@vess-id/mdl 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +95 -1
- package/lib/index.d.ts +1 -0
- package/lib/mdoc/model/Document.d.ts +3 -2
- package/lib/mdoc/model/Document.js +26 -7
- package/lib/mdoc/model/IssuerAuth.d.ts +6 -1
- package/lib/mdoc/model/IssuerAuth.js +76 -3
- package/lib/mdoc/model/types.d.ts +19 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -71,6 +71,8 @@ import fs from "node:fs";
|
|
|
71
71
|
|
|
72
72
|
## Issuing a credential
|
|
73
73
|
|
|
74
|
+
### Traditional approach with private key
|
|
75
|
+
|
|
74
76
|
```js
|
|
75
77
|
import { MDoc, Document } from "@vess-id/mdl";
|
|
76
78
|
import { inspect } from "node:util";
|
|
@@ -90,14 +92,106 @@ import { inspect } from "node:util";
|
|
|
90
92
|
.sign({
|
|
91
93
|
issuerPrivateKey,
|
|
92
94
|
issuerCertificate,
|
|
95
|
+
alg: 'ES256',
|
|
93
96
|
});
|
|
94
97
|
|
|
95
98
|
const mdoc = new MDoc([document]).encode();
|
|
96
99
|
|
|
97
|
-
inspect(
|
|
100
|
+
inspect(mdoc);
|
|
98
101
|
})();
|
|
99
102
|
```
|
|
100
103
|
|
|
104
|
+
### Using external signer (HSM, KMS, or remote signing)
|
|
105
|
+
|
|
106
|
+
```js
|
|
107
|
+
import { MDoc, Document, CoseSign1Signer, CoseSign1ContextualSigner } from "@vess-id/mdl";
|
|
108
|
+
|
|
109
|
+
(async () => {
|
|
110
|
+
// Basic signer - receives only the data to sign
|
|
111
|
+
const basicSigner: CoseSign1Signer = async (data: Uint8Array) => {
|
|
112
|
+
// Send data to HSM/KMS/remote service for signing
|
|
113
|
+
const signature = await externalSigningService.sign(data);
|
|
114
|
+
return new Uint8Array(signature);
|
|
115
|
+
};
|
|
116
|
+
|
|
117
|
+
// Or use contextual signer for more control
|
|
118
|
+
const contextualSigner: CoseSign1ContextualSigner = async (context) => {
|
|
119
|
+
console.log('Signing algorithm:', context.algorithm);
|
|
120
|
+
console.log('Payload size:', context.payload.length);
|
|
121
|
+
|
|
122
|
+
// Use context information for signing
|
|
123
|
+
const signature = await externalSigningService.signWithContext({
|
|
124
|
+
data: context.data,
|
|
125
|
+
algorithm: context.algorithm,
|
|
126
|
+
// ... other context data
|
|
127
|
+
});
|
|
128
|
+
return new Uint8Array(signature);
|
|
129
|
+
};
|
|
130
|
+
// Mark as contextual signer
|
|
131
|
+
(contextualSigner as any).isContextualSigner = true;
|
|
132
|
+
|
|
133
|
+
const document = await new Document("org.iso.18013.5.1.mDL")
|
|
134
|
+
.addIssuerNameSpace("org.iso.18013.5.1", {
|
|
135
|
+
family_name: "Jones",
|
|
136
|
+
given_name: "Ava",
|
|
137
|
+
birth_date: "2007-03-25",
|
|
138
|
+
})
|
|
139
|
+
.useDigestAlgorithm("SHA-256")
|
|
140
|
+
.addValidityInfo({
|
|
141
|
+
signed: new Date(),
|
|
142
|
+
})
|
|
143
|
+
.addDeviceKeyInfo({ deviceKey: publicKeyJWK })
|
|
144
|
+
.sign({
|
|
145
|
+
signer: basicSigner, // or contextualSigner
|
|
146
|
+
issuerCertificate,
|
|
147
|
+
alg: 'ES256',
|
|
148
|
+
});
|
|
149
|
+
|
|
150
|
+
const mdoc = new MDoc([document]).encode();
|
|
151
|
+
})();
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
### Real-world examples
|
|
155
|
+
|
|
156
|
+
#### AWS KMS Integration
|
|
157
|
+
```js
|
|
158
|
+
import { KMSClient, SignCommand } from "@aws-sdk/client-kms";
|
|
159
|
+
import { CoseSign1Signer } from "@vess-id/mdl";
|
|
160
|
+
|
|
161
|
+
const kmsClient = new KMSClient({ region: "us-east-1" });
|
|
162
|
+
|
|
163
|
+
const kmsSigner: CoseSign1Signer = async (data: Uint8Array) => {
|
|
164
|
+
const command = new SignCommand({
|
|
165
|
+
KeyId: "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012",
|
|
166
|
+
Message: data,
|
|
167
|
+
SigningAlgorithm: "ECDSA_SHA_256",
|
|
168
|
+
});
|
|
169
|
+
|
|
170
|
+
const response = await kmsClient.send(command);
|
|
171
|
+
return new Uint8Array(response.Signature!);
|
|
172
|
+
};
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
#### Hardware Security Module (HSM)
|
|
176
|
+
```js
|
|
177
|
+
import { CoseSign1Signer } from "@vess-id/mdl";
|
|
178
|
+
|
|
179
|
+
const hsmSigner: CoseSign1Signer = async (data: Uint8Array) => {
|
|
180
|
+
// Example using PKCS#11
|
|
181
|
+
const session = await hsm.openSession();
|
|
182
|
+
try {
|
|
183
|
+
const signature = await session.sign({
|
|
184
|
+
mechanism: "ECDSA",
|
|
185
|
+
data: data,
|
|
186
|
+
keyHandle: privateKeyHandle,
|
|
187
|
+
});
|
|
188
|
+
return new Uint8Array(signature);
|
|
189
|
+
} finally {
|
|
190
|
+
await session.close();
|
|
191
|
+
}
|
|
192
|
+
};
|
|
193
|
+
```
|
|
194
|
+
|
|
101
195
|
## Generating a device response
|
|
102
196
|
|
|
103
197
|
```js
|
package/lib/index.d.ts
CHANGED
|
@@ -10,3 +10,4 @@ export { DeviceResponse } from './mdoc/model/DeviceResponse';
|
|
|
10
10
|
export { MDLError, MDLParseError } from './mdoc/errors';
|
|
11
11
|
export { VerificationAssessmentId } from './mdoc/checkCallback';
|
|
12
12
|
export { getCborEncodeDecodeOptions, setCborEncodeDecodeOptions } from './cbor';
|
|
13
|
+
export { CoseSign1Signer, CoseSign1ContextualSigner, CoseSign1SignerCallback, CoseSign1SigningContext, SupportedAlgs } from './mdoc/model/types';
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as jose from 'jose';
|
|
2
|
-
import { DigestAlgorithm, DocType, SupportedAlgs, ValidityInfo } from './types';
|
|
2
|
+
import { DigestAlgorithm, DocType, SupportedAlgs, ValidityInfo, CoseSign1SignerCallback } from './types';
|
|
3
3
|
import { IssuerSignedDocument } from './IssuerSignedDocument';
|
|
4
4
|
/**
|
|
5
5
|
* Use this class when building new documents.
|
|
@@ -67,7 +67,8 @@ export declare class Document {
|
|
|
67
67
|
* @returns {Promise<IssuerSignedDoc>} - The signed document
|
|
68
68
|
*/
|
|
69
69
|
sign(params: {
|
|
70
|
-
issuerPrivateKey
|
|
70
|
+
issuerPrivateKey?: jose.JWK | Uint8Array;
|
|
71
|
+
signer?: CoseSign1SignerCallback;
|
|
71
72
|
issuerCertificate: string | Uint8Array | Array<string | Uint8Array>;
|
|
72
73
|
alg: SupportedAlgs;
|
|
73
74
|
kid?: string | Uint8Array;
|
|
@@ -200,6 +200,13 @@ class Document {
|
|
|
200
200
|
if (!__classPrivateFieldGet(this, _Document_issuerNameSpaces, "f")) {
|
|
201
201
|
throw new Error('No namespaces added');
|
|
202
202
|
}
|
|
203
|
+
// Validate that either issuerPrivateKey or signer is provided, but not both
|
|
204
|
+
if (!params.issuerPrivateKey && !params.signer) {
|
|
205
|
+
throw new Error('Either issuerPrivateKey or signer must be provided');
|
|
206
|
+
}
|
|
207
|
+
if (params.issuerPrivateKey && params.signer) {
|
|
208
|
+
throw new Error('Cannot provide both issuerPrivateKey and signer');
|
|
209
|
+
}
|
|
203
210
|
let issuerCertificateChain;
|
|
204
211
|
if (Array.isArray(params.issuerCertificate)) {
|
|
205
212
|
issuerCertificateChain = params.issuerCertificate.flatMap((cert) => (typeof cert === 'string' ? (0, utils_1.fromPEM)(cert) : [cert]));
|
|
@@ -210,10 +217,14 @@ class Document {
|
|
|
210
217
|
else {
|
|
211
218
|
issuerCertificateChain = [params.issuerCertificate];
|
|
212
219
|
}
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
220
|
+
let issuerPrivateKeyJWK;
|
|
221
|
+
let issuerPrivateKey;
|
|
222
|
+
if (params.issuerPrivateKey) {
|
|
223
|
+
issuerPrivateKeyJWK = params.issuerPrivateKey instanceof Uint8Array ?
|
|
224
|
+
(0, cose_kit_1.COSEKeyToJWK)(params.issuerPrivateKey) :
|
|
225
|
+
params.issuerPrivateKey;
|
|
226
|
+
issuerPrivateKey = await jose.importJWK(issuerPrivateKeyJWK);
|
|
227
|
+
}
|
|
217
228
|
const valueDigests = new Map(await Promise.all(Object.entries(__classPrivateFieldGet(this, _Document_issuerNameSpaces, "f")).map(async ([namespace, items]) => {
|
|
218
229
|
const digestMap = new Map();
|
|
219
230
|
await Promise.all(items.map(async (item, index) => {
|
|
@@ -233,10 +244,18 @@ class Document {
|
|
|
233
244
|
const payload = (0, cbor_1.cborEncode)(cbor_1.DataItem.fromData(mso));
|
|
234
245
|
const protectedHeader = { alg: params.alg };
|
|
235
246
|
const unprotectedHeader = {
|
|
236
|
-
kid: params.kid ?? issuerPrivateKeyJWK
|
|
247
|
+
kid: params.kid ?? issuerPrivateKeyJWK?.kid,
|
|
237
248
|
x5chain: issuerCertificateChain.length === 1 ? issuerCertificateChain[0] : issuerCertificateChain,
|
|
238
249
|
};
|
|
239
|
-
|
|
250
|
+
let issuerAuth;
|
|
251
|
+
if (params.signer) {
|
|
252
|
+
// Use the callback signer
|
|
253
|
+
issuerAuth = await IssuerAuth_1.default.signWithCallback(protectedHeader, unprotectedHeader, payload, params.signer, params.alg);
|
|
254
|
+
}
|
|
255
|
+
else {
|
|
256
|
+
// Use the traditional private key signing
|
|
257
|
+
issuerAuth = await IssuerAuth_1.default.sign(protectedHeader, unprotectedHeader, payload, issuerPrivateKey);
|
|
258
|
+
}
|
|
240
259
|
const issuerSigned = {
|
|
241
260
|
issuerAuth,
|
|
242
261
|
nameSpaces: __classPrivateFieldGet(this, _Document_issuerNameSpaces, "f"),
|
|
@@ -246,4 +265,4 @@ class Document {
|
|
|
246
265
|
}
|
|
247
266
|
exports.Document = Document;
|
|
248
267
|
_Document_issuerNameSpaces = new WeakMap(), _Document_deviceKeyInfo = new WeakMap(), _Document_validityInfo = new WeakMap(), _Document_digestAlgorithm = new WeakMap();
|
|
249
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
268
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRG9jdW1lbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbWRvYy9tb2RlbC9Eb2N1bWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwyQ0FBNkI7QUFFN0IsdUNBQThGO0FBQzlGLG9DQUFtQztBQUNuQyxxQ0FBd0U7QUFDeEUsMERBQXVEO0FBQ3ZELDhEQUFzQztBQUV0QyxpRUFBOEQ7QUFFOUQsTUFBTSxVQUFVLEdBQUcsbUJBQW1CLENBQUM7QUFFdkMsTUFBTSxRQUFRLEdBQUcsQ0FBQyxJQUFVLEVBQUUsS0FBYSxFQUFRLEVBQUU7SUFDbkQsTUFBTSxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7SUFDbkMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsS0FBSyxDQUFDLENBQUM7SUFDMUMsT0FBTyxDQUFDLENBQUM7QUFDWCxDQUFDLENBQUM7QUFFRjs7OztHQUlHO0FBQ0gsTUFBYSxRQUFRO0lBV25CLFlBQVksTUFBZSx1QkFBdUI7UUFUbEQscUNBQXNDLEVBQUUsRUFBQztRQUN6QywwQ0FBOEI7UUFDOUIsaUNBQThCO1lBQzVCLE1BQU0sRUFBRSxJQUFJLElBQUksRUFBRTtZQUNsQixTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUU7WUFDckIsVUFBVSxFQUFFLFFBQVEsQ0FBQyxJQUFJLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQztTQUNwQyxFQUFDO1FBQ0Ysb0NBQW9DLFNBQVMsRUFBQztRQUc1QyxJQUFJLENBQUMsT0FBTyxHQUFHLEdBQUcsQ0FBQztJQUNyQixDQUFDO0lBRUQsNkRBQTZEO0lBQ3JELGNBQWMsQ0FBQyxNQUEyQjtRQUNoRCxPQUFPO1FBQ1AsZ0VBQWdFO0lBQ2xFLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxrQkFBa0IsQ0FBQyxTQUF1QyxFQUFFLE1BQTJCO1FBQ3JGLElBQUksU0FBUyxLQUFLLFVBQVUsRUFBRSxDQUFDO1lBQzdCLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUVELHVCQUFBLElBQUksa0NBQWtCLENBQUMsU0FBUyxDQUFDLEdBQUcsdUJBQUEsSUFBSSxrQ0FBa0IsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFNUUsTUFBTSxZQUFZLEdBQUcsQ0FBQyxHQUFXLEVBQUUsS0FBVSxFQUFFLEVBQUU7WUFDL0MsSUFBSSxZQUFZLEdBQUcsS0FBSyxDQUFDO1lBRXpCLElBQUksU0FBUyxLQUFLLFVBQVUsRUFBRSxDQUFDO2dCQUM3QixrRkFBa0Y7Z0JBQ2xGLElBQUksQ0FBQyxZQUFZLEVBQUUsWUFBWSxFQUFFLGFBQWEsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUUsQ0FBQztvQkFDM0YsWUFBWSxHQUFHLElBQUksZUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUNyQyxDQUFDO2dCQUVELElBQUksR0FBRyxLQUFLLG9CQUFvQixJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztvQkFDekQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRTt3QkFDckIsSUFBSSxPQUFPLENBQUMsQ0FBQyxVQUFVLEtBQUssUUFBUSxFQUFFLENBQUM7NEJBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsR0FBRyxJQUFJLGVBQVEsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUM7d0JBQUMsQ0FBQzt3QkFDbEcsSUFBSSxPQUFPLENBQUMsQ0FBQyxXQUFXLEtBQUssUUFBUSxFQUFFLENBQUM7NEJBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVcsR0FBRyxJQUFJLGVBQVEsQ0FBQyxDQUFDLENBQUMsV0FBVyxDQUFDLENBQUM7d0JBQUMsQ0FBQztvQkFDdkcsQ0FBQyxDQUFDLENBQUM7Z0JBQ0wsQ0FBQztZQUNILENBQUM7WUFFRCxNQUFNLFFBQVEsR0FBRyx1QkFBQSxJQUFJLGtDQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztZQUMxRCxNQUFNLGdCQUFnQixHQUFHLG1DQUFnQixDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDO1lBQzlFLHVCQUFBLElBQUksa0NBQWtCLENBQUMsU0FBUyxDQUFDLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDM0QsQ0FBQyxDQUFDO1FBRUYsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNsRCxZQUFZLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNCLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILGtCQUFrQixDQUFDLFNBQWlCO1FBQ2xDLE1BQU0sU0FBUyxHQUFHLHVCQUFBLElBQUksa0NBQWtCLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDcEQsT0FBTyxNQUFNLENBQUMsV0FBVyxDQUN2QixTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FDckUsQ0FBQztJQUNKLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxnQkFBZ0IsQ0FBQyxFQUFFLFNBQVMsRUFBd0M7UUFDbEUsTUFBTSxnQkFBZ0IsR0FDcEIsU0FBUyxZQUFZLFVBQVUsQ0FBQyxDQUFDO1lBQy9CLFNBQVMsQ0FBQyxDQUFDO1lBQ1gsSUFBQSx5QkFBYyxFQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sY0FBYyxHQUFHLElBQUEsaUJBQVUsRUFBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBRXBELHVCQUFBLElBQUksMkJBQWtCO1lBQ3BCLFNBQVMsRUFBRSxjQUFjO1NBQzFCLE1BQUEsQ0FBQztRQUVGLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNILGVBQWUsQ0FBQyxPQUE4QixFQUFFO1FBQzlDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN6QyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxJQUFJLE1BQU0sQ0FBQztRQUMzQyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxJQUFJLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUQsdUJBQUEsSUFBSSwwQkFBaUI7WUFDbkIsTUFBTTtZQUNOLFNBQVM7WUFDVCxVQUFVO1NBQ1gsTUFBQSxDQUFDO1FBRUYsSUFBSSxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7WUFDeEIsdUJBQUEsSUFBSSw4QkFBYyxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsY0FBYyxDQUFDO1FBQzFELENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsa0JBQWtCLENBQUMsZUFBZ0M7UUFDakQsdUJBQUEsSUFBSSw2QkFBb0IsZUFBZSxNQUFBLENBQUM7UUFDeEMsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBQ0gsS0FBSyxDQUFDLElBQUksQ0FBQyxNQU1WO1FBQ0MsSUFBSSxDQUFDLHVCQUFBLElBQUksa0NBQWtCLEVBQUUsQ0FBQztZQUM1QixNQUFNLElBQUksS0FBSyxDQUFDLHFCQUFxQixDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELDRFQUE0RTtRQUM1RSxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQy9DLE1BQU0sSUFBSSxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLElBQUksTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsaURBQWlELENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxzQkFBb0MsQ0FBQztRQUV6QyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUM1QyxzQkFBc0IsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLE9BQU8sSUFBSSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBQSxlQUFPLEVBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzNILENBQUM7YUFBTSxJQUFJLE9BQU8sTUFBTSxDQUFDLGlCQUFpQixLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ3hELHNCQUFzQixHQUFHLElBQUEsZUFBTyxFQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQzdELENBQUM7YUFBTSxDQUFDO1lBQ04sc0JBQXNCLEdBQUcsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUN0RCxDQUFDO1FBRUQsSUFBSSxtQkFBeUMsQ0FBQztRQUM5QyxJQUFJLGdCQUFxQyxDQUFDO1FBRTFDLElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDNUIsbUJBQW1CLEdBQUcsTUFBTSxDQUFDLGdCQUFnQixZQUFZLFVBQVUsQ0FBQyxDQUFDO2dCQUNuRSxJQUFBLHVCQUFZLEVBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQztnQkFDdkMsTUFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQzFCLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBWSxDQUFDO1FBQzFFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLEdBQUcsQ0FBQyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLGtDQUFrQixDQUFDLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFO1lBQ3JILE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxFQUFzQixDQUFDO1lBQ2hELE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLEVBQUU7Z0JBQ2hELE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyx1QkFBQSxJQUFJLGlDQUFpQixDQUFDLENBQUM7Z0JBQy9ELFNBQVMsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDN0MsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNKLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFzQyxDQUFDO1FBQ3JFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUVMLE1BQU0sR0FBRyxHQUFRO1lBQ2YsT0FBTyxFQUFFLEtBQUs7WUFDZCxlQUFlLEVBQUUsdUJBQUEsSUFBSSxpQ0FBaUI7WUFDdEMsWUFBWTtZQUNaLGFBQWEsRUFBRSx1QkFBQSxJQUFJLCtCQUFlO1lBQ2xDLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixZQUFZLEVBQUUsdUJBQUEsSUFBSSw4QkFBYztTQUNqQyxDQUFDO1FBRUYsTUFBTSxPQUFPLEdBQUcsSUFBQSxpQkFBVSxFQUFDLGVBQVEsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUNuRCxNQUFNLGVBQWUsR0FBcUIsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzlELE1BQU0saUJBQWlCLEdBQXVCO1lBQzVDLEdBQUcsRUFBRSxNQUFNLENBQUMsR0FBRyxJQUFJLG1CQUFtQixFQUFFLEdBQUc7WUFDM0MsT0FBTyxFQUFFLHNCQUFzQixDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxzQkFBc0I7U0FDbEcsQ0FBQztRQUVGLElBQUksVUFBc0IsQ0FBQztRQUUzQixJQUFJLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNsQiwwQkFBMEI7WUFDMUIsVUFBVSxHQUFHLE1BQU0sb0JBQVUsQ0FBQyxnQkFBZ0IsQ0FDNUMsZUFBZSxFQUNmLGlCQUFpQixFQUNqQixPQUFPLEVBQ1AsTUFBTSxDQUFDLE1BQU0sRUFDYixNQUFNLENBQUMsR0FBRyxDQUNYLENBQUM7UUFDSixDQUFDO2FBQU0sQ0FBQztZQUNOLDBDQUEwQztZQUMxQyxVQUFVLEdBQUcsTUFBTSxvQkFBVSxDQUFDLElBQUksQ0FDaEMsZUFBZSxFQUNmLGlCQUFpQixFQUNqQixPQUFPLEVBQ1AsZ0JBQWlCLENBQ2xCLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQUc7WUFDbkIsVUFBVTtZQUNWLFVBQVUsRUFBRSx1QkFBQSxJQUFJLGtDQUFrQjtTQUNuQyxDQUFDO1FBRUYsT0FBTyxJQUFJLDJDQUFvQixDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsWUFBWSxDQUFDLENBQUM7SUFDOUQsQ0FBQztDQUNGO0FBaFBELDRCQWdQQyJ9
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ProtectedHeaders, Sign1, UnprotectedHeaders } from 'cose-kit';
|
|
2
2
|
import { X509Certificate } from '@peculiar/x509';
|
|
3
3
|
import { KeyLike } from 'jose';
|
|
4
|
-
import { MSO } from './types';
|
|
4
|
+
import { MSO, CoseSign1SignerCallback, SupportedAlgs } from './types';
|
|
5
5
|
/**
|
|
6
6
|
* The IssuerAuth which is a COSE_Sign1 message
|
|
7
7
|
* as defined in https://www.iana.org/assignments/cose/cose.xhtml#messages
|
|
@@ -14,4 +14,9 @@ export default class IssuerAuth extends Sign1 {
|
|
|
14
14
|
get countryName(): string;
|
|
15
15
|
get stateOrProvince(): string;
|
|
16
16
|
static sign(protectedHeaders: ProtectedHeaders, unprotectedHeaders: UnprotectedHeaders | undefined, payload: Uint8Array, key: KeyLike | Uint8Array): Promise<IssuerAuth>;
|
|
17
|
+
/**
|
|
18
|
+
* Sign using a callback signer for COSE_Sign1
|
|
19
|
+
* This allows external signing (HSM, remote signing, etc.) without exposing private keys
|
|
20
|
+
*/
|
|
21
|
+
static signWithCallback(protectedHeaders: ProtectedHeaders, unprotectedHeaders: UnprotectedHeaders | undefined, payload: Uint8Array, signer: CoseSign1SignerCallback, algorithm: SupportedAlgs): Promise<IssuerAuth>;
|
|
17
22
|
}
|
|
@@ -44,8 +44,12 @@ class IssuerAuth extends cose_kit_1.Sign1 {
|
|
|
44
44
|
const result = {
|
|
45
45
|
...decoded,
|
|
46
46
|
validityInfo: mapValidityInfo(decoded.validityInfo),
|
|
47
|
-
validityDigests: decoded.validityDigests
|
|
48
|
-
|
|
47
|
+
validityDigests: decoded.validityDigests
|
|
48
|
+
? Object.fromEntries(decoded.validityDigests)
|
|
49
|
+
: decoded.validityDigests,
|
|
50
|
+
deviceKeyInfo: decoded.deviceKeyInfo
|
|
51
|
+
? Object.fromEntries(decoded.deviceKeyInfo)
|
|
52
|
+
: decoded.deviceKeyInfo,
|
|
49
53
|
};
|
|
50
54
|
__classPrivateFieldSet(this, _IssuerAuth_decodedPayload, result, "f");
|
|
51
55
|
return result;
|
|
@@ -66,7 +70,76 @@ class IssuerAuth extends cose_kit_1.Sign1 {
|
|
|
66
70
|
const sign1 = await cose_kit_1.Sign1.sign(protectedHeaders, unprotectedHeaders, payload, key);
|
|
67
71
|
return new IssuerAuth(sign1.protectedHeaders, sign1.unprotectedHeaders, sign1.payload, sign1.signature);
|
|
68
72
|
}
|
|
73
|
+
/**
|
|
74
|
+
* Sign using a callback signer for COSE_Sign1
|
|
75
|
+
* This allows external signing (HSM, remote signing, etc.) without exposing private keys
|
|
76
|
+
*/
|
|
77
|
+
static async signWithCallback(protectedHeaders, unprotectedHeaders, payload, signer, algorithm) {
|
|
78
|
+
// Create the protected headers map and encode it
|
|
79
|
+
const protectedHeadersMap = new Map(Object.entries(protectedHeaders).map(([key, value]) => {
|
|
80
|
+
const numericKey = typeof key === 'string' ? parseInt(key, 10) : key;
|
|
81
|
+
return [numericKey, value];
|
|
82
|
+
}));
|
|
83
|
+
// Manually encode protected headers according to COSE specification
|
|
84
|
+
// Protected headers must be a CBOR-encoded map
|
|
85
|
+
const encodedProtectedHeaders = (0, cbor_1.cborEncode)(protectedHeadersMap);
|
|
86
|
+
// Create the Sig_structure as per COSE_Sign1 specification using the private Signature1 method
|
|
87
|
+
// This creates the data to be signed according to RFC 8152
|
|
88
|
+
const sigStructure = cose_kit_1.Sign1.Signature1(encodedProtectedHeaders, new Uint8Array(), payload);
|
|
89
|
+
let signature;
|
|
90
|
+
// Determine signer type based on marker properties or parameter inspection
|
|
91
|
+
const signerFunc = signer;
|
|
92
|
+
if (signerFunc.isContextualSigner) {
|
|
93
|
+
// Explicitly marked as contextual signer
|
|
94
|
+
const context = {
|
|
95
|
+
data: sigStructure,
|
|
96
|
+
protectedHeaders,
|
|
97
|
+
unprotectedHeaders,
|
|
98
|
+
algorithm,
|
|
99
|
+
payload,
|
|
100
|
+
};
|
|
101
|
+
signature = await signer(context);
|
|
102
|
+
}
|
|
103
|
+
else if (signerFunc.isBasicSigner || signer.length === 1) {
|
|
104
|
+
// Explicitly marked as basic signer or has single parameter
|
|
105
|
+
signature = await signer(sigStructure);
|
|
106
|
+
}
|
|
107
|
+
else {
|
|
108
|
+
// Try contextual first, then fall back to basic
|
|
109
|
+
try {
|
|
110
|
+
const context = {
|
|
111
|
+
data: sigStructure,
|
|
112
|
+
protectedHeaders,
|
|
113
|
+
unprotectedHeaders,
|
|
114
|
+
algorithm,
|
|
115
|
+
payload,
|
|
116
|
+
};
|
|
117
|
+
signature = await signer(context);
|
|
118
|
+
}
|
|
119
|
+
catch (error) {
|
|
120
|
+
// If contextual signing failed, try basic signing
|
|
121
|
+
signature = await signer(sigStructure);
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
// Convert unprotected headers to Map if it's an object
|
|
125
|
+
let unprotectedHeadersMap;
|
|
126
|
+
if (unprotectedHeaders) {
|
|
127
|
+
if (unprotectedHeaders instanceof Map) {
|
|
128
|
+
unprotectedHeadersMap = unprotectedHeaders;
|
|
129
|
+
}
|
|
130
|
+
else {
|
|
131
|
+
unprotectedHeadersMap = new Map(Object.entries(unprotectedHeaders).map(([key, value]) => {
|
|
132
|
+
const numericKey = typeof key === 'string' ? parseInt(key, 10) : key;
|
|
133
|
+
return [numericKey, value];
|
|
134
|
+
}));
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
else {
|
|
138
|
+
unprotectedHeadersMap = new Map();
|
|
139
|
+
}
|
|
140
|
+
return new IssuerAuth(protectedHeadersMap, unprotectedHeadersMap, payload, signature);
|
|
141
|
+
}
|
|
69
142
|
}
|
|
70
143
|
_IssuerAuth_decodedPayload = new WeakMap(), _IssuerAuth_certificate = new WeakMap();
|
|
71
144
|
exports.default = IssuerAuth;
|
|
72
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
145
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiSXNzdWVyQXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9tZG9jL21vZGVsL0lzc3VlckF1dGgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBdUU7QUFDdkUseUNBQWlEO0FBRWpELHFDQUFvRDtBQUNwRCxrREFBK0M7QUFRL0M7OztHQUdHO0FBQ0gsTUFBcUIsVUFBVyxTQUFRLGdCQUFLO0lBSTNDLFlBQ0UsZUFBa0QsRUFDbEQsaUJBQXVDLEVBQ3ZDLE9BQW1CLEVBQ25CLFNBQXFCO1FBRXJCLEtBQUssQ0FBQyxlQUFlLEVBQUUsaUJBQWlCLEVBQUUsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBVGhFLDZDQUFxQjtRQUNyQiwwQ0FBOEI7SUFTOUIsQ0FBQztJQUVELElBQVcsY0FBYztRQUN2QixJQUFJLHVCQUFBLElBQUksa0NBQWdCLEVBQUUsQ0FBQztZQUN6QixPQUFPLHVCQUFBLElBQUksa0NBQWdCLENBQUM7UUFDOUIsQ0FBQztRQUNELElBQUksT0FBTyxHQUFHLElBQUEsaUJBQVUsRUFBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkMsT0FBTyxHQUFHLE9BQU8sWUFBWSxtQkFBUSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUM7UUFDL0QsT0FBTyxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEMsTUFBTSxlQUFlLEdBQUcsQ0FBQyxZQUFxQyxFQUFFLEVBQUU7WUFDaEUsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO2dCQUNsQixPQUFPLFlBQVksQ0FBQztZQUN0QixDQUFDO1lBQ0QsT0FBTyxNQUFNLENBQUMsV0FBVyxDQUN2QixDQUFDLEdBQUcsWUFBWSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRTtnQkFDL0MsT0FBTyxDQUFDLEdBQUcsRUFBRSxLQUFLLFlBQVksVUFBVSxDQUFDLENBQUMsQ0FBQyxJQUFBLGlCQUFVLEVBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3hFLENBQUMsQ0FBQyxDQUNILENBQUM7UUFDSixDQUFDLENBQUM7UUFDRixNQUFNLE1BQU0sR0FBUTtZQUNsQixHQUFHLE9BQU87WUFDVixZQUFZLEVBQUUsZUFBZSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUM7WUFDbkQsZUFBZSxFQUFFLE9BQU8sQ0FBQyxlQUFlO2dCQUN0QyxDQUFDLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDO2dCQUM3QyxDQUFDLENBQUMsT0FBTyxDQUFDLGVBQWU7WUFDM0IsYUFBYSxFQUFFLE9BQU8sQ0FBQyxhQUFhO2dCQUNsQyxDQUFDLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDO2dCQUMzQyxDQUFDLENBQUMsT0FBTyxDQUFDLGFBQWE7U0FDMUIsQ0FBQztRQUNGLHVCQUFBLElBQUksOEJBQW1CLE1BQU0sTUFBQSxDQUFDO1FBQzlCLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxJQUFXLFdBQVc7UUFDcEIsSUFBSSxPQUFPLHVCQUFBLElBQUksK0JBQWEsS0FBSyxXQUFXLElBQUksSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUNyRSx1QkFBQSxJQUFJLDJCQUFnQixJQUFJLHNCQUFlLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFBLENBQUM7UUFDM0QsQ0FBQztRQUNELE9BQU8sdUJBQUEsSUFBSSwrQkFBYSxDQUFDO0lBQzNCLENBQUM7SUFFRCxJQUFXLFdBQVc7UUFDcEIsT0FBTyxJQUFJLENBQUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVELElBQVcsZUFBZTtRQUN4QixPQUFPLElBQUksQ0FBQyxXQUFXLEVBQUUsVUFBVSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQ2YsZ0JBQWtDLEVBQ2xDLGtCQUFrRCxFQUNsRCxPQUFtQixFQUNuQixHQUF5QjtRQUV6QixNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFLLENBQUMsSUFBSSxDQUM1QixnQkFBZ0IsRUFDaEIsa0JBQWtCLEVBQ2xCLE9BQU8sRUFDUCxHQUFHLENBQ0osQ0FBQztRQUNGLE9BQU8sSUFBSSxVQUFVLENBQ25CLEtBQUssQ0FBQyxnQkFBZ0IsRUFDdEIsS0FBSyxDQUFDLGtCQUFrQixFQUN4QixLQUFLLENBQUMsT0FBTyxFQUNiLEtBQUssQ0FBQyxTQUFTLENBQ2hCLENBQUM7SUFDSixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FDM0IsZ0JBQWtDLEVBQ2xDLGtCQUFrRCxFQUNsRCxPQUFtQixFQUNuQixNQUErQixFQUMvQixTQUF3QjtRQUV4QixpREFBaUQ7UUFDakQsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLEdBQUcsQ0FDakMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDcEQsTUFBTSxVQUFVLEdBQUcsT0FBTyxHQUFHLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7WUFDckUsT0FBTyxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM3QixDQUFDLENBQUMsQ0FDSCxDQUFDO1FBRUYsb0VBQW9FO1FBQ3BFLCtDQUErQztRQUMvQyxNQUFNLHVCQUF1QixHQUFHLElBQUEsaUJBQVUsRUFBQyxtQkFBbUIsQ0FBQyxDQUFDO1FBRWhFLCtGQUErRjtRQUMvRiwyREFBMkQ7UUFDM0QsTUFBTSxZQUFZLEdBQUksZ0JBQWEsQ0FBQyxVQUFVLENBQzVDLHVCQUF1QixFQUN2QixJQUFJLFVBQVUsRUFBRSxFQUNoQixPQUFPLENBQ1IsQ0FBQztRQUVGLElBQUksU0FBcUIsQ0FBQztRQUUxQiwyRUFBMkU7UUFDM0UsTUFBTSxVQUFVLEdBQUcsTUFBYSxDQUFDO1FBQ2pDLElBQUksVUFBVSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDbEMseUNBQXlDO1lBQ3pDLE1BQU0sT0FBTyxHQUE0QjtnQkFDdkMsSUFBSSxFQUFFLFlBQVk7Z0JBQ2xCLGdCQUFnQjtnQkFDaEIsa0JBQWtCO2dCQUNsQixTQUFTO2dCQUNULE9BQU87YUFDUixDQUFDO1lBQ0YsU0FBUyxHQUFHLE1BQ1YsTUFDRCxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2IsQ0FBQzthQUFNLElBQUksVUFBVSxDQUFDLGFBQWEsSUFBSSxNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzNELDREQUE0RDtZQUM1RCxTQUFTLEdBQUcsTUFBTyxNQUFvRCxDQUNyRSxZQUFZLENBQ2IsQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sZ0RBQWdEO1lBQ2hELElBQUksQ0FBQztnQkFDSCxNQUFNLE9BQU8sR0FBNEI7b0JBQ3ZDLElBQUksRUFBRSxZQUFZO29CQUNsQixnQkFBZ0I7b0JBQ2hCLGtCQUFrQjtvQkFDbEIsU0FBUztvQkFDVCxPQUFPO2lCQUNSLENBQUM7Z0JBQ0YsU0FBUyxHQUFHLE1BQ1YsTUFDRCxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ2IsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2Ysa0RBQWtEO2dCQUNsRCxTQUFTLEdBQUcsTUFBTyxNQUFvRCxDQUNyRSxZQUFZLENBQ2IsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsdURBQXVEO1FBQ3ZELElBQUkscUJBQTJDLENBQUM7UUFDaEQsSUFBSSxrQkFBa0IsRUFBRSxDQUFDO1lBQ3ZCLElBQUksa0JBQWtCLFlBQVksR0FBRyxFQUFFLENBQUM7Z0JBQ3RDLHFCQUFxQixHQUFHLGtCQUFrQixDQUFDO1lBQzdDLENBQUM7aUJBQU0sQ0FBQztnQkFDTixxQkFBcUIsR0FBRyxJQUFJLEdBQUcsQ0FDN0IsTUFBTSxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7b0JBQ3RELE1BQU0sVUFBVSxHQUNaLE9BQU8sR0FBRyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDO29CQUN0RCxPQUFPLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO2dCQUM3QixDQUFDLENBQUMsQ0FDSCxDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7YUFBTSxDQUFDO1lBQ04scUJBQXFCLEdBQUcsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUNwQyxDQUFDO1FBRUQsT0FBTyxJQUFJLFVBQVUsQ0FDbkIsbUJBQW1CLEVBQ25CLHFCQUFxQixFQUNyQixPQUFPLEVBQ1AsU0FBUyxDQUNWLENBQUM7SUFDSixDQUFDO0NBQ0Y7O2tCQWpMb0IsVUFBVSJ9
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { Mac0, Sign1 } from 'cose-kit';
|
|
1
|
+
import { Mac0, Sign1, ProtectedHeaders, UnprotectedHeaders } from 'cose-kit';
|
|
2
2
|
import { JWK } from 'jose';
|
|
3
3
|
import IssuerAuth from './IssuerAuth';
|
|
4
4
|
import { IssuerSignedDataItem, IssuerSignedItem } from '../IssuerSignedItem';
|
|
@@ -20,11 +20,11 @@ export type IssuerSigned = {
|
|
|
20
20
|
issuerAuth: IssuerAuth;
|
|
21
21
|
nameSpaces: IssuerNameSpaces;
|
|
22
22
|
};
|
|
23
|
-
export type DeviceAuth = {
|
|
23
|
+
export type DeviceAuth = ({
|
|
24
24
|
deviceMac: Mac0;
|
|
25
25
|
} & {
|
|
26
26
|
deviceSignature?: never;
|
|
27
|
-
} | ({
|
|
27
|
+
}) | ({
|
|
28
28
|
deviceMac?: never;
|
|
29
29
|
} & {
|
|
30
30
|
deviceSignature: Sign1;
|
|
@@ -107,4 +107,20 @@ export type MSO = {
|
|
|
107
107
|
export type DocType = 'org.iso.18013.5.1.mDL' | string;
|
|
108
108
|
export type SupportedAlgs = 'ES256' | 'ES384' | 'ES512' | 'EdDSA';
|
|
109
109
|
export type MacSupportedAlgs = 'HS256';
|
|
110
|
+
export interface CoseSign1SigningContext {
|
|
111
|
+
data: Uint8Array;
|
|
112
|
+
protectedHeaders: ProtectedHeaders;
|
|
113
|
+
unprotectedHeaders?: UnprotectedHeaders;
|
|
114
|
+
algorithm: SupportedAlgs;
|
|
115
|
+
payload: Uint8Array;
|
|
116
|
+
}
|
|
117
|
+
export interface CoseSign1Signer {
|
|
118
|
+
(data: Uint8Array): Promise<Uint8Array>;
|
|
119
|
+
isBasicSigner?: true;
|
|
120
|
+
}
|
|
121
|
+
export interface CoseSign1ContextualSigner {
|
|
122
|
+
(context: CoseSign1SigningContext): Promise<Uint8Array>;
|
|
123
|
+
isContextualSigner?: true;
|
|
124
|
+
}
|
|
125
|
+
export type CoseSign1SignerCallback = CoseSign1Signer | CoseSign1ContextualSigner;
|
|
110
126
|
export {};
|