From b5f8fe569d1fb32a1234b007208718959b096583 Mon Sep 17 00:00:00 2001
From: Curtish <ch@curtish.me>
Date: Wed, 23 Apr 2025 10:27:36 +0100
Subject: [PATCH] feat: CreateJWT use ES256KSigner

Signed-off-by: Curtish <ch@curtish.me>
---
 src/pollux/utils/jwt/CreateJwt.ts | 20 ++++-----
 src/pollux/utils/jwt/DER.ts       | 69 -------------------------------
 2 files changed, 9 insertions(+), 80 deletions(-)
 delete mode 100644 src/pollux/utils/jwt/DER.ts

diff --git a/src/pollux/utils/jwt/CreateJwt.ts b/src/pollux/utils/jwt/CreateJwt.ts
index cb493c8b0..27e50c3b0 100644
--- a/src/pollux/utils/jwt/CreateJwt.ts
+++ b/src/pollux/utils/jwt/CreateJwt.ts
@@ -1,11 +1,10 @@
-import { Signer, createJWT } from "did-jwt";
+import { ES256KSigner, Signer, createJWT } from "did-jwt";
 import { base58btc } from "multiformats/bases/base58";
 import * as Domain from "../../../domain";
 import { asJsonObj, expect, notNil } from "../../../utils";
 import { Task } from "../../../utils/tasks";
 import { AgentContext } from "../../../edge-agent/didcomm/Context";
 import { base64url } from "multiformats/bases/base64";
-import { normaliseDER } from "./DER";
 
 /**
  * Asyncronously sign with a DID
@@ -33,15 +32,14 @@ export class CreateJWT extends Task<string, Args> {
     }
 
     const kid = await this.getSigningKid(ctx, this.args.did, privateKey);
-    const signer: Signer = async (data: any) => {
-      const rawSignature = privateKey.sign(Buffer.from(data));
-      //secp256k1 uses compact encoding while apollo returns der signatures so far
-      const signature = privateKey.curve === Domain.Curve.SECP256K1 ?
-        normaliseDER(rawSignature) :
-        rawSignature;
-      const encoded = base64url.baseEncode(signature);
-      return encoded;
-    };
+    // secp256k1 uses compact encoding while apollo returns der signatures so far
+    const signer: Signer = privateKey.curve === Domain.Curve.SECP256K1
+      ? ES256KSigner(privateKey.raw)
+      : async (data: any) => {
+        const signature = privateKey.sign(Buffer.from(data));
+        const encoded = base64url.baseEncode(signature);
+        return encoded;
+      };
 
     const jwt = await createJWT(
       this.args.payload,
diff --git a/src/pollux/utils/jwt/DER.ts b/src/pollux/utils/jwt/DER.ts
deleted file mode 100644
index 2e0b6f351..000000000
--- a/src/pollux/utils/jwt/DER.ts
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Fix around normalising DER signatures into their raw representation
- * @param derSignature Uint8Array
- * @returns Uint8Array
- */
-export function normaliseDER(derSignature: Uint8Array): Uint8Array {
-    // Ensure the DER signature starts with the correct sequence header
-    if (derSignature[0] !== 0x30) {
-        return derSignature;
-    }
-    // Get the length of the sequence
-    let seqLength = derSignature[1];
-    let offset = 2;
-    if (seqLength & 0x80) {
-        const lengthBytes = seqLength & 0x7f;
-        seqLength = 0;
-        for (let i = 0; i < lengthBytes; i++) {
-            seqLength = (seqLength << 8) | derSignature[offset++];
-        }
-    }
-
-    if (derSignature[offset++] !== 0x02) {
-        throw new Error('Invalid DER signature: expected integer for r');
-    }
-
-    const rLength = derSignature[offset++];
-    let r = Buffer.from(derSignature.slice(offset, offset + rLength));
-    offset += rLength;
-
-    // Extract s value
-    if (derSignature[offset++] !== 0x02) {
-        throw new Error('Invalid DER signature: expected integer for s');
-    }
-    const sLength = derSignature[offset++];
-    let s = Buffer.from(derSignature.slice(offset, offset + sLength));
-
-    // Normalize r and s to 32 bytes
-    if (r.length > 32) {
-        r = r.slice(-32); // truncate if r is longer than 32 bytes
-    } else if (r.length < 32) {
-        const paddedR = Uint8Array.from(Buffer.alloc(32));
-        r.copy(paddedR, 32 - r.length);
-        r = Buffer.from(paddedR); // left pad with zeros if r is shorter than 32 bytes
-    }
-
-    if (s.length > 32) {
-        s = s.slice(-32); // truncate if s is longer than 32 bytes
-    } else if (s.length < 32) {
-        const paddedS = Uint8Array.from(Buffer.alloc(32));
-        s.copy(paddedS, 32 - s.length);
-        s = Buffer.from(paddedS); // left pad with zeros if s is shorter than 32 bytes
-    }
-
-    // Concatenate r and s to form the raw signature
-    return Uint8Array.from([...r, ...s]);
-}
-/**
- * Remove leading zeros from a buffer
- * @param buffer Buffer
- * @returns Buffer
- */
-function removeLeadingZeros(buffer: Buffer): Buffer {
-    const arr = Array.from(buffer)
-    let i = 0;
-    while (i < arr.length - 1 && arr[i] === 0) {
-        i++;
-    }
-    return Buffer.from(arr.slice(i));
-}