Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
did-jwt - npm Package Compare versions
Comparing version 4.6.3 to 4.7.0
@@ -0,1 +1,8 @@ | ||
| # [4.7.0](https://github.com/decentralized-identity/did-jwt/compare/4.6.3...4.7.0) (2020-11-20) | ||
| ### Features | ||
| * **jwt:** add skewTime option that replaces NBF_SKEW if present ([#140](https://github.com/decentralized-identity/did-jwt/issues/140)) ([8a8cb0f](https://github.com/decentralized-identity/did-jwt/commit/8a8cb0f62ba384d39438d8550bdba019cb8a6205)) | ||
| ## [4.6.3](https://github.com/decentralized-identity/did-jwt/compare/4.6.2...4.6.3) (2020-11-10) | ||
@@ -2,0 +9,0 @@ |
@@ -1,2 +0,2 @@ | ||
| import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as u,verify as a}from"@stablelib/ed25519";import{XChaCha20Poly1305 as c}from"@stablelib/xchacha20poly1305";import{generateKeyPair as f,sharedKey as s}from"@stablelib/x25519";import{randomBytes as h}from"@stablelib/random";function l(r){return e(n(r))}function v(r){var e,i=n(r.slice(2),"base16");return"0x"+t((e=i,new Uint8Array(o.arrayBuffer(e))).slice(-20),"base16")}function d(r,e){void 0===e&&(e=new Uint8Array(4));var t=n(r.toString(),"base10");return e.set(t,4-t.length),e}var p=function(r){return i([d(r.length),r])};function y(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);var u=i([p(n(o)),p(new Uint8Array(0)),p(new Uint8Array(0)),d(t)]);return e(i([d(1),r,u]))}var g=new r("secp256k1");function m(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function w(r){r.startsWith("0x")&&(r=r.substring(2));var e=g.keyFromPrivate(r);return function(r){try{var n=e.sign(l(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:m(n.r.toString("hex")),s:m(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function b(r){return t(r,"base64url")}function P(r){return n(r,"base64url")}function E(r){return n(r,"base64pad")}function S(r){return n(r,"base58btc")}function k(r){return b(n(r))}function x(r){return t(P(r))}function K(r){return t(r,"base16")}function j(r){return n(r)}function A(r,e){var t=r.r,i=r.s,o=r.recoveryParam,u=new Uint8Array(e?65:64);if(u.set(n(t,"base16"),0),u.set(n(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return b(u)}function J(r,e){return i([P(r),P(e)])}function W(r){var e=w(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return A(r)})}catch(r){return Promise.reject(r)}}}function D(r){var e=E(r);return function(r){try{var n=j(r),t=b(u(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}}function O(){return(O=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var I=new r("secp256k1");function U(r,e){void 0===e&&(e=!1);var n=P(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:K(n.slice(0,32)),s:K(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function C(r){return r.publicKeyBase58?S(r.publicKeyBase58):r.publicKeyBase64?E(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function T(r,e,n){var t;if(e.length>86)t=[U(e,!0)];else{var i=U(e,!1);t=[O({},i,{recoveryParam:0}),O({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=l(r),i=I.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),u=i.encode("hex",!0),a=v(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===u||r.ethereumAddress===a})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function B(r,e,n){var t=j(r),i=P(e),o=n.find(function(r){return a(C(r),t,i)});if(!o)throw new Error("Signature invalid for JWT");return o}var X={ES256K:function(r,e,n){var t=l(r),i=U(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),u=n.filter(function(r){return void 0!==r.ethereumAddress}),a=o.find(function(r){try{var e=C(r);return I.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!a&&u.length>0&&(a=T(r,e,u)),!a)throw new Error("Signature invalid for JWT");return a},"ES256K-R":T,Ed25519:B,EdDSA:B};function N(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function H(r){return"object"==typeof r&&"r"in r&&"s"in r}function _(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(H(e))return A(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function V(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(H(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}N.toSignatureObject=U;var R={ES256K:_(),"ES256K-R":_(!0),Ed25519:V(),EdDSA:V()},z=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=Q(r),t=n.payload,i=n.header,o=n.signature,u=n.data;return Promise.resolve(function(r,e,n,t){try{var i=M[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),u=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!u||0===u.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!u||0===u.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:u,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var a=n.doc,c=n.issuer;return Promise.resolve(Y({header:i,data:u,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+$;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-$)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:a,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},F=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,u=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(u){if("number"!=typeof u)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(u)}var c=O({},a,r,{iss:t});return L(c,i,n)}catch(r){return Promise.reject(r)}},L=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=Z);var t="string"==typeof r?r:q(r),i=[q(n),t].join("."),o=function(r){var e=R[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},M={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},Z="ES256K";function q(r){return k(JSON.stringify(r))}var $=300;function G(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function Q(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=G(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function Y(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),N(n.alg)(t,i,e)}function rr(r,e){return Y(G(r),e)}var er=function(r,e){try{var n=function(r){if(null===u)throw new Error("Failed to decrypt");return u};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(x(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=J(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),u=null,a="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,P(r.iv),o)).then(function(r){u=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(or(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!or(o)){t=1;break}o=o.s}if(e){var u=e();if(u&&u.then&&!or(u)){t=2;break}}}var a=new ir,c=tr.bind(null,a,2);return(0===t?i.then(s):1===t?o.then(f):u.then(h)).then(void 0,c),a;function f(t){o=t;do{if(e&&(u=e())&&u.then&&!or(u))return void u.then(h).then(void 0,c);if(!(i=r())||or(i)&&!i.v)return void tr(a,1,o);if(i.then)return void i.then(s).then(void 0,c);or(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):tr(a,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):tr(a,1,o)}}(function(){return!u&&n<r.recipients.length},function(){return n++},function(){var a=r.recipients[n];Object.assign(a.header,t);var c=function(){if(a.header.alg===e.alg)return Promise.resolve(e.decrypt(i,P(r.iv),o,a)).then(function(r){u=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(a&&a.then?a.then(n):n())}catch(r){return Promise.reject(r)}},nr="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function tr(r,e,n){if(!r.s){if(n instanceof ir){if(!n.s)return void(n.o=tr.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(tr.bind(null,r,e),tr.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var ir=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{tr(t,1,o(this.v))}catch(r){tr(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?tr(t,1,e?e(i):i):n?tr(t,1,n(i)):tr(t,2,i)}catch(r){tr(t,2,r)}},t},r}();function or(r){return r instanceof ir&&1&r.s}function ur(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:b(r.iv),ciphertext:b(n),tag:b(t)};return e&&(o.aad=b(e)),i&&(o.recipients=[i]),o}var ar=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return ur(r,t)})}var i,o,u=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===u},!0))throw new Error("Incompatible encrypters passed");var a=function(r,e,n){if("function"==typeof r[nr]){var t,i,o,u=r[nr]();if(function r(n){try{for(;!(t=u.next()).done;)if((n=e(t.value))&&n.then){if(!or(n))return void n.then(r,o||(o=tr.bind(null,i=new ir,2)));n=n.v}i?tr(i,1,n):i=n}catch(r){tr(i||(i=new ir),2,r)}}(),u.return){var a=function(r){try{t.done||u.return()}catch(r){}return r};if(i&&i.then)return i.then(a,function(r){throw a(r)});a()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(u){try{for(;++o<r.length;)if((u=e(o))&&u.then){if(!or(u))return void u.then(n,i||(i=tr.bind(null,t=new ir,2)));u=u.v}t?tr(t,1,u):t=u}catch(r){tr(t||(t=new ir),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var u=function(){if(i){var u=o.recipients,a=u.push;return Promise.resolve(e.encryptCek(i)).then(function(r){a.call(u,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=ur(r,t)})}();if(u&&u.then)return u.then(function(){})});return Promise.resolve(a&&a.then?a.then(function(){return o}):o)}catch(r){return Promise.reject(r)}};function cr(r){var e=new c(r);return function(r,n){var t=h(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}var fr=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return lr(S(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}};function sr(r){var e=cr(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=k(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+b(t):i));return Promise.resolve(O({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function hr(r){var e=new c(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function lr(r,e){var n=function(n){try{var u=f(),a=cr(y(s(u.secretKey,r),i,t))(n),c={encrypted_key:b(a.ciphertext),header:{alg:t,iv:b(a.iv),tag:b(a.tag),epk:{kty:"OKP",crv:o,x:b(u.publicKey)}}};return e&&(c.header.kid=e),Promise.resolve(c)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=h(32);return Promise.resolve(sr(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return O({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}function vr(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=P(o.header.epk.x),a=y(s(r,u),256,e),c=J(o.encrypted_key,o.header.tag);return Promise.resolve(hr(a).decrypt(c,P(o.header.iv))).then(function(r){return null===r?null:hr(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}}export{W as EllipticSigner,D as NaclSigner,w as SimpleSigner,ar as createJWE,L as createJWS,F as createJWT,Q as decodeJWT,er as decryptJWE,fr as resolveX25519Encrypters,v as toEthereumAddress,rr as verifyJWS,z as verifyJWT,vr as x25519Decrypter,lr as x25519Encrypter,hr as xc20pDirDecrypter,sr as xc20pDirEncrypter}; | ||
| import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as u,verify as a}from"@stablelib/ed25519";import{XChaCha20Poly1305 as c}from"@stablelib/xchacha20poly1305";import{generateKeyPair as f,sharedKey as s}from"@stablelib/x25519";import{randomBytes as l}from"@stablelib/random";function h(r){return e(n(r))}function v(r){var e,i=n(r.slice(2),"base16");return"0x"+t((e=i,new Uint8Array(o.arrayBuffer(e))).slice(-20),"base16")}function d(r,e){void 0===e&&(e=new Uint8Array(4));var t=n(r.toString(),"base10");return e.set(t,4-t.length),e}var p=function(r){return i([d(r.length),r])};function y(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);var u=i([p(n(o)),p(new Uint8Array(0)),p(new Uint8Array(0)),d(t)]);return e(i([d(1),r,u]))}var g=new r("secp256k1");function m(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function w(r){r.startsWith("0x")&&(r=r.substring(2));var e=g.keyFromPrivate(r);return function(r){try{var n=e.sign(h(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:m(n.r.toString("hex")),s:m(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function b(r){return t(r,"base64url")}function P(r){return n(r,"base64url")}function E(r){return n(r,"base64pad")}function k(r){return n(r,"base58btc")}function S(r){return b(n(r))}function x(r){return t(P(r))}function K(r){return t(r,"base16")}function j(r){return n(r)}function A(r,e){var t=r.r,i=r.s,o=r.recoveryParam,u=new Uint8Array(e?65:64);if(u.set(n(t,"base16"),0),u.set(n(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");u[64]=o}return b(u)}function J(r,e){return i([P(r),P(e)])}function W(r){var e=w(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return A(r)})}catch(r){return Promise.reject(r)}}}function D(r){var e=E(r);return function(r){try{var n=j(r),t=b(u(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}}function T(){return(T=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var O=new r("secp256k1");function I(r,e){void 0===e&&(e=!1);var n=P(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:K(n.slice(0,32)),s:K(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function U(r){return r.publicKeyBase58?k(r.publicKeyBase58):r.publicKeyBase64?E(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function C(r,e,n){var t;if(e.length>86)t=[I(e,!0)];else{var i=I(e,!1);t=[T({},i,{recoveryParam:0}),T({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=h(r),i=O.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),u=i.encode("hex",!0),a=v(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===u||r.ethereumAddress===a})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function B(r,e,n){var t=j(r),i=P(e),o=n.find(function(r){return a(U(r),t,i)});if(!o)throw new Error("Signature invalid for JWT");return o}var X={ES256K:function(r,e,n){var t=h(r),i=I(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),u=n.filter(function(r){return void 0!==r.ethereumAddress}),a=o.find(function(r){try{var e=U(r);return O.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!a&&u.length>0&&(a=C(r,e,u)),!a)throw new Error("Signature invalid for JWT");return a},"ES256K-R":C,Ed25519:B,EdDSA:B};function N(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function H(r){return"object"==typeof r&&"r"in r&&"s"in r}function _(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(H(e))return A(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function V(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(H(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}N.toSignatureObject=I;var R={ES256K:_(),"ES256K-R":_(!0),Ed25519:V(),EdDSA:V()},z=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null,skewTime:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=Q(r),t=n.payload,i=n.header,o=n.signature,u=n.data;return Promise.resolve(function(r,e,n,t){try{var i=M[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),u=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!u||0===u.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!u||0===u.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:u,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var a=n.doc,c=n.issuer;return Promise.resolve(Y({header:i,data:u,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3),o=e.skewTime>=0?e.skewTime:$;if(n){var u=i+o;if(t.nbf){if(t.nbf>u)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>u)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-o)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:a,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},F=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,u=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(u){if("number"!=typeof u)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(u)}var c=T({},a,r,{iss:t});return L(c,i,n)}catch(r){return Promise.reject(r)}},L=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=Z);var t="string"==typeof r?r:q(r),i=[q(n),t].join("."),o=function(r){var e=R[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},M={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},Z="ES256K";function q(r){return S(JSON.stringify(r))}var $=300;function G(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function Q(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=G(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function Y(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),N(n.alg)(t,i,e)}function rr(r,e){return Y(G(r),e)}var er=function(r,e){try{var n=function(r){if(null===u)throw new Error("Failed to decrypt");return u};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(x(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=J(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),u=null,a="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,P(r.iv),o)).then(function(r){u=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(or(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!or(o)){t=1;break}o=o.s}if(e){var u=e();if(u&&u.then&&!or(u)){t=2;break}}}var a=new ir,c=tr.bind(null,a,2);return(0===t?i.then(s):1===t?o.then(f):u.then(l)).then(void 0,c),a;function f(t){o=t;do{if(e&&(u=e())&&u.then&&!or(u))return void u.then(l).then(void 0,c);if(!(i=r())||or(i)&&!i.v)return void tr(a,1,o);if(i.then)return void i.then(s).then(void 0,c);or(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):tr(a,1,o)}function l(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):tr(a,1,o)}}(function(){return!u&&n<r.recipients.length},function(){return n++},function(){var a=r.recipients[n];Object.assign(a.header,t);var c=function(){if(a.header.alg===e.alg)return Promise.resolve(e.decrypt(i,P(r.iv),o,a)).then(function(r){u=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(a&&a.then?a.then(n):n())}catch(r){return Promise.reject(r)}},nr="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function tr(r,e,n){if(!r.s){if(n instanceof ir){if(!n.s)return void(n.o=tr.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(tr.bind(null,r,e),tr.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var ir=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{tr(t,1,o(this.v))}catch(r){tr(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?tr(t,1,e?e(i):i):n?tr(t,1,n(i)):tr(t,2,i)}catch(r){tr(t,2,r)}},t},r}();function or(r){return r instanceof ir&&1&r.s}function ur(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:b(r.iv),ciphertext:b(n),tag:b(t)};return e&&(o.aad=b(e)),i&&(o.recipients=[i]),o}var ar=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return ur(r,t)})}var i,o,u=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===u},!0))throw new Error("Incompatible encrypters passed");var a=function(r,e,n){if("function"==typeof r[nr]){var t,i,o,u=r[nr]();if(function r(n){try{for(;!(t=u.next()).done;)if((n=e(t.value))&&n.then){if(!or(n))return void n.then(r,o||(o=tr.bind(null,i=new ir,2)));n=n.v}i?tr(i,1,n):i=n}catch(r){tr(i||(i=new ir),2,r)}}(),u.return){var a=function(r){try{t.done||u.return()}catch(r){}return r};if(i&&i.then)return i.then(a,function(r){throw a(r)});a()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(u){try{for(;++o<r.length;)if((u=e(o))&&u.then){if(!or(u))return void u.then(n,i||(i=tr.bind(null,t=new ir,2)));u=u.v}t?tr(t,1,u):t=u}catch(r){tr(t||(t=new ir),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var u=function(){if(i){var u=o.recipients,a=u.push;return Promise.resolve(e.encryptCek(i)).then(function(r){a.call(u,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=ur(r,t)})}();if(u&&u.then)return u.then(function(){})});return Promise.resolve(a&&a.then?a.then(function(){return o}):o)}catch(r){return Promise.reject(r)}};function cr(r){var e=new c(r);return function(r,n){var t=l(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}var fr=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return hr(k(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}};function sr(r){var e=cr(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=S(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+b(t):i));return Promise.resolve(T({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function lr(r){var e=new c(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function hr(r,e){var n=function(n){try{var u=f(),a=cr(y(s(u.secretKey,r),i,t))(n),c={encrypted_key:b(a.ciphertext),header:{alg:t,iv:b(a.iv),tag:b(a.tag),epk:{kty:"OKP",crv:o,x:b(u.publicKey)}}};return e&&(c.header.kid=e),Promise.resolve(c)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=l(32);return Promise.resolve(sr(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return T({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}function vr(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=P(o.header.epk.x),a=y(s(r,u),256,e),c=J(o.encrypted_key,o.header.tag);return Promise.resolve(lr(a).decrypt(c,P(o.header.iv))).then(function(r){return null===r?null:lr(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}}export{W as EllipticSigner,D as NaclSigner,w as SimpleSigner,ar as createJWE,L as createJWS,F as createJWT,Q as decodeJWT,er as decryptJWE,fr as resolveX25519Encrypters,v as toEthereumAddress,rr as verifyJWS,z as verifyJWT,vr as x25519Decrypter,hr as x25519Encrypter,lr as xc20pDirDecrypter,sr as xc20pDirEncrypter}; | ||
| //# sourceMappingURL=index.esm.js.map |
@@ -1,2 +0,2 @@ | ||
| var r=require("elliptic"),e=require("@stablelib/sha256"),n=require("uint8arrays"),t=require("js-sha3"),i=require("@stablelib/ed25519"),o=require("@stablelib/xchacha20poly1305"),a=require("@stablelib/x25519"),u=require("@stablelib/random");function c(r){return e.hash(n.fromString(r))}function f(r){var e,i=n.fromString(r.slice(2),"base16");return"0x"+n.toString((e=i,new Uint8Array(t.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function s(r,e){void 0===e&&(e=new Uint8Array(4));var t=n.fromString(r.toString(),"base10");return e.set(t,4-t.length),e}var h=function(r){return n.concat([s(r.length),r])};function l(r,t,i){if(256!==t)throw new Error("Unsupported key length: "+t);var o=n.concat([h(n.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),s(t)]);return e.hash(n.concat([s(1),r,o]))}var v=new r.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(c(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:d(n.r.toString("hex")),s:d(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function y(r){return n.toString(r,"base64url")}function g(r){return n.fromString(r,"base64url")}function m(r){return n.fromString(r,"base64pad")}function w(r){return n.fromString(r,"base58btc")}function b(r){return y(n.fromString(r))}function E(r){return n.toString(g(r))}function P(r){return n.toString(r,"base16")}function S(r){return n.fromString(r)}function x(r,e){var t=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(n.fromString(t,"base16"),0),a.set(n.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return y(a)}function k(r,e){return n.concat([g(r),g(e)])}function K(){return(K=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var j=new r.ec("secp256k1");function J(r,e){void 0===e&&(e=!1);var n=g(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:P(n.slice(0,32)),s:P(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function W(r){return r.publicKeyBase58?w(r.publicKeyBase58):r.publicKeyBase64?m(r.publicKeyBase64):r.publicKeyHex?n.fromString(r.publicKeyHex,"base16"):new Uint8Array}function A(r,e,n){var t;if(e.length>86)t=[J(e,!0)];else{var i=J(e,!1);t=[K({},i,{recoveryParam:0}),K({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=c(r),i=j.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=f(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function D(r,e,n){var t=S(r),o=g(e),a=n.find(function(r){return i.verify(W(r),t,o)});if(!a)throw new Error("Signature invalid for JWT");return a}var C={ES256K:function(r,e,n){var t=c(r),i=J(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=W(r);return j.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=A(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":A,Ed25519:D,EdDSA:D};function T(r){var e=C[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function O(r){return"object"==typeof r&&"r"in r&&"s"in r}function I(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(O(e))return x(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function U(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(O(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}T.toSignatureObject=J;var X={ES256K:I(),"ES256K-R":I(!0),Ed25519:U(),EdDSA:U()},B=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=q);var t="string"==typeof r?r:H(r),i=[H(n),t].join("."),o=function(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},N={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},q="ES256K";function H(r){return b(JSON.stringify(r))}function _(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(E(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function V(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=_(r);return Object.assign(e,{payload:JSON.parse(E(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function R(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),T(n.alg)(t,i,e)}var z="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function F(r,e,n){if(!r.s){if(n instanceof L){if(!n.s)return void(n.o=F.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(F.bind(null,r,e),F.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var L=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{F(t,1,o(this.v))}catch(r){F(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?F(t,1,e?e(i):i):n?F(t,1,n(i)):F(t,2,i)}catch(r){F(t,2,r)}},t},r}();function M(r){return r instanceof L&&1&r.s}function Z(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:y(r.iv),ciphertext:y(n),tag:y(t)};return e&&(o.aad=y(e)),i&&(o.recipients=[i]),o}function $(r){var e=new o.XChaCha20Poly1305(r);return function(r,n){var t=u.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function G(r){var e=$(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=b(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+y(t):i));return Promise.resolve(K({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Q(r){var e=new o.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function Y(r,e){var n=function(n){try{var u=a.generateKeyPair(),c=$(l(a.sharedKey(u.secretKey,r),i,t))(n),f={encrypted_key:y(c.ciphertext),header:{alg:t,iv:y(c.iv),tag:y(c.tag),epk:{kty:"OKP",crv:o,x:y(u.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=u.randomBytes(32);return Promise.resolve(G(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return K({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}exports.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return x(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=m(r);return function(r){try{var n=S(r),t=y(i.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=p,exports.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return Z(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[z]){var t,i,o,a=r[z]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!M(n))return void n.then(r,o||(o=F.bind(null,i=new L,2)));n=n.v}i?F(i,1,n):i=n}catch(r){F(i||(i=new L),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!M(a))return void a.then(n,i||(i=F.bind(null,t=new L,2)));a=a.v}t?F(t,1,a):t=a}catch(r){F(t||(t=new L),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=Z(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},exports.createJWS=B,exports.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=K({},u,r,{iss:t});return B(c,i,n)}catch(r){return Promise.reject(r)}},exports.decodeJWT=V,exports.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(E(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=k(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,g(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(M(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!M(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!M(a)){t=2;break}}}var u=new L,c=F.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(h)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!M(a))return void a.then(h).then(void 0,c);if(!(i=r())||M(i)&&!i.v)return void F(u,1,o);if(i.then)return void i.then(s).then(void 0,c);M(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):F(u,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):F(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,g(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},exports.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return Y(w(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},exports.toEthereumAddress=f,exports.verifyJWS=function(r,e){return R(_(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=V(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=N[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(R({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=g(o.header.epk.x),c=l(a.sharedKey(r,u),256,e),f=k(o.encrypted_key,o.header.tag);return Promise.resolve(Q(c).decrypt(f,g(o.header.iv))).then(function(r){return null===r?null:Q(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},exports.x25519Encrypter=Y,exports.xc20pDirDecrypter=Q,exports.xc20pDirEncrypter=G; | ||
| var r=require("elliptic"),e=require("@stablelib/sha256"),n=require("uint8arrays"),t=require("js-sha3"),i=require("@stablelib/ed25519"),o=require("@stablelib/xchacha20poly1305"),a=require("@stablelib/x25519"),u=require("@stablelib/random");function c(r){return e.hash(n.fromString(r))}function f(r){var e,i=n.fromString(r.slice(2),"base16");return"0x"+n.toString((e=i,new Uint8Array(t.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function s(r,e){void 0===e&&(e=new Uint8Array(4));var t=n.fromString(r.toString(),"base10");return e.set(t,4-t.length),e}var h=function(r){return n.concat([s(r.length),r])};function l(r,t,i){if(256!==t)throw new Error("Unsupported key length: "+t);var o=n.concat([h(n.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),s(t)]);return e.hash(n.concat([s(1),r,o]))}var v=new r.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(c(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:d(n.r.toString("hex")),s:d(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function y(r){return n.toString(r,"base64url")}function g(r){return n.fromString(r,"base64url")}function m(r){return n.fromString(r,"base64pad")}function w(r){return n.fromString(r,"base58btc")}function b(r){return y(n.fromString(r))}function E(r){return n.toString(g(r))}function P(r){return n.toString(r,"base16")}function S(r){return n.fromString(r)}function x(r,e){var t=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(n.fromString(t,"base16"),0),a.set(n.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return y(a)}function k(r,e){return n.concat([g(r),g(e)])}function K(){return(K=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var j=new r.ec("secp256k1");function J(r,e){void 0===e&&(e=!1);var n=g(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:P(n.slice(0,32)),s:P(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function W(r){return r.publicKeyBase58?w(r.publicKeyBase58):r.publicKeyBase64?m(r.publicKeyBase64):r.publicKeyHex?n.fromString(r.publicKeyHex,"base16"):new Uint8Array}function A(r,e,n){var t;if(e.length>86)t=[J(e,!0)];else{var i=J(e,!1);t=[K({},i,{recoveryParam:0}),K({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=c(r),i=j.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=f(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function D(r,e,n){var t=S(r),o=g(e),a=n.find(function(r){return i.verify(W(r),t,o)});if(!a)throw new Error("Signature invalid for JWT");return a}var T={ES256K:function(r,e,n){var t=c(r),i=J(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=W(r);return j.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=A(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":A,Ed25519:D,EdDSA:D};function C(r){var e=T[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function O(r){return"object"==typeof r&&"r"in r&&"s"in r}function I(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(O(e))return x(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function U(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(O(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}C.toSignatureObject=J;var X={ES256K:I(),"ES256K-R":I(!0),Ed25519:U(),EdDSA:U()},B=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=q);var t="string"==typeof r?r:H(r),i=[H(n),t].join("."),o=function(r){var e=X[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},N={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},q="ES256K";function H(r){return b(JSON.stringify(r))}function _(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(E(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function V(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=_(r);return Object.assign(e,{payload:JSON.parse(E(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function R(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),C(n.alg)(t,i,e)}var z="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function F(r,e,n){if(!r.s){if(n instanceof L){if(!n.s)return void(n.o=F.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(F.bind(null,r,e),F.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var L=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{F(t,1,o(this.v))}catch(r){F(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?F(t,1,e?e(i):i):n?F(t,1,n(i)):F(t,2,i)}catch(r){F(t,2,r)}},t},r}();function M(r){return r instanceof L&&1&r.s}function Z(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:y(r.iv),ciphertext:y(n),tag:y(t)};return e&&(o.aad=y(e)),i&&(o.recipients=[i]),o}function $(r){var e=new o.XChaCha20Poly1305(r);return function(r,n){var t=u.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function G(r){var e=$(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=b(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+y(t):i));return Promise.resolve(K({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Q(r){var e=new o.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function Y(r,e){var n=function(n){try{var u=a.generateKeyPair(),c=$(l(a.sharedKey(u.secretKey,r),i,t))(n),f={encrypted_key:y(c.ciphertext),header:{alg:t,iv:y(c.iv),tag:y(c.tag),epk:{kty:"OKP",crv:o,x:y(u.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=u.randomBytes(32);return Promise.resolve(G(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return K({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}exports.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return x(r)})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=m(r);return function(r){try{var n=S(r),t=y(i.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},exports.SimpleSigner=p,exports.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return Z(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[z]){var t,i,o,a=r[z]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!M(n))return void n.then(r,o||(o=F.bind(null,i=new L,2)));n=n.v}i?F(i,1,n):i=n}catch(r){F(i||(i=new L),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!M(a))return void a.then(n,i||(i=F.bind(null,t=new L,2)));a=a.v}t?F(t,1,a):t=a}catch(r){F(t||(t=new L),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=Z(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},exports.createJWS=B,exports.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=K({},u,r,{iss:t});return B(c,i,n)}catch(r){return Promise.reject(r)}},exports.decodeJWT=V,exports.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(E(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=k(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,g(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(M(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!M(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!M(a)){t=2;break}}}var u=new L,c=F.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(h)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!M(a))return void a.then(h).then(void 0,c);if(!(i=r())||M(i)&&!i.v)return void F(u,1,o);if(i.then)return void i.then(s).then(void 0,c);M(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):F(u,1,o)}function h(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):F(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,g(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},exports.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return Y(w(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},exports.toEthereumAddress=f,exports.verifyJWS=function(r,e){return R(_(r),e)},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null,skewTime:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=V(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=N[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(R({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3),o=e.skewTime>=0?e.skewTime:300;if(n){var a=i+o;if(t.nbf){if(t.nbf>a)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>a)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-o)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},exports.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var u=g(o.header.epk.x),c=l(a.sharedKey(r,u),256,e),f=k(o.encrypted_key,o.header.tag);return Promise.resolve(Q(c).decrypt(f,g(o.header.iv))).then(function(r){return null===r?null:Q(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},exports.x25519Encrypter=Y,exports.xc20pDirDecrypter=Q,exports.xc20pDirEncrypter=G; | ||
| //# sourceMappingURL=index.js.map |
@@ -1,2 +0,2 @@ | ||
| import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as a,verify as c}from"@stablelib/ed25519";import{XChaCha20Poly1305 as s}from"@stablelib/xchacha20poly1305";import{generateKeyPair as u,sharedKey as f}from"@stablelib/x25519";import{randomBytes as l}from"@stablelib/random";function d(r){return e(n(r))}function p(r){const e=n(r.slice(2),"base16");return"0x"+t((i=e,new Uint8Array(o.arrayBuffer(i))).slice(-20),"base16");var i}function y(r,e=new Uint8Array(4)){const t=n(r.toString(),"base10");return e.set(t,4-t.length),e}const h=r=>i([y(r.length),r]);function w(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);const a=i([h(n(o)),h(new Uint8Array(0)),h(new Uint8Array(0)),y(t)]);return e(i([y(1),r,a]))}const g=new r("secp256k1");function b(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function E(r){r.startsWith("0x")&&(r=r.substring(2));const e=g.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:i}=e.sign(d(r));return{r:b(n.toString("hex")),s:b(t.toString("hex")),recoveryParam:i}}}function m(r){return t(r,"base64url")}function v(r){return n(r,"base64url")}function S(r){return n(r,"base64pad")}function k(r){return n(r,"base58btc")}function K(r){return m(n(r))}function x(r){return t(v(r))}function A(r){return t(r,"base16")}function J(r){return n(r)}function P({r,s:e,recoveryParam:t},i){const o=new Uint8Array(i?65:64);if(o.set(n(r,"base16"),0),o.set(n(e,"base16"),32),i){if(void 0===t)throw new Error("Signer did not return a recoveryParam");o[64]=t}return m(o)}function W(r,e){return i([v(r),v(e)])}function D(r){const e=E(r);return async r=>P(await e(r))}function I(r){const e=S(r);return async r=>{const n=J(r);return m(a(e,n))}}function O(){return(O=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}const U=new r("secp256k1");function C(r,e=!1){const n=v(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:A(n.slice(0,32)),s:A(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function j(r){return r.publicKeyBase58?k(r.publicKeyBase58):r.publicKeyBase64?S(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function T(r,e,n){let t;if(e.length>86)t=[C(e,!0)];else{const r=C(e,!1);t=[O({},r,{recoveryParam:0}),O({},r,{recoveryParam:1})]}const i=t.map(e=>{const t=d(r),i=U.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),c=p(o);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===o||r===a||e===c)}).filter(r=>null!=r);if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}function $(r,e,n){const t=J(r),i=v(e),o=n.find(r=>c(j(r),t,i));if(!o)throw new Error("Signature invalid for JWT");return o}const B={ES256K:function(r,e,n){const t=d(r),i=C(e),o=n.filter(({ethereumAddress:r})=>void 0===r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let c=o.find(r=>{try{const e=j(r);return U.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!c&&a.length>0&&(c=T(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":T,Ed25519:$,EdDSA:$};function X(r){const e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function N(r){return"object"==typeof r&&"r"in r&&"s"in r}function H(r){return async function(e,n){const t=await n(e);if(N(t))return P(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}function _(){return async function(r,e){const n=await e(r);if(N(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}}X.toSignatureObject=C;const V={ES256K:H(),"ES256K-R":H(!0),Ed25519:_(),EdDSA:_()},R={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function z(r){return K(JSON.stringify(r))}function F(r){const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWS")}function L(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{const e=F(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}async function M(r,e,n={}){n.alg||(n.alg="ES256K");const t="string"==typeof r?r:z(r),i=[z(n),t].join("."),o=function(r){const e=V[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[i,await o(i,e)].join(".")}async function Z(r,{issuer:e,signer:n,alg:t,expiresIn:i},o={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");o.typ||(o.typ="JWT"),o.alg||(o.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(i)}return M(O({},a,r,{iss:e}),n,o)}function q({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),X(r.alg)(e,n,t)}function G(r,e){return q(F(r),e)}async function Q(r,e={resolver:null,auth:null,audience:null,callbackUrl:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:i,data:o}=L(r),{doc:a,authenticators:c,issuer:s}=await async function(r,e,n,t){const i=R[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);const o=await r.resolve(n);if(!o)throw new Error("Unable to resolve DID document for "+n);const a=!t||(o.authentication||[]).map(({publicKey:r})=>r),c=(o.publicKey||[]).filter(({type:r,id:e})=>i.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:o}}(e.resolver,t.alg,n.iss,e.auth),u=await q({header:t,data:o,signature:i},c),f=Math.floor(Date.now()/1e3);if(u){const t=f+300;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-300)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:s,signer:u,jwt:r}}}function Y({ciphertext:r,tag:e,iv:n,protectedHeader:t,recipient:i},o){const a={protected:t,iv:m(n),ciphertext:m(r),tag:m(e)};return o&&(a.aad=m(o)),i&&(a.recipients=[i]),a}async function rr(r,e,n={},t){if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Y(await e[0].encrypt(r,n,t),t)}{const i=e[0].enc;if(!e.reduce((r,e)=>r&&e.enc===i,!0))throw new Error("Incompatible encrypters passed");let o,a;for(const i of e)if(o)a.recipients.push(await i.encryptCek(o));else{const e=await i.encrypt(r,n,t);o=e.cek,a=Y(e,t)}return a}}async function er(r,e){!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(r=>{if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);const n=JSON.parse(x(r.protected));if(n.enc!==e.enc)throw new Error(`Decrypter does not support: '${n.enc}'`);const t=W(r.ciphertext,r.tag),i=new Uint8Array(Buffer.from(r.aad?`${r.protected}.${r.aad}`:r.protected));let o=null;if("dir"===n.alg&&"dir"===e.alg)o=await e.decrypt(t,v(r.iv),i);else{if(!r.recipients||0===r.recipients.length)throw new Error("Invalid JWE");for(let a=0;!o&&a<r.recipients.length;a++){const c=r.recipients[a];Object.assign(c.header,n),c.header.alg===e.alg&&(o=await e.decrypt(t,v(r.iv),i,c))}}if(null===o)throw new Error("Failed to decrypt");return o}function nr(r){const e=new s(r);return(r,n)=>{const t=l(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function tr(r){const e=nr(r);return{alg:"dir",enc:"XC20P",encrypt:async function(r,n={},t){const i=K(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?`${i}.${m(t)}`:i));return O({},e(r,o),{protectedHeader:i})}}}function ir(r){const e=new s(r);return{alg:"dir",enc:"XC20P",decrypt:async function(r,n,t){return e.open(n,r,t)}}}function or(r,e){const n="ECDH-ES+XC20PKW";async function t(t){const i=u(),o=nr(w(f(i.secretKey,r),256,n))(t),a={encrypted_key:m(o.ciphertext),header:{alg:n,iv:m(o.iv),tag:m(o.tag),epk:{kty:"OKP",crv:"X25519",x:m(i.publicKey)}}};return e&&(a.header.kid=e),a}return{alg:n,enc:"XC20P",encrypt:async function(r,e={},n){Object.assign(e,{alg:void 0});const i=l(32);return O({},await tr(i).encrypt(r,e,n),{recipient:await t(i),cek:i})},encryptCek:t}}async function ar(r,e){return Promise.all(r.map(async r=>{var n;const t=await e.resolve(r);if(!t.keyAgreement)throw new Error("Could not find x25519 key for "+r);const i=(null==(n=t.keyAgreement)?void 0:n.map(r=>"string"==typeof r?t.publicKey.find(e=>e.id===r):r)).find(r=>"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58));if(!i)throw new Error("Could not find x25519 key for "+r);return or(k(i.publicKeyBase58),i.id)}))}function cr(r){const e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:async function(n,t,i,o){if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return null;const a=v(o.header.epk.x),c=w(f(r,a),256,e),s=W(o.encrypted_key,o.header.tag),u=await ir(c).decrypt(s,v(o.header.iv));return null===u?null:ir(u).decrypt(n,t,i)}}}export{D as EllipticSigner,I as NaclSigner,E as SimpleSigner,rr as createJWE,M as createJWS,Z as createJWT,L as decodeJWT,er as decryptJWE,ar as resolveX25519Encrypters,p as toEthereumAddress,G as verifyJWS,Q as verifyJWT,cr as x25519Decrypter,or as x25519Encrypter,ir as xc20pDirDecrypter,tr as xc20pDirEncrypter}; | ||
| import{ec as r}from"elliptic";import{hash as e}from"@stablelib/sha256";import{fromString as n,toString as t,concat as i}from"uint8arrays";import{keccak_256 as o}from"js-sha3";import{sign as a,verify as c}from"@stablelib/ed25519";import{XChaCha20Poly1305 as s}from"@stablelib/xchacha20poly1305";import{generateKeyPair as u,sharedKey as f}from"@stablelib/x25519";import{randomBytes as l}from"@stablelib/random";function d(r){return e(n(r))}function p(r){const e=n(r.slice(2),"base16");return"0x"+t((i=e,new Uint8Array(o.arrayBuffer(i))).slice(-20),"base16");var i}function y(r,e=new Uint8Array(4)){const t=n(r.toString(),"base10");return e.set(t,4-t.length),e}const h=r=>i([y(r.length),r]);function w(r,t,o){if(256!==t)throw new Error("Unsupported key length: "+t);const a=i([h(n(o)),h(new Uint8Array(0)),h(new Uint8Array(0)),y(t)]);return e(i([y(1),r,a]))}const g=new r("secp256k1");function b(r,e=64){return r.length===e?r:"0".repeat(e-r.length)+r}function E(r){r.startsWith("0x")&&(r=r.substring(2));const e=g.keyFromPrivate(r);return async r=>{const{r:n,s:t,recoveryParam:i}=e.sign(d(r));return{r:b(n.toString("hex")),s:b(t.toString("hex")),recoveryParam:i}}}function m(r){return t(r,"base64url")}function v(r){return n(r,"base64url")}function k(r){return n(r,"base64pad")}function S(r){return n(r,"base58btc")}function K(r){return m(n(r))}function x(r){return t(v(r))}function A(r){return t(r,"base16")}function J(r){return n(r)}function P({r,s:e,recoveryParam:t},i){const o=new Uint8Array(i?65:64);if(o.set(n(r,"base16"),0),o.set(n(e,"base16"),32),i){if(void 0===t)throw new Error("Signer did not return a recoveryParam");o[64]=t}return m(o)}function W(r,e){return i([v(r),v(e)])}function D(r){const e=E(r);return async r=>P(await e(r))}function T(r){const e=k(r);return async r=>{const n=J(r);return m(a(e,n))}}function I(){return(I=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}const O=new r("secp256k1");function U(r,e=!1){const n=v(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");const t={r:A(n.slice(0,32)),s:A(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function C(r){return r.publicKeyBase58?S(r.publicKeyBase58):r.publicKeyBase64?k(r.publicKeyBase64):r.publicKeyHex?n(r.publicKeyHex,"base16"):new Uint8Array}function j(r,e,n){let t;if(e.length>86)t=[U(e,!0)];else{const r=U(e,!1);t=[I({},r,{recoveryParam:0}),I({},r,{recoveryParam:1})]}const i=t.map(e=>{const t=d(r),i=O.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),c=p(o);return n.find(({publicKeyHex:r,ethereumAddress:e})=>r===o||r===a||e===c)}).filter(r=>null!=r);if(0===i.length)throw new Error("Signature invalid for JWT");return i[0]}function $(r,e,n){const t=J(r),i=v(e),o=n.find(r=>c(C(r),t,i));if(!o)throw new Error("Signature invalid for JWT");return o}const B={ES256K:function(r,e,n){const t=d(r),i=U(e),o=n.filter(({ethereumAddress:r})=>void 0===r),a=n.filter(({ethereumAddress:r})=>void 0!==r);let c=o.find(r=>{try{const e=C(r);return O.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!c&&a.length>0&&(c=j(r,e,a)),!c)throw new Error("Signature invalid for JWT");return c},"ES256K-R":j,Ed25519:$,EdDSA:$};function X(r){const e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function N(r){return"object"==typeof r&&"r"in r&&"s"in r}function H(r){return async function(e,n){const t=await n(e);if(N(t))return P(t,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return t}}function _(){return async function(r,e){const n=await e(r);if(N(n))throw new Error("expected a signer function that returns a string instead of signature object");return n}}X.toSignatureObject=U;const V={ES256K:H(),"ES256K-R":H(!0),Ed25519:_(),EdDSA:_()},R={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function z(r){return K(JSON.stringify(r))}function F(r){const e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(x(e[1])),payload:e[2],signature:e[3],data:`${e[1]}.${e[2]}`};throw new Error("Incorrect format JWS")}function L(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{const e=F(r);return Object.assign(e,{payload:JSON.parse(x(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}async function M(r,e,n={}){n.alg||(n.alg="ES256K");const t="string"==typeof r?r:z(r),i=[z(n),t].join("."),o=function(r){const e=V[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return[i,await o(i,e)].join(".")}async function Z(r,{issuer:e,signer:n,alg:t,expiresIn:i},o={}){if(!n)throw new Error("No Signer functionality has been configured");if(!e)throw new Error("No issuing DID has been configured");o.typ||(o.typ="JWT"),o.alg||(o.alg=t);const a={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");a.exp=(r.nbf||a.iat)+Math.floor(i)}return M(I({},a,r,{iss:e}),n,o)}function q({header:r,data:e,signature:n},t){return Array.isArray(t)||(t=[t]),X(r.alg)(e,n,t)}function G(r,e){return q(F(r),e)}async function Q(r,e={resolver:null,auth:null,audience:null,callbackUrl:null,skewTime:null}){if(!e.resolver)throw new Error("No DID resolver has been configured");const{payload:n,header:t,signature:i,data:o}=L(r),{doc:a,authenticators:c,issuer:s}=await async function(r,e,n,t){const i=R[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);const o=await r.resolve(n);if(!o)throw new Error("Unable to resolve DID document for "+n);const a=!t||(o.authentication||[]).map(({publicKey:r})=>r),c=(o.publicKey||[]).filter(({type:r,id:e})=>i.find(n=>n===r&&(!t||Array.isArray(a)&&a.indexOf(e)>=0)));if(t&&(!c||0===c.length))throw new Error(`DID document for ${n} does not have public keys suitable for authenticationg user`);if(!c||0===c.length)throw new Error(`DID document for ${n} does not have public keys for ${e}`);return{authenticators:c,issuer:n,doc:o}}(e.resolver,t.alg,n.iss,e.auth),u=await q({header:t,data:o,signature:i},c),f=Math.floor(Date.now()/1e3),l=e.skewTime>=0?e.skewTime:300;if(u){const t=f+l;if(n.nbf){if(n.nbf>t)throw new Error("JWT not valid before nbf: "+n.nbf)}else if(n.iat&&n.iat>t)throw new Error("JWT not valid yet (issued in the future) iat: "+n.iat);if(n.exp&&n.exp<=f-l)throw new Error(`JWT has expired: exp: ${n.exp} < now: ${f}`);if(n.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(n.aud)?n.aud:[n.aud]).find(r=>e.audience===r||e.callbackUrl===r))throw new Error("JWT audience does not match your DID or callback url")}return{payload:n,doc:a,issuer:s,signer:u,jwt:r}}}function Y({ciphertext:r,tag:e,iv:n,protectedHeader:t,recipient:i},o){const a={protected:t,iv:m(n),ciphertext:m(r),tag:m(e)};return o&&(a.aad=m(o)),i&&(a.recipients=[i]),a}async function rr(r,e,n={},t){if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Y(await e[0].encrypt(r,n,t),t)}{const i=e[0].enc;if(!e.reduce((r,e)=>r&&e.enc===i,!0))throw new Error("Incompatible encrypters passed");let o,a;for(const i of e)if(o)a.recipients.push(await i.encryptCek(o));else{const e=await i.encrypt(r,n,t);o=e.cek,a=Y(e,t)}return a}}async function er(r,e){!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(r=>{if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);const n=JSON.parse(x(r.protected));if(n.enc!==e.enc)throw new Error(`Decrypter does not support: '${n.enc}'`);const t=W(r.ciphertext,r.tag),i=new Uint8Array(Buffer.from(r.aad?`${r.protected}.${r.aad}`:r.protected));let o=null;if("dir"===n.alg&&"dir"===e.alg)o=await e.decrypt(t,v(r.iv),i);else{if(!r.recipients||0===r.recipients.length)throw new Error("Invalid JWE");for(let a=0;!o&&a<r.recipients.length;a++){const c=r.recipients[a];Object.assign(c.header,n),c.header.alg===e.alg&&(o=await e.decrypt(t,v(r.iv),i,c))}}if(null===o)throw new Error("Failed to decrypt");return o}function nr(r){const e=new s(r);return(r,n)=>{const t=l(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function tr(r){const e=nr(r);return{alg:"dir",enc:"XC20P",encrypt:async function(r,n={},t){const i=K(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?`${i}.${m(t)}`:i));return I({},e(r,o),{protectedHeader:i})}}}function ir(r){const e=new s(r);return{alg:"dir",enc:"XC20P",decrypt:async function(r,n,t){return e.open(n,r,t)}}}function or(r,e){const n="ECDH-ES+XC20PKW";async function t(t){const i=u(),o=nr(w(f(i.secretKey,r),256,n))(t),a={encrypted_key:m(o.ciphertext),header:{alg:n,iv:m(o.iv),tag:m(o.tag),epk:{kty:"OKP",crv:"X25519",x:m(i.publicKey)}}};return e&&(a.header.kid=e),a}return{alg:n,enc:"XC20P",encrypt:async function(r,e={},n){Object.assign(e,{alg:void 0});const i=l(32);return I({},await tr(i).encrypt(r,e,n),{recipient:await t(i),cek:i})},encryptCek:t}}async function ar(r,e){return Promise.all(r.map(async r=>{var n;const t=await e.resolve(r);if(!t.keyAgreement)throw new Error("Could not find x25519 key for "+r);const i=(null==(n=t.keyAgreement)?void 0:n.map(r=>"string"==typeof r?t.publicKey.find(e=>e.id===r):r)).find(r=>"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58));if(!i)throw new Error("Could not find x25519 key for "+r);return or(S(i.publicKeyBase58),i.id)}))}function cr(r){const e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:async function(n,t,i,o){if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return null;const a=v(o.header.epk.x),c=w(f(r,a),256,e),s=W(o.encrypted_key,o.header.tag),u=await ir(c).decrypt(s,v(o.header.iv));return null===u?null:ir(u).decrypt(n,t,i)}}}export{D as EllipticSigner,T as NaclSigner,E as SimpleSigner,rr as createJWE,M as createJWS,Z as createJWT,L as decodeJWT,er as decryptJWE,ar as resolveX25519Encrypters,p as toEthereumAddress,G as verifyJWS,Q as verifyJWT,cr as x25519Decrypter,or as x25519Encrypter,ir as xc20pDirDecrypter,tr as xc20pDirEncrypter}; | ||
| //# sourceMappingURL=index.modern.js.map |
@@ -1,2 +0,2 @@ | ||
| !function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("@stablelib/sha256"),require("uint8arrays"),require("js-sha3"),require("@stablelib/ed25519"),require("@stablelib/xchacha20poly1305"),require("@stablelib/x25519"),require("@stablelib/random")):"function"==typeof define&&define.amd?define(["exports","elliptic","@stablelib/sha256","uint8arrays","js-sha3","@stablelib/ed25519","@stablelib/xchacha20poly1305","@stablelib/x25519","@stablelib/random"],e):e((r=r||self).didJwt={},r.elliptic,r.sha256$1,r.uint8Arrays,r.jsSha3,r.ed25519,r.xchacha20poly1305,r.x25519,r.random)}(this,function(r,e,n,t,i,o,a,u,c){function f(r){return n.hash(t.fromString(r))}function s(r){var e,n=t.fromString(r.slice(2),"base16");return"0x"+t.toString((e=n,new Uint8Array(i.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function l(r,e){void 0===e&&(e=new Uint8Array(4));var n=t.fromString(r.toString(),"base10");return e.set(n,4-n.length),e}var h=function(r){return t.concat([l(r.length),r])};function d(r,e,i){if(256!==e)throw new Error("Unsupported key length: "+e);var o=t.concat([h(t.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),l(e)]);return n.hash(t.concat([l(1),r,o]))}var v=new e.ec("secp256k1");function y(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(f(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:y(n.r.toString("hex")),s:y(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function g(r){return t.toString(r,"base64url")}function m(r){return t.fromString(r,"base64url")}function w(r){return t.fromString(r,"base64pad")}function b(r){return t.fromString(r,"base58btc")}function E(r){return g(t.fromString(r))}function P(r){return t.toString(m(r))}function S(r){return t.toString(r,"base16")}function x(r){return t.fromString(r)}function k(r,e){var n=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(t.fromString(n,"base16"),0),a.set(t.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return g(a)}function K(r,e){return t.concat([m(r),m(e)])}function j(){return(j=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var J=new e.ec("secp256k1");function W(r,e){void 0===e&&(e=!1);var n=m(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:S(n.slice(0,32)),s:S(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function A(r){return r.publicKeyBase58?b(r.publicKeyBase58):r.publicKeyBase64?w(r.publicKeyBase64):r.publicKeyHex?t.fromString(r.publicKeyHex,"base16"):new Uint8Array}function D(r,e,n){var t;if(e.length>86)t=[W(e,!0)];else{var i=W(e,!1);t=[j({},i,{recoveryParam:0}),j({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=f(r),i=J.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=s(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function C(r,e,n){var t=x(r),i=m(e),a=n.find(function(r){return o.verify(A(r),t,i)});if(!a)throw new Error("Signature invalid for JWT");return a}var T={ES256K:function(r,e,n){var t=f(r),i=W(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=A(r);return J.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=D(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":D,Ed25519:C,EdDSA:C};function O(r){var e=T[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function I(r){return"object"==typeof r&&"r"in r&&"s"in r}function U(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(I(e))return k(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function X(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(I(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}O.toSignatureObject=W;var B={ES256K:U(),"ES256K-R":U(!0),Ed25519:X(),EdDSA:X()},N=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=H);var t="string"==typeof r?r:_(r),i=[_(n),t].join("."),o=function(r){var e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},q={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},H="ES256K";function _(r){return E(JSON.stringify(r))}function V(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(P(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function R(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=V(r);return Object.assign(e,{payload:JSON.parse(P(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function z(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),O(n.alg)(t,i,e)}var F="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function L(r,e,n){if(!r.s){if(n instanceof M){if(!n.s)return void(n.o=L.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(L.bind(null,r,e),L.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var M=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{L(t,1,o(this.v))}catch(r){L(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?L(t,1,e?e(i):i):n?L(t,1,n(i)):L(t,2,i)}catch(r){L(t,2,r)}},t},r}();function Z(r){return r instanceof M&&1&r.s}function $(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:g(r.iv),ciphertext:g(n),tag:g(t)};return e&&(o.aad=g(e)),i&&(o.recipients=[i]),o}function G(r){var e=new a.XChaCha20Poly1305(r);return function(r,n){var t=c.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function Q(r){var e=G(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=E(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+g(t):i));return Promise.resolve(j({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Y(r){var e=new a.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function rr(r,e){var n=function(n){try{var a=u.generateKeyPair(),c=G(d(u.sharedKey(a.secretKey,r),i,t))(n),f={encrypted_key:g(c.ciphertext),header:{alg:t,iv:g(c.iv),tag:g(c.tag),epk:{kty:"OKP",crv:o,x:g(a.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=c.randomBytes(32);return Promise.resolve(Q(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return j({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}r.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return k(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=w(r);return function(r){try{var n=x(r),t=g(o.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=p,r.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return $(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[F]){var t,i,o,a=r[F]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!Z(n))return void n.then(r,o||(o=L.bind(null,i=new M,2)));n=n.v}i?L(i,1,n):i=n}catch(r){L(i||(i=new M),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!Z(a))return void a.then(n,i||(i=L.bind(null,t=new M,2)));a=a.v}t?L(t,1,a):t=a}catch(r){L(t||(t=new M),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=$(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},r.createJWS=N,r.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=j({},u,r,{iss:t});return N(c,i,n)}catch(r){return Promise.reject(r)}},r.decodeJWT=R,r.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(P(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=K(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,m(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(Z(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!Z(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!Z(a)){t=2;break}}}var u=new M,c=L.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(l)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!Z(a))return void a.then(l).then(void 0,c);if(!(i=r())||Z(i)&&!i.v)return void L(u,1,o);if(i.then)return void i.then(s).then(void 0,c);Z(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):L(u,1,o)}function l(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):L(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,m(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},r.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return rr(b(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},r.toEthereumAddress=s,r.verifyJWS=function(r,e){return z(V(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=R(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=q[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(z({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3);if(n){var o=i+300;if(t.nbf){if(t.nbf>o)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>o)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-300)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=m(o.header.epk.x),c=d(u.sharedKey(r,a),256,e),f=K(o.encrypted_key,o.header.tag);return Promise.resolve(Y(c).decrypt(f,m(o.header.iv))).then(function(r){return null===r?null:Y(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},r.x25519Encrypter=rr,r.xc20pDirDecrypter=Y,r.xc20pDirEncrypter=Q}); | ||
| !function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("elliptic"),require("@stablelib/sha256"),require("uint8arrays"),require("js-sha3"),require("@stablelib/ed25519"),require("@stablelib/xchacha20poly1305"),require("@stablelib/x25519"),require("@stablelib/random")):"function"==typeof define&&define.amd?define(["exports","elliptic","@stablelib/sha256","uint8arrays","js-sha3","@stablelib/ed25519","@stablelib/xchacha20poly1305","@stablelib/x25519","@stablelib/random"],e):e((r=r||self).didJwt={},r.elliptic,r.sha256$1,r.uint8Arrays,r.jsSha3,r.ed25519,r.xchacha20poly1305,r.x25519,r.random)}(this,function(r,e,n,t,i,o,a,u,c){function f(r){return n.hash(t.fromString(r))}function s(r){var e,n=t.fromString(r.slice(2),"base16");return"0x"+t.toString((e=n,new Uint8Array(i.keccak_256.arrayBuffer(e))).slice(-20),"base16")}function l(r,e){void 0===e&&(e=new Uint8Array(4));var n=t.fromString(r.toString(),"base10");return e.set(n,4-n.length),e}var h=function(r){return t.concat([l(r.length),r])};function d(r,e,i){if(256!==e)throw new Error("Unsupported key length: "+e);var o=t.concat([h(t.fromString(i)),h(new Uint8Array(0)),h(new Uint8Array(0)),l(e)]);return n.hash(t.concat([l(1),r,o]))}var v=new e.ec("secp256k1");function y(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function p(r){r.startsWith("0x")&&(r=r.substring(2));var e=v.keyFromPrivate(r);return function(r){try{var n=e.sign(f(r)),t=n.s,i=n.recoveryParam;return Promise.resolve({r:y(n.r.toString("hex")),s:y(t.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}}function g(r){return t.toString(r,"base64url")}function m(r){return t.fromString(r,"base64url")}function w(r){return t.fromString(r,"base64pad")}function b(r){return t.fromString(r,"base58btc")}function E(r){return g(t.fromString(r))}function P(r){return t.toString(m(r))}function S(r){return t.toString(r,"base16")}function x(r){return t.fromString(r)}function k(r,e){var n=r.r,i=r.s,o=r.recoveryParam,a=new Uint8Array(e?65:64);if(a.set(t.fromString(n,"base16"),0),a.set(t.fromString(i,"base16"),32),e){if(void 0===o)throw new Error("Signer did not return a recoveryParam");a[64]=o}return g(a)}function K(r,e){return t.concat([m(r),m(e)])}function j(){return(j=Object.assign||function(r){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var t in n)Object.prototype.hasOwnProperty.call(n,t)&&(r[t]=n[t])}return r}).apply(this,arguments)}var J=new e.ec("secp256k1");function W(r,e){void 0===e&&(e=!1);var n=m(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:S(n.slice(0,32)),s:S(n.slice(32,64))};return e&&(t.recoveryParam=n[64]),t}function A(r){return r.publicKeyBase58?b(r.publicKeyBase58):r.publicKeyBase64?w(r.publicKeyBase64):r.publicKeyHex?t.fromString(r.publicKeyHex,"base16"):new Uint8Array}function D(r,e,n){var t;if(e.length>86)t=[W(e,!0)];else{var i=W(e,!1);t=[j({},i,{recoveryParam:0}),j({},i,{recoveryParam:1})]}var o=t.map(function(e){var t=f(r),i=J.recoverPubKey(t,e,e.recoveryParam),o=i.encode("hex"),a=i.encode("hex",!0),u=s(o);return n.find(function(r){var e=r.publicKeyHex;return e===o||e===a||r.ethereumAddress===u})}).filter(function(r){return null!=r});if(0===o.length)throw new Error("Signature invalid for JWT");return o[0]}function T(r,e,n){var t=x(r),i=m(e),a=n.find(function(r){return o.verify(A(r),t,i)});if(!a)throw new Error("Signature invalid for JWT");return a}var C={ES256K:function(r,e,n){var t=f(r),i=W(e),o=n.filter(function(r){return void 0===r.ethereumAddress}),a=n.filter(function(r){return void 0!==r.ethereumAddress}),u=o.find(function(r){try{var e=A(r);return J.keyFromPublic(e).verify(t,i)}catch(r){return!1}});if(!u&&a.length>0&&(u=D(r,e,a)),!u)throw new Error("Signature invalid for JWT");return u},"ES256K-R":D,Ed25519:T,EdDSA:T};function O(r){var e=C[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function I(r){return"object"==typeof r&&"r"in r&&"s"in r}function U(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(I(e))return k(e,r);if(r)throw new Error("ES256K-R not supported when signer function returns string");return e})}catch(r){return Promise.reject(r)}}}function X(){return function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(I(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}}O.toSignatureObject=W;var B={ES256K:U(),"ES256K-R":U(!0),Ed25519:X(),EdDSA:X()},N=function(r,e,n){void 0===n&&(n={});try{n.alg||(n.alg=H);var t="string"==typeof r?r:_(r),i=[_(n),t].join("."),o=function(r){var e=B[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(n.alg);return Promise.resolve(o(i,e)).then(function(r){return[i,r].join(".")})}catch(r){return Promise.reject(r)}},q={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]},H="ES256K";function _(r){return E(JSON.stringify(r))}function V(r){var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(P(e[1])),payload:e[2],signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWS")}function R(r){if(!r)throw new Error("no JWT passed into decodeJWT");try{var e=V(r);return Object.assign(e,{payload:JSON.parse(P(e.payload))})}catch(r){throw new Error("Incorrect format JWT")}}function z(r,e){var n=r.header,t=r.data,i=r.signature;return Array.isArray(e)||(e=[e]),O(n.alg)(t,i,e)}var F="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function L(r,e,n){if(!r.s){if(n instanceof M){if(!n.s)return void(n.o=L.bind(null,r,e));1&e&&(e=n.s),n=n.v}if(n&&n.then)return void n.then(L.bind(null,r,e),L.bind(null,r,2));r.s=e,r.v=n;var t=r.o;t&&t(r)}}var M=function(){function r(){}return r.prototype.then=function(e,n){var t=new r,i=this.s;if(i){var o=1&i?e:n;if(o){try{L(t,1,o(this.v))}catch(r){L(t,2,r)}return t}return this}return this.o=function(r){try{var i=r.v;1&r.s?L(t,1,e?e(i):i):n?L(t,1,n(i)):L(t,2,i)}catch(r){L(t,2,r)}},t},r}();function Z(r){return r instanceof M&&1&r.s}function $(r,e){var n=r.ciphertext,t=r.tag,i=r.recipient,o={protected:r.protectedHeader,iv:g(r.iv),ciphertext:g(n),tag:g(t)};return e&&(o.aad=g(e)),i&&(o.recipients=[i]),o}function G(r){var e=new a.XChaCha20Poly1305(r);return function(r,n){var t=c.randomBytes(e.nonceLength),i=e.seal(t,r,n);return{ciphertext:i.subarray(0,i.length-e.tagLength),tag:i.subarray(i.length-e.tagLength),iv:t}}}function Q(r){var e=G(r);return{alg:"dir",enc:"XC20P",encrypt:function(r,n,t){void 0===n&&(n={});try{var i=E(JSON.stringify(Object.assign({alg:"dir"},n,{enc:"XC20P"}))),o=new Uint8Array(Buffer.from(t?i+"."+g(t):i));return Promise.resolve(j({},e(r,o),{protectedHeader:i}))}catch(r){return Promise.reject(r)}}}}function Y(r){var e=new a.XChaCha20Poly1305(r);return{alg:"dir",enc:"XC20P",decrypt:function(r,n,t){try{return Promise.resolve(e.open(n,r,t))}catch(r){return Promise.reject(r)}}}}function rr(r,e){var n=function(n){try{var a=u.generateKeyPair(),c=G(d(u.sharedKey(a.secretKey,r),i,t))(n),f={encrypted_key:g(c.ciphertext),header:{alg:t,iv:g(c.iv),tag:g(c.tag),epk:{kty:"OKP",crv:o,x:g(a.publicKey)}}};return e&&(f.header.kid=e),Promise.resolve(f)}catch(r){return Promise.reject(r)}},t="ECDH-ES+XC20PKW",i=256,o="X25519";return{alg:t,enc:"XC20P",encrypt:function(r,e,t){void 0===e&&(e={});try{Object.assign(e,{alg:void 0});var i=c.randomBytes(32);return Promise.resolve(Q(i).encrypt(r,e,t)).then(function(r){return Promise.resolve(n(i)).then(function(e){return j({},r,{recipient:e,cek:i})})})}catch(r){return Promise.reject(r)}},encryptCek:n}}r.EllipticSigner=function(r){var e=p(r);return function(r){try{return Promise.resolve(e(r)).then(function(r){return k(r)})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=w(r);return function(r){try{var n=x(r),t=g(o.sign(e,n));return Promise.resolve(t)}catch(r){return Promise.reject(r)}}},r.SimpleSigner=p,r.createJWE=function(r,e,n,t){void 0===n&&(n={});try{if("dir"===e[0].alg){if(e.length>1)throw new Error('Can only do "dir" encryption to one key.');return Promise.resolve(e[0].encrypt(r,n,t)).then(function(r){return $(r,t)})}var i,o,a=e[0].enc;if(!e.reduce(function(r,e){return r&&e.enc===a},!0))throw new Error("Incompatible encrypters passed");var u=function(r,e,n){if("function"==typeof r[F]){var t,i,o,a=r[F]();if(function r(n){try{for(;!(t=a.next()).done;)if((n=e(t.value))&&n.then){if(!Z(n))return void n.then(r,o||(o=L.bind(null,i=new M,2)));n=n.v}i?L(i,1,n):i=n}catch(r){L(i||(i=new M),2,r)}}(),a.return){var u=function(r){try{t.done||a.return()}catch(r){}return r};if(i&&i.then)return i.then(u,function(r){throw u(r)});u()}return i}if(!("length"in r))throw new TypeError("Object is not iterable");for(var c=[],f=0;f<r.length;f++)c.push(r[f]);return function(r,e,n){var t,i,o=-1;return function n(a){try{for(;++o<r.length;)if((a=e(o))&&a.then){if(!Z(a))return void a.then(n,i||(i=L.bind(null,t=new M,2)));a=a.v}t?L(t,1,a):t=a}catch(r){L(t||(t=new M),2,r)}}(),t}(c,function(r){return e(c[r])})}(e,function(e){var a=function(){if(i){var a=o.recipients,u=a.push;return Promise.resolve(e.encryptCek(i)).then(function(r){u.call(a,r)})}return Promise.resolve(e.encrypt(r,n,t)).then(function(r){i=r.cek,o=$(r,t)})}();if(a&&a.then)return a.then(function(){})});return Promise.resolve(u&&u.then?u.then(function(){return o}):o)}catch(r){return Promise.reject(r)}},r.createJWS=N,r.createJWT=function(r,e,n){var t=e.issuer,i=e.signer,o=e.alg,a=e.expiresIn;void 0===n&&(n={});try{if(!i)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");n.typ||(n.typ="JWT"),n.alg||(n.alg=o);var u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(a){if("number"!=typeof a)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(a)}var c=j({},u,r,{iss:t});return N(c,i,n)}catch(r){return Promise.reject(r)}},r.decodeJWT=R,r.decryptJWE=function(r,e){try{var n=function(r){if(null===a)throw new Error("Failed to decrypt");return a};!function(r){if(!(r.protected&&r.iv&&r.ciphertext&&r.tag))throw new Error("Invalid JWE");r.recipients&&r.recipients.map(function(r){if(!r.header||!r.encrypted_key)throw new Error("Invalid JWE")})}(r);var t=JSON.parse(P(r.protected));if(t.enc!==e.enc)throw new Error("Decrypter does not support: '"+t.enc+"'");var i=K(r.ciphertext,r.tag),o=new Uint8Array(Buffer.from(r.aad?r.protected+"."+r.aad:r.protected)),a=null,u="dir"===t.alg&&"dir"===e.alg?Promise.resolve(e.decrypt(i,m(r.iv),o)).then(function(r){a=r}):function(){if(r.recipients&&0!==r.recipients.length){var n=0;return function(r,e,n){for(var t;;){var i=r();if(Z(i)&&(i=i.v),!i)return o;if(i.then){t=0;break}var o=n();if(o&&o.then){if(!Z(o)){t=1;break}o=o.s}if(e){var a=e();if(a&&a.then&&!Z(a)){t=2;break}}}var u=new M,c=L.bind(null,u,2);return(0===t?i.then(s):1===t?o.then(f):a.then(l)).then(void 0,c),u;function f(t){o=t;do{if(e&&(a=e())&&a.then&&!Z(a))return void a.then(l).then(void 0,c);if(!(i=r())||Z(i)&&!i.v)return void L(u,1,o);if(i.then)return void i.then(s).then(void 0,c);Z(o=n())&&(o=o.v)}while(!o||!o.then);o.then(f).then(void 0,c)}function s(r){r?(o=n())&&o.then?o.then(f).then(void 0,c):f(o):L(u,1,o)}function l(){(i=r())?i.then?i.then(s).then(void 0,c):s(i):L(u,1,o)}}(function(){return!a&&n<r.recipients.length},function(){return n++},function(){var u=r.recipients[n];Object.assign(u.header,t);var c=function(){if(u.header.alg===e.alg)return Promise.resolve(e.decrypt(i,m(r.iv),o,u)).then(function(r){a=r})}();if(c&&c.then)return c.then(function(){})})}throw new Error("Invalid JWE")}();return Promise.resolve(u&&u.then?u.then(n):n())}catch(r){return Promise.reject(r)}},r.resolveX25519Encrypters=function(r,e){try{return Promise.all(r.map(function(r){try{return Promise.resolve(e.resolve(r)).then(function(e){var n;if(!e.keyAgreement)throw new Error("Could not find x25519 key for "+r);var t=(null==(n=e.keyAgreement)?void 0:n.map(function(r){return"string"==typeof r?e.publicKey.find(function(e){return e.id===r}):r})).find(function(r){return"X25519KeyAgreementKey2019"===r.type&&Boolean(r.publicKeyBase58)});if(!t)throw new Error("Could not find x25519 key for "+r);return rr(b(t.publicKeyBase58),t.id)})}catch(r){return Promise.reject(r)}}))}catch(r){return Promise.reject(r)}},r.toEthereumAddress=s,r.verifyJWS=function(r,e){return z(V(r),e)},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null,skewTime:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=R(r),t=n.payload,i=n.header,o=n.signature,a=n.data;return Promise.resolve(function(r,e,n,t){try{var i=q[e];if(!i||0===i.length)throw new Error("No supported signature types for algorithm "+e);return Promise.resolve(r.resolve(n)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+n);var o=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,n=r.id;return i.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(n)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+n+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+n+" does not have public keys for "+e);return{authenticators:a,issuer:n,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,t.iss,e.auth)).then(function(n){var u=n.doc,c=n.issuer;return Promise.resolve(z({header:i,data:a,signature:o},n.authenticators)).then(function(n){var i=Math.floor(Date.now()/1e3),o=e.skewTime>=0?e.skewTime:300;if(n){var a=i+o;if(t.nbf){if(t.nbf>a)throw new Error("JWT not valid before nbf: "+t.nbf)}else if(t.iat&&t.iat>a)throw new Error("JWT not valid yet (issued in the future) iat: "+t.iat);if(t.exp&&t.exp<=i-o)throw new Error("JWT has expired: exp: "+t.exp+" < now: "+i);if(t.aud){if(!e.audience&&!e.callbackUrl)throw new Error("JWT audience is required but your app address has not been configured");if(void 0===(Array.isArray(t.aud)?t.aud:[t.aud]).find(function(r){return e.audience===r||e.callbackUrl===r}))throw new Error("JWT audience does not match your DID or callback url")}return{payload:t,doc:u,issuer:c,signer:n,jwt:r}}})})}catch(r){return Promise.reject(r)}},r.x25519Decrypter=function(r){var e="ECDH-ES+XC20PKW";return{alg:e,enc:"XC20P",decrypt:function(n,t,i,o){try{if(function(r){if(!(r.epk&&r.iv&&r.tag))throw new Error("Invalid JWE")}(o.header),"X25519"!==o.header.epk.crv)return Promise.resolve(null);var a=m(o.header.epk.x),c=d(u.sharedKey(r,a),256,e),f=K(o.encrypted_key,o.header.tag);return Promise.resolve(Y(c).decrypt(f,m(o.header.iv))).then(function(r){return null===r?null:Y(r).decrypt(n,t,i)})}catch(r){return Promise.reject(r)}}}},r.x25519Encrypter=rr,r.xc20pDirDecrypter=Y,r.xc20pDirEncrypter=Q}); | ||
| //# sourceMappingURL=index.umd.js.map |
@@ -19,2 +19,3 @@ import { EcdsaSignature } from './util'; | ||
| resolver?: Resolvable; | ||
| skewTime?: number; | ||
| } | ||
@@ -21,0 +22,0 @@ export interface DIDAuthenticator { |
| { | ||
| "name": "did-jwt", | ||
| "version": "4.6.3", | ||
| "version": "4.7.0", | ||
| "description": "Library for Signing and Verifying JWTs compatible uPort and DID standards", | ||
@@ -70,6 +70,6 @@ "main": "lib/index.js", | ||
| "eslint-plugin-import": "2.22.1", | ||
| "eslint-plugin-jest": "24.1.0", | ||
| "eslint-plugin-jest": "24.1.3", | ||
| "eslint-plugin-node": "11.1.0", | ||
| "eslint-plugin-promise": "4.2.1", | ||
| "eslint-plugin-standard": "4.0.2", | ||
| "eslint-plugin-standard": "4.1.0", | ||
| "jest": "26.6.3", | ||
@@ -83,3 +83,3 @@ "jsdoc-to-markdown": "6.0.1", | ||
| "regenerator-runtime": "0.13.7", | ||
| "semantic-release": "17.2.2", | ||
| "semantic-release": "17.2.4", | ||
| "sinon": "9.2.1", | ||
@@ -92,3 +92,3 @@ "standard": "14.3.4", | ||
| "tweetnacl": "1.0.3", | ||
| "typescript": "4.0.5", | ||
| "typescript": "4.1.2", | ||
| "webpack": "4.44.2", | ||
@@ -95,0 +95,0 @@ "webpack-cli": "3.3.12" |
@@ -281,2 +281,7 @@ import { createJWT, verifyJWT, decodeJWT, createJWS, verifyJWS, resolveAuthenticator, NBF_SKEW } from '../JWT' | ||
| it('rejects an expired JWT without skew time', async () => { | ||
| const jwt = await createJWT({ exp: NOW - 1 }, { issuer: did, signer }) | ||
| await expect(verifyJWT(jwt, { resolver, skewTime: 0 })).rejects.toThrow(/JWT has expired/) | ||
| }) | ||
| it('accepts a valid audience', async () => { | ||
@@ -283,0 +288,0 @@ const jwt = await createJWT({ aud }, { issuer: did, signer }) |
@@ -25,2 +25,3 @@ import VerifierAlgorithm from './VerifierAlgorithm' | ||
| resolver?: Resolvable | ||
| skewTime?: number | ||
| } | ||
@@ -239,3 +240,4 @@ | ||
| audience: null, | ||
| callbackUrl: null | ||
| callbackUrl: null, | ||
| skewTime: null | ||
| } | ||
@@ -253,4 +255,5 @@ ): Promise<JWTVerified> { | ||
| const now: number = Math.floor(Date.now() / 1000) | ||
| const skewTime = options.skewTime >= 0 ? options.skewTime : NBF_SKEW | ||
| if (signer) { | ||
| const nowSkewed = now + NBF_SKEW | ||
| const nowSkewed = now + skewTime | ||
| if (payload.nbf) { | ||
@@ -263,3 +266,3 @@ if (payload.nbf > nowSkewed) { | ||
| } | ||
| if (payload.exp && payload.exp <= now - NBF_SKEW) { | ||
| if (payload.exp && payload.exp <= now - skewTime) { | ||
| throw new Error(`JWT has expired: exp: ${payload.exp} < now: ${now}`) | ||
@@ -266,0 +269,0 @@ } |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.18%
909222
- Lines of code
- increased by0.19%
4198
No dependency changes