did-jwt - npm Package Compare versions

Comparing version 4.4.2 to 4.5.0

CHANGELOG.md

@@ -0,1 +1,8 @@
+# [4.5.0](https://github.com/decentralized-identity/did-jwt/compare/4.4.2...4.5.0) (2020-08-19)
+
+
+### Features
+
+* enable arbitrary payloads for JWS ([#126](https://github.com/decentralized-identity/did-jwt/issues/126)) ([5573e63](https://github.com/decentralized-identity/did-jwt/commit/5573e6390a30f088d5b6d298cf348b1ec58c3b92))
+
 ## [4.4.2](https://github.com/decentralized-identity/did-jwt/compare/4.4.1...4.4.2) (2020-08-18)
@@ -2,0 +9,0 @@

lib/index.esm.js

@@ -1,2 +0,2 @@
-import{ec as r}from"elliptic";import{sha256 as e}from"js-sha256";import{keccak_256 as t}from"js-sha3";import{Buffer as n}from"buffer";import o from"uport-base64url";import i from"tweetnacl";import{encode as a}from"@stablelib/utf8";function u(r){return n.from(e.arrayBuffer(r))}function c(r){return"0x"+(e=n.from(r.slice(2),"hex"),n.from(t.arrayBuffer(e))).slice(-20).toString("hex");var e}var f=new r("secp256k1");function s(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){r.startsWith("0x")&&(r=r.substring(2));var e=f.keyFromPrivate(r);return function(r){try{var t=e.sign(u(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:s(t.r.toString("hex")),s:s(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function d(r,e){var t=r.r,n=r.s,i=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===i)throw new Error("Signer did not return a recoveryParam");a[64]=i}return o.encode(a)}function v(r){var e=l(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return d(r)})}catch(r){return Promise.reject(r)}}}function p(r){var e=h(r);return function(r){try{var t=a(r),u=i.sign.detached(t,e),c=o.encode(n.from(u));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}}function y(){return(y=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var m=new r("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=o.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[y({},o,{recoveryParam:0}),y({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=u(r),o=m.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),f=c(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===f})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var b={ES256K:function(r,e,t){var n=u(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),c=i.find(function(r){var e=r.publicKeyHex;try{return m.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!c&&a.length>0&&(c=w(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":w,Ed25519:function(r,e,t){var n=a(r),u=h(o.toBase64(e)),c=t.find(function(r){return i.sign.detached.verify(n,u,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function E(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function P(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(P(e))return d(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}E.toSignatureObject=g;var x={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(P(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},K=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=T(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=J[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(B({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+A;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-A)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},j=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=y({},u,r,{iss:n});return k(c,o,t)}catch(r){return Promise.reject(r)}},k=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=D);var n=[W(t),W(r)].join("."),o=function(r){var e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(o(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},J={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},D="ES256K";function W(r){return o.encode(JSON.stringify(r))}var A=300;function T(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(o.decode(e[1])),payload:JSON.parse(o.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function B(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),E(t.alg)(n,o,e)}function I(r,e){return B(T(r),e)}export{v as EllipticSigner,p as NaclSigner,l as SimpleSigner,k as createJWS,j as createJWT,T as decodeJWT,c as toEthereumAddress,I as verifyJWS,K as verifyJWT};
+import{ec as r}from"elliptic";import{sha256 as e}from"js-sha256";import{keccak_256 as t}from"js-sha3";import{Buffer as n}from"buffer";import o from"uport-base64url";import i from"tweetnacl";import{encode as a}from"@stablelib/utf8";function u(r){return n.from(e.arrayBuffer(r))}function c(r){return"0x"+(e=n.from(r.slice(2),"hex"),n.from(t.arrayBuffer(e))).slice(-20).toString("hex");var e}var f=new r("secp256k1");function s(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){r.startsWith("0x")&&(r=r.substring(2));var e=f.keyFromPrivate(r);return function(r){try{var t=e.sign(u(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:s(t.r.toString("hex")),s:s(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function d(r,e){var t=r.r,n=r.s,i=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===i)throw new Error("Signer did not return a recoveryParam");a[64]=i}return o.encode(a)}function v(r){var e=l(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return d(r)})}catch(r){return Promise.reject(r)}}}function p(r){var e=h(r);return function(r){try{var t=a(r),u=i.sign.detached(t,e),c=o.encode(n.from(u));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}}function y(){return(y=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var m=new r("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=o.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[y({},o,{recoveryParam:0}),y({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=u(r),o=m.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),f=c(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===f})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var b={ES256K:function(r,e,t){var n=u(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),c=i.find(function(r){var e=r.publicKeyHex;try{return m.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!c&&a.length>0&&(c=w(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":w,Ed25519:function(r,e,t){var n=a(r),u=h(o.toBase64(e)),c=t.find(function(r){return i.sign.detached.verify(n,u,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function E(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function P(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(P(e))return d(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}E.toSignatureObject=g;var x={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(P(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},K=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=B(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=k[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(I({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+A;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-A)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}},j=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=y({},u,r,{iss:n});return J(c,o,t)}catch(r){return Promise.reject(r)}},J=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=D);var n="string"==typeof r?r:W(r),o=[W(t),n].join("."),i=function(r){var e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(i(o,e)).then(function(r){return[o,r].join(".")})}catch(r){return Promise.reject(r)}},k={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},D="ES256K";function W(r){return o.encode(JSON.stringify(r))}var A=300;function T(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(o.decode(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function B(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=T(r);return Object.assign(e,{payload:JSON.parse(o.decode(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function I(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),E(t.alg)(n,o,e)}function O(r,e){return I(T(r),e)}export{v as EllipticSigner,p as NaclSigner,l as SimpleSigner,J as createJWS,j as createJWT,B as decodeJWT,c as toEthereumAddress,O as verifyJWS,K as verifyJWT};
 //# sourceMappingURL=index.esm.js.map

lib/index.js

@@ -1,2 +0,2 @@
-function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("elliptic"),t=require("js-sha256"),n=require("js-sha3"),o=require("buffer"),i=r(require("uport-base64url")),a=r(require("tweetnacl")),u=require("@stablelib/utf8");function c(r){return o.Buffer.from(t.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=o.Buffer.from(r.slice(2),"hex"),o.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new e.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function h(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function v(r,e){var t=r.r,n=r.s,o=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return i.encode(a)}function p(){return(p=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var y=new e.ec("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=i.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[p({},o,{recoveryParam:0}),p({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=y.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var m={ES256K:function(r,e,t){var n=c(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return y.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=w(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":w,Ed25519:function(r,e,t){var n=u.encode(r),o=d(i.toBase64(e)),c=t.find(function(r){return a.sign.detached.verify(n,o,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function b(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function E(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(E(e))return v(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}b.toSignatureObject=g;var x={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(E(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},P=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=K);var n=[j(t),j(r)].join("."),o=function(r){var e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(o(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},J={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},K="ES256K";function j(r){return i.encode(JSON.stringify(r))}function W(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(i.decode(e[1])),payload:JSON.parse(i.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function k(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),b(t.alg)(n,o,e)}exports.EllipticSigner=function(r){var e=h(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return v(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=d(r);return function(r){try{var t=u.encode(r),n=a.sign.detached(t,e),c=i.encode(o.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=h,exports.createJWS=P,exports.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=p({},u,r,{iss:n});return P(c,o,t)}catch(r){return Promise.reject(r)}},exports.decodeJWT=W,exports.toEthereumAddress=f,exports.verifyJWS=function(r,e){return k(W(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=W(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=J[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(k({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+300;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}};
+function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("elliptic"),t=require("js-sha256"),n=require("js-sha3"),o=require("buffer"),i=r(require("uport-base64url")),a=r(require("tweetnacl")),u=require("@stablelib/utf8");function c(r){return o.Buffer.from(t.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=o.Buffer.from(r.slice(2),"hex"),o.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new e.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function h(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function v(r,e){var t=r.r,n=r.s,o=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return i.encode(a)}function p(){return(p=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var y=new e.ec("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=i.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[p({},o,{recoveryParam:0}),p({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=y.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var m={ES256K:function(r,e,t){var n=c(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return y.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=w(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":w,Ed25519:function(r,e,t){var n=u.encode(r),o=d(i.toBase64(e)),c=t.find(function(r){return a.sign.detached.verify(n,o,d(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function b(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function E(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(E(e))return v(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}b.toSignatureObject=g;var x={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(E(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},P=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=j);var n="string"==typeof r?r:K(r),o=[K(t),n].join("."),i=function(r){var e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(i(o,e)).then(function(r){return[o,r].join(".")})}catch(r){return Promise.reject(r)}},J={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},j="ES256K";function K(r){return i.encode(JSON.stringify(r))}function W(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(i.decode(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function k(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=W(r);return Object.assign(e,{payload:JSON.parse(i.decode(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function T(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),b(t.alg)(n,o,e)}exports.EllipticSigner=function(r){var e=h(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return v(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=d(r);return function(r){try{var t=u.encode(r),n=a.sign.detached(t,e),c=i.encode(o.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=h,exports.createJWS=P,exports.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=p({},u,r,{iss:n});return P(c,o,t)}catch(r){return Promise.reject(r)}},exports.decodeJWT=k,exports.toEthereumAddress=f,exports.verifyJWS=function(r,e){return T(W(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=k(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=J[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(T({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+300;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}};
 //# sourceMappingURL=index.js.map

lib/index.modern.js

@@ -1,2 +0,2 @@
-import{ec as r}from"elliptic";import{sha256 as e}from"js-sha256";import{keccak_256 as n}from"js-sha3";import{Buffer as t}from"buffer";import o from"uport-base64url";import i from"tweetnacl";import{encode as a}from"@stablelib/utf8";function c(r){return t.from(e.arrayBuffer(r))}function u(r){return"0x"+(e=t.from(r.slice(2),"hex"),t.from(n.arrayBuffer(e))).slice(-20).toString("hex");var e}const s=new r("secp256k1");function f(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function l(r){r.startsWith("0x")&&(r=r.substring(2));const e=s.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:o}=e.sign(c(r));return{r:f(n.toString("hex")),s:f(t.toString("hex")),recoveryParam:o}}}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function h({r,s:e,recoveryParam:n},t){const i=Buffer.alloc(t?65:64);if(Buffer.from(r,"hex").copy(i,0),Buffer.from(e,"hex").copy(i,32),t){if(void 0===n)throw new Error("Signer did not return a recoveryParam");i[64]=n}return o.encode(i)}function p(r){const e=l(r);return async r=>h(await e(r))}function w(r){const e=d(r);return async r=>{const n=a(r),c=i.sign.detached(n,e);return o.encode(t.from(c))}}const y=new r("secp256k1");function g(r,e=!1){const n=o.toBuffer(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:n.slice(0,32).toString("hex"),s:n.slice(32,64).toString("hex")};return e&&(t.recoveryParam=n[64]),t}function m(r,e,n){let t;if(e.length>86)t=[g(e,!0)];else{const r=g(e,!1);t=[{...r,recoveryParam:0},{...r,recoveryParam:1}]}const o=t.map(e=>{const t=c(r),o=y.recoverPubKey(t,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),s=u(i);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===i||r===a||e===s)}).filter(r=>null!=r);if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}const b={ES256K:function(r,e,n){const t=c(r),o=g(e),i=n.filter(({publicKeyHex:r})=>void 0!==r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let u=i.find(({publicKeyHex:r})=>{try{return y.keyFromPublic(r,"hex").verify(t,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=m(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":m,Ed25519:function(r,e,n){const t=a(r),c=d(o.toBase64(e)),u=n.find(({publicKeyBase64:r})=>i.sign.detached.verify(t,c,d(r)));if(!u)throw new Error("Signature invalid for JWT");return u}};function E(r){const e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function v(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return async function(e,n){const t=await n(e);if(v(t))return h(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}E.toSignatureObject=g;const x={ES256K:S(),"ES256K-R":S(!0),Ed25519:async function(r,e){const n=await e(r);if(v(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}},K={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function k(r){return o.encode(JSON.stringify(r))}function J(r){if(!r)throw new Error("no JWT passed into decodeJWT");const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(o.decode(e[1])),payload:JSON.parse(o.decode(e[2])),signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWT")}async function D(r,e,n={}){n.alg||(n.alg="ES256K");const t=[k(n),k(r)].join("."),o=function(r){const e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[t,await o(t,e)].join(".")}async function W(r,{issuer:e,signer:n,alg:t,expiresIn:o},i={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");i.typ||(i.typ="JWT"),i.alg||(i.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(o){if("number"!=typeof o)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(o)}return D({...a,...r,iss:e},n,i)}function A({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),E(r.alg)(e,n,t)}function P(r,e){return A(J(r),e)}async function T(r,e={resolver:null,auth:null,audience:null,callbackUrl:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:o,data:i}=J(r),{doc:a,authenticators:c,issuer:u}=await async function(r,e,n,t){const o=K[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);const i=await r.resolve(n);if(!i)throw new Error("Unable to resolve DID document for "+n);const a=!t||(i.authentication||[]).map(({publicKey:r})=>r),c=(i.publicKey||[]).filter(({type:r,id:e})=>o.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:i}}(e.resolver,t.alg,n.iss,e.auth),s=await A({header:t,data:i,signature:o},c),f=Math.floor(Date.now()/1e3);if(s){const t=f+300;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-300)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:u,signer:s,jwt:r}}}export{p as EllipticSigner,w as NaclSigner,l as SimpleSigner,D as createJWS,W as createJWT,J as decodeJWT,u as toEthereumAddress,P as verifyJWS,T as verifyJWT};
+import{ec as r}from"elliptic";import{sha256 as e}from"js-sha256";import{keccak_256 as n}from"js-sha3";import{Buffer as t}from"buffer";import o from"uport-base64url";import i from"tweetnacl";import{encode as a}from"@stablelib/utf8";function c(r){return t.from(e.arrayBuffer(r))}function u(r){return"0x"+(e=t.from(r.slice(2),"hex"),t.from(n.arrayBuffer(e))).slice(-20).toString("hex");var e}const s=new r("secp256k1");function f(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function l(r){r.startsWith("0x")&&(r=r.substring(2));const e=s.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:o}=e.sign(c(r));return{r:f(n.toString("hex")),s:f(t.toString("hex")),recoveryParam:o}}}function d(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function h({r,s:e,recoveryParam:n},t){const i=Buffer.alloc(t?65:64);if(Buffer.from(r,"hex").copy(i,0),Buffer.from(e,"hex").copy(i,32),t){if(void 0===n)throw new Error("Signer did not return a recoveryParam");i[64]=n}return o.encode(i)}function p(r){const e=l(r);return async r=>h(await e(r))}function y(r){const e=d(r);return async r=>{const n=a(r),c=i.sign.detached(n,e);return o.encode(t.from(c))}}const w=new r("secp256k1");function g(r,e=!1){const n=o.toBuffer(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:n.slice(0,32).toString("hex"),s:n.slice(32,64).toString("hex")};return e&&(t.recoveryParam=n[64]),t}function m(r,e,n){let t;if(e.length>86)t=[g(e,!0)];else{const r=g(e,!1);t=[{...r,recoveryParam:0},{...r,recoveryParam:1}]}const o=t.map(e=>{const t=c(r),o=w.recoverPubKey(t,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),s=u(i);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===i||r===a||e===s)}).filter(r=>null!=r);if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}const b={ES256K:function(r,e,n){const t=c(r),o=g(e),i=n.filter(({publicKeyHex:r})=>void 0!==r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let u=i.find(({publicKeyHex:r})=>{try{return w.keyFromPublic(r,"hex").verify(t,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=m(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":m,Ed25519:function(r,e,n){const t=a(r),c=d(o.toBase64(e)),u=n.find(({publicKeyBase64:r})=>i.sign.detached.verify(t,c,d(r)));if(!u)throw new Error("Signature invalid for JWT");return u}};function E(r){const e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function S(r){return"object"==typeof r&&"r"in r&&"s"in r}function v(r){return async function(e,n){const t=await n(e);if(S(t))return h(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}E.toSignatureObject=g;const x={ES256K:v(),"ES256K-R":v(!0),Ed25519:async function(r,e){const n=await e(r);if(S(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}},K={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function J(r){return o.encode(JSON.stringify(r))}function k(r){const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(o.decode(e[1])),payload:e[2],signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWS")}function D(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{const e=k(r);return Object.assign(e,{payload:JSON.parse(o.decode(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}async function W(r,e,n={}){n.alg||(n.alg="ES256K");const t="string"==typeof r?r:J(r),o=[J(n),t].join("."),i=function(r){const e=x[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[o,await i(o,e)].join(".")}async function A(r,{issuer:e,signer:n,alg:t,expiresIn:o},i={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");i.typ||(i.typ="JWT"),i.alg||(i.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(o){if("number"!=typeof o)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(o)}return W({...a,...r,iss:e},n,i)}function P({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),E(r.alg)(e,n,t)}function T(r,e){return P(k(r),e)}async function B(r,e={resolver:null,auth:null,audience:null,callbackUrl:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:o,data:i}=D(r),{doc:a,authenticators:c,issuer:u}=await async function(r,e,n,t){const o=K[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);const i=await r.resolve(n);if(!i)throw new Error("Unable to resolve DID document for "+n);const a=!t||(i.authentication||[]).map(({publicKey:r})=>r),c=(i.publicKey||[]).filter(({type:r,id:e})=>o.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:i}}(e.resolver,t.alg,n.iss,e.auth),s=await P({header:t,data:i,signature:o},c),f=Math.floor(Date.now()/1e3);if(s){const t=f+300;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-300)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:u,signer:s,jwt:r}}}export{p as EllipticSigner,y as NaclSigner,l as SimpleSigner,W as createJWS,A as createJWT,D as decodeJWT,u as toEthereumAddress,T as verifyJWS,B as verifyJWT};
 //# sourceMappingURL=index.modern.js.map

lib/index.umd.js

@@ -1,2 +0,2 @@
-!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("js-sha256"),require("js-sha3"),require("buffer"),require("uport-base64url"),require("tweetnacl"),require("@stablelib/utf8")):"function"==typeof define&&define.amd?define(["exports","elliptic","js-sha256","js-sha3","buffer","uport-base64url","tweetnacl","@stablelib/utf8"],e):e((r=r||self).didJwt={},r.elliptic,r.jsSha256,r.jsSha3,r.buffer,r.uportBase64Url,r.tweetnacl,r.utf8)}(this,function(r,e,t,n,o,i,a,u){function c(r){return o.Buffer.from(t.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=o.Buffer.from(r.slice(2),"hex"),o.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}i=i&&Object.prototype.hasOwnProperty.call(i,"default")?i.default:i,a=a&&Object.prototype.hasOwnProperty.call(a,"default")?a.default:a;var s=new e.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function v(r,e){var t=r.r,n=r.s,o=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return i.encode(a)}function p(){return(p=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var y=new e.ec("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=i.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[p({},o,{recoveryParam:0}),p({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=y.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var m={ES256K:function(r,e,t){var n=c(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return y.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=w(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":w,Ed25519:function(r,e,t){var n=u.encode(r),o=h(i.toBase64(e)),c=t.find(function(r){return a.sign.detached.verify(n,o,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function b(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function E(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(E(e))return v(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}b.toSignatureObject=g;var P={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(E(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},x=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=J);var n=[K(t),K(r)].join("."),o=function(r){var e=P[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(o(n,e)).then(function(r){return[n,r].join(".")})}catch(r){return Promise.reject(r)}},j={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},J="ES256K";function K(r){return i.encode(JSON.stringify(r))}function W(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(i.decode(e[1])),payload:JSON.parse(i.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}function k(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),b(t.alg)(n,o,e)}r.EllipticSigner=function(r){var e=d(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return v(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=h(r);return function(r){try{var t=u.encode(r),n=a.sign.detached(t,e),c=i.encode(o.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=d,r.createJWS=x,r.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=p({},u,r,{iss:n});return x(c,o,t)}catch(r){return Promise.reject(r)}},r.decodeJWT=W,r.toEthereumAddress=f,r.verifyJWS=function(r,e){return k(W(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=W(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=j[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(k({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+300;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}}});
+!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("js-sha256"),require("js-sha3"),require("buffer"),require("uport-base64url"),require("tweetnacl"),require("@stablelib/utf8")):"function"==typeof define&&define.amd?define(["exports","elliptic","js-sha256","js-sha3","buffer","uport-base64url","tweetnacl","@stablelib/utf8"],e):e((r=r||self).didJwt={},r.elliptic,r.jsSha256,r.jsSha3,r.buffer,r.uportBase64Url,r.tweetnacl,r.utf8)}(this,function(r,e,t,n,o,i,a,u){function c(r){return o.Buffer.from(t.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=o.Buffer.from(r.slice(2),"hex"),o.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}i=i&&Object.prototype.hasOwnProperty.call(i,"default")?i.default:i,a=a&&Object.prototype.hasOwnProperty.call(a,"default")?a.default:a;var s=new e.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function d(r){r.startsWith("0x")&&(r=r.substring(2));var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}function v(r,e){var t=r.r,n=r.s,o=r.recoveryParam,a=Buffer.alloc(e?65:64);if(Buffer.from(t,"hex").copy(a,0),Buffer.from(n,"hex").copy(a,32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return i.encode(a)}function p(){return(p=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var t=arguments[e];for(var n in t)Object.prototype.hasOwnProperty.call(t,n)&&(r[n]=t[n])}return r}).apply(this,arguments)}var y=new e.ec("secp256k1");function g(r,e){void 0===e&&(e=!1);var t=i.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}function w(r,e,t){var n;if(e.length>86)n=[g(e,!0)];else{var o=g(e,!1);n=[p({},o,{recoveryParam:0}),p({},o,{recoveryParam:1})]}var i=n.map(function(e){var n=c(r),o=y.recoverPubKey(n,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),u=f(i);return t.find(function(r){var e=r.publicKeyHex;return e===i||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}var m={ES256K:function(r,e,t){var n=c(r),o=g(e),i=t.filter(function(r){return void 0!==r.publicKeyHex}),a=t.filter(function(r){return void 0!==r.ethereumAddress}),u=i.find(function(r){var e=r.publicKeyHex;try{return y.keyFromPublic(e,"hex").verify(n,o)}catch(r){return!1}});if(!u&&a.length>0&&(u=w(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":w,Ed25519:function(r,e,t){var n=u.encode(r),o=h(i.toBase64(e)),c=t.find(function(r){return a.sign.detached.verify(n,o,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function b(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function E(r){return"object"==typeof r&&"r"in r&&"s"in r}function S(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(E(e))return v(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}b.toSignatureObject=g;var P={ES256K:S(),"ES256K-R":S(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(E(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},x=function(r,e,t){void 0===t&&(t={});try{t.alg||(t.alg=J);var n="string"==typeof r?r:K(r),o=[K(t),n].join("."),i=function(r){var e=P[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(t.alg);return Promise.resolve(i(o,e)).then(function(r){return[o,r].join(".")})}catch(r){return Promise.reject(r)}},j={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},J="ES256K";function K(r){return i.encode(JSON.stringify(r))}function W(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(i.decode(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function k(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=W(r);return Object.assign(e,{payload:JSON.parse(i.decode(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function T(r,e){var t=r.header,n=r.data,o=r.signature;return Array.isArray(e)||(e=[e]),b(t.alg)(n,o,e)}r.EllipticSigner=function(r){var e=d(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return v(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=h(r);return function(r){try{var t=u.encode(r),n=a.sign.detached(t,e),c=i.encode(o.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=d,r.createJWS=x,r.createJWT=function(r,e,t){var n=e.issuer,o=e.signer,i=e.alg,a=e.expiresIn;void 0===t&&(t={});try{if(!o)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");t.typ||(t.typ="JWT"),t.alg||(t.alg=i);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=p({},u,r,{iss:n});return x(c,o,t)}catch(r){return Promise.reject(r)}},r.decodeJWT=k,r.toEthereumAddress=f,r.verifyJWS=function(r,e){return T(W(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=k(r),n=t.payload,o=t.header,i=t.signature,a=t.data;return Promise.resolve(function(r,e,t,n){try{var o=j[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(t)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+t);var i=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,t=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(t)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+t+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+t+" does not have public keys for "+e);return{authenticators:a,issuer:t,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,o.alg,n.iss,e.auth)).then(function(t){var u=t.doc,c=t.issuer;return Promise.resolve(T({header:o,data:a,signature:i},t.authenticators)).then(function(t){var o=Math.floor(Date.now()/1e3);if(t){var i=o+300;if(n.nbf){if(n.nbf>i)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>i)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=o-300)throw new Error("JWT has expired: exp: "+n.exp+" < now: "+o);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:u,issuer:c,signer:t,jwt:r}}})})}catch(r){return Promise.reject(r)}}});
 //# sourceMappingURL=index.umd.js.map

lib/JWT.d.ts

@@ -51,2 +51,8 @@ import { DIDDocument, PublicKey } from 'did-resolver';
 }
+export interface JWSDecoded {
+    header: JWTHeader;
+    payload: string;
+    signature: string;
+    data: string;
+}
 export interface JWTVerified {
@@ -87,3 +93,3 @@ payload: any;
  */
-export declare function createJWS(payload: any, signer: Signer, header?: Partial<JWTHeader>): Promise<string>;
+export declare function createJWS(payload: string | any, signer: Signer, header?: Partial<JWTHeader>): Promise<string>;
 /**
@@ -90,0 +96,0 @@ *  Creates a signed JWT given an address which becomes the issuer, a signer, and a payload for which the signature is over.

package.json

 {
   "name": "did-jwt",
-  "version": "4.4.2",
+  "version": "4.5.0",
   "description": "Library for Signing and Verifying JWTs compatible uPort and DID standards",
@@ -32,3 +32,4 @@ "main": "lib/index.js",
   "contributors": [
-    "Mircea Nistor <mircea.nistor@consensys.net>"
+    "Mircea Nistor <mircea.nistor@consensys.net>",
+    "Joel Thorstensson <oed@3box.io>"
   ],
@@ -35,0 +36,0 @@ "license": "Apache-2.0",

src/__tests__/JWT-test.ts

@@ -1,2 +0,2 @@
-import { createJWT, verifyJWT, decodeJWT, resolveAuthenticator, NBF_SKEW } from '../JWT'
+import { createJWT, verifyJWT, decodeJWT, createJWS, verifyJWS, resolveAuthenticator, NBF_SKEW } from '../JWT'
 import { TokenVerifier } from 'jsontokens'
@@ -7,2 +7,4 @@ import SimpleSigner from '../SimpleSigner'
 import MockDate from 'mockdate'
+import base64url from 'base64url'
+import { PublicKey } from 'did-resolver'
 
@@ -338,2 +340,37 @@ const NOW = 1485321133
 
+describe('JWS', () => {
+
+  it('createJWS works with JSON payload', async () => {
+    const payload = { some: 'data' }
+    const jws = await createJWS(payload, signer)
+    expect(jws).toMatchSnapshot()
+    expect(JSON.parse(base64url.decode(jws.split('.')[1]))).toEqual(payload)
+  })
+
+  it('createJWS works with base64url payload', async () => {
+    // use the hex public key as an arbitrary payload
+    const encodedPayload = base64url.encode(Buffer.from(publicKey, 'hex'))
+    const jws = await createJWS(encodedPayload, signer)
+    expect(jws).toMatchSnapshot()
+    expect(jws.split('.')[1]).toEqual(encodedPayload)
+  })
+
+  it('verifyJWS works with JSON payload', async () => {
+    const payload = { some: 'data' }
+    const jws = await createJWS(payload, signer)
+    expect(verifyJWS(jws, { publicKeyHex: publicKey } as PublicKey))
+  })
+
+  it('verifyJWS works with base64url payload', async () => {
+    const encodedPayload = base64url.encode(Buffer.from(publicKey, 'hex'))
+    const jws = await createJWS(encodedPayload, signer)
+    expect(verifyJWS(jws, { publicKeyHex: publicKey } as PublicKey))
+  })
+
+  it('verifyJWS fails with bad input', async () => {
+    const badJws = 'abrewguer.fjreoiwfoiew.foirheogu.reoguhwehrg'
+    expect(() => verifyJWS(badJws, { publicKeyHex: publicKey } as PublicKey)).toThrow('Incorrect format JWS')
+  })
+})
+
 describe('resolveAuthenticator()', () => {
@@ -340,0 +377,0 @@ const ecKey1 = {

src/JWT.ts

@@ -64,2 +64,9 @@ import VerifierAlgorithm from './VerifierAlgorithm'
 
+export interface JWSDecoded {
+  header: JWTHeader
+  payload: string
+  signature: string
+  data: string
+}
+
 export interface JWTVerified {
@@ -90,2 +97,15 @@ payload: any
 
+function decodeJWS(jws: string): JWSDecoded {
+  const parts: RegExpMatchArray = jws.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/)
+  if (parts) {
+    return {
+      header: JSON.parse(base64url.decode(parts[1])),
+      payload: parts[2],
+      signature: parts[3],
+      data: `${parts[1]}.${parts[2]}`
+    }
+  }
+  throw new Error('Incorrect format JWS')
+}
+
 /**  @module did-jwt/JWT */
@@ -104,12 +124,9 @@
   if (!jwt) throw new Error('no JWT passed into decodeJWT')
-  const parts: RegExpMatchArray = jwt.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/)
-  if (parts) {
-    return {
-      header: JSON.parse(base64url.decode(parts[1])),
-      payload: JSON.parse(base64url.decode(parts[2])),
-      signature: parts[3],
-      data: `${parts[1]}.${parts[2]}`
-    }
+  try {
+    const jws = decodeJWS(jwt)
+    const decodedJwt: JWTDecoded = Object.assign(jws, { payload: JSON.parse(base64url.decode(jws.payload)) })
+    return decodedJwt
+  } catch(e) {
+    throw new Error('Incorrect format JWT')
   }
-  throw new Error('Incorrect format JWT')
 }
@@ -129,5 +146,6 @@
  */
-export async function createJWS(payload: any, signer: Signer, header: Partial<JWTHeader> = {}): Promise<string> {
+export async function createJWS(payload: string | any, signer: Signer, header: Partial<JWTHeader> = {}): Promise<string> {
   if (!header.alg) header.alg = defaultAlg
-  const signingInput: string = [encodeSection(header), encodeSection(payload)].join('.')
+  const encodedPayload = typeof payload === 'string' ? payload : encodeSection(payload)
+  const signingInput: string = [encodeSection(header), encodedPayload].join('.')
 
@@ -181,3 +199,3 @@ const jwtSigner: SignerAlgorithm = SignerAlgorithm(header.alg)
 
-function verifyJWSDecoded({ header, data, signature }: JWTDecoded, pubkeys: PublicKey | PublicKey[]): PublicKey {
+function verifyJWSDecoded({ header, data, signature }: JWSDecoded, pubkeys: PublicKey | PublicKey[]): PublicKey {
   if (!Array.isArray(pubkeys)) pubkeys = [pubkeys]
@@ -200,3 +218,3 @@ const signer: PublicKey = VerifierAlgorithm(header.alg)(data, signature, pubkeys)
 export function verifyJWS(jws: string, pubkeys: PublicKey | PublicKey[]): PublicKey {
-  const jwsDecoded: JWTDecoded = decodeJWT(jws)
+  const jwsDecoded: JWSDecoded = decodeJWS(jws)
   return verifyJWSDecoded(jwsDecoded, pubkeys)
@@ -243,3 +261,3 @@ }
   )
-  const signer: PublicKey = await verifyJWSDecoded({ header, data, signature } as JWTDecoded, authenticators)
+  const signer: PublicKey = await verifyJWSDecoded({ header, data, signature } as JWSDecoded, authenticators)
   const now: number = Math.floor(Date.now() / 1000)
@@ -246,0 +264,0 @@ if (signer) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

481153

increased by1.35%

Lines of code

2470

increased by2.24%

No dependency changes