Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jsonld-signatures

Package Overview
Dependencies
Maintainers
6
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jsonld-signatures - npm Package Compare versions

Comparing version 8.0.2 to 9.0.0

15

CHANGELOG.md
# jsonld-signatures ChangeLog
## 9.0.0 - 2021-04-06
### Changed
- **BREAKING**: Remove `verificationMethod` param from suite constructor. It
is now strictly initialized from `key.id` or `signer.id`.
Increase validation on either key or signer/verifier parameters.
### Fixed
- Add missing `signer` and `verifier` parameters to the `LinkedDataSignature`
constructor. This issue caused `this.signer` in subclasses to be `undefined`.
## 8.0.2 - 2021-03-19
### Changed
- In ProofSet, use the document's context for proof before defaulting to
- In ProofSet, use the document's context for proof before defaulting to
security context.

@@ -23,3 +34,3 @@

- **BREAKING**: No longer shipping browser bundles. Due to splitting out suites
into other packages, it becomes more pratical to create browser bundles at
into other packages, it becomes more practical to create browser bundles at
the application level with modern tools.

@@ -26,0 +37,0 @@ - **BREAKING**: No longer exporting `crypto-ld` classes.

@@ -14,31 +14,53 @@ /*!

/**
* @param type {string} Provided by subclass.
* @param {object} options - Options hashmap.
* @param {string} options.type - Suite name, provided by subclass.
* @typedef LDKeyPair
* @param {LDKeyPair} LDKeyClass - The crypto-ld key class that this suite
* will use to sign/verify signatures. Provided by subclass. Used
* during the `verifySignature` operation, to create an instance (containing
* a `verifier()` property) of a public key fetched via a `documentLoader`.
*
* @param [verificationMethod] {string} A key id URL to the paired public key.
* For `sign()` operations, either a `key` OR a `signer` is required.
* For `verify()` operations, you can pass in a verifier (from KMS), or
* the public key will be fetched via documentLoader.
*
* @param {object} [options.key] - An optional key object (containing an
* `id` property, and either `signer` or `verifier`, depending on the
* intended operation. Useful for when the application is managing keys
* itself (when using a KMS, you never have access to the private key,
* and so should use the `signer` param instead).
*
* @param {{sign: Function, id: string}} [options.signer] - Signer object
* that has two properties: an async `sign()` method, and an `id`. This is
* useful when interfacing with a KMS (since you don't get access to the
* private key and its `signer`, the KMS client gives you only the signer
* object to use).
*
* @param {{verify: Function, id: string}} [options.verifier] - Verifier
* object that has two properties: an async `verify()` method, and an `id`.
* Useful when working with a KMS-provided verifier.
*
* Advanced optional parameters and overrides:
*
* @param [proof] {object} a JSON-LD document with options to use for
* the `proof` node (e.g. any other custom fields can be provided here
* using a context different from security-v2).
* @typedef {Object} LDKeyPair
* @param {LDKeyPair} LDKeyClass - The crypto-ld key type that this suite
* will use to sign/verify signatures.
* @param [date] {string|Date} signing date to use if not passed.
* @param [useNativeCanonize] {boolean} true to use a native canonize
* algorithm.
* @param {object} [options.proof] - A JSON-LD document with options to use
* for the `proof` node (e.g. any other custom fields can be provided here
* using a context different from security-v2). If not provided, this is
* constructed during signing.
* @param {string|Date} [options.date] - Signing date to use if not passed.
* @param {boolean} [options.useNativeCanonize] - Whether to use a native
* canonize algorithm.
*/
constructor({
type, verificationMethod, proof, LDKeyClass, date, useNativeCanonize
type, proof, LDKeyClass, date, key, signer, verifier,
useNativeCanonize
} = {}) {
// validate common options
if(verificationMethod !== undefined &&
typeof verificationMethod !== 'string') {
throw new TypeError('"verificationMethod" must be a URL string.');
}
super({type});
this.verificationMethod = verificationMethod;
this.LDKeyClass = LDKeyClass;
this.proof = proof;
if(date !== undefined) {
const vm = this._processSignatureParams({key, signer, verifier});
this.verificationMethod = vm.verificationMethod;
this.key = vm.key;
this.signer = vm.signer;
this.verifier = vm.verifier;
if(date) {
this.date = new Date(date);

@@ -283,2 +305,50 @@ if(isNaN(this.date)) {

}
/**
* See constructor docstring for param details.
*
* @returns {{verificationMethod: string, key: LDKeyPair,
* signer: {sign: Function, id: string},
* verifier: {verify: Function, id: string}}} - Validated and initialized
* key-related parameters.
*/
_processSignatureParams({key, signer, verifier}) {
// We are explicitly not requiring a key or signer/verifier param to be
// present, to support the verify() use case where the verificationMethod
// is being fetched by the documentLoader
const vm = {};
if(key) {
vm.key = key;
vm.verificationMethod = key.id;
if(typeof key.signer === 'function') {
vm.signer = key.signer();
}
if(typeof key.verifier === 'function') {
vm.verifier = key.verifier();
}
if(!(vm.signer || vm.verifier)) {
throw new TypeError(
'The "key" parameter must contain a "signer" or "verifier" method.');
}
} else {
vm.verificationMethod = (signer && signer.id) ||
(verifier && verifier.id);
vm.signer = signer;
vm.verifier = verifier;
}
if(vm.signer) {
if(typeof vm.signer.sign !== 'function') {
throw new TypeError('A signer API has not been specified.');
}
}
if(vm.verifier) {
if(typeof vm.verifier.verify !== 'function') {
throw new TypeError('A verifier API has not been specified.');
}
}
return vm;
}
};

2

package.json
{
"name": "jsonld-signatures",
"version": "8.0.2",
"version": "9.0.0",
"description": "An implementation of the Linked Data Signatures specifications for JSON-LD in JavaScript.",

@@ -5,0 +5,0 @@ "homepage": "https://github.com/digitalbazaar/jsonld-signatures",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc