@sphereon/ssi-sdk-ext.key-utils 0.36.1-feat.SSISDK.83.9 → 0.36.1-feature.SSISDK.70.integrate.digidentity.10

package/dist/index.d.ts

@@ -20,6 +20,7 @@ declare enum JwkKeyUse {
 declare const SIG_KEY_ALGS: string[];
 declare const ENC_KEY_ALGS: string[];
 type KeyVisibility = 'public' | 'private';
+type DigestAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
 interface X509Opts {
     cn?: string;
     privateKeyPEM?: string;
@@ -86,7 +87,7 @@ declare const toBase64url: (input: string) => string;
  */
 declare const calculateJwkThumbprint: (args: {
     jwk: JWK;
-    digestAlgorithm?: "sha256" | "sha512";
+    digestAlgorithm?: DigestAlgorithm;
 }) => string;
 declare const toJwkFromKey: (key: IKey | MinimalImportableKey | ManagedKeyInfo, opts?: {
     use?: JwkKeyUse;
@@ -169,6 +170,12 @@ declare function toPkcs1(derBytes: Uint8Array): Uint8Array;
  * @returns DER‐encoded PKCS#1 RSAPublicKey in hex
  */
 declare function toPkcs1FromHex(publicKeyHex: string): any;
+declare function joseAlgorithmToDigest(alg: string): DigestAlgorithm;
+declare function isHash(input: string): boolean;
+declare function isHashString(input: Uint8Array): boolean;
+type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
+declare function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' | 'SHA-384' | 'SHA-512';
+declare function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean;
 
 declare function coseKeyToJwk(coseKey: ICoseKeyJson): JWK;
 declare function jwkToCoseKey(jwk: JWK): ICoseKeyJson;
@@ -221,13 +228,12 @@ declare function jwkJcsDecode(bytes: ByteView<JsonWebKey$1>): JsonWebKey$1;
 declare function jcsCanonicalize(object: any): string;
 
 declare const SupportedEncodings: any;
-type HashAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512';
 type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string;
-declare const digestMethodParams: (hashAlgorithm: HashAlgorithm) => {
-    hashAlgorithm: HashAlgorithm;
+declare const digestMethodParams: (hashAlgorithm: DigestAlgorithm) => {
+    hashAlgorithm: DigestAlgorithm;
     digestMethod: TDigestMethod;
     hash: (data: Uint8Array) => Uint8Array;
 };
 declare const shaHasher: HasherSync;
 
-export { ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isRawCompressedPublicKey, jcsCanonicalize, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };
+export { type DigestAlgorithm, ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isHash, isHashString, isRawCompressedPublicKey, isSameHash, jcsCanonicalize, joseAlgorithmToDigest, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, normalizeHashAlgorithm, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };

package/dist/index.js

@@ -24,24 +24,25 @@ import { sha384, sha512 } from "@noble/hashes/sha512";
 import * as u8a from "uint8arrays";
 var { fromString, toString, SupportedEncodings } = u8a;
 var digestMethodParams = /* @__PURE__ */ __name((hashAlgorithm) => {
-  if (hashAlgorithm === "SHA-256") {
-    return {
-      hashAlgorithm: "SHA-256",
-      digestMethod: sha256DigestMethod,
-      hash: sha256
-    };
-  } else if (hashAlgorithm === "SHA-384") {
-    return {
-      hashAlgorithm: "SHA-384",
-      digestMethod: sha384DigestMethod,
-      hash: sha384
-    };
-  } else {
-    return {
-      hashAlgorithm: "SHA-512",
-      digestMethod: sha512DigestMethod,
-      hash: sha512
-    };
+  switch (normalizeHashAlgorithm(hashAlgorithm)) {
+    case "SHA-256":
+      return {
+        hashAlgorithm: "SHA-256",
+        digestMethod: sha256DigestMethod,
+        hash: sha256
+      };
+    case "SHA-384":
+      return {
+        hashAlgorithm: "SHA-384",
+        digestMethod: sha384DigestMethod,
+        hash: sha384
+      };
+    case "SHA-512":
+      return {
+        hashAlgorithm: "SHA-512",
+        digestMethod: sha512DigestMethod,
+        hash: sha512
+      };
   }
 }, "digestMethodParams");
 var shaHasher = /* @__PURE__ */ __name((input, alg) => {
@@ -365,7 +366,7 @@ var assertJwkClaimPresent = /* @__PURE__ */ __name((value, description) => {
 }, "assertJwkClaimPresent");
 var toBase64url = /* @__PURE__ */ __name((input) => toString2(fromString2(input), "base64url"), "toBase64url");
 var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
-  const { digestAlgorithm = "sha256" } = args;
+  const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? "SHA-256");
   const jwk = sanitizedJwk(args.jwk);
   let components;
   switch (jwk.kty) {
@@ -409,7 +410,7 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
       throw new Error('"kty" (Key Type) Parameter missing or unsupported');
   }
   const data = JSON.stringify(components);
-  return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
+  return digestMethodParams(digestAlgorithm).digestMethod(data, "base64url");
 }, "calculateJwkThumbprint");
 var toJwkFromKey = /* @__PURE__ */ __name((key, opts) => {
   const isPrivateKey = "privateKeyHex" in key;
@@ -1136,6 +1137,71 @@ function toPkcs1FromHex(publicKeyHex) {
   return toString2(pkcs1, "hex");
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
+function joseAlgorithmToDigest(alg) {
+  switch (alg.toUpperCase().replace("-", "")) {
+    case "RS256":
+    case "ES256":
+    case "ES256K":
+    case "PS256":
+    case "HS256":
+      return "SHA-256";
+    case "RS384":
+    case "ES384":
+    case "PS384":
+    case "HS384":
+      return "SHA-384";
+    case "RS512":
+    case "ES512":
+    case "PS512":
+    case "HS512":
+      return "SHA-512";
+    case "EdDSA":
+      return "SHA-512";
+    default:
+      return "SHA-256";
+  }
+}
+__name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
+function isHash(input) {
+  const length = input.length;
+  if (length !== 64 && length !== 96 && length !== 128) {
+    return false;
+  }
+  return input.match(/^([0-9A-Fa-f])+$/g) !== null;
+}
+__name(isHash, "isHash");
+function isHashString(input) {
+  const length = input.length;
+  if (length !== 32 && length !== 48 && length !== 64) {
+    return false;
+  }
+  for (let i = 0; i < length; i++) {
+    const byte = input[i];
+    if (byte === void 0) {
+      return false;
+    }
+    if (!(byte >= 48 && byte <= 57 || byte >= 65 && byte <= 70 || byte >= 97 && byte <= 102)) {
+      return false;
+    }
+  }
+  return true;
+}
+__name(isHashString, "isHashString");
+function normalizeHashAlgorithm(alg) {
+  if (!alg) {
+    return "SHA-256";
+  }
+  const upper = alg.toUpperCase();
+  if (upper.includes("256")) return "SHA-256";
+  if (upper.includes("384")) return "SHA-384";
+  if (upper.includes("512")) return "SHA-512";
+  throw new Error(`Invalid hash algorithm: ${alg}`);
+}
+__name(normalizeHashAlgorithm, "normalizeHashAlgorithm");
+function isSameHash(left, right) {
+  return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right);
+}
+__name(isSameHash, "isSameHash");
 
 // src/conversion.ts
 import { ICoseCurve, ICoseKeyOperation, ICoseKeyType, ICoseSignatureAlgorithm, JoseCurve as JoseCurve2, JoseKeyOperation, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, JwkKeyType as JwkKeyType2 } from "@sphereon/ssi-types";
@@ -1406,8 +1472,12 @@ export {
   hexStringFromUint8Array,
   importProvidedOrGeneratedKey,
   isAsn1Der,
+  isHash,
+  isHashString,
   isRawCompressedPublicKey,
+  isSameHash,
   jcsCanonicalize,
+  joseAlgorithmToDigest,
   joseToCoseCurve,
   joseToCoseKeyOperation,
   joseToCoseKty,
@@ -1420,6 +1490,7 @@ export {
   keyTypeFromCryptographicSuite,
   logger,
   minimalJwk,
+  normalizeHashAlgorithm,
   padLeft,
   removeNulls,
   rsaJwkToRawHexKey,