwk: (jwk: JWK, visibility?: KeyVisibility) => string;
-export declare const publicKeyHexFromPEM: (PEM: string) => string;
-export declare const PEMToHex: (PEM: string, headerKey?: string) => string;
-/**
- * Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
- * @param input The input in base64, with optional newlines
- * @param inputEncoding
- */
-export declare const base64ToHex: (input: string, inputEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => string;
-export declare const hexToBase64: (input: number | object | string, targetEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => string;
-export declare const hexToPEM: (hex: string, type: KeyVisibility) => string;
-export declare function base64ToPEM(cert: string, headerKey?: 'PUBLIC KEY' | 'RSA PRIVATE KEY' | 'PRIVATE KEY' | 'CERTIFICATE'): string;
-//# sourceMappingURL=x509-utils.d.ts.map

package/dist/x509/x509-utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"x509-utils.d.ts","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAI7C,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAuB3E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAU1E;AAED,eAAO,MAAM,WAAW,QAAS,MAAM,eAAc,aAAa;;;;;CAWjE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,GAAG,eAAc,aAAa,KAAc,MAEzE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,eAAc,aAAa,KAAc,GAE5E,CAAA;AACD,eAAO,MAAM,oBAAoB,QAAS,MAAM,WAE/C,CAAA;AAED,eAAO,MAAM,qBAAqB,QAAS,GAAG,eAAc,aAAa,KAAc,MAMtF,CAAA;AAED,eAAO,MAAM,mBAAmB,QAAS,MAAM,WAU9C,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,cAAc,MAAM,KAAG,MAc1D,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,WAAW,UAAW,MAAM,kBAAkB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,WAG/G,CAAA;AAED,eAAO,MAAM,WAAW,UAAW,MAAM,GAAG,MAAM,GAAG,MAAM,mBAAmB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,KAAG,MAMrI,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,QAAQ,aAAa,KAAG,MAa3D,CAAA;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,YAAY,GAAG,iBAAiB,GAAG,aAAa,GAAG,aAAa,GAAG,MAAM,CAO9H"}

package/dist/x509/x509-utils.js

@@ -1,176 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.base64ToPEM = exports.hexToPEM = exports.hexToBase64 = exports.base64ToHex = exports.PEMToHex = exports.publicKeyHexFromPEM = exports.hexKeyFromPEMBasedJwk = exports.privateKeyHexFromPEM = exports.PEMToJwk = exports.jwkToPEM = exports.toKeyObject = exports.x5cToPemCertChain = exports.pemCertChainTox5c = void 0;
-const u8a = __importStar(require("uint8arrays"));
-// @ts-ignore
-const keyto_1 = __importDefault(require("@trust/keyto"));
-// Based on (MIT licensed):
-// https://github.com/hildjj/node-posh/blob/master/lib/index.js
-function pemCertChainTox5c(cert, maxDepth) {
-    if (!maxDepth) {
-        maxDepth = 0;
-    }
-    /*
-     * Convert a PEM-encoded certificate to the version used in the x5c element
-     * of a [JSON Web Key](http://tools.ietf.org/html/draft-ietf-jose-json-web-key).
-     *
-     * `cert` PEM-encoded certificate chain
-     * `maxdepth` The maximum number of certificates to use from the chain.
-     */
-    const intermediate = cert
-        .replace(/-----[^\n]+\n?/gm, ',')
-        .replace(/\n/g, '')
-        .replace(/\r/g, '');
-    let x5c = intermediate.split(',').filter(function (c) {
-        return c.length > 0;
-    });
-    if (maxDepth > 0) {
-        x5c = x5c.splice(0, maxDepth);
-    }
-    return x5c;
-}
-exports.pemCertChainTox5c = pemCertChainTox5c;
-function x5cToPemCertChain(x5c, maxDepth) {
-    if (!maxDepth) {
-        maxDepth = 0;
-    }
-    const length = maxDepth === 0 ? x5c.length : Math.min(maxDepth, x5c.length);
-    let pem = '';
-    for (let i = 0; i < length; i++) {
-        pem += base64ToPEM(x5c[i], 'CERTIFICATE');
-    }
-    return pem;
-}
-exports.x5cToPemCertChain = x5cToPemCertChain;
-const toKeyObject = (PEM, visibility = 'public') => {
-    const jwk = (0, exports.PEMToJwk)(PEM, visibility);
-    const keyVisibility = jwk.d ? 'private' : 'public';
-    const keyHex = keyVisibility === 'private' ? (0, exports.privateKeyHexFromPEM)(PEM) : (0, exports.publicKeyHexFromPEM)(PEM);
-    return {
-        pem: (0, exports.hexToPEM)(keyHex, visibility),
-        jwk,
-        keyHex,
-        keyType: keyVisibility,
-    };
-};
-exports.toKeyObject = toKeyObject;
-const jwkToPEM = (jwk, visibility = 'public') => {
-    return keyto_1.default.from(jwk, 'jwk').toString('pem', visibility === 'public' ? 'public_pkcs8' : 'private_pkcs8');
-};
-exports.jwkToPEM = jwkToPEM;
-const PEMToJwk = (pem, visibility = 'public') => {
-    return keyto_1.default.from(pem, 'pem').toJwk(visibility);
-};
-exports.PEMToJwk = PEMToJwk;
-const privateKeyHexFromPEM = (PEM) => {
-    return (0, exports.PEMToHex)(PEM);
-};
-exports.privateKeyHexFromPEM = privateKeyHexFromPEM;
-const hexKeyFromPEMBasedJwk = (jwk, visibility = 'public') => {
-    if (visibility === 'private') {
-        return (0, exports.privateKeyHexFromPEM)((0, exports.jwkToPEM)(jwk, 'private'));
-    }
-    else {
-        return (0, exports.publicKeyHexFromPEM)((0, exports.jwkToPEM)(jwk, 'public'));
-    }
-};
-exports.hexKeyFromPEMBasedJwk = hexKeyFromPEMBasedJwk;
-const publicKeyHexFromPEM = (PEM) => {
-    const hex = (0, exports.PEMToHex)(PEM);
-    if (PEM.includes('CERTIFICATE')) {
-        throw Error('Cannot directly deduce public Key from PEM Certificate yet');
-    }
-    else if (!PEM.includes('PRIVATE')) {
-        return hex;
-    }
-    const publicJwk = (0, exports.PEMToJwk)(PEM, 'public');
-    const publicPEM = (0, exports.jwkToPEM)(publicJwk, 'public');
-    return (0, exports.PEMToHex)(publicPEM);
-};
-exports.publicKeyHexFromPEM = publicKeyHexFromPEM;
-const PEMToHex = (PEM, headerKey) => {
-    if (PEM.indexOf('-----BEGIN ') == -1) {
-        throw Error(`PEM header not found: ${headerKey}`);
-    }
-    let strippedPem;
-    if (headerKey) {
-        strippedPem = PEM.replace(new RegExp('^[^]*-----BEGIN ' + headerKey + '-----'), '');
-        strippedPem = strippedPem.replace(new RegExp('-----END ' + headerKey + '-----[^]*$'), '');
-    }
-    else {
-        strippedPem = PEM.replace(/^[^]*-----BEGIN [^-]+-----/, '');
-        strippedPem = strippedPem.replace(/-----END [^-]+-----[^]*$/, '');
-    }
-    return (0, exports.base64ToHex)(strippedPem, 'base64pad');
-};
-exports.PEMToHex = PEMToHex;
-/**
- * Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
- * @param input The input in base64, with optional newlines
- * @param inputEncoding
- */
-const base64ToHex = (input, inputEncoding) => {
-    const base64NoNewlines = input.replace(/[^0-9A-Za-z_\-~\/+=]*/g, '');
-    return u8a.toString(u8a.fromString(base64NoNewlines, inputEncoding ? inputEncoding : 'base64pad'), 'base16');
-};
-exports.base64ToHex = base64ToHex;
-const hexToBase64 = (input, targetEncoding) => {
-    let hex = typeof input === 'string' ? input : input.toString(16);
-    if (hex.length % 2 === 1) {
-        hex = `0${hex}`;
-    }
-    return u8a.toString(u8a.fromString(hex, 'base16'), targetEncoding ? targetEncoding : 'base64pad');
-};
-exports.hexToBase64 = hexToBase64;
-const hexToPEM = (hex, type) => {
-    const base64 = (0, exports.hexToBase64)(hex, 'base64pad');
-    const headerKey = type === 'private' ? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
-    if (type === 'private') {
-        const pem = base64ToPEM(base64, headerKey);
-        try {
-            (0, exports.PEMToJwk)(pem); // We only use it to test the private key
-            return pem;
-        }
-        catch (error) {
-            return base64ToPEM(base64, 'PRIVATE KEY');
-        }
-    }
-    return base64ToPEM(base64, headerKey);
-};
-exports.hexToPEM = hexToPEM;
-function base64ToPEM(cert, headerKey) {
-    const key = headerKey !== null && headerKey !== void 0 ? headerKey : 'CERTIFICATE';
-    const matches = cert.match(/.{1,64}/g);
-    if (!matches) {
-        throw Error('Invalid cert input value supplied');
-    }
-    return `-----BEGIN ${key}-----\n${matches.join('\n')}\n-----END ${key}-----\n`;
-}
-exports.base64ToPEM = base64ToPEM;
-//# sourceMappingURL=x509-utils.js.map

package/dist/x509/x509-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"x509-utils.js","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAClC,aAAa;AACb,yDAAgC;AAGhC,2BAA2B;AAC3B,+DAA+D;AAC/D,SAAgB,iBAAiB,CAAC,IAAY,EAAE,QAAiB;IAC/D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD;;;;;;OAMG;IAEH,MAAM,YAAY,GAAG,IAAI;SACtB,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACrB,IAAI,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;QAClD,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;IACrB,CAAC,CAAC,CAAA;IACF,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAvBD,8CAuBC;AAED,SAAgB,iBAAiB,CAAC,GAAa,EAAE,QAAiB;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,CAAC,CAAA;IACd,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IAC3E,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;IAC3C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAVD,8CAUC;AAEM,MAAM,WAAW,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAE,EAAE;IAC/E,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,UAAU,CAAC,CAAA;IACrC,MAAM,aAAa,GAAkB,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAA;IACjE,MAAM,MAAM,GAAG,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,IAAA,4BAAoB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,2BAAmB,EAAC,GAAG,CAAC,CAAA;IAEjG,OAAO;QACL,GAAG,EAAE,IAAA,gBAAQ,EAAC,MAAM,EAAE,UAAU,CAAC;QACjC,GAAG;QACH,MAAM;QACN,OAAO,EAAE,aAAa;KACvB,CAAA;AACH,CAAC,CAAA;AAXY,QAAA,WAAW,eAWvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAQ,EAAE,aAA4B,QAAQ,EAAU,EAAE;IACjF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;AAC3G,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,aAA4B,QAAQ,EAAO,EAAE;IACjF,OAAO,eAAK,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;AACjD,CAAC,CAAA;AAFY,QAAA,QAAQ,YAEpB;AACM,MAAM,oBAAoB,GAAG,CAAC,GAAW,EAAE,EAAE;IAClD,OAAO,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;AACtB,CAAC,CAAA;AAFY,QAAA,oBAAoB,wBAEhC;AAEM,MAAM,qBAAqB,GAAG,CAAC,GAAQ,EAAE,aAA4B,QAAQ,EAAU,EAAE;IAC9F,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,IAAA,4BAAoB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,OAAO,IAAA,2BAAmB,EAAC,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;IACrD,CAAC;AACH,CAAC,CAAA;AANY,QAAA,qBAAqB,yBAMjC;AAEM,MAAM,mBAAmB,GAAG,CAAC,GAAW,EAAE,EAAE;IACjD,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA;IACzB,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAChC,MAAM,KAAK,CAAC,4DAA4D,CAAC,CAAA;IAC3E,CAAC;SAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,OAAO,GAAG,CAAA;IACZ,CAAC;IACD,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;IACzC,MAAM,SAAS,GAAG,IAAA,gBAAQ,EAAC,SAAS,EAAE,QAAQ,CAAC,CAAA;IAC/C,OAAO,IAAA,gBAAQ,EAAC,SAAS,CAAC,CAAA;AAC5B,CAAC,CAAA;AAVY,QAAA,mBAAmB,uBAU/B;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,SAAkB,EAAU,EAAE;IAClE,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,KAAK,CAAC,yBAAyB,SAAS,EAAE,CAAC,CAAA;IACnD,CAAC;IAED,IAAI,WAAmB,CAAA;IACvB,IAAI,SAAS,EAAE,CAAC;QACd,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,kBAAkB,GAAG,SAAS,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC,CAAA;QACnF,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,CAAC,CAAA;IAC3F,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAA;QAC3D,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,IAAA,mBAAW,EAAC,WAAW,EAAE,WAAW,CAAC,CAAA;AAC9C,CAAC,CAAA;AAdY,QAAA,QAAQ,YAcpB;AAED;;;;GAIG;AACI,MAAM,WAAW,GAAG,CAAC,KAAa,EAAE,aAAqE,EAAE,EAAE;IAClH,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAA;IACpE,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,CAAA;AAC9G,CAAC,CAAA;AAHY,QAAA,WAAW,eAGvB;AAEM,MAAM,WAAW,GAAG,CAAC,KAA+B,EAAE,cAAsE,EAAU,EAAE;IAC7I,IAAI,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAChE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,GAAG,GAAG,IAAI,GAAG,EAAE,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;AACnG,CAAC,CAAA;AANY,QAAA,WAAW,eAMvB;AAEM,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,IAAmB,EAAU,EAAE;IACnE,MAAM,MAAM,GAAG,IAAA,mBAAW,EAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,SAAS,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAA;IACvE,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;QAC1C,IAAI,CAAC;YACH,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAA,CAAC,yCAAyC;YACvD,OAAO,GAAG,CAAA;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AACvC,CAAC,CAAA;AAbY,QAAA,QAAQ,YAapB;AAED,SAAgB,WAAW,CAAC,IAAY,EAAE,SAA4E;IACpH,MAAM,GAAG,GAAG,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,aAAa,CAAA;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;IACtC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,KAAK,CAAC,mCAAmC,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,cAAc,GAAG,UAAU,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,SAAS,CAAA;AAChF,CAAC;AAPD,kCAOC"}

package/src/x509/index.ts

@@ -1,3 +0,0 @@
-export * from './rsa-key'
-export * from './rsa-signer'
-export * from './x509-utils'

package/src/x509/rsa-key.ts

@@ -1,81 +0,0 @@
-import * as u8a from 'uint8arrays'
-import { HashAlgorithm } from '../digest-methods'
-import { JWK } from '../types'
-import { base64ToPEM } from './x509-utils'
-
-export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS'
-
-export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP'
-
-const usage = (jwk: JWK): KeyUsage[] => {
-  if (jwk.key_ops && jwk.key_ops.length > 0) {
-    return jwk.key_ops as KeyUsage[]
-  }
-  if (jwk.use) {
-    const usages: KeyUsage[] = []
-    if (jwk.use.includes('sig')) {
-      usages.push('sign', 'verify')
-    } else if (jwk.use.includes('enc')) {
-      usages.push('encrypt', 'decrypt')
-    }
-    if (usages.length > 0) {
-      return usages
-    }
-  }
-  if (jwk.kty === 'RSA') {
-    if (jwk.d) {
-      return jwk.alg?.toUpperCase()?.includes('QAEP') ? ['encrypt'] : ['sign']
-    }
-    return jwk.alg?.toUpperCase()?.includes('QAEP') ? ['decrypt'] : ['verify']
-  }
-  // "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
-  return jwk.d && jwk.kty !== 'RSA' ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify']
-}
-
-export const signAlgorithmToSchemeAndHashAlg = (signingAlg: string) => {
-  const alg = signingAlg.toUpperCase()
-  let scheme: RSAEncryptionSchemes | RSASignatureSchemes
-  if (alg.startsWith('RS')) {
-    scheme = 'RSASSA-PKCS1-V1_5'
-  } else if (alg.startsWith('PS')) {
-    scheme = 'RSA-PSS'
-  } else {
-    throw Error(`Invalid signing algorithm supplied ${signingAlg}`)
-  }
-
-  const hashAlgorithm = `SHA-${alg.substring(2)}` as HashAlgorithm
-  return { scheme, hashAlgorithm }
-}
-
-export const cryptoSubtleImportRSAKey = async (
-  jwk: JWK,
-  scheme: RSAEncryptionSchemes | RSASignatureSchemes,
-  hashAlgorithm?: HashAlgorithm
-): Promise<CryptoKey> => {
-  const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256'
-
-  const importParams: RsaHashedImportParams = { name: scheme, hash: hashName }
-  return await crypto.subtle.importKey('jwk', jwk as JsonWebKey, importParams, false, usage(jwk))
-}
-
-export const generateRSAKeyAsPEM = async (
-  scheme: RSAEncryptionSchemes | RSASignatureSchemes,
-  hashAlgorithm?: HashAlgorithm,
-  modulusLength?: number
-): Promise<string> => {
-  const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256'
-
-  const params: RsaHashedKeyGenParams = {
-    name: scheme,
-    hash: hashName,
-    modulusLength: modulusLength ? modulusLength : 2048,
-    publicExponent: new Uint8Array([1, 0, 1]),
-  }
-  const keyUsage: KeyUsage[] = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt']
-
-  const keypair = await crypto.subtle.generateKey(params, true, keyUsage)
-  const pkcs8 = await crypto.subtle.exportKey('pkcs8', keypair.privateKey)
-
-  const uint8Array = new Uint8Array(pkcs8)
-  return base64ToPEM(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY')
-}

package/src/x509/rsa-signer.ts

@@ -1,81 +0,0 @@
-import * as u8a from 'uint8arrays'
-import { HashAlgorithm } from '../digest-methods'
-import { JWK, KeyVisibility } from '../types'
-import { cryptoSubtleImportRSAKey, RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key'
-import { PEMToJwk } from './x509-utils'
-
-export class RSASigner {
-  private readonly hashAlgorithm: HashAlgorithm
-  private readonly jwk: JWK
-
-  private key: CryptoKey | undefined
-  private readonly scheme: RSAEncryptionSchemes | RSASignatureSchemes
-
-  /**
-   *
-   * @param key Either in PEM or JWK format (no raw hex keys here!)
-   * @param opts The algorithm and signature/encryption schemes
-   */
-  constructor(
-    key: string | JWK,
-    opts?: { hashAlgorithm?: HashAlgorithm; scheme?: RSAEncryptionSchemes | RSASignatureSchemes; visibility?: KeyVisibility }
-  ) {
-    if (typeof key === 'string') {
-      this.jwk = PEMToJwk(key, opts?.visibility)
-    } else {
-      this.jwk = key
-    }
-
-    this.hashAlgorithm = opts?.hashAlgorithm ?? 'SHA-256'
-    this.scheme = opts?.scheme ?? 'RSA-PSS'
-  }
-
-  private getImportParams(): AlgorithmIdentifier | RsaPssParams {
-    if (this.scheme === 'RSA-PSS') {
-      return { name: this.scheme, saltLength: 32 }
-    }
-    // console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
-    return { name: this.scheme /*, hash: this.hashAlgorithm*/ }
-  }
-
-  private async getKey(): Promise<CryptoKey> {
-    if (!this.key) {
-      this.key = await cryptoSubtleImportRSAKey(this.jwk, this.scheme, this.hashAlgorithm)
-    }
-    return this.key
-  }
-
-  private bufferToString(buf: ArrayBuffer) {
-    const uint8Array = new Uint8Array(buf)
-    return u8a.toString(uint8Array, 'base64url') // Needs to be base64url for JsonWebSignature2020. Don't change!
-  }
-
-  public async sign(data: Uint8Array): Promise<string> {
-    const input = data
-    const key = await this.getKey()
-    const signature = this.bufferToString(await crypto.subtle.sign(this.getImportParams(), key, input))
-    if (!signature) {
-      throw Error('Could not sign input data')
-    }
-
-    //  base64url signature
-    return signature
-  }
-
-  public async verify(data: string | Uint8Array, signature: string): Promise<boolean> {
-    const jws = signature.includes('.') ? signature.split('.')[2] : signature
-
-    const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data
-
-    let key = await this.getKey()
-    if (!key.usages.includes('verify')) {
-      const verifyJwk = { ...this.jwk }
-      delete verifyJwk.d
-      delete verifyJwk.use
-      delete verifyJwk.key_ops
-      key = await cryptoSubtleImportRSAKey(verifyJwk, this.scheme, this.hashAlgorithm)
-    }
-    const verificationResult = await crypto.subtle.verify(this.getImportParams(), key, u8a.fromString(jws, 'base64url'), input)
-    return verificationResult
-  }
-}

package/src/x509/x509-utils.ts

@@ -1,145 +0,0 @@
-import * as u8a from 'uint8arrays'
-// @ts-ignore
-import keyto from '@trust/keyto'
-import { JWK, KeyVisibility } from '../types'
-
-// Based on (MIT licensed):
-// https://github.com/hildjj/node-posh/blob/master/lib/index.js
-export function pemCertChainTox5c(cert: string, maxDepth?: number): string[] {
-  if (!maxDepth) {
-    maxDepth = 0
-  }
-  /*
-   * Convert a PEM-encoded certificate to the version used in the x5c element
-   * of a [JSON Web Key](http://tools.ietf.org/html/draft-ietf-jose-json-web-key).
-   *
-   * `cert` PEM-encoded certificate chain
-   * `maxdepth` The maximum number of certificates to use from the chain.
-   */
-
-  const intermediate = cert
-    .replace(/-----[^\n]+\n?/gm, ',')
-    .replace(/\n/g, '')
-    .replace(/\r/g, '')
-  let x5c = intermediate.split(',').filter(function (c) {
-    return c.length > 0
-  })
-  if (maxDepth > 0) {
-    x5c = x5c.splice(0, maxDepth)
-  }
-  return x5c
-}
-
-export function x5cToPemCertChain(x5c: string[], maxDepth?: number): string {
-  if (!maxDepth) {
-    maxDepth = 0
-  }
-  const length = maxDepth === 0 ? x5c.length : Math.min(maxDepth, x5c.length)
-  let pem = ''
-  for (let i = 0; i < length; i++) {
-    pem += base64ToPEM(x5c[i], 'CERTIFICATE')
-  }
-  return pem
-}
-
-export const toKeyObject = (PEM: string, visibility: KeyVisibility = 'public') => {
-  const jwk = PEMToJwk(PEM, visibility)
-  const keyVisibility: KeyVisibility = jwk.d ? 'private' : 'public'
-  const keyHex = keyVisibility === 'private' ? privateKeyHexFromPEM(PEM) : publicKeyHexFromPEM(PEM)
-
-  return {
-    pem: hexToPEM(keyHex, visibility),
-    jwk,
-    keyHex,
-    keyType: keyVisibility,
-  }
-}
-
-export const jwkToPEM = (jwk: JWK, visibility: KeyVisibility = 'public'): string => {
-  return keyto.from(jwk, 'jwk').toString('pem', visibility === 'public' ? 'public_pkcs8' : 'private_pkcs8')
-}
-
-export const PEMToJwk = (pem: string, visibility: KeyVisibility = 'public'): JWK => {
-  return keyto.from(pem, 'pem').toJwk(visibility)
-}
-export const privateKeyHexFromPEM = (PEM: string) => {
-  return PEMToHex(PEM)
-}
-
-export const hexKeyFromPEMBasedJwk = (jwk: JWK, visibility: KeyVisibility = 'public'): string => {
-  if (visibility === 'private') {
-    return privateKeyHexFromPEM(jwkToPEM(jwk, 'private'))
-  } else {
-    return publicKeyHexFromPEM(jwkToPEM(jwk, 'public'))
-  }
-}
-
-export const publicKeyHexFromPEM = (PEM: string) => {
-  const hex = PEMToHex(PEM)
-  if (PEM.includes('CERTIFICATE')) {
-    throw Error('Cannot directly deduce public Key from PEM Certificate yet')
-  } else if (!PEM.includes('PRIVATE')) {
-    return hex
-  }
-  const publicJwk = PEMToJwk(PEM, 'public')
-  const publicPEM = jwkToPEM(publicJwk, 'public')
-  return PEMToHex(publicPEM)
-}
-
-export const PEMToHex = (PEM: string, headerKey?: string): string => {
-  if (PEM.indexOf('-----BEGIN ') == -1) {
-    throw Error(`PEM header not found: ${headerKey}`)
-  }
-
-  let strippedPem: string
-  if (headerKey) {
-    strippedPem = PEM.replace(new RegExp('^[^]*-----BEGIN ' + headerKey + '-----'), '')
-    strippedPem = strippedPem.replace(new RegExp('-----END ' + headerKey + '-----[^]*$'), '')
-  } else {
-    strippedPem = PEM.replace(/^[^]*-----BEGIN [^-]+-----/, '')
-    strippedPem = strippedPem.replace(/-----END [^-]+-----[^]*$/, '')
-  }
-  return base64ToHex(strippedPem, 'base64pad')
-}
-
-/**
- * Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
- * @param input The input in base64, with optional newlines
- * @param inputEncoding
- */
-export const base64ToHex = (input: string, inputEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => {
-  const base64NoNewlines = input.replace(/[^0-9A-Za-z_\-~\/+=]*/g, '')
-  return u8a.toString(u8a.fromString(base64NoNewlines, inputEncoding ? inputEncoding : 'base64pad'), 'base16')
-}
-
-export const hexToBase64 = (input: number | object | string, targetEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad'): string => {
-  let hex = typeof input === 'string' ? input : input.toString(16)
-  if (hex.length % 2 === 1) {
-    hex = `0${hex}`
-  }
-  return u8a.toString(u8a.fromString(hex, 'base16'), targetEncoding ? targetEncoding : 'base64pad')
-}
-
-export const hexToPEM = (hex: string, type: KeyVisibility): string => {
-  const base64 = hexToBase64(hex, 'base64pad')
-  const headerKey = type === 'private' ? 'RSA PRIVATE KEY' : 'PUBLIC KEY'
-  if (type === 'private') {
-    const pem = base64ToPEM(base64, headerKey)
-    try {
-      PEMToJwk(pem) // We only use it to test the private key
-      return pem
-    } catch (error) {
-      return base64ToPEM(base64, 'PRIVATE KEY')
-    }
-  }
-  return base64ToPEM(base64, headerKey)
-}
-
-export function base64ToPEM(cert: string, headerKey?: 'PUBLIC KEY' | 'RSA PRIVATE KEY' | 'PRIVATE KEY' | 'CERTIFICATE'): string {
-  const key = headerKey ?? 'CERTIFICATE'
-  const matches = cert.match(/.{1,64}/g)
-  if (!matches) {
-    throw Error('Invalid cert input value supplied')
-  }
-  return `-----BEGIN ${key}-----\n${matches.join('\n')}\n-----END ${key}-----\n`
-}