npm - @sphereon/ssi-sdk-ext.key-utils - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.SSISDK.89.metadata.persistence.103 - Mend

@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.SSISDK.89.metadata.persistence.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.cjs +143 -9
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +8 -1
package/dist/index.d.ts +8 -1
package/dist/index.js +143 -9
package/dist/index.js.map +1 -1
package/package.json +4 -4
package/src/conversion.ts +53 -0
package/src/functions.ts +66 -10
package/src/types/key-util-types.ts +1 -0

package/dist/index.d.ts CHANGED Viewed

@@ -45,6 +45,7 @@ type SignatureAlgorithmFromKeyArgs = {
 };
 type SignatureAlgorithmFromKeyTypeArgs = {
     type: TKeyType;
+    algorithms?: string[];
 };
 type KeyTypeFromCryptographicSuiteArgs = {
     crv?: string;
@@ -138,6 +139,7 @@ declare const isRawCompressedPublicKey: (key: Uint8Array) => boolean;
 declare const toRawCompressedHexPublicKey: (rawPublicKey: Uint8Array, keyType: TKeyType) => string;
 declare const hexStringFromUint8Array: (value: Uint8Array) => string;
 declare const signatureAlgorithmFromKey: (args: SignatureAlgorithmFromKeyArgs) => Promise<JoseSignatureAlgorithm>;
+declare function signatureAlgorithmToJoseAlgorithm(alg: string): JoseSignatureAlgorithm;
 declare const signatureAlgorithmFromKeyType: (args: SignatureAlgorithmFromKeyTypeArgs) => JoseSignatureAlgorithm;
 declare const keyTypeFromCryptographicSuite: (args: KeyTypeFromCryptographicSuiteArgs) => TKeyType;
 declare function removeNulls<T>(obj: T | any): any;
@@ -188,6 +190,11 @@ declare function joseToCoseKeyOperation(keyOp: JoseKeyOperation | JoseKeyOperati
 declare function coseToJoseKeyOperation(keyOp: ICoseKeyOperation): JoseKeyOperation;
 declare function joseToCoseCurve(curve: JoseCurve | JoseCurveString): ICoseCurve;
 declare function coseToJoseCurve(curve: ICoseCurve): JoseCurve;
+declare function joseSignatureAlgToWebCrypto(alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString): {
+    name: string;
+    hash: string;
+    saltLength?: number;
+};
 /**
  * Checks if the JWK is valid. It must contain all the required members.
@@ -237,4 +244,4 @@ declare const digestMethodParams: (hashAlgorithm: DigestAlgorithm) => {
 };
 declare const shaHasher: HasherSync;
-export { type DigestAlgorithm, ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, base64ToBase64Url, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isHash, isHashString, isRawCompressedPublicKey, isSameHash, jcsCanonicalize, joseAlgorithmToDigest, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, normalizeHashAlgorithm, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };
+export { type DigestAlgorithm, ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, base64ToBase64Url, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isHash, isHashString, isRawCompressedPublicKey, isSameHash, jcsCanonicalize, joseAlgorithmToDigest, joseSignatureAlgToWebCrypto, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, normalizeHashAlgorithm, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, signatureAlgorithmToJoseAlgorithm, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };

package/dist/index.js CHANGED Viewed

@@ -868,11 +868,45 @@ var hexStringFromUint8Array = /* @__PURE__ */ __name((value) => toString2(value,
 var signatureAlgorithmFromKey = /* @__PURE__ */ __name(async (args) => {
   const { key } = args;
   return signatureAlgorithmFromKeyType({
-    type: key.type
+    type: key.type,
+    algorithms: key.meta?.algorithms
   });
 }, "signatureAlgorithmFromKey");
+function signatureAlgorithmToJoseAlgorithm(alg) {
+  switch (alg) {
+    case "RSA_SHA256":
+      return JoseSignatureAlgorithm.RS256;
+    case "RSA_SHA384":
+      return JoseSignatureAlgorithm.RS384;
+    case "RSA_SHA512":
+      return JoseSignatureAlgorithm.RS512;
+    case "RSA_SSA_PSS_SHA256_MGF1":
+      return JoseSignatureAlgorithm.PS256;
+    case "RSA_SSA_PSS_SHA384_MGF1":
+      return JoseSignatureAlgorithm.PS384;
+    case "RSA_SSA_PSS_SHA512_MGF1":
+      return JoseSignatureAlgorithm.PS512;
+    case "ECDSA_SHA256":
+      return JoseSignatureAlgorithm.ES256;
+    case "ECDSA_SHA384":
+      return JoseSignatureAlgorithm.ES384;
+    case "ECDSA_SHA512":
+      return JoseSignatureAlgorithm.ES512;
+    case "ES256K":
+      return JoseSignatureAlgorithm.ES256K;
+    case "ED25519":
+    case "EdDSA":
+      return JoseSignatureAlgorithm.EdDSA;
+    default:
+      return alg;
+  }
+}
+__name(signatureAlgorithmToJoseAlgorithm, "signatureAlgorithmToJoseAlgorithm");
 var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
-  const { type } = args;
+  const { type, algorithms } = args;
+  if (algorithms && algorithms.length > 0) {
+    return signatureAlgorithmToJoseAlgorithm(algorithms[0]);
+  }
   switch (type) {
     case "Ed25519":
     case "X25519":
@@ -886,7 +920,7 @@ var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
     case "Secp256k1":
       return JoseSignatureAlgorithm.ES256K;
     case "RSA":
-      return JoseSignatureAlgorithm.PS256;
+      return JoseSignatureAlgorithm.RS256;
     default:
       throw new Error(`Key type '${type}' not supported`);
   }
@@ -1138,7 +1172,8 @@ function toPkcs1FromHex(publicKeyHex) {
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
 function joseAlgorithmToDigest(alg) {
-  switch (alg.toUpperCase().replace("-", "")) {
+  const normalized = alg.toUpperCase().replace(/-/g, "");
+  switch (normalized) {
     case "RS256":
     case "ES256":
     case "ES256K":
@@ -1155,10 +1190,11 @@ function joseAlgorithmToDigest(alg) {
     case "PS512":
     case "HS512":
       return "SHA-512";
-    case "EdDSA":
+    case "EDDSA":
+    case "ED25519":
       return "SHA-512";
     default:
-      return "SHA-256";
+      throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`);
   }
 }
 __name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
@@ -1175,16 +1211,18 @@ function isHashString(input) {
   if (length !== 32 && length !== 48 && length !== 64) {
     return false;
   }
+  let printableCount = 0;
   for (let i = 0; i < length; i++) {
     const byte = input[i];
     if (byte === void 0) {
       return false;
     }
-    if (!(byte >= 48 && byte <= 57 || byte >= 65 && byte <= 70 || byte >= 97 && byte <= 102)) {
-      return false;
+    if (byte >= 32 && byte <= 126) {
+      printableCount++;
     }
   }
-  return true;
+  const printableRatio = printableCount / length;
+  return printableRatio < 0.9;
 }
 __name(isHashString, "isHashString");
 function normalizeHashAlgorithm(alg) {
@@ -1450,6 +1488,100 @@ function coseToJoseCurve(curve) {
   }
 }
 __name(coseToJoseCurve, "coseToJoseCurve");
+function joseSignatureAlgToWebCrypto(alg) {
+  switch (alg) {
+    case JoseSignatureAlgorithm2.RS256:
+    case "RS256":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-256"
+      };
+    case JoseSignatureAlgorithm2.RS384:
+    case "RS384":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-384"
+      };
+    case JoseSignatureAlgorithm2.RS512:
+    case "RS512":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-512"
+      };
+    case JoseSignatureAlgorithm2.PS256:
+    case "PS256":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-256",
+        saltLength: 32
+      };
+    case JoseSignatureAlgorithm2.PS384:
+    case "PS384":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-384",
+        saltLength: 48
+      };
+    case JoseSignatureAlgorithm2.PS512:
+    case "PS512":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-512",
+        saltLength: 64
+      };
+    case JoseSignatureAlgorithm2.ES256:
+    case "ES256":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case JoseSignatureAlgorithm2.ES384:
+    case "ES384":
+      return {
+        name: "ECDSA",
+        hash: "SHA-384"
+      };
+    case JoseSignatureAlgorithm2.ES512:
+    case "ES512":
+      return {
+        name: "ECDSA",
+        hash: "SHA-512"
+      };
+    case JoseSignatureAlgorithm2.ES256K:
+    case "ES256K":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case JoseSignatureAlgorithm2.EdDSA:
+    case "EdDSA":
+      return {
+        name: "Ed25519",
+        hash: ""
+      };
+    case JoseSignatureAlgorithm2.HS256:
+    case "HS256":
+      return {
+        name: "HMAC",
+        hash: "SHA-256"
+      };
+    case JoseSignatureAlgorithm2.HS384:
+    case "HS384":
+      return {
+        name: "HMAC",
+        hash: "SHA-384"
+      };
+    case JoseSignatureAlgorithm2.HS512:
+    case "HS512":
+      return {
+        name: "HMAC",
+        hash: "SHA-512"
+      };
+    default:
+      throw Error(`Signature algorithm ${alg} not supported in Web Crypto API`);
+  }
+}
+__name(joseSignatureAlgToWebCrypto, "joseSignatureAlgToWebCrypto");
 export {
   ENC_KEY_ALGS,
   JWK_JCS_PUB_NAME,
@@ -1479,6 +1611,7 @@ export {
   isSameHash,
   jcsCanonicalize,
   joseAlgorithmToDigest,
+  joseSignatureAlgToWebCrypto,
   joseToCoseCurve,
   joseToCoseKeyOperation,
   joseToCoseKty,
@@ -1499,6 +1632,7 @@ export {
   shaHasher,
   signatureAlgorithmFromKey,
   signatureAlgorithmFromKeyType,
+  signatureAlgorithmToJoseAlgorithm,
   toBase64url,
   toJwk,
   toJwkFromKey,