@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.44.finish.dcql.1 → 0.36.1-feature.SSISDK.70.integrate.digidentity.10

package/dist/index.cjs

@@ -52,8 +52,12 @@ __export(index_exports, {
   hexStringFromUint8Array: () => hexStringFromUint8Array,
   importProvidedOrGeneratedKey: () => importProvidedOrGeneratedKey,
   isAsn1Der: () => isAsn1Der,
+  isHash: () => isHash,
+  isHashString: () => isHashString,
   isRawCompressedPublicKey: () => isRawCompressedPublicKey,
+  isSameHash: () => isSameHash,
   jcsCanonicalize: () => jcsCanonicalize,
+  joseAlgorithmToDigest: () => joseAlgorithmToDigest,
   joseToCoseCurve: () => joseToCoseCurve,
   joseToCoseKeyOperation: () => joseToCoseKeyOperation,
   joseToCoseKty: () => joseToCoseKty,
@@ -66,6 +70,7 @@ __export(index_exports, {
   keyTypeFromCryptographicSuite: () => keyTypeFromCryptographicSuite,
   logger: () => logger,
   minimalJwk: () => minimalJwk,
+  normalizeHashAlgorithm: () => normalizeHashAlgorithm,
   padLeft: () => padLeft,
   removeNulls: () => removeNulls,
   rsaJwkToRawHexKey: () => rsaJwkToRawHexKey,
@@ -108,24 +113,25 @@ var import_sha512 = require("@noble/hashes/sha512");
 var u8a = __toESM(require("uint8arrays"), 1);
 var { fromString, toString, SupportedEncodings } = u8a;
 var digestMethodParams = /* @__PURE__ */ __name((hashAlgorithm) => {
-  if (hashAlgorithm === "SHA-256") {
-    return {
-      hashAlgorithm: "SHA-256",
-      digestMethod: sha256DigestMethod,
-      hash: import_sha256.sha256
-    };
-  } else if (hashAlgorithm === "SHA-384") {
-    return {
-      hashAlgorithm: "SHA-384",
-      digestMethod: sha384DigestMethod,
-      hash: import_sha512.sha384
-    };
-  } else {
-    return {
-      hashAlgorithm: "SHA-512",
-      digestMethod: sha512DigestMethod,
-      hash: import_sha512.sha512
-    };
+  switch (normalizeHashAlgorithm(hashAlgorithm)) {
+    case "SHA-256":
+      return {
+        hashAlgorithm: "SHA-256",
+        digestMethod: sha256DigestMethod,
+        hash: import_sha256.sha256
+      };
+    case "SHA-384":
+      return {
+        hashAlgorithm: "SHA-384",
+        digestMethod: sha384DigestMethod,
+        hash: import_sha512.sha384
+      };
+    case "SHA-512":
+      return {
+        hashAlgorithm: "SHA-512",
+        digestMethod: sha512DigestMethod,
+        hash: import_sha512.sha512
+      };
   }
 }, "digestMethodParams");
 var shaHasher = /* @__PURE__ */ __name((input, alg) => {
@@ -449,7 +455,7 @@ var assertJwkClaimPresent = /* @__PURE__ */ __name((value, description) => {
 }, "assertJwkClaimPresent");
 var toBase64url = /* @__PURE__ */ __name((input) => toString2(fromString2(input), "base64url"), "toBase64url");
 var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
-  const { digestAlgorithm = "sha256" } = args;
+  const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? "SHA-256");
   const jwk = sanitizedJwk(args.jwk);
   let components;
   switch (jwk.kty) {
@@ -493,7 +499,7 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
       throw new Error('"kty" (Key Type) Parameter missing or unsupported');
   }
   const data = JSON.stringify(components);
-  return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
+  return digestMethodParams(digestAlgorithm).digestMethod(data, "base64url");
 }, "calculateJwkThumbprint");
 var toJwkFromKey = /* @__PURE__ */ __name((key, opts) => {
   const isPrivateKey = "privateKeyHex" in key;
@@ -1220,6 +1226,71 @@ function toPkcs1FromHex(publicKeyHex) {
   return toString2(pkcs1, "hex");
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
+function joseAlgorithmToDigest(alg) {
+  switch (alg.toUpperCase().replace("-", "")) {
+    case "RS256":
+    case "ES256":
+    case "ES256K":
+    case "PS256":
+    case "HS256":
+      return "SHA-256";
+    case "RS384":
+    case "ES384":
+    case "PS384":
+    case "HS384":
+      return "SHA-384";
+    case "RS512":
+    case "ES512":
+    case "PS512":
+    case "HS512":
+      return "SHA-512";
+    case "EdDSA":
+      return "SHA-512";
+    default:
+      return "SHA-256";
+  }
+}
+__name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
+function isHash(input) {
+  const length = input.length;
+  if (length !== 64 && length !== 96 && length !== 128) {
+    return false;
+  }
+  return input.match(/^([0-9A-Fa-f])+$/g) !== null;
+}
+__name(isHash, "isHash");
+function isHashString(input) {
+  const length = input.length;
+  if (length !== 32 && length !== 48 && length !== 64) {
+    return false;
+  }
+  for (let i = 0; i < length; i++) {
+    const byte = input[i];
+    if (byte === void 0) {
+      return false;
+    }
+    if (!(byte >= 48 && byte <= 57 || byte >= 65 && byte <= 70 || byte >= 97 && byte <= 102)) {
+      return false;
+    }
+  }
+  return true;
+}
+__name(isHashString, "isHashString");
+function normalizeHashAlgorithm(alg) {
+  if (!alg) {
+    return "SHA-256";
+  }
+  const upper = alg.toUpperCase();
+  if (upper.includes("256")) return "SHA-256";
+  if (upper.includes("384")) return "SHA-384";
+  if (upper.includes("512")) return "SHA-512";
+  throw new Error(`Invalid hash algorithm: ${alg}`);
+}
+__name(normalizeHashAlgorithm, "normalizeHashAlgorithm");
+function isSameHash(left, right) {
+  return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right);
+}
+__name(isSameHash, "isSameHash");
 
 // src/conversion.ts
 var import_ssi_types2 = require("@sphereon/ssi-types");