@sphereon/ssi-sdk-ext.key-utils 0.36.1-next.47 → 0.36.1-next.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +133 -23
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +13 -5
  4. package/dist/index.d.ts +13 -5
  5. package/dist/index.js +133 -23
  6. package/dist/index.js.map +1 -1
  7. package/package.json +4 -4
  8. package/src/digest-methods.ts +13 -11
  9. package/src/functions.ts +133 -9
  10. package/src/types/key-util-types.ts +3 -0
package/dist/index.cjs CHANGED
@@ -52,8 +52,12 @@ __export(index_exports, {
52
52
  hexStringFromUint8Array: () => hexStringFromUint8Array,
53
53
  importProvidedOrGeneratedKey: () => importProvidedOrGeneratedKey,
54
54
  isAsn1Der: () => isAsn1Der,
55
+ isHash: () => isHash,
56
+ isHashString: () => isHashString,
55
57
  isRawCompressedPublicKey: () => isRawCompressedPublicKey,
58
+ isSameHash: () => isSameHash,
56
59
  jcsCanonicalize: () => jcsCanonicalize,
60
+ joseAlgorithmToDigest: () => joseAlgorithmToDigest,
57
61
  joseToCoseCurve: () => joseToCoseCurve,
58
62
  joseToCoseKeyOperation: () => joseToCoseKeyOperation,
59
63
  joseToCoseKty: () => joseToCoseKty,
@@ -66,6 +70,7 @@ __export(index_exports, {
66
70
  keyTypeFromCryptographicSuite: () => keyTypeFromCryptographicSuite,
67
71
  logger: () => logger,
68
72
  minimalJwk: () => minimalJwk,
73
+ normalizeHashAlgorithm: () => normalizeHashAlgorithm,
69
74
  padLeft: () => padLeft,
70
75
  removeNulls: () => removeNulls,
71
76
  rsaJwkToRawHexKey: () => rsaJwkToRawHexKey,
@@ -73,6 +78,7 @@ __export(index_exports, {
73
78
  shaHasher: () => shaHasher,
74
79
  signatureAlgorithmFromKey: () => signatureAlgorithmFromKey,
75
80
  signatureAlgorithmFromKeyType: () => signatureAlgorithmFromKeyType,
81
+ signatureAlgorithmToJoseAlgorithm: () => signatureAlgorithmToJoseAlgorithm,
76
82
  toBase64url: () => toBase64url,
77
83
  toJwk: () => toJwk,
78
84
  toJwkFromKey: () => toJwkFromKey,
@@ -108,24 +114,25 @@ var import_sha512 = require("@noble/hashes/sha512");
108
114
  var u8a = __toESM(require("uint8arrays"), 1);
109
115
  var { fromString, toString, SupportedEncodings } = u8a;
110
116
  var digestMethodParams = /* @__PURE__ */ __name((hashAlgorithm) => {
111
- if (hashAlgorithm === "SHA-256") {
112
- return {
113
- hashAlgorithm: "SHA-256",
114
- digestMethod: sha256DigestMethod,
115
- hash: import_sha256.sha256
116
- };
117
- } else if (hashAlgorithm === "SHA-384") {
118
- return {
119
- hashAlgorithm: "SHA-384",
120
- digestMethod: sha384DigestMethod,
121
- hash: import_sha512.sha384
122
- };
123
- } else {
124
- return {
125
- hashAlgorithm: "SHA-512",
126
- digestMethod: sha512DigestMethod,
127
- hash: import_sha512.sha512
128
- };
117
+ switch (normalizeHashAlgorithm(hashAlgorithm)) {
118
+ case "SHA-256":
119
+ return {
120
+ hashAlgorithm: "SHA-256",
121
+ digestMethod: sha256DigestMethod,
122
+ hash: import_sha256.sha256
123
+ };
124
+ case "SHA-384":
125
+ return {
126
+ hashAlgorithm: "SHA-384",
127
+ digestMethod: sha384DigestMethod,
128
+ hash: import_sha512.sha384
129
+ };
130
+ case "SHA-512":
131
+ return {
132
+ hashAlgorithm: "SHA-512",
133
+ digestMethod: sha512DigestMethod,
134
+ hash: import_sha512.sha512
135
+ };
129
136
  }
130
137
  }, "digestMethodParams");
131
138
  var shaHasher = /* @__PURE__ */ __name((input, alg) => {
@@ -449,7 +456,7 @@ var assertJwkClaimPresent = /* @__PURE__ */ __name((value, description) => {
449
456
  }, "assertJwkClaimPresent");
450
457
  var toBase64url = /* @__PURE__ */ __name((input) => toString2(fromString2(input), "base64url"), "toBase64url");
451
458
  var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
452
- const { digestAlgorithm = "sha256" } = args;
459
+ const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? "SHA-256");
453
460
  const jwk = sanitizedJwk(args.jwk);
454
461
  let components;
455
462
  switch (jwk.kty) {
@@ -493,7 +500,7 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
493
500
  throw new Error('"kty" (Key Type) Parameter missing or unsupported');
494
501
  }
495
502
  const data = JSON.stringify(components);
496
- return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
503
+ return digestMethodParams(digestAlgorithm).digestMethod(data, "base64url");
497
504
  }, "calculateJwkThumbprint");
498
505
  var toJwkFromKey = /* @__PURE__ */ __name((key, opts) => {
499
506
  const isPrivateKey = "privateKeyHex" in key;
@@ -951,11 +958,45 @@ var hexStringFromUint8Array = /* @__PURE__ */ __name((value) => toString2(value,
951
958
  var signatureAlgorithmFromKey = /* @__PURE__ */ __name(async (args) => {
952
959
  const { key } = args;
953
960
  return signatureAlgorithmFromKeyType({
954
- type: key.type
961
+ type: key.type,
962
+ algorithms: key.meta?.algorithms
955
963
  });
956
964
  }, "signatureAlgorithmFromKey");
965
+ function signatureAlgorithmToJoseAlgorithm(alg) {
966
+ switch (alg) {
967
+ case "RSA_SHA256":
968
+ return import_ssi_types.JoseSignatureAlgorithm.RS256;
969
+ case "RSA_SHA384":
970
+ return import_ssi_types.JoseSignatureAlgorithm.RS384;
971
+ case "RSA_SHA512":
972
+ return import_ssi_types.JoseSignatureAlgorithm.RS512;
973
+ case "RSA_SSA_PSS_SHA256_MGF1":
974
+ return import_ssi_types.JoseSignatureAlgorithm.PS256;
975
+ case "RSA_SSA_PSS_SHA384_MGF1":
976
+ return import_ssi_types.JoseSignatureAlgorithm.PS384;
977
+ case "RSA_SSA_PSS_SHA512_MGF1":
978
+ return import_ssi_types.JoseSignatureAlgorithm.PS512;
979
+ case "ECDSA_SHA256":
980
+ return import_ssi_types.JoseSignatureAlgorithm.ES256;
981
+ case "ECDSA_SHA384":
982
+ return import_ssi_types.JoseSignatureAlgorithm.ES384;
983
+ case "ECDSA_SHA512":
984
+ return import_ssi_types.JoseSignatureAlgorithm.ES512;
985
+ case "ES256K":
986
+ return import_ssi_types.JoseSignatureAlgorithm.ES256K;
987
+ case "ED25519":
988
+ case "EdDSA":
989
+ return import_ssi_types.JoseSignatureAlgorithm.EdDSA;
990
+ default:
991
+ return alg;
992
+ }
993
+ }
994
+ __name(signatureAlgorithmToJoseAlgorithm, "signatureAlgorithmToJoseAlgorithm");
957
995
  var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
958
- const { type } = args;
996
+ const { type, algorithms } = args;
997
+ if (algorithms && algorithms.length > 0) {
998
+ return signatureAlgorithmToJoseAlgorithm(algorithms[0]);
999
+ }
959
1000
  switch (type) {
960
1001
  case "Ed25519":
961
1002
  case "X25519":
@@ -969,7 +1010,7 @@ var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
969
1010
  case "Secp256k1":
970
1011
  return import_ssi_types.JoseSignatureAlgorithm.ES256K;
971
1012
  case "RSA":
972
- return import_ssi_types.JoseSignatureAlgorithm.PS256;
1013
+ return import_ssi_types.JoseSignatureAlgorithm.RS256;
973
1014
  default:
974
1015
  throw new Error(`Key type '${type}' not supported`);
975
1016
  }
@@ -1220,6 +1261,75 @@ function toPkcs1FromHex(publicKeyHex) {
1220
1261
  return toString2(pkcs1, "hex");
1221
1262
  }
1222
1263
  __name(toPkcs1FromHex, "toPkcs1FromHex");
1264
+ function joseAlgorithmToDigest(alg) {
1265
+ const normalized = alg.toUpperCase().replace(/-/g, "");
1266
+ switch (normalized) {
1267
+ case "RS256":
1268
+ case "ES256":
1269
+ case "ES256K":
1270
+ case "PS256":
1271
+ case "HS256":
1272
+ return "SHA-256";
1273
+ case "RS384":
1274
+ case "ES384":
1275
+ case "PS384":
1276
+ case "HS384":
1277
+ return "SHA-384";
1278
+ case "RS512":
1279
+ case "ES512":
1280
+ case "PS512":
1281
+ case "HS512":
1282
+ return "SHA-512";
1283
+ case "EDDSA":
1284
+ case "ED25519":
1285
+ return "SHA-512";
1286
+ default:
1287
+ throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`);
1288
+ }
1289
+ }
1290
+ __name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
1291
+ function isHash(input) {
1292
+ const length = input.length;
1293
+ if (length !== 64 && length !== 96 && length !== 128) {
1294
+ return false;
1295
+ }
1296
+ return input.match(/^([0-9A-Fa-f])+$/g) !== null;
1297
+ }
1298
+ __name(isHash, "isHash");
1299
+ function isHashString(input) {
1300
+ const length = input.length;
1301
+ if (length !== 32 && length !== 48 && length !== 64) {
1302
+ return false;
1303
+ }
1304
+ let printableCount = 0;
1305
+ for (let i = 0; i < length; i++) {
1306
+ const byte = input[i];
1307
+ if (byte === void 0) {
1308
+ return false;
1309
+ }
1310
+ if (byte >= 32 && byte <= 126) {
1311
+ printableCount++;
1312
+ }
1313
+ }
1314
+ const printableRatio = printableCount / length;
1315
+ return printableRatio < 0.9;
1316
+ }
1317
+ __name(isHashString, "isHashString");
1318
+ function normalizeHashAlgorithm(alg) {
1319
+ if (!alg) {
1320
+ return "SHA-256";
1321
+ }
1322
+ const upper = alg.toUpperCase();
1323
+ if (upper.includes("256")) return "SHA-256";
1324
+ if (upper.includes("384")) return "SHA-384";
1325
+ if (upper.includes("512")) return "SHA-512";
1326
+ throw new Error(`Invalid hash algorithm: ${alg}`);
1327
+ }
1328
+ __name(normalizeHashAlgorithm, "normalizeHashAlgorithm");
1329
+ function isSameHash(left, right) {
1330
+ return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right);
1331
+ }
1332
+ __name(isSameHash, "isSameHash");
1223
1333
 
1224
1334
  // src/conversion.ts
1225
1335
  var import_ssi_types2 = require("@sphereon/ssi-types");