Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

did-jwt

Package Overview
Dependencies
Maintainers
6
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

did-jwt - npm Package Compare versions

Comparing version 0.2.0-alpha4 to 0.2.0-alpha5

2

lib/index.esm.js

@@ -1,2 +0,2 @@

import{sha256 as r}from"js-sha256";import{keccak_256 as e}from"js-sha3";import{ec as t}from"elliptic";import n from"tweetnacl";import o from"tweetnacl-util";import{Buffer as i}from"buffer";import a from"base64url";import u from"did-resolver";function c(e){return i.from(r.arrayBuffer(e))}function s(r){return"0x"+(t=i.from(r.slice(2),"hex"),i.from(e.buffer(t))).slice(-20).toString("hex");var t}var f=new t("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}var h=new t("secp256k1");function l(r,e){void 0===e&&(e=!1);var t=a.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var m={ES256K:function(r,e,t){var n=c(r),o=l(e);return t.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)})},"ES256K-R":function(r,e,t){var n=l(e,!0),o=c(r),i=h.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),f=s(a);return t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===f})},Ed25519:function(r,e,t){var i=o.decodeUTF8(r),u=o.decodeBase64(a.toBase64(e));return t.find(function(r){return n.sign.detached.verify(i,u,o.decodeBase64(r.publicKeyBase64))})}};function v(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function p(r){function e(e){var t=e.r,n=e.s,o=e.recoveryParam,u=i.alloc(r?65:64);if(i.from(t,"hex").copy(u,0),i.from(n,"hex").copy(u,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return a.encode(u)}return void 0===r&&(r=!1),function(r,t){try{return Promise.resolve(t(r)).then(e)}catch(r){return Promise.reject(r)}}}v.toSignatureObject=l;var w={ES256K:p(),"ES256K-R":p(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r))}catch(r){return Promise.reject(r)}}};var g={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},y={typ:"JWT"},E="ES256K";function b(r){return a.encode(JSON.stringify(r))}var S=300;function P(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(r){if(r.match(/^did:/))return r;if(P(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function K(r){if(!r)throw new Error("Missing JWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(a.decode(e[1])),payload:JSON.parse(a.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(r){var e=f.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},NaclSigner:function(r){var e=o.decodeBase64(r);return function(r){try{return Promise.resolve(a.encode(n.sign.detached(o.decodeUTF8(r),e)))}catch(r){return Promise.reject(r)}}},verifyJWT:function(r,e){void 0===e&&(e={});try{var t=e.audience?x(e.audience):void 0,n=K(r),o=n.payload,i=n.header,a=n.signature,c=n.data;return Promise.resolve(function(r,e,t){try{var n=g[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=x(e);return Promise.resolve(u(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var u,s=n.doc,f=n.authenticators,d=n.issuer,h=v(i.alg)(c,a,f),l=Math.floor(Date.now()/1e3);if(h){if(o.iat&&o.iat>l+S)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+l);if(o.exp&&o.exp<=l-S)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+l);if(o.aud)if((u=o.aud)&&(u.match(/^did:/)||P(u))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:s,issuer:d,signer:h,jwt:r}}throw new Error("Signature invalid for JWT")})}catch(r){return Promise.reject(r)}},createJWT:function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},y,{alg:o||E}),u={iat:Math.floor(Date.now()/1e3)};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[b(a),b(Object.assign({},u,r,{iss:x(t)}))].join("."),s=function(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(s(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},decodeJWT:K,toEthereumAddress:s};
import{sha256 as r}from"js-sha256";import{keccak_256 as e}from"js-sha3";import{EC as t}from"elliptic-lite";import n from"tweetnacl";import o from"tweetnacl-util";import{Buffer as i}from"buffer";import a from"base64url";import u from"did-resolver";function c(e){return i.from(r.arrayBuffer(e))}function f(r){return"0x"+(t=i.from(r.slice(2),"hex"),i.from(e.buffer(t))).slice(-20).toString("hex");var t}var s=new t;function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}var h=new t;function l(r,e){void 0===e&&(e=!1);var t=a.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var m={ES256K:function(r,e,t){var n=c(r),o=l(e);return t.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)})},"ES256K-R":function(r,e,t){var n=l(e,!0),o=c(r),i=h.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a);return t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===s})},Ed25519:function(r,e,t){var i=o.decodeUTF8(r),u=o.decodeBase64(a.toBase64(e));return t.find(function(r){return n.sign.detached.verify(i,u,o.decodeBase64(r.publicKeyBase64))})}};function v(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function p(r){function e(e){var t=e.r,n=e.s,o=e.recoveryParam,u=i.alloc(r?65:64);if(i.from(t,"hex").copy(u,0),i.from(n,"hex").copy(u,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return a.encode(u)}return void 0===r&&(r=!1),function(r,t){try{return Promise.resolve(t(r)).then(e)}catch(r){return Promise.reject(r)}}}v.toSignatureObject=l;var w={ES256K:p(),"ES256K-R":p(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r))}catch(r){return Promise.reject(r)}}},g={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},y={typ:"JWT"};function E(r){return a.encode(JSON.stringify(r))}function b(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function S(r){if(r.match(/^did:/))return r;if(b(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function P(r){if(!r)throw new Error("Missing JWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(a.decode(e[1])),payload:JSON.parse(a.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(r){var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},NaclSigner:function(r){var e=o.decodeBase64(r);return function(r){try{return Promise.resolve(a.encode(n.sign.detached(o.decodeUTF8(r),e)))}catch(r){return Promise.reject(r)}}},verifyJWT:function(r,e){void 0===e&&(e={});try{var t=e.audience?S(e.audience):void 0,n=P(r),o=n.payload,i=n.header,a=n.signature,c=n.data;return Promise.resolve(function(r,e,t){try{var n=g[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=S(e);return Promise.resolve(u(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var u,f=n.doc,s=n.authenticators,d=n.issuer,h=v(i.alg)(c,a,s),l=Math.floor(Date.now()/1e3);if(h){if(o.iat&&o.iat>l+300)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+l);if(o.exp&&o.exp<=l-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+l);if(o.aud)if((u=o.aud)&&(u.match(/^did:/)||b(u))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==S(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:h,jwt:r}}throw new Error("Signature invalid for JWT")})}catch(r){return Promise.reject(r)}},createJWT:function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},y,{alg:o||"ES256K"}),u={iat:Math.floor(Date.now()/1e3)};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[E(a),E(Object.assign({},u,r,{iss:S(t)}))].join("."),f=function(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},decodeJWT:P,toEthereumAddress:f};
//# sourceMappingURL=index.esm.js.map

2

lib/index.js

@@ -1,2 +0,2 @@

function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic"),o=r(require("tweetnacl")),i=r(require("tweetnacl-util")),a=require("buffer"),u=r(require("base64url")),c=r(require("did-resolver"));function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.buffer(e))).slice(-20).toString("hex");var e}var d=new n.ec("secp256k1");function h(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}var l=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var w={ES256K:function(r,e,t){var n=f(r),o=v(e);return t.find(function(r){return l.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)})},"ES256K-R":function(r,e,t){var n=v(e,!0),o=f(r),i=l.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),c=s(a);return t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c})},Ed25519:function(r,e,t){var n=i.decodeUTF8(r),a=i.decodeBase64(u.toBase64(e));return t.find(function(r){return o.sign.detached.verify(n,a,i.decodeBase64(r.publicKeyBase64))})}};function p(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function y(r){function e(e){var t=e.r,n=e.s,o=e.recoveryParam,i=a.Buffer.alloc(r?65:64);if(a.Buffer.from(t,"hex").copy(i,0),a.Buffer.from(n,"hex").copy(i,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");i[64]=o}return u.encode(i)}return void 0===r&&(r=!1),function(r,t){try{return Promise.resolve(t(r)).then(e)}catch(r){return Promise.reject(r)}}}p.toSignatureObject=v;var g={ES256K:y(),"ES256K-R":y(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r))}catch(r){return Promise.reject(r)}}};var m={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},E={typ:"JWT"},b="ES256K";function S(r){return u.encode(JSON.stringify(r))}var P=300;function x(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function k(r){if(r.match(/^did:/))return r;if(x(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function K(r){if(!r)throw new Error("Missing JWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(r){var e=d.keyFromPrivate(r);return function(r){try{var t=e.sign(f(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:h(t.r.toString("hex")),s:h(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},NaclSigner:function(r){var e=i.decodeBase64(r);return function(r){try{return Promise.resolve(u.encode(o.sign.detached(i.decodeUTF8(r),e)))}catch(r){return Promise.reject(r)}}},verifyJWT:function(r,e){void 0===e&&(e={});try{var t=e.audience?k(e.audience):void 0,n=K(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t){try{var n=m[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=k(e);return Promise.resolve(c(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,h=p(i.alg)(u,a,s),l=Math.floor(Date.now()/1e3);if(h){if(o.iat&&o.iat>l+P)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+l);if(o.exp&&o.exp<=l-P)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+l);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||x(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==k(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:h,jwt:r}}throw new Error("Signature invalid for JWT")})}catch(r){return Promise.reject(r)}},createJWT:function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},E,{alg:o||b}),u={iat:Math.floor(Date.now()/1e3)};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[S(a),S(Object.assign({},u,r,{iss:k(t)}))].join("."),f=function(r){var e=g[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},decodeJWT:K,toEthereumAddress:s};
function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic-lite"),o=r(require("tweetnacl")),i=r(require("tweetnacl-util")),a=require("buffer"),u=r(require("base64url")),c=r(require("did-resolver"));function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.buffer(e))).slice(-20).toString("hex");var e}var d=new n.EC;function h(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}var l=new n.EC;function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var w={ES256K:function(r,e,t){var n=f(r),o=v(e);return t.find(function(r){return l.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)})},"ES256K-R":function(r,e,t){var n=v(e,!0),o=f(r),i=l.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),c=s(a);return t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c})},Ed25519:function(r,e,t){var n=i.decodeUTF8(r),a=i.decodeBase64(u.toBase64(e));return t.find(function(r){return o.sign.detached.verify(n,a,i.decodeBase64(r.publicKeyBase64))})}};function y(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function g(r){function e(e){var t=e.r,n=e.s,o=e.recoveryParam,i=a.Buffer.alloc(r?65:64);if(a.Buffer.from(t,"hex").copy(i,0),a.Buffer.from(n,"hex").copy(i,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");i[64]=o}return u.encode(i)}return void 0===r&&(r=!1),function(r,t){try{return Promise.resolve(t(r)).then(e)}catch(r){return Promise.reject(r)}}}y.toSignatureObject=v;var m={ES256K:g(),"ES256K-R":g(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r))}catch(r){return Promise.reject(r)}}},p={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},E={typ:"JWT"};function b(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function P(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function x(r){if(!r)throw new Error("Missing JWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(r){var e=d.keyFromPrivate(r);return function(r){try{var t=e.sign(f(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:h(t.r.toString("hex")),s:h(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},NaclSigner:function(r){var e=i.decodeBase64(r);return function(r){try{return Promise.resolve(u.encode(o.sign.detached(i.decodeUTF8(r),e)))}catch(r){return Promise.reject(r)}}},verifyJWT:function(r,e){void 0===e&&(e={});try{var t=e.audience?P(e.audience):void 0,n=x(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t){try{var n=p[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=P(e);return Promise.resolve(c(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,h=y(i.alg)(u,a,s),l=Math.floor(Date.now()/1e3);if(h){if(o.iat&&o.iat>l+300)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+l);if(o.exp&&o.exp<=l-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+l);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==P(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:h,jwt:r}}throw new Error("Signature invalid for JWT")})}catch(r){return Promise.reject(r)}},createJWT:function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},E,{alg:o||"ES256K"}),u={iat:Math.floor(Date.now()/1e3)};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[b(a),b(Object.assign({},u,r,{iss:P(t)}))].join("."),f=function(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},decodeJWT:x,toEthereumAddress:s};
//# sourceMappingURL=index.js.map

2

lib/index.umd.js

@@ -1,2 +0,2 @@

!function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("tweetnacl-util"),require("buffer"),require("base64url"),require("did-resolver")):"function"==typeof define&&define.amd?define(["js-sha256","js-sha3","elliptic","tweetnacl","tweetnacl-util","buffer","base64url","did-resolver"],r):r(e.jsSha256,e.jsSha3,e.elliptic,e.tweetnacl,e.naclutil,e.buffer,e.base64url,e.resolve)}(this,function(e,r,t,n,o,i,a,u){function c(r){return i.Buffer.from(e.sha256.arrayBuffer(r))}function f(e){return"0x"+(t=i.Buffer.from(e.slice(2),"hex"),i.Buffer.from(r.keccak_256.buffer(t))).slice(-20).toString("hex");var t}n=n&&n.hasOwnProperty("default")?n.default:n,o=o&&o.hasOwnProperty("default")?o.default:o,a=a&&a.hasOwnProperty("default")?a.default:a,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new t.ec("secp256k1");function d(e,r){return void 0===r&&(r=64),e.length===r?e:"0".repeat(r-e.length)+e}var l=new t.ec("secp256k1");function h(e,r){void 0===r&&(r=!1);var t=a.toBuffer(e);if(t.length!==(r?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return r&&(n.recoveryParam=t[64]),n}var v={ES256K:function(e,r,t){var n=c(e),o=h(r);return t.find(function(e){return l.keyFromPublic(e.publicKeyHex,"hex").verify(n,o)})},"ES256K-R":function(e,r,t){var n=h(r,!0),o=c(e),i=l.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a);return t.find(function(e){var r=e.publicKeyHex;return r===a||r===u||e.ethereumAddress===s})},Ed25519:function(e,r,t){var i=o.decodeUTF8(e),u=o.decodeBase64(a.toBase64(r));return t.find(function(e){return n.sign.detached.verify(i,u,o.decodeBase64(e.publicKeyBase64))})}};function w(e){var r=v[e];if(!r)throw new Error("Unsupported algorithm "+e);return r}function p(e){function r(r){var t=r.r,n=r.s,o=r.recoveryParam,u=i.Buffer.alloc(e?65:64);if(i.Buffer.from(t,"hex").copy(u,0),i.Buffer.from(n,"hex").copy(u,32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return a.encode(u)}return void 0===e&&(e=!1),function(e,t){try{return Promise.resolve(t(e)).then(r)}catch(e){return Promise.reject(e)}}}w.toSignatureObject=h;var y={ES256K:p(),"ES256K-R":p(!0),Ed25519:function(e,r){try{return Promise.resolve(r(e))}catch(e){return Promise.reject(e)}}};var m={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},g={typ:"JWT"},b="ES256K";function E(e){return a.encode(JSON.stringify(e))}var S=300;function P(e){return e.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(e){if(e.match(/^did:/))return e;if(P(e))return"did:uport:"+e;throw new Error("Not a valid DID '"+e+"'")}function j(e){if(!e)throw new Error("Missing JWT");var r=e.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(r)return{header:JSON.parse(a.decode(r[1])),payload:JSON.parse(a.decode(r[2])),signature:r[3],data:r[1]+"."+r[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(e){var r=s.keyFromPrivate(e);return function(e){try{var t=r.sign(c(e)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(e){return Promise.reject(e)}}},NaclSigner:function(e){var r=o.decodeBase64(e);return function(e){try{return Promise.resolve(a.encode(n.sign.detached(o.decodeUTF8(e),r)))}catch(e){return Promise.reject(e)}}},verifyJWT:function(e,r){void 0===r&&(r={});try{var t=r.audience?x(r.audience):void 0,n=j(e),o=n.payload,i=n.header,a=n.signature,c=n.data;return Promise.resolve(function(e,r,t){try{var n=m[e];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+e);var o=x(r);return Promise.resolve(u(o)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+o);var i=!t||(r.authentication||[]).map(function(e){return e.publicKey}),a=(r.publicKey||[]).filter(function(e){var r=e.type,o=e.id;return n.find(function(e){return e===r&&(!t||i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+e);return{authenticators:a,issuer:o,doc:r}})}catch(e){return Promise.reject(e)}}(i.alg,o.iss,r.auth)).then(function(n){var u,f=n.doc,s=n.authenticators,d=n.issuer,l=w(i.alg)(c,a,s),h=Math.floor(Date.now()/1e3);if(l){if(o.iat&&o.iat>h+S)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+h);if(o.exp&&o.exp<=h-S)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((u=o.aud)&&(u.match(/^did:/)||P(u))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!r.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==r.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+r.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:e}}throw new Error("Signature invalid for JWT")})}catch(e){return Promise.reject(e)}},createJWT:function(e,r){var t=r.issuer,n=r.signer,o=r.alg,i=r.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},g,{alg:o||b}),u={iat:Math.floor(Date.now()/1e3)};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[E(a),E(Object.assign({},u,e,{iss:x(t)}))].join("."),f=function(e){var r=y[e];if(!r)throw new Error("Unsupported algorithm "+e);return r}(a.alg);return Promise.resolve(f(c,n)).then(function(e){return[c,e].join(".")})}catch(e){return Promise.reject(e)}},decodeJWT:j,toEthereumAddress:f}});
!function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(require("js-sha256"),require("js-sha3"),require("elliptic-lite"),require("tweetnacl"),require("tweetnacl-util"),require("buffer"),require("base64url"),require("did-resolver")):"function"==typeof define&&define.amd?define(["js-sha256","js-sha3","elliptic-lite","tweetnacl","tweetnacl-util","buffer","base64url","did-resolver"],r):r(e.jsSha256,e.jsSha3,e.ellipticLite,e.tweetnacl,e.naclutil,e.buffer,e.base64url,e.resolve)}(this,function(e,r,t,n,i,o,a,u){function c(r){return o.Buffer.from(e.sha256.arrayBuffer(r))}function f(e){return"0x"+(t=o.Buffer.from(e.slice(2),"hex"),o.Buffer.from(r.keccak_256.buffer(t))).slice(-20).toString("hex");var t}n=n&&n.hasOwnProperty("default")?n.default:n,i=i&&i.hasOwnProperty("default")?i.default:i,a=a&&a.hasOwnProperty("default")?a.default:a,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new t.EC;function d(e,r){return void 0===r&&(r=64),e.length===r?e:"0".repeat(r-e.length)+e}var l=new t.EC;function h(e,r){void 0===r&&(r=!1);var t=a.toBuffer(e);if(t.length!==(r?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return r&&(n.recoveryParam=t[64]),n}var v={ES256K:function(e,r,t){var n=c(e),i=h(r);return t.find(function(e){return l.keyFromPublic(e.publicKeyHex,"hex").verify(n,i)})},"ES256K-R":function(e,r,t){var n=h(r,!0),i=c(e),o=l.recoverPubKey(i,n,n.recoveryParam),a=o.encode("hex"),u=o.encode("hex",!0),s=f(a);return t.find(function(e){var r=e.publicKeyHex;return r===a||r===u||e.ethereumAddress===s})},Ed25519:function(e,r,t){var o=i.decodeUTF8(e),u=i.decodeBase64(a.toBase64(r));return t.find(function(e){return n.sign.detached.verify(o,u,i.decodeBase64(e.publicKeyBase64))})}};function w(e){var r=v[e];if(!r)throw new Error("Unsupported algorithm "+e);return r}function p(e){function r(r){var t=r.r,n=r.s,i=r.recoveryParam,u=o.Buffer.alloc(e?65:64);if(o.Buffer.from(t,"hex").copy(u,0),o.Buffer.from(n,"hex").copy(u,32),e){if(void 0===i)throw new Error("Signer did not return a recoveryParam");u[64]=i}return a.encode(u)}return void 0===e&&(e=!1),function(e,t){try{return Promise.resolve(t(e)).then(r)}catch(e){return Promise.reject(e)}}}w.toSignatureObject=h;var y={ES256K:p(),"ES256K-R":p(!0),Ed25519:function(e,r){try{return Promise.resolve(r(e))}catch(e){return Promise.reject(e)}}},m={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},g={typ:"JWT"};function E(e){return a.encode(JSON.stringify(e))}function b(e){return e.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function S(e){if(e.match(/^did:/))return e;if(b(e))return"did:uport:"+e;throw new Error("Not a valid DID '"+e+"'")}function P(e){if(!e)throw new Error("Missing JWT");var r=e.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(r)return{header:JSON.parse(a.decode(r[1])),payload:JSON.parse(a.decode(r[2])),signature:r[3],data:r[1]+"."+r[2]};throw new Error("Incorrect format JWT")}module.exports={SimpleSigner:function(e){var r=s.keyFromPrivate(e);return function(e){try{var t=r.sign(c(e)),n=t.s,i=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:i})}catch(e){return Promise.reject(e)}}},NaclSigner:function(e){var r=i.decodeBase64(e);return function(e){try{return Promise.resolve(a.encode(n.sign.detached(i.decodeUTF8(e),r)))}catch(e){return Promise.reject(e)}}},verifyJWT:function(e,r){void 0===r&&(r={});try{var t=r.audience?S(r.audience):void 0,n=P(e),i=n.payload,o=n.header,a=n.signature,c=n.data;return Promise.resolve(function(e,r,t){try{var n=m[e];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+e);var i=S(r);return Promise.resolve(u(i)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+i);var o=!t||(r.authentication||[]).map(function(e){return e.publicKey}),a=(r.publicKey||[]).filter(function(e){var r=e.type,i=e.id;return n.find(function(e){return e===r&&(!t||o.indexOf(i)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+e);return{authenticators:a,issuer:i,doc:r}})}catch(e){return Promise.reject(e)}}(o.alg,i.iss,r.auth)).then(function(n){var u,f=n.doc,s=n.authenticators,d=n.issuer,l=w(o.alg)(c,a,s),h=Math.floor(Date.now()/1e3);if(l){if(i.iat&&i.iat>h+300)throw new Error("JWT not valid yet (issued in the future): iat: "+i.iat+" > now: "+h);if(i.exp&&i.exp<=h-300)throw new Error("JWT has expired: exp: "+i.exp+" < now: "+h);if(i.aud)if((u=i.aud)&&(u.match(/^did:/)||b(u))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==S(i.aud))throw new Error("JWT audience does not match your DID: aud: "+i.aud+" !== yours: "+t)}else{if(!r.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(i.aud!==r.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+i.aud+" !== url: "+r.callbackUrl)}return{payload:i,doc:f,issuer:d,signer:l,jwt:e}}throw new Error("Signature invalid for JWT")})}catch(e){return Promise.reject(e)}},createJWT:function(e,r){var t=r.issuer,n=r.signer,i=r.alg,o=r.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a=Object.assign({},g,{alg:i||"ES256K"}),u={iat:Math.floor(Date.now()/1e3)};if(o){if("number"!=typeof o)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(o)}var c=[E(a),E(Object.assign({},u,e,{iss:S(t)}))].join("."),f=function(e){var r=y[e];if(!r)throw new Error("Unsupported algorithm "+e);return r}(a.alg);return Promise.resolve(f(c,n)).then(function(e){return[c,e].join(".")})}catch(e){return Promise.reject(e)}},decodeJWT:P,toEthereumAddress:f}});
//# sourceMappingURL=index.umd.js.map

10

package.json
{
"name": "did-jwt",
"version": "0.2.0-alpha4",
"version": "0.2.0-alpha5",
"description": "Library for Signing and Verifying JWTs compatible uPort and DID standards",

@@ -28,3 +28,5 @@ "main": "lib/index.js",

"collectCoverage": true,
"collectCoverageFrom": ["src/**/*.js"],
"collectCoverageFrom": [
"src/**/*.js"
],
"testEnvironment": "node",

@@ -51,3 +53,3 @@ "unmockedModulePathPatterns": [

"jsontokens": "^1.0.0",
"microbundle": "^0.9.0",
"microbundle": "^0.10.1",
"mockdate": "^2.0.2",

@@ -65,3 +67,3 @@ "nacl-did": "^0.4.0",

"did-resolver": "0.0.6",
"elliptic": "^6.4.0",
"elliptic-lite": "^1.0.0-alpha-experimental-1",
"js-sha256": "^0.9.0",

@@ -68,0 +70,0 @@ "js-sha3": "^0.8.0",

4

src/__tests__/SignerAlgorithm-test.js

@@ -6,3 +6,3 @@ import SignerAlgorithm from '../SignerAlgorithm'

import base64url from 'base64url'
import { ec as EC } from 'elliptic'
import { EC } from 'elliptic-lite'
import nacl from 'tweetnacl'

@@ -12,3 +12,3 @@ import naclutil from 'tweetnacl-util'

import { sha256 } from '../Digest'
const secp256k1 = new EC('secp256k1')
const secp256k1 = new EC()
const privateKey = '278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a241154cc1d25383f'

@@ -15,0 +15,0 @@ const ed25519PrivateKey = 'nlXR4aofRVuLqtn9+XVQNlX4s1nVQvp+TOhBBtYls1IG+sHyIkDP/WN+rWZHGIQp+v2pyct+rkM4asF/YRFQdQ=='

4

src/__tests__/VerifierAlgorithm-test.js

@@ -8,5 +8,5 @@ import VerifierAlgorithm from '../VerifierAlgorithm'

import naclutil from 'tweetnacl-util'
import { ec as EC } from 'elliptic'
import { EC } from 'elliptic-lite'
const secp256k1 = new EC('secp256k1')
const secp256k1 = new EC()

@@ -13,0 +13,0 @@ describe('VerifierAlgorithm', () => {

4

src/SimpleSigner.js

@@ -1,5 +0,5 @@

import { ec as EC } from 'elliptic'
import { EC } from 'elliptic-lite'
import { sha256 } from './Digest'
const secp256k1 = new EC('secp256k1')
const secp256k1 = new EC()

@@ -6,0 +6,0 @@ function leftpad (data, size = 64) {

4

src/VerifierAlgorithm.js

@@ -1,2 +0,2 @@

import { ec as EC } from 'elliptic'
import { EC } from 'elliptic-lite'
import { sha256, toEthereumAddress } from './Digest'

@@ -7,3 +7,3 @@ import base64url from 'base64url'

const secp256k1 = new EC('secp256k1')
const secp256k1 = new EC()

@@ -10,0 +10,0 @@ // converts a JOSE signature to it's components

lib/index.esm.js.map

Sorry, the diff of this file is not supported yet

lib/index.js.map

Sorry, the diff of this file is not supported yet

lib/index.umd.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc