add deriving kid from thumbprint to ts impl as well, ignore protobuf audit issue for now

Author: wulfraem

.cargo/audit.toml

@@ -4,4 +4,5 @@ ignore = [
   "RUSTSEC-2023-0052", # temporary ignore until fix is provided
   "RUSTSEC-2023-0065", # temporary ignore until fix is provided
   "RUSTSEC-2023-0071", # temporary ignore until fix is provided
+  "RUSTSEC-2024-0437", # temporary ignore until fix is provided
 ]

bindings/wasm/identity_wasm/lib/jwk_storage.ts

@@ -99,13 +99,16 @@ async function encodeJwk(privateKey: Ed25519PrivateKey, alg: JwsAlgorithm): Prom
     let x = encodeB64(publicKey);
     let d = encodeB64(privateKey);
 
-    return new Jwk({
+    const jwk = new Jwk({
         "kty": JwkType.Okp,
         "crv": "Ed25519",
         d,
         x,
         alg,
     });
+    jwk.setKid(jwk.thumbprintSha256B64());
+
+    return jwk;
 }
 
 function decodeJwk(jwk: Jwk): [Ed25519PrivateKey, Ed25519PublicKey] {

bindings/wasm/identity_wasm/src/jose/jwk.rs

@@ -88,6 +88,12 @@ impl WasmJwk {
     self.0.kid().map(ToOwned::to_owned)
   }
 
+  /// Sets a value for the key ID property (kid).
+  #[wasm_bindgen(js_name = setKid)]
+  pub fn set_kid(&mut self, kid: String) {
+    self.0.set_kid(kid);
+  }
+
   /// Returns the value of the X.509 URL property (x5u).
   #[wasm_bindgen]
   pub fn x5u(&self) -> Option<String> {
@@ -168,6 +174,16 @@ impl WasmJwk {
     }
   }
 
+  /// Creates a Thumbprint of the JSON Web Key according to [RFC7638](https://tools.ietf.org/html/rfc7638).
+  ///
+  /// `SHA2-256` is used as the hash function *H*.
+  ///
+  /// The thumbprint is returned as a base64url-encoded string.
+  #[wasm_bindgen(js_name = thumbprintSha256B64)]
+  pub fn thumbprint_sha256_b64(&self) -> String {
+    self.0.thumbprint_sha256_b64()
+  }
+
   /// Returns a clone of the {@link Jwk} with _all_ private key components unset.
   /// Nothing is returned when `kty = oct` as this key type is not considered public by this library.
   #[wasm_bindgen(js_name = toPublic)]