UNPKG

did-jwt

Version:

Library for Signing and Verifying JWTs that use DIDs as issuers and JWEs that use DIDs as recipients

github.com/decentralized-identity/did-jwt

decentralized-identity/did-jwt

68 lines (59 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import type { Signer, SignerAlgorithm } from './JWT.js' import { type EcdsaSignature, fromJose, toJose } from './util.js' // eslint-disable-next-line @typescript-eslint/no-explicit-any function instanceOfEcdsaSignature(object: any): object is EcdsaSignature { return typeof object === 'object' && 'r' in object && 's' in object } export function ES256SignerAlg(): SignerAlgorithm { return async function sign(payload: string, signer: Signer): Promise<string> { const signature: EcdsaSignature | string = await signer(payload) if (instanceOfEcdsaSignature(signature)) { return toJose(signature) } else { return signature } } } export function ES256KSignerAlg(recoverable?: boolean): SignerAlgorithm { return async function sign(payload: string, signer: Signer): Promise<string> { const signature: EcdsaSignature | string = await signer(payload) if (instanceOfEcdsaSignature(signature)) { return toJose(signature, recoverable) } else { if (recoverable && typeof fromJose(signature).recoveryParam === 'undefined') { throw new Error(`not_supported: ES256K-R not supported when signer doesn't provide a recovery param`) } return signature } } } export function Ed25519SignerAlg(): SignerAlgorithm { return async function sign(payload: string, signer: Signer): Promise<string> { const signature: EcdsaSignature | string = await signer(payload) if (!instanceOfEcdsaSignature(signature)) { return signature } else { throw new Error('invalid_config: expected a signer function that returns a string instead of signature object') } } } interface SignerAlgorithms { [alg: string]: SignerAlgorithm } const algorithms: SignerAlgorithms = { ES256: ES256SignerAlg(), ES256K: ES256KSignerAlg(), // This is a non-standard algorithm but retained for backwards compatibility // see https://github.com/decentralized-identity/did-jwt/issues/146 'ES256K-R': ES256KSignerAlg(true), // This is actually incorrect but retained for backwards compatibility // see https://github.com/decentralized-identity/did-jwt/issues/130 Ed25519: Ed25519SignerAlg(), EdDSA: Ed25519SignerAlg(), } function SignerAlg(alg: string): SignerAlgorithm { const impl: SignerAlgorithm = algorithms[alg] if (!impl) throw new Error(`not_supported: Unsupported algorithm ${alg}`) return impl } export default SignerAlg