@sphereon/ssi-sdk-ext.key-utils 0.34.1-fix.80 → 0.34.1-next.278
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +19 -14
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +19 -14
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
- package/src/functions.ts +34 -28
- package/src/types/key-util-types.ts +1 -0
package/src/functions.ts
CHANGED
|
@@ -115,19 +115,25 @@ export async function importProvidedOrGeneratedKey(
|
|
|
115
115
|
args: IImportProvidedOrGeneratedKeyArgs & {
|
|
116
116
|
kms: string
|
|
117
117
|
},
|
|
118
|
-
context: IAgentContext<IKeyManager
|
|
118
|
+
context: IAgentContext<IKeyManager>,
|
|
119
119
|
): Promise<IKey> {
|
|
120
120
|
// @ts-ignore
|
|
121
121
|
const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? 'Secp256r1'
|
|
122
122
|
const key = args?.options?.key
|
|
123
|
-
|
|
124
|
-
if (args.options?.x509 && key) {
|
|
123
|
+
if (key) {
|
|
125
124
|
key.meta = {
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
125
|
+
providerName: args.providerName,
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
// Make sure x509 options are also set on the metadata as that is what the kms will look for
|
|
129
|
+
if (args.options?.x509) {
|
|
130
|
+
key.meta = {
|
|
131
|
+
...key.meta,
|
|
132
|
+
x509: {
|
|
133
|
+
...args.options.x509,
|
|
134
|
+
...key.meta?.x509,
|
|
135
|
+
},
|
|
136
|
+
}
|
|
131
137
|
}
|
|
132
138
|
}
|
|
133
139
|
|
|
@@ -172,8 +178,8 @@ export const calculateJwkThumbprintForKey = (args: {
|
|
|
172
178
|
const jwk = key.publicKeyHex
|
|
173
179
|
? toJwk(key.publicKeyHex, key.type, { key: key, isPrivateKey: false })
|
|
174
180
|
: 'privateKeyHex' in key && key.privateKeyHex
|
|
175
|
-
|
|
176
|
-
|
|
181
|
+
? toJwk(key.privateKeyHex, key.type, { isPrivateKey: true })
|
|
182
|
+
: undefined
|
|
177
183
|
if (!jwk) {
|
|
178
184
|
throw Error(`Could not determine jwk from key ${key.kid}`)
|
|
179
185
|
}
|
|
@@ -231,7 +237,7 @@ export const toJwkFromKey = (
|
|
|
231
237
|
opts?: {
|
|
232
238
|
use?: JwkKeyUse
|
|
233
239
|
noKidThumbprint?: boolean
|
|
234
|
-
}
|
|
240
|
+
},
|
|
235
241
|
): JWK => {
|
|
236
242
|
const isPrivateKey = 'privateKeyHex' in key
|
|
237
243
|
return toJwk(key.publicKeyHex!, key.type, { ...opts, key, isPrivateKey })
|
|
@@ -247,7 +253,7 @@ export const toJwkFromKey = (
|
|
|
247
253
|
export const toJwk = (
|
|
248
254
|
publicKeyHex: string,
|
|
249
255
|
type: TKeyType,
|
|
250
|
-
opts?: { use?: JwkKeyUse; key?: IKey | MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean }
|
|
256
|
+
opts?: { use?: JwkKeyUse; key?: IKey | MinimalImportableKey; isPrivateKey?: boolean; noKidThumbprint?: boolean },
|
|
251
257
|
): JWK => {
|
|
252
258
|
const { key, noKidThumbprint = false } = opts ?? {}
|
|
253
259
|
if (key && key.publicKeyHex !== publicKeyHex && opts?.isPrivateKey !== true) {
|
|
@@ -433,10 +439,10 @@ export const jwkDetermineUse = (type: TKeyType, suppliedUse?: JwkKeyUse): JwkKey
|
|
|
433
439
|
return suppliedUse
|
|
434
440
|
? suppliedUse
|
|
435
441
|
: SIG_KEY_ALGS.includes(type)
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
442
|
+
? JwkKeyUse.Signature
|
|
443
|
+
: ENC_KEY_ALGS.includes(type)
|
|
444
|
+
? JwkKeyUse.Encryption
|
|
445
|
+
: undefined
|
|
440
446
|
}
|
|
441
447
|
|
|
442
448
|
/**
|
|
@@ -451,7 +457,7 @@ const assertProperKeyLength = (keyHex: string, expectedKeyLength: number | numbe
|
|
|
451
457
|
throw Error(
|
|
452
458
|
`Invalid key length. Needs to be a hex string with length from ${JSON.stringify(expectedKeyLength)} instead of ${
|
|
453
459
|
keyHex.length
|
|
454
|
-
}. Input: ${keyHex}
|
|
460
|
+
}. Input: ${keyHex}`,
|
|
455
461
|
)
|
|
456
462
|
}
|
|
457
463
|
} else if (keyHex.length !== expectedKeyLength) {
|
|
@@ -484,8 +490,8 @@ const toSecp256k1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
|
|
|
484
490
|
...(use !== undefined && { use }),
|
|
485
491
|
kty: JwkKeyType.EC,
|
|
486
492
|
crv: JoseCurve.secp256k1,
|
|
487
|
-
x: hexToBase64(pubPoint.getX().toString('hex'), 'base64url'),
|
|
488
|
-
y: hexToBase64(pubPoint.getY().toString('hex'), 'base64url'),
|
|
493
|
+
x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),
|
|
494
|
+
y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),
|
|
489
495
|
...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),
|
|
490
496
|
})
|
|
491
497
|
}
|
|
@@ -515,8 +521,8 @@ const toSecp256r1Jwk = (keyHex: string, opts?: { use?: JwkKeyUse; isPrivateKey?:
|
|
|
515
521
|
...(use !== undefined && { use }),
|
|
516
522
|
kty: JwkKeyType.EC,
|
|
517
523
|
crv: JoseCurve.P_256,
|
|
518
|
-
x: hexToBase64(pubPoint.getX().toString('hex'), 'base64url'),
|
|
519
|
-
y: hexToBase64(pubPoint.getY().toString('hex'), 'base64url'),
|
|
524
|
+
x: hexToBase64(pubPoint.getX().toString('hex').padStart(64, '0'), 'base64url'),
|
|
525
|
+
y: hexToBase64(pubPoint.getY().toString('hex').padStart(64, '0'), 'base64url'),
|
|
520
526
|
...(opts?.isPrivateKey && { d: hexToBase64(keyPair.getPrivate('hex'), 'base64url') }),
|
|
521
527
|
})
|
|
522
528
|
}
|
|
@@ -532,7 +538,7 @@ const toEd25519OrX25519Jwk = (
|
|
|
532
538
|
opts: {
|
|
533
539
|
use?: JwkKeyUse
|
|
534
540
|
crv: JoseCurve.Ed25519 | JoseCurve.X25519
|
|
535
|
-
}
|
|
541
|
+
},
|
|
536
542
|
): JWK => {
|
|
537
543
|
assertProperKeyLength(publicKeyHex, 64)
|
|
538
544
|
const { use } = opts ?? {}
|
|
@@ -954,8 +960,8 @@ export async function verifyRawSignature({
|
|
|
954
960
|
signatureAlgorithm === JoseSignatureAlgorithm.RS512 || signatureAlgorithm === JoseSignatureAlgorithm.PS512
|
|
955
961
|
? sha512
|
|
956
962
|
: signatureAlgorithm === JoseSignatureAlgorithm.RS384 || signatureAlgorithm === JoseSignatureAlgorithm.PS384
|
|
957
|
-
|
|
958
|
-
|
|
963
|
+
? sha384
|
|
964
|
+
: sha256
|
|
959
965
|
switch (signatureAlgorithm) {
|
|
960
966
|
case JoseSignatureAlgorithm.RS256:
|
|
961
967
|
return rsa.PKCS1_SHA256.verify(
|
|
@@ -964,7 +970,7 @@ export async function verifyRawSignature({
|
|
|
964
970
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
965
971
|
},
|
|
966
972
|
data,
|
|
967
|
-
signature
|
|
973
|
+
signature,
|
|
968
974
|
)
|
|
969
975
|
case JoseSignatureAlgorithm.RS384:
|
|
970
976
|
return rsa.PKCS1_SHA384.verify(
|
|
@@ -973,7 +979,7 @@ export async function verifyRawSignature({
|
|
|
973
979
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
974
980
|
},
|
|
975
981
|
data,
|
|
976
|
-
signature
|
|
982
|
+
signature,
|
|
977
983
|
)
|
|
978
984
|
case JoseSignatureAlgorithm.RS512:
|
|
979
985
|
return rsa.PKCS1_SHA512.verify(
|
|
@@ -982,7 +988,7 @@ export async function verifyRawSignature({
|
|
|
982
988
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
983
989
|
},
|
|
984
990
|
data,
|
|
985
|
-
signature
|
|
991
|
+
signature,
|
|
986
992
|
)
|
|
987
993
|
case JoseSignatureAlgorithm.PS256:
|
|
988
994
|
case JoseSignatureAlgorithm.PS384:
|
|
@@ -1002,7 +1008,7 @@ export async function verifyRawSignature({
|
|
|
1002
1008
|
e: jwkPropertyToBigInt(jwk.e!),
|
|
1003
1009
|
},
|
|
1004
1010
|
data,
|
|
1005
|
-
signature
|
|
1011
|
+
signature,
|
|
1006
1012
|
)
|
|
1007
1013
|
}
|
|
1008
1014
|
}
|