@sphereon/ssi-sdk-ext.key-utils 0.34.1-feature.SSISDK.26.RP.57 → 0.34.1-feature.SSISDK.44.finish.dcql.309

package/dist/index.cjs

@@ -80,7 +80,8 @@ __export(index_exports, {
   toPkcs1FromHex: () => toPkcs1FromHex,
   toRawCompressedHexPublicKey: () => toRawCompressedHexPublicKey,
   validateJwk: () => validateJwk,
-  verifyRawSignature: () => verifyRawSignature
+  verifyRawSignature: () => verifyRawSignature,
+  x25519PublicHexFromPrivateHex: () => x25519PublicHexFromPrivateHex
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -276,17 +277,17 @@ __name(jcsCanonicalize, "jcsCanonicalize");
 // src/types/key-util-types.ts
 var JWK_JCS_PUB_NAME = "jwk_jcs-pub";
 var JWK_JCS_PUB_PREFIX = 60241;
-var Key = /* @__PURE__ */ function(Key2) {
+var Key = /* @__PURE__ */ (function(Key2) {
   Key2["Ed25519"] = "Ed25519";
   Key2["Secp256k1"] = "Secp256k1";
   Key2["Secp256r1"] = "Secp256r1";
   return Key2;
-}({});
-var JwkKeyUse = /* @__PURE__ */ function(JwkKeyUse2) {
+})({});
+var JwkKeyUse = /* @__PURE__ */ (function(JwkKeyUse2) {
   JwkKeyUse2["Encryption"] = "enc";
   JwkKeyUse2["Signature"] = "sig";
   return JwkKeyUse2;
-}({});
+})({});
 var SIG_KEY_ALGS = [
   "ES256",
   "ES384",
@@ -379,14 +380,19 @@ var keyMetaAlgorithmsFromKeyType = /* @__PURE__ */ __name((type) => {
 async function importProvidedOrGeneratedKey(args, context) {
   const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? "Secp256r1";
   const key = args?.options?.key;
-  if (args.options?.x509 && key) {
+  if (key) {
     key.meta = {
-      ...key.meta,
-      x509: {
-        ...args.options.x509,
-        ...key.meta?.x509
-      }
+      providerName: args.providerName
     };
+    if (args.options?.x509) {
+      key.meta = {
+        ...key.meta,
+        x509: {
+          ...args.options.x509,
+          ...key.meta?.x509
+        }
+      };
+    }
   }
   if (args.options && args.options?.use === JwkKeyUse.Encryption && !ENC_KEY_ALGS.includes(type)) {
     throw new Error(`${type} keys are not valid for encryption`);
@@ -633,6 +639,15 @@ function octJwkToRawHexKey(jwk) {
   return toString2(key, "hex");
 }
 __name(octJwkToRawHexKey, "octJwkToRawHexKey");
+function x25519PublicHexFromPrivateHex(privateKeyHex) {
+  if (!/^[0-9a-fA-F]{64}$/.test(privateKeyHex)) {
+    throw new Error("Private key must be 32-byte hex (64 chars)");
+  }
+  const priv = Uint8Array.from(Buffer.from(privateKeyHex, "hex"));
+  const pub = import_ed25519.x25519.getPublicKey(priv);
+  return Buffer.from(pub).toString("hex");
+}
+__name(x25519PublicHexFromPrivateHex, "x25519PublicHexFromPrivateHex");
 var jwkDetermineUse = /* @__PURE__ */ __name((type, suppliedUse) => {
   return suppliedUse ? suppliedUse : SIG_KEY_ALGS.includes(type) ? JwkKeyUse.Signature : ENC_KEY_ALGS.includes(type) ? JwkKeyUse.Encryption : void 0;
 }, "jwkDetermineUse");
@@ -669,8 +684,8 @@ var toSecp256k1Jwk = /* @__PURE__ */ __name((keyHex, opts) => {
     },
     kty: import_ssi_types.JwkKeyType.EC,
     crv: import_ssi_types.JoseCurve.secp256k1,
-    x: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getX().toString("hex"), "base64url"),
-    y: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getY().toString("hex"), "base64url"),
+    x: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getX().toString("hex").padStart(64, "0"), "base64url"),
+    y: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getY().toString("hex").padStart(64, "0"), "base64url"),
     ...opts?.isPrivateKey && {
       d: (0, import_ssi_sdk_ext.hexToBase64)(keyPair.getPrivate("hex"), "base64url")
     }
@@ -701,8 +716,8 @@ var toSecp256r1Jwk = /* @__PURE__ */ __name((keyHex, opts) => {
     },
     kty: import_ssi_types.JwkKeyType.EC,
     crv: import_ssi_types.JoseCurve.P_256,
-    x: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getX().toString("hex"), "base64url"),
-    y: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getY().toString("hex"), "base64url"),
+    x: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getX().toString("hex").padStart(64, "0"), "base64url"),
+    y: (0, import_ssi_sdk_ext.hexToBase64)(pubPoint.getY().toString("hex").padStart(64, "0"), "base64url"),
     ...opts?.isPrivateKey && {
       d: (0, import_ssi_sdk_ext.hexToBase64)(keyPair.getPrivate("hex"), "base64url")
     }
@@ -1103,7 +1118,7 @@ async function verifyRawSignature({ data, signature, key: inputKey, opts }) {
         return import_bls12_381.bls12_381.verify(signature, data, fromString2(publicKeyHex, "hex"));
       case "RSA": {
         const signatureAlgorithm = opts?.signatureAlg ?? jwk.alg ?? import_ssi_types.JoseSignatureAlgorithm.PS256;
-        const hashAlg = signatureAlgorithm === (import_ssi_types.JoseSignatureAlgorithm.RS512 || import_ssi_types.JoseSignatureAlgorithm.PS512) ? import_sha2.sha512 : signatureAlgorithm === (import_ssi_types.JoseSignatureAlgorithm.RS384 || import_ssi_types.JoseSignatureAlgorithm.PS384) ? import_sha2.sha384 : import_sha2.sha256;
+        const hashAlg = signatureAlgorithm === import_ssi_types.JoseSignatureAlgorithm.RS512 || signatureAlgorithm === import_ssi_types.JoseSignatureAlgorithm.PS512 ? import_sha2.sha512 : signatureAlgorithm === import_ssi_types.JoseSignatureAlgorithm.RS384 || signatureAlgorithm === import_ssi_types.JoseSignatureAlgorithm.PS384 ? import_sha2.sha384 : import_sha2.sha256;
         switch (signatureAlgorithm) {
           case import_ssi_types.JoseSignatureAlgorithm.RS256:
             return rsa.PKCS1_SHA256.verify({
@@ -1312,27 +1327,38 @@ function coseToJoseSignatureAlg(coseAlg) {
 __name(coseToJoseSignatureAlg, "coseToJoseSignatureAlg");
 function joseToCoseSignatureAlg(joseAlg) {
   switch (joseAlg) {
-    case (import_ssi_types2.JoseSignatureAlgorithm.ES256K, "ES256K"):
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256K:
+    case "ES256K":
       return import_ssi_types2.ICoseSignatureAlgorithm.ES256K;
-    case (import_ssi_types2.JoseSignatureAlgorithm.ES256, "ES256"):
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256:
+    case "ES256":
       return import_ssi_types2.ICoseSignatureAlgorithm.ES256;
-    case (import_ssi_types2.JoseSignatureAlgorithm.ES384, "ES384"):
+    case import_ssi_types2.JoseSignatureAlgorithm.ES384:
+    case "ES384":
       return import_ssi_types2.ICoseSignatureAlgorithm.ES384;
-    case (import_ssi_types2.JoseSignatureAlgorithm.ES512, "ES512"):
+    case import_ssi_types2.JoseSignatureAlgorithm.ES512:
+    case "ES512":
       return import_ssi_types2.ICoseSignatureAlgorithm.ES512;
-    case (import_ssi_types2.JoseSignatureAlgorithm.PS256, "PS256"):
+    case import_ssi_types2.JoseSignatureAlgorithm.PS256:
+    case "PS256":
       return import_ssi_types2.ICoseSignatureAlgorithm.PS256;
-    case (import_ssi_types2.JoseSignatureAlgorithm.PS384, "PS384"):
+    case import_ssi_types2.JoseSignatureAlgorithm.PS384:
+    case "PS384":
       return import_ssi_types2.ICoseSignatureAlgorithm.PS384;
-    case (import_ssi_types2.JoseSignatureAlgorithm.PS512, "PS512"):
+    case import_ssi_types2.JoseSignatureAlgorithm.PS512:
+    case "PS512":
       return import_ssi_types2.ICoseSignatureAlgorithm.PS512;
-    case (import_ssi_types2.JoseSignatureAlgorithm.HS256, "HS256"):
+    case import_ssi_types2.JoseSignatureAlgorithm.HS256:
+    case "HS256":
       return import_ssi_types2.ICoseSignatureAlgorithm.HS256;
-    case (import_ssi_types2.JoseSignatureAlgorithm.HS384, "HS384"):
+    case import_ssi_types2.JoseSignatureAlgorithm.HS384:
+    case "HS384":
       return import_ssi_types2.ICoseSignatureAlgorithm.HS384;
-    case (import_ssi_types2.JoseSignatureAlgorithm.HS512, "HS512"):
+    case import_ssi_types2.JoseSignatureAlgorithm.HS512:
+    case "HS512":
       return import_ssi_types2.ICoseSignatureAlgorithm.HS512;
-    case (import_ssi_types2.JoseSignatureAlgorithm.EdDSA, "EdDSA"):
+    case import_ssi_types2.JoseSignatureAlgorithm.EdDSA:
+    case "EdDSA":
       return import_ssi_types2.ICoseSignatureAlgorithm.EdDSA;
     default:
       throw Error(`Signature algorithm ${joseAlg} not supported in Cose`);
@@ -1341,21 +1367,29 @@ function joseToCoseSignatureAlg(joseAlg) {
 __name(joseToCoseSignatureAlg, "joseToCoseSignatureAlg");
 function joseToCoseKeyOperation(keyOp) {
   switch (keyOp) {
-    case (import_ssi_types2.JoseKeyOperation.SIGN, "sign"):
+    case import_ssi_types2.JoseKeyOperation.SIGN:
+    case "sign":
       return import_ssi_types2.ICoseKeyOperation.SIGN;
-    case (import_ssi_types2.JoseKeyOperation.VERIFY, "verify"):
+    case import_ssi_types2.JoseKeyOperation.VERIFY:
+    case "verify":
       return import_ssi_types2.ICoseKeyOperation.VERIFY;
-    case (import_ssi_types2.JoseKeyOperation.ENCRYPT, "encrypt"):
+    case import_ssi_types2.JoseKeyOperation.ENCRYPT:
+    case "encrypt":
       return import_ssi_types2.ICoseKeyOperation.ENCRYPT;
-    case (import_ssi_types2.JoseKeyOperation.DECRYPT, "decrypt"):
+    case import_ssi_types2.JoseKeyOperation.DECRYPT:
+    case "decrypt":
       return import_ssi_types2.ICoseKeyOperation.DECRYPT;
-    case (import_ssi_types2.JoseKeyOperation.WRAP_KEY, "wrapKey"):
+    case import_ssi_types2.JoseKeyOperation.WRAP_KEY:
+    case "wrapKey":
       return import_ssi_types2.ICoseKeyOperation.WRAP_KEY;
-    case (import_ssi_types2.JoseKeyOperation.UNWRAP_KEY, "unwrapKey"):
+    case import_ssi_types2.JoseKeyOperation.UNWRAP_KEY:
+    case "unwrapKey":
       return import_ssi_types2.ICoseKeyOperation.UNWRAP_KEY;
-    case (import_ssi_types2.JoseKeyOperation.DERIVE_KEY, "deriveKey"):
+    case import_ssi_types2.JoseKeyOperation.DERIVE_KEY:
+    case "deriveKey":
       return import_ssi_types2.ICoseKeyOperation.DERIVE_KEY;
-    case (import_ssi_types2.JoseKeyOperation.DERIVE_BITS, "deriveBits"):
+    case import_ssi_types2.JoseKeyOperation.DERIVE_BITS:
+    case "deriveBits":
       return import_ssi_types2.ICoseKeyOperation.DERIVE_BITS;
     default:
       throw Error(`Key operation ${keyOp} not supported in Cose`);