@sphereon/ssi-sdk-ext.key-utils 0.28.1-feature.oyd.cmsm.improv.21 → 0.28.1-next.53

package/dist/index.d.ts

@@ -1,12 +1,231 @@
+import * as _sphereon_ssi_types from '@sphereon/ssi-types';
+import { JWK, JoseSignatureAlgorithm, ICoseKeyJson, ICoseKeyType, JwkKeyType, JwkKeyTypeString, ICoseSignatureAlgorithm, JoseSignatureAlgorithmString, JoseKeyOperation, JoseKeyOperationString, ICoseKeyOperation, JoseCurve, JoseCurveString, ICoseCurve, JsonWebKey as JsonWebKey$1, HasherSync } from '@sphereon/ssi-types';
+import { MinimalImportableKey, IKey, IAgentContext, IKeyManager, ManagedKeyInfo } from '@veramo/core';
+import { JsonWebKey } from 'did-resolver';
+import { Crypto } from 'node';
+import { ByteView } from 'multiformats/codecs/interface';
+
+declare const JWK_JCS_PUB_NAME: "jwk_jcs-pub";
+declare const JWK_JCS_PUB_PREFIX = 60241;
+type TKeyType = 'Ed25519' | 'Secp256k1' | 'Secp256r1' | 'Secp384r1' | 'Secp521r1' | 'X25519' | 'Bls12381G1' | 'Bls12381G2' | 'RSA';
+declare enum Key {
+    Ed25519 = "Ed25519",
+    Secp256k1 = "Secp256k1",
+    Secp256r1 = "Secp256r1"
+}
+declare enum JwkKeyUse {
+    Encryption = "enc",
+    Signature = "sig"
+}
+declare const SIG_KEY_ALGS: string[];
+declare const ENC_KEY_ALGS: string[];
+type KeyVisibility = 'public' | 'private';
+interface X509Opts {
+    cn?: string;
+    privateKeyPEM?: string;
+    certificatePEM?: string;
+    certificateChainURL?: string;
+    certificateChainPEM?: string;
+}
+interface IImportProvidedOrGeneratedKeyArgs {
+    kms?: string;
+    alias?: string;
+    options?: IKeyOpts;
+}
+interface IKeyOpts {
+    key?: Partial<MinimalImportableKey>;
+    type?: Exclude<TKeyType, 'Secp384r1' | 'Secp521r1'>;
+    use?: JwkKeyUse;
+    x509?: X509Opts;
+}
+type SignatureAlgorithmFromKeyArgs = {
+    key: IKey;
+};
+type SignatureAlgorithmFromKeyTypeArgs = {
+    type: TKeyType;
+};
+type KeyTypeFromCryptographicSuiteArgs = {
+    crv?: string;
+    kty?: string;
+    alg?: string;
+};
+
+declare const logger: _sphereon_ssi_types.ISimpleLogger<unknown>;
 /**
- * Provides `did:jwk` {@link @veramo/did-provider-jwk#JwkDIDProvider | identifier provider }
- * for the {@link @veramo/did-manager#DIDManager}
+ * Function that returns the provided KMS name or the default KMS name if none is provided.
+ * The default KMS is either explicitly defined during agent construction, or the first KMS available in the system
+ * @param context
+ * @param kms. Optional KMS to use. If provided will be the returned name. Otherwise the default KMS will be returned
+ */
+declare const getKms: (context: IAgentContext<any>, kms?: string) => Promise<string>;
+/**
+ * Generates a random Private Hex Key for the specified key type
+ * @param type The key type
+ * @return The private key in Hex form
+ */
+declare const generatePrivateKeyHex: (type: TKeyType) => Promise<string>;
+/**
+ * We optionally generate and then import our own keys.
+ *
+ * @param args The key arguments
+ * @param context The Veramo agent context
+ * @private
+ */
+declare function importProvidedOrGeneratedKey(args: IImportProvidedOrGeneratedKeyArgs & {
+    kms: string;
+}, context: IAgentContext<IKeyManager>): Promise<IKey>;
+declare const calculateJwkThumbprintForKey: (args: {
+    key: IKey | MinimalImportableKey | ManagedKeyInfo;
+    digestAlgorithm?: "sha256" | "sha512";
+}) => string;
+declare const toBase64url: (input: string) => string;
+/**
+ * Calculate the JWK thumbprint
+ * @param args
+ */
+declare const calculateJwkThumbprint: (args: {
+    jwk: JWK;
+    digestAlgorithm?: "sha256" | "sha512";
+}) => string;
+declare const toJwkFromKey: (key: IKey | MinimalImportableKey | ManagedKeyInfo, opts?: {
+    use?: JwkKeyUse;
+    noKidThumbprint?: boolean;
+}) => JWK;
+/**
+ * Converts a public key in hex format to a JWK
+ * @param publicKeyHex public key in hex
+ * @param type The type of the key (Ed25519, Secp256k1/r1)
+ * @param opts. Options, like the optional use for the key (sig/enc)
+ * @return The JWK
+ */
+declare const toJwk: (publicKeyHex: string, type: TKeyType, opts?: {
+    use?: JwkKeyUse;
+    key?: IKey | MinimalImportableKey;
+    isPrivateKey?: boolean;
+    noKidThumbprint?: boolean;
+}) => JWK;
+/**
+ * Convert a JWK to a raw hex key.
+ * Currently supports `RSA` and `EC` keys. Extendable for other key types.
+ * @param jwk - The JSON Web Key object.
+ * @returns A string representing the key in raw hexadecimal format.
+ */
+declare const jwkToRawHexKey: (jwk: JWK) => Promise<string>;
+/**
+ * Convert an RSA JWK to a raw hex key.
+ * @param jwk - The RSA JWK object.
+ * @returns A string representing the RSA key in raw hexadecimal format.
+ */
+declare function rsaJwkToRawHexKey(jwk: JsonWebKey): string;
+/**
+ * Determines the use param based upon the key/signature type or supplied use value.
+ *
+ * @param type The key type
+ * @param suppliedUse A supplied use. Will be used in case it is present
+ */
+declare const jwkDetermineUse: (type: TKeyType, suppliedUse?: JwkKeyUse) => JwkKeyUse | undefined;
+declare const padLeft: (args: {
+    data: string;
+    size?: number;
+    padString?: string;
+}) => string;
+declare const isAsn1Der: (key: Uint8Array) => boolean;
+declare const asn1DerToRawPublicKey: (derKey: Uint8Array, keyType: TKeyType) => Uint8Array;
+declare const isRawCompressedPublicKey: (key: Uint8Array) => boolean;
+declare const toRawCompressedHexPublicKey: (rawPublicKey: Uint8Array, keyType: TKeyType) => string;
+declare const hexStringFromUint8Array: (value: Uint8Array) => string;
+declare const signatureAlgorithmFromKey: (args: SignatureAlgorithmFromKeyArgs) => Promise<JoseSignatureAlgorithm>;
+declare const signatureAlgorithmFromKeyType: (args: SignatureAlgorithmFromKeyTypeArgs) => JoseSignatureAlgorithm;
+declare const keyTypeFromCryptographicSuite: (args: KeyTypeFromCryptographicSuiteArgs) => TKeyType;
+declare function removeNulls<T>(obj: T | any): any;
+declare const globalCrypto: (setGlobal: boolean, suppliedCrypto?: Crypto) => Crypto;
+declare const sanitizedJwk: (input: JWK | JsonWebKey) => JWK;
+/**
+ *
+ */
+declare function verifyRawSignature({ data, signature, key: inputKey, opts, }: {
+    data: Uint8Array;
+    signature: Uint8Array;
+    key: JWK;
+    opts?: {
+        signatureAlg?: JoseSignatureAlgorithm;
+    };
+}): Promise<boolean>;
+/**
+ * Ensure the given DER‐encoded RSA public key (Uint8Array)
+ * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.
+ *
+ * @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI
+ * @returns DER‐encoded PKCS#1 RSAPublicKey
+ */
+declare function toPkcs1(derBytes: Uint8Array): Uint8Array;
+/**
+ * Ensure the given DER‐encoded RSA public key in Hex
+ * is raw PKCS#1. If it's X.509/SPKI‐wrapped, we strip the wrapper.
+ *
+ * @param derBytes – DER‐encoded public key, either PKCS#1 or X.509/SPKI
+ * @returns DER‐encoded PKCS#1 RSAPublicKey in hex
+ */
+declare function toPkcs1FromHex(publicKeyHex: string): any;
+
+declare function coseKeyToJwk(coseKey: ICoseKeyJson): JWK;
+declare function jwkToCoseKey(jwk: JWK): ICoseKeyJson;
+declare function coseToJoseKty(kty: ICoseKeyType): JwkKeyType;
+declare function joseToCoseKty(kty: JwkKeyType | JwkKeyTypeString): ICoseKeyType;
+declare function coseToJoseSignatureAlg(coseAlg: ICoseSignatureAlgorithm): JoseSignatureAlgorithm;
+declare function joseToCoseSignatureAlg(joseAlg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString): ICoseSignatureAlgorithm;
+declare function joseToCoseKeyOperation(keyOp: JoseKeyOperation | JoseKeyOperationString): ICoseKeyOperation;
+declare function coseToJoseKeyOperation(keyOp: ICoseKeyOperation): JoseKeyOperation;
+declare function joseToCoseCurve(curve: JoseCurve | JoseCurveString): ICoseCurve;
+declare function coseToJoseCurve(curve: ICoseCurve): JoseCurve;
+
+/**
+ * Checks if the JWK is valid. It must contain all the required members.
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc7518#section-6
+ * @see https://www.rfc-editor.org/rfc/rfc8037#section-2
+ *
+ * @param jwk - The JWK to check.
+ * @param opts
+ */
+declare function validateJwk(jwk: any, opts?: {
+    crvOptional?: boolean;
+}): void;
+/**
+ * Extracts the required members of the JWK and canonicalizes it.
+ *
+ * @param jwk - The JWK to canonicalize.
+ * @returns The JWK with only the required members, ordered lexicographically.
+ */
+declare function minimalJwk(jwk: any): JWK;
+/**
+ * Encodes a JWK into a Uint8Array. Only the required JWK members are encoded.
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc7518#section-6
+ * @see https://www.rfc-editor.org/rfc/rfc8037#section-2
+ * @see https://github.com/panva/jose/blob/3b8aa47b92d07a711bf5c3125276cc9a011794a4/src/jwk/thumbprint.ts#L37
+ *
+ * @param jwk - JSON Web Key.
+ * @returns Uint8Array-encoded JWK.
+ */
+declare function jwkJcsEncode(jwk: unknown): Uint8Array;
+/**
+ * Decodes an array of bytes into a JWK. Throws an error if the JWK is not valid.
  *
- * @packageDocumentation
+ * @param bytes - The array of bytes to decode.
+ * @returns The corresponding JSON Web Key.
  */
-export * from './functions';
-export * from './conversion';
-export * from './jwk-jcs';
-export * from './types';
-export * from './digest-methods';
-//# sourceMappingURL=index.d.ts.map
+declare function jwkJcsDecode(bytes: ByteView<JsonWebKey$1>): JsonWebKey$1;
+declare function jcsCanonicalize(object: any): string;
+
+declare const SupportedEncodings: any;
+type HashAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512';
+type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string;
+declare const digestMethodParams: (hashAlgorithm: HashAlgorithm) => {
+    hashAlgorithm: HashAlgorithm;
+    digestMethod: TDigestMethod;
+    hash: (data: Uint8Array) => Uint8Array;
+};
+declare const shaHasher: HasherSync;
+
+export { ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isRawCompressedPublicKey, jcsCanonicalize, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature };