Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

did-jwt

Package Overview
Dependencies
Maintainers
9
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

did-jwt - npm Package Compare versions

Comparing version 4.3.3 to 4.3.4

7

CHANGELOG.md

@@ -0,1 +1,8 @@

## [4.3.4](https://github.com/decentralized-identity/did-jwt/compare/4.3.3...4.3.4) (2020-06-08)
### Bug Fixes
* avoid decoding jws twice in verification ([#95](https://github.com/decentralized-identity/did-jwt/issues/95)) ([bc95cb1](https://github.com/decentralized-identity/did-jwt/commit/bc95cb11c554f4e4022c1d1cabaa7383edcac845))
## [4.3.3](https://github.com/decentralized-identity/did-jwt/compare/4.3.2...4.3.3) (2020-05-29)

@@ -2,0 +9,0 @@

2

lib/index.js

@@ -1,2 +0,2 @@

function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url"));function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function p(r,e,t){var n;if(e.length>86)n=[v(e,!0)];else{var o=v(e,!1);n=[Object.assign({},o,{recoveryParam:0}),Object.assign({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=h.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var y={ES256K:function(r,e,t){var n=c(r),o=v(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return h.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=p(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":p,Ed25519:function(r,e,t){var n=i.encode(r),a=d(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function g(r){var e=y[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function w(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(w(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}g.toSignatureObject=v;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(w(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=S);var n=[P(t),P(r)].join("."),o=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(o(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},x={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},S="ES256K";function P(r){return u.encode(JSON.stringify(r))}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function J(r,e){Array.isArray(e)||(e=[e]);var t=j(r),n=t.data,o=t.signature;return g(t.header.alg)(n,o,e)}exports.SimpleSigner=function(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=d(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=j(r),n=t.payload;return Promise.resolve(function(r,e,t,n){try{var o=x[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,t.header.alg,n.iss,e.auth)).then(function(t){var o=t.doc,i=t.issuer;return Promise.resolve(J(r,t.authenticators)).then(function(t){var a=Math.floor(Date.now()/1e3);if(t){var u=a+300;if(n.nbf){if(n.nbf>u)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>u)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=a-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+a);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:o,issuer:i,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=Object.assign({},u,r,{iss:n});return Promise.resolve(E(c,o,t))}catch(r){return Promise.reject(r)}},exports.decodeJWT=j,exports.verifyJWS=J,exports.createJWS=E,exports.toEthereumAddress=f;
function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url"));function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function g(r,e,t){var n;if(e.length>86)n=[v(e,!0)];else{var o=v(e,!1);n=[Object.assign({},o,{recoveryParam:0}),Object.assign({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=h.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var p={ES256K:function(r,e,t){var n=c(r),o=v(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return h.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=g(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":g,Ed25519:function(r,e,t){var n=i.encode(r),a=d(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function y(r){var e=p[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function w(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(w(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}y.toSignatureObject=v;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(w(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=S);var n=[P(t),P(r)].join("."),o=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(o(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},x={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},S="ES256K";function P(r){return u.encode(JSON.stringify(r))}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function J(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),y(t.alg)(n,o,e)}exports.SimpleSigner=function(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=d(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=j(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=x[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(J({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+300;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=Object.assign({},u,r,{iss:n});return Promise.resolve(E(c,o,t))}catch(r){return Promise.reject(r)}},exports.decodeJWT=j,exports.verifyJWS=function(r,e){return J(j(r),e)},exports.createJWS=E,exports.toEthereumAddress=f;
//# sourceMappingURL=index.js.map

2

lib/index.umd.js

@@ -1,2 +0,2 @@

!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url)}(this,function(r,e,t,n,i,o,a,u){function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}i=i&&i.hasOwnProperty("default")?i.default:i,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function y(r,e,t){var n;if(e.length>86)n=[v(e,!0)];else{var i=v(e,!1);n=[Object.assign({},i,{recoveryParam:0}),Object.assign({},i,{recoveryParam:1})]}var o=n.map(function(e){var n=c(r),i=h.recoverPubKey(n,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=f(o);return t.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}var p={ES256K:function(r,e,t){var n=c(r),i=v(e),o=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){var e=r.publicKeyHex;try{return h.keyFromPublic(e,"hex").verify(n,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=y(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":y,Ed25519:function(r,e,t){var n=o.encode(r),a=d(u.toBase64(e)),c=t.find(function(r){return i.sign.detached.verify(n,a,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function g(r){var e=p[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function w(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(w(e))return function(t){var n=e.r,i=e.s,o=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(i,"hex").copy(c,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");c[64]=o}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}g.toSignatureObject=v;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(w(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=P);var n=[x(t),x(r)].join("."),i=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(i(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},S={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},P="ES256K";function x(r){return u.encode(JSON.stringify(r))}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function J(r,e){Array.isArray(e)||(e=[e]);var t=j(r),n=t.data,i=t.signature;return g(t.header.alg)(n,i,e)}r.SimpleSigner=function(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,i=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=d(r);return function(r){try{var t=o.encode(r),n=i.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=j(r),n=t.payload;return Promise.resolve(function(r,e,t,n){try{var i=S[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var o=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return i.find(function(r){return r===e&&(!n||Array.isArray(o)&&o.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,t.header.alg,n.iss,e.auth)).then(function(t){var i=t.doc,o=t.issuer;return Promise.resolve(J(r,t.authenticators)).then(function(t){var a=Math.floor(Date.now()/1e3);if(t){var u=a+300;if(n.nbf){if(n.nbf>u)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>u)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=a-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+a);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:i,issuer:o,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e,t){var n=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=Object.assign({},u,r,{iss:n});return Promise.resolve(E(c,i,t))}catch(r){return Promise.reject(r)}},r.decodeJWT=j,r.verifyJWS=J,r.createJWS=E,r.toEthereumAddress=f});
!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url)}(this,function(r,e,t,n,i,o,a,u){function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}i=i&&i.hasOwnProperty("default")?i.default:i,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function y(r,e,t){var n;if(e.length>86)n=[v(e,!0)];else{var i=v(e,!1);n=[Object.assign({},i,{recoveryParam:0}),Object.assign({},i,{recoveryParam:1})]}var o=n.map(function(e){var n=c(r),i=h.recoverPubKey(n,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=f(o);return t.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}var p={ES256K:function(r,e,t){var n=c(r),i=v(e),o=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){var e=r.publicKeyHex;try{return h.keyFromPublic(e,"hex").verify(n,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=y(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":y,Ed25519:function(r,e,t){var n=o.encode(r),a=d(u.toBase64(e)),c=t.find(function(r){return i.sign.detached.verify(n,a,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function g(r){var e=p[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function w(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(w(e))return function(t){var n=e.r,i=e.s,o=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(i,"hex").copy(c,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");c[64]=o}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}g.toSignatureObject=v;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(w(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=P);var n=[x(t),x(r)].join("."),i=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(i(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},S={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},P="ES256K";function x(r){return u.encode(JSON.stringify(r))}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function J(r,e){var t=r.header,n=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),g(t.alg)(n,i,e)}r.SimpleSigner=function(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,i=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=d(r);return function(r){try{var t=o.encode(r),n=i.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=j(r),n=t.payload,i=t.header,o=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var i=S[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var o=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return i.find(function(r){return r===e&&(!n||Array.isArray(o)&&o.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(J({header:i,data:a,signature:o},t.authenticators)).then(function(t){var i=Math.floor(Date.now()/1e3);if(t){var o=i+300;if(n.nbf){if(n.nbf>o)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=i-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+i);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e,t){var n=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=Object.assign({},u,r,{iss:n});return Promise.resolve(E(c,i,t))}catch(r){return Promise.reject(r)}},r.decodeJWT=j,r.verifyJWS=function(r,e){return J(j(r),e)},r.createJWS=E,r.toEthereumAddress=f});
//# sourceMappingURL=index.umd.js.map

2

package.json
{
"name": "did-jwt",
"version": "4.3.3",
"version": "4.3.4",
"description": "Library for Signing and Verifying JWTs compatible uPort and DID standards",

@@ -5,0 +5,0 @@ "main": "lib/index.js",

17

src/JWT.ts

@@ -177,2 +177,11 @@ import VerifierAlgorithm from './VerifierAlgorithm'

function verifyJWSDecoded(
{ header, data, signature }: JWTDecoded,
pubkeys: PublicKey | PublicKey[]
): PublicKey {
if (!Array.isArray(pubkeys)) pubkeys = [pubkeys]
const signer: PublicKey = VerifierAlgorithm(header.alg)(data, signature, pubkeys)
return signer
}
/**

@@ -190,6 +199,4 @@ * Verifies given JWS. If the JWS is valid, returns the public key that was

export function verifyJWS(jws: string, pubkeys: PublicKey | PublicKey[]): PublicKey {
if (!Array.isArray(pubkeys)) pubkeys = [pubkeys]
const { header, data, signature }: JWTDecoded = decodeJWT(jws)
const signer: PublicKey = VerifierAlgorithm(header.alg)(data, signature, pubkeys)
return signer
const jwsDecoded: JWTDecoded = decodeJWT(jws)
return verifyJWSDecoded(jwsDecoded, pubkeys)
}

@@ -235,3 +242,3 @@

)
const signer: PublicKey = await verifyJWS(jwt, authenticators)
const signer: PublicKey = await verifyJWSDecoded({ header, data, signature } as JWTDecoded, authenticators)
const now: number = Math.floor(Date.now() / 1000)

@@ -238,0 +245,0 @@ if (signer) {

dist/did-jwt.js

Sorry, the diff of this file is too big to display

lib/index.js.map

Sorry, the diff of this file is not supported yet

lib/index.mjs

Sorry, the diff of this file is not supported yet

lib/index.mjs.map

Sorry, the diff of this file is not supported yet

lib/index.umd.js.map

Sorry, the diff of this file is not supported yet

lib/JWT.d.ts.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc