@twin.org/web 0.0.1-next.38 → 0.0.1-next.39

package/dist/cjs/index.cjs

@@ -2,6 +2,7 @@
 
 var core = require('@twin.org/core');
 var jose = require('jose');
+var crypto = require('@twin.org/crypto');
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -846,21 +847,12 @@ class Jwt {
         core.Guards.defined(Jwt._CLASS_NAME, "key", key);
         const signer = new jose.SignJWT(payload);
         signer.setProtectedHeader(header);
+        let finalKey = key;
         if (header.alg === "EdDSA" && core.Is.uint8Array(key)) {
-            // crypto.subtle.importKey does not support Ed25519 keys in raw format.
-            // We need to convert the key to PKCS8 format before importing.
-            // The PKCS8 format is the raw key prefixed with the ASN.1 sequence for an Ed25519 private key.
-            // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20
-            const pkcs8Prefix = new Uint8Array([
-                48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32
-            ]); // 0x302e020100300506032b657004220420
-            const pkcs8PrivateKey = core.Uint8ArrayHelper.concat([pkcs8Prefix, key]);
-            const imported = await crypto.subtle.importKey("pkcs8", pkcs8PrivateKey, "Ed25519", false, [
-                "sign"
-            ]);
-            return signer.sign(imported);
+            // Jose does not support Ed25519 keys in raw format, so we need to convert it to PKCS8.
+            finalKey = await crypto.Ed25519.privateKeyToPKCS8(key);
         }
-        return signer.sign(key);
+        return signer.sign(finalKey);
     }
     /**
      * The default verifier for the JWT.
@@ -888,7 +880,9 @@ class Jwt {
      * @param payload The payload.
      * @returns The bytes to sign.
      */
-    static createSignBytes(header, payload) {
+    static toSigningBytes(header, payload) {
+        core.Guards.object(Jwt._CLASS_NAME, "header", header);
+        core.Guards.object(Jwt._CLASS_NAME, "payload", payload);
         const segments = [];
         const headerBytes = core.Converter.utf8ToBytes(JSON.stringify(header));
         segments.push(core.Converter.bytesToBase64Url(headerBytes));
@@ -897,16 +891,56 @@ class Jwt {
         return core.Converter.utf8ToBytes(segments.join("."));
     }
     /**
-     * Create token from bytes and signature.
-     * @param signedBytes The signed bytes.
+     * Create header and payload from signing bytes.
+     * @param signingBytes The signing bytes from a token.
+     * @returns The header and payload.
+     * @throws If the signing bytes are invalid
+     */
+    static fromSigningBytes(signingBytes) {
+        core.Guards.uint8Array(Jwt._CLASS_NAME, "signingBytes", signingBytes);
+        const segments = core.Converter.bytesToUtf8(signingBytes).split(".");
+        if (segments.length !== 2) {
+            throw new core.GeneralError(Jwt._CLASS_NAME, "invalidSigningBytes");
+        }
+        const headerBytes = core.Converter.base64UrlToBytes(segments[0]);
+        const payloadBytes = core.Converter.base64UrlToBytes(segments[1]);
+        return {
+            header: core.ObjectHelper.fromBytes(headerBytes),
+            payload: core.ObjectHelper.fromBytes(payloadBytes)
+        };
+    }
+    /**
+     * Convert signed bytes and signature bytes to token.
+     * @param signingBytes The signed bytes.
      * @param signature The signature.
      * @returns The token.
      */
-    static createTokenFromBytes(signedBytes, signature) {
-        const signedBytesUtf8 = core.Converter.bytesToUtf8(signedBytes);
+    static tokenFromBytes(signingBytes, signature) {
+        core.Guards.uint8Array(Jwt._CLASS_NAME, "signingBytes", signingBytes);
+        core.Guards.uint8Array(Jwt._CLASS_NAME, "signature", signature);
+        const signedBytesUtf8 = core.Converter.bytesToUtf8(signingBytes);
         const signatureBase64 = core.Converter.bytesToBase64Url(signature);
         return `${signedBytesUtf8}.${signatureBase64}`;
     }
+    /**
+     * Convert the token to signing bytes and signature bytes.
+     * @param token The token to convert to bytes.
+     * @returns The decoded bytes.
+     * @throws If the token is invalid.
+     */
+    static tokenToBytes(token) {
+        core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
+        const segments = token.split(".");
+        if (segments.length !== 3) {
+            throw new core.GeneralError(Jwt._CLASS_NAME, "invalidTokenParts");
+        }
+        const signingBytes = core.Converter.utf8ToBytes(`${segments[0]}.${segments[1]}`);
+        const signature = core.Converter.base64UrlToBytes(segments[2]);
+        return {
+            signingBytes,
+            signature
+        };
+    }
     /**
      * Encode a token.
      * @param header The header to encode.

package/dist/esm/index.mjs

@@ -1,5 +1,6 @@
-import { BaseError, StringHelper, Guards, Is, AsyncCache, ObjectHelper, GeneralError, Converter, Uint8ArrayHelper } from '@twin.org/core';
+import { BaseError, StringHelper, Guards, Is, AsyncCache, ObjectHelper, GeneralError, Converter } from '@twin.org/core';
 import { importJWK, SignJWT, jwtVerify } from 'jose';
+import { Ed25519 } from '@twin.org/crypto';
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -844,21 +845,12 @@ class Jwt {
         Guards.defined(Jwt._CLASS_NAME, "key", key);
         const signer = new SignJWT(payload);
         signer.setProtectedHeader(header);
+        let finalKey = key;
         if (header.alg === "EdDSA" && Is.uint8Array(key)) {
-            // crypto.subtle.importKey does not support Ed25519 keys in raw format.
-            // We need to convert the key to PKCS8 format before importing.
-            // The PKCS8 format is the raw key prefixed with the ASN.1 sequence for an Ed25519 private key.
-            // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20
-            const pkcs8Prefix = new Uint8Array([
-                48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32
-            ]); // 0x302e020100300506032b657004220420
-            const pkcs8PrivateKey = Uint8ArrayHelper.concat([pkcs8Prefix, key]);
-            const imported = await crypto.subtle.importKey("pkcs8", pkcs8PrivateKey, "Ed25519", false, [
-                "sign"
-            ]);
-            return signer.sign(imported);
+            // Jose does not support Ed25519 keys in raw format, so we need to convert it to PKCS8.
+            finalKey = await Ed25519.privateKeyToPKCS8(key);
         }
-        return signer.sign(key);
+        return signer.sign(finalKey);
     }
     /**
      * The default verifier for the JWT.
@@ -886,7 +878,9 @@ class Jwt {
      * @param payload The payload.
      * @returns The bytes to sign.
      */
-    static createSignBytes(header, payload) {
+    static toSigningBytes(header, payload) {
+        Guards.object(Jwt._CLASS_NAME, "header", header);
+        Guards.object(Jwt._CLASS_NAME, "payload", payload);
         const segments = [];
         const headerBytes = Converter.utf8ToBytes(JSON.stringify(header));
         segments.push(Converter.bytesToBase64Url(headerBytes));
@@ -895,16 +889,56 @@ class Jwt {
         return Converter.utf8ToBytes(segments.join("."));
     }
     /**
-     * Create token from bytes and signature.
-     * @param signedBytes The signed bytes.
+     * Create header and payload from signing bytes.
+     * @param signingBytes The signing bytes from a token.
+     * @returns The header and payload.
+     * @throws If the signing bytes are invalid
+     */
+    static fromSigningBytes(signingBytes) {
+        Guards.uint8Array(Jwt._CLASS_NAME, "signingBytes", signingBytes);
+        const segments = Converter.bytesToUtf8(signingBytes).split(".");
+        if (segments.length !== 2) {
+            throw new GeneralError(Jwt._CLASS_NAME, "invalidSigningBytes");
+        }
+        const headerBytes = Converter.base64UrlToBytes(segments[0]);
+        const payloadBytes = Converter.base64UrlToBytes(segments[1]);
+        return {
+            header: ObjectHelper.fromBytes(headerBytes),
+            payload: ObjectHelper.fromBytes(payloadBytes)
+        };
+    }
+    /**
+     * Convert signed bytes and signature bytes to token.
+     * @param signingBytes The signed bytes.
      * @param signature The signature.
      * @returns The token.
      */
-    static createTokenFromBytes(signedBytes, signature) {
-        const signedBytesUtf8 = Converter.bytesToUtf8(signedBytes);
+    static tokenFromBytes(signingBytes, signature) {
+        Guards.uint8Array(Jwt._CLASS_NAME, "signingBytes", signingBytes);
+        Guards.uint8Array(Jwt._CLASS_NAME, "signature", signature);
+        const signedBytesUtf8 = Converter.bytesToUtf8(signingBytes);
         const signatureBase64 = Converter.bytesToBase64Url(signature);
         return `${signedBytesUtf8}.${signatureBase64}`;
     }
+    /**
+     * Convert the token to signing bytes and signature bytes.
+     * @param token The token to convert to bytes.
+     * @returns The decoded bytes.
+     * @throws If the token is invalid.
+     */
+    static tokenToBytes(token) {
+        Guards.stringValue(Jwt._CLASS_NAME, "token", token);
+        const segments = token.split(".");
+        if (segments.length !== 3) {
+            throw new GeneralError(Jwt._CLASS_NAME, "invalidTokenParts");
+        }
+        const signingBytes = Converter.utf8ToBytes(`${segments[0]}.${segments[1]}`);
+        const signature = Converter.base64UrlToBytes(segments[2]);
+        return {
+            signingBytes,
+            signature
+        };
+    }
     /**
      * Encode a token.
      * @param header The header to encode.

package/dist/types/utils/jwt.d.ts

@@ -92,12 +92,32 @@ export declare class Jwt {
      * @param payload The payload.
      * @returns The bytes to sign.
      */
-    static createSignBytes<T extends IJwtHeader, U extends IJwtPayload>(header: T, payload: U): Uint8Array;
+    static toSigningBytes<T extends IJwtHeader, U extends IJwtPayload>(header: T, payload: U): Uint8Array;
     /**
-     * Create token from bytes and signature.
-     * @param signedBytes The signed bytes.
+     * Create header and payload from signing bytes.
+     * @param signingBytes The signing bytes from a token.
+     * @returns The header and payload.
+     * @throws If the signing bytes are invalid
+     */
+    static fromSigningBytes<T extends IJwtHeader, U extends IJwtPayload>(signingBytes: Uint8Array): {
+        header: T;
+        payload: U;
+    };
+    /**
+     * Convert signed bytes and signature bytes to token.
+     * @param signingBytes The signed bytes.
      * @param signature The signature.
      * @returns The token.
      */
-    static createTokenFromBytes(signedBytes: Uint8Array, signature: Uint8Array): string;
+    static tokenFromBytes(signingBytes: Uint8Array, signature: Uint8Array): string;
+    /**
+     * Convert the token to signing bytes and signature bytes.
+     * @param token The token to convert to bytes.
+     * @returns The decoded bytes.
+     * @throws If the token is invalid.
+     */
+    static tokenToBytes(token: string): {
+        signingBytes: Uint8Array;
+        signature: Uint8Array;
+    };
 }

package/docs/changelog.md

@@ -1,5 +1,5 @@
 # @twin.org/web - Changelog
 
-## 0.0.1-next.38
+## 0.0.1-next.39
 
 - Initial Release

package/docs/reference/classes/Jwt.md

@@ -298,9 +298,9 @@ True if the signature was verified.
 
 ***
 
-### createSignBytes()
+### toSigningBytes()
 
-> `static` **createSignBytes**\<`T`, `U`\>(`header`, `payload`): `Uint8Array`
+> `static` **toSigningBytes**\<`T`, `U`\>(`header`, `payload`): `Uint8Array`
 
 Create bytes for signing from header and payload.
 
@@ -332,15 +332,55 @@ The bytes to sign.
 
 ***
 
-### createTokenFromBytes()
+### fromSigningBytes()
 
-> `static` **createTokenFromBytes**(`signedBytes`, `signature`): `string`
+> `static` **fromSigningBytes**\<`T`, `U`\>(`signingBytes`): `object`
 
-Create token from bytes and signature.
+Create header and payload from signing bytes.
+
+#### Type Parameters
+
+• **T** *extends* [`IJwtHeader`](../interfaces/IJwtHeader.md)
+
+• **U** *extends* [`IJwtPayload`](../interfaces/IJwtPayload.md)
+
+#### Parameters
+
+##### signingBytes
+
+`Uint8Array`
+
+The signing bytes from a token.
+
+#### Returns
+
+`object`
+
+The header and payload.
+
+##### header
+
+> **header**: `T`
+
+##### payload
+
+> **payload**: `U`
+
+#### Throws
+
+If the signing bytes are invalid
+
+***
+
+### tokenFromBytes()
+
+> `static` **tokenFromBytes**(`signingBytes`, `signature`): `string`
+
+Convert signed bytes and signature bytes to token.
 
 #### Parameters
 
-##### signedBytes
+##### signingBytes
 
 `Uint8Array`
 
@@ -357,3 +397,37 @@ The signature.
 `string`
 
 The token.
+
+***
+
+### tokenToBytes()
+
+> `static` **tokenToBytes**(`token`): `object`
+
+Convert the token to signing bytes and signature bytes.
+
+#### Parameters
+
+##### token
+
+`string`
+
+The token to convert to bytes.
+
+#### Returns
+
+`object`
+
+The decoded bytes.
+
+##### signingBytes
+
+> **signingBytes**: `Uint8Array`
+
+##### signature
+
+> **signature**: `Uint8Array`
+
+#### Throws
+
+If the token is invalid.

package/locales/en.json

@@ -10,7 +10,9 @@
 		"jwt": {
 			"noKeyOrSigner": "No key or signer was provided for JWT creation",
 			"noKeyOrVerifier": "No key or verifier was provided for JWT creation",
-			"verifyFailed": "Failed to verify JWT"
+			"verifyFailed": "Failed to verify JWT",
+			"invalidTokenParts": "The JSON Web Token could not be parsed, it should contain three parts separated by dots",
+			"invalidSigningBytes": "The signing bytes are invalid, it should contain two parts separated by a dot"
 		},
 		"jwk": {
 			"jwkImportFailed": "Failed to import JWK"

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/web",
-	"version": "0.0.1-next.38",
+	"version": "0.0.1-next.39",
 	"description": "Contains classes for use with web operations",
 	"repository": {
 		"type": "git",
@@ -14,8 +14,8 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/core": "0.0.1-next.38",
-		"@twin.org/crypto": "0.0.1-next.38",
+		"@twin.org/core": "0.0.1-next.39",
+		"@twin.org/crypto": "0.0.1-next.39",
 		"@twin.org/nameof": "next",
 		"jose": "6.0.8"
 	},