generated from TBD54566975/tbd-project-template
/
private-key-signer.ts
72 lines (62 loc) · 2.27 KB
/
private-key-signer.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import type { PrivateJwk } from '../types/jose-types.js';
import type { Signer } from '../types/signer.js';
import { signatureAlgorithms } from '../jose/algorithms/signing/signature-algorithms.js';
import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
/**
* Input to `PrivateKeySigner` constructor.
*/
export type PrivateKeySignerOptions = {
/**
* Private JWK to create the signer from.
*/
privateJwk: PrivateJwk;
/**
* If not specified, the constructor will attempt to default/fall back to the `kid` value in the given `privateJwk`.
*/
keyId?: string;
/**
* If not specified, the constructor will attempt to default/fall back to the `alg` value in the given `privateJwk`.
*/
algorithm?: string;
};
/**
* A signer that signs using a private key.
*/
export class PrivateKeySigner implements Signer {
public keyId;
public algorithm;
private privateJwk: PrivateJwk;
private signatureAlgorithm;
public constructor(options: PrivateKeySignerOptions) {
if (options.keyId === undefined && options.privateJwk.kid === undefined) {
throw new DwnError(
DwnErrorCode.PrivateKeySignerUnableToDeduceKeyId,
`Unable to deduce the key ID`
);
}
// NOTE: `alg` is optional for a JWK as specified in https://datatracker.ietf.org/doc/html/rfc7517#section-4.4
if (options.algorithm === undefined && options.privateJwk.alg === undefined) {
throw new DwnError(
DwnErrorCode.PrivateKeySignerUnableToDeduceAlgorithm,
`Unable to deduce the signature algorithm`
);
}
this.keyId = options.keyId ?? options.privateJwk.kid!;
this.algorithm = options.algorithm ?? options.privateJwk.alg!;
this.privateJwk = options.privateJwk;
this.signatureAlgorithm = signatureAlgorithms[options.privateJwk.crv];
if (!this.signatureAlgorithm) {
throw new DwnError(
DwnErrorCode.PrivateKeySignerUnsupportedCurve,
`Unsupported crv ${options.privateJwk.crv}, crv must be one of ${Object.keys(signatureAlgorithms)}`
);
}
}
/**
* Signs the given content and returns the signature as bytes.
*/
public async sign (content: Uint8Array): Promise<Uint8Array> {
const signatureBytes = await this.signatureAlgorithm.sign(content, this.privateJwk);
return signatureBytes;
}
}