feat: support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri

Author: panva

docs/types/README.md

@@ -27,6 +27,8 @@
 - [JWEHeaderParameters](interfaces/JWEHeaderParameters.md)
 - [JWEKeyManagementHeaderParameters](interfaces/JWEKeyManagementHeaderParameters.md)
 - [JWK](interfaces/JWK.md)
+- [JWK\_AKP\_Private](interfaces/JWK_AKP_Private.md)
+- [JWK\_AKP\_Public](interfaces/JWK_AKP_Public.md)
 - [JWK\_EC\_Private](interfaces/JWK_EC_Private.md)
 - [JWK\_EC\_Public](interfaces/JWK_EC_Public.md)
 - [JWK\_oct](interfaces/JWK_oct.md)

docs/types/interfaces/JWK.md

@@ -4,11 +4,13 @@
 
 Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
 
-JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). "RSA", "EC", "OKP", and "oct"
-key types are supported.
+JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). "RSA", "EC", "OKP", "AKP", and
+"oct" key types are supported.
 
 ## See
 
+ - [JWK_AKP_Public](JWK_AKP_Public.md)
+ - [JWK_AKP_Private](JWK_AKP_Private.md)
  - [JWK_OKP_Public](JWK_OKP_Public.md)
  - [JWK_OKP_Private](JWK_OKP_Private.md)
  - [JWK_EC_Public](JWK_EC_Public.md)
@@ -130,6 +132,22 @@ Private RSA JWK "p" (First Prime Factor) Parameter
 
 ***
 
+### priv?
+
+• `optional` **priv**: `string`
+
+AKP JWK "priv" (Private key) Parameter
+
+***
+
+### pub?
+
+• `optional` **pub**: `string`
+
+AKP JWK "pub" (Public Key) Parameter
+
+***
+
 ### q?
 
 • `optional` **q**: `string`

docs/types/interfaces/JWK_AKP_Private.md

@@ -0,0 +1,103 @@
+# Interface: JWK\_AKP\_Private
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+Convenience interface for Private AKP JSON Web Keys
+
+## Properties
+
+### alg
+
+• **alg**: `string`
+
+JWK "alg" (Algorithm) Parameter
+
+***
+
+### priv
+
+• **priv**: `string`
+
+AKP JWK "priv" (The Private Key) Parameter
+
+***
+
+### pub
+
+• **pub**: `string`
+
+AKP JWK "pub" (The Public key) Parameter
+
+***
+
+### ext?
+
+• `optional` **ext**: `boolean`
+
+JWK "ext" (Extractable) Parameter
+
+***
+
+### key\_ops?
+
+• `optional` **key\_ops**: `string`[]
+
+JWK "key_ops" (Key Operations) Parameter
+
+***
+
+### kid?
+
+• `optional` **kid**: `string`
+
+JWK "kid" (Key ID) Parameter
+
+***
+
+### kty?
+
+• `optional` **kty**: `string`
+
+JWK "kty" (Key Type) Parameter
+
+***
+
+### use?
+
+• `optional` **use**: `string`
+
+JWK "use" (Public Key Use) Parameter
+
+***
+
+### x5c?
+
+• `optional` **x5c**: `string`[]
+
+JWK "x5c" (X.509 Certificate Chain) Parameter
+
+***
+
+### x5t?
+
+• `optional` **x5t**: `string`
+
+JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter
+
+***
+
+### x5t#S256?
+
+• `optional` **x5t#S256**: `string`
+
+JWK "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter
+
+***
+
+### x5u?
+
+• `optional` **x5u**: `string`
+
+JWK "x5u" (X.509 URL) Parameter

docs/types/interfaces/JWK_AKP_Public.md

@@ -0,0 +1,95 @@
+# Interface: JWK\_AKP\_Public
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+Convenience interface for Public AKP JSON Web Keys
+
+## Properties
+
+### alg
+
+• **alg**: `string`
+
+JWK "alg" (Algorithm) Parameter
+
+***
+
+### pub
+
+• **pub**: `string`
+
+AKP JWK "pub" (The Public key) Parameter
+
+***
+
+### ext?
+
+• `optional` **ext**: `boolean`
+
+JWK "ext" (Extractable) Parameter
+
+***
+
+### key\_ops?
+
+• `optional` **key\_ops**: `string`[]
+
+JWK "key_ops" (Key Operations) Parameter
+
+***
+
+### kid?
+
+• `optional` **kid**: `string`
+
+JWK "kid" (Key ID) Parameter
+
+***
+
+### kty?
+
+• `optional` **kty**: `string`
+
+JWK "kty" (Key Type) Parameter
+
+***
+
+### use?
+
+• `optional` **use**: `string`
+
+JWK "use" (Public Key Use) Parameter
+
+***
+
+### x5c?
+
+• `optional` **x5c**: `string`[]
+
+JWK "x5c" (X.509 Certificate Chain) Parameter
+
+***
+
+### x5t?
+
+• `optional` **x5t**: `string`
+
+JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter
+
+***
+
+### x5t#S256?
+
+• `optional` **x5t#S256**: `string`
+
+JWK "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter
+
+***
+
+### x5u?
+
+• `optional` **x5u**: `string`
+
+JWK "x5u" (X.509 URL) Parameter

src/jwk/thumbprint.ts

@@ -72,6 +72,11 @@ export async function calculateJwkThumbprint(
 
   let components: types.JWK
   switch (jwk.kty) {
+    case 'AKP':
+      check(jwk.alg, '"alg" (Algorithm) Parameter')
+      check(jwk.pub, '"pub" (Public key) Parameter')
+      components = { alg: jwk.alg, kty: jwk.kty, pub: jwk.pub }
+      break
     case 'EC':
       check(jwk.crv, '"crv" (Curve) Parameter')
       check(jwk.x, '"x" (X Coordinate) Parameter')

src/types.d.ts

@@ -35,11 +35,25 @@ export interface JWK_OKP_Public extends JWKParameters {
 }
 
 /** Convenience interface for Private OKP JSON Web Keys */
-export interface JWK_OKP_Private extends JWK_OKP_Public, JWKParameters {
+export interface JWK_OKP_Private extends JWK_OKP_Public {
   /** OKP JWK "d" (The Private Key) Parameter */
   d: string
 }
 
+/** Convenience interface for Public AKP JSON Web Keys */
+export interface JWK_AKP_Public extends JWKParameters {
+  /** JWK "alg" (Algorithm) Parameter */
+  alg: string
+  /** AKP JWK "pub" (The Public key) Parameter */
+  pub: string
+}
+
+/** Convenience interface for Private AKP JSON Web Keys */
+export interface JWK_AKP_Private extends JWK_AKP_Public {
+  /** AKP JWK "priv" (The Private Key) Parameter */
+  priv: string
+}
+
 /** Convenience interface for Public EC JSON Web Keys */
 export interface JWK_EC_Public extends JWKParameters {
   /** EC JWK "crv" (Curve) Parameter */
@@ -51,7 +65,7 @@ export interface JWK_EC_Public extends JWKParameters {
 }
 
 /** Convenience interface for Private EC JSON Web Keys */
-export interface JWK_EC_Private extends JWK_EC_Public, JWKParameters {
+export interface JWK_EC_Private extends JWK_EC_Public {
   /** EC JWK "d" (ECC Private Key) Parameter */
   d: string
 }
@@ -65,7 +79,7 @@ export interface JWK_RSA_Public extends JWKParameters {
 }
 
 /** Convenience interface for Private RSA JSON Web Keys */
-export interface JWK_RSA_Private extends JWK_RSA_Public, JWKParameters {
+export interface JWK_RSA_Private extends JWK_RSA_Public {
   /** RSA JWK "d" (Private Exponent) Parameter */
   d: string
   /** RSA JWK "dp" (First Factor CRT Exponent) Parameter */
@@ -87,9 +101,11 @@ export interface JWK_oct extends JWKParameters {
 }
 
 /**
- * JSON Web Key ({@link https://www.rfc-editor.org/rfc/rfc7517 JWK}). "RSA", "EC", "OKP", and "oct"
- * key types are supported.
+ * JSON Web Key ({@link https://www.rfc-editor.org/rfc/rfc7517 JWK}). "RSA", "EC", "OKP", "AKP", and
+ * "oct" key types are supported.
  *
+ * @see {@link JWK_AKP_Public}
+ * @see {@link JWK_AKP_Private}
  * @see {@link JWK_OKP_Public}
  * @see {@link JWK_OKP_Private}
  * @see {@link JWK_EC_Public}
@@ -133,6 +149,10 @@ export interface JWK extends JWKParameters {
   x?: string
   /** EC JWK "y" (Y Coordinate) Parameter */
   y?: string
+  /** AKP JWK "pub" (Public Key) Parameter */
+  pub?: string
+  /** AKP JWK "priv" (Private key) Parameter */
+  priv?: string
 }
 
 /**

test/jwk/thumbprint.test.ts

@@ -148,3 +148,23 @@ test('oct JWK', async (t) => {
   })
   t.is(await calculateJwkThumbprint(oct), 'prDKy90VJzrDTpm8-W2Q_pv_kzrX_zyZ7ANjRAasDxc')
 })
+
+test('AKP JWK', async (t) => {
+  const akp = {
+    kty: 'AKP',
+    alg: 'ML-DSA-44',
+    pub: 'unH59k4RuutY-pxvu24U5h8YZD2rSVtHU5qRZsoBmBMcRPgmu9VuNOVdteXi1zNIXjnqJg_GAAxepLqA00Vc3lO0bzRIKu39VFD8Lhuk8l0V-cFEJC-zm7UihxiQMMUEmOFxe3x1ixkKZ0jqmqP3rKryx8tSbtcXyfea64QhT6XNje2SoMP6FViBDxLHBQo2dwjRls0k5a-XSQSu2OTOiHLoaWsLe8pQ5FLNfTDqmkrawDEdZyxr3oSWJAsHQxRjcIiVzZuvwxYy1zl2STiP2vy_fTBaPemkleynQzqPg7oPCyXEE8bjnJbrfWkbNNN8438e6tHPIX4l7zTuzz98YPhLjt_d6EBdT4MldsYe-Y4KLyjaGHcAlTkk9oa5RhRwW89T0z_t1DSO3dvfKLUGXh8gd1BD6Fz5MfgpF5NjoafnQEqDjsAAhrCXY4b-Y3yYJEdX4_dp3dRGdHG_rWcPmgX4JG7lCnser4f8QGnDriqiAzJYEXeS8LzUngg_0bx0lqv_KcyU5IaLISFO0xZSU5mmEPvdSoDnyAcV8pV44qhLtAvd29n0ehG259oRihtljTWeiu9V60a1N2tbZVl5mEqSK-6_xZvNYA1TCdzNctvweH24unV7U3wer9XA9Q6kvJWDVJ4oKaQsKMrCSMlteBJMRxWbGK7ddUq6F7GdQw-3j2M-qdJvVKm9UPjY9rc1lPgol25-oJxTu7nxGlbJUH-4m5pevAN6NyZ6lfhbjWTKlxkrEKZvQXs_Yf6cpXEwpI_ZJeriq1UC1XHIpRkDwdOY9MH3an4RdDl2r9vGl_IwlKPNdh_5aF3jLgn7PCit1FNJAwC8fIncAXgAlgcXIpRXdfJk4bBiO89GGccSyDh2EgXYdpG3XvNgGWy7npuSoNTE7WIyblAk13UQuO4sdCbMIuriCdyfE73mvwj15xgb07RZRQtFGlFTmnFcIdZ90zDrWXDbANntv7KCKwNvoTuv64bY3HiGbj-NQ-U9eMylWVpvr4hrXcES8c9K3PqHWADZC0iIOvlzFv4VBoc_wVflcOrL_SIoaNFCNBAZZq-2v5lAgpJTqVOtqJ_HVraoSfcKy5g45p-qULunXj6Jwq21fobQiKubBKKOZwcJFyJD7F4ACKXOrz-HIvSHMCWW_9dVrRuCpJw0s0aVFbRqopDNhu446nqb4_EDYQM1tTHMozPd_jKxRRD0sH75X8ZoToxFSpLBDbtdWcenxj-zBf6IGWfZnmaetjKEBYJWC7QDQx1A91pJVJCEgieCkoIfTqkeQuePpIyu48g2FG3P1zjRF-kumhUTfSjo5qS0YiZQy0E1BMs6M11EvuxXRsHClLHoy5nLYI2Sj4zjVjYyxSHyPRPGGo9hwB34yWxzYNtPPGiqXS_dNCpi_zRZwRY4lCGrQ-hYTEWIK1Dm5OlttvC4_eiQ1dv63NiGkLRJ5kJA3bICN0fzCDY-MBqnd1cWn8YVBijVkgtaoascjL9EywDgJdeHnXK0eeOvUxHHhXJVkNqcibn8O4RQdpVU60TSA-uiu675ytIjcBHC6kTv8A8pmkj_4oypPd-F92YIJC741swkYQoeIHj8rE-ThcMUkF7KqC5VORbZTRp8HsZSqgiJcIPaouuxd1-8Rxrid3fXkE6p8bkrysPYoxWEJgh7ZFsRCPDWX-yTeJwFN0PKFP1j0F6YtlLfK5wv-c4F8ZQHA_-yc_gODicy7KmWDZgbTP07e7gEWzw4MFRrndjbDQ',
+  }
+
+  await t.throwsAsync(calculateJwkThumbprint({ ...akp, alg: undefined }), {
+    code: 'ERR_JWK_INVALID',
+    message: '"alg" (Algorithm) Parameter missing or invalid',
+  })
+
+  await t.throwsAsync(calculateJwkThumbprint({ ...akp, pub: undefined }), {
+    code: 'ERR_JWK_INVALID',
+    message: '"pub" (Public key) Parameter missing or invalid',
+  })
+
+  t.is(await calculateJwkThumbprint(akp), 'T4xl70S7MT6Zeq6r9V9fPJGVn76wfnXJ21-gyo0Gu6o')
+})