@sphereon/ssi-sdk-ext.key-utils 0.24.1-next.3 → 0.24.1-next.64

package/src/functions.ts

@@ -1,16 +1,16 @@
 import { randomBytes } from '@ethersproject/random'
+import { PEMToJwk, generateRSAKeyAsPEM, hexToBase64, privateKeyHexFromPEM, hexToPEM } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { generateKeyPair as generateSigningKeyPair } from '@stablelib/ed25519'
 import { IAgentContext, IKey, IKeyManager, ManagedKeyInfo, MinimalImportableKey } from '@veramo/core'
-import Debug from 'debug'
 
 import { JsonWebKey } from 'did-resolver'
 import elliptic from 'elliptic'
 import * as u8a from 'uint8arrays'
 import { digestMethodParams } from './digest-methods'
 import { ENC_KEY_ALGS, IImportProvidedOrGeneratedKeyArgs, JWK, JwkKeyUse, KeyCurve, KeyType, SIG_KEY_ALGS, TKeyType } from './types'
-import { generateRSAKeyAsPEM, hexToBase64, hexToPEM, PEMToJwk, privateKeyHexFromPEM } from './x509'
+import { Loggers } from '@sphereon/ssi-types'
+export const logger = Loggers.DEFAULT.get('sphereon:key-utils')
 
-const debug = Debug('sphereon:kms:local')
 /**
  * Generates a random Private Hex Key for the specified key type
  * @param type The key type
@@ -37,6 +37,8 @@ export const generatePrivateKeyHex = async (type: TKeyType): Promise<string> =>
   }
 }
 
+const algorithmsFromKeyType = (type: string): string[] => [type]
+
 /**
  * We optionally generate and then import our own keys.
  *
@@ -76,15 +78,22 @@ export async function importProvidedOrGeneratedKey(
       privateKeyHex = privateKeyHexFromPEM(key.meta.x509.privateKeyPEM)
     }
   }
-  if (!privateKeyHex) {
-    privateKeyHex = await generatePrivateKeyHex(type)
+  if (privateKeyHex) {
+    return context.agent.keyManagerImport({
+      ...key,
+      kms: args.kms,
+      type,
+      privateKeyHex: privateKeyHex!,
+    })
   }
 
-  return context.agent.keyManagerImport({
-    ...key,
-    kms: args.kms,
+  return context.agent.keyManagerCreate({
     type,
-    privateKeyHex: privateKeyHex!,
+    kms: args.kms,
+    meta: {
+      algorithms: algorithmsFromKeyType(type),
+      keyAlias: args.alias,
+    },
   })
 }
 
@@ -236,7 +245,7 @@ const assertProperKeyLength = (keyHex: string, expectedKeyLength: number | numbe
  */
 const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {
   const { use } = opts ?? {}
-  debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
+  logger.debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
   if (opts?.isPrivateKey) {
     assertProperKeyLength(keyHex, [64])
   } else {
@@ -267,7 +276,7 @@ const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
  */
 const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?: boolean }): JWK => {
   const { use } = opts ?? {}
-  debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
+  logger.debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`)
   if (opts?.isPrivateKey) {
     assertProperKeyLength(keyHex, [64])
   } else {
@@ -276,7 +285,7 @@ const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
 
   const secp256r1 = new elliptic.ec('p256')
   const keyBytes = u8a.fromString(keyHex, 'base16')
-  debug(`keyBytes length: ${keyBytes}`)
+  logger.debug(`keyBytes length: ${keyBytes}`)
   const keyPair = opts?.isPrivateKey ? secp256r1.keyFromPrivate(keyBytes) : secp256r1.keyFromPublic(keyBytes)
   const pubPoint = keyPair.getPublic()
   return {
@@ -341,3 +350,113 @@ export const padLeft = (args: { data: string; size?: number; padString?: string
   const length = padString.length
   return padString.repeat((size - data.length) / length) + data
 }
+
+enum OIDType {
+  Secp256k1,
+  Secp256r1,
+  Ed25519,
+}
+
+const OID: Record<OIDType, Uint8Array> = {
+  [OIDType.Secp256k1]: new Uint8Array([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01]),
+  [OIDType.Secp256r1]: new Uint8Array([0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]),
+  [OIDType.Ed25519]: new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x70]),
+}
+
+const compareUint8Arrays = (a: Uint8Array, b: Uint8Array): boolean => {
+  if (a.length !== b.length) {
+    return false
+  }
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) {
+      return false
+    }
+  }
+  return true
+}
+
+const findSubarray = (haystack: Uint8Array, needle: Uint8Array): number => {
+  for (let i = 0; i <= haystack.length - needle.length; i++) {
+    if (compareUint8Arrays(haystack.subarray(i, i + needle.length), needle)) {
+      return i
+    }
+  }
+  return -1
+}
+
+const getTargetOID = (keyType: TKeyType) => {
+  switch (keyType) {
+    case 'Secp256k1':
+      return OID[OIDType.Secp256k1]
+    case 'Secp256r1':
+      return OID[OIDType.Secp256r1]
+    case 'Ed25519':
+      return OID[OIDType.Ed25519]
+    default:
+      throw new Error(`Unsupported key type: ${keyType}`)
+  }
+}
+
+export const isAsn1Der = (key: Uint8Array): boolean => key[0] === 0x30
+
+export const asn1DerToRawPublicKey = (derKey: Uint8Array, keyType: TKeyType): Uint8Array => {
+  if (!isAsn1Der(derKey)) {
+    throw new Error('Invalid DER encoding: Expected to start with sequence tag')
+  }
+
+  let index = 2
+  if (derKey[1] & 0x80) {
+    const lengthBytesCount = derKey[1] & 0x7f
+    index += lengthBytesCount
+  }
+  const targetOid = getTargetOID(keyType)
+  const oidIndex = findSubarray(derKey, targetOid)
+  if (oidIndex === -1) {
+    throw new Error(`OID for ${keyType} not found in DER encoding`)
+  }
+
+  index = oidIndex + targetOid.length
+
+  while (index < derKey.length && derKey[index] !== 0x03) {
+    index++
+  }
+
+  if (index >= derKey.length) {
+    throw new Error('Invalid DER encoding: Bit string not found')
+  }
+
+  // Skip the bit string tag (0x03) and length byte
+  index += 2
+
+  // Skip the unused bits count byte
+  index++
+
+  return derKey.slice(index)
+}
+
+export const isRawCompressedPublicKey = (key: Uint8Array): boolean => key.length === 33 && (key[0] === 0x02 || key[0] === 0x03)
+
+export const toRawCompressedHexPublicKey = (rawPublicKey: Uint8Array, keyType: TKeyType): string => {
+  if (isRawCompressedPublicKey(rawPublicKey)) {
+    throw new Error('Invalid public key format, an uncompressed raw public key is required as input, not a raw')
+  }
+
+  if (keyType === 'Secp256k1' || keyType === 'Secp256r1') {
+    if (rawPublicKey[0] === 0x04 && rawPublicKey.length === 65) {
+      const xCoordinate = rawPublicKey.slice(1, 33)
+      const yCoordinate = rawPublicKey.slice(33)
+      const prefix = new Uint8Array([yCoordinate[31] % 2 === 0 ? 0x02 : 0x03])
+      const resultKey = hexStringFromUint8Array(new Uint8Array([...prefix, ...xCoordinate]))
+      logger.debug(`converted public key ${hexStringFromUint8Array(rawPublicKey)} to ${resultKey}`)
+      return resultKey
+    }
+    return u8a.toString(rawPublicKey, 'base16')
+  } else if (keyType === 'Ed25519') {
+    // Ed25519 keys are always in compressed form
+    return u8a.toString(rawPublicKey, 'base16')
+  }
+
+  throw new Error(`Unsupported key type: ${keyType}`)
+}
+
+export const hexStringFromUint8Array = (value: Uint8Array): string => u8a.toString(value, 'base16')

package/src/index.ts

@@ -4,9 +4,7 @@
  *
  * @packageDocumentation
  */
-export * from './x509'
 export * from './functions'
 export * from './jwk-jcs'
 export * from './types'
-export * from './x509/x509-utils'
 export * from './digest-methods'

package/src/jwk-jcs.ts

@@ -1,7 +1,6 @@
 import { TextDecoder, TextEncoder } from 'web-encoding'
 import isPlainObject from 'lodash.isplainobject'
 import type { ByteView } from 'multiformats/codecs/interface'
-import type { JsonWebKey } from 'did-resolver'
 
 const textEncoder = new TextEncoder()
 const textDecoder = new TextDecoder()

package/src/types/key-util-types.ts

@@ -79,6 +79,7 @@ export interface X509Opts {
 
 export interface IImportProvidedOrGeneratedKeyArgs {
   kms?: string
+  alias?: string
   options?: IKeyOpts
 }
 export interface IKeyOpts {

package/dist/x509/index.d.ts

@@ -1,4 +0,0 @@
-export * from './rsa-key';
-export * from './rsa-signer';
-export * from './x509-utils';
-//# sourceMappingURL=index.d.ts.map

package/dist/x509/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA"}

package/dist/x509/index.js

@@ -1,20 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./rsa-key"), exports);
-__exportStar(require("./rsa-signer"), exports);
-__exportStar(require("./x509-utils"), exports);
-//# sourceMappingURL=index.js.map

package/dist/x509/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/x509/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,4CAAyB;AACzB,+CAA4B;AAC5B,+CAA4B"}

package/dist/x509/rsa-key.d.ts

@@ -1,11 +0,0 @@
-import { HashAlgorithm } from '../digest-methods';
-import { JWK } from '../types';
-export type RSASignatureSchemes = 'RSASSA-PKCS1-V1_5' | 'RSA-PSS';
-export type RSAEncryptionSchemes = 'RSAES-PKCS-v1_5 ' | 'RSAES-OAEP';
-export declare const signAlgorithmToSchemeAndHashAlg: (signingAlg: string) => {
-    scheme: "RSASSA-PKCS1-V1_5" | "RSA-PSS";
-    hashAlgorithm: HashAlgorithm;
-};
-export declare const cryptoSubtleImportRSAKey: (jwk: JWK, scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm) => Promise<CryptoKey>;
-export declare const generateRSAKeyAsPEM: (scheme: RSAEncryptionSchemes | RSASignatureSchemes, hashAlgorithm?: HashAlgorithm, modulusLength?: number) => Promise<string>;
-//# sourceMappingURL=rsa-key.d.ts.map

package/dist/x509/rsa-key.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-key.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,MAAM,mBAAmB,GAAG,mBAAmB,GAAG,SAAS,CAAA;AAEjE,MAAM,MAAM,oBAAoB,GAAG,kBAAkB,GAAG,YAAY,CAAA;AA2BpE,eAAO,MAAM,+BAA+B,eAAgB,MAAM;;;CAajE,CAAA;AAED,eAAO,MAAM,wBAAwB,QAC9B,GAAG,UACA,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,KAC5B,QAAQ,SAAS,CAKnB,CAAA;AAED,eAAO,MAAM,mBAAmB,WACtB,oBAAoB,GAAG,mBAAmB,kBAClC,aAAa,kBACb,MAAM,KACrB,QAAQ,MAAM,CAgBhB,CAAA"}

package/dist/x509/rsa-key.js

@@ -1,101 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.generateRSAKeyAsPEM = exports.cryptoSubtleImportRSAKey = exports.signAlgorithmToSchemeAndHashAlg = void 0;
-const u8a = __importStar(require("uint8arrays"));
-const x509_utils_1 = require("./x509-utils");
-const usage = (jwk) => {
-    var _a, _b, _c, _d;
-    if (jwk.key_ops && jwk.key_ops.length > 0) {
-        return jwk.key_ops;
-    }
-    if (jwk.use) {
-        const usages = [];
-        if (jwk.use.includes('sig')) {
-            usages.push('sign', 'verify');
-        }
-        else if (jwk.use.includes('enc')) {
-            usages.push('encrypt', 'decrypt');
-        }
-        if (usages.length > 0) {
-            return usages;
-        }
-    }
-    if (jwk.kty === 'RSA') {
-        if (jwk.d) {
-            return ((_b = (_a = jwk.alg) === null || _a === void 0 ? void 0 : _a.toUpperCase()) === null || _b === void 0 ? void 0 : _b.includes('QAEP')) ? ['encrypt'] : ['sign'];
-        }
-        return ((_d = (_c = jwk.alg) === null || _c === void 0 ? void 0 : _c.toUpperCase()) === null || _d === void 0 ? void 0 : _d.includes('QAEP')) ? ['decrypt'] : ['verify'];
-    }
-    // "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
-    return jwk.d && jwk.kty !== 'RSA' ? ['sign', 'decrypt', 'verify', 'encrypt'] : ['verify'];
-};
-const signAlgorithmToSchemeAndHashAlg = (signingAlg) => {
-    const alg = signingAlg.toUpperCase();
-    let scheme;
-    if (alg.startsWith('RS')) {
-        scheme = 'RSASSA-PKCS1-V1_5';
-    }
-    else if (alg.startsWith('PS')) {
-        scheme = 'RSA-PSS';
-    }
-    else {
-        throw Error(`Invalid signing algorithm supplied ${signingAlg}`);
-    }
-    const hashAlgorithm = `SHA-${alg.substring(2)}`;
-    return { scheme, hashAlgorithm };
-};
-exports.signAlgorithmToSchemeAndHashAlg = signAlgorithmToSchemeAndHashAlg;
-const cryptoSubtleImportRSAKey = (jwk, scheme, hashAlgorithm) => __awaiter(void 0, void 0, void 0, function* () {
-    const hashName = hashAlgorithm ? hashAlgorithm : jwk.alg ? `SHA-${jwk.alg.substring(2)}` : 'SHA-256';
-    const importParams = { name: scheme, hash: hashName };
-    return yield crypto.subtle.importKey('jwk', jwk, importParams, false, usage(jwk));
-});
-exports.cryptoSubtleImportRSAKey = cryptoSubtleImportRSAKey;
-const generateRSAKeyAsPEM = (scheme, hashAlgorithm, modulusLength) => __awaiter(void 0, void 0, void 0, function* () {
-    const hashName = hashAlgorithm ? hashAlgorithm : 'SHA-256';
-    const params = {
-        name: scheme,
-        hash: hashName,
-        modulusLength: modulusLength ? modulusLength : 2048,
-        publicExponent: new Uint8Array([1, 0, 1]),
-    };
-    const keyUsage = scheme === 'RSA-PSS' || scheme === 'RSASSA-PKCS1-V1_5' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
-    const keypair = yield crypto.subtle.generateKey(params, true, keyUsage);
-    const pkcs8 = yield crypto.subtle.exportKey('pkcs8', keypair.privateKey);
-    const uint8Array = new Uint8Array(pkcs8);
-    return (0, x509_utils_1.base64ToPEM)(u8a.toString(uint8Array, 'base64pad'), 'RSA PRIVATE KEY');
-});
-exports.generateRSAKeyAsPEM = generateRSAKeyAsPEM;
-//# sourceMappingURL=rsa-key.js.map

package/dist/x509/rsa-key.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-key.js","sourceRoot":"","sources":["../../src/x509/rsa-key.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAGlC,6CAA0C;AAM1C,MAAM,KAAK,GAAG,CAAC,GAAQ,EAAc,EAAE;;IACrC,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,OAAO,GAAG,CAAC,OAAqB,CAAA;IAClC,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,MAAM,MAAM,GAAe,EAAE,CAAA;QAC7B,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAC/B,CAAC;aAAM,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QACnC,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,MAAM,CAAA;QACf,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,CAAC,EAAE,CAAC;YACV,OAAO,CAAA,MAAA,MAAA,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,0CAAE,QAAQ,CAAC,MAAM,CAAC,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;QAC1E,CAAC;QACD,OAAO,CAAA,MAAA,MAAA,GAAG,CAAC,GAAG,0CAAE,WAAW,EAAE,0CAAE,QAAQ,CAAC,MAAM,CAAC,EAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;IAC5E,CAAC;IACD,oGAAoG;IACpG,OAAO,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;AAC3F,CAAC,CAAA;AAEM,MAAM,+BAA+B,GAAG,CAAC,UAAkB,EAAE,EAAE;IACpE,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;IACpC,IAAI,MAAkD,CAAA;IACtD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,GAAG,mBAAmB,CAAA;IAC9B,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,GAAG,SAAS,CAAA;IACpB,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,CAAC,sCAAsC,UAAU,EAAE,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAmB,CAAA;IAChE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAA;AAClC,CAAC,CAAA;AAbY,QAAA,+BAA+B,mCAa3C;AAEM,MAAM,wBAAwB,GAAG,CACtC,GAAQ,EACR,MAAkD,EAClD,aAA6B,EACT,EAAE;IACtB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;IAEpG,MAAM,YAAY,GAA0B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC5E,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAiB,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;AACjG,CAAC,CAAA,CAAA;AATY,QAAA,wBAAwB,4BASpC;AAEM,MAAM,mBAAmB,GAAG,CACjC,MAAkD,EAClD,aAA6B,EAC7B,aAAsB,EACL,EAAE;IACnB,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;IAE1D,MAAM,MAAM,GAA0B;QACpC,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,QAAQ;QACd,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI;QACnD,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;KAC1C,CAAA;IACD,MAAM,QAAQ,GAAe,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;IAEjI,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvE,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAA;IAExE,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;IACxC,OAAO,IAAA,wBAAW,EAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,iBAAiB,CAAC,CAAA;AAC9E,CAAC,CAAA,CAAA;AApBY,QAAA,mBAAmB,uBAoB/B"}

package/dist/x509/rsa-signer.d.ts

@@ -1,25 +0,0 @@
-import { HashAlgorithm } from '../digest-methods';
-import { JWK, KeyVisibility } from '../types';
-import { RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key';
-export declare class RSASigner {
-    private readonly hashAlgorithm;
-    private readonly jwk;
-    private key;
-    private readonly scheme;
-    /**
-     *
-     * @param key Either in PEM or JWK format (no raw hex keys here!)
-     * @param opts The algorithm and signature/encryption schemes
-     */
-    constructor(key: string | JWK, opts?: {
-        hashAlgorithm?: HashAlgorithm;
-        scheme?: RSAEncryptionSchemes | RSASignatureSchemes;
-        visibility?: KeyVisibility;
-    });
-    private getImportParams;
-    private getKey;
-    private bufferToString;
-    sign(data: Uint8Array): Promise<string>;
-    verify(data: string | Uint8Array, signature: string): Promise<boolean>;
-}
-//# sourceMappingURL=rsa-signer.d.ts.map

package/dist/x509/rsa-signer.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-signer.d.ts","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAA4B,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAA;AAG/F,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAK;IAEzB,OAAO,CAAC,GAAG,CAAuB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;IAEnE;;;;OAIG;gBAED,GAAG,EAAE,MAAM,GAAG,GAAG,EACjB,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,aAAa,CAAC;QAAC,MAAM,CAAC,EAAE,oBAAoB,GAAG,mBAAmB,CAAC;QAAC,UAAU,CAAC,EAAE,aAAa,CAAA;KAAE;IAY3H,OAAO,CAAC,eAAe;YAQT,MAAM;IAOpB,OAAO,CAAC,cAAc;IAKT,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAYvC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAgBpF"}

package/dist/x509/rsa-signer.js

@@ -1,105 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RSASigner = void 0;
-const u8a = __importStar(require("uint8arrays"));
-const rsa_key_1 = require("./rsa-key");
-const x509_utils_1 = require("./x509-utils");
-class RSASigner {
-    /**
-     *
-     * @param key Either in PEM or JWK format (no raw hex keys here!)
-     * @param opts The algorithm and signature/encryption schemes
-     */
-    constructor(key, opts) {
-        var _a, _b;
-        if (typeof key === 'string') {
-            this.jwk = (0, x509_utils_1.PEMToJwk)(key, opts === null || opts === void 0 ? void 0 : opts.visibility);
-        }
-        else {
-            this.jwk = key;
-        }
-        this.hashAlgorithm = (_a = opts === null || opts === void 0 ? void 0 : opts.hashAlgorithm) !== null && _a !== void 0 ? _a : 'SHA-256';
-        this.scheme = (_b = opts === null || opts === void 0 ? void 0 : opts.scheme) !== null && _b !== void 0 ? _b : 'RSA-PSS';
-    }
-    getImportParams() {
-        if (this.scheme === 'RSA-PSS') {
-            return { name: this.scheme, saltLength: 32 };
-        }
-        // console.log({ name: this.scheme /*, hash: this.hashAlgorithm*/ })
-        return { name: this.scheme /*, hash: this.hashAlgorithm*/ };
-    }
-    getKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.key) {
-                this.key = yield (0, rsa_key_1.cryptoSubtleImportRSAKey)(this.jwk, this.scheme, this.hashAlgorithm);
-            }
-            return this.key;
-        });
-    }
-    bufferToString(buf) {
-        const uint8Array = new Uint8Array(buf);
-        return u8a.toString(uint8Array, 'base64url'); // Needs to be base64url for JsonWebSignature2020. Don't change!
-    }
-    sign(data) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const input = data;
-            const key = yield this.getKey();
-            const signature = this.bufferToString(yield crypto.subtle.sign(this.getImportParams(), key, input));
-            if (!signature) {
-                throw Error('Could not sign input data');
-            }
-            //  base64url signature
-            return signature;
-        });
-    }
-    verify(data, signature) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const jws = signature.includes('.') ? signature.split('.')[2] : signature;
-            const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data;
-            let key = yield this.getKey();
-            if (!key.usages.includes('verify')) {
-                const verifyJwk = Object.assign({}, this.jwk);
-                delete verifyJwk.d;
-                delete verifyJwk.use;
-                delete verifyJwk.key_ops;
-                key = yield (0, rsa_key_1.cryptoSubtleImportRSAKey)(verifyJwk, this.scheme, this.hashAlgorithm);
-            }
-            const verificationResult = yield crypto.subtle.verify(this.getImportParams(), key, u8a.fromString(jws, 'base64url'), input);
-            return verificationResult;
-        });
-    }
-}
-exports.RSASigner = RSASigner;
-//# sourceMappingURL=rsa-signer.js.map

package/dist/x509/rsa-signer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"rsa-signer.js","sourceRoot":"","sources":["../../src/x509/rsa-signer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAGlC,uCAA+F;AAC/F,6CAAuC;AAEvC,MAAa,SAAS;IAOpB;;;;OAIG;IACH,YACE,GAAiB,EACjB,IAAyH;;QAEzH,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,GAAG,IAAA,qBAAQ,EAAC,GAAG,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,CAAC,CAAA;QAC5C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;QAChB,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,aAAa,mCAAI,SAAS,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,mCAAI,SAAS,CAAA;IACzC,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,CAAA;QAC9C,CAAC;QACD,oEAAoE;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAA;IAC7D,CAAC;IAEa,MAAM;;YAClB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,IAAI,CAAC,GAAG,GAAG,MAAM,IAAA,kCAAwB,EAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;YACtF,CAAC;YACD,OAAO,IAAI,CAAC,GAAG,CAAA;QACjB,CAAC;KAAA;IAEO,cAAc,CAAC,GAAgB;QACrC,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAA;QACtC,OAAO,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA,CAAC,gEAAgE;IAC/G,CAAC;IAEY,IAAI,CAAC,IAAgB;;YAChC,MAAM,KAAK,GAAG,IAAI,CAAA;YAClB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,KAAK,CAAC,2BAA2B,CAAC,CAAA;YAC1C,CAAC;YAED,uBAAuB;YACvB,OAAO,SAAS,CAAA;QAClB,CAAC;KAAA;IAEY,MAAM,CAAC,IAAyB,EAAE,SAAiB;;YAC9D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YAEzE,MAAM,KAAK,GAAG,OAAO,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAE5E,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAC7B,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnC,MAAM,SAAS,qBAAQ,IAAI,CAAC,GAAG,CAAE,CAAA;gBACjC,OAAO,SAAS,CAAC,CAAC,CAAA;gBAClB,OAAO,SAAS,CAAC,GAAG,CAAA;gBACpB,OAAO,SAAS,CAAC,OAAO,CAAA;gBACxB,GAAG,GAAG,MAAM,IAAA,kCAAwB,EAAC,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;YAClF,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAA;YAC3H,OAAO,kBAAkB,CAAA;QAC3B,CAAC;KAAA;CACF;AA1ED,8BA0EC"}

package/dist/x509/x509-utils.d.ts

@@ -1,25 +0,0 @@
-import { JWK, KeyVisibility } from '../types';
-export declare function pemCertChainTox5c(cert: string, maxDepth?: number): string[];
-export declare function x5cToPemCertChain(x5c: string[], maxDepth?: number): string;
-export declare const toKeyObject: (PEM: string, visibility?: KeyVisibility) => {
-    pem: string;
-    jwk: JWK;
-    keyHex: string;
-    keyType: KeyVisibility;
-};
-export declare const jwkToPEM: (jwk: JWK, visibility?: KeyVisibility) => string;
-export declare const PEMToJwk: (pem: string, visibility?: KeyVisibility) => JWK;
-export declare const privateKeyHexFromPEM: (PEM: string) => string;
-export declare const hexKeyFromPEMBasedJwk: (jwk: JWK, visibility?: KeyVisibility) => string;
-export declare const publicKeyHexFromPEM: (PEM: string) => string;
-export declare const PEMToHex: (PEM: string, headerKey?: string) => string;
-/**
- * Converts a base64 encoded string to hex string, removing any non-base64 characters, including newlines
- * @param input The input in base64, with optional newlines
- * @param inputEncoding
- */
-export declare const base64ToHex: (input: string, inputEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => string;
-export declare const hexToBase64: (input: number | object | string, targetEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => string;
-export declare const hexToPEM: (hex: string, type: KeyVisibility) => string;
-export declare function base64ToPEM(cert: string, headerKey?: 'PUBLIC KEY' | 'RSA PRIVATE KEY' | 'PRIVATE KEY' | 'CERTIFICATE'): string;
-//# sourceMappingURL=x509-utils.d.ts.map

package/dist/x509/x509-utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"x509-utils.d.ts","sourceRoot":"","sources":["../../src/x509/x509-utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAI7C,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAuB3E;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAU1E;AAED,eAAO,MAAM,WAAW,QAAS,MAAM,eAAc,aAAa;;;;;CAWjE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,GAAG,eAAc,aAAa,KAAc,MAEzE,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,eAAc,aAAa,KAAc,GAE5E,CAAA;AACD,eAAO,MAAM,oBAAoB,QAAS,MAAM,WAE/C,CAAA;AAED,eAAO,MAAM,qBAAqB,QAAS,GAAG,eAAc,aAAa,KAAc,MAMtF,CAAA;AAED,eAAO,MAAM,mBAAmB,QAAS,MAAM,WAU9C,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,cAAc,MAAM,KAAG,MAc1D,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,WAAW,UAAW,MAAM,kBAAkB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,WAG/G,CAAA;AAED,eAAO,MAAM,WAAW,UAAW,MAAM,GAAG,MAAM,GAAG,MAAM,mBAAmB,QAAQ,GAAG,WAAW,GAAG,WAAW,GAAG,cAAc,KAAG,MAMrI,CAAA;AAED,eAAO,MAAM,QAAQ,QAAS,MAAM,QAAQ,aAAa,KAAG,MAa3D,CAAA;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,YAAY,GAAG,iBAAiB,GAAG,aAAa,GAAG,aAAa,GAAG,MAAM,CAO9H"}