@sphereon/ssi-sdk-ext.key-utils 0.34.1-feature.FIDES.1.274 → 0.34.1-feature.IDK.11.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +10 -15
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +0 -1
- package/dist/index.d.ts +0 -1
- package/dist/index.js +10 -15
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
- package/src/functions.ts +28 -34
- package/src/types/key-util-types.ts +0 -1
package/src/functions.ts
CHANGED
|
@@ -115,25 +115,19 @@ export async function importProvidedOrGeneratedKey(
|
|
|
115
115
|
args: IImportProvidedOrGeneratedKeyArgs & {
|
|
116
116
|
kms: string
|
|
117
117
|
},
|
|
118
|
-
context: IAgentContext<IKeyManager
|
|
118
|
+
context: IAgentContext<IKeyManager>
|
|
119
119
|
): Promise<IKey> {
|
|
120
120
|
// @ts-ignore
|
|
121
121
|
const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? 'Secp256r1'
|
|
122
122
|
const key = args?.options?.key
|
|
123
|
-
|
|
123
|
+
// Make sure x509 options are also set on the metadata as that is what the kms will look for
|
|
124
|
+
if (args.options?.x509 && key) {
|
|
124
125
|
key.meta = {
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
key.meta = {
|
|
131
|
-
...key.meta,
|
|
132
|
-
x509: {
|
|
133
|
-
...args.options.x509,
|
|
134
|
-
...key.meta?.x509,
|
|
135
|
-
},
|
|
136
|
-
}
|
|
126
|
+
...key.meta,
|
|
127
|
+
x509: {
|
|
128
|
+
...args.options.x509,
|
|
129
|
+
...key.meta?.x509,
|
|
130
|
+
},
|
|
137
131
|
}
|
|
138
132
|
}
|
|
139
133
|
|
|
@@ -178,8 +172,8 @@ export const calculateJwkThumbprintForKey = (args: {
|
|
|
178
172
|
const jwk = key.publicKeyHex
|
|
179
173
|
? toJwk(key.publicKeyHex, key.type, { key: key, isPrivateKey: false })
|
|
180
174
|
: 'privateKeyHex' in key && key.privateKeyHex
|
|
181
|
-
|
|
182
|
-
|
|
175
|
+
? toJwk(key.privateKeyHex, key.type, { isPrivateKey: true })
|
|
176
|
+
: undefined
|
|
183
177
|
if (!jwk) {
|
|
184
178
|
throw Error(`Could not determine jwk from key ${key.kid}`)
|
|
185
179
|
}
|
|
@@ -237,7 +231,7 @@ export const toJwkFromKey = (
|
|
|
237
231
|
opts?: {
|
|
238
232
|
use?: JwkKeyUse
|
|
239
233
|
noKidThumbprint?: boolean
|
|
240
|
-
}
|
|
234
|
+
}
|
|
241
235
|
): JWK => {
|
|
242
236
|
const isPrivateKey = 'privateKeyHex' in key
|
|
243
237
|
return toJwk(key.publicKeyHex!, key.type, { ...opts, key, isPrivateKey })
|
|
@@ -253,7 +247,7 @@ export const toJwkFromKey = (
|
|
|
253
247
|
export const toJwk = (
|
|
254
248
|
publicKeyHex: string,
|
|
255
249
|
type: TKeyType,
|
|
256
|
-
opts?: { use?: JwkKeyUse; key?: IKey | MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean }
|
|
250
|
+
opts?: { use?: JwkKeyUse; key?: IKey | MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean }
|
|
257
251
|
): JWK => {
|
|
258
252
|
const { key, noKidThumbprint = false } = opts ?? {}
|
|
259
253
|
if (key && key.publicKeyHex !== publicKeyHex && opts?.isPrivateKey !== true) {
|
|
@@ -439,10 +433,10 @@ export const jwkDetermineUse = (type: TKeyType, suppliedUse?: JwkKeyUse): JwkKey
|
|
|
439
433
|
return suppliedUse
|
|
440
434
|
? suppliedUse
|
|
441
435
|
: SIG_KEY_ALGS.includes(type)
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
436
|
+
? JwkKeyUse.Signature
|
|
437
|
+
: ENC_KEY_ALGS.includes(type)
|
|
438
|
+
? JwkKeyUse.Encryption
|
|
439
|
+
: undefined
|
|
446
440
|
}
|
|
447
441
|
|
|
448
442
|
/**
|
|
@@ -457,7 +451,7 @@ const assertProperKeyLength = (keyHex: string, expectedKeyLength: number | numbe
|
|
|
457
451
|
throw Error(
|
|
458
452
|
`Invalid key length. Needs to be a hex string with length from ${JSON.stringify(expectedKeyLength)} instead of ${
|
|
459
453
|
keyHex.length
|
|
460
|
-
}. Input: ${keyHex}
|
|
454
|
+
}. Input: ${keyHex}`
|
|
461
455
|
)
|
|
462
456
|
}
|
|
463
457
|
} else if (keyHex.length !== expectedKeyLength) {
|
|
@@ -490,8 +484,8 @@ const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
|
|
|
490
484
|
...(use !== undefined && { use }),
|
|
491
485
|
kty: JwkKeyType.EC,
|
|
492
486
|
crv: JoseCurve.secp256k1,
|
|
493
|
-
x: hexToBase64(pubPoint.getX().toString('hex')
|
|
494
|
-
y: hexToBase64(pubPoint.getY().toString('hex')
|
|
487
|
+
x: hexToBase64(pubPoint.getX().toString('hex'), 'base64url'),
|
|
488
|
+
y: hexToBase64(pubPoint.getY().toString('hex'), 'base64url'),
|
|
495
489
|
...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),
|
|
496
490
|
})
|
|
497
491
|
}
|
|
@@ -521,8 +515,8 @@ const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
|
|
|
521
515
|
...(use !== undefined && { use }),
|
|
522
516
|
kty: JwkKeyType.EC,
|
|
523
517
|
crv: JoseCurve.P_256,
|
|
524
|
-
x: hexToBase64(pubPoint.getX().toString('hex')
|
|
525
|
-
y: hexToBase64(pubPoint.getY().toString('hex')
|
|
518
|
+
x: hexToBase64(pubPoint.getX().toString('hex'), 'base64url'),
|
|
519
|
+
y: hexToBase64(pubPoint.getY().toString('hex'), 'base64url'),
|
|
526
520
|
...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),
|
|
527
521
|
})
|
|
528
522
|
}
|
|
@@ -538,7 +532,7 @@ const toEd25519OrX25519Jwk = (
|
|
|
538
532
|
opts: {
|
|
539
533
|
use?: JwkKeyUse
|
|
540
534
|
crv: JoseCurve.Ed25519 | JoseCurve.X25519
|
|
541
|
-
}
|
|
535
|
+
}
|
|
542
536
|
): JWK => {
|
|
543
537
|
assertProperKeyLength(publicKeyHex, 64)
|
|
544
538
|
const { use } = opts ?? {}
|
|
@@ -960,8 +954,8 @@ export async function verifyRawSignature({
|
|
|
960
954
|
signatureAlgorithm === JoseSignatureAlgorithm.RS512 || signatureAlgorithm === JoseSignatureAlgorithm.PS512
|
|
961
955
|
? sha512
|
|
962
956
|
: signatureAlgorithm === JoseSignatureAlgorithm.RS384 || signatureAlgorithm === JoseSignatureAlgorithm.PS384
|
|
963
|
-
|
|
964
|
-
|
|
957
|
+
? sha384
|
|
958
|
+
: sha256
|
|
965
959
|
switch (signatureAlgorithm) {
|
|
966
960
|
case JoseSignatureAlgorithm.RS256:
|
|
967
961
|
return rsa.PKCS1_SHA256.verify(
|
|
@@ -970,7 +964,7 @@ export async function verifyRawSignature({
|
|
|
970
964
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
971
965
|
},
|
|
972
966
|
data,
|
|
973
|
-
signature
|
|
967
|
+
signature
|
|
974
968
|
)
|
|
975
969
|
case JoseSignatureAlgorithm.RS384:
|
|
976
970
|
return rsa.PKCS1_SHA384.verify(
|
|
@@ -979,7 +973,7 @@ export async function verifyRawSignature({
|
|
|
979
973
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
980
974
|
},
|
|
981
975
|
data,
|
|
982
|
-
signature
|
|
976
|
+
signature
|
|
983
977
|
)
|
|
984
978
|
case JoseSignatureAlgorithm.RS512:
|
|
985
979
|
return rsa.PKCS1_SHA512.verify(
|
|
@@ -988,7 +982,7 @@ export async function verifyRawSignature({
|
|
|
988
982
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
989
983
|
},
|
|
990
984
|
data,
|
|
991
|
-
signature
|
|
985
|
+
signature
|
|
992
986
|
)
|
|
993
987
|
case JoseSignatureAlgorithm.PS256:
|
|
994
988
|
case JoseSignatureAlgorithm.PS384:
|
|
@@ -1008,7 +1002,7 @@ export async function verifyRawSignature({
|
|
|
1008
1002
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
1009
1003
|
},
|
|
1010
1004
|
data,
|
|
1011
|
-
signature
|
|
1005
|
+
signature
|
|
1012
1006
|
)
|
|
1013
1007
|
}
|
|
1014
1008
|
}
|