@sphereon/ssi-sdk-ext.key-utils 0.36.1-next.11 → 0.36.1-next.113

package/dist/index.cjs

@@ -38,6 +38,7 @@ __export(index_exports, {
   Key: () => Key,
   SIG_KEY_ALGS: () => SIG_KEY_ALGS,
   asn1DerToRawPublicKey: () => asn1DerToRawPublicKey,
+  base64ToBase64Url: () => base64ToBase64Url,
   calculateJwkThumbprint: () => calculateJwkThumbprint,
   calculateJwkThumbprintForKey: () => calculateJwkThumbprintForKey,
   coseKeyToJwk: () => coseKeyToJwk,
@@ -52,8 +53,13 @@ __export(index_exports, {
   hexStringFromUint8Array: () => hexStringFromUint8Array,
   importProvidedOrGeneratedKey: () => importProvidedOrGeneratedKey,
   isAsn1Der: () => isAsn1Der,
+  isHash: () => isHash,
+  isHashString: () => isHashString,
   isRawCompressedPublicKey: () => isRawCompressedPublicKey,
+  isSameHash: () => isSameHash,
   jcsCanonicalize: () => jcsCanonicalize,
+  joseAlgorithmToDigest: () => joseAlgorithmToDigest,
+  joseSignatureAlgToWebCrypto: () => joseSignatureAlgToWebCrypto,
   joseToCoseCurve: () => joseToCoseCurve,
   joseToCoseKeyOperation: () => joseToCoseKeyOperation,
   joseToCoseKty: () => joseToCoseKty,
@@ -66,6 +72,7 @@ __export(index_exports, {
   keyTypeFromCryptographicSuite: () => keyTypeFromCryptographicSuite,
   logger: () => logger,
   minimalJwk: () => minimalJwk,
+  normalizeHashAlgorithm: () => normalizeHashAlgorithm,
   padLeft: () => padLeft,
   removeNulls: () => removeNulls,
   rsaJwkToRawHexKey: () => rsaJwkToRawHexKey,
@@ -73,6 +80,7 @@ __export(index_exports, {
   shaHasher: () => shaHasher,
   signatureAlgorithmFromKey: () => signatureAlgorithmFromKey,
   signatureAlgorithmFromKeyType: () => signatureAlgorithmFromKeyType,
+  signatureAlgorithmToJoseAlgorithm: () => signatureAlgorithmToJoseAlgorithm,
   toBase64url: () => toBase64url,
   toJwk: () => toJwk,
   toJwkFromKey: () => toJwkFromKey,
@@ -108,24 +116,25 @@ var import_sha512 = require("@noble/hashes/sha512");
 var u8a = __toESM(require("uint8arrays"), 1);
 var { fromString, toString, SupportedEncodings } = u8a;
 var digestMethodParams = /* @__PURE__ */ __name((hashAlgorithm) => {
-  if (hashAlgorithm === "SHA-256") {
-    return {
-      hashAlgorithm: "SHA-256",
-      digestMethod: sha256DigestMethod,
-      hash: import_sha256.sha256
-    };
-  } else if (hashAlgorithm === "SHA-384") {
-    return {
-      hashAlgorithm: "SHA-384",
-      digestMethod: sha384DigestMethod,
-      hash: import_sha512.sha384
-    };
-  } else {
-    return {
-      hashAlgorithm: "SHA-512",
-      digestMethod: sha512DigestMethod,
-      hash: import_sha512.sha512
-    };
+  switch (normalizeHashAlgorithm(hashAlgorithm)) {
+    case "SHA-256":
+      return {
+        hashAlgorithm: "SHA-256",
+        digestMethod: sha256DigestMethod,
+        hash: import_sha256.sha256
+      };
+    case "SHA-384":
+      return {
+        hashAlgorithm: "SHA-384",
+        digestMethod: sha384DigestMethod,
+        hash: import_sha512.sha384
+      };
+    case "SHA-512":
+      return {
+        hashAlgorithm: "SHA-512",
+        digestMethod: sha512DigestMethod,
+        hash: import_sha512.sha512
+      };
   }
 }, "digestMethodParams");
 var shaHasher = /* @__PURE__ */ __name((input, alg) => {
@@ -449,7 +458,7 @@ var assertJwkClaimPresent = /* @__PURE__ */ __name((value, description) => {
 }, "assertJwkClaimPresent");
 var toBase64url = /* @__PURE__ */ __name((input) => toString2(fromString2(input), "base64url"), "toBase64url");
 var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
-  const { digestAlgorithm = "sha256" } = args;
+  const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? "SHA-256");
   const jwk = sanitizedJwk(args.jwk);
   let components;
   switch (jwk.kty) {
@@ -493,7 +502,7 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
       throw new Error('"kty" (Key Type) Parameter missing or unsupported');
   }
   const data = JSON.stringify(components);
-  return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
+  return digestMethodParams(digestAlgorithm).digestMethod(data, "base64url");
 }, "calculateJwkThumbprint");
 var toJwkFromKey = /* @__PURE__ */ __name((key, opts) => {
   const isPrivateKey = "privateKeyHex" in key;
@@ -951,11 +960,45 @@ var hexStringFromUint8Array = /* @__PURE__ */ __name((value) => toString2(value,
 var signatureAlgorithmFromKey = /* @__PURE__ */ __name(async (args) => {
   const { key } = args;
   return signatureAlgorithmFromKeyType({
-    type: key.type
+    type: key.type,
+    algorithms: key.meta?.algorithms
   });
 }, "signatureAlgorithmFromKey");
+function signatureAlgorithmToJoseAlgorithm(alg) {
+  switch (alg) {
+    case "RSA_SHA256":
+      return import_ssi_types.JoseSignatureAlgorithm.RS256;
+    case "RSA_SHA384":
+      return import_ssi_types.JoseSignatureAlgorithm.RS384;
+    case "RSA_SHA512":
+      return import_ssi_types.JoseSignatureAlgorithm.RS512;
+    case "RSA_SSA_PSS_SHA256_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS256;
+    case "RSA_SSA_PSS_SHA384_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS384;
+    case "RSA_SSA_PSS_SHA512_MGF1":
+      return import_ssi_types.JoseSignatureAlgorithm.PS512;
+    case "ECDSA_SHA256":
+      return import_ssi_types.JoseSignatureAlgorithm.ES256;
+    case "ECDSA_SHA384":
+      return import_ssi_types.JoseSignatureAlgorithm.ES384;
+    case "ECDSA_SHA512":
+      return import_ssi_types.JoseSignatureAlgorithm.ES512;
+    case "ES256K":
+      return import_ssi_types.JoseSignatureAlgorithm.ES256K;
+    case "ED25519":
+    case "EdDSA":
+      return import_ssi_types.JoseSignatureAlgorithm.EdDSA;
+    default:
+      return alg;
+  }
+}
+__name(signatureAlgorithmToJoseAlgorithm, "signatureAlgorithmToJoseAlgorithm");
 var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
-  const { type } = args;
+  const { type, algorithms } = args;
+  if (algorithms && algorithms.length > 0) {
+    return signatureAlgorithmToJoseAlgorithm(algorithms[0]);
+  }
   switch (type) {
     case "Ed25519":
     case "X25519":
@@ -969,7 +1012,7 @@ var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
     case "Secp256k1":
       return import_ssi_types.JoseSignatureAlgorithm.ES256K;
     case "RSA":
-      return import_ssi_types.JoseSignatureAlgorithm.PS256;
+      return import_ssi_types.JoseSignatureAlgorithm.RS256;
     default:
       throw new Error(`Key type '${type}' not supported`);
   }
@@ -1220,6 +1263,75 @@ function toPkcs1FromHex(publicKeyHex) {
   return toString2(pkcs1, "hex");
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
+function joseAlgorithmToDigest(alg) {
+  const normalized = alg.toUpperCase().replace(/-/g, "");
+  switch (normalized) {
+    case "RS256":
+    case "ES256":
+    case "ES256K":
+    case "PS256":
+    case "HS256":
+      return "SHA-256";
+    case "RS384":
+    case "ES384":
+    case "PS384":
+    case "HS384":
+      return "SHA-384";
+    case "RS512":
+    case "ES512":
+    case "PS512":
+    case "HS512":
+      return "SHA-512";
+    case "EDDSA":
+    case "ED25519":
+      return "SHA-512";
+    default:
+      throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`);
+  }
+}
+__name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
+function isHash(input) {
+  const length = input.length;
+  if (length !== 64 && length !== 96 && length !== 128) {
+    return false;
+  }
+  return input.match(/^([0-9A-Fa-f])+$/g) !== null;
+}
+__name(isHash, "isHash");
+function isHashString(input) {
+  const length = input.length;
+  if (length !== 32 && length !== 48 && length !== 64) {
+    return false;
+  }
+  let printableCount = 0;
+  for (let i = 0; i < length; i++) {
+    const byte = input[i];
+    if (byte === void 0) {
+      return false;
+    }
+    if (byte >= 32 && byte <= 126) {
+      printableCount++;
+    }
+  }
+  const printableRatio = printableCount / length;
+  return printableRatio < 0.9;
+}
+__name(isHashString, "isHashString");
+function normalizeHashAlgorithm(alg) {
+  if (!alg) {
+    return "SHA-256";
+  }
+  const upper = alg.toUpperCase();
+  if (upper.includes("256")) return "SHA-256";
+  if (upper.includes("384")) return "SHA-384";
+  if (upper.includes("512")) return "SHA-512";
+  throw new Error(`Invalid hash algorithm: ${alg}`);
+}
+__name(normalizeHashAlgorithm, "normalizeHashAlgorithm");
+function isSameHash(left, right) {
+  return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right);
+}
+__name(isSameHash, "isSameHash");
 
 // src/conversion.ts
 var import_ssi_types2 = require("@sphereon/ssi-types");
@@ -1468,4 +1580,98 @@ function coseToJoseCurve(curve) {
   }
 }
 __name(coseToJoseCurve, "coseToJoseCurve");
+function joseSignatureAlgToWebCrypto(alg) {
+  switch (alg) {
+    case import_ssi_types2.JoseSignatureAlgorithm.RS256:
+    case "RS256":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.RS384:
+    case "RS384":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.RS512:
+    case "RS512":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: "SHA-512"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS256:
+    case "PS256":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-256",
+        saltLength: 32
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS384:
+    case "PS384":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-384",
+        saltLength: 48
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.PS512:
+    case "PS512":
+      return {
+        name: "RSA-PSS",
+        hash: "SHA-512",
+        saltLength: 64
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256:
+    case "ES256":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES384:
+    case "ES384":
+      return {
+        name: "ECDSA",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES512:
+    case "ES512":
+      return {
+        name: "ECDSA",
+        hash: "SHA-512"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.ES256K:
+    case "ES256K":
+      return {
+        name: "ECDSA",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.EdDSA:
+    case "EdDSA":
+      return {
+        name: "Ed25519",
+        hash: ""
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS256:
+    case "HS256":
+      return {
+        name: "HMAC",
+        hash: "SHA-256"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS384:
+    case "HS384":
+      return {
+        name: "HMAC",
+        hash: "SHA-384"
+      };
+    case import_ssi_types2.JoseSignatureAlgorithm.HS512:
+    case "HS512":
+      return {
+        name: "HMAC",
+        hash: "SHA-512"
+      };
+    default:
+      throw Error(`Signature algorithm ${alg} not supported in Web Crypto API`);
+  }
+}
+__name(joseSignatureAlgToWebCrypto, "joseSignatureAlgToWebCrypto");
 //# sourceMappingURL=index.cjs.map