Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

did-jwt

Package Overview
Dependencies
Maintainers
9
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

did-jwt - npm Package Compare versions

Comparing version 4.6.2 to 4.6.3

7

CHANGELOG.md

@@ -0,1 +1,8 @@

## [4.6.3](https://github.com/decentralized-identity/did-jwt/compare/4.6.2...4.6.3) (2020-11-10)
### Bug Fixes
* support multiple pubkey encodings ([#139](https://github.com/decentralized-identity/did-jwt/issues/139)) ([c4ae63a](https://github.com/decentralized-identity/did-jwt/commit/c4ae63a689fef7b15f3ca8c19eb74e3557a010e8)), closes [#128](https://github.com/decentralized-identity/did-jwt/issues/128) [#127](https://github.com/decentralized-identity/did-jwt/issues/127)
## [4.6.2](https://github.com/decentralized-identity/did-jwt/compare/4.6.1...4.6.2) (2020-10-02)

@@ -2,0 +9,0 @@

2

lib/index.esm.js

@@ -1,2 +0,2 @@

import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as a,verify as u}from"@stablelib/ed25519";import{encode as c}from"@stablelib/utf8";import{XChaCha20Poly1305 as f}from"@stablelib/xchacha20poly1305";import{generateKeyPair as s,sharedKey as h}from"@stablelib/x25519";import{randomBytes as l}from"@stablelib/random";function v(r){return e(n(r))}function d(r){var e,i=n(r.slice(2),"base16");return"0x"+t((e=i,new Uint8Array(o.arrayBuffer(e))).slice(-20),"base16")}function p(r,e){void 0===e&&(e=new Uint8Array(4));var t=n(r.toString(),"base10");return e.set(t,4-t.length),e}var y=function(r){return i([p(r.length),r])};function g(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);var a=i([y(n(o)),y(new Uint8Array(0)),y(new Uint8Array(0)),p(t)]);return e(i([p(1),r,a]))}var m=new r("secp256k1");function w(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function b(r){r.startsWith("0x")&&(r=r.substring(2));var e=m.keyFromPrivate(r);return function(r){try{var n=e.sign(v(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:w(n.r.toString("hex")),s:w(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function P(r){return t(r,"base64url")}function E(r){return n(r,"base64url")}function S(r){return n(r,"base64pad")}function k(r){return P(n(r))}function x(r){return t(E(r))}function j(r){return t(r,"base16")}function K(r,e){var t=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(n(t,"base16"),0),a.set(n(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return P(a)}function A(r,e){return i([E(r),E(e)])}function J(r){var e=b(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return K(r)})}catch(r){return Promise.reject(r)}}}function W(r){var e=S(r);return function(r){try{var n=c(r),t=P(a(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}}function D(){return(D=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var O=new r("secp256k1");function I(r,e){void 0===e&&(e=!1);var n=E(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:j(n.slice(0,32)),s:j(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function C(r,e,n){var t;if(e.length>86)t=[I(e,!0)];else{var i=I(e,!1);t=[D({},i,{recoveryParam:0}),D({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=v(r),i=O.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=d(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function T(r,e,n){var t=c(r),i=E(e),o=n.find(function(r){return u(S(r.publicKeyBase64),t,i)});if(!o)throw new Error("Signature invalid for JWT");return o}var U={ES256K:function(r,e,n){var t=v(r),i=I(e),o=n.filter(function(r){return void 0!==r.publicKeyHex}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){var e=r.publicKeyHex;try{return O.keyFromPublic(e,"hex").verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=C(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":C,Ed25519:T,EdDSA:T};function X(r){var e=U[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function N(r){return"object"==typeof r&&"r"in r&&"s"in r}function B(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(N(e))return K(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function H(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(N(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}X.toSignatureObject=I;var _={ES256K:B(),"ES256K-R":B(!0),Ed25519:H(),EdDSA:H()},V=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=$(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=F[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(G({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+Z;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-Z)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},R=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=D({},u,r,{iss:t});return z(c,i,n)}catch(r){return Promise.reject(r)}},z=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=L);var t="string"==typeof r?r:M(r),i=[M(n),t].join("."),o=function(r){var e=_[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},F={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},L="ES256K";function M(r){return k(JSON.stringify(r))}var Z=300;function q(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function $(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=q(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function G(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),X(n.alg)(t,i,e)}function Q(r,e){return G(q(r),e)}var Y=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(x(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=A(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,E(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(tr(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!tr(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!tr(a)){t=2;break}}}var u=new nr,c=er.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(h)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!tr(a))return void a.then(h).then(void 0,c);if(!(i=r())||tr(i)&&!i.v)return void er(u,1,o);if(i.then)return void i.then(s).then(void 0,c);tr(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):er(u,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):er(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,E(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},rr="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function er(r,e,n){if(!r.s){if(n instanceof nr){if(!n.s)return void(n.o=er.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(er.bind(null,r,e),er.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var nr=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{er(t,1,o(this.v))}catch(r){er(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?er(t,1,e?e(i):i):n?er(t,1,n(i)):er(t,2,i)}catch(r){er(t,2,r)}},t},r}();function tr(r){return r instanceof nr&&1&r.s}function ir(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:P(r.iv),ciphertext:P(n),tag:P(t)};return e&&(o.aad=P(e)),i&&(o.recipients=[i]),o}var or=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return ir(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[rr]){var t,i,o,a=r[rr]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!tr(n))return void n.then(r,o||(o=er.bind(null,i=new nr,2)));n=n.v}i?er(i,1,n):i=n}catch(r){er(i||(i=new nr),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!tr(a))return void a.then(n,i||(i=er.bind(null,t=new nr,2)));a=a.v}t?er(t,1,a):t=a}catch(r){er(t||(t=new nr),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=ir(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}};function ar(r){var e=new f(r);return function(r,n){var t=l(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}var ur=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var t;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var i=(null==(t=e.keyAgreement)?void 0:t.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!i)throw new Error("Could not find x25519 key for "+r);return sr(n(i.publicKeyBase58,"base58btc"),i.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}};function cr(r){var e=ar(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=k(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+P(t):i));return Promise.resolve(D({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function fr(r){var e=new f(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function sr(r,e){var n=function(n){try{var a=s(),u=ar(g(h(a.secretKey,r),i,t))(n),c={encrypted_key:P(u.ciphertext),header:{alg:t,iv:P(u.iv),tag:P(u.tag),epk:{kty:"OKP",crv:o,x:P(a.publicKey)}}};return e&&(c.header.kid=e),Promise.resolve(c)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=l(32);return Promise.resolve(cr(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return D({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}function hr(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=E(o.header.epk.x),u=g(h(r,a),256,e),c=A(o.encrypted_key,o.header.tag);return Promise.resolve(fr(u).decrypt(c,E(o.header.iv))).then(function(r){return null===r?null:fr(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}}export{J as EllipticSigner,W as NaclSigner,b as SimpleSigner,or as createJWE,z as createJWS,R as createJWT,$ as decodeJWT,Y as decryptJWE,ur as resolveX25519Encrypters,d as toEthereumAddress,Q as verifyJWS,V as verifyJWT,hr as x25519Decrypter,sr as x25519Encrypter,fr as xc20pDirDecrypter,cr as xc20pDirEncrypter};
import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as u,verify as a}from"@stablelib/ed25519";import{XChaCha20Poly1305 as c}from"@stablelib/xchacha20poly1305";import{generateKeyPair as f,sharedKey as s}from"@stablelib/x25519";import{randomBytes as h}from"@stablelib/random";function l(r){return e(n(r))}function v(r){var e,i=n(r.slice(2),"base16");return"0x"+t((e=i,new Uint8Array(o.arrayBuffer(e))).slice(-20),"base16")}function d(r,e){void 0===e&&(e=new Uint8Array(4));var t=n(r.toString(),"base10");return e.set(t,4-t.length),e}var p=function(r){return i([d(r.length),r])};function y(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);var u=i([p(n(o)),p(new Uint8Array(0)),p(new Uint8Array(0)),d(t)]);return e(i([d(1),r,u]))}var g=new r("secp256k1");function m(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function w(r){r.startsWith("0x")&&(r=r.substring(2));var e=g.keyFromPrivate(r);return function(r){try{var n=e.sign(l(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:m(n.r.toString("hex")),s:m(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function b(r){return t(r,"base64url")}function P(r){return n(r,"base64url")}function E(r){return n(r,"base64pad")}function S(r){return n(r,"base58btc")}function k(r){return b(n(r))}function x(r){return t(P(r))}function K(r){return t(r,"base16")}function j(r){return n(r)}function A(r,e){var t=r.r,i=r.s,o=r.recoveryParam,u=new Uint8Array(e?65:64);if(u.set(n(t,"base16"),0),u.set(n(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return b(u)}function J(r,e){return i([P(r),P(e)])}function W(r){var e=w(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return A(r)})}catch(r){return Promise.reject(r)}}}function D(r){var e=E(r);return function(r){try{var n=j(r),t=b(u(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}}function O(){return(O=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var I=new r("secp256k1");function U(r,e){void 0===e&&(e=!1);var n=P(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:K(n.slice(0,32)),s:K(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function C(r){return r.publicKeyBase58?S(r.publicKeyBase58):r.publicKeyBase64?E(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function T(r,e,n){var t;if(e.length>86)t=[U(e,!0)];else{var i=U(e,!1);t=[O({},i,{recoveryParam:0}),O({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=l(r),i=I.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),u=i.encode("hex",!0),a=v(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===u||r.ethereumAddress===a})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function B(r,e,n){var t=j(r),i=P(e),o=n.find(function(r){return a(C(r),t,i)});if(!o)throw new Error("Signature invalid for JWT");return o}var X={ES256K:function(r,e,n){var t=l(r),i=U(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),u=n.filter(function(r){return void 0!==r.ethereumAddress}),a=o.find(function(r){try{var e=C(r);return I.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!a&&u.length>0&&(a=T(r,e,u)),!a)throw new Error("Signature invalid for JWT");return a},"ES256K-R":T,Ed25519:B,EdDSA:B};function N(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function H(r){return"object"==typeof r&&"r"in r&&"s"in r}function _(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(H(e))return A(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function V(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(H(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}N.toSignatureObject=U;var R={ES256K:_(),"ES256K-R":_(!0),Ed25519:V(),EdDSA:V()},z=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=Q(r),t=n.payload,i=n.header,o=n.signature,u=n.data;return Promise.resolve(function(r,e,n,t){try{var i=M[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),u=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!u||0===u.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!u||0===u.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:u,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var a=n.doc,c=n.issuer;return Promise.resolve(Y({header:i,data:u,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+$;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-$)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:a,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},F=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,u=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(u){if("number"!=typeof u)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(u)}var c=O({},a,r,{iss:t});return L(c,i,n)}catch(r){return Promise.reject(r)}},L=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=Z);var t="string"==typeof r?r:q(r),i=[q(n),t].join("."),o=function(r){var e=R[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},M={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},Z="ES256K";function q(r){return k(JSON.stringify(r))}var $=300;function G(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function Q(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=G(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function Y(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),N(n.alg)(t,i,e)}function rr(r,e){return Y(G(r),e)}var er=function(r,e){try{var n=function(r){if(null===u)throw new Error("Failed to decrypt");return u};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(x(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=J(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),u=null,a="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,P(r.iv),o)).then(function(r){u=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(or(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!or(o)){t=1;break}o=o.s}if(e){var u=e();if(u&&u.then&&!or(u)){t=2;break}}}var a=new ir,c=tr.bind(null,a,2);return(0===t?i.then(s):1===t?o.then(f):u.then(h)).then(void 0,c),a;function f(t){o=t;do{if(e&&(u=e())&&u.then&&!or(u))return void u.then(h).then(void 0,c);if(!(i=r())||or(i)&&!i.v)return void tr(a,1,o);if(i.then)return void i.then(s).then(void 0,c);or(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):tr(a,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):tr(a,1,o)}}(function(){return!u&&n<r.recipients.length},function(){return n++},function(){var a=r.recipients[n];Object.assign(a.header,t);var c=function(){if(a.header.alg===e.alg)return Promise.resolve(e.decrypt(i,P(r.iv),o,a)).then(function(r){u=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(a&&a.then?a.then(n):n())}catch(r){return Promise.reject(r)}},nr="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function tr(r,e,n){if(!r.s){if(n instanceof ir){if(!n.s)return void(n.o=tr.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(tr.bind(null,r,e),tr.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var ir=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{tr(t,1,o(this.v))}catch(r){tr(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?tr(t,1,e?e(i):i):n?tr(t,1,n(i)):tr(t,2,i)}catch(r){tr(t,2,r)}},t},r}();function or(r){return r instanceof ir&&1&r.s}function ur(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:b(r.iv),ciphertext:b(n),tag:b(t)};return e&&(o.aad=b(e)),i&&(o.recipients=[i]),o}var ar=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return ur(r,t)})}var i,o,u=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===u},!0))throw new Error("Incompatible encrypters passed");var a=function(r,e,n){if("function"==typeof r[nr]){var t,i,o,u=r[nr]();if(function r(n){try{for(;!(t=u.next()).done;)if((n=e(t.value))&&n.then){if(!or(n))return void n.then(r,o||(o=tr.bind(null,i=new ir,2)));n=n.v}i?tr(i,1,n):i=n}catch(r){tr(i||(i=new ir),2,r)}}(),u.return){var a=function(r){try{t.done||u.return()}catch(r){}return r};if(i&&i.then)return i.then(a,function(r){throw a(r)});a()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(u){try{for(;++o<r.length;)if((u=e(o))&&u.then){if(!or(u))return void u.then(n,i||(i=tr.bind(null,t=new ir,2)));u=u.v}t?tr(t,1,u):t=u}catch(r){tr(t||(t=new ir),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var u=function(){if(i){var u=o.recipients,a=u.push;return Promise.resolve(e.encryptCek(i)).then(function(r){a.call(u,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=ur(r,t)})}();if(u&&u.then)return u.then(function(){})});return Promise.resolve(a&&a.then?a.then(function(){return o}):o)}catch(r){return Promise.reject(r)}};function cr(r){var e=new c(r);return function(r,n){var t=h(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}var fr=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return lr(S(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}};function sr(r){var e=cr(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=k(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+b(t):i));return Promise.resolve(O({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function hr(r){var e=new c(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function lr(r,e){var n=function(n){try{var u=f(),a=cr(y(s(u.secretKey,r),i,t))(n),c={encrypted_key:b(a.ciphertext),header:{alg:t,iv:b(a.iv),tag:b(a.tag),epk:{kty:"OKP",crv:o,x:b(u.publicKey)}}};return e&&(c.header.kid=e),Promise.resolve(c)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=h(32);return Promise.resolve(sr(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return O({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}function vr(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=P(o.header.epk.x),a=y(s(r,u),256,e),c=J(o.encrypted_key,o.header.tag);return Promise.resolve(hr(a).decrypt(c,P(o.header.iv))).then(function(r){return null===r?null:hr(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}}export{W as EllipticSigner,D as NaclSigner,w as SimpleSigner,ar as createJWE,L as createJWS,F as createJWT,Q as decodeJWT,er as decryptJWE,fr as resolveX25519Encrypters,v as toEthereumAddress,rr as verifyJWS,z as verifyJWT,vr as x25519Decrypter,lr as x25519Encrypter,hr as xc20pDirDecrypter,sr as xc20pDirEncrypter};
//# sourceMappingURL=index.esm.js.map

2

lib/index.js

@@ -1,2 +0,2 @@

var r=require("elliptic"),e=require("@stablelib/sha256"),n=require("uint8arrays"),t=require("js-sha3"),i=require("@stablelib/ed25519"),o=require("@stablelib/utf8"),a=require("@stablelib/xchacha20poly1305"),u=require("@stablelib/x25519"),c=require("@stablelib/random");function f(r){return e.hash(n.fromString(r))}function s(r){var e,i=n.fromString(r.slice(2),"base16");return"0x"+n.toString((e=i,new Uint8Array(t.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function h(r,e){void 0===e&&(e=new Uint8Array(4));var t=n.fromString(r.toString(),"base10");return e.set(t,4-t.length),e}var l=function(r){return n.concat([h(r.length),r])};function v(r,t,i){if(256!==t)throw new Error("Unsupported key length: "+t);var o=n.concat([l(n.fromString(i)),l(new Uint8Array(0)),l(new Uint8Array(0)),h(t)]);return e.hash(n.concat([h(1),r,o]))}var d=new r.ec("secp256k1");function p(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function y(r){r.startsWith("0x")&&(r=r.substring(2));var e=d.keyFromPrivate(r);return function(r){try{var n=e.sign(f(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:p(n.r.toString("hex")),s:p(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function g(r){return n.toString(r,"base64url")}function w(r){return n.fromString(r,"base64url")}function m(r){return n.fromString(r,"base64pad")}function b(r){return g(n.fromString(r))}function E(r){return n.toString(w(r))}function P(r){return n.toString(r,"base16")}function S(r,e){var t=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(n.fromString(t,"base16"),0),a.set(n.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return g(a)}function x(r,e){return n.concat([w(r),w(e)])}function k(){return(k=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var K=new r.ec("secp256k1");function j(r,e){void 0===e&&(e=!1);var n=w(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:P(n.slice(0,32)),s:P(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function J(r,e,n){var t;if(e.length>86)t=[j(e,!0)];else{var i=j(e,!1);t=[k({},i,{recoveryParam:0}),k({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=f(r),i=K.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=s(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function W(r,e,n){var t=o.encode(r),a=w(e),u=n.find(function(r){return i.verify(m(r.publicKeyBase64),t,a)});if(!u)throw new Error("Signature invalid for JWT");return u}var A={ES256K:function(r,e,n){var t=f(r),i=j(e),o=n.filter(function(r){return void 0!==r.publicKeyHex}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){var e=r.publicKeyHex;try{return K.keyFromPublic(e,"hex").verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=J(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":J,Ed25519:W,EdDSA:W};function D(r){var e=A[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function C(r){return"object"==typeof r&&"r"in r&&"s"in r}function T(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(C(e))return S(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function O(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(C(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}D.toSignatureObject=j;var I={ES256K:T(),"ES256K-R":T(!0),Ed25519:O(),EdDSA:O()},U=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=q);var t="string"==typeof r?r:N(r),i=[N(n),t].join("."),o=function(r){var e=I[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},X={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},q="ES256K";function N(r){return b(JSON.stringify(r))}function B(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(E(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function H(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=B(r);return Object.assign(e,{payload:JSON.parse(E(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function _(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),D(n.alg)(t,i,e)}var V="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function R(r,e,n){if(!r.s){if(n instanceof z){if(!n.s)return void(n.o=R.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(R.bind(null,r,e),R.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var z=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{R(t,1,o(this.v))}catch(r){R(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?R(t,1,e?e(i):i):n?R(t,1,n(i)):R(t,2,i)}catch(r){R(t,2,r)}},t},r}();function F(r){return r instanceof z&&1&r.s}function L(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:g(r.iv),ciphertext:g(n),tag:g(t)};return e&&(o.aad=g(e)),i&&(o.recipients=[i]),o}function M(r){var e=new a.XChaCha20Poly1305(r);return function(r,n){var t=c.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function Z(r){var e=M(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=b(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+g(t):i));return Promise.resolve(k({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function $(r){var e=new a.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function G(r,e){var n=function(n){try{var a=u.generateKeyPair(),c=M(v(u.sharedKey(a.secretKey,r),i,t))(n),f={encrypted_key:g(c.ciphertext),header:{alg:t,iv:g(c.iv),tag:g(c.tag),epk:{kty:"OKP",crv:o,x:g(a.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=c.randomBytes(32);return Promise.resolve(Z(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return k({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}exports.EllipticSigner=function(r){var e=y(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return S(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=m(r);return function(r){try{var n=o.encode(r),t=g(i.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=y,exports.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return L(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[V]){var t,i,o,a=r[V]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!F(n))return void n.then(r,o||(o=R.bind(null,i=new z,2)));n=n.v}i?R(i,1,n):i=n}catch(r){R(i||(i=new z),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!F(a))return void a.then(n,i||(i=R.bind(null,t=new z,2)));a=a.v}t?R(t,1,a):t=a}catch(r){R(t||(t=new z),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=L(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},exports.createJWS=U,exports.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=k({},u,r,{iss:t});return U(c,i,n)}catch(r){return Promise.reject(r)}},exports.decodeJWT=H,exports.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(E(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=x(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,w(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(F(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!F(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!F(a)){t=2;break}}}var u=new z,c=R.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(h)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!F(a))return void a.then(h).then(void 0,c);if(!(i=r())||F(i)&&!i.v)return void R(u,1,o);if(i.then)return void i.then(s).then(void 0,c);F(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):R(u,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):R(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,w(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},exports.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var t;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var i=(null==(t=e.keyAgreement)?void 0:t.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!i)throw new Error("Could not find x25519 key for "+r);return G(n.fromString(i.publicKeyBase58,"base58btc"),i.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},exports.toEthereumAddress=s,exports.verifyJWS=function(r,e){return _(B(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=H(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=X[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(_({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=w(o.header.epk.x),c=v(u.sharedKey(r,a),256,e),f=x(o.encrypted_key,o.header.tag);return Promise.resolve($(c).decrypt(f,w(o.header.iv))).then(function(r){return null===r?null:$(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},exports.x25519Encrypter=G,exports.xc20pDirDecrypter=$,exports.xc20pDirEncrypter=Z;
var r=require("elliptic"),e=require("@stablelib/sha256"),n=require("uint8arrays"),t=require("js-sha3"),i=require("@stablelib/ed25519"),o=require("@stablelib/xchacha20poly1305"),a=require("@stablelib/x25519"),u=require("@stablelib/random");function c(r){return e.hash(n.fromString(r))}function f(r){var e,i=n.fromString(r.slice(2),"base16");return"0x"+n.toString((e=i,new Uint8Array(t.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function s(r,e){void 0===e&&(e=new Uint8Array(4));var t=n.fromString(r.toString(),"base10");return e.set(t,4-t.length),e}var h=function(r){return n.concat([s(r.length),r])};function l(r,t,i){if(256!==t)throw new Error("Unsupported key length: "+t);var o=n.concat([h(n.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),s(t)]);return e.hash(n.concat([s(1),r,o]))}var v=new r.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(c(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:d(n.r.toString("hex")),s:d(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function y(r){return n.toString(r,"base64url")}function g(r){return n.fromString(r,"base64url")}function m(r){return n.fromString(r,"base64pad")}function w(r){return n.fromString(r,"base58btc")}function b(r){return y(n.fromString(r))}function E(r){return n.toString(g(r))}function P(r){return n.toString(r,"base16")}function S(r){return n.fromString(r)}function x(r,e){var t=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(n.fromString(t,"base16"),0),a.set(n.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return y(a)}function k(r,e){return n.concat([g(r),g(e)])}function K(){return(K=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var j=new r.ec("secp256k1");function J(r,e){void 0===e&&(e=!1);var n=g(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:P(n.slice(0,32)),s:P(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function W(r){return r.publicKeyBase58?w(r.publicKeyBase58):r.publicKeyBase64?m(r.publicKeyBase64):r.publicKeyHex?n.fromString(r.publicKeyHex,"base16"):new Uint8Array}function A(r,e,n){var t;if(e.length>86)t=[J(e,!0)];else{var i=J(e,!1);t=[K({},i,{recoveryParam:0}),K({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=c(r),i=j.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=f(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function D(r,e,n){var t=S(r),o=g(e),a=n.find(function(r){return i.verify(W(r),t,o)});if(!a)throw new Error("Signature invalid for JWT");return a}var C={ES256K:function(r,e,n){var t=c(r),i=J(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=W(r);return j.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=A(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":A,Ed25519:D,EdDSA:D};function T(r){var e=C[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function O(r){return"object"==typeof r&&"r"in r&&"s"in r}function I(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(O(e))return x(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function U(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(O(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}T.toSignatureObject=J;var X={ES256K:I(),"ES256K-R":I(!0),Ed25519:U(),EdDSA:U()},B=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=q);var t="string"==typeof r?r:H(r),i=[H(n),t].join("."),o=function(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},N={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},q="ES256K";function H(r){return b(JSON.stringify(r))}function _(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(E(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function V(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=_(r);return Object.assign(e,{payload:JSON.parse(E(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function R(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),T(n.alg)(t,i,e)}var z="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function F(r,e,n){if(!r.s){if(n instanceof L){if(!n.s)return void(n.o=F.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(F.bind(null,r,e),F.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var L=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{F(t,1,o(this.v))}catch(r){F(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?F(t,1,e?e(i):i):n?F(t,1,n(i)):F(t,2,i)}catch(r){F(t,2,r)}},t},r}();function M(r){return r instanceof L&&1&r.s}function Z(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:y(r.iv),ciphertext:y(n),tag:y(t)};return e&&(o.aad=y(e)),i&&(o.recipients=[i]),o}function $(r){var e=new o.XChaCha20Poly1305(r);return function(r,n){var t=u.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function G(r){var e=$(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=b(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+y(t):i));return Promise.resolve(K({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Q(r){var e=new o.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function Y(r,e){var n=function(n){try{var u=a.generateKeyPair(),c=$(l(a.sharedKey(u.secretKey,r),i,t))(n),f={encrypted_key:y(c.ciphertext),header:{alg:t,iv:y(c.iv),tag:y(c.tag),epk:{kty:"OKP",crv:o,x:y(u.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=u.randomBytes(32);return Promise.resolve(G(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return K({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}exports.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return x(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=m(r);return function(r){try{var n=S(r),t=y(i.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=p,exports.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return Z(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[z]){var t,i,o,a=r[z]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!M(n))return void n.then(r,o||(o=F.bind(null,i=new L,2)));n=n.v}i?F(i,1,n):i=n}catch(r){F(i||(i=new L),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!M(a))return void a.then(n,i||(i=F.bind(null,t=new L,2)));a=a.v}t?F(t,1,a):t=a}catch(r){F(t||(t=new L),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=Z(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},exports.createJWS=B,exports.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=K({},u,r,{iss:t});return B(c,i,n)}catch(r){return Promise.reject(r)}},exports.decodeJWT=V,exports.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(E(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=k(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,g(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(M(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!M(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!M(a)){t=2;break}}}var u=new L,c=F.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(h)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!M(a))return void a.then(h).then(void 0,c);if(!(i=r())||M(i)&&!i.v)return void F(u,1,o);if(i.then)return void i.then(s).then(void 0,c);M(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):F(u,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):F(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,g(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},exports.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return Y(w(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},exports.toEthereumAddress=f,exports.verifyJWS=function(r,e){return R(_(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=V(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=N[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(R({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=g(o.header.epk.x),c=l(a.sharedKey(r,u),256,e),f=k(o.encrypted_key,o.header.tag);return Promise.resolve(Q(c).decrypt(f,g(o.header.iv))).then(function(r){return null===r?null:Q(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},exports.x25519Encrypter=Y,exports.xc20pDirDecrypter=Q,exports.xc20pDirEncrypter=G;
//# sourceMappingURL=index.js.map

2

lib/index.modern.js

@@ -1,2 +0,2 @@

import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as o}from"uint8arrays";import{keccak_256 as i}from"js-sha3";import{sign as a,verify as c}from"@stablelib/ed25519";import{encode as s}from"@stablelib/utf8";import{XChaCha20Poly1305 as u}from"@stablelib/xchacha20poly1305";import{generateKeyPair as f,sharedKey as l}from"@stablelib/x25519";import{randomBytes as d}from"@stablelib/random";function p(r){return e(n(r))}function y(r){const e=n(r.slice(2),"base16");return"0x"+t((o=e,new Uint8Array(i.arrayBuffer(o))).slice(-20),"base16");var o}function h(r,e=new Uint8Array(4)){const t=n(r.toString(),"base10");return e.set(t,4-t.length),e}const w=r=>o([h(r.length),r]);function g(r,t,i){if(256!==t)throw new Error("Unsupported key length: "+t);const a=o([w(n(i)),w(new Uint8Array(0)),w(new Uint8Array(0)),h(t)]);return e(o([h(1),r,a]))}const b=new r("secp256k1");function E(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function m(r){r.startsWith("0x")&&(r=r.substring(2));const e=b.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:o}=e.sign(p(r));return{r:E(n.toString("hex")),s:E(t.toString("hex")),recoveryParam:o}}}function v(r){return t(r,"base64url")}function S(r){return n(r,"base64url")}function k(r){return n(r,"base64pad")}function x(r){return v(n(r))}function K(r){return t(S(r))}function A(r){return t(r,"base16")}function J({r,s:e,recoveryParam:t},o){const i=new Uint8Array(o?65:64);if(i.set(n(r,"base16"),0),i.set(n(e,"base16"),32),o){if(void 0===t)throw new Error("Signer did not return a recoveryParam");i[64]=t}return v(i)}function P(r,e){return o([S(r),S(e)])}function W(r){const e=m(r);return async r=>J(await e(r))}function D(r){const e=k(r);return async r=>{const n=s(r);return v(a(e,n))}}function I(){return(I=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}const O=new r("secp256k1");function C(r,e=!1){const n=S(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:A(n.slice(0,32)),s:A(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function U(r,e,n){let t;if(e.length>86)t=[C(e,!0)];else{const r=C(e,!1);t=[I({},r,{recoveryParam:0}),I({},r,{recoveryParam:1})]}const o=t.map(e=>{const t=p(r),o=O.recoverPubKey(t,e,e.recoveryParam),i=o.encode("hex"),a=o.encode("hex",!0),c=y(i);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===i||r===a||e===c)}).filter(r=>null!=r);if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function j(r,e,n){const t=s(r),o=S(e),i=n.find(({publicKeyBase64:r})=>c(k(r),t,o));if(!i)throw new Error("Signature invalid for JWT");return i}const T={ES256K:function(r,e,n){const t=p(r),o=C(e),i=n.filter(({publicKeyHex:r})=>void 0!==r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let c=i.find(({publicKeyHex:r})=>{try{return O.keyFromPublic(r,"hex").verify(t,o)}catch(r){return!1}});if(!c&&a.length>0&&(c=U(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":U,Ed25519:j,EdDSA:j};function $(r){const e=T[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function X(r){return"object"==typeof r&&"r"in r&&"s"in r}function N(r){return async function(e,n){const t=await n(e);if(X(t))return J(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}function B(){return async function(r,e){const n=await e(r);if(X(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}}$.toSignatureObject=C;const H={ES256K:N(),"ES256K-R":N(!0),Ed25519:B(),EdDSA:B()},_={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function V(r){return x(JSON.stringify(r))}function R(r){const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(K(e[1])),payload:e[2],signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWS")}function z(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{const e=R(r);return Object.assign(e,{payload:JSON.parse(K(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}async function F(r,e,n={}){n.alg||(n.alg="ES256K");const t="string"==typeof r?r:V(r),o=[V(n),t].join("."),i=function(r){const e=H[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[o,await i(o,e)].join(".")}async function L(r,{issuer:e,signer:n,alg:t,expiresIn:o},i={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");i.typ||(i.typ="JWT"),i.alg||(i.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(o){if("number"!=typeof o)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(o)}return F(I({},a,r,{iss:e}),n,i)}function M({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),$(r.alg)(e,n,t)}function Z(r,e){return M(R(r),e)}async function q(r,e={resolver:null,auth:null,audience:null,callbackUrl:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:o,data:i}=z(r),{doc:a,authenticators:c,issuer:s}=await async function(r,e,n,t){const o=_[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);const i=await r.resolve(n);if(!i)throw new Error("Unable to resolve DID document for "+n);const a=!t||(i.authentication||[]).map(({publicKey:r})=>r),c=(i.publicKey||[]).filter(({type:r,id:e})=>o.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:i}}(e.resolver,t.alg,n.iss,e.auth),u=await M({header:t,data:i,signature:o},c),f=Math.floor(Date.now()/1e3);if(u){const t=f+300;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-300)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:s,signer:u,jwt:r}}}function G({ciphertext:r,tag:e,iv:n,protectedHeader:t,recipient:o},i){const a={protected:t,iv:v(n),ciphertext:v(r),tag:v(e)};return i&&(a.aad=v(i)),o&&(a.recipients=[o]),a}async function Q(r,e,n={},t){if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return G(await e[0].encrypt(r,n,t),t)}{const o=e[0].enc;if(!e.reduce((r,e)=>r&&e.enc===o,!0))throw new Error("Incompatible encrypters passed");let i,a;for(const o of e)if(i)a.recipients.push(await o.encryptCek(i));else{const e=await o.encrypt(r,n,t);i=e.cek,a=G(e,t)}return a}}async function Y(r,e){!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(r=>{if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);const n=JSON.parse(K(r.protected));if(n.enc!==e.enc)throw new Error(`Decrypter does not support: '${n.enc}'`);const t=P(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?`${r.protected}.${r.aad}`:r.protected));let i=null;if("dir"===n.alg&&"dir"===e.alg)i=await e.decrypt(t,S(r.iv),o);else{if(!r.recipients||0===r.recipients.length)throw new Error("Invalid JWE");for(let a=0;!i&&a<r.recipients.length;a++){const c=r.recipients[a];Object.assign(c.header,n),c.header.alg===e.alg&&(i=await e.decrypt(t,S(r.iv),o,c))}}if(null===i)throw new Error("Failed to decrypt");return i}function rr(r){const e=new u(r);return(r,n)=>{const t=d(e.nonceLength),o=e.seal(t,r,n);return{ciphertext:o.subarray(0,o.length-e.tagLength),tag:o.subarray(o.length-e.tagLength),iv:t}}}function er(r){const e=rr(r);return{alg:"dir",enc:"XC20P",encrypt:async function(r,n={},t){const o=x(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),i=new Uint8Array(Buffer.from(t?`${o}.${v(t)}`:o));return I({},e(r,i),{protectedHeader:o})}}}function nr(r){const e=new u(r);return{alg:"dir",enc:"XC20P",decrypt:async function(r,n,t){return e.open(n,r,t)}}}function tr(r,e){const n="ECDH-ES+XC20PKW";async function t(t){const o=f(),i=rr(g(l(o.secretKey,r),256,n))(t),a={encrypted_key:v(i.ciphertext),header:{alg:n,iv:v(i.iv),tag:v(i.tag),epk:{kty:"OKP",crv:"X25519",x:v(o.publicKey)}}};return e&&(a.header.kid=e),a}return{alg:n,enc:"XC20P",encrypt:async function(r,e={},n){Object.assign(e,{alg:void 0});const o=d(32);return I({},await er(o).encrypt(r,e,n),{recipient:await t(o),cek:o})},encryptCek:t}}async function or(r,e){return Promise.all(r.map(async r=>{var t;const o=await e.resolve(r);if(!o.keyAgreement)throw new Error("Could not find x25519 key for "+r);const i=(null==(t=o.keyAgreement)?void 0:t.map(r=>"string"==typeof r?o.publicKey.find(e=>e.id===r):r)).find(r=>"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58));if(!i)throw new Error("Could not find x25519 key for "+r);return tr(n(i.publicKeyBase58,"base58btc"),i.id)}))}function ir(r){const e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:async function(n,t,o,i){if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(i.header),"X25519"!==i.header.epk.crv)return null;const a=S(i.header.epk.x),c=g(l(r,a),256,e),s=P(i.encrypted_key,i.header.tag),u=await nr(c).decrypt(s,S(i.header.iv));return null===u?null:nr(u).decrypt(n,t,o)}}}export{W as EllipticSigner,D as NaclSigner,m as SimpleSigner,Q as createJWE,F as createJWS,L as createJWT,z as decodeJWT,Y as decryptJWE,or as resolveX25519Encrypters,y as toEthereumAddress,Z as verifyJWS,q as verifyJWT,ir as x25519Decrypter,tr as x25519Encrypter,nr as xc20pDirDecrypter,er as xc20pDirEncrypter};
import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as a,verify as c}from"@stablelib/ed25519";import{XChaCha20Poly1305 as s}from"@stablelib/xchacha20poly1305";import{generateKeyPair as u,sharedKey as f}from"@stablelib/x25519";import{randomBytes as l}from"@stablelib/random";function d(r){return e(n(r))}function p(r){const e=n(r.slice(2),"base16");return"0x"+t((i=e,new Uint8Array(o.arrayBuffer(i))).slice(-20),"base16");var i}function y(r,e=new Uint8Array(4)){const t=n(r.toString(),"base10");return e.set(t,4-t.length),e}const h=r=>i([y(r.length),r]);function w(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);const a=i([h(n(o)),h(new Uint8Array(0)),h(new Uint8Array(0)),y(t)]);return e(i([y(1),r,a]))}const g=new r("secp256k1");function b(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function E(r){r.startsWith("0x")&&(r=r.substring(2));const e=g.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:i}=e.sign(d(r));return{r:b(n.toString("hex")),s:b(t.toString("hex")),recoveryParam:i}}}function m(r){return t(r,"base64url")}function v(r){return n(r,"base64url")}function S(r){return n(r,"base64pad")}function k(r){return n(r,"base58btc")}function K(r){return m(n(r))}function x(r){return t(v(r))}function A(r){return t(r,"base16")}function J(r){return n(r)}function P({r,s:e,recoveryParam:t},i){const o=new Uint8Array(i?65:64);if(o.set(n(r,"base16"),0),o.set(n(e,"base16"),32),i){if(void 0===t)throw new Error("Signer did not return a recoveryParam");o[64]=t}return m(o)}function W(r,e){return i([v(r),v(e)])}function D(r){const e=E(r);return async r=>P(await e(r))}function I(r){const e=S(r);return async r=>{const n=J(r);return m(a(e,n))}}function O(){return(O=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}const U=new r("secp256k1");function C(r,e=!1){const n=v(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:A(n.slice(0,32)),s:A(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function j(r){return r.publicKeyBase58?k(r.publicKeyBase58):r.publicKeyBase64?S(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function T(r,e,n){let t;if(e.length>86)t=[C(e,!0)];else{const r=C(e,!1);t=[O({},r,{recoveryParam:0}),O({},r,{recoveryParam:1})]}const i=t.map(e=>{const t=d(r),i=U.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),c=p(o);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===o||r===a||e===c)}).filter(r=>null!=r);if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}function $(r,e,n){const t=J(r),i=v(e),o=n.find(r=>c(j(r),t,i));if(!o)throw new Error("Signature invalid for JWT");return o}const B={ES256K:function(r,e,n){const t=d(r),i=C(e),o=n.filter(({ethereumAddress:r})=>void 0===r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let c=o.find(r=>{try{const e=j(r);return U.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!c&&a.length>0&&(c=T(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":T,Ed25519:$,EdDSA:$};function X(r){const e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function N(r){return"object"==typeof r&&"r"in r&&"s"in r}function H(r){return async function(e,n){const t=await n(e);if(N(t))return P(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}function _(){return async function(r,e){const n=await e(r);if(N(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}}X.toSignatureObject=C;const V={ES256K:H(),"ES256K-R":H(!0),Ed25519:_(),EdDSA:_()},R={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function z(r){return K(JSON.stringify(r))}function F(r){const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWS")}function L(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{const e=F(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}async function M(r,e,n={}){n.alg||(n.alg="ES256K");const t="string"==typeof r?r:z(r),i=[z(n),t].join("."),o=function(r){const e=V[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[i,await o(i,e)].join(".")}async function Z(r,{issuer:e,signer:n,alg:t,expiresIn:i},o={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");o.typ||(o.typ="JWT"),o.alg||(o.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(i)}return M(O({},a,r,{iss:e}),n,o)}function q({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),X(r.alg)(e,n,t)}function G(r,e){return q(F(r),e)}async function Q(r,e={resolver:null,auth:null,audience:null,callbackUrl:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:i,data:o}=L(r),{doc:a,authenticators:c,issuer:s}=await async function(r,e,n,t){const i=R[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);const o=await r.resolve(n);if(!o)throw new Error("Unable to resolve DID document for "+n);const a=!t||(o.authentication||[]).map(({publicKey:r})=>r),c=(o.publicKey||[]).filter(({type:r,id:e})=>i.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:o}}(e.resolver,t.alg,n.iss,e.auth),u=await q({header:t,data:o,signature:i},c),f=Math.floor(Date.now()/1e3);if(u){const t=f+300;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-300)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:s,signer:u,jwt:r}}}function Y({ciphertext:r,tag:e,iv:n,protectedHeader:t,recipient:i},o){const a={protected:t,iv:m(n),ciphertext:m(r),tag:m(e)};return o&&(a.aad=m(o)),i&&(a.recipients=[i]),a}async function rr(r,e,n={},t){if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Y(await e[0].encrypt(r,n,t),t)}{const i=e[0].enc;if(!e.reduce((r,e)=>r&&e.enc===i,!0))throw new Error("Incompatible encrypters passed");let o,a;for(const i of e)if(o)a.recipients.push(await i.encryptCek(o));else{const e=await i.encrypt(r,n,t);o=e.cek,a=Y(e,t)}return a}}async function er(r,e){!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(r=>{if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);const n=JSON.parse(x(r.protected));if(n.enc!==e.enc)throw new Error(`Decrypter does not support: '${n.enc}'`);const t=W(r.ciphertext,r.tag),i=new Uint8Array(Buffer.from(r.aad?`${r.protected}.${r.aad}`:r.protected));let o=null;if("dir"===n.alg&&"dir"===e.alg)o=await e.decrypt(t,v(r.iv),i);else{if(!r.recipients||0===r.recipients.length)throw new Error("Invalid JWE");for(let a=0;!o&&a<r.recipients.length;a++){const c=r.recipients[a];Object.assign(c.header,n),c.header.alg===e.alg&&(o=await e.decrypt(t,v(r.iv),i,c))}}if(null===o)throw new Error("Failed to decrypt");return o}function nr(r){const e=new s(r);return(r,n)=>{const t=l(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function tr(r){const e=nr(r);return{alg:"dir",enc:"XC20P",encrypt:async function(r,n={},t){const i=K(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?`${i}.${m(t)}`:i));return O({},e(r,o),{protectedHeader:i})}}}function ir(r){const e=new s(r);return{alg:"dir",enc:"XC20P",decrypt:async function(r,n,t){return e.open(n,r,t)}}}function or(r,e){const n="ECDH-ES+XC20PKW";async function t(t){const i=u(),o=nr(w(f(i.secretKey,r),256,n))(t),a={encrypted_key:m(o.ciphertext),header:{alg:n,iv:m(o.iv),tag:m(o.tag),epk:{kty:"OKP",crv:"X25519",x:m(i.publicKey)}}};return e&&(a.header.kid=e),a}return{alg:n,enc:"XC20P",encrypt:async function(r,e={},n){Object.assign(e,{alg:void 0});const i=l(32);return O({},await tr(i).encrypt(r,e,n),{recipient:await t(i),cek:i})},encryptCek:t}}async function ar(r,e){return Promise.all(r.map(async r=>{var n;const t=await e.resolve(r);if(!t.keyAgreement)throw new Error("Could not find x25519 key for "+r);const i=(null==(n=t.keyAgreement)?void 0:n.map(r=>"string"==typeof r?t.publicKey.find(e=>e.id===r):r)).find(r=>"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58));if(!i)throw new Error("Could not find x25519 key for "+r);return or(k(i.publicKeyBase58),i.id)}))}function cr(r){const e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:async function(n,t,i,o){if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return null;const a=v(o.header.epk.x),c=w(f(r,a),256,e),s=W(o.encrypted_key,o.header.tag),u=await ir(c).decrypt(s,v(o.header.iv));return null===u?null:ir(u).decrypt(n,t,i)}}}export{D as EllipticSigner,I as NaclSigner,E as SimpleSigner,rr as createJWE,M as createJWS,Z as createJWT,L as decodeJWT,er as decryptJWE,ar as resolveX25519Encrypters,p as toEthereumAddress,G as verifyJWS,Q as verifyJWT,cr as x25519Decrypter,or as x25519Encrypter,ir as xc20pDirDecrypter,tr as xc20pDirEncrypter};
//# sourceMappingURL=index.modern.js.map

2

lib/index.umd.js

@@ -1,2 +0,2 @@

!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("@stablelib/sha256"),require("uint8arrays"),require("js-sha3"),require("@stablelib/ed25519"),require("@stablelib/utf8"),require("@stablelib/xchacha20poly1305"),require("@stablelib/x25519"),require("@stablelib/random")):"function"==typeof define&&define.amd?define(["exports","elliptic","@stablelib/sha256","uint8arrays","js-sha3","@stablelib/ed25519","@stablelib/utf8","@stablelib/xchacha20poly1305","@stablelib/x25519","@stablelib/random"],e):e((r=r||self).didJwt={},r.elliptic,r.sha256$1,r.uint8Arrays,r.jsSha3,r.ed25519,r.utf8,r.xchacha20poly1305,r.x25519,r.random)}(this,function(r,e,n,t,i,o,a,u,c,f){function s(r){return n.hash(t.fromString(r))}function l(r){var e,n=t.fromString(r.slice(2),"base16");return"0x"+t.toString((e=n,new Uint8Array(i.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function h(r,e){void 0===e&&(e=new Uint8Array(4));var n=t.fromString(r.toString(),"base10");return e.set(n,4-n.length),e}var d=function(r){return t.concat([h(r.length),r])};function v(r,e,i){if(256!==e)throw new Error("Unsupported key length: "+e);var o=t.concat([d(t.fromString(i)),d(new Uint8Array(0)),d(new Uint8Array(0)),h(e)]);return n.hash(t.concat([h(1),r,o]))}var y=new e.ec("secp256k1");function p(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function g(r){r.startsWith("0x")&&(r=r.substring(2));var e=y.keyFromPrivate(r);return function(r){try{var n=e.sign(s(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:p(n.r.toString("hex")),s:p(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function m(r){return t.toString(r,"base64url")}function w(r){return t.fromString(r,"base64url")}function b(r){return t.fromString(r,"base64pad")}function E(r){return m(t.fromString(r))}function P(r){return t.toString(w(r))}function S(r){return t.toString(r,"base16")}function x(r,e){var n=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(t.fromString(n,"base16"),0),a.set(t.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return m(a)}function k(r,e){return t.concat([w(r),w(e)])}function j(){return(j=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var K=new e.ec("secp256k1");function J(r,e){void 0===e&&(e=!1);var n=w(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:S(n.slice(0,32)),s:S(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function W(r,e,n){var t;if(e.length>86)t=[J(e,!0)];else{var i=J(e,!1);t=[j({},i,{recoveryParam:0}),j({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=s(r),i=K.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=l(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function A(r,e,n){var t=a.encode(r),i=w(e),u=n.find(function(r){return o.verify(b(r.publicKeyBase64),t,i)});if(!u)throw new Error("Signature invalid for JWT");return u}var D={ES256K:function(r,e,n){var t=s(r),i=J(e),o=n.filter(function(r){return void 0!==r.publicKeyHex}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){var e=r.publicKeyHex;try{return K.keyFromPublic(e,"hex").verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=W(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":W,Ed25519:A,EdDSA:A};function C(r){var e=D[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function T(r){return"object"==typeof r&&"r"in r&&"s"in r}function O(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(T(e))return x(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function I(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(T(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}C.toSignatureObject=J;var U={ES256K:O(),"ES256K-R":O(!0),Ed25519:I(),EdDSA:I()},X=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=N);var t="string"==typeof r?r:B(r),i=[B(n),t].join("."),o=function(r){var e=U[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},q={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},N="ES256K";function B(r){return E(JSON.stringify(r))}function H(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(P(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function _(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=H(r);return Object.assign(e,{payload:JSON.parse(P(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function V(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),C(n.alg)(t,i,e)}var R="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function z(r,e,n){if(!r.s){if(n instanceof F){if(!n.s)return void(n.o=z.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(z.bind(null,r,e),z.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var F=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{z(t,1,o(this.v))}catch(r){z(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?z(t,1,e?e(i):i):n?z(t,1,n(i)):z(t,2,i)}catch(r){z(t,2,r)}},t},r}();function L(r){return r instanceof F&&1&r.s}function M(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:m(r.iv),ciphertext:m(n),tag:m(t)};return e&&(o.aad=m(e)),i&&(o.recipients=[i]),o}function Z(r){var e=new u.XChaCha20Poly1305(r);return function(r,n){var t=f.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function $(r){var e=Z(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=E(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+m(t):i));return Promise.resolve(j({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function G(r){var e=new u.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function Q(r,e){var n=function(n){try{var a=c.generateKeyPair(),u=Z(v(c.sharedKey(a.secretKey,r),i,t))(n),f={encrypted_key:m(u.ciphertext),header:{alg:t,iv:m(u.iv),tag:m(u.tag),epk:{kty:"OKP",crv:o,x:m(a.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=f.randomBytes(32);return Promise.resolve($(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return j({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}r.EllipticSigner=function(r){var e=g(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return x(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=b(r);return function(r){try{var n=a.encode(r),t=m(o.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=g,r.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return M(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[R]){var t,i,o,a=r[R]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!L(n))return void n.then(r,o||(o=z.bind(null,i=new F,2)));n=n.v}i?z(i,1,n):i=n}catch(r){z(i||(i=new F),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!L(a))return void a.then(n,i||(i=z.bind(null,t=new F,2)));a=a.v}t?z(t,1,a):t=a}catch(r){z(t||(t=new F),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=M(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},r.createJWS=X,r.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=j({},u,r,{iss:t});return X(c,i,n)}catch(r){return Promise.reject(r)}},r.decodeJWT=_,r.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(P(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=k(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,w(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(L(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!L(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!L(a)){t=2;break}}}var u=new F,c=z.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(l)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!L(a))return void a.then(l).then(void 0,c);if(!(i=r())||L(i)&&!i.v)return void z(u,1,o);if(i.then)return void i.then(s).then(void 0,c);L(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):z(u,1,o)}function l(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):z(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,w(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},r.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var i=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!i)throw new Error("Could not find x25519 key for "+r);return Q(t.fromString(i.publicKeyBase58,"base58btc"),i.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},r.toEthereumAddress=l,r.verifyJWS=function(r,e){return V(H(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=_(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=q[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(V({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=w(o.header.epk.x),u=v(c.sharedKey(r,a),256,e),f=k(o.encrypted_key,o.header.tag);return Promise.resolve(G(u).decrypt(f,w(o.header.iv))).then(function(r){return null===r?null:G(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},r.x25519Encrypter=Q,r.xc20pDirDecrypter=G,r.xc20pDirEncrypter=$});
!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("@stablelib/sha256"),require("uint8arrays"),require("js-sha3"),require("@stablelib/ed25519"),require("@stablelib/xchacha20poly1305"),require("@stablelib/x25519"),require("@stablelib/random")):"function"==typeof define&&define.amd?define(["exports","elliptic","@stablelib/sha256","uint8arrays","js-sha3","@stablelib/ed25519","@stablelib/xchacha20poly1305","@stablelib/x25519","@stablelib/random"],e):e((r=r||self).didJwt={},r.elliptic,r.sha256$1,r.uint8Arrays,r.jsSha3,r.ed25519,r.xchacha20poly1305,r.x25519,r.random)}(this,function(r,e,n,t,i,o,a,u,c){function f(r){return n.hash(t.fromString(r))}function s(r){var e,n=t.fromString(r.slice(2),"base16");return"0x"+t.toString((e=n,new Uint8Array(i.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function l(r,e){void 0===e&&(e=new Uint8Array(4));var n=t.fromString(r.toString(),"base10");return e.set(n,4-n.length),e}var h=function(r){return t.concat([l(r.length),r])};function d(r,e,i){if(256!==e)throw new Error("Unsupported key length: "+e);var o=t.concat([h(t.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),l(e)]);return n.hash(t.concat([l(1),r,o]))}var v=new e.ec("secp256k1");function y(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(f(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:y(n.r.toString("hex")),s:y(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function g(r){return t.toString(r,"base64url")}function m(r){return t.fromString(r,"base64url")}function w(r){return t.fromString(r,"base64pad")}function b(r){return t.fromString(r,"base58btc")}function E(r){return g(t.fromString(r))}function P(r){return t.toString(m(r))}function S(r){return t.toString(r,"base16")}function x(r){return t.fromString(r)}function k(r,e){var n=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(t.fromString(n,"base16"),0),a.set(t.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return g(a)}function K(r,e){return t.concat([m(r),m(e)])}function j(){return(j=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var J=new e.ec("secp256k1");function W(r,e){void 0===e&&(e=!1);var n=m(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:S(n.slice(0,32)),s:S(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function A(r){return r.publicKeyBase58?b(r.publicKeyBase58):r.publicKeyBase64?w(r.publicKeyBase64):r.publicKeyHex?t.fromString(r.publicKeyHex,"base16"):new Uint8Array}function D(r,e,n){var t;if(e.length>86)t=[W(e,!0)];else{var i=W(e,!1);t=[j({},i,{recoveryParam:0}),j({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=f(r),i=J.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=s(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function C(r,e,n){var t=x(r),i=m(e),a=n.find(function(r){return o.verify(A(r),t,i)});if(!a)throw new Error("Signature invalid for JWT");return a}var T={ES256K:function(r,e,n){var t=f(r),i=W(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=A(r);return J.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=D(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":D,Ed25519:C,EdDSA:C};function O(r){var e=T[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function I(r){return"object"==typeof r&&"r"in r&&"s"in r}function U(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(I(e))return k(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function X(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(I(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}O.toSignatureObject=W;var B={ES256K:U(),"ES256K-R":U(!0),Ed25519:X(),EdDSA:X()},N=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=H);var t="string"==typeof r?r:_(r),i=[_(n),t].join("."),o=function(r){var e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},q={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},H="ES256K";function _(r){return E(JSON.stringify(r))}function V(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(P(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function R(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=V(r);return Object.assign(e,{payload:JSON.parse(P(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function z(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),O(n.alg)(t,i,e)}var F="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function L(r,e,n){if(!r.s){if(n instanceof M){if(!n.s)return void(n.o=L.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(L.bind(null,r,e),L.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var M=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{L(t,1,o(this.v))}catch(r){L(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?L(t,1,e?e(i):i):n?L(t,1,n(i)):L(t,2,i)}catch(r){L(t,2,r)}},t},r}();function Z(r){return r instanceof M&&1&r.s}function $(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:g(r.iv),ciphertext:g(n),tag:g(t)};return e&&(o.aad=g(e)),i&&(o.recipients=[i]),o}function G(r){var e=new a.XChaCha20Poly1305(r);return function(r,n){var t=c.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function Q(r){var e=G(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=E(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+g(t):i));return Promise.resolve(j({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Y(r){var e=new a.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function rr(r,e){var n=function(n){try{var a=u.generateKeyPair(),c=G(d(u.sharedKey(a.secretKey,r),i,t))(n),f={encrypted_key:g(c.ciphertext),header:{alg:t,iv:g(c.iv),tag:g(c.tag),epk:{kty:"OKP",crv:o,x:g(a.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=c.randomBytes(32);return Promise.resolve(Q(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return j({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}r.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return k(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=w(r);return function(r){try{var n=x(r),t=g(o.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=p,r.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return $(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[F]){var t,i,o,a=r[F]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!Z(n))return void n.then(r,o||(o=L.bind(null,i=new M,2)));n=n.v}i?L(i,1,n):i=n}catch(r){L(i||(i=new M),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!Z(a))return void a.then(n,i||(i=L.bind(null,t=new M,2)));a=a.v}t?L(t,1,a):t=a}catch(r){L(t||(t=new M),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=$(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},r.createJWS=N,r.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=j({},u,r,{iss:t});return N(c,i,n)}catch(r){return Promise.reject(r)}},r.decodeJWT=R,r.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(P(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=K(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,m(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(Z(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!Z(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!Z(a)){t=2;break}}}var u=new M,c=L.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(l)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!Z(a))return void a.then(l).then(void 0,c);if(!(i=r())||Z(i)&&!i.v)return void L(u,1,o);if(i.then)return void i.then(s).then(void 0,c);Z(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):L(u,1,o)}function l(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):L(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,m(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},r.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return rr(b(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},r.toEthereumAddress=s,r.verifyJWS=function(r,e){return z(V(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=R(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=q[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(z({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=m(o.header.epk.x),c=d(u.sharedKey(r,a),256,e),f=K(o.encrypted_key,o.header.tag);return Promise.resolve(Y(c).decrypt(f,m(o.header.iv))).then(function(r){return null===r?null:Y(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},r.x25519Encrypter=rr,r.xc20pDirDecrypter=Y,r.xc20pDirEncrypter=Q});
//# sourceMappingURL=index.umd.js.map

2

lib/util.d.ts

@@ -11,7 +11,9 @@ export interface EcdsaSignature {

export declare function base58ToBytes(s: string): Uint8Array;
export declare function hexToBytes(s: string): Uint8Array;
export declare function encodeBase64url(s: string): string;
export declare function decodeBase64url(s: string): string;
export declare function bytesToHex(b: Uint8Array): string;
export declare function stringToBytes(s: string): Uint8Array;
export declare function toJose({ r, s, recoveryParam }: EcdsaSignature, recoverable?: boolean): string;
export declare function toSealed(ciphertext: string, tag: string): Uint8Array;
//# sourceMappingURL=util.d.ts.map

23

package.json
{
"name": "did-jwt",
"version": "4.6.2",
"version": "4.6.3",
"description": "Library for Signing and Verifying JWTs compatible uPort and DID standards",

@@ -65,12 +65,12 @@ "main": "lib/index.js",

"@types/elliptic": "6.4.12",
"@types/jest": "26.0.14",
"codecov": "3.7.2",
"eslint": "7.10.0",
"@types/jest": "26.0.15",
"codecov": "3.8.1",
"eslint": "7.13.0",
"eslint-config-standard": "14.1.1",
"eslint-plugin-import": "2.22.1",
"eslint-plugin-jest": "24.0.2",
"eslint-plugin-jest": "24.1.0",
"eslint-plugin-node": "11.1.0",
"eslint-plugin-promise": "4.2.1",
"eslint-plugin-standard": "4.0.1",
"jest": "26.4.2",
"eslint-plugin-standard": "4.0.2",
"jest": "26.6.3",
"jsdoc-to-markdown": "6.0.1",

@@ -83,6 +83,6 @@ "jsontokens": "3.0.0",

"regenerator-runtime": "0.13.7",
"semantic-release": "17.1.2",
"sinon": "9.1.0",
"semantic-release": "17.2.2",
"sinon": "9.2.1",
"standard": "14.3.4",
"ts-jest": "26.4.1",
"ts-jest": "26.4.4",
"tslint": "6.1.3",

@@ -92,3 +92,3 @@ "tslint-config-prettier": "1.18.0",

"tweetnacl": "1.0.3",
"typescript": "4.0.3",
"typescript": "4.0.5",
"webpack": "4.44.2",

@@ -102,3 +102,2 @@ "webpack-cli": "3.3.12"

"@stablelib/sha256": "^1.0.0",
"@stablelib/utf8": "^1.0.0",
"@stablelib/x25519": "^1.0.0",

@@ -105,0 +104,0 @@ "@stablelib/xchacha20poly1305": "^1.0.0",

4

README.md

@@ -100,4 +100,4 @@ # did-jwt

// pass the JWT from step 1 & 2
let verifiedRespone = await didJWT.verifyJWT(jwt, {resolver: resolver, audience: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74'})
console.log(verifiedRespone);
let verifiedResponse = await didJWT.verifyJWT(jwt, {resolver: resolver, audience: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74'})
console.log(verifiedResponse);
```

@@ -104,0 +104,0 @@

5

src/__tests__/SignerAlgorithm-test.ts

@@ -8,5 +8,4 @@ import SignerAlgorithm from '../SignerAlgorithm'

import nacl from 'tweetnacl'
import { base64ToBytes, base64urlToBytes } from '../util'
import { base64ToBytes, base64urlToBytes, stringToBytes } from '../util'
import { sha256 } from '../Digest'
import { encode } from '@stablelib/utf8'
const secp256k1 = new EC('secp256k1')

@@ -127,4 +126,4 @@ const privateKey = '278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a241154cc1d25383f'

const signature = await jwtSigner('hello', edSigner)
expect(nacl.sign.detached.verify(encode('hello'), base64urlToBytes(signature), edKp.publicKey)).toBeTruthy()
expect(nacl.sign.detached.verify(stringToBytes('hello'), base64urlToBytes(signature), edKp.publicKey)).toBeTruthy()
})
})

19

src/__tests__/VerifierAlgorithm-test.ts

@@ -9,2 +9,3 @@ import VerifierAlgorithm from '../VerifierAlgorithm'

import { base64ToBytes, bytesToBase64 } from '../util'
import * as u8a from 'uint8arrays'

@@ -121,2 +122,11 @@ const secp256k1 = new EC('secp256k1')

it('validates with publicKeyBase58', async () => {
const jwt = await createJWT({ bla: 'bla' }, { issuer: did, signer })
const parts = jwt.match(/^([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/)
const publicKeyBase58 = u8a.toString(u8a.fromString(ecKey2.publicKeyHex, 'base16'), 'base58btc')
const pubkey = Object.assign({ publicKeyBase58 }, ecKey2)
delete pubkey.publicKeyHex
return expect(verifier(parts[1], parts[2], [pubkey])).toEqual(pubkey)
})
it('validates signature with compressed public key and picks correct public key', async () => {

@@ -191,2 +201,11 @@ const jwt = await createJWT({ bla: 'bla' }, { issuer: did, signer })

it('validates with publicKeyBase58', async () => {
const jwt = await createJWT({ bla: 'bla' }, { alg: 'Ed25519', issuer: did, signer: edSigner })
const parts = jwt.match(/^([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/)
const publicKeyBase58 = u8a.toString(u8a.fromString(edKey.publicKeyBase64, 'base64pad'), 'base58btc')
const pubkey = Object.assign({ publicKeyBase58 }, edKey)
delete pubkey.publicKeyBase64
return expect(verifier(parts[1], parts[2], [pubkey])).toEqual(pubkey)
})
it('throws error if invalid signature', async () => {

@@ -193,0 +212,0 @@ const jwt = await createJWT({ bla: 'bla' }, { alg: 'Ed25519', issuer: did, signer: edSigner })

5

src/NaclSigner.ts
import { sign } from '@stablelib/ed25519'
import { encode } from '@stablelib/utf8'
import { Signer } from './JWT'
import { base64ToBytes, bytesToBase64url } from './util'
import { base64ToBytes, bytesToBase64url, stringToBytes } from './util'

@@ -25,3 +24,3 @@ /**

return async data => {
const dataBytes: Uint8Array = encode(data)
const dataBytes: Uint8Array = stringToBytes(data)
const sig: Uint8Array = sign(privateKey, dataBytes)

@@ -28,0 +27,0 @@ const b64UrlSig: string = bytesToBase64url(sig)

8

src/util.ts

@@ -29,2 +29,6 @@ import * as u8a from 'uint8arrays'

export function hexToBytes(s: string): Uint8Array {
return u8a.fromString(s, 'base16')
}
export function encodeBase64url(s: string): string {

@@ -42,2 +46,6 @@ return bytesToBase64url(u8a.fromString(s))

export function stringToBytes(s: string): Uint8Array {
return u8a.fromString(s)
}
export function toJose({ r, s, recoveryParam }: EcdsaSignature, recoverable?: boolean): string {

@@ -44,0 +52,0 @@ const jose = new Uint8Array(recoverable ? 65 : 64)

30

src/VerifierAlgorithm.ts

@@ -5,4 +5,3 @@ import { ec as EC } from 'elliptic'

import { PublicKey } from 'did-resolver'
import { encode } from '@stablelib/utf8'
import { base64ToBytes, base64urlToBytes, bytesToHex, EcdsaSignature } from './util'
import { hexToBytes, base58ToBytes, base64ToBytes, base64urlToBytes, bytesToHex, EcdsaSignature, stringToBytes } from './util'

@@ -26,7 +25,18 @@ const secp256k1 = new EC('secp256k1')

function extractPublicKeyBytes(pk: PublicKey): Uint8Array {
if (pk.publicKeyBase58) {
return base58ToBytes(pk.publicKeyBase58)
} else if (pk.publicKeyBase64) {
return base64ToBytes(pk.publicKeyBase64)
} else if (pk.publicKeyHex) {
return hexToBytes(pk.publicKeyHex)
}
return new Uint8Array()
}
export function verifyES256K(data: string, signature: string, authenticators: PublicKey[]): PublicKey {
const hash: Uint8Array = sha256(data)
const sigObj: EcdsaSignature = toSignatureObject(signature)
const fullPublicKeys = authenticators.filter(({ publicKeyHex }) => {
return typeof publicKeyHex !== 'undefined'
const fullPublicKeys = authenticators.filter(({ ethereumAddress }) => {
return typeof ethereumAddress === 'undefined'
})

@@ -37,5 +47,6 @@ const ethAddressKeys = authenticators.filter(({ ethereumAddress }) => {

let signer: PublicKey = fullPublicKeys.find(({ publicKeyHex }) => {
let signer: PublicKey = fullPublicKeys.find((pk: PublicKey) => {
try {
return secp256k1.keyFromPublic(publicKeyHex, 'hex').verify(hash, sigObj)
const pubBytes = extractPublicKeyBytes(pk)
return secp256k1.keyFromPublic(pubBytes).verify(hash, sigObj)
} catch (err) {

@@ -90,6 +101,7 @@ return false

export function verifyEd25519(data: string, signature: string, authenticators: PublicKey[]): PublicKey {
const clear: Uint8Array = encode(data)
const clear: Uint8Array = stringToBytes(data)
const sig: Uint8Array = base64urlToBytes(signature)
const signer: PublicKey = authenticators.find(({ publicKeyBase64 }) =>
verify(base64ToBytes(publicKeyBase64), clear, sig)
const signer: PublicKey = authenticators.find((pk: PublicKey) => {
return verify(extractPublicKeyBytes(pk), clear, sig)
}
)

@@ -96,0 +108,0 @@ if (!signer) throw new Error('Signature invalid for JWT')

dist/did-jwt.js

Sorry, the diff of this file is too big to display

lib/index.esm.js.map

Sorry, the diff of this file is not supported yet

lib/index.js.map

Sorry, the diff of this file is not supported yet

lib/index.modern.js.map

Sorry, the diff of this file is not supported yet

lib/index.umd.js.map

Sorry, the diff of this file is not supported yet

lib/NaclSigner.d.ts.map

Sorry, the diff of this file is not supported yet

lib/util.d.ts.map

Sorry, the diff of this file is not supported yet

lib/VerifierAlgorithm.d.ts.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc