@sphereon/ssi-sdk-ext.x509-utils 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.oyd.cmsm.improv.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +5 -171
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -749
- package/dist/index.js.map +1 -1
- package/dist/types/index.d.ts +14 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +9 -0
- package/dist/types/index.js.map +1 -0
- package/dist/x509/crypto.d.ts +2 -0
- package/dist/x509/crypto.d.ts.map +1 -0
- package/dist/x509/crypto.js +28 -0
- package/dist/x509/crypto.js.map +1 -0
- package/dist/x509/index.d.ts +5 -0
- package/dist/x509/index.d.ts.map +1 -0
- package/dist/x509/index.js +21 -0
- package/dist/x509/index.js.map +1 -0
- package/dist/x509/rsa-key.d.ts +10 -0
- package/dist/x509/rsa-key.d.ts.map +1 -0
- package/dist/x509/rsa-key.js +102 -0
- package/dist/x509/rsa-key.js.map +1 -0
- package/dist/x509/rsa-signer.d.ts +24 -0
- package/dist/x509/rsa-signer.d.ts.map +1 -0
- package/dist/x509/rsa-signer.js +105 -0
- package/dist/x509/rsa-signer.js.map +1 -0
- package/dist/x509/x509-utils.d.ts +31 -0
- package/dist/x509/x509-utils.d.ts.map +1 -0
- package/dist/x509/x509-utils.js +215 -0
- package/dist/x509/x509-utils.js.map +1 -0
- package/dist/x509/x509-validator.d.ts +97 -0
- package/dist/x509/x509-validator.d.ts.map +1 -0
- package/dist/x509/x509-validator.js +489 -0
- package/dist/x509/x509-validator.js.map +1 -0
- package/package.json +12 -24
- package/src/x509/crypto.ts +5 -11
- package/src/x509/rsa-key.ts +2 -7
- package/src/x509/rsa-signer.ts +5 -10
- package/src/x509/x509-utils.ts +5 -9
- package/src/x509/x509-validator.ts +4 -8
- package/dist/index.cjs +0 -776
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -173
package/src/x509/rsa-signer.ts
CHANGED
|
@@ -1,14 +1,9 @@
|
|
|
1
|
-
|
|
2
|
-
import { fromString } from 'uint8arrays/from-string'
|
|
3
|
-
// @ts-ignore
|
|
4
|
-
import { toString } from 'uint8arrays/to-string'
|
|
1
|
+
import * as u8a from 'uint8arrays'
|
|
5
2
|
import { HashAlgorithm, KeyVisibility } from '../types'
|
|
6
3
|
import { globalCrypto } from './crypto'
|
|
7
4
|
import { cryptoSubtleImportRSAKey, RSAEncryptionSchemes, RSASignatureSchemes } from './rsa-key'
|
|
8
5
|
import { PEMToJwk } from './x509-utils'
|
|
9
|
-
|
|
10
|
-
// @ts-ignore
|
|
11
|
-
import { CryptoKey, RsaPssParams, AlgorithmIdentifier } from 'node'
|
|
6
|
+
|
|
12
7
|
export class RSASigner {
|
|
13
8
|
private readonly hashAlgorithm: HashAlgorithm
|
|
14
9
|
private readonly jwk: JsonWebKey
|
|
@@ -51,7 +46,7 @@ export class RSASigner {
|
|
|
51
46
|
|
|
52
47
|
private bufferToString(buf: ArrayBuffer) {
|
|
53
48
|
const uint8Array = new Uint8Array(buf)
|
|
54
|
-
return toString(uint8Array, 'base64url') // Needs to be base64url for JsonWebSignature2020. Don't change!
|
|
49
|
+
return u8a.toString(uint8Array, 'base64url') // Needs to be base64url for JsonWebSignature2020. Don't change!
|
|
55
50
|
}
|
|
56
51
|
|
|
57
52
|
public async sign(data: Uint8Array): Promise<string> {
|
|
@@ -69,7 +64,7 @@ export class RSASigner {
|
|
|
69
64
|
public async verify(data: string | Uint8Array, signature: string): Promise<boolean> {
|
|
70
65
|
const jws = signature.includes('.') ? signature.split('.')[2] : signature
|
|
71
66
|
|
|
72
|
-
const input = typeof data == 'string' ? fromString(data, 'utf-8') : data
|
|
67
|
+
const input = typeof data == 'string' ? u8a.fromString(data, 'utf-8') : data
|
|
73
68
|
|
|
74
69
|
let key = await this.getKey()
|
|
75
70
|
if (!key.usages.includes('verify')) {
|
|
@@ -79,7 +74,7 @@ export class RSASigner {
|
|
|
79
74
|
delete verifyJwk.key_ops
|
|
80
75
|
key = await cryptoSubtleImportRSAKey(verifyJwk, this.scheme, this.hashAlgorithm)
|
|
81
76
|
}
|
|
82
|
-
const verificationResult = await globalCrypto(false).subtle.verify(this.getImportParams(), key, fromString(jws, 'base64url'), input)
|
|
77
|
+
const verificationResult = await globalCrypto(false).subtle.verify(this.getImportParams(), key, u8a.fromString(jws, 'base64url'), input)
|
|
83
78
|
return verificationResult
|
|
84
79
|
}
|
|
85
80
|
}
|
package/src/x509/x509-utils.ts
CHANGED
|
@@ -1,14 +1,10 @@
|
|
|
1
1
|
import { X509Certificate } from '@peculiar/x509'
|
|
2
2
|
import { Certificate } from 'pkijs'
|
|
3
|
-
|
|
4
|
-
import { fromString } from 'uint8arrays/from-string'
|
|
5
|
-
// @ts-ignore
|
|
6
|
-
import { toString } from 'uint8arrays/to-string'
|
|
3
|
+
import * as u8a from 'uint8arrays'
|
|
7
4
|
// @ts-ignore
|
|
8
5
|
import keyto from '@trust/keyto'
|
|
9
6
|
import { KeyVisibility } from '../types'
|
|
10
7
|
|
|
11
|
-
import { JsonWebKey } from '@sphereon/ssi-types'
|
|
12
8
|
// Based on (MIT licensed):
|
|
13
9
|
// https://github.com/hildjj/node-posh/blob/master/lib/index.js
|
|
14
10
|
export function pemCertChainTox5c(cert: string, maxDepth?: number): string[] {
|
|
@@ -61,7 +57,7 @@ export const pemOrDerToX509Certificate = (cert: string | Uint8Array | X509Certif
|
|
|
61
57
|
if (!DER) {
|
|
62
58
|
throw Error('Invalid cert input value supplied. PEM, DER, Bytes and X509Certificate object are supported')
|
|
63
59
|
}
|
|
64
|
-
return Certificate.fromBER(fromString(DER, 'base64pad'))
|
|
60
|
+
return Certificate.fromBER(u8a.fromString(DER, 'base64pad'))
|
|
65
61
|
}
|
|
66
62
|
|
|
67
63
|
export const areCertificatesEqual = (cert1: Certificate, cert2: Certificate): boolean => {
|
|
@@ -134,7 +130,7 @@ export function PEMToBinary(pem: string): Uint8Array {
|
|
|
134
130
|
.replace(/-----END [^-]+-----[^]*$/, '')
|
|
135
131
|
.replace(/\s/g, '')
|
|
136
132
|
|
|
137
|
-
return fromString(pemContents, 'base64pad')
|
|
133
|
+
return u8a.fromString(pemContents, 'base64pad')
|
|
138
134
|
}
|
|
139
135
|
|
|
140
136
|
/**
|
|
@@ -144,7 +140,7 @@ export function PEMToBinary(pem: string): Uint8Array {
|
|
|
144
140
|
*/
|
|
145
141
|
export const base64ToHex = (input: string, inputEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad') => {
|
|
146
142
|
const base64NoNewlines = input.replace(/[^0-9A-Za-z_\-~\/+=]*/g, '')
|
|
147
|
-
return toString(fromString(base64NoNewlines, inputEncoding ? inputEncoding : 'base64pad'), 'base16')
|
|
143
|
+
return u8a.toString(u8a.fromString(base64NoNewlines, inputEncoding ? inputEncoding : 'base64pad'), 'base16')
|
|
148
144
|
}
|
|
149
145
|
|
|
150
146
|
export const hexToBase64 = (input: number | object | string, targetEncoding?: 'base64' | 'base64pad' | 'base64url' | 'base64urlpad'): string => {
|
|
@@ -152,7 +148,7 @@ export const hexToBase64 = (input: number | object | string, targetEncoding?: 'b
|
|
|
152
148
|
if (hex.length % 2 === 1) {
|
|
153
149
|
hex = `0${hex}`
|
|
154
150
|
}
|
|
155
|
-
return toString(fromString(hex, 'base16'), targetEncoding ? targetEncoding : 'base64pad')
|
|
151
|
+
return u8a.toString(u8a.fromString(hex, 'base16'), targetEncoding ? targetEncoding : 'base64pad')
|
|
156
152
|
}
|
|
157
153
|
|
|
158
154
|
export const hexToPEM = (hex: string, type: KeyVisibility): string => {
|
|
@@ -6,10 +6,7 @@ import { JWK } from '@sphereon/ssi-types'
|
|
|
6
6
|
import x509 from 'js-x509-utils'
|
|
7
7
|
import { AltName, AttributeTypeAndValue, Certificate, CryptoEngine, getCrypto, id_SubjectAltName, setEngine } from 'pkijs'
|
|
8
8
|
import { container } from 'tsyringe'
|
|
9
|
-
|
|
10
|
-
import { fromString } from 'uint8arrays/from-string'
|
|
11
|
-
// @ts-ignore
|
|
12
|
-
import { toString } from 'uint8arrays/to-string'
|
|
9
|
+
import * as u8a from 'uint8arrays'
|
|
13
10
|
import { globalCrypto } from './crypto'
|
|
14
11
|
import { areCertificatesEqual, derToPEM, pemOrDerToX509Certificate } from './x509-utils'
|
|
15
12
|
|
|
@@ -308,7 +305,6 @@ export type ParsedCertificate = {
|
|
|
308
305
|
publicKeyInfo: SubjectPublicKeyInfo
|
|
309
306
|
publicKeyJwk?: JWK
|
|
310
307
|
publicKeyRaw: Uint8Array
|
|
311
|
-
// @ts-ignore
|
|
312
308
|
publicKeyAlgorithm: Algorithm
|
|
313
309
|
certificateInfo: CertificateInfo
|
|
314
310
|
certificate: Certificate
|
|
@@ -520,10 +516,10 @@ const getDNString = (typesAndValues: AttributeTypeAndValue[]): string => {
|
|
|
520
516
|
export const getCertificateSubjectPublicKeyJWK = async (pemOrDerCert: string | Uint8Array | Certificate): Promise<JWK> => {
|
|
521
517
|
const pemOrDerStr =
|
|
522
518
|
typeof pemOrDerCert === 'string'
|
|
523
|
-
? toString(fromString(pemOrDerCert, 'base64pad'), 'base64pad')
|
|
519
|
+
? u8a.toString(u8a.fromString(pemOrDerCert, 'base64pad'), 'base64pad')
|
|
524
520
|
: pemOrDerCert instanceof Uint8Array
|
|
525
|
-
? toString(pemOrDerCert, 'base64pad')
|
|
526
|
-
: toString(fromString(pemOrDerCert.toString('base64'), 'base64pad'), 'base64pad')
|
|
521
|
+
? u8a.toString(pemOrDerCert, 'base64pad')
|
|
522
|
+
: u8a.toString(u8a.fromString(pemOrDerCert.toString('base64'), 'base64pad'), 'base64pad')
|
|
527
523
|
const pem = derToPEM(pemOrDerStr)
|
|
528
524
|
const certificate = pemOrDerToX509Certificate(pem)
|
|
529
525
|
var jwk: JWK | undefined
|