@agentunion/fastaun-browser 0.4.4 → 0.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/_packed_docs/CHANGELOG.md +13 -0
- package/_packed_docs/sdk/01-/345/277/253/351/200/237/345/274/200/345/247/213.md +1 -1
- package/_packed_docs/sdk/05-E2EE/345/212/240/345/257/206/351/200/232/344/277/241.md +1 -1
- package/dist/aid-store.d.ts +1 -0
- package/dist/aid-store.d.ts.map +1 -1
- package/dist/aid-store.js +26 -9
- package/dist/aid-store.js.map +1 -1
- package/dist/auth.d.ts +8 -13
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +37 -130
- package/dist/auth.js.map +1 -1
- package/dist/bundle.js +644 -210
- package/dist/client.d.ts +5 -4
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +64 -66
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/keystore/index.d.ts +45 -22
- package/dist/keystore/index.d.ts.map +1 -1
- package/dist/keystore/index.js +6 -1
- package/dist/keystore/index.js.map +1 -1
- package/dist/keystore/indexeddb.d.ts +11 -1
- package/dist/keystore/indexeddb.d.ts.map +1 -1
- package/dist/keystore/indexeddb.js +167 -18
- package/dist/keystore/indexeddb.js.map +1 -1
- package/dist/register-flow.d.ts +34 -0
- package/dist/register-flow.d.ts.map +1 -0
- package/dist/register-flow.js +355 -0
- package/dist/register-flow.js.map +1 -0
- package/dist/v2/session/keystore.d.ts +5 -0
- package/dist/v2/session/keystore.d.ts.map +1 -1
- package/dist/v2/session/keystore.js +29 -0
- package/dist/v2/session/keystore.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +1 -1
- package/_packed_docs/0.4.0_/345/267/256/345/274/202/346/240/270/345/256/236/345/206/263/347/255/226/350/256/260/345/275/225.md +0 -302
- package/_packed_docs/AUN_SDK_0.4.0_/350/256/276/350/256/241/345/257/271/346/257/224/345/210/206/346/236/220.md +0 -194
- package/_packed_docs/AUN_SDK_/351/207/215/346/236/204/345/256/236/346/226/275/350/256/241/345/210/222.md +0 -596
- package/_packed_docs/AUN_SDK_/351/207/215/346/236/204/350/256/276/350/256/241/346/226/271/346/241/210_v3.md +0 -1698
- package/_packed_docs/python-sdk-v2-only-changelog.md +0 -189
package/dist/index.d.ts
CHANGED
|
@@ -16,6 +16,7 @@ export type { SecretStore } from './secret-store/index.js';
|
|
|
16
16
|
export { createDefaultSecretStore } from './secret-store/index.js';
|
|
17
17
|
export { IndexedDBSecretStore } from './secret-store/indexeddb-store.js';
|
|
18
18
|
export { AuthFlow } from './auth.js';
|
|
19
|
+
export { RegisterFlow, type RegisterResult } from './register-flow.js';
|
|
19
20
|
export { ProtectedHeaders } from './protected-headers.js';
|
|
20
21
|
export type { ProtectedHeadersInput } from './protected-headers.js';
|
|
21
22
|
export { encryptP2PMessage, encryptGroupMessage, decryptMessage, } from './v2/e2ee/index.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAGtD,OAAO,EAAE,SAAS,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,GAAG,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG/E,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxE,OAAO,EACL,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,sBAAsB,EACtB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,uBAAuB,EACvB,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,GACf,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,eAAe,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,OAAO,EACZ,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAG/E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGlD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAGvG,YAAY,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAGtD,OAAO,EAAE,SAAS,EAAE,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,GAAG,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,KAAK,MAAM,EAAE,KAAK,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG/E,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxE,OAAO,EACL,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,sBAAsB,EACtB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,uBAAuB,EACvB,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,GACf,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,eAAe,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,wBAAwB,EAC7B,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,mBAAmB,EACxB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,OAAO,EACZ,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,UAAU,EACf,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAG/E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGlD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,KAAK,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAGvG,YAAY,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAGvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,GACf,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,MAAM,EACN,MAAM,EACN,SAAS,EACT,cAAc,EACd,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAC9D,YAAY,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAG3E,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -24,6 +24,7 @@ export { createDefaultSecretStore } from './secret-store/index.js';
|
|
|
24
24
|
export { IndexedDBSecretStore } from './secret-store/indexeddb-store.js';
|
|
25
25
|
// 认证
|
|
26
26
|
export { AuthFlow } from './auth.js';
|
|
27
|
+
export { RegisterFlow } from './register-flow.js';
|
|
27
28
|
// E2EE V2-only 公开 API
|
|
28
29
|
export { ProtectedHeaders } from './protected-headers.js';
|
|
29
30
|
export { encryptP2PMessage, encryptGroupMessage, decryptMessage, } from './v2/e2ee/index.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,MAAM;AACN,OAAO,EAAE,SAAS,EAA0B,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,GAAG,EAAqB,MAAM,UAAU,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAgB,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAA+B,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE/E,KAAK;AACL,OAAO,EAAE,WAAW,EAAE,YAAY,EAAkB,MAAM,aAAa,CAAC;AAExE,OAAO;AACP,OAAO,EACL,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,sBAAsB,EACtB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,uBAAuB,EACvB,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,KAAK;AACL,OAAO,EACL,eAAe,EAqBf,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB,KAAK;AACL,OAAO,EAAE,eAAe,EAAE,YAAY,EAAqB,MAAM,aAAa,CAAC;AAE/E,MAAM;AACN,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM;AACN,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,KAAK;AACL,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAIlD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAyB,MAAM,yBAAyB,CAAC;AAIvG,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,KAAK;AACL,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,cAAc,CAAC;AAEtD,MAAM;AACN,OAAO,EAAE,SAAS,EAA0B,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,GAAG,EAAqB,MAAM,UAAU,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAgB,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAA+B,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE/E,KAAK;AACL,OAAO,EAAE,WAAW,EAAE,YAAY,EAAkB,MAAM,aAAa,CAAC;AAExE,OAAO;AACP,OAAO,EACL,QAAQ,EACR,eAAe,EACf,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,aAAa,EACb,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,sBAAsB,EACtB,2BAA2B,EAC3B,2BAA2B,EAC3B,+BAA+B,EAC/B,uBAAuB,EACvB,2BAA2B,EAC3B,uBAAuB,EACvB,iBAAiB,EACjB,oBAAoB,EACpB,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,KAAK;AACL,OAAO,EACL,eAAe,EAqBf,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB,KAAK;AACL,OAAO,EAAE,eAAe,EAAE,YAAY,EAAqB,MAAM,aAAa,CAAC;AAE/E,MAAM;AACN,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM;AACN,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,KAAK;AACL,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAIlD,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAyB,MAAM,yBAAyB,CAAC;AAIvG,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAEzE,KAAK;AACL,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,YAAY,EAAuB,MAAM,oBAAoB,CAAC;AAEvE,sBAAsB;AACtB,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,GACf,MAAM,oBAAoB,CAAC;AAQ5B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAE3E,MAAM;AACN,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/keystore/index.d.ts
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import type { GroupSecretRecord, IdentityRecord, KeyPairRecord, MetadataRecord, PrekeyMap, PrekeyRecord, SessionRecord } from '../types.js';
|
|
2
1
|
/**
|
|
3
|
-
*
|
|
2
|
+
* KeyStore / TokenStore 接口定义(浏览器版本 — 所有方法均为异步)。
|
|
4
3
|
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* TokenStore — 不含私钥操作,AuthFlow / AUNClient 持有此类型。
|
|
5
|
+
* KeyStore — 仅包含私钥/完整身份操作,AIDStore / RegisterFlow 持有。
|
|
7
6
|
*/
|
|
7
|
+
import type { GroupSecretRecord, IdentityRecord, KeyPairRecord, MetadataRecord, PrekeyMap, PrekeyRecord, SessionRecord } from '../types.js';
|
|
8
8
|
export interface AgentMdCacheRecord {
|
|
9
9
|
aid: string;
|
|
10
10
|
content: string;
|
|
@@ -21,28 +21,17 @@ export interface AgentMdCacheRecord {
|
|
|
21
21
|
updated_at: number;
|
|
22
22
|
}
|
|
23
23
|
export type AgentMdCacheUpsert = Partial<Omit<AgentMdCacheRecord, 'aid' | 'updated_at'>>;
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
/** 保存密钥对 */
|
|
30
|
-
saveKeyPair(aid: string, keyPair: KeyPairRecord): Promise<void>;
|
|
31
|
-
/** 迁移 IndexedDB 中由 seed 加密的私钥 */
|
|
32
|
-
changeSeed?(oldSeed: string, newSeed: string): Promise<{
|
|
33
|
-
migrated: number;
|
|
34
|
-
privateKeysMigrated: number;
|
|
35
|
-
}>;
|
|
24
|
+
/**
|
|
25
|
+
* 不含私钥操作的存储接口(浏览器版本 — 所有方法均为异步)。
|
|
26
|
+
* AuthFlow / AUNClient 持有此类型。
|
|
27
|
+
*/
|
|
28
|
+
export interface TokenStore {
|
|
36
29
|
/** 加载证书 PEM */
|
|
37
30
|
loadCert(aid: string, certFingerprint?: string): Promise<string | null>;
|
|
38
31
|
/** 保存证书 PEM */
|
|
39
32
|
saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
|
|
40
33
|
makeActive?: boolean;
|
|
41
34
|
}): Promise<void>;
|
|
42
|
-
/** 加载完整身份信息 */
|
|
43
|
-
loadIdentity(aid: string): Promise<IdentityRecord | null>;
|
|
44
|
-
/** 保存完整身份信息 */
|
|
45
|
-
saveIdentity(aid: string, identity: IdentityRecord): Promise<void>;
|
|
46
35
|
/** 加载实例级状态 */
|
|
47
36
|
loadInstanceState?(aid: string, deviceId: string, slotId?: string): Promise<MetadataRecord | null>;
|
|
48
37
|
/** 保存实例级状态 */
|
|
@@ -110,8 +99,6 @@ export interface KeyStore {
|
|
|
110
99
|
loadAllSeqs?(aid: string, deviceId: string, slotId: string): Promise<Record<string, number>>;
|
|
111
100
|
/** 删除单个 namespace 的 contiguous_seq 行 */
|
|
112
101
|
deleteSeq?(aid: string, deviceId: string, slotId: string, namespace: string): Promise<void>;
|
|
113
|
-
/** 列出已存储的所有身份 AID(可选) */
|
|
114
|
-
listIdentities?(): Promise<string[]>;
|
|
115
102
|
/** 加载身份元数据(可选) */
|
|
116
103
|
loadMetadata?(aid: string): Promise<Record<string, unknown> | null>;
|
|
117
104
|
/** 读取单个 metadata KV(可选) */
|
|
@@ -149,4 +136,40 @@ export interface GroupStateRecord {
|
|
|
149
136
|
policy_json: string;
|
|
150
137
|
updated_at: number;
|
|
151
138
|
}
|
|
139
|
+
/** 私钥/完整身份存储接口,仅 AIDStore / RegisterFlow 持有。 */
|
|
140
|
+
export interface KeyStore {
|
|
141
|
+
/** 加载密钥对 */
|
|
142
|
+
loadKeyPair(aid: string): Promise<KeyPairRecord | null>;
|
|
143
|
+
/** 保存密钥对 */
|
|
144
|
+
saveKeyPair(aid: string, keyPair: KeyPairRecord): Promise<void>;
|
|
145
|
+
/** 创建注册 pending 身份记录(返回 pending handle) */
|
|
146
|
+
pendingIdentityDir?(aid: string): Promise<string>;
|
|
147
|
+
/** 列出指定 AID 的注册 pending 记录 */
|
|
148
|
+
listPendingIdentityDirs?(aid: string): Promise<string[]>;
|
|
149
|
+
/** 保存 pending 密钥对;实现必须加密私钥字段 */
|
|
150
|
+
savePendingKeyPair?(handle: string, aid: string, keyPair: KeyPairRecord): Promise<void>;
|
|
151
|
+
/** 加载 pending 密钥对(返回时在内存中还原私钥) */
|
|
152
|
+
loadPendingKeyPair?(handle: string, aid: string): Promise<KeyPairRecord | null>;
|
|
153
|
+
/** 保存 pending 证书 */
|
|
154
|
+
savePendingCert?(handle: string, certPem: string): Promise<void>;
|
|
155
|
+
/** 将 pending 身份转正 */
|
|
156
|
+
promotePendingIdentity?(handle: string, aid: string): Promise<string>;
|
|
157
|
+
/** 删除指定 pending 身份 */
|
|
158
|
+
discardPendingIdentity?(handle: string): Promise<void>;
|
|
159
|
+
/** 清理超龄 pending 身份 */
|
|
160
|
+
cleanupPendingDirs?(maxAgeMs?: number): Promise<number>;
|
|
161
|
+
/** 加载完整身份信息(含私钥) */
|
|
162
|
+
loadIdentity(aid: string): Promise<IdentityRecord | null>;
|
|
163
|
+
/** 保存完整身份信息(允许写入私钥字段) */
|
|
164
|
+
saveIdentity(aid: string, identity: IdentityRecord): Promise<void>;
|
|
165
|
+
/** 列出所有已存储的 AID */
|
|
166
|
+
listIdentities?(): Promise<string[]>;
|
|
167
|
+
/** 迁移 IndexedDB 中由 seed 加密的私钥 */
|
|
168
|
+
changeSeed?(oldSeed: string, newSeed: string): Promise<{
|
|
169
|
+
migrated: number;
|
|
170
|
+
privateKeysMigrated: number;
|
|
171
|
+
}>;
|
|
172
|
+
}
|
|
173
|
+
/** 物理实现通常同时实现 TokenStore 与 KeyStore;注册流程显式要求组合类型。 */
|
|
174
|
+
export type FullKeyStore = TokenStore & KeyStore;
|
|
152
175
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,aAAa,EACb,cAAc,EACd,SAAS,EACT,YAAY,EACZ,aAAa,EACd,MAAM,aAAa,CAAC;AACrB,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC;AAEzF;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,eAAe;IACf,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxE,eAAe;IACf,QAAQ,CACN,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,EACxB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GAC9B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,cAAc;IACd,iBAAiB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IACnG,cAAc;IACd,iBAAiB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxG,gBAAgB;IAChB,mBAAmB,CAAC,CAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,cAAc,GAAG,IAAI,GACxD,OAAO,CAAC,cAAc,CAAC,CAAC;IAE3B,mDAAmD;IACnD,eAAe,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACrE;;;;;OAKG;IACH,kBAAkB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5F,iDAAiD;IACjD,cAAc,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3G,kDAAkD;IAClD,kBAAkB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE9G,4BAA4B;IAC5B,kBAAkB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,0BAA0B;IAC1B,0BAA0B,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7F,gCAAgC;IAChC,oBAAoB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAC9G,kCAAkC;IAClC,qBAAqB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACnF,oBAAoB;IACpB,0BAA0B,CAAC,CACzB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACtC,0BAA0B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3C,mBAAmB,EAAE,MAAM,CAAC;KAC7B,GACA,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,oDAAoD;IACpD,qBAAqB,CAAC,CACpB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACtC,0BAA0B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3C,mBAAmB,EAAE,MAAM,CAAC;KAC7B,GACA,OAAO,CAAC,OAAO,CAAC,CAAC;IACpB,+BAA+B;IAC/B,8BAA8B,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnH,6BAA6B;IAC7B,sBAAsB,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE,yBAAyB;IACzB,gBAAgB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACzD,wBAAwB;IACxB,eAAe,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErF,sCAAsC;IACtC,OAAO,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjH,sCAAsC;IACtC,OAAO,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5F,qDAAqD;IACrD,WAAW,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7F,wCAAwC;IACxC,SAAS,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5F,kBAAkB;IAClB,YAAY,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IACpE,2BAA2B;IAC3B,WAAW,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,kCAAkC;IAClC,WAAW,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE,+BAA+B;IAC/B,cAAc,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvJ,oDAAoD;IACpD,kBAAkB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5G,uBAAuB;IACvB,cAAc,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;IAE3D,oCAAoC;IACpC,gBAAgB,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IAC3F,oCAAoC;IACpC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAClH,oCAAoC;IACpC,sBAAsB,CAAC,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,eAAe;IACf,cAAc,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE,eAAe;IACf,cAAc,CAAC,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;CACpE;AAED,aAAa;AACb,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,gDAAgD;AAChD,MAAM,WAAW,QAAQ;IACvB,YAAY;IACZ,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACxD,YAAY;IACZ,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,2CAA2C;IAC3C,kBAAkB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,8BAA8B;IAC9B,uBAAuB,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,gCAAgC;IAChC,kBAAkB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxF,kCAAkC;IAClC,kBAAkB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAChF,oBAAoB;IACpB,eAAe,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjE,qBAAqB;IACrB,sBAAsB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACtE,sBAAsB;IACtB,sBAAsB,CAAC,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,sBAAsB;IACtB,kBAAkB,CAAC,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,oBAAoB;IACpB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAC1D,yBAAyB;IACzB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnE,mBAAmB;IACnB,cAAc,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,iCAAiC;IACjC,UAAU,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,mBAAmB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC3G;AAED,qDAAqD;AACrD,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,QAAQ,CAAC"}
|
package/dist/keystore/index.js
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
-
|
|
1
|
+
/**
|
|
2
|
+
* KeyStore / TokenStore 接口定义(浏览器版本 — 所有方法均为异步)。
|
|
3
|
+
*
|
|
4
|
+
* TokenStore — 不含私钥操作,AuthFlow / AUNClient 持有此类型。
|
|
5
|
+
* KeyStore — 仅包含私钥/完整身份操作,AIDStore / RegisterFlow 持有。
|
|
6
|
+
*/
|
|
2
7
|
export {};
|
|
3
8
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}
|
|
@@ -24,7 +24,7 @@ export declare class IndexedDBKeyStore implements KeyStore {
|
|
|
24
24
|
private _log;
|
|
25
25
|
setLogger(log: ModuleLogger): void;
|
|
26
26
|
private static _aidTails;
|
|
27
|
-
/**
|
|
27
|
+
/** 私钥加密种子;空字符串也是有效 seed,默认不再写入明文私钥。 */
|
|
28
28
|
private _encryptionSeed;
|
|
29
29
|
constructor(opts?: {
|
|
30
30
|
encryptionSeed?: string;
|
|
@@ -35,6 +35,15 @@ export declare class IndexedDBKeyStore implements KeyStore {
|
|
|
35
35
|
listIdentities(): Promise<string[]>;
|
|
36
36
|
loadKeyPair(aid: string): Promise<KeyPairRecord | null>;
|
|
37
37
|
saveKeyPair(aid: string, keyPair: KeyPairRecord): Promise<void>;
|
|
38
|
+
pendingIdentityDir(aid: string): Promise<string>;
|
|
39
|
+
listPendingIdentityDirs(aid: string): Promise<string[]>;
|
|
40
|
+
savePendingKeyPair(handle: string, aid: string, keyPair: KeyPairRecord): Promise<void>;
|
|
41
|
+
loadPendingKeyPair(handle: string, aid: string): Promise<KeyPairRecord | null>;
|
|
42
|
+
savePendingCert(handle: string, certPem: string): Promise<void>;
|
|
43
|
+
promotePendingIdentity(handle: string, aid: string): Promise<string>;
|
|
44
|
+
private _protectedPendingKeyPair;
|
|
45
|
+
cleanupPendingDirs(maxAgeMs?: number): Promise<number>;
|
|
46
|
+
discardPendingIdentity(handle: string): Promise<void>;
|
|
38
47
|
loadCert(aid: string, certFingerprint?: string): Promise<string | null>;
|
|
39
48
|
saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
|
|
40
49
|
makeActive?: boolean;
|
|
@@ -100,6 +109,7 @@ export declare class IndexedDBKeyStore implements KeyStore {
|
|
|
100
109
|
* 与 _saveMetadataOnlyUnlocked 不同,本方法只更新指定 key,不影响其他字段。
|
|
101
110
|
*/
|
|
102
111
|
setMetadata(aid: string, key: string, value: string): Promise<void>;
|
|
112
|
+
private _loadPendingRecord;
|
|
103
113
|
private _loadKeyPairUnlocked;
|
|
104
114
|
private _saveKeyPairUnlocked;
|
|
105
115
|
private _loadCertUnlocked;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexeddb.d.ts","sourceRoot":"","sources":["../../src/keystore/indexeddb.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAIrG,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,cAAc,EAEnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EACnB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"indexeddb.d.ts","sourceRoot":"","sources":["../../src/keystore/indexeddb.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEjD,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAIrG,OAAO,EAGL,KAAK,iBAAiB,EACtB,KAAK,cAAc,EAEnB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EACnB,MAAM,aAAa,CAAC;AAgFrB,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,EAAE,MAAM,CAAC;IAC5B,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAyaD;;;;;;;;GAQG;AACH,qBAAa,iBAAkB,YAAW,QAAQ;IAChD,OAAO,CAAC,IAAI,CAA0B;IACtC,SAAS,CAAC,GAAG,EAAE,YAAY,GAAG,IAAI;IAElC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAoC;IAE5D,uCAAuC;IACvC,OAAO,CAAC,eAAe,CAAqB;gBAEhC,IAAI,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,MAAM,CAAA;KAAE;WAIjC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAiD9E,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;YAM/D,YAAY;IAwBpB,cAAc,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAkCnC,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAwBvD,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAY/D,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWhD,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IASvD,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBtF,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAwB9E,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAU/D,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAwB5D,wBAAwB;IAehC,kBAAkB,CAAC,QAAQ,GAAE,MAAgB,GAAG,OAAO,CAAC,MAAM,CAAC;IAc/D,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA6BvE,QAAQ,CACZ,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,eAAe,CAAC,EAAE,MAAM,EACxB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GAC9B,OAAO,CAAC,IAAI,CAAC;IAuBV,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAK,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAO7F,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAMtG,mBAAmB,CACvB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,cAAc,GAAG,IAAI,GACxD,OAAO,CAAC,cAAc,CAAC;IAapB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IA0CzD,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IA6ClE,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAOzE;;;;;;;;;OASG;IACG,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAO1F,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BzG,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,SAAI,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAqCvG,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAgBlD,0BAA0B,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAe3F,oBAAoB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAqB5G,qBAAqB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAoBjF,0BAA0B,CAC9B,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACtC,0BAA0B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3C,mBAAmB,EAAE,MAAM,CAAC;KAC7B,GACA,OAAO,CAAC,OAAO,CAAC;IAOb,qBAAqB,CACzB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,oBAAoB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;QACtC,0BAA0B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3C,mBAAmB,EAAE,MAAM,CAAC;KAC7B,GACA,OAAO,CAAC,OAAO,CAAC;IAOb,8BAA8B,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASjH,sBAAsB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAanE,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAOvD,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IASzF;;;;OAIG;IACG,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAW5D;;;;OAIG;IACG,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;YAgB3D,kBAAkB;YAalB,oBAAoB;YAuBpB,oBAAoB;YAUpB,iBAAiB;YAKjB,iBAAiB;YAIjB,yBAAyB;YAKzB,+BAA+B;YAe/B,yBAAyB;YAKzB,qCAAqC;YAoErC,oBAAoB;IAyBlC;;;;;;;;;;OAUG;YACW,uBAAuB;YA8BvB,uBAAuB;YAiCvB,yBAAyB;YAkCzB,4BAA4B;YAyB5B,6BAA6B;YAqC7B,mCAAmC;YAgHnC,8BAA8B;YAyG9B,kCAAkC;IAuChD,OAAO,CAAC,wBAAwB;IAmChC,OAAO,CAAC,0BAA0B;IAqElC,OAAO,CAAC,4BAA4B;IAUpC,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAI5B,OAAO,CAAC,wBAAwB;YASlB,qBAAqB;YAUrB,wBAAwB;YAqBxB,8BAA8B;IAmBtC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK/G,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAM1F,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAc3F,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO1F,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASzF,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAYhH,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAsB9D,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC;IAavE,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAmBvE,oCAAoC;IACpC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAwB;IAC/D,wCAAwC;IACxC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAA0B;IACnE,yCAAyC;IACzC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAyB;IACnE,gDAAgD;IAChD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAA2B;IAEvE,qCAAqC;YACvB,eAAe;IAiB7B,mCAAmC;IACnC,OAAO,CAAC,eAAe;IAOjB,cAAc,CAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,SAAS,EAAE,KAAK,CAAC;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,GAC/E,OAAO,CAAC,MAAM,CAAC;IAmBZ,kBAAkB,CACtB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,iBAAiB,GAAE,MAAW,GAC7B,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAgCtB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAKhE"}
|
|
@@ -120,7 +120,7 @@ function hasEncryptionSeed(seed) {
|
|
|
120
120
|
}
|
|
121
121
|
// ── IndexedDB 工具 ──────────────────────────────────────
|
|
122
122
|
const DB_NAME = 'aun-keystore';
|
|
123
|
-
const DB_VERSION =
|
|
123
|
+
const DB_VERSION = 7;
|
|
124
124
|
/** 对象仓库名称 */
|
|
125
125
|
const STORE_KEY_PAIRS = 'key_pairs';
|
|
126
126
|
const STORE_CERTS = 'certs';
|
|
@@ -132,11 +132,19 @@ const STORE_GROUP_OLD_EPOCHS = 'group_old_epochs';
|
|
|
132
132
|
const STORE_SESSIONS = 'e2ee_sessions';
|
|
133
133
|
const STORE_GROUP_STATE = 'group_state';
|
|
134
134
|
const STORE_AGENT_MD_CACHE = 'agent_md_cache';
|
|
135
|
+
const STORE_PENDING_IDENTITIES = 'pending_identities';
|
|
135
136
|
const STRUCTURED_RECOVERY_RETENTION_MS = 7 * 24 * 3600 * 1000;
|
|
136
137
|
const CRITICAL_METADATA_KEYS = [];
|
|
137
138
|
function metadataStoreKey(aid) {
|
|
138
139
|
return safeAid(aid);
|
|
139
140
|
}
|
|
141
|
+
function randomHex(byteLength) {
|
|
142
|
+
const bytes = crypto.getRandomValues(new Uint8Array(byteLength));
|
|
143
|
+
return Array.from(bytes).map((b) => b.toString(16).padStart(2, '0')).join('');
|
|
144
|
+
}
|
|
145
|
+
function pendingIdentityPrefix(aid) {
|
|
146
|
+
return `${safeAid(aid)}-`;
|
|
147
|
+
}
|
|
140
148
|
function normalizeCertFingerprint(certFingerprint) {
|
|
141
149
|
const normalized = String(certFingerprint ?? '').trim().toLowerCase();
|
|
142
150
|
if (!normalized)
|
|
@@ -315,6 +323,9 @@ function openDB() {
|
|
|
315
323
|
if (!db.objectStoreNames.contains(STORE_AGENT_MD_CACHE)) {
|
|
316
324
|
db.createObjectStore(STORE_AGENT_MD_CACHE);
|
|
317
325
|
}
|
|
326
|
+
if (!db.objectStoreNames.contains(STORE_PENDING_IDENTITIES)) {
|
|
327
|
+
db.createObjectStore(STORE_PENDING_IDENTITIES);
|
|
328
|
+
}
|
|
318
329
|
};
|
|
319
330
|
request.onsuccess = () => {
|
|
320
331
|
const db = request.result;
|
|
@@ -464,10 +475,10 @@ export class IndexedDBKeyStore {
|
|
|
464
475
|
_log = _noopLog;
|
|
465
476
|
setLogger(log) { this._log = log; }
|
|
466
477
|
static _aidTails = new Map();
|
|
467
|
-
/**
|
|
478
|
+
/** 私钥加密种子;空字符串也是有效 seed,默认不再写入明文私钥。 */
|
|
468
479
|
_encryptionSeed;
|
|
469
480
|
constructor(opts) {
|
|
470
|
-
this._encryptionSeed = opts?.encryptionSeed;
|
|
481
|
+
this._encryptionSeed = opts?.encryptionSeed ?? '';
|
|
471
482
|
}
|
|
472
483
|
static async changeSeed(oldSeed, newSeed) {
|
|
473
484
|
if (oldSeed === '.seed') {
|
|
@@ -479,8 +490,13 @@ export class IndexedDBKeyStore {
|
|
|
479
490
|
if (!isRecord(row.value))
|
|
480
491
|
continue;
|
|
481
492
|
const envelope = row.value._encrypted_pk;
|
|
482
|
-
if (!isRecord(envelope))
|
|
493
|
+
if (!isRecord(envelope)) {
|
|
494
|
+
const plain = row.value.private_key_pem;
|
|
495
|
+
if (typeof plain === 'string' && plain) {
|
|
496
|
+
migrations.push({ key: row.key, value: deepClone(row.value), privateKeyPem: plain });
|
|
497
|
+
}
|
|
483
498
|
continue;
|
|
499
|
+
}
|
|
484
500
|
try {
|
|
485
501
|
const privateKeyPem = await _decryptPEM(envelope, oldSeed);
|
|
486
502
|
migrations.push({ key: row.key, value: deepClone(row.value), privateKeyPem });
|
|
@@ -588,18 +604,14 @@ export class IndexedDBKeyStore {
|
|
|
588
604
|
delete result._encrypted_pk;
|
|
589
605
|
}
|
|
590
606
|
catch {
|
|
591
|
-
this._log.error(`[keystore] decrypt ${aid} private
|
|
607
|
+
this._log.error(`[keystore] decrypt ${aid} private key failed, maybe encryptionSeed mismatch`);
|
|
608
|
+
throw new Error(`private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
|
|
592
609
|
}
|
|
593
610
|
}
|
|
594
611
|
else if (
|
|
595
612
|
// 透明迁移:旧版明文数据自动加密回写
|
|
596
613
|
!epk && typeof result.private_key_pem === 'string' && hasEncryptionSeed(this._encryptionSeed)) {
|
|
597
|
-
|
|
598
|
-
await this.saveKeyPair(aid, result);
|
|
599
|
-
}
|
|
600
|
-
catch {
|
|
601
|
-
// 迁移失败不影响读取
|
|
602
|
-
}
|
|
614
|
+
await this.saveKeyPair(aid, result);
|
|
603
615
|
}
|
|
604
616
|
return result;
|
|
605
617
|
}
|
|
@@ -612,6 +624,134 @@ export class IndexedDBKeyStore {
|
|
|
612
624
|
}
|
|
613
625
|
await idbPut(STORE_KEY_PAIRS, metadataStoreKey(aid), record);
|
|
614
626
|
}
|
|
627
|
+
// ── RegisterAID pending 身份 ─────────────────────────
|
|
628
|
+
async pendingIdentityDir(aid) {
|
|
629
|
+
const handle = `${pendingIdentityPrefix(aid)}${randomHex(4)}-${Math.floor(Date.now() / 1000)}`;
|
|
630
|
+
const now = Date.now();
|
|
631
|
+
await idbPut(STORE_PENDING_IDENTITIES, handle, {
|
|
632
|
+
aid,
|
|
633
|
+
created_at: now,
|
|
634
|
+
updated_at: now,
|
|
635
|
+
});
|
|
636
|
+
return handle;
|
|
637
|
+
}
|
|
638
|
+
async listPendingIdentityDirs(aid) {
|
|
639
|
+
const prefix = pendingIdentityPrefix(aid);
|
|
640
|
+
const rows = await idbGetAllByPrefix(STORE_PENDING_IDENTITIES, prefix);
|
|
641
|
+
return rows
|
|
642
|
+
.filter((row) => row.key.startsWith(prefix) && isRecord(row.value) && String(row.value.aid ?? '') === aid)
|
|
643
|
+
.sort((a, b) => Number(b.value.updated_at ?? 0) - Number(a.value.updated_at ?? 0))
|
|
644
|
+
.map((row) => row.key);
|
|
645
|
+
}
|
|
646
|
+
async savePendingKeyPair(handle, aid, keyPair) {
|
|
647
|
+
const current = await this._loadPendingRecord(handle, aid);
|
|
648
|
+
if (!current)
|
|
649
|
+
throw new Error(`pending identity not found: ${handle}`);
|
|
650
|
+
const record = deepClone(keyPair);
|
|
651
|
+
const privateKeyPem = record.private_key_pem;
|
|
652
|
+
if (typeof privateKeyPem !== 'string' || !privateKeyPem) {
|
|
653
|
+
throw new Error('savePendingKeyPair requires private_key_pem');
|
|
654
|
+
}
|
|
655
|
+
record._encrypted_pk = await _encryptPEM(privateKeyPem, this._encryptionSeed ?? '');
|
|
656
|
+
delete record.private_key_pem;
|
|
657
|
+
await idbPut(STORE_PENDING_IDENTITIES, handle, {
|
|
658
|
+
...current,
|
|
659
|
+
aid,
|
|
660
|
+
key_pair: record,
|
|
661
|
+
updated_at: Date.now(),
|
|
662
|
+
});
|
|
663
|
+
}
|
|
664
|
+
async loadPendingKeyPair(handle, aid) {
|
|
665
|
+
const current = await this._loadPendingRecord(handle, aid, false);
|
|
666
|
+
if (!current || !isRecord(current.key_pair))
|
|
667
|
+
return null;
|
|
668
|
+
const result = deepClone(current.key_pair);
|
|
669
|
+
const encrypted = result._encrypted_pk;
|
|
670
|
+
if (isRecord(encrypted)) {
|
|
671
|
+
try {
|
|
672
|
+
const envelope = encrypted;
|
|
673
|
+
result.private_key_pem = await _decryptPEM(envelope, this._encryptionSeed ?? '');
|
|
674
|
+
delete result._encrypted_pk;
|
|
675
|
+
return result;
|
|
676
|
+
}
|
|
677
|
+
catch {
|
|
678
|
+
this._log.error(`[keystore] decrypt pending ${aid} private key failed, maybe encryptionSeed mismatch`);
|
|
679
|
+
throw new Error(`pending identity private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
|
|
680
|
+
}
|
|
681
|
+
}
|
|
682
|
+
if (typeof result.private_key_pem === 'string' && result.private_key_pem) {
|
|
683
|
+
// 兼容历史 pending 明文记录:首次加载成功后立即加密回写,避免 pending 私钥继续明文落盘。
|
|
684
|
+
await this.savePendingKeyPair(handle, aid, result);
|
|
685
|
+
return result;
|
|
686
|
+
}
|
|
687
|
+
return result;
|
|
688
|
+
}
|
|
689
|
+
async savePendingCert(handle, certPem) {
|
|
690
|
+
const current = await this._loadPendingRecord(handle, undefined);
|
|
691
|
+
if (!current)
|
|
692
|
+
throw new Error(`pending identity not found: ${handle}`);
|
|
693
|
+
await idbPut(STORE_PENDING_IDENTITIES, handle, {
|
|
694
|
+
...current,
|
|
695
|
+
cert: certPem,
|
|
696
|
+
updated_at: Date.now(),
|
|
697
|
+
});
|
|
698
|
+
}
|
|
699
|
+
async promotePendingIdentity(handle, aid) {
|
|
700
|
+
const current = await this._loadPendingRecord(handle, aid);
|
|
701
|
+
if (!current)
|
|
702
|
+
throw new Error(`pending identity not found: ${handle}`);
|
|
703
|
+
if (!isRecord(current.key_pair)) {
|
|
704
|
+
throw new Error(`promotePendingIdentity: missing pending key pair: ${handle}`);
|
|
705
|
+
}
|
|
706
|
+
const targetKey = metadataStoreKey(aid);
|
|
707
|
+
const [existingKeyPair, existingCert, existingMetadata] = await Promise.all([
|
|
708
|
+
idbGet(STORE_KEY_PAIRS, targetKey),
|
|
709
|
+
idbGet(STORE_CERTS, certStoreKey(aid)),
|
|
710
|
+
idbGet(STORE_METADATA, targetKey),
|
|
711
|
+
]);
|
|
712
|
+
if (existingKeyPair || existingCert || existingMetadata) {
|
|
713
|
+
throw new Error(`promotePendingIdentity: target exists: ${targetKey}`);
|
|
714
|
+
}
|
|
715
|
+
const keyPair = await this._protectedPendingKeyPair(current, aid);
|
|
716
|
+
await idbPut(STORE_KEY_PAIRS, targetKey, keyPair);
|
|
717
|
+
if (typeof current.cert === 'string' && current.cert) {
|
|
718
|
+
await idbPut(STORE_CERTS, certStoreKey(aid), current.cert);
|
|
719
|
+
}
|
|
720
|
+
await idbDelete(STORE_PENDING_IDENTITIES, handle);
|
|
721
|
+
return targetKey;
|
|
722
|
+
}
|
|
723
|
+
async _protectedPendingKeyPair(current, aid) {
|
|
724
|
+
if (!isRecord(current.key_pair)) {
|
|
725
|
+
throw new Error(`pending identity missing key pair for ${aid}`);
|
|
726
|
+
}
|
|
727
|
+
const keyPair = deepClone(current.key_pair);
|
|
728
|
+
const privateKeyPem = keyPair.private_key_pem;
|
|
729
|
+
if (typeof privateKeyPem === 'string' && privateKeyPem) {
|
|
730
|
+
throw new Error(`pending identity private key is plaintext for ${aid}`);
|
|
731
|
+
}
|
|
732
|
+
if (!isRecord(keyPair._encrypted_pk)) {
|
|
733
|
+
throw new Error(`pending identity private key is not encrypted for ${aid}`);
|
|
734
|
+
}
|
|
735
|
+
return keyPair;
|
|
736
|
+
}
|
|
737
|
+
async cleanupPendingDirs(maxAgeMs = 600_000) {
|
|
738
|
+
const rows = await idbGetAll(STORE_PENDING_IDENTITIES);
|
|
739
|
+
const now = Date.now();
|
|
740
|
+
let removed = 0;
|
|
741
|
+
for (const row of rows) {
|
|
742
|
+
if (!isRecord(row.value))
|
|
743
|
+
continue;
|
|
744
|
+
const updatedAt = Number(row.value.updated_at ?? row.value.created_at ?? 0);
|
|
745
|
+
if (updatedAt && now - updatedAt < maxAgeMs)
|
|
746
|
+
continue;
|
|
747
|
+
await idbDelete(STORE_PENDING_IDENTITIES, row.key);
|
|
748
|
+
removed++;
|
|
749
|
+
}
|
|
750
|
+
return removed;
|
|
751
|
+
}
|
|
752
|
+
async discardPendingIdentity(handle) {
|
|
753
|
+
await idbDelete(STORE_PENDING_IDENTITIES, handle);
|
|
754
|
+
}
|
|
615
755
|
// ── 证书 ──────────────────────────────────────────
|
|
616
756
|
async loadCert(aid, certFingerprint) {
|
|
617
757
|
const tStart = Date.now();
|
|
@@ -1015,6 +1155,19 @@ export class IndexedDBKeyStore {
|
|
|
1015
1155
|
});
|
|
1016
1156
|
}
|
|
1017
1157
|
// ── 内部辅助 ─────────────────────────────────────────
|
|
1158
|
+
async _loadPendingRecord(handle, aid, required = true) {
|
|
1159
|
+
const data = await idbGet(STORE_PENDING_IDENTITIES, handle);
|
|
1160
|
+
if (!isRecord(data)) {
|
|
1161
|
+
if (required)
|
|
1162
|
+
throw new Error(`pending identity not found: ${handle}`);
|
|
1163
|
+
return null;
|
|
1164
|
+
}
|
|
1165
|
+
const record = deepClone(data);
|
|
1166
|
+
if (aid !== undefined && String(record.aid ?? '') !== aid) {
|
|
1167
|
+
throw new Error(`pending identity aid mismatch: ${handle}`);
|
|
1168
|
+
}
|
|
1169
|
+
return record;
|
|
1170
|
+
}
|
|
1018
1171
|
async _loadKeyPairUnlocked(aid) {
|
|
1019
1172
|
const data = await idbGet(STORE_KEY_PAIRS, metadataStoreKey(aid));
|
|
1020
1173
|
if (!isRecord(data))
|
|
@@ -1028,18 +1181,14 @@ export class IndexedDBKeyStore {
|
|
|
1028
1181
|
delete result._encrypted_pk;
|
|
1029
1182
|
}
|
|
1030
1183
|
catch {
|
|
1031
|
-
this._log.error(`[keystore] decrypt ${aid} private
|
|
1184
|
+
this._log.error(`[keystore] decrypt ${aid} private key failed, maybe encryptionSeed mismatch`);
|
|
1185
|
+
throw new Error(`private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
|
|
1032
1186
|
}
|
|
1033
1187
|
}
|
|
1034
1188
|
else if (
|
|
1035
1189
|
// 透明迁移:旧版明文数据自动加密回写
|
|
1036
1190
|
!isRecord(result._encrypted_pk) && typeof result.private_key_pem === 'string' && hasEncryptionSeed(this._encryptionSeed)) {
|
|
1037
|
-
|
|
1038
|
-
await this._saveKeyPairUnlocked(aid, result);
|
|
1039
|
-
}
|
|
1040
|
-
catch {
|
|
1041
|
-
// 迁移失败不影响读取
|
|
1042
|
-
}
|
|
1191
|
+
await this._saveKeyPairUnlocked(aid, result);
|
|
1043
1192
|
}
|
|
1044
1193
|
return result;
|
|
1045
1194
|
}
|