misskey-dev
diff --git a/‎dist/draft/sign.d.ts
+16-2 b/‎dist/draft/sign.d.ts
+16-2
diff --git a/‎dist/draft/verify.d.ts
+6-1 b/‎dist/draft/verify.d.ts
+6-1
diff --git a/‎dist/index.cjs
+29-19 b/‎dist/index.cjs
+29-19
diff --git a/‎dist/index.mjs
+27-19 b/‎dist/index.mjs
+27-19
diff --git a/‎dist/pem/pkcs8.d.ts
+13-1 b/‎dist/pem/pkcs8.d.ts
+13-1
diff --git a/‎dist/pem/spki.d.ts
+11 b/‎dist/pem/spki.d.ts
+11
diff --git a/‎dist/types.d.ts
+8-1 b/‎dist/types.d.ts
+8-1
diff --git a/‎package.json
+1-1 b/‎package.json
+1-1
@@ -1,7 +1,13 @@
 /// <reference types="node" />
 import type { webcrypto } from 'node:crypto';
-import type { PrivateKey, RequestLike, SignInfo, SignatureHashAlgorithmUpperSnake } from '../types.js';
-export declare function getDraftAlgoString(algorithm: SignInfo): string;
+import type { PrivateKey, RequestLike, SignatureHashAlgorithmUpperSnake } from '../types.js';
+/**
+ * Get the algorithm string for draft encoding
+ * @param keyAlgorithm Comes from `privateKey.algorithm.name` e.g. 'RSASSA-PKCS1-v1_5'
+ * @param hashAlgorithm e.g. 'SHA-256'
+ * @returns string e.g. 'rsa-sha256'
+ */
+export declare function getDraftAlgoString(keyAlgorithm: string, hashAlgorithm: NonNullable<SignatureHashAlgorithmUpperSnake>): string;
 export declare function genDraftSigningString(request: RequestLike, includeHeaders: string[], additional?: {
     keyId: string;
     algorithm: string;
@@ -11,6 +17,14 @@ export declare function genDraftSigningString(request: RequestLike, includeHeade
 }): string;
 export declare function genDraftSignature(privateKey: webcrypto.CryptoKey, signingString: string): Promise<string>;
 export declare function genDraftSignatureHeader(includeHeaders: string[], keyId: string, signature: string, algorithm: string): string;
+/**
+ *
+ * @param request Request object to sign
+ * @param key Private key to sign
+ * @param includeHeaders Headers to build the sigining string
+ * @param opts
+ * @returns result object
+ */
 export declare function signAsDraftToRequest(request: RequestLike, key: PrivateKey, includeHeaders: string[], opts?: {
     hashAlgorithm?: SignatureHashAlgorithmUpperSnake;
 }): Promise<{
 
@@ -1,10 +1,15 @@
+/// <reference types="node" />
 import { ParsedDraftSignature } from "../types";
 import { parseSignInfo } from "../shared/verify";
+import type { webcrypto } from "node:crypto";
 /**
  * @deprecated Use `parseSignInfo`
  */
 export declare const genSignInfoDraft: typeof parseSignInfo;
 /**
  * Verify a draft signature
+ * @param parsed ParsedDraftSignature['value']
+ * @param key public key
+ * @param errorLogger: If you want to log errors, set function
  */
-export declare function verifyDraftSignature(parsed: ParsedDraftSignature['value'], publicKeyPem: string, errorLogger?: ((message: any) => any)): Promise<boolean>;
+export declare function verifyDraftSignature(parsed: ParsedDraftSignature['value'], key: string | webcrypto.CryptoKey, errorLogger?: ((message: any) => any)): Promise<boolean>;
@@ -68,6 +68,8 @@ __export(src_exports, {
   getNistCurveFromOid: () => getNistCurveFromOid,
   getPublicKeyAlgorithmNameFromOid: () => getPublicKeyAlgorithmNameFromOid,
   getWebcrypto: () => getWebcrypto,
+  importPrivateKey: () => importPrivateKey,
+  importPublicKey: () => importPublicKey,
   keyHashAlgosForDraftDecoding: () => keyHashAlgosForDraftDecoding,
   keyHashAlgosForDraftEncofing: () => keyHashAlgosForDraftEncofing,
   lcObjectGet: () => lcObjectGet,
@@ -262,6 +264,10 @@ function parsePublicKey(input) {
     }
   }
 }
+async function importPublicKey(key, keyUsages, defaults) {
+  const parsedPublicKey = parsePublicKey(key);
+  return await (await getWebcrypto()).subtle.importKey("spki", parsedPublicKey.der, genSignInfo(parsedPublicKey), false, keyUsages);
+}
 
 // src/utils.ts
 async function getWebcrypto() {
@@ -386,6 +392,11 @@ function parsePkcs8(input) {
     attributesRaw: attributes ? asn1ToArrayBuffer(attributes) : null
   };
 }
+async function importPrivateKey(key, keyUsages, defaults) {
+  const parsedPrivateKey = parsePkcs8(key);
+  const importParams = genSignInfo(parsedPrivateKey, defaults);
+  return await (await getWebcrypto()).subtle.importKey("pkcs8", parsedPrivateKey.der, importParams, false, keyUsages);
+}
 
 // src/draft/const.ts
 var keyHashAlgosForDraftEncofing = {
@@ -405,29 +416,29 @@ var keyHashAlgosForDraftDecoding = {
 };
 
 // src/draft/sign.ts
-function getDraftAlgoString(algorithm) {
+function getDraftAlgoString(keyAlgorithm, hashAlgorithm) {
   const verifyHash = () => {
-    if (!algorithm.hash)
+    if (!hashAlgorithm)
       throw new Error(`hash is required`);
-    if (!(algorithm.hash in keyHashAlgosForDraftEncofing))
-      throw new Error(`unsupported hash: ${algorithm.hash}`);
+    if (!(hashAlgorithm in keyHashAlgosForDraftEncofing))
+      throw new Error(`unsupported hash: ${hashAlgorithm}`);
   };
-  if (algorithm.name === "RSASSA-PKCS1-v1_5") {
+  if (keyAlgorithm === "RSASSA-PKCS1-v1_5") {
     verifyHash();
-    return `rsa-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `rsa-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "ECDSA") {
+  if (keyAlgorithm === "ECDSA") {
     verifyHash();
-    return `ecdsa-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `ecdsa-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "ECDH") {
+  if (keyAlgorithm === "ECDH") {
     verifyHash();
-    return `ecdh-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `ecdh-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "Ed25519") {
+  if (keyAlgorithm === "Ed25519") {
     return `ed25519-sha512`;
   }
-  if (algorithm.name === "Ed448") {
+  if (keyAlgorithm === "Ed448") {
     return `ed448`;
   }
   throw new Error(`unsupported keyAlgorithm`);
@@ -467,10 +478,8 @@ function genDraftSignatureHeader(includeHeaders, keyId, signature, algorithm) {
 }
 async function signAsDraftToRequest(request, key, includeHeaders, opts = {}) {
   const hash = opts?.hashAlgorithm || "SHA-256";
-  const parsedPrivateKey = parsePkcs8(key.privateKeyPem);
-  const importParams = genSignInfo(parsedPrivateKey, { hash, ec: "DSA" });
-  const privateKey = await (await getWebcrypto()).subtle.importKey("pkcs8", parsedPrivateKey.der, importParams, false, ["sign"]);
-  const algoString = getDraftAlgoString(importParams);
+  const privateKey = "privateKey" in key ? key.privateKey : await importPrivateKey(key.privateKeyPem, ["sign"], { hash, ec: "DSA" });
+  const algoString = getDraftAlgoString(privateKey.algorithm.name, hash);
   const signingString = genDraftSigningString(request, includeHeaders, { keyId: key.keyId, algorithm: algoString });
   const signature = await genDraftSignature(privateKey, signingString);
   const signatureHeader = genDraftSignatureHeader(includeHeaders, key.keyId, signature, algoString);
@@ -958,10 +967,9 @@ function parseSignInfo(algorithm, parsed, errorLogger) {
 
 // src/draft/verify.ts
 var genSignInfoDraft = parseSignInfo;
-async function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
+async function verifyDraftSignature(parsed, key, errorLogger) {
   try {
-    const parsedSpki = parsePublicKey(publicKeyPem);
-    const publicKey = await (await getWebcrypto()).subtle.importKey("spki", parsedSpki.der, genSignInfo(parsedSpki), false, ["verify"]);
+    const publicKey = typeof key === "string" ? await importPublicKey(key, ["verify"]) : key;
     const verify = await (await getWebcrypto()).subtle.verify(publicKey.algorithm, publicKey, decodeBase64ToUint8Array(parsed.params.signature), new TextEncoder().encode(parsed.signingString));
     return verify;
   } catch (e) {
@@ -1010,6 +1018,8 @@ async function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
   getNistCurveFromOid,
   getPublicKeyAlgorithmNameFromOid,
   getWebcrypto,
+  importPrivateKey,
+  importPublicKey,
   keyHashAlgosForDraftDecoding,
   keyHashAlgosForDraftEncofing,
   lcObjectGet,
 
@@ -165,6 +165,10 @@ function parsePublicKey(input) {
     }
   }
 }
+async function importPublicKey(key, keyUsages, defaults) {
+  const parsedPublicKey = parsePublicKey(key);
+  return await (await getWebcrypto()).subtle.importKey("spki", parsedPublicKey.der, genSignInfo(parsedPublicKey), false, keyUsages);
+}
 
 // src/utils.ts
 async function getWebcrypto() {
@@ -289,6 +293,11 @@ function parsePkcs8(input) {
     attributesRaw: attributes ? asn1ToArrayBuffer(attributes) : null
   };
 }
+async function importPrivateKey(key, keyUsages, defaults) {
+  const parsedPrivateKey = parsePkcs8(key);
+  const importParams = genSignInfo(parsedPrivateKey, defaults);
+  return await (await getWebcrypto()).subtle.importKey("pkcs8", parsedPrivateKey.der, importParams, false, keyUsages);
+}
 
 // src/draft/const.ts
 var keyHashAlgosForDraftEncofing = {
@@ -308,29 +317,29 @@ var keyHashAlgosForDraftDecoding = {
 };
 
 // src/draft/sign.ts
-function getDraftAlgoString(algorithm) {
+function getDraftAlgoString(keyAlgorithm, hashAlgorithm) {
   const verifyHash = () => {
-    if (!algorithm.hash)
+    if (!hashAlgorithm)
       throw new Error(`hash is required`);
-    if (!(algorithm.hash in keyHashAlgosForDraftEncofing))
-      throw new Error(`unsupported hash: ${algorithm.hash}`);
+    if (!(hashAlgorithm in keyHashAlgosForDraftEncofing))
+      throw new Error(`unsupported hash: ${hashAlgorithm}`);
   };
-  if (algorithm.name === "RSASSA-PKCS1-v1_5") {
+  if (keyAlgorithm === "RSASSA-PKCS1-v1_5") {
     verifyHash();
-    return `rsa-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `rsa-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "ECDSA") {
+  if (keyAlgorithm === "ECDSA") {
     verifyHash();
-    return `ecdsa-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `ecdsa-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "ECDH") {
+  if (keyAlgorithm === "ECDH") {
     verifyHash();
-    return `ecdh-${keyHashAlgosForDraftEncofing[algorithm.hash]}`;
+    return `ecdh-${keyHashAlgosForDraftEncofing[hashAlgorithm]}`;
   }
-  if (algorithm.name === "Ed25519") {
+  if (keyAlgorithm === "Ed25519") {
     return `ed25519-sha512`;
   }
-  if (algorithm.name === "Ed448") {
+  if (keyAlgorithm === "Ed448") {
     return `ed448`;
   }
   throw new Error(`unsupported keyAlgorithm`);
@@ -370,10 +379,8 @@ function genDraftSignatureHeader(includeHeaders, keyId, signature, algorithm) {
 }
 async function signAsDraftToRequest(request, key, includeHeaders, opts = {}) {
   const hash = opts?.hashAlgorithm || "SHA-256";
-  const parsedPrivateKey = parsePkcs8(key.privateKeyPem);
-  const importParams = genSignInfo(parsedPrivateKey, { hash, ec: "DSA" });
-  const privateKey = await (await getWebcrypto()).subtle.importKey("pkcs8", parsedPrivateKey.der, importParams, false, ["sign"]);
-  const algoString = getDraftAlgoString(importParams);
+  const privateKey = "privateKey" in key ? key.privateKey : await importPrivateKey(key.privateKeyPem, ["sign"], { hash, ec: "DSA" });
+  const algoString = getDraftAlgoString(privateKey.algorithm.name, hash);
   const signingString = genDraftSigningString(request, includeHeaders, { keyId: key.keyId, algorithm: algoString });
   const signature = await genDraftSignature(privateKey, signingString);
   const signatureHeader = genDraftSignatureHeader(includeHeaders, key.keyId, signature, algoString);
@@ -861,10 +868,9 @@ function parseSignInfo(algorithm, parsed, errorLogger) {
 
 // src/draft/verify.ts
 var genSignInfoDraft = parseSignInfo;
-async function verifyDraftSignature(parsed, publicKeyPem, errorLogger) {
+async function verifyDraftSignature(parsed, key, errorLogger) {
   try {
-    const parsedSpki = parsePublicKey(publicKeyPem);
-    const publicKey = await (await getWebcrypto()).subtle.importKey("spki", parsedSpki.der, genSignInfo(parsedSpki), false, ["verify"]);
+    const publicKey = typeof key === "string" ? await importPublicKey(key, ["verify"]) : key;
     const verify = await (await getWebcrypto()).subtle.verify(publicKey.algorithm, publicKey, decodeBase64ToUint8Array(parsed.params.signature), new TextEncoder().encode(parsed.signingString));
     return verify;
   } catch (e) {
@@ -912,6 +918,8 @@ export {
   getNistCurveFromOid,
   getPublicKeyAlgorithmNameFromOid,
   getWebcrypto,
+  importPrivateKey,
+  importPublicKey,
   keyHashAlgosForDraftDecoding,
   keyHashAlgosForDraftEncofing,
   lcObjectGet,
 
@@ -1,5 +1,8 @@
+/// <reference types="node" />
 import ASN1 from '@lapo/asn1js';
-import { ParsedAlgorithmIdentifierBase } from './spki';
+import { ParsedAlgorithmIdentifierBase } from './spki.js';
+import { genSignInfo } from '../utils.js';
+import type { webcrypto } from 'node:crypto';
 export declare class Pkcs8ParseError extends Error {
     constructor(message: string);
 }
@@ -26,3 +29,12 @@ export type ParsedPkcs8 = ParsedAlgorithmIdentifierBase & {
  * @returns
  */
 export declare function parsePkcs8(input: ASN1.StreamOrBinary): ParsedPkcs8;
+/**
+ * Parse private key and run `crypto.subtle.importKey`
+ * (only supports PKCS#8)
+ * @param key string or ArrayBuffer
+ * @param keyUsages e.g. ['verify']
+ * @param defaults
+ * @returns CryptoKey
+ */
+export declare function importPrivateKey(key: ASN1.StreamOrBinary, keyUsages: webcrypto.KeyUsage[], defaults?: Parameters<typeof genSignInfo>[1]): Promise<webcrypto.CryptoKey>;
@@ -1,5 +1,8 @@
+/// <reference types="node" />
 import ASN1 from '@lapo/asn1js';
 import { ECNamedCurve, KeyAlgorithmName } from '../types';
+import type { webcrypto } from 'node:crypto';
+import { genSignInfo } from '../utils';
 export declare class SpkiParseError extends Error {
     constructor(message: string);
 }
@@ -91,3 +94,11 @@ export declare function parseSpki(input: ASN1.StreamOrBinary): SpkiParsedAlgorit
  * @returns parsed object
  */
 export declare function parsePublicKey(input: ASN1.StreamOrBinary): SpkiParsedAlgorithmIdentifier;
+/**
+ * Parse public key and run `crypto.subtle.importKey`
+ * @param key string or ArrayBuffer
+ * @param keyUsages e.g. ['verify']
+ * @param defaults
+ * @returns CryptoKey
+ */
+export declare function importPublicKey(key: ASN1.StreamOrBinary, keyUsages: webcrypto.CryptoKey['usages'], defaults?: Parameters<typeof genSignInfo>[1]): Promise<webcrypto.CryptoKey>;
@@ -1,7 +1,9 @@
 /// <reference types="node" />
 /// <reference types="node" />
+/// <reference types="node" />
 import type { IncomingMessage } from "http";
 import type { Http2ServerRequest } from "http2";
+import type { webcrypto } from "node:crypto";
 export type RequestLike = {
     url: string;
     method: string;
@@ -47,10 +49,15 @@ export type SignInfoEd448 = {
     context?: string;
 };
 export type SignInfo = SignInfoRSAPSS | SignInfoRSA | SignInfoEC | SignInfoEd25519 | SignInfoEd448;
-export type PrivateKey = {
+export type PrivateKeyWithPem = {
     privateKeyPem: string;
     keyId: string;
 };
+export type PrivateKeyWithCryptoKey = {
+    privateKey: webcrypto.CryptoKey;
+    keyId: string;
+};
+export type PrivateKey = PrivateKeyWithPem | PrivateKeyWithCryptoKey;
 export type KeyAlgorithmName = 'RSA-PSS' | 'RSASSA-PKCS1-v1_5' | 'DSA' | 'DH' | 'KEA' | 'EC' | 'Ed25519' | 'Ed448';
 export type ECNamedCurve = 'P-192' | 'P-224' | 'P-256' | 'P-384' | 'P-521';
 export type SignatureHashAlgorithmUpperSnake = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512' | null;
 
@@ -1,6 +1,6 @@
 {
   "name": "@misskey-dev/node-http-message-signatures",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "",
   "type": "module",
 	"engines": {
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@misskey-dev/node-http-message-signatures",`
`3`		`- "version": "0.0.2",`
	`3`	`+ "version": "0.0.3",`
`4`	`4`	`"description": "",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"engines": {`