@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.82.and.SSISDK.70.35 → 0.36.1-next.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +20 -92
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +5 -12
- package/dist/index.d.ts +5 -12
- package/dist/index.js +20 -92
- package/dist/index.js.map +1 -1
- package/package.json +4 -4
- package/src/digest-methods.ts +11 -13
- package/src/functions.ts +7 -75
- package/src/types/key-util-types.ts +0 -2
package/src/functions.ts
CHANGED
|
@@ -31,7 +31,6 @@ import * as u8a from 'uint8arrays'
|
|
|
31
31
|
import { digestMethodParams } from './digest-methods'
|
|
32
32
|
import { validateJwk } from './jwk-jcs'
|
|
33
33
|
import {
|
|
34
|
-
DigestAlgorithm,
|
|
35
34
|
ENC_KEY_ALGS,
|
|
36
35
|
type IImportProvidedOrGeneratedKeyArgs,
|
|
37
36
|
JwkKeyUse,
|
|
@@ -199,8 +198,8 @@ export const toBase64url = (input: string): string => toString(fromString(input)
|
|
|
199
198
|
* Calculate the JWK thumbprint
|
|
200
199
|
* @param args
|
|
201
200
|
*/
|
|
202
|
-
export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?:
|
|
203
|
-
const digestAlgorithm =
|
|
201
|
+
export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: 'sha256' | 'sha512' }): string => {
|
|
202
|
+
const { digestAlgorithm = 'sha256' } = args
|
|
204
203
|
const jwk = sanitizedJwk(args.jwk)
|
|
205
204
|
let components
|
|
206
205
|
switch (jwk.kty) {
|
|
@@ -228,7 +227,10 @@ export const calculateJwkThumbprint = (args: { jwk: JWK; digestAlgorithm?: Diges
|
|
|
228
227
|
throw new Error('"kty" (Key Type) Parameter missing or unsupported')
|
|
229
228
|
}
|
|
230
229
|
const data = JSON.stringify(components)
|
|
231
|
-
|
|
230
|
+
|
|
231
|
+
return digestAlgorithm === 'sha512'
|
|
232
|
+
? digestMethodParams('SHA-512').digestMethod(data, 'base64url')
|
|
233
|
+
: digestMethodParams('SHA-256').digestMethod(data, 'base64url')
|
|
232
234
|
}
|
|
233
235
|
|
|
234
236
|
export const toJwkFromKey = (
|
|
@@ -908,7 +910,7 @@ export const sanitizedJwk = (input: JWK | JsonWebKey): JWK => {
|
|
|
908
910
|
return removeNulls(jwk)
|
|
909
911
|
}
|
|
910
912
|
|
|
911
|
-
|
|
913
|
+
const base64ToBase64Url = (input: string): string => {
|
|
912
914
|
return input.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
|
|
913
915
|
}
|
|
914
916
|
|
|
@@ -1120,73 +1122,3 @@ export function toPkcs1FromHex(publicKeyHex: string) {
|
|
|
1120
1122
|
const pkcs1 = toPkcs1(fromString(publicKeyHex, 'hex'))
|
|
1121
1123
|
return toString(pkcs1, 'hex')
|
|
1122
1124
|
}
|
|
1123
|
-
|
|
1124
|
-
export function joseAlgorithmToDigest(alg: string): DigestAlgorithm {
|
|
1125
|
-
switch (alg.toUpperCase().replace('-', '')) {
|
|
1126
|
-
case 'RS256':
|
|
1127
|
-
case 'ES256':
|
|
1128
|
-
case 'ES256K':
|
|
1129
|
-
case 'PS256':
|
|
1130
|
-
case 'HS256':
|
|
1131
|
-
return 'SHA-256'
|
|
1132
|
-
case 'RS384':
|
|
1133
|
-
case 'ES384':
|
|
1134
|
-
case 'PS384':
|
|
1135
|
-
case 'HS384':
|
|
1136
|
-
return 'SHA-384'
|
|
1137
|
-
case 'RS512':
|
|
1138
|
-
case 'ES512':
|
|
1139
|
-
case 'PS512':
|
|
1140
|
-
case 'HS512':
|
|
1141
|
-
return 'SHA-512'
|
|
1142
|
-
case 'EdDSA':
|
|
1143
|
-
return 'SHA-512'
|
|
1144
|
-
default:
|
|
1145
|
-
return 'SHA-256'
|
|
1146
|
-
}
|
|
1147
|
-
}
|
|
1148
|
-
|
|
1149
|
-
export function isHash(input: string): boolean {
|
|
1150
|
-
const length = input.length
|
|
1151
|
-
// SHA-256: 64 hex chars, SHA-384: 96 hex chars, SHA-512: 128 hex chars
|
|
1152
|
-
if (length !== 64 && length !== 96 && length !== 128) {
|
|
1153
|
-
return false
|
|
1154
|
-
}
|
|
1155
|
-
return input.match(/^([0-9A-Fa-f])+$/g) !== null
|
|
1156
|
-
}
|
|
1157
|
-
|
|
1158
|
-
export function isHashString(input: Uint8Array): boolean {
|
|
1159
|
-
const length = input.length
|
|
1160
|
-
// SHA-256: 32 bytes, SHA-384: 48 bytes, SHA-512: 64 bytes
|
|
1161
|
-
if (length !== 32 && length !== 48 && length !== 64) {
|
|
1162
|
-
return false
|
|
1163
|
-
}
|
|
1164
|
-
for (let i = 0; i < length; i++) {
|
|
1165
|
-
const byte = input[i]
|
|
1166
|
-
if (byte === undefined) {
|
|
1167
|
-
return false
|
|
1168
|
-
}
|
|
1169
|
-
// 0-9: 48-57, A-F: 65-70, a-f: 97-102
|
|
1170
|
-
if (!((byte >= 48 && byte <= 57) || (byte >= 65 && byte <= 70) || (byte >= 97 && byte <= 102))) {
|
|
1171
|
-
return false
|
|
1172
|
-
}
|
|
1173
|
-
}
|
|
1174
|
-
return true
|
|
1175
|
-
}
|
|
1176
|
-
|
|
1177
|
-
export type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512'
|
|
1178
|
-
|
|
1179
|
-
export function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' | 'SHA-384' | 'SHA-512' {
|
|
1180
|
-
if (!alg) {
|
|
1181
|
-
return 'SHA-256'
|
|
1182
|
-
}
|
|
1183
|
-
const upper = alg.toUpperCase()
|
|
1184
|
-
if (upper.includes('256')) return 'SHA-256'
|
|
1185
|
-
if (upper.includes('384')) return 'SHA-384'
|
|
1186
|
-
if (upper.includes('512')) return 'SHA-512'
|
|
1187
|
-
throw new Error(`Invalid hash algorithm: ${alg}`)
|
|
1188
|
-
}
|
|
1189
|
-
|
|
1190
|
-
export function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean {
|
|
1191
|
-
return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right)
|
|
1192
|
-
}
|
|
@@ -21,8 +21,6 @@ export const ENC_KEY_ALGS = ['X25519', 'ECDH_ES_A256KW', 'RSA_OAEP_256']
|
|
|
21
21
|
|
|
22
22
|
export type KeyVisibility = 'public' | 'private'
|
|
23
23
|
|
|
24
|
-
export type DigestAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512'
|
|
25
|
-
|
|
26
24
|
export interface X509Opts {
|
|
27
25
|
cn?: string // The certificate Common Name. Will be used as the KID for the private key. Uses alias if not provided.
|
|
28
26
|
privateKeyPEM?: string // Optional as you also need to provide it in hex format, but advisable to use it
|