@sphereon/ssi-sdk-ext.key-utils 0.36.1-feat.SSISDK.83.5 → 0.36.1-feature.SSISDK.82.and.SSISDK.70.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +92 -20
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +12 -5
  4. package/dist/index.d.ts +12 -5
  5. package/dist/index.js +92 -20
  6. package/dist/index.js.map +1 -1
  7. package/package.json +4 -4
  8. package/src/digest-methods.ts +13 -11
  9. package/src/functions.ts +75 -7
  10. package/src/types/key-util-types.ts +2 -0
package/src/functions.ts CHANGED
@@ -31,6 +31,7 @@ import * as u8a from 'uint8arrays'
31
31
  import { digestMethodParams } from './digest-methods'
32
32
  import { validateJwk } from './jwk-jcs'
33
33
  import {
34
+ DigestAlgorithm,
34
35
  ENC_KEY_ALGS,
35
36
  type IImportProvidedOrGeneratedKeyArgs,
36
37
  JwkKeyUse,
@@ -198,8 +199,8 @@ export const toBase64url = (input: string): string => toString(fromString(input)
198
199
  * Calculate the JWK thumbprint
199
200
  * @param args
200
201
  */
201
- export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: 'sha256' | 'sha512' }): string => {
202
- const { digestAlgorithm = 'sha256' } = args
202
+ export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: DigestAlgorithm }): string => {
203
+ const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? 'SHA-256')
203
204
  const jwk = sanitizedJwk(args.jwk)
204
205
  let components
205
206
  switch (jwk.kty) {
@@ -227,10 +228,7 @@ export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: 'sha2
227
228
  throw new Error('"kty" (Key Type) Parameter missing or unsupported')
228
229
  }
229
230
  const data = JSON.stringify(components)
230
-
231
- return digestAlgorithm === 'sha512'
232
- ? digestMethodParams('SHA-512').digestMethod(data, 'base64url')
233
- : digestMethodParams('SHA-256').digestMethod(data, 'base64url')
231
+ return digestMethodParams(digestAlgorithm).digestMethod(data, 'base64url')
234
232
  }
235
233
 
236
234
  export const toJwkFromKey = (
@@ -910,7 +908,7 @@ export const sanitizedJwk = (input: JWK | JsonWebKey): JWK => {
910
908
  return removeNulls(jwk)
911
909
  }
912
910
 
913
- const base64ToBase64Url = (input: string): string => {
911
+ export const base64ToBase64Url = (input: string): string => {
914
912
  return input.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
915
913
  }
916
914
 
@@ -1122,3 +1120,73 @@ export function toPkcs1FromHex(publicKeyHex: string) {
1122
1120
  const pkcs1 = toPkcs1(fromString(publicKeyHex, 'hex'))
1123
1121
  return toString(pkcs1, 'hex')
1124
1122
  }
1123
+
1124
+ export function joseAlgorithmToDigest(alg: string): DigestAlgorithm {
1125
+ switch (alg.toUpperCase().replace('-', '')) {
1126
+ case 'RS256':
1127
+ case 'ES256':
1128
+ case 'ES256K':
1129
+ case 'PS256':
1130
+ case 'HS256':
1131
+ return 'SHA-256'
1132
+ case 'RS384':
1133
+ case 'ES384':
1134
+ case 'PS384':
1135
+ case 'HS384':
1136
+ return 'SHA-384'
1137
+ case 'RS512':
1138
+ case 'ES512':
1139
+ case 'PS512':
1140
+ case 'HS512':
1141
+ return 'SHA-512'
1142
+ case 'EdDSA':
1143
+ return 'SHA-512'
1144
+ default:
1145
+ return 'SHA-256'
1146
+ }
1147
+ }
1148
+
1149
+ export function isHash(input: string): boolean {
1150
+ const length = input.length
1151
+ // SHA-256: 64 hex chars, SHA-384: 96 hex chars, SHA-512: 128 hex chars
1152
+ if (length !== 64 && length !== 96 && length !== 128) {
1153
+ return false
1154
+ }
1155
+ return input.match(/^([0-9A-Fa-f])+$/g) !== null
1156
+ }
1157
+
1158
+ export function isHashString(input: Uint8Array): boolean {
1159
+ const length = input.length
1160
+ // SHA-256: 32 bytes, SHA-384: 48 bytes, SHA-512: 64 bytes
1161
+ if (length !== 32 && length !== 48 && length !== 64) {
1162
+ return false
1163
+ }
1164
+ for (let i = 0; i < length; i++) {
1165
+ const byte = input[i]
1166
+ if (byte === undefined) {
1167
+ return false
1168
+ }
1169
+ // 0-9: 48-57, A-F: 65-70, a-f: 97-102
1170
+ if (!((byte >= 48 && byte <= 57) || (byte >= 65 && byte <= 70) || (byte >= 97 && byte <= 102))) {
1171
+ return false
1172
+ }
1173
+ }
1174
+ return true
1175
+ }
1176
+
1177
+ export type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512'
1178
+
1179
+ export function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' | 'SHA-384' | 'SHA-512' {
1180
+ if (!alg) {
1181
+ return 'SHA-256'
1182
+ }
1183
+ const upper = alg.toUpperCase()
1184
+ if (upper.includes('256')) return 'SHA-256'
1185
+ if (upper.includes('384')) return 'SHA-384'
1186
+ if (upper.includes('512')) return 'SHA-512'
1187
+ throw new Error(`Invalid hash algorithm: ${alg}`)
1188
+ }
1189
+
1190
+ export function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean {
1191
+ return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right)
1192
+ }
package/src/types/key-util-types.ts CHANGED
@@ -21,6 +21,8 @@ export const ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256']
21
21
 
22
22
  export type KeyVisibility = 'public' | 'private'
23
23
 
24
+ export type DigestAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512'
25
+
24
26
  export interface X509Opts {
25
27
  cn?: string // The certificate Common Name. Will be used as the KID for the private key. Uses alias if not provided.
26
28
  privateKeyPEM?: string // Optional as you also need to provide it in hex format, but advisable to use it