@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-feature.integration.fides.100

package/dist/index.cjs

@@ -59,6 +59,7 @@ __export(index_exports, {
   isSameHash: () => isSameHash,
   jcsCanonicalize: () => jcsCanonicalize,
   joseAlgorithmToDigest: () => joseAlgorithmToDigest,
+  joseSignatureAlgToWebCrypto: () => joseSignatureAlgToWebCrypto,
   joseToCoseCurve: () => joseToCoseCurve,
   joseToCoseKeyOperation: () => joseToCoseKeyOperation,
   joseToCoseKty: () => joseToCoseKty,
@@ -79,6 +80,7 @@ __export(index_exports, {
   shaHasher: () => shaHasher,
   signatureAlgorithmFromKey: () => signatureAlgorithmFromKey,
   signatureAlgorithmFromKeyType: () => signatureAlgorithmFromKeyType,
+  signatureAlgorithmToJoseAlgorithm: () => signatureAlgorithmToJoseAlgorithm,
   toBase64url: () => toBase64url,
   toJwk: () => toJwk,
   toJwkFromKey: () => toJwkFromKey,
@@ -958,11 +960,45 @@ var hexStringFromUint8Array = /* @__PURE__ */ __name((value) => toString2(value,
 var signatureAlgorithmFromKey = /* @__PURE__ */ __name(async (args) => {
   const { key } = args;
   return signatureAlgorithmFromKeyType({
-    type: key.type
+    type: key.type,
+    algorithms: key.meta?.algorithms
   });
 }, "signatureAlgorithmFromKey");
+function signatureAlgorithmToJoseAlgorithm(alg) {
+  switch (alg) {
+    case "RSA_SHA256":
+      return import_ssi_types.JoseSignatureAlgorithm.RS256;
+    case "RSA_SHA384":
+      return import_ssi_types.JoseSignatureAlgorithm.RS384;
+    case "RSA_SHA512":
+      return import_ssi_types.JoseSignatureAlgorithm.RS512;
+    case "RSA_SSA_PSS_SHA256_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS256;
+    case "RSA_SSA_PSS_SHA384_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS384;
+    case "RSA_SSA_PSS_SHA512_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS512;
+    case "ECDSA_SHA256":
+      return import_ssi_types.JoseSignatureAlgorithm.ES256;
+    case "ECDSA_SHA384":
+      return import_ssi_types.JoseSignatureAlgorithm.ES384;
+    case "ECDSA_SHA512":
+      return import_ssi_types.JoseSignatureAlgorithm.ES512;
+    case "ES256K":
+      return import_ssi_types.JoseSignatureAlgorithm.ES256K;
+    case "ED25519":
+    case "EdDSA":
+      return import_ssi_types.JoseSignatureAlgorithm.EdDSA;
+    default:
+      return alg;
+  }
+}
+__name(signatureAlgorithmToJoseAlgorithm, "signatureAlgorithmToJoseAlgorithm");
 var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
-  const { type } = args;
+  const { type, algorithms } = args;
+  if (algorithms && algorithms.length > 0) {
+    return signatureAlgorithmToJoseAlgorithm(algorithms[0]);
+  }
   switch (type) {
     case "Ed25519":
     case "X25519":
@@ -976,7 +1012,7 @@ var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
     case "Secp256k1":
       return import_ssi_types.JoseSignatureAlgorithm.ES256K;
     case "RSA":
-      return import_ssi_types.JoseSignatureAlgorithm.PS256;
+      return import_ssi_types.JoseSignatureAlgorithm.RS256;
     default:
       throw new Error(`Key type '${type}' not supported`);
   }
@@ -1228,7 +1264,8 @@ function toPkcs1FromHex(publicKeyHex) {
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
 function joseAlgorithmToDigest(alg) {
-  switch (alg.toUpperCase().replace("-", "")) {
+  const normalized = alg.toUpperCase().replace(/-/g, "");
+  switch (normalized) {
     case "RS256":
     case "ES256":
     case "ES256K":
@@ -1245,10 +1282,11 @@ function joseAlgorithmToDigest(alg) {
     case "PS512":
     case "HS512":
       return "SHA-512";
-    case "EdDSA":
+    case "EDDSA":
+    case "ED25519":
       return "SHA-512";
     default:
-      return "SHA-256";
+      throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`);
   }
 }
 __name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
@@ -1265,16 +1303,18 @@ function isHashString(input) {
   if (length !== 32 && length !== 48 && length !== 64) {
     return false;
   }
+  let printableCount = 0;
   for (let i = 0; i < length; i++) {
     const byte = input[i];
     if (byte === void 0) {
       return false;
     }
-    if (!(byte >= 48 && byte <= 57 || byte >= 65 && byte <= 70 || byte >= 97 && byte <= 102)) {
-      return false;
+    if (byte >= 32 && byte <= 126) {
+      printableCount++;
     }
   }
-  return true;
+  const printableRatio = printableCount / length;
+  return printableRatio < 0.9;
 }
 __name(isHashString, "isHashString");
 function normalizeHashAlgorithm(alg) {
@@ -1540,4 +1580,98 @@ function coseToJoseCurve(curve) {
   }
 }
 __name(coseToJoseCurve, "coseToJoseCurve");
+function joseSignatureAlgToWebCrypto(alg) {
+  switch (alg) {
+    case import_ssi_types2.JoseSignatureAlgorithm.RS256:
+    case "RS256":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.RS384:
+    case "RS384":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.RS512:
+    case "RS512":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-512"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS256:
+    case "PS256":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-256",
+        saltLength: 32
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS384:
+    case "PS384":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-384",
+        saltLength: 48
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS512:
+    case "PS512":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-512",
+        saltLength: 64
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256:
+    case "ES256":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES384:
+    case "ES384":
+      return {
+        name: "ECDSA",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES512:
+    case "ES512":
+      return {
+        name: "ECDSA",
+        hash: "SHA-512"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256K:
+    case "ES256K":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.EdDSA:
+    case "EdDSA":
+      return {
+        name: "Ed25519",
+        hash: ""
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS256:
+    case "HS256":
+      return {
+        name: "HMAC",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS384:
+    case "HS384":
+      return {
+        name: "HMAC",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS512:
+    case "HS512":
+      return {
+        name: "HMAC",
+        hash: "SHA-512"
+      };
+    default:
+      throw Error(`Signature algorithm ${alg} not supported in Web Crypto API`);
+  }
+}
+__name(joseSignatureAlgToWebCrypto, "joseSignatureAlgToWebCrypto");
 //# sourceMappingURL=index.cjs.map