@astrox/identity 0.0.24 → 0.0.30
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/cjs/buffer.d.ts +10 -0
- package/lib/cjs/buffer.js +21 -0
- package/lib/cjs/buffer.js.map +1 -0
- package/lib/cjs/identity/delegation.d.ts +131 -0
- package/lib/cjs/identity/delegation.js +244 -0
- package/lib/cjs/identity/delegation.js.map +1 -0
- package/lib/cjs/identity/der.d.ts +35 -0
- package/lib/cjs/identity/der.js +178 -0
- package/lib/cjs/identity/der.js.map +1 -0
- package/lib/cjs/identity/ed25519.d.ts +45 -0
- package/lib/cjs/identity/ed25519.js +134 -0
- package/lib/cjs/identity/ed25519.js.map +1 -0
- package/lib/cjs/identity/secp256k1.d.ts +73 -0
- package/lib/cjs/identity/secp256k1.js +156 -0
- package/lib/cjs/identity/secp256k1.js.map +1 -0
- package/lib/cjs/identity/webauthn.d.ts +40 -0
- package/lib/cjs/identity/webauthn.js +205 -0
- package/lib/cjs/identity/webauthn.js.map +1 -0
- package/lib/cjs/index.d.ts +4 -0
- package/lib/cjs/index.js +18 -0
- package/lib/cjs/index.js.map +1 -0
- package/lib/esm/buffer.d.ts +10 -0
- package/lib/esm/buffer.js +16 -0
- package/lib/esm/buffer.js.map +1 -0
- package/lib/esm/identity/delegation.d.ts +131 -0
- package/lib/esm/identity/delegation.js +219 -0
- package/lib/esm/identity/delegation.js.map +1 -0
- package/lib/esm/identity/der.d.ts +35 -0
- package/lib/esm/identity/der.js +168 -0
- package/lib/esm/identity/der.js.map +1 -0
- package/lib/esm/identity/ed25519.d.ts +45 -0
- package/lib/esm/identity/ed25519.js +110 -0
- package/lib/esm/identity/ed25519.js.map +1 -0
- package/lib/esm/identity/secp256k1.d.ts +73 -0
- package/lib/esm/identity/secp256k1.js +148 -0
- package/lib/esm/identity/secp256k1.js.map +1 -0
- package/lib/esm/identity/webauthn.d.ts +40 -0
- package/lib/esm/identity/webauthn.js +178 -0
- package/lib/esm/identity/webauthn.js.map +1 -0
- package/lib/esm/index.d.ts +4 -0
- package/lib/esm/index.js +5 -0
- package/lib/esm/index.js.map +1 -0
- package/lib/tsconfig-cjs.tsbuildinfo +2451 -0
- package/lib/tsconfig.tsbuildinfo +2441 -0
- package/package.json +20 -2
@@ -0,0 +1,10 @@
|
|
1
|
+
/**
|
2
|
+
* Return an array buffer from its hexadecimal representation.
|
3
|
+
* @param hexString The hexadecimal string.
|
4
|
+
*/
|
5
|
+
export declare function fromHexString(hexString: string): ArrayBuffer;
|
6
|
+
/**
|
7
|
+
* Returns an hexadecimal representation of an array buffer.
|
8
|
+
* @param bytes The array buffer.
|
9
|
+
*/
|
10
|
+
export declare function toHexString(bytes: ArrayBuffer): string;
|
@@ -0,0 +1,21 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.toHexString = exports.fromHexString = void 0;
|
4
|
+
/**
|
5
|
+
* Return an array buffer from its hexadecimal representation.
|
6
|
+
* @param hexString The hexadecimal string.
|
7
|
+
*/
|
8
|
+
function fromHexString(hexString) {
|
9
|
+
var _a;
|
10
|
+
return new Uint8Array(((_a = hexString.match(/.{1,2}/g)) !== null && _a !== void 0 ? _a : []).map(byte => parseInt(byte, 16))).buffer;
|
11
|
+
}
|
12
|
+
exports.fromHexString = fromHexString;
|
13
|
+
/**
|
14
|
+
* Returns an hexadecimal representation of an array buffer.
|
15
|
+
* @param bytes The array buffer.
|
16
|
+
*/
|
17
|
+
function toHexString(bytes) {
|
18
|
+
return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
|
19
|
+
}
|
20
|
+
exports.toHexString = toHexString;
|
21
|
+
//# sourceMappingURL=buffer.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"buffer.js","sourceRoot":"","sources":["../../src/buffer.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,SAAgB,aAAa,CAAC,SAAiB;;IAC7C,OAAO,IAAI,UAAU,CAAC,CAAC,MAAA,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,mCAAI,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AACnG,CAAC;AAFD,sCAEC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,KAAkB;IAC5C,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAFD,kCAEC"}
|
@@ -0,0 +1,131 @@
|
|
1
|
+
import { DerEncodedPublicKey, HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@astrox/agent';
|
2
|
+
import { Principal } from '@astrox/principal';
|
3
|
+
import * as cbor from 'simple-cbor';
|
4
|
+
/**
|
5
|
+
* A single delegation object that is signed by a private key. This is constructed by
|
6
|
+
* `DelegationChain.create()`.
|
7
|
+
*
|
8
|
+
* {@see DelegationChain}
|
9
|
+
*/
|
10
|
+
export declare class Delegation {
|
11
|
+
readonly pubkey: ArrayBuffer;
|
12
|
+
readonly expiration: bigint;
|
13
|
+
readonly targets?: Principal[] | undefined;
|
14
|
+
constructor(pubkey: ArrayBuffer, expiration: bigint, targets?: Principal[] | undefined);
|
15
|
+
toCBOR(): cbor.CborValue;
|
16
|
+
toJSON(): JsonnableDelegation;
|
17
|
+
}
|
18
|
+
/**
|
19
|
+
* Type of ReturnType<Delegation.toJSON>.
|
20
|
+
* The goal here is to stringify all non-JSON-compatible types to some bytes representation we can
|
21
|
+
* stringify as hex.
|
22
|
+
* (Hex shouldn't be ambiguous ever, because you can encode as DER with semantic OIDs).
|
23
|
+
*/
|
24
|
+
interface JsonnableDelegation {
|
25
|
+
expiration: string;
|
26
|
+
pubkey: string;
|
27
|
+
targets?: string[];
|
28
|
+
}
|
29
|
+
/**
|
30
|
+
* A signed delegation, which lends its identity to the public key in the delegation
|
31
|
+
* object. This is constructed by `DelegationChain.create()`.
|
32
|
+
*
|
33
|
+
* {@see DelegationChain}
|
34
|
+
*/
|
35
|
+
export interface SignedDelegation {
|
36
|
+
delegation: Delegation;
|
37
|
+
signature: Signature;
|
38
|
+
}
|
39
|
+
export interface JsonnableDelegationChain {
|
40
|
+
publicKey: string;
|
41
|
+
delegations: Array<{
|
42
|
+
signature: string;
|
43
|
+
delegation: {
|
44
|
+
pubkey: string;
|
45
|
+
expiration: string;
|
46
|
+
targets?: string[];
|
47
|
+
};
|
48
|
+
}>;
|
49
|
+
}
|
50
|
+
/**
|
51
|
+
* A chain of delegations. This is JSON Serializable.
|
52
|
+
* This is the object to serialize and pass to a DelegationIdentity. It does not keep any
|
53
|
+
* private keys.
|
54
|
+
*/
|
55
|
+
export declare class DelegationChain {
|
56
|
+
readonly delegations: SignedDelegation[];
|
57
|
+
readonly publicKey: DerEncodedPublicKey;
|
58
|
+
/**
|
59
|
+
* Create a delegation chain between two (or more) keys. By default, the expiration time
|
60
|
+
* will be very short (15 minutes).
|
61
|
+
*
|
62
|
+
* To build a chain of more than 2 identities, this function needs to be called multiple times,
|
63
|
+
* passing the previous delegation chain into the options argument. For example:
|
64
|
+
*
|
65
|
+
* @example
|
66
|
+
* const rootKey = createKey();
|
67
|
+
* const middleKey = createKey();
|
68
|
+
* const bottomeKey = createKey();
|
69
|
+
*
|
70
|
+
* const rootToMiddle = await DelegationChain.create(
|
71
|
+
* root, middle.getPublicKey(), Date.parse('2100-01-01'),
|
72
|
+
* );
|
73
|
+
* const middleToBottom = await DelegationChain.create(
|
74
|
+
* middle, bottom.getPublicKey(), Date.parse('2100-01-01'), { previous: rootToMiddle },
|
75
|
+
* );
|
76
|
+
*
|
77
|
+
* // We can now use a delegation identity that uses the delegation above:
|
78
|
+
* const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
|
79
|
+
*
|
80
|
+
* @param from The identity that will delegate.
|
81
|
+
* @param to The identity that gets delegated. It can now sign messages as if it was the
|
82
|
+
* identity above.
|
83
|
+
* @param expiration The length the delegation is valid. By default, 15 minutes from calling
|
84
|
+
* this function.
|
85
|
+
* @param options A set of options for this delegation. expiration and previous
|
86
|
+
* @param options.previous - Another DelegationChain that this chain should start with.
|
87
|
+
* @param options.targets - targets that scope the delegation (e.g. Canister Principals)
|
88
|
+
*/
|
89
|
+
static create(from: SignIdentity, to: PublicKey, expiration?: Date, options?: {
|
90
|
+
previous?: DelegationChain;
|
91
|
+
targets?: Principal[];
|
92
|
+
}): Promise<DelegationChain>;
|
93
|
+
/**
|
94
|
+
* Creates a DelegationChain object from a JSON string.
|
95
|
+
*
|
96
|
+
* @param json The JSON string to parse.
|
97
|
+
*/
|
98
|
+
static fromJSON(json: string | JsonnableDelegationChain): DelegationChain;
|
99
|
+
/**
|
100
|
+
* Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
|
101
|
+
*
|
102
|
+
* @param delegations The list of delegations.
|
103
|
+
* @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
|
104
|
+
*/
|
105
|
+
static fromDelegations(delegations: SignedDelegation[], publicKey: DerEncodedPublicKey): DelegationChain;
|
106
|
+
protected constructor(delegations: SignedDelegation[], publicKey: DerEncodedPublicKey);
|
107
|
+
toJSON(): JsonnableDelegationChain;
|
108
|
+
}
|
109
|
+
/**
|
110
|
+
* An Identity that adds delegation to a request. Everywhere in this class, the name
|
111
|
+
* innerKey refers to the SignIdentity that is being used to sign the requests, while
|
112
|
+
* originalKey is the identity that is being borrowed. More identities can be used
|
113
|
+
* in the middle to delegate.
|
114
|
+
*/
|
115
|
+
export declare class DelegationIdentity extends SignIdentity {
|
116
|
+
private _inner;
|
117
|
+
private _delegation;
|
118
|
+
/**
|
119
|
+
* Create a delegation without having access to delegateKey.
|
120
|
+
*
|
121
|
+
* @param key The key used to sign the reqyests.
|
122
|
+
* @param delegation A delegation object created using `createDelegation`.
|
123
|
+
*/
|
124
|
+
static fromDelegation(key: Pick<SignIdentity, 'sign'>, delegation: DelegationChain): DelegationIdentity;
|
125
|
+
protected constructor(_inner: Pick<SignIdentity, 'sign'>, _delegation: DelegationChain);
|
126
|
+
getDelegation(): DelegationChain;
|
127
|
+
getPublicKey(): PublicKey;
|
128
|
+
sign(blob: ArrayBuffer): Promise<Signature>;
|
129
|
+
transformRequest(request: HttpAgentRequest): Promise<unknown>;
|
130
|
+
}
|
131
|
+
export {};
|
@@ -0,0 +1,244 @@
|
|
1
|
+
"use strict";
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
3
|
+
if (k2 === undefined) k2 = k;
|
4
|
+
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
5
|
+
}) : (function(o, m, k, k2) {
|
6
|
+
if (k2 === undefined) k2 = k;
|
7
|
+
o[k2] = m[k];
|
8
|
+
}));
|
9
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
10
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
11
|
+
}) : function(o, v) {
|
12
|
+
o["default"] = v;
|
13
|
+
});
|
14
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
15
|
+
if (mod && mod.__esModule) return mod;
|
16
|
+
var result = {};
|
17
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
18
|
+
__setModuleDefault(result, mod);
|
19
|
+
return result;
|
20
|
+
};
|
21
|
+
var __rest = (this && this.__rest) || function (s, e) {
|
22
|
+
var t = {};
|
23
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
|
24
|
+
t[p] = s[p];
|
25
|
+
if (s != null && typeof Object.getOwnPropertySymbols === "function")
|
26
|
+
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
|
27
|
+
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
|
28
|
+
t[p[i]] = s[p[i]];
|
29
|
+
}
|
30
|
+
return t;
|
31
|
+
};
|
32
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
33
|
+
exports.DelegationIdentity = exports.DelegationChain = exports.Delegation = void 0;
|
34
|
+
const agent_1 = require("@astrox/agent");
|
35
|
+
const principal_1 = require("@astrox/principal");
|
36
|
+
const cbor = __importStar(require("simple-cbor"));
|
37
|
+
const buffer_1 = require("../buffer");
|
38
|
+
const domainSeparator = new TextEncoder().encode('\x1Aic-request-auth-delegation');
|
39
|
+
const requestDomainSeparator = new TextEncoder().encode('\x0Aic-request');
|
40
|
+
function _parseBlob(value) {
|
41
|
+
if (typeof value !== 'string' || value.length < 64) {
|
42
|
+
throw new Error('Invalid public key.');
|
43
|
+
}
|
44
|
+
return buffer_1.fromHexString(value);
|
45
|
+
}
|
46
|
+
/**
|
47
|
+
* A single delegation object that is signed by a private key. This is constructed by
|
48
|
+
* `DelegationChain.create()`.
|
49
|
+
*
|
50
|
+
* {@see DelegationChain}
|
51
|
+
*/
|
52
|
+
class Delegation {
|
53
|
+
constructor(pubkey, expiration, targets) {
|
54
|
+
this.pubkey = pubkey;
|
55
|
+
this.expiration = expiration;
|
56
|
+
this.targets = targets;
|
57
|
+
}
|
58
|
+
toCBOR() {
|
59
|
+
// Expiration field needs to be encoded as a u64 specifically.
|
60
|
+
return cbor.value.map(Object.assign({ pubkey: cbor.value.bytes(this.pubkey), expiration: cbor.value.u64(this.expiration.toString(16), 16) }, (this.targets && {
|
61
|
+
targets: cbor.value.array(this.targets.map(t => cbor.value.bytes(t.toUint8Array()))),
|
62
|
+
})));
|
63
|
+
}
|
64
|
+
toJSON() {
|
65
|
+
// every string should be hex and once-de-hexed,
|
66
|
+
// discoverable what it is (e.g. de-hex to get JSON with a 'type' property, or de-hex to DER
|
67
|
+
// with an OID). After de-hex, if it's not obvious what it is, it's an ArrayBuffer.
|
68
|
+
return Object.assign({ expiration: this.expiration.toString(16), pubkey: buffer_1.toHexString(this.pubkey) }, (this.targets && { targets: this.targets.map(p => p.toHex()) }));
|
69
|
+
}
|
70
|
+
}
|
71
|
+
exports.Delegation = Delegation;
|
72
|
+
/**
|
73
|
+
* Sign a single delegation object for a period of time.
|
74
|
+
*
|
75
|
+
* @param from The identity that lends its delegation.
|
76
|
+
* @param to The identity that receives the delegation.
|
77
|
+
* @param expiration An expiration date for this delegation.
|
78
|
+
* @param targets Limit this delegation to the target principals.
|
79
|
+
*/
|
80
|
+
async function _createSingleDelegation(from, to, expiration, targets) {
|
81
|
+
const delegation = new Delegation(to.toDer(), BigInt(+expiration) * BigInt(1000000), // In nanoseconds.
|
82
|
+
targets);
|
83
|
+
// The signature is calculated by signing the concatenation of the domain separator
|
84
|
+
// and the message.
|
85
|
+
// Note: To ensure Safari treats this as a user gesture, ensure to not use async methods
|
86
|
+
// besides the actualy webauthn functionality (such as `sign`). Safari will de-register
|
87
|
+
// a user gesture if you await an async call thats not fetch, xhr, or setTimeout.
|
88
|
+
const challenge = new Uint8Array([
|
89
|
+
...domainSeparator,
|
90
|
+
...new Uint8Array(agent_1.requestIdOf(delegation)),
|
91
|
+
]);
|
92
|
+
const signature = await from.sign(challenge);
|
93
|
+
return {
|
94
|
+
delegation,
|
95
|
+
signature,
|
96
|
+
};
|
97
|
+
}
|
98
|
+
/**
|
99
|
+
* A chain of delegations. This is JSON Serializable.
|
100
|
+
* This is the object to serialize and pass to a DelegationIdentity. It does not keep any
|
101
|
+
* private keys.
|
102
|
+
*/
|
103
|
+
class DelegationChain {
|
104
|
+
constructor(delegations, publicKey) {
|
105
|
+
this.delegations = delegations;
|
106
|
+
this.publicKey = publicKey;
|
107
|
+
}
|
108
|
+
/**
|
109
|
+
* Create a delegation chain between two (or more) keys. By default, the expiration time
|
110
|
+
* will be very short (15 minutes).
|
111
|
+
*
|
112
|
+
* To build a chain of more than 2 identities, this function needs to be called multiple times,
|
113
|
+
* passing the previous delegation chain into the options argument. For example:
|
114
|
+
*
|
115
|
+
* @example
|
116
|
+
* const rootKey = createKey();
|
117
|
+
* const middleKey = createKey();
|
118
|
+
* const bottomeKey = createKey();
|
119
|
+
*
|
120
|
+
* const rootToMiddle = await DelegationChain.create(
|
121
|
+
* root, middle.getPublicKey(), Date.parse('2100-01-01'),
|
122
|
+
* );
|
123
|
+
* const middleToBottom = await DelegationChain.create(
|
124
|
+
* middle, bottom.getPublicKey(), Date.parse('2100-01-01'), { previous: rootToMiddle },
|
125
|
+
* );
|
126
|
+
*
|
127
|
+
* // We can now use a delegation identity that uses the delegation above:
|
128
|
+
* const identity = DelegationIdentity.fromDelegation(bottomKey, middleToBottom);
|
129
|
+
*
|
130
|
+
* @param from The identity that will delegate.
|
131
|
+
* @param to The identity that gets delegated. It can now sign messages as if it was the
|
132
|
+
* identity above.
|
133
|
+
* @param expiration The length the delegation is valid. By default, 15 minutes from calling
|
134
|
+
* this function.
|
135
|
+
* @param options A set of options for this delegation. expiration and previous
|
136
|
+
* @param options.previous - Another DelegationChain that this chain should start with.
|
137
|
+
* @param options.targets - targets that scope the delegation (e.g. Canister Principals)
|
138
|
+
*/
|
139
|
+
static async create(from, to, expiration = new Date(Date.now() + 15 * 60 * 1000), options = {}) {
|
140
|
+
var _a, _b;
|
141
|
+
const delegation = await _createSingleDelegation(from, to, expiration, options.targets);
|
142
|
+
return new DelegationChain([...(((_a = options.previous) === null || _a === void 0 ? void 0 : _a.delegations) || []), delegation], ((_b = options.previous) === null || _b === void 0 ? void 0 : _b.publicKey) || from.getPublicKey().toDer());
|
143
|
+
}
|
144
|
+
/**
|
145
|
+
* Creates a DelegationChain object from a JSON string.
|
146
|
+
*
|
147
|
+
* @param json The JSON string to parse.
|
148
|
+
*/
|
149
|
+
static fromJSON(json) {
|
150
|
+
const { publicKey, delegations } = typeof json === 'string' ? JSON.parse(json) : json;
|
151
|
+
if (!Array.isArray(delegations)) {
|
152
|
+
throw new Error('Invalid delegations.');
|
153
|
+
}
|
154
|
+
const parsedDelegations = delegations.map(signedDelegation => {
|
155
|
+
const { delegation, signature } = signedDelegation;
|
156
|
+
const { pubkey, expiration, targets } = delegation;
|
157
|
+
if (targets !== undefined && !Array.isArray(targets)) {
|
158
|
+
throw new Error('Invalid targets.');
|
159
|
+
}
|
160
|
+
return {
|
161
|
+
delegation: new Delegation(_parseBlob(pubkey), BigInt(`0x${expiration}`), // expiration in JSON is an hexa string (See toJSON() below).
|
162
|
+
targets &&
|
163
|
+
targets.map((t) => {
|
164
|
+
if (typeof t !== 'string') {
|
165
|
+
throw new Error('Invalid target.');
|
166
|
+
}
|
167
|
+
return principal_1.Principal.fromHex(t);
|
168
|
+
})),
|
169
|
+
signature: _parseBlob(signature),
|
170
|
+
};
|
171
|
+
});
|
172
|
+
return new this(parsedDelegations, _parseBlob(publicKey));
|
173
|
+
}
|
174
|
+
/**
|
175
|
+
* Creates a DelegationChain object from a list of delegations and a DER-encoded public key.
|
176
|
+
*
|
177
|
+
* @param delegations The list of delegations.
|
178
|
+
* @param publicKey The DER-encoded public key of the key-pair signing the first delegation.
|
179
|
+
*/
|
180
|
+
static fromDelegations(delegations, publicKey) {
|
181
|
+
return new this(delegations, publicKey);
|
182
|
+
}
|
183
|
+
toJSON() {
|
184
|
+
return {
|
185
|
+
delegations: this.delegations.map(signedDelegation => {
|
186
|
+
const { delegation, signature } = signedDelegation;
|
187
|
+
const { targets } = delegation;
|
188
|
+
return {
|
189
|
+
delegation: Object.assign({ expiration: delegation.expiration.toString(16), pubkey: buffer_1.toHexString(delegation.pubkey) }, (targets && {
|
190
|
+
targets: targets.map(t => t.toHex()),
|
191
|
+
})),
|
192
|
+
signature: buffer_1.toHexString(signature),
|
193
|
+
};
|
194
|
+
}),
|
195
|
+
publicKey: buffer_1.toHexString(this.publicKey),
|
196
|
+
};
|
197
|
+
}
|
198
|
+
}
|
199
|
+
exports.DelegationChain = DelegationChain;
|
200
|
+
/**
|
201
|
+
* An Identity that adds delegation to a request. Everywhere in this class, the name
|
202
|
+
* innerKey refers to the SignIdentity that is being used to sign the requests, while
|
203
|
+
* originalKey is the identity that is being borrowed. More identities can be used
|
204
|
+
* in the middle to delegate.
|
205
|
+
*/
|
206
|
+
class DelegationIdentity extends agent_1.SignIdentity {
|
207
|
+
constructor(_inner, _delegation) {
|
208
|
+
super();
|
209
|
+
this._inner = _inner;
|
210
|
+
this._delegation = _delegation;
|
211
|
+
}
|
212
|
+
/**
|
213
|
+
* Create a delegation without having access to delegateKey.
|
214
|
+
*
|
215
|
+
* @param key The key used to sign the reqyests.
|
216
|
+
* @param delegation A delegation object created using `createDelegation`.
|
217
|
+
*/
|
218
|
+
static fromDelegation(key, delegation) {
|
219
|
+
return new this(key, delegation);
|
220
|
+
}
|
221
|
+
getDelegation() {
|
222
|
+
return this._delegation;
|
223
|
+
}
|
224
|
+
getPublicKey() {
|
225
|
+
return {
|
226
|
+
toDer: () => this._delegation.publicKey,
|
227
|
+
};
|
228
|
+
}
|
229
|
+
sign(blob) {
|
230
|
+
return this._inner.sign(blob);
|
231
|
+
}
|
232
|
+
async transformRequest(request) {
|
233
|
+
const { body } = request, fields = __rest(request, ["body"]);
|
234
|
+
const requestId = await agent_1.requestIdOf(body);
|
235
|
+
return Object.assign(Object.assign({}, fields), { body: {
|
236
|
+
content: body,
|
237
|
+
sender_sig: await this.sign(new Uint8Array([...requestDomainSeparator, ...new Uint8Array(requestId)])),
|
238
|
+
sender_delegation: this._delegation.delegations,
|
239
|
+
sender_pubkey: this._delegation.publicKey,
|
240
|
+
} });
|
241
|
+
}
|
242
|
+
}
|
243
|
+
exports.DelegationIdentity = DelegationIdentity;
|
244
|
+
//# sourceMappingURL=delegation.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"delegation.js","sourceRoot":"","sources":["../../../src/identity/delegation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAOuB;AACvB,iDAA8C;AAC9C,kDAAoC;AACpC,sCAAuD;AAEvD,MAAM,eAAe,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC;AACnF,MAAM,sBAAsB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;AAE1E,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;KACxC;IAED,OAAO,sBAAa,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAa,UAAU;IACrB,YACkB,MAAmB,EACnB,UAAkB,EAClB,OAAqB;QAFrB,WAAM,GAAN,MAAM,CAAa;QACnB,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAAc;IACpC,CAAC;IAEG,MAAM;QACX,8DAA8D;QAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,iBACnB,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EACrC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IACzD,CAAC,IAAI,CAAC,OAAO,IAAI;YAClB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;SACrF,CAAC,EACF,CAAC;IACL,CAAC;IAEM,MAAM;QACX,gDAAgD;QAChD,4FAA4F;QAC5F,mFAAmF;QACnF,uBACE,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EACxC,MAAM,EAAE,oBAAW,CAAC,IAAI,CAAC,MAAM,CAAC,IAC7B,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC,EAClE;IACJ,CAAC;CACF;AA5BD,gCA4BC;AA4BD;;;;;;;GAOG;AACH,KAAK,UAAU,uBAAuB,CACpC,IAAkB,EAClB,EAAa,EACb,UAAgB,EAChB,OAAqB;IAErB,MAAM,UAAU,GAAe,IAAI,UAAU,CAC3C,EAAE,CAAC,KAAK,EAAE,EACV,MAAM,CAAC,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,kBAAkB;IACzD,OAAO,CACR,CAAC;IACF,mFAAmF;IACnF,mBAAmB;IACnB,wFAAwF;IACxF,uFAAuF;IACvF,iFAAiF;IACjF,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC;QAC/B,GAAG,eAAe;QAClB,GAAG,IAAI,UAAU,CAAC,mBAAW,CAAC,UAAU,CAAC,CAAC;KAC3C,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE7C,OAAO;QACL,UAAU;QACV,SAAS;KACV,CAAC;AACJ,CAAC;AAcD;;;;GAIG;AACH,MAAa,eAAe;IAkG1B,YACkB,WAA+B,EAC/B,SAA8B;QAD9B,gBAAW,GAAX,WAAW,CAAoB;QAC/B,cAAS,GAAT,SAAS,CAAqB;IAC7C,CAAC;IApGJ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CACxB,IAAkB,EAClB,EAAa,EACb,aAAmB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,EACxD,UAGI,EAAE;;QAEN,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,IAAI,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QACxF,OAAO,IAAI,eAAe,CACxB,CAAC,GAAG,CAAC,CAAA,MAAA,OAAO,CAAC,QAAQ,0CAAE,WAAW,KAAI,EAAE,CAAC,EAAE,UAAU,CAAC,EACtD,CAAA,MAAA,OAAO,CAAC,QAAQ,0CAAE,SAAS,KAAI,IAAI,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,QAAQ,CAAC,IAAuC;QAC5D,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACtF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;SACzC;QAED,MAAM,iBAAiB,GAAuB,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;YAC/E,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,gBAAgB,CAAC;YACnD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;YACnD,IAAI,OAAO,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;aACrC;YAED,OAAO;gBACL,UAAU,EAAE,IAAI,UAAU,CACxB,UAAU,CAAC,MAAM,CAAC,EAClB,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC,EAAE,6DAA6D;gBACxF,OAAO;oBACL,OAAO,CAAC,GAAG,CAAC,CAAC,CAAU,EAAE,EAAE;wBACzB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;4BACzB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;yBACpC;wBACD,OAAO,qBAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC9B,CAAC,CAAC,CACL;gBACD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAc;aAC9C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,SAAS,CAAwB,CAAC,CAAC;IACnF,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,eAAe,CAC3B,WAA+B,EAC/B,SAA8B;QAE9B,OAAO,IAAI,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC;IAOM,MAAM;QACX,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE;gBACnD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,gBAAgB,CAAC;gBACnD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;gBAC/B,OAAO;oBACL,UAAU,kBACR,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EAC9C,MAAM,EAAE,oBAAW,CAAC,UAAU,CAAC,MAAM,CAAC,IACnC,CAAC,OAAO,IAAI;wBACb,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC;qBACrC,CAAC,CACH;oBACD,SAAS,EAAE,oBAAW,CAAC,SAAS,CAAC;iBAClC,CAAC;YACJ,CAAC,CAAC;YACF,SAAS,EAAE,oBAAW,CAAC,IAAI,CAAC,SAAS,CAAC;SACvC,CAAC;IACJ,CAAC;CACF;AA1HD,0CA0HC;AAED;;;;;GAKG;AACH,MAAa,kBAAmB,SAAQ,oBAAY;IAclD,YACU,MAAkC,EAClC,WAA4B;QAEpC,KAAK,EAAE,CAAC;QAHA,WAAM,GAAN,MAAM,CAA4B;QAClC,gBAAW,GAAX,WAAW,CAAiB;IAGtC,CAAC;IAlBD;;;;;OAKG;IACI,MAAM,CAAC,cAAc,CAC1B,GAA+B,EAC/B,UAA2B;QAE3B,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACnC,CAAC;IASM,aAAa;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEM,YAAY;QACjB,OAAO;YACL,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS;SACxC,CAAC;IACJ,CAAC;IACM,IAAI,CAAC,IAAiB;QAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAyB;QACrD,MAAM,EAAE,IAAI,KAAgB,OAAO,EAAlB,MAAM,UAAK,OAAO,EAA7B,QAAmB,CAAU,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,mBAAW,CAAC,IAAI,CAAC,CAAC;QAC1C,uCACK,MAAM,KACT,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,MAAM,IAAI,CAAC,IAAI,CACzB,IAAI,UAAU,CAAC,CAAC,GAAG,sBAAsB,EAAE,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAC1E;gBACD,iBAAiB,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW;gBAC/C,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;aAC1C,IACD;IACJ,CAAC;CACF;AAjDD,gDAiDC"}
|
@@ -0,0 +1,35 @@
|
|
1
|
+
export declare const bufEquals: (b1: ArrayBuffer, b2: ArrayBuffer) => boolean;
|
2
|
+
export declare const encodeLenBytes: (len: number) => number;
|
3
|
+
export declare const encodeLen: (buf: Uint8Array, offset: number, len: number) => number;
|
4
|
+
export declare const decodeLenBytes: (buf: Uint8Array, offset: number) => number;
|
5
|
+
export declare const decodeLen: (buf: Uint8Array, offset: number) => number;
|
6
|
+
/**
|
7
|
+
* A DER encoded `SEQUENCE(OID)` for DER-encoded-COSE
|
8
|
+
*/
|
9
|
+
export declare const DER_COSE_OID: Uint8Array;
|
10
|
+
/**
|
11
|
+
* A DER encoded `SEQUENCE(OID)` for the Ed25519 algorithm
|
12
|
+
*/
|
13
|
+
export declare const ED25519_OID: Uint8Array;
|
14
|
+
/**
|
15
|
+
* A DER encoded `SEQUENCE(OID)` for secp256k1 with the ECDSA algorithm
|
16
|
+
*/
|
17
|
+
export declare const SECP256K1_OID: Uint8Array;
|
18
|
+
/**
|
19
|
+
* Wraps the given `payload` in a DER encoding tagged with the given encoded `oid` like so:
|
20
|
+
* `SEQUENCE(oid, BITSTRING(payload))`
|
21
|
+
*
|
22
|
+
* @param payload The payload to encode as the bit string
|
23
|
+
* @param oid The DER encoded (and SEQUENCE wrapped!) OID to tag the payload with
|
24
|
+
*/
|
25
|
+
export declare function wrapDER(payload: ArrayBuffer, oid: Uint8Array): Uint8Array;
|
26
|
+
/**
|
27
|
+
* Extracts a payload from the given `derEncoded` data, and checks that it was tagged with the given `oid`.
|
28
|
+
*
|
29
|
+
* `derEncoded = SEQUENCE(oid, BITSTRING(payload))`
|
30
|
+
*
|
31
|
+
* @param derEncoded The DER encoded and tagged data
|
32
|
+
* @param oid The DER encoded (and SEQUENCE wrapped!) expected OID
|
33
|
+
* @returns The unwrapped payload
|
34
|
+
*/
|
35
|
+
export declare const unwrapDER: (derEncoded: ArrayBuffer, oid: Uint8Array) => Uint8Array;
|
@@ -0,0 +1,178 @@
|
|
1
|
+
"use strict";
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
+
exports.unwrapDER = exports.wrapDER = exports.SECP256K1_OID = exports.ED25519_OID = exports.DER_COSE_OID = exports.decodeLen = exports.decodeLenBytes = exports.encodeLen = exports.encodeLenBytes = exports.bufEquals = void 0;
|
4
|
+
const bufEquals = (b1, b2) => {
|
5
|
+
if (b1.byteLength !== b2.byteLength)
|
6
|
+
return false;
|
7
|
+
const u1 = new Uint8Array(b1);
|
8
|
+
const u2 = new Uint8Array(b2);
|
9
|
+
for (let i = 0; i < u1.length; i++) {
|
10
|
+
if (u1[i] !== u2[i])
|
11
|
+
return false;
|
12
|
+
}
|
13
|
+
return true;
|
14
|
+
};
|
15
|
+
exports.bufEquals = bufEquals;
|
16
|
+
const encodeLenBytes = (len) => {
|
17
|
+
if (len <= 0x7f) {
|
18
|
+
return 1;
|
19
|
+
}
|
20
|
+
else if (len <= 0xff) {
|
21
|
+
return 2;
|
22
|
+
}
|
23
|
+
else if (len <= 0xffff) {
|
24
|
+
return 3;
|
25
|
+
}
|
26
|
+
else if (len <= 0xffffff) {
|
27
|
+
return 4;
|
28
|
+
}
|
29
|
+
else {
|
30
|
+
throw new Error('Length too long (> 4 bytes)');
|
31
|
+
}
|
32
|
+
};
|
33
|
+
exports.encodeLenBytes = encodeLenBytes;
|
34
|
+
const encodeLen = (buf, offset, len) => {
|
35
|
+
if (len <= 0x7f) {
|
36
|
+
buf[offset] = len;
|
37
|
+
return 1;
|
38
|
+
}
|
39
|
+
else if (len <= 0xff) {
|
40
|
+
buf[offset] = 0x81;
|
41
|
+
buf[offset + 1] = len;
|
42
|
+
return 2;
|
43
|
+
}
|
44
|
+
else if (len <= 0xffff) {
|
45
|
+
buf[offset] = 0x82;
|
46
|
+
buf[offset + 1] = len >> 8;
|
47
|
+
buf[offset + 2] = len;
|
48
|
+
return 3;
|
49
|
+
}
|
50
|
+
else if (len <= 0xffffff) {
|
51
|
+
buf[offset] = 0x83;
|
52
|
+
buf[offset + 1] = len >> 16;
|
53
|
+
buf[offset + 2] = len >> 8;
|
54
|
+
buf[offset + 3] = len;
|
55
|
+
return 4;
|
56
|
+
}
|
57
|
+
else {
|
58
|
+
throw new Error('Length too long (> 4 bytes)');
|
59
|
+
}
|
60
|
+
};
|
61
|
+
exports.encodeLen = encodeLen;
|
62
|
+
const decodeLenBytes = (buf, offset) => {
|
63
|
+
if (buf[offset] < 0x80)
|
64
|
+
return 1;
|
65
|
+
if (buf[offset] === 0x80)
|
66
|
+
throw new Error('Invalid length 0');
|
67
|
+
if (buf[offset] === 0x81)
|
68
|
+
return 2;
|
69
|
+
if (buf[offset] === 0x82)
|
70
|
+
return 3;
|
71
|
+
if (buf[offset] === 0x83)
|
72
|
+
return 4;
|
73
|
+
throw new Error('Length too long (> 4 bytes)');
|
74
|
+
};
|
75
|
+
exports.decodeLenBytes = decodeLenBytes;
|
76
|
+
const decodeLen = (buf, offset) => {
|
77
|
+
const lenBytes = exports.decodeLenBytes(buf, offset);
|
78
|
+
if (lenBytes === 1)
|
79
|
+
return buf[offset];
|
80
|
+
else if (lenBytes === 2)
|
81
|
+
return buf[offset + 1];
|
82
|
+
else if (lenBytes === 3)
|
83
|
+
return (buf[offset + 1] << 8) + buf[offset + 2];
|
84
|
+
else if (lenBytes === 4)
|
85
|
+
return (buf[offset + 1] << 16) + (buf[offset + 2] << 8) + buf[offset + 3];
|
86
|
+
throw new Error('Length too long (> 4 bytes)');
|
87
|
+
};
|
88
|
+
exports.decodeLen = decodeLen;
|
89
|
+
/**
|
90
|
+
* A DER encoded `SEQUENCE(OID)` for DER-encoded-COSE
|
91
|
+
*/
|
92
|
+
exports.DER_COSE_OID = Uint8Array.from([
|
93
|
+
...[0x30, 0x0c],
|
94
|
+
...[0x06, 0x0a],
|
95
|
+
...[0x2b, 0x06, 0x01, 0x04, 0x01, 0x83, 0xb8, 0x43, 0x01, 0x01], // DER encoded COSE
|
96
|
+
]);
|
97
|
+
/**
|
98
|
+
* A DER encoded `SEQUENCE(OID)` for the Ed25519 algorithm
|
99
|
+
*/
|
100
|
+
exports.ED25519_OID = Uint8Array.from([
|
101
|
+
...[0x30, 0x05],
|
102
|
+
...[0x06, 0x03],
|
103
|
+
...[0x2b, 0x65, 0x70], // id-Ed25519 OID
|
104
|
+
]);
|
105
|
+
/**
|
106
|
+
* A DER encoded `SEQUENCE(OID)` for secp256k1 with the ECDSA algorithm
|
107
|
+
*/
|
108
|
+
exports.SECP256K1_OID = Uint8Array.from([
|
109
|
+
...[0x30, 0x10],
|
110
|
+
...[0x06, 0x07],
|
111
|
+
...[0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01],
|
112
|
+
...[0x06, 0x05],
|
113
|
+
...[0x2b, 0x81, 0x04, 0x00, 0x0a], // OID secp256k1
|
114
|
+
]);
|
115
|
+
/**
|
116
|
+
* Wraps the given `payload` in a DER encoding tagged with the given encoded `oid` like so:
|
117
|
+
* `SEQUENCE(oid, BITSTRING(payload))`
|
118
|
+
*
|
119
|
+
* @param payload The payload to encode as the bit string
|
120
|
+
* @param oid The DER encoded (and SEQUENCE wrapped!) OID to tag the payload with
|
121
|
+
*/
|
122
|
+
function wrapDER(payload, oid) {
|
123
|
+
// The Bit String header needs to include the unused bit count byte in its length
|
124
|
+
const bitStringHeaderLength = 2 + exports.encodeLenBytes(payload.byteLength + 1);
|
125
|
+
const len = oid.byteLength + bitStringHeaderLength + payload.byteLength;
|
126
|
+
let offset = 0;
|
127
|
+
const buf = new Uint8Array(1 + exports.encodeLenBytes(len) + len);
|
128
|
+
// Sequence
|
129
|
+
buf[offset++] = 0x30;
|
130
|
+
// Sequence Length
|
131
|
+
offset += exports.encodeLen(buf, offset, len);
|
132
|
+
// OID
|
133
|
+
buf.set(oid, offset);
|
134
|
+
offset += oid.byteLength;
|
135
|
+
// Bit String Header
|
136
|
+
buf[offset++] = 0x03;
|
137
|
+
offset += exports.encodeLen(buf, offset, payload.byteLength + 1);
|
138
|
+
// 0 padding
|
139
|
+
buf[offset++] = 0x00;
|
140
|
+
buf.set(new Uint8Array(payload), offset);
|
141
|
+
return buf;
|
142
|
+
}
|
143
|
+
exports.wrapDER = wrapDER;
|
144
|
+
/**
|
145
|
+
* Extracts a payload from the given `derEncoded` data, and checks that it was tagged with the given `oid`.
|
146
|
+
*
|
147
|
+
* `derEncoded = SEQUENCE(oid, BITSTRING(payload))`
|
148
|
+
*
|
149
|
+
* @param derEncoded The DER encoded and tagged data
|
150
|
+
* @param oid The DER encoded (and SEQUENCE wrapped!) expected OID
|
151
|
+
* @returns The unwrapped payload
|
152
|
+
*/
|
153
|
+
const unwrapDER = (derEncoded, oid) => {
|
154
|
+
let offset = 0;
|
155
|
+
const expect = (n, msg) => {
|
156
|
+
if (buf[offset++] !== n) {
|
157
|
+
throw new Error('Expected: ' + msg);
|
158
|
+
}
|
159
|
+
};
|
160
|
+
const buf = new Uint8Array(derEncoded);
|
161
|
+
expect(0x30, 'sequence');
|
162
|
+
offset += exports.decodeLenBytes(buf, offset);
|
163
|
+
if (!exports.bufEquals(buf.slice(offset, offset + oid.byteLength), oid)) {
|
164
|
+
throw new Error('Not the expected OID.');
|
165
|
+
}
|
166
|
+
offset += oid.byteLength;
|
167
|
+
expect(0x03, 'bit string');
|
168
|
+
const payloadLen = exports.decodeLen(buf, offset) - 1; // Subtracting 1 to account for the 0 padding
|
169
|
+
offset += exports.decodeLenBytes(buf, offset);
|
170
|
+
expect(0x00, '0 padding');
|
171
|
+
const result = buf.slice(offset);
|
172
|
+
if (payloadLen !== result.length) {
|
173
|
+
throw new Error(`DER payload mismatch: Expected length ${payloadLen} actual length ${result.length}`);
|
174
|
+
}
|
175
|
+
return result;
|
176
|
+
};
|
177
|
+
exports.unwrapDER = unwrapDER;
|
178
|
+
//# sourceMappingURL=der.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"der.js","sourceRoot":"","sources":["../../../src/identity/der.ts"],"names":[],"mappings":";;;AAAO,MAAM,SAAS,GAAG,CAAC,EAAe,EAAE,EAAe,EAAW,EAAE;IACrE,IAAI,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;KACnC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AARW,QAAA,SAAS,aAQpB;AAEK,MAAM,cAAc,GAAG,CAAC,GAAW,EAAU,EAAE;IACpD,IAAI,GAAG,IAAI,IAAI,EAAE;QACf,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,IAAI,EAAE;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,MAAM,EAAE;QACxB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,QAAQ,EAAE;QAC1B,OAAO,CAAC,CAAC;KACV;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;AACH,CAAC,CAAC;AAZW,QAAA,cAAc,kBAYzB;AAEK,MAAM,SAAS,GAAG,CAAC,GAAe,EAAE,MAAc,EAAE,GAAW,EAAU,EAAE;IAChF,IAAI,GAAG,IAAI,IAAI,EAAE;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;QAClB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,IAAI,EAAE;QACtB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,MAAM,EAAE;QACxB,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAC3B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM,IAAI,GAAG,IAAI,QAAQ,EAAE;QAC1B,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;QAC5B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QAC3B,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;QACtB,OAAO,CAAC,CAAC;KACV;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;AACH,CAAC,CAAC;AAtBW,QAAA,SAAS,aAsBpB;AAEK,MAAM,cAAc,GAAG,CAAC,GAAe,EAAE,MAAc,EAAU,EAAE;IACxE,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI;QAAE,OAAO,CAAC,CAAC;IACjC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC9D,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI;QAAE,OAAO,CAAC,CAAC;IACnC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AACjD,CAAC,CAAC;AAPW,QAAA,cAAc,kBAOzB;AAEK,MAAM,SAAS,GAAG,CAAC,GAAe,EAAE,MAAc,EAAU,EAAE;IACnE,MAAM,QAAQ,GAAG,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;SAClC,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;SAC3C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;SACpE,IAAI,QAAQ,KAAK,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5E,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;AACjD,CAAC,CAAC;AARW,QAAA,SAAS,aAQpB;AAEF;;GAEG;AACU,QAAA,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;IAC1C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,mBAAmB;CACrF,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC;IACzC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,iBAAiB;CACzC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC;IAC3C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC;IAC7C,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;IACf,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,gBAAgB;CACpD,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,SAAgB,OAAO,CAAC,OAAoB,EAAE,GAAe;IAC3D,iFAAiF;IACjF,MAAM,qBAAqB,GAAG,CAAC,GAAG,sBAAc,CAAC,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,GAAG,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC;IACxE,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,sBAAc,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;IAC1D,WAAW;IACX,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,kBAAkB;IAClB,MAAM,IAAI,iBAAS,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IAEtC,MAAM;IACN,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACrB,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;IAEzB,oBAAoB;IACpB,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,MAAM,IAAI,iBAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACzD,YAAY;IACZ,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACrB,GAAG,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAEzC,OAAO,GAAG,CAAC;AACb,CAAC;AAvBD,0BAuBC;AAED;;;;;;;;GAQG;AACI,MAAM,SAAS,GAAG,CAAC,UAAuB,EAAE,GAAe,EAAc,EAAE;IAChF,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE;QACxC,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC;SACrC;IACH,CAAC,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACzB,MAAM,IAAI,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAEtC,IAAI,CAAC,iBAAS,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IACD,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC;IAEzB,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IAC3B,MAAM,UAAU,GAAG,iBAAS,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,6CAA6C;IAC5F,MAAM,IAAI,sBAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,UAAU,KAAK,MAAM,CAAC,MAAM,EAAE;QAChC,MAAM,IAAI,KAAK,CACb,yCAAyC,UAAU,kBAAkB,MAAM,CAAC,MAAM,EAAE,CACrF,CAAC;KACH;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AA5BW,QAAA,SAAS,aA4BpB"}
|