npm - @sphereon/ssi-sdk-ext.key-utils - Versions diffs - 0.36.1-next.47 → 0.36.1-next.70 - Mend

@sphereon/ssi-sdk-ext.key-utils 0.36.1-next.47 → 0.36.1-next.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.cjs +133 -23
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +13 -5
package/dist/index.d.ts +13 -5
package/dist/index.js +133 -23
package/dist/index.js.map +1 -1
package/package.json +4 -4
package/src/digest-methods.ts +13 -11
package/src/functions.ts +133 -9
package/src/types/key-util-types.ts +3 -0

package/dist/index.d.ts CHANGED Viewed

@@ -20,6 +20,7 @@ declare enum JwkKeyUse {
 declare const SIG_KEY_ALGS: string[];
 declare const ENC_KEY_ALGS: string[];
 type KeyVisibility = 'public' | 'private';
+type DigestAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
 interface X509Opts {
     cn?: string;
     privateKeyPEM?: string;
@@ -44,6 +45,7 @@ type SignatureAlgorithmFromKeyArgs = {
 };
 type SignatureAlgorithmFromKeyTypeArgs = {
     type: TKeyType;
+    algorithms?: string[];
 };
 type KeyTypeFromCryptographicSuiteArgs = {
     crv?: string;
@@ -86,7 +88,7 @@ declare const toBase64url: (input: string) => string;
  */
 declare const calculateJwkThumbprint: (args: {
     jwk: JWK;
-    digestAlgorithm?: "sha256" | "sha512";
+    digestAlgorithm?: DigestAlgorithm;
 }) => string;
 declare const toJwkFromKey: (key: IKey | MinimalImportableKey | ManagedKeyInfo, opts?: {
     use?: JwkKeyUse;
@@ -137,6 +139,7 @@ declare const isRawCompressedPublicKey: (key: Uint8Array) => boolean;
 declare const toRawCompressedHexPublicKey: (rawPublicKey: Uint8Array, keyType: TKeyType) => string;
 declare const hexStringFromUint8Array: (value: Uint8Array) => string;
 declare const signatureAlgorithmFromKey: (args: SignatureAlgorithmFromKeyArgs) => Promise<JoseSignatureAlgorithm>;
+declare function signatureAlgorithmToJoseAlgorithm(alg: string): JoseSignatureAlgorithm;
 declare const signatureAlgorithmFromKeyType: (args: SignatureAlgorithmFromKeyTypeArgs) => JoseSignatureAlgorithm;
 declare const keyTypeFromCryptographicSuite: (args: KeyTypeFromCryptographicSuiteArgs) => TKeyType;
 declare function removeNulls<T>(obj: T | any): any;
@@ -169,6 +172,12 @@ declare function toPkcs1(derBytes: Uint8Array): Uint8Array;
  * @returns DER‐encoded PKCS#1 RSAPublicKey in hex
  */
 declare function toPkcs1FromHex(publicKeyHex: string): any;
+declare function joseAlgorithmToDigest(alg: string): DigestAlgorithm;
+declare function isHash(input: string): boolean;
+declare function isHashString(input: Uint8Array): boolean;
+type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512';
+declare function normalizeHashAlgorithm(alg?: HashAlgorithm): 'SHA-256' | 'SHA-384' | 'SHA-512';
+declare function isSameHash(left: HashAlgorithm, right: HashAlgorithm): boolean;
 declare function coseKeyToJwk(coseKey: ICoseKeyJson): JWK;
 declare function jwkToCoseKey(jwk: JWK): ICoseKeyJson;
@@ -221,13 +230,12 @@ declare function jwkJcsDecode(bytes: ByteView<JsonWebKey$1>): JsonWebKey$1;
 declare function jcsCanonicalize(object: any): string;
 declare const SupportedEncodings: any;
-type HashAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512';
 type TDigestMethod = (input: string, encoding?: typeof SupportedEncodings) => string;
-declare const digestMethodParams: (hashAlgorithm: HashAlgorithm) => {
-    hashAlgorithm: HashAlgorithm;
+declare const digestMethodParams: (hashAlgorithm: DigestAlgorithm) => {
+    hashAlgorithm: DigestAlgorithm;
     digestMethod: TDigestMethod;
     hash: (data: Uint8Array) => Uint8Array;
 };
 declare const shaHasher: HasherSync;
-export { ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isRawCompressedPublicKey, jcsCanonicalize, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };
+export { type DigestAlgorithm, ENC_KEY_ALGS, type HashAlgorithm, type IImportProvidedOrGeneratedKeyArgs, type IKeyOpts, JWK_JCS_PUB_NAME, JWK_JCS_PUB_PREFIX, JwkKeyUse, Key, type KeyTypeFromCryptographicSuiteArgs, type KeyVisibility, SIG_KEY_ALGS, type SignatureAlgorithmFromKeyArgs, type SignatureAlgorithmFromKeyTypeArgs, type TDigestMethod, type TKeyType, type X509Opts, asn1DerToRawPublicKey, calculateJwkThumbprint, calculateJwkThumbprintForKey, coseKeyToJwk, coseToJoseCurve, coseToJoseKeyOperation, coseToJoseKty, coseToJoseSignatureAlg, digestMethodParams, generatePrivateKeyHex, getKms, globalCrypto, hexStringFromUint8Array, importProvidedOrGeneratedKey, isAsn1Der, isHash, isHashString, isRawCompressedPublicKey, isSameHash, jcsCanonicalize, joseAlgorithmToDigest, joseToCoseCurve, joseToCoseKeyOperation, joseToCoseKty, joseToCoseSignatureAlg, jwkDetermineUse, jwkJcsDecode, jwkJcsEncode, jwkToCoseKey, jwkToRawHexKey, keyTypeFromCryptographicSuite, logger, minimalJwk, normalizeHashAlgorithm, padLeft, removeNulls, rsaJwkToRawHexKey, sanitizedJwk, shaHasher, signatureAlgorithmFromKey, signatureAlgorithmFromKeyType, signatureAlgorithmToJoseAlgorithm, toBase64url, toJwk, toJwkFromKey, toPkcs1, toPkcs1FromHex, toRawCompressedHexPublicKey, validateJwk, verifyRawSignature, x25519PublicHexFromPrivateHex };

package/dist/index.js CHANGED Viewed

@@ -24,24 +24,25 @@ import { sha384, sha512 } from "@noble/hashes/sha512";
 import * as u8a from "uint8arrays";
 var { fromString, toString, SupportedEncodings } = u8a;
 var digestMethodParams = /* @__PURE__ */ __name((hashAlgorithm) => {
-  if (hashAlgorithm === "SHA-256") {
-    return {
-      hashAlgorithm: "SHA-256",
-      digestMethod: sha256DigestMethod,
-      hash: sha256
-    };
-  } else if (hashAlgorithm === "SHA-384") {
-    return {
-      hashAlgorithm: "SHA-384",
-      digestMethod: sha384DigestMethod,
-      hash: sha384
-    };
-  } else {
-    return {
-      hashAlgorithm: "SHA-512",
-      digestMethod: sha512DigestMethod,
-      hash: sha512
-    };
+  switch (normalizeHashAlgorithm(hashAlgorithm)) {
+    case "SHA-256":
+      return {
+        hashAlgorithm: "SHA-256",
+        digestMethod: sha256DigestMethod,
+        hash: sha256
+      };
+    case "SHA-384":
+      return {
+        hashAlgorithm: "SHA-384",
+        digestMethod: sha384DigestMethod,
+        hash: sha384
+      };
+    case "SHA-512":
+      return {
+        hashAlgorithm: "SHA-512",
+        digestMethod: sha512DigestMethod,
+        hash: sha512
+      };
   }
 }, "digestMethodParams");
 var shaHasher = /* @__PURE__ */ __name((input, alg) => {
@@ -365,7 +366,7 @@ var assertJwkClaimPresent = /* @__PURE__ */ __name((value, description) => {
 }, "assertJwkClaimPresent");
 var toBase64url = /* @__PURE__ */ __name((input) => toString2(fromString2(input), "base64url"), "toBase64url");
 var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
-  const { digestAlgorithm = "sha256" } = args;
+  const digestAlgorithm = normalizeHashAlgorithm(args.digestAlgorithm ?? "SHA-256");
   const jwk = sanitizedJwk(args.jwk);
   let components;
   switch (jwk.kty) {
@@ -409,7 +410,7 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name((args) => {
       throw new Error('"kty" (Key Type) Parameter missing or unsupported');
   }
   const data = JSON.stringify(components);
-  return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
+  return digestMethodParams(digestAlgorithm).digestMethod(data, "base64url");
 }, "calculateJwkThumbprint");
 var toJwkFromKey = /* @__PURE__ */ __name((key, opts) => {
   const isPrivateKey = "privateKeyHex" in key;
@@ -867,11 +868,45 @@ var hexStringFromUint8Array = /* @__PURE__ */ __name((value) => toString2(value,
 var signatureAlgorithmFromKey = /* @__PURE__ */ __name(async (args) => {
   const { key } = args;
   return signatureAlgorithmFromKeyType({
-    type: key.type
+    type: key.type,
+    algorithms: key.meta?.algorithms
   });
 }, "signatureAlgorithmFromKey");
+function signatureAlgorithmToJoseAlgorithm(alg) {
+  switch (alg) {
+    case "RSA_SHA256":
+      return JoseSignatureAlgorithm.RS256;
+    case "RSA_SHA384":
+      return JoseSignatureAlgorithm.RS384;
+    case "RSA_SHA512":
+      return JoseSignatureAlgorithm.RS512;
+    case "RSA_SSA_PSS_SHA256_MGF1":
+      return JoseSignatureAlgorithm.PS256;
+    case "RSA_SSA_PSS_SHA384_MGF1":
+      return JoseSignatureAlgorithm.PS384;
+    case "RSA_SSA_PSS_SHA512_MGF1":
+      return JoseSignatureAlgorithm.PS512;
+    case "ECDSA_SHA256":
+      return JoseSignatureAlgorithm.ES256;
+    case "ECDSA_SHA384":
+      return JoseSignatureAlgorithm.ES384;
+    case "ECDSA_SHA512":
+      return JoseSignatureAlgorithm.ES512;
+    case "ES256K":
+      return JoseSignatureAlgorithm.ES256K;
+    case "ED25519":
+    case "EdDSA":
+      return JoseSignatureAlgorithm.EdDSA;
+    default:
+      return alg;
+  }
+}
+__name(signatureAlgorithmToJoseAlgorithm, "signatureAlgorithmToJoseAlgorithm");
 var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
-  const { type } = args;
+  const { type, algorithms } = args;
+  if (algorithms && algorithms.length > 0) {
+    return signatureAlgorithmToJoseAlgorithm(algorithms[0]);
+  }
   switch (type) {
     case "Ed25519":
     case "X25519":
@@ -885,7 +920,7 @@ var signatureAlgorithmFromKeyType = /* @__PURE__ */ __name((args) => {
     case "Secp256k1":
       return JoseSignatureAlgorithm.ES256K;
     case "RSA":
-      return JoseSignatureAlgorithm.PS256;
+      return JoseSignatureAlgorithm.RS256;
     default:
       throw new Error(`Key type '${type}' not supported`);
   }
@@ -1136,6 +1171,75 @@ function toPkcs1FromHex(publicKeyHex) {
   return toString2(pkcs1, "hex");
 }
 __name(toPkcs1FromHex, "toPkcs1FromHex");
+function joseAlgorithmToDigest(alg) {
+  const normalized = alg.toUpperCase().replace(/-/g, "");
+  switch (normalized) {
+    case "RS256":
+    case "ES256":
+    case "ES256K":
+    case "PS256":
+    case "HS256":
+      return "SHA-256";
+    case "RS384":
+    case "ES384":
+    case "PS384":
+    case "HS384":
+      return "SHA-384";
+    case "RS512":
+    case "ES512":
+    case "PS512":
+    case "HS512":
+      return "SHA-512";
+    case "EDDSA":
+    case "ED25519":
+      return "SHA-512";
+    default:
+      throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`);
+  }
+}
+__name(joseAlgorithmToDigest, "joseAlgorithmToDigest");
+function isHash(input) {
+  const length = input.length;
+  if (length !== 64 && length !== 96 && length !== 128) {
+    return false;
+  }
+  return input.match(/^([0-9A-Fa-f])+$/g) !== null;
+}
+__name(isHash, "isHash");
+function isHashString(input) {
+  const length = input.length;
+  if (length !== 32 && length !== 48 && length !== 64) {
+    return false;
+  }
+  let printableCount = 0;
+  for (let i = 0; i < length; i++) {
+    const byte = input[i];
+    if (byte === void 0) {
+      return false;
+    }
+    if (byte >= 32 && byte <= 126) {
+      printableCount++;
+    }
+  }
+  const printableRatio = printableCount / length;
+  return printableRatio < 0.9;
+}
+__name(isHashString, "isHashString");
+function normalizeHashAlgorithm(alg) {
+  if (!alg) {
+    return "SHA-256";
+  }
+  const upper = alg.toUpperCase();
+  if (upper.includes("256")) return "SHA-256";
+  if (upper.includes("384")) return "SHA-384";
+  if (upper.includes("512")) return "SHA-512";
+  throw new Error(`Invalid hash algorithm: ${alg}`);
+}
+__name(normalizeHashAlgorithm, "normalizeHashAlgorithm");
+function isSameHash(left, right) {
+  return normalizeHashAlgorithm(left) === normalizeHashAlgorithm(right);
+}
+__name(isSameHash, "isSameHash");
 // src/conversion.ts
 import { ICoseCurve, ICoseKeyOperation, ICoseKeyType, ICoseSignatureAlgorithm, JoseCurve as JoseCurve2, JoseKeyOperation, JoseSignatureAlgorithm as JoseSignatureAlgorithm2, JwkKeyType as JwkKeyType2 } from "@sphereon/ssi-types";
@@ -1406,8 +1510,12 @@ export {
   hexStringFromUint8Array,
   importProvidedOrGeneratedKey,
   isAsn1Der,
+  isHash,
+  isHashString,
   isRawCompressedPublicKey,
+  isSameHash,
   jcsCanonicalize,
+  joseAlgorithmToDigest,
   joseToCoseCurve,
   joseToCoseKeyOperation,
   joseToCoseKty,
@@ -1420,6 +1528,7 @@ export {
   keyTypeFromCryptographicSuite,
   logger,
   minimalJwk,
+  normalizeHashAlgorithm,
   padLeft,
   removeNulls,
   rsaJwkToRawHexKey,
@@ -1427,6 +1536,7 @@ export {
   shaHasher,
   signatureAlgorithmFromKey,
   signatureAlgorithmFromKeyType,
+  signatureAlgorithmToJoseAlgorithm,
   toBase64url,
   toJwk,
   toJwkFromKey,