@credo-ts/node 0.6.2-alpha-20260204082017 → 0.6.2-alpha-20260204094529
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/_virtual/{_@oxc-project_runtime@0.99.0 → _@oxc-project_runtime@0.110.0}/helpers/assertClassBrand.mjs +1 -1
- package/build/_virtual/{_@oxc-project_runtime@0.99.0 → _@oxc-project_runtime@0.110.0}/helpers/checkPrivateRedeclaration.mjs +1 -1
- package/build/_virtual/{_@oxc-project_runtime@0.99.0 → _@oxc-project_runtime@0.110.0}/helpers/classPrivateFieldGet2.mjs +1 -1
- package/build/_virtual/{_@oxc-project_runtime@0.99.0 → _@oxc-project_runtime@0.110.0}/helpers/classPrivateFieldInitSpec.mjs +1 -1
- package/build/_virtual/{_@oxc-project_runtime@0.99.0 → _@oxc-project_runtime@0.110.0}/helpers/classPrivateFieldSet2.mjs +1 -1
- package/build/index.d.mts.map +1 -1
- package/build/index.mjs.map +1 -1
- package/build/kms/NodeInMemoryKeyManagementStorage.d.mts.map +1 -1
- package/build/kms/NodeInMemoryKeyManagementStorage.mjs +2 -2
- package/build/kms/NodeKeyManagementService.d.mts.map +1 -1
- package/build/kms/NodeKeyManagementService.mjs +3 -3
- package/build/kms/NodeKeyManagementService.mjs.map +1 -1
- package/build/kms/NodeKeyManagementStorage.d.mts.map +1 -1
- package/build/kms/crypto/createKey.mjs.map +1 -1
- package/build/kms/crypto/decrypt.mjs.map +1 -1
- package/build/kms/crypto/encrypt.mjs.map +1 -1
- package/build/transport/DidCommHttpInboundTransport.d.mts.map +1 -1
- package/build/transport/DidCommHttpInboundTransport.mjs.map +1 -1
- package/build/transport/DidCommWsInboundTransport.d.mts.map +1 -1
- package/package.json +7 -7
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
//#region \0@oxc-project+runtime@0.
|
|
1
|
+
//#region \0@oxc-project+runtime@0.110.0/helpers/assertClassBrand.js
|
|
2
2
|
function _assertClassBrand(e, t, n) {
|
|
3
3
|
if ("function" == typeof e ? e === t : e.has(t)) return arguments.length < 3 ? t : n;
|
|
4
4
|
throw new TypeError("Private element is not present on this object");
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
//#region \0@oxc-project+runtime@0.
|
|
1
|
+
//#region \0@oxc-project+runtime@0.110.0/helpers/checkPrivateRedeclaration.js
|
|
2
2
|
function _checkPrivateRedeclaration(e, t) {
|
|
3
3
|
if (t.has(e)) throw new TypeError("Cannot initialize the same private elements twice on an object");
|
|
4
4
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { _assertClassBrand } from "./assertClassBrand.mjs";
|
|
2
2
|
|
|
3
|
-
//#region \0@oxc-project+runtime@0.
|
|
3
|
+
//#region \0@oxc-project+runtime@0.110.0/helpers/classPrivateFieldGet2.js
|
|
4
4
|
function _classPrivateFieldGet2(s, a) {
|
|
5
5
|
return s.get(_assertClassBrand(s, a));
|
|
6
6
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { _checkPrivateRedeclaration } from "./checkPrivateRedeclaration.mjs";
|
|
2
2
|
|
|
3
|
-
//#region \0@oxc-project+runtime@0.
|
|
3
|
+
//#region \0@oxc-project+runtime@0.110.0/helpers/classPrivateFieldInitSpec.js
|
|
4
4
|
function _classPrivateFieldInitSpec(e, t, a) {
|
|
5
5
|
_checkPrivateRedeclaration(e, t), t.set(e, a);
|
|
6
6
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { _assertClassBrand } from "./assertClassBrand.mjs";
|
|
2
2
|
|
|
3
|
-
//#region \0@oxc-project+runtime@0.
|
|
3
|
+
//#region \0@oxc-project+runtime@0.110.0/helpers/classPrivateFieldSet2.js
|
|
4
4
|
function _classPrivateFieldSet2(s, a, r) {
|
|
5
5
|
return s.set(_assertClassBrand(s, a), r), r;
|
|
6
6
|
}
|
package/build/index.d.mts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.mts","names":[],"sources":["../src/index.ts"],"
|
|
1
|
+
{"version":3,"file":"index.d.mts","names":[],"sources":["../src/index.ts"],"mappings":";;;;;;;;cAaM,iBAAA,EAAmB,iBAAA"}
|
package/build/index.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mjs","names":["
|
|
1
|
+
{"version":3,"file":"index.mjs","names":["WebSocket"],"sources":["../src/index.ts"],"sourcesContent":["import type { AgentDependencies } from '@credo-ts/core'\n\nimport { EventEmitter } from 'events'\nimport { WebSocket } from 'ws'\n\nimport { NodeFileSystem } from './NodeFileSystem'\nimport { DidCommHttpInboundTransport } from './transport/DidCommHttpInboundTransport'\nimport { DidCommWsInboundTransport } from './transport/DidCommWsInboundTransport'\n\nexport { NodeInMemoryKeyManagementStorage } from './kms/NodeInMemoryKeyManagementStorage'\nexport { NodeKeyManagementService } from './kms/NodeKeyManagementService'\nexport type { NodeKeyManagementStorage } from './kms/NodeKeyManagementStorage'\n\nconst agentDependencies: AgentDependencies = {\n FileSystem: NodeFileSystem,\n fetch,\n EventEmitterClass: EventEmitter,\n WebSocketClass: WebSocket,\n}\n\nexport { agentDependencies, DidCommHttpInboundTransport, DidCommWsInboundTransport }\n"],"mappings":";;;;;;;;;AAaA,MAAM,oBAAuC;CAC3C,YAAY;CACZ;CACA,mBAAmB;CACnB,gBAAgBA;CACjB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NodeInMemoryKeyManagementStorage.d.mts","names":[],"sources":["../../src/kms/NodeInMemoryKeyManagementStorage.ts"],"
|
|
1
|
+
{"version":3,"file":"NodeInMemoryKeyManagementStorage.d.mts","names":[],"sources":["../../src/kms/NodeInMemoryKeyManagementStorage.ts"],"mappings":";;;;cAGa,gCAAA,YAA4C,wBAAA;EAAA;EAG1C,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA,WAAa,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAInD,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA;EAIhC,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA,UAAe,GAAA,EAAK,GAAA,CAAI,aAAA;EAIxD,MAAA,CAAO,YAAA,EAAc,YAAA,EAAc,KAAA;EAAA,QAIlC,iBAAA;AAAA"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { _classPrivateFieldInitSpec } from "../_virtual/_@oxc-project_runtime@0.
|
|
2
|
-
import { _classPrivateFieldGet2 } from "../_virtual/_@oxc-project_runtime@0.
|
|
1
|
+
import { _classPrivateFieldInitSpec } from "../_virtual/_@oxc-project_runtime@0.110.0/helpers/classPrivateFieldInitSpec.mjs";
|
|
2
|
+
import { _classPrivateFieldGet2 } from "../_virtual/_@oxc-project_runtime@0.110.0/helpers/classPrivateFieldGet2.mjs";
|
|
3
3
|
|
|
4
4
|
//#region src/kms/NodeInMemoryKeyManagementStorage.ts
|
|
5
5
|
var _storage = /* @__PURE__ */ new WeakMap();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NodeKeyManagementService.d.mts","names":[],"sources":["../../src/kms/NodeKeyManagementService.ts"],"
|
|
1
|
+
{"version":3,"file":"NodeKeyManagementService.d.mts","names":[],"sources":["../../src/kms/NodeKeyManagementService.ts"],"mappings":";;;;cAmBa,wBAAA,YAAoC,GAAA,CAAI,oBAAA;EAAA;WACnC,OAAA;cAIG,OAAA,EAAS,wBAAA;EAIrB,oBAAA,CAAqB,aAAA,EAAe,YAAA,EAAc,SAAA,EAAW,GAAA,CAAI,YAAA;EAmFjE,WAAA,CAAY,aAAA,EAAe,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,qBAAA,GAAwB,GAAA,CAAI,oBAAA;EAI5E,YAAA,CAAa,YAAA,EAAc,YAAA,EAAc,KAAA,WAAgB,OAAA,CAAQ,GAAA,CAAI,YAAA;EAOrE,SAAA,aAAsB,GAAA,CAAI,aAAA,CAAA,CACrC,YAAA,EAAc,YAAA,EACd,OAAA,EAAS,GAAA,CAAI,mBAAA,CAAoB,GAAA,IAChC,OAAA,CAAQ,GAAA,CAAI,kBAAA,CAAmB,GAAA;EAyDrB,SAAA,CAAU,YAAA,EAAc,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,mBAAA,GAAsB,OAAA;EAIzE,SAAA,cAAuB,GAAA,CAAI,gBAAA,CAAA,CACtC,YAAA,EAAc,YAAA,EACd,OAAA,EAAS,GAAA,CAAI,mBAAA,CAAoB,IAAA,IAChC,OAAA,CAAQ,GAAA,CAAI,kBAAA,CAAmB,IAAA;EAuCrB,IAAA,CAAK,YAAA,EAAc,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,cAAA,GAAiB,OAAA,CAAQ,GAAA,CAAI,aAAA;EAwB3E,MAAA,CAAO,YAAA,EAAc,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,gBAAA,GAAmB,OAAA,CAAQ,GAAA,CAAI,eAAA;EA2C/E,OAAA,CAAQ,YAAA,EAAc,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,iBAAA,GAAoB,OAAA,CAAQ,GAAA,CAAI,gBAAA;EA4DjF,OAAA,CAAQ,YAAA,EAAc,YAAA,EAAc,OAAA,EAAS,GAAA,CAAI,iBAAA,GAAoB,OAAA,CAAQ,GAAA,CAAI,gBAAA;EAAA,QAqDhF,cAAA;EAAA,QASA,kBAAA;AAAA"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { _classPrivateFieldInitSpec } from "../_virtual/_@oxc-project_runtime@0.
|
|
2
|
-
import { _classPrivateFieldGet2 } from "../_virtual/_@oxc-project_runtime@0.
|
|
1
|
+
import { _classPrivateFieldInitSpec } from "../_virtual/_@oxc-project_runtime@0.110.0/helpers/classPrivateFieldInitSpec.mjs";
|
|
2
|
+
import { _classPrivateFieldGet2 } from "../_virtual/_@oxc-project_runtime@0.110.0/helpers/classPrivateFieldGet2.mjs";
|
|
3
3
|
import { assertNodeSupportedEcCrv, assertNodeSupportedOctAlgorithm, assertNodeSupportedOkpCrv, createEcKey, createOctKey, createOkpKey, createRsaKey } from "./crypto/createKey.mjs";
|
|
4
4
|
import { nodeSupportedJwaAlgorithm, performSign } from "./crypto/sign.mjs";
|
|
5
5
|
import { performDecrypt } from "./crypto/decrypt.mjs";
|
|
6
6
|
import { deriveDecryptionKey, deriveEncryptionKey, nodeSupportedKeyAgreementAlgorithms } from "./crypto/deriveKey.mjs";
|
|
7
7
|
import { nodeSupportedEncryptionAlgorithms, performEncrypt } from "./crypto/encrypt.mjs";
|
|
8
8
|
import { performVerify } from "./crypto/verify.mjs";
|
|
9
|
-
import { _classPrivateFieldSet2 } from "../_virtual/_@oxc-project_runtime@0.
|
|
9
|
+
import { _classPrivateFieldSet2 } from "../_virtual/_@oxc-project_runtime@0.110.0/helpers/classPrivateFieldSet2.mjs";
|
|
10
10
|
import { Kms, TypedArrayEncoder } from "@credo-ts/core";
|
|
11
11
|
import { createPrivateKey, createSecretKey, randomBytes, randomUUID } from "node:crypto";
|
|
12
12
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NodeKeyManagementService.mjs","names":["jwks: { publicJwk: Kms.KmsJwkPublic; privateJwk: Kms.KmsJwkPrivate }","key: Exclude<Kms.KmsJwkPublic, Kms.KmsJwkPublicOct> | Kms.KmsJwkPrivate","encryptionKey: Kms.KmsJwkPrivate","encryptedKey: Kms.KmsEncryptedKey | undefined","decryptionKey: Kms.KmsJwkPrivate"],"sources":["../../src/kms/NodeKeyManagementService.ts"],"sourcesContent":["import { createPrivateKey, createSecretKey, randomBytes, randomUUID } from 'node:crypto'\nimport type { AgentContext } from '@credo-ts/core'\nimport { Kms, TypedArrayEncoder } from '@credo-ts/core'\nimport {\n assertNodeSupportedEcCrv,\n assertNodeSupportedOctAlgorithm,\n assertNodeSupportedOkpCrv,\n createEcKey,\n createOctKey,\n createOkpKey,\n createRsaKey,\n} from './crypto/createKey'\nimport { performDecrypt } from './crypto/decrypt'\nimport { deriveDecryptionKey, deriveEncryptionKey, nodeSupportedKeyAgreementAlgorithms } from './crypto/deriveKey'\nimport { nodeSupportedEncryptionAlgorithms, performEncrypt } from './crypto/encrypt'\nimport { nodeSupportedJwaAlgorithm, performSign } from './crypto/sign'\nimport { performVerify } from './crypto/verify'\nimport type { NodeKeyManagementStorage } from './NodeKeyManagementStorage'\n\nexport class NodeKeyManagementService implements Kms.KeyManagementService {\n public readonly backend = 'node'\n\n #storage: NodeKeyManagementStorage\n\n public constructor(storage: NodeKeyManagementStorage) {\n this.#storage = storage\n }\n\n public isOperationSupported(_agentContext: AgentContext, operation: Kms.KmsOperation): boolean {\n if (operation.operation === 'deleteKey') return true\n if (operation.operation === 'randomBytes') return true\n\n if (operation.operation === 'createKey') {\n // TODO: probably clean to split the assert methods so we don't need try/catch here\n try {\n if (operation.type.kty === 'RSA') {\n return true\n }\n\n if (operation.type.kty === 'EC') {\n assertNodeSupportedEcCrv(operation.type)\n return true\n }\n\n if (operation.type.kty === 'OKP') {\n assertNodeSupportedOkpCrv(operation.type)\n return true\n }\n\n if (operation.type.kty === 'oct') {\n assertNodeSupportedOctAlgorithm(operation.type)\n return true\n }\n } catch {\n return false\n }\n\n return false\n }\n\n if (operation.operation === 'importKey') {\n try {\n if (operation.privateJwk.kty === 'RSA' || operation.privateJwk.kty === 'oct') {\n return true\n }\n\n if (operation.privateJwk.kty === 'EC') {\n assertNodeSupportedEcCrv({ kty: operation.privateJwk.kty, crv: operation.privateJwk.crv })\n return true\n }\n\n if (operation.privateJwk.kty === 'OKP') {\n assertNodeSupportedOkpCrv({ kty: operation.privateJwk.kty, crv: operation.privateJwk.crv })\n return true\n }\n } catch {\n return false\n }\n }\n\n if (operation.operation === 'sign' || operation.operation === 'verify') {\n return nodeSupportedJwaAlgorithm.includes(operation.algorithm)\n }\n\n if (operation.operation === 'encrypt') {\n const isSupportedEncryptionAlgorithm = nodeSupportedEncryptionAlgorithms.includes(\n operation.encryption.algorithm as (typeof nodeSupportedEncryptionAlgorithms)[number]\n )\n if (!isSupportedEncryptionAlgorithm) return false\n if (!operation.keyAgreement) return true\n\n return nodeSupportedKeyAgreementAlgorithms.includes(\n operation.keyAgreement.algorithm as (typeof nodeSupportedKeyAgreementAlgorithms)[number]\n )\n }\n\n if (operation.operation === 'decrypt') {\n const isSupportedEncryptionAlgorithm = nodeSupportedEncryptionAlgorithms.includes(\n operation.decryption.algorithm as (typeof nodeSupportedEncryptionAlgorithms)[number]\n )\n if (!isSupportedEncryptionAlgorithm) return false\n if (!operation.keyAgreement) return true\n\n return nodeSupportedKeyAgreementAlgorithms.includes(\n operation.keyAgreement.algorithm as (typeof nodeSupportedKeyAgreementAlgorithms)[number]\n )\n }\n\n return false\n }\n\n public randomBytes(_agentContext: AgentContext, options: Kms.KmsRandomBytesOptions): Kms.KmsRandomBytesReturn {\n return randomBytes(options.length)\n }\n\n public async getPublicKey(agentContext: AgentContext, keyId: string): Promise<Kms.KmsJwkPublic | null> {\n const privateJwk = await this.#storage.get(agentContext, keyId)\n if (!privateJwk) return null\n\n return Kms.publicJwkFromPrivateJwk(privateJwk)\n }\n\n public async importKey<Jwk extends Kms.KmsJwkPrivate>(\n agentContext: AgentContext,\n options: Kms.KmsImportKeyOptions<Jwk>\n ): Promise<Kms.KmsImportKeyReturn<Jwk>> {\n const { kid } = options.privateJwk\n\n if (kid) await this.assertKeyNotExists(agentContext, kid)\n\n const privateJwk = {\n ...options.privateJwk,\n kid: kid ?? randomUUID(),\n }\n\n try {\n if (privateJwk.kty === 'oct') {\n // Just check if we can create a secret key instance\n createSecretKey(TypedArrayEncoder.fromBase64(privateJwk.k)).export({ format: 'jwk' })\n } else if (privateJwk.kty === 'EC') {\n assertNodeSupportedEcCrv({ kty: privateJwk.kty, crv: privateJwk.crv })\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else if (privateJwk.kty === 'OKP') {\n assertNodeSupportedOkpCrv({ kty: privateJwk.kty, crv: privateJwk.crv })\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else if (privateJwk.kty === 'RSA') {\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else {\n // All kty values supported for now, but can change in the future\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty '${privateJwk.kty}'`, this.backend)\n }\n\n await this.#storage.set(agentContext, privateJwk.kid, privateJwk)\n const publicJwk = Kms.publicJwkFromPrivateJwk(privateJwk)\n\n return {\n keyId: privateJwk.kid,\n publicJwk: {\n ...publicJwk,\n kid: privateJwk.kid,\n },\n } as Kms.KmsImportKeyReturn<Jwk>\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error importing key', { cause: error })\n }\n }\n\n public async deleteKey(agentContext: AgentContext, options: Kms.KmsDeleteKeyOptions): Promise<boolean> {\n return await this.#storage.delete(agentContext, options.keyId)\n }\n\n public async createKey<Type extends Kms.KmsCreateKeyType>(\n agentContext: AgentContext,\n options: Kms.KmsCreateKeyOptions<Type>\n ): Promise<Kms.KmsCreateKeyReturn<Type>> {\n const { type, keyId } = options\n\n if (keyId) await this.assertKeyNotExists(agentContext, keyId)\n\n try {\n let jwks: { publicJwk: Kms.KmsJwkPublic; privateJwk: Kms.KmsJwkPrivate }\n if (type.kty === 'EC') {\n assertNodeSupportedEcCrv(type)\n jwks = await createEcKey(type)\n } else if (type.kty === 'OKP') {\n assertNodeSupportedOkpCrv(type)\n jwks = await createOkpKey(type)\n } else if (type.kty === 'RSA') {\n jwks = await createRsaKey(type)\n } else if (type.kty === 'oct') {\n assertNodeSupportedOctAlgorithm(type)\n jwks = await createOctKey(type)\n } else {\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty '${type.kty}'`, this.backend)\n }\n\n jwks.privateJwk.kid = keyId ?? randomUUID()\n jwks.publicJwk.kid = jwks.privateJwk.kid\n\n await this.#storage.set(agentContext, jwks.privateJwk.kid, jwks.privateJwk)\n\n return {\n publicJwk: jwks.publicJwk as Kms.KmsCreateKeyReturn<Type>['publicJwk'],\n keyId: jwks.publicJwk.kid,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error creating key', { cause: error })\n }\n }\n\n public async sign(agentContext: AgentContext, options: Kms.KmsSignOptions): Promise<Kms.KmsSignReturn> {\n const { keyId, algorithm, data } = options\n\n // 1. Retrieve the key\n const key = await this.getKeyAsserted(agentContext, keyId)\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedSigningAlgForKey(key, algorithm)\n Kms.assertKeyAllowsSign(key)\n\n // 3. Perform the signing operation\n const signature = await performSign(key, algorithm, data)\n\n return {\n signature,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error signing with key', { cause: error })\n }\n }\n\n public async verify(agentContext: AgentContext, options: Kms.KmsVerifyOptions): Promise<Kms.KmsVerifyReturn> {\n const { algorithm, data, signature } = options\n\n try {\n let key: Exclude<Kms.KmsJwkPublic, Kms.KmsJwkPublicOct> | Kms.KmsJwkPrivate\n if (options.key.keyId) {\n key = await this.getKeyAsserted(agentContext, options.key.keyId)\n } else if (options.key.publicJwk?.kty === 'EC') {\n assertNodeSupportedEcCrv(options.key.publicJwk)\n key = options.key.publicJwk\n } else if (options.key.publicJwk?.kty === 'OKP') {\n assertNodeSupportedOkpCrv(options.key.publicJwk)\n key = options.key.publicJwk\n } else if (options.key.publicJwk?.kty === 'RSA') {\n key = options.key.publicJwk\n } else {\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty ${options.key.kty}`, this.backend)\n }\n\n // 2. Validate alg and use for key\n Kms.assertAllowedSigningAlgForKey(key, algorithm)\n Kms.assertKeyAllowsVerify(key)\n\n // 3. Perform the verify operation\n const verified = await performVerify(key, algorithm, data, signature)\n if (verified) {\n return {\n verified: true,\n publicJwk: Kms.publicJwkFromPrivateJwk(key),\n }\n }\n\n return {\n verified: false,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error verifying with key', { cause: error })\n }\n }\n\n public async encrypt(agentContext: AgentContext, options: Kms.KmsEncryptOptions): Promise<Kms.KmsEncryptReturn> {\n const { data, encryption, key } = options\n\n Kms.assertSupportedEncryptionAlgorithm(encryption, nodeSupportedEncryptionAlgorithms, this.backend)\n\n let encryptionKey: Kms.KmsJwkPrivate\n let encryptedKey: Kms.KmsEncryptedKey | undefined\n\n if (key.keyId) {\n encryptionKey = await this.getKeyAsserted(agentContext, key.keyId)\n } else if (key.privateJwk) {\n encryptionKey = key.privateJwk\n } else if (key.keyAgreement) {\n Kms.assertAllowedKeyDerivationAlgForKey(key.keyAgreement.externalPublicJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(key.keyAgreement.externalPublicJwk)\n Kms.assertSupportedKeyAgreementAlgorithm(key.keyAgreement, nodeSupportedKeyAgreementAlgorithms, this.backend)\n\n const privateJwk = await this.getKeyAsserted(agentContext, key.keyAgreement.keyId)\n Kms.assertJwkAsymmetric(privateJwk, key.keyAgreement.keyId)\n Kms.assertAllowedKeyDerivationAlgForKey(privateJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(privateJwk)\n Kms.assertAsymmetricJwkKeyTypeMatches(privateJwk, key.keyAgreement.externalPublicJwk)\n\n const { contentEncryptionKey, encryptedContentEncryptionKey } = await deriveEncryptionKey({\n keyAgreement: key.keyAgreement,\n encryption,\n privateJwk,\n })\n\n encryptionKey = contentEncryptionKey\n encryptedKey = encryptedContentEncryptionKey\n } else {\n throw new Kms.KeyManagementError('Unexpected key parameter for encrypt')\n }\n\n if (encryptionKey.kty !== 'oct') {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `kty '${encryptionKey.kty} for content encryption'`,\n this.backend\n )\n }\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedEncryptionAlgForKey(encryptionKey, encryption.algorithm)\n Kms.assertKeyAllowsEncrypt(encryptionKey)\n\n // 3. Perform the encryption operation\n const encrypted = await performEncrypt(encryptionKey, options.encryption, data)\n return {\n ...encrypted,\n encryptedKey,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error encrypting', { cause: error })\n }\n }\n\n public async decrypt(agentContext: AgentContext, options: Kms.KmsDecryptOptions): Promise<Kms.KmsDecryptReturn> {\n const { decryption, encrypted, key } = options\n\n Kms.assertSupportedEncryptionAlgorithm(decryption, nodeSupportedEncryptionAlgorithms, this.backend)\n\n let decryptionKey: Kms.KmsJwkPrivate\n if (key.keyId) {\n decryptionKey = await this.getKeyAsserted(agentContext, key.keyId)\n } else if (key.privateJwk) {\n decryptionKey = key.privateJwk\n } else if (key.keyAgreement) {\n Kms.assertSupportedKeyAgreementAlgorithm(key.keyAgreement, nodeSupportedKeyAgreementAlgorithms, this.backend)\n Kms.assertAllowedKeyDerivationAlgForKey(key.keyAgreement.externalPublicJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(key.keyAgreement.externalPublicJwk)\n\n const privateJwk = await this.getKeyAsserted(agentContext, key.keyAgreement.keyId)\n Kms.assertJwkAsymmetric(privateJwk, key.keyAgreement.keyId)\n Kms.assertAllowedKeyDerivationAlgForKey(privateJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(privateJwk)\n Kms.assertAsymmetricJwkKeyTypeMatches(privateJwk, key.keyAgreement.externalPublicJwk)\n\n const { contentEncryptionKey } = await deriveDecryptionKey({\n keyAgreement: key.keyAgreement,\n decryption,\n privateJwk,\n })\n\n decryptionKey = contentEncryptionKey\n } else {\n throw new Kms.KeyManagementError('Unexpected key parameter for decrypt')\n }\n\n if (decryptionKey.kty !== 'oct') {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `kty '${decryptionKey.kty}' for content encryption`,\n this.backend\n )\n }\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedEncryptionAlgForKey(decryptionKey, decryption.algorithm)\n Kms.assertKeyAllowsEncrypt(decryptionKey)\n\n // 3. Perform the decryption operation\n return await performDecrypt(decryptionKey, decryption, encrypted)\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error decrypting', { cause: error })\n }\n }\n\n private async getKeyAsserted(agentContext: AgentContext, keyId: string) {\n const storageKey = await this.#storage.get(agentContext, keyId)\n if (!storageKey) {\n throw new Kms.KeyManagementKeyNotFoundError(keyId, [this.backend])\n }\n\n return storageKey\n }\n\n private async assertKeyNotExists(agentContext: AgentContext, keyId: string) {\n const storageKey = await this.#storage.get(agentContext, keyId)\n\n if (storageKey) {\n throw new Kms.KeyManagementKeyExistsError(keyId, this.backend)\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAmBA,IAAa,2BAAb,MAA0E;CAKxE,AAAO,YAAY,SAAmC;OAJtC,UAAU;;AAKxB,yCAAgB,QAAO;;CAGzB,AAAO,qBAAqB,eAA6B,WAAsC;AAC7F,MAAI,UAAU,cAAc,YAAa,QAAO;AAChD,MAAI,UAAU,cAAc,cAAe,QAAO;AAElD,MAAI,UAAU,cAAc,aAAa;AAEvC,OAAI;AACF,QAAI,UAAU,KAAK,QAAQ,MACzB,QAAO;AAGT,QAAI,UAAU,KAAK,QAAQ,MAAM;AAC/B,8BAAyB,UAAU,KAAK;AACxC,YAAO;;AAGT,QAAI,UAAU,KAAK,QAAQ,OAAO;AAChC,+BAA0B,UAAU,KAAK;AACzC,YAAO;;AAGT,QAAI,UAAU,KAAK,QAAQ,OAAO;AAChC,qCAAgC,UAAU,KAAK;AAC/C,YAAO;;WAEH;AACN,WAAO;;AAGT,UAAO;;AAGT,MAAI,UAAU,cAAc,YAC1B,KAAI;AACF,OAAI,UAAU,WAAW,QAAQ,SAAS,UAAU,WAAW,QAAQ,MACrE,QAAO;AAGT,OAAI,UAAU,WAAW,QAAQ,MAAM;AACrC,6BAAyB;KAAE,KAAK,UAAU,WAAW;KAAK,KAAK,UAAU,WAAW;KAAK,CAAC;AAC1F,WAAO;;AAGT,OAAI,UAAU,WAAW,QAAQ,OAAO;AACtC,8BAA0B;KAAE,KAAK,UAAU,WAAW;KAAK,KAAK,UAAU,WAAW;KAAK,CAAC;AAC3F,WAAO;;UAEH;AACN,UAAO;;AAIX,MAAI,UAAU,cAAc,UAAU,UAAU,cAAc,SAC5D,QAAO,0BAA0B,SAAS,UAAU,UAAU;AAGhE,MAAI,UAAU,cAAc,WAAW;AAIrC,OAAI,CAHmC,kCAAkC,SACvE,UAAU,WAAW,UACtB,CACoC,QAAO;AAC5C,OAAI,CAAC,UAAU,aAAc,QAAO;AAEpC,UAAO,oCAAoC,SACzC,UAAU,aAAa,UACxB;;AAGH,MAAI,UAAU,cAAc,WAAW;AAIrC,OAAI,CAHmC,kCAAkC,SACvE,UAAU,WAAW,UACtB,CACoC,QAAO;AAC5C,OAAI,CAAC,UAAU,aAAc,QAAO;AAEpC,UAAO,oCAAoC,SACzC,UAAU,aAAa,UACxB;;AAGH,SAAO;;CAGT,AAAO,YAAY,eAA6B,SAA8D;AAC5G,SAAO,YAAY,QAAQ,OAAO;;CAGpC,MAAa,aAAa,cAA4B,OAAiD;EACrG,MAAM,aAAa,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM;AAC/D,MAAI,CAAC,WAAY,QAAO;AAExB,SAAO,IAAI,wBAAwB,WAAW;;CAGhD,MAAa,UACX,cACA,SACsC;EACtC,MAAM,EAAE,QAAQ,QAAQ;AAExB,MAAI,IAAK,OAAM,KAAK,mBAAmB,cAAc,IAAI;EAEzD,MAAM,aAAa;GACjB,GAAG,QAAQ;GACX,KAAK,OAAO,YAAY;GACzB;AAED,MAAI;AACF,OAAI,WAAW,QAAQ,MAErB,iBAAgB,kBAAkB,WAAW,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,OAAO,CAAC;YAC5E,WAAW,QAAQ,MAAM;AAClC,6BAAyB;KAAE,KAAK,WAAW;KAAK,KAAK,WAAW;KAAK,CAAC;AAEtE,qBAAiB;KACf,QAAQ;KACR,KAAK;KACN,CAAC;cACO,WAAW,QAAQ,OAAO;AACnC,8BAA0B;KAAE,KAAK,WAAW;KAAK,KAAK,WAAW;KAAK,CAAC;AAEvE,qBAAiB;KACf,QAAQ;KACR,KAAK;KACN,CAAC;cACO,WAAW,QAAQ,MAE5B,kBAAiB;IACf,QAAQ;IACR,KAAK;IACN,CAAC;OAIF,OAAM,IAAI,IAAI,wCAAwC,QAAQ,WAAW,IAAI,IAAI,KAAK,QAAQ;AAGhG,0CAAM,KAAa,CAAC,IAAI,cAAc,WAAW,KAAK,WAAW;GACjE,MAAM,YAAY,IAAI,wBAAwB,WAAW;AAEzD,UAAO;IACL,OAAO,WAAW;IAClB,WAAW;KACT,GAAG;KACH,KAAK,WAAW;KACjB;IACF;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,uBAAuB,EAAE,OAAO,OAAO,CAAC;;;CAI7E,MAAa,UAAU,cAA4B,SAAoD;AACrG,SAAO,uCAAM,KAAa,CAAC,OAAO,cAAc,QAAQ,MAAM;;CAGhE,MAAa,UACX,cACA,SACuC;EACvC,MAAM,EAAE,MAAM,UAAU;AAExB,MAAI,MAAO,OAAM,KAAK,mBAAmB,cAAc,MAAM;AAE7D,MAAI;GACF,IAAIA;AACJ,OAAI,KAAK,QAAQ,MAAM;AACrB,6BAAyB,KAAK;AAC9B,WAAO,MAAM,YAAY,KAAK;cACrB,KAAK,QAAQ,OAAO;AAC7B,8BAA0B,KAAK;AAC/B,WAAO,MAAM,aAAa,KAAK;cACtB,KAAK,QAAQ,MACtB,QAAO,MAAM,aAAa,KAAK;YACtB,KAAK,QAAQ,OAAO;AAC7B,oCAAgC,KAAK;AACrC,WAAO,MAAM,aAAa,KAAK;SAG/B,OAAM,IAAI,IAAI,wCAAwC,QAAQ,KAAK,IAAI,IAAI,KAAK,QAAQ;AAG1F,QAAK,WAAW,MAAM,SAAS,YAAY;AAC3C,QAAK,UAAU,MAAM,KAAK,WAAW;AAErC,0CAAM,KAAa,CAAC,IAAI,cAAc,KAAK,WAAW,KAAK,KAAK,WAAW;AAE3E,UAAO;IACL,WAAW,KAAK;IAChB,OAAO,KAAK,UAAU;IACvB;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,sBAAsB,EAAE,OAAO,OAAO,CAAC;;;CAI5E,MAAa,KAAK,cAA4B,SAAyD;EACrG,MAAM,EAAE,OAAO,WAAW,SAAS;EAGnC,MAAM,MAAM,MAAM,KAAK,eAAe,cAAc,MAAM;AAE1D,MAAI;AAEF,OAAI,8BAA8B,KAAK,UAAU;AACjD,OAAI,oBAAoB,IAAI;AAK5B,UAAO,EACL,WAHgB,MAAM,YAAY,KAAK,WAAW,KAAK,EAIxD;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,0BAA0B,EAAE,OAAO,OAAO,CAAC;;;CAIhF,MAAa,OAAO,cAA4B,SAA6D;EAC3G,MAAM,EAAE,WAAW,MAAM,cAAc;AAEvC,MAAI;GACF,IAAIC;AACJ,OAAI,QAAQ,IAAI,MACd,OAAM,MAAM,KAAK,eAAe,cAAc,QAAQ,IAAI,MAAM;YACvD,QAAQ,IAAI,WAAW,QAAQ,MAAM;AAC9C,6BAAyB,QAAQ,IAAI,UAAU;AAC/C,UAAM,QAAQ,IAAI;cACT,QAAQ,IAAI,WAAW,QAAQ,OAAO;AAC/C,8BAA0B,QAAQ,IAAI,UAAU;AAChD,UAAM,QAAQ,IAAI;cACT,QAAQ,IAAI,WAAW,QAAQ,MACxC,OAAM,QAAQ,IAAI;OAGlB,OAAM,IAAI,IAAI,wCAAwC,OAAO,QAAQ,IAAI,OAAO,KAAK,QAAQ;AAI/F,OAAI,8BAA8B,KAAK,UAAU;AACjD,OAAI,sBAAsB,IAAI;AAI9B,OADiB,MAAM,cAAc,KAAK,WAAW,MAAM,UAAU,CAEnE,QAAO;IACL,UAAU;IACV,WAAW,IAAI,wBAAwB,IAAI;IAC5C;AAGH,UAAO,EACL,UAAU,OACX;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,4BAA4B,EAAE,OAAO,OAAO,CAAC;;;CAIlF,MAAa,QAAQ,cAA4B,SAA+D;EAC9G,MAAM,EAAE,MAAM,YAAY,QAAQ;AAElC,MAAI,mCAAmC,YAAY,mCAAmC,KAAK,QAAQ;EAEnG,IAAIC;EACJ,IAAIC;AAEJ,MAAI,IAAI,MACN,iBAAgB,MAAM,KAAK,eAAe,cAAc,IAAI,MAAM;WACzD,IAAI,WACb,iBAAgB,IAAI;WACX,IAAI,cAAc;AAC3B,OAAI,oCAAoC,IAAI,aAAa,mBAAmB,IAAI,aAAa,UAAU;AACvG,OAAI,sBAAsB,IAAI,aAAa,kBAAkB;AAC7D,OAAI,qCAAqC,IAAI,cAAc,qCAAqC,KAAK,QAAQ;GAE7G,MAAM,aAAa,MAAM,KAAK,eAAe,cAAc,IAAI,aAAa,MAAM;AAClF,OAAI,oBAAoB,YAAY,IAAI,aAAa,MAAM;AAC3D,OAAI,oCAAoC,YAAY,IAAI,aAAa,UAAU;AAC/E,OAAI,sBAAsB,WAAW;AACrC,OAAI,kCAAkC,YAAY,IAAI,aAAa,kBAAkB;GAErF,MAAM,EAAE,sBAAsB,kCAAkC,MAAM,oBAAoB;IACxF,cAAc,IAAI;IAClB;IACA;IACD,CAAC;AAEF,mBAAgB;AAChB,kBAAe;QAEf,OAAM,IAAI,IAAI,mBAAmB,uCAAuC;AAG1E,MAAI,cAAc,QAAQ,MACxB,OAAM,IAAI,IAAI,wCACZ,QAAQ,cAAc,IAAI,2BAC1B,KAAK,QACN;AAGH,MAAI;AAEF,OAAI,iCAAiC,eAAe,WAAW,UAAU;AACzE,OAAI,uBAAuB,cAAc;AAIzC,UAAO;IACL,GAFgB,MAAM,eAAe,eAAe,QAAQ,YAAY,KAAK;IAG7E;IACD;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,oBAAoB,EAAE,OAAO,OAAO,CAAC;;;CAI1E,MAAa,QAAQ,cAA4B,SAA+D;EAC9G,MAAM,EAAE,YAAY,WAAW,QAAQ;AAEvC,MAAI,mCAAmC,YAAY,mCAAmC,KAAK,QAAQ;EAEnG,IAAIC;AACJ,MAAI,IAAI,MACN,iBAAgB,MAAM,KAAK,eAAe,cAAc,IAAI,MAAM;WACzD,IAAI,WACb,iBAAgB,IAAI;WACX,IAAI,cAAc;AAC3B,OAAI,qCAAqC,IAAI,cAAc,qCAAqC,KAAK,QAAQ;AAC7G,OAAI,oCAAoC,IAAI,aAAa,mBAAmB,IAAI,aAAa,UAAU;AACvG,OAAI,sBAAsB,IAAI,aAAa,kBAAkB;GAE7D,MAAM,aAAa,MAAM,KAAK,eAAe,cAAc,IAAI,aAAa,MAAM;AAClF,OAAI,oBAAoB,YAAY,IAAI,aAAa,MAAM;AAC3D,OAAI,oCAAoC,YAAY,IAAI,aAAa,UAAU;AAC/E,OAAI,sBAAsB,WAAW;AACrC,OAAI,kCAAkC,YAAY,IAAI,aAAa,kBAAkB;GAErF,MAAM,EAAE,yBAAyB,MAAM,oBAAoB;IACzD,cAAc,IAAI;IAClB;IACA;IACD,CAAC;AAEF,mBAAgB;QAEhB,OAAM,IAAI,IAAI,mBAAmB,uCAAuC;AAG1E,MAAI,cAAc,QAAQ,MACxB,OAAM,IAAI,IAAI,wCACZ,QAAQ,cAAc,IAAI,2BAC1B,KAAK,QACN;AAGH,MAAI;AAEF,OAAI,iCAAiC,eAAe,WAAW,UAAU;AACzE,OAAI,uBAAuB,cAAc;AAGzC,UAAO,MAAM,eAAe,eAAe,YAAY,UAAU;WAC1D,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,oBAAoB,EAAE,OAAO,OAAO,CAAC;;;CAI1E,MAAc,eAAe,cAA4B,OAAe;EACtE,MAAM,aAAa,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM;AAC/D,MAAI,CAAC,WACH,OAAM,IAAI,IAAI,8BAA8B,OAAO,CAAC,KAAK,QAAQ,CAAC;AAGpE,SAAO;;CAGT,MAAc,mBAAmB,cAA4B,OAAe;AAG1E,MAFmB,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM,CAG7D,OAAM,IAAI,IAAI,4BAA4B,OAAO,KAAK,QAAQ"}
|
|
1
|
+
{"version":3,"file":"NodeKeyManagementService.mjs","names":[],"sources":["../../src/kms/NodeKeyManagementService.ts"],"sourcesContent":["import { createPrivateKey, createSecretKey, randomBytes, randomUUID } from 'node:crypto'\nimport type { AgentContext } from '@credo-ts/core'\nimport { Kms, TypedArrayEncoder } from '@credo-ts/core'\nimport {\n assertNodeSupportedEcCrv,\n assertNodeSupportedOctAlgorithm,\n assertNodeSupportedOkpCrv,\n createEcKey,\n createOctKey,\n createOkpKey,\n createRsaKey,\n} from './crypto/createKey'\nimport { performDecrypt } from './crypto/decrypt'\nimport { deriveDecryptionKey, deriveEncryptionKey, nodeSupportedKeyAgreementAlgorithms } from './crypto/deriveKey'\nimport { nodeSupportedEncryptionAlgorithms, performEncrypt } from './crypto/encrypt'\nimport { nodeSupportedJwaAlgorithm, performSign } from './crypto/sign'\nimport { performVerify } from './crypto/verify'\nimport type { NodeKeyManagementStorage } from './NodeKeyManagementStorage'\n\nexport class NodeKeyManagementService implements Kms.KeyManagementService {\n public readonly backend = 'node'\n\n #storage: NodeKeyManagementStorage\n\n public constructor(storage: NodeKeyManagementStorage) {\n this.#storage = storage\n }\n\n public isOperationSupported(_agentContext: AgentContext, operation: Kms.KmsOperation): boolean {\n if (operation.operation === 'deleteKey') return true\n if (operation.operation === 'randomBytes') return true\n\n if (operation.operation === 'createKey') {\n // TODO: probably clean to split the assert methods so we don't need try/catch here\n try {\n if (operation.type.kty === 'RSA') {\n return true\n }\n\n if (operation.type.kty === 'EC') {\n assertNodeSupportedEcCrv(operation.type)\n return true\n }\n\n if (operation.type.kty === 'OKP') {\n assertNodeSupportedOkpCrv(operation.type)\n return true\n }\n\n if (operation.type.kty === 'oct') {\n assertNodeSupportedOctAlgorithm(operation.type)\n return true\n }\n } catch {\n return false\n }\n\n return false\n }\n\n if (operation.operation === 'importKey') {\n try {\n if (operation.privateJwk.kty === 'RSA' || operation.privateJwk.kty === 'oct') {\n return true\n }\n\n if (operation.privateJwk.kty === 'EC') {\n assertNodeSupportedEcCrv({ kty: operation.privateJwk.kty, crv: operation.privateJwk.crv })\n return true\n }\n\n if (operation.privateJwk.kty === 'OKP') {\n assertNodeSupportedOkpCrv({ kty: operation.privateJwk.kty, crv: operation.privateJwk.crv })\n return true\n }\n } catch {\n return false\n }\n }\n\n if (operation.operation === 'sign' || operation.operation === 'verify') {\n return nodeSupportedJwaAlgorithm.includes(operation.algorithm)\n }\n\n if (operation.operation === 'encrypt') {\n const isSupportedEncryptionAlgorithm = nodeSupportedEncryptionAlgorithms.includes(\n operation.encryption.algorithm as (typeof nodeSupportedEncryptionAlgorithms)[number]\n )\n if (!isSupportedEncryptionAlgorithm) return false\n if (!operation.keyAgreement) return true\n\n return nodeSupportedKeyAgreementAlgorithms.includes(\n operation.keyAgreement.algorithm as (typeof nodeSupportedKeyAgreementAlgorithms)[number]\n )\n }\n\n if (operation.operation === 'decrypt') {\n const isSupportedEncryptionAlgorithm = nodeSupportedEncryptionAlgorithms.includes(\n operation.decryption.algorithm as (typeof nodeSupportedEncryptionAlgorithms)[number]\n )\n if (!isSupportedEncryptionAlgorithm) return false\n if (!operation.keyAgreement) return true\n\n return nodeSupportedKeyAgreementAlgorithms.includes(\n operation.keyAgreement.algorithm as (typeof nodeSupportedKeyAgreementAlgorithms)[number]\n )\n }\n\n return false\n }\n\n public randomBytes(_agentContext: AgentContext, options: Kms.KmsRandomBytesOptions): Kms.KmsRandomBytesReturn {\n return randomBytes(options.length)\n }\n\n public async getPublicKey(agentContext: AgentContext, keyId: string): Promise<Kms.KmsJwkPublic | null> {\n const privateJwk = await this.#storage.get(agentContext, keyId)\n if (!privateJwk) return null\n\n return Kms.publicJwkFromPrivateJwk(privateJwk)\n }\n\n public async importKey<Jwk extends Kms.KmsJwkPrivate>(\n agentContext: AgentContext,\n options: Kms.KmsImportKeyOptions<Jwk>\n ): Promise<Kms.KmsImportKeyReturn<Jwk>> {\n const { kid } = options.privateJwk\n\n if (kid) await this.assertKeyNotExists(agentContext, kid)\n\n const privateJwk = {\n ...options.privateJwk,\n kid: kid ?? randomUUID(),\n }\n\n try {\n if (privateJwk.kty === 'oct') {\n // Just check if we can create a secret key instance\n createSecretKey(TypedArrayEncoder.fromBase64(privateJwk.k)).export({ format: 'jwk' })\n } else if (privateJwk.kty === 'EC') {\n assertNodeSupportedEcCrv({ kty: privateJwk.kty, crv: privateJwk.crv })\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else if (privateJwk.kty === 'OKP') {\n assertNodeSupportedOkpCrv({ kty: privateJwk.kty, crv: privateJwk.crv })\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else if (privateJwk.kty === 'RSA') {\n // This validates the JWK\n createPrivateKey({\n format: 'jwk',\n key: privateJwk,\n })\n } else {\n // All kty values supported for now, but can change in the future\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty '${privateJwk.kty}'`, this.backend)\n }\n\n await this.#storage.set(agentContext, privateJwk.kid, privateJwk)\n const publicJwk = Kms.publicJwkFromPrivateJwk(privateJwk)\n\n return {\n keyId: privateJwk.kid,\n publicJwk: {\n ...publicJwk,\n kid: privateJwk.kid,\n },\n } as Kms.KmsImportKeyReturn<Jwk>\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error importing key', { cause: error })\n }\n }\n\n public async deleteKey(agentContext: AgentContext, options: Kms.KmsDeleteKeyOptions): Promise<boolean> {\n return await this.#storage.delete(agentContext, options.keyId)\n }\n\n public async createKey<Type extends Kms.KmsCreateKeyType>(\n agentContext: AgentContext,\n options: Kms.KmsCreateKeyOptions<Type>\n ): Promise<Kms.KmsCreateKeyReturn<Type>> {\n const { type, keyId } = options\n\n if (keyId) await this.assertKeyNotExists(agentContext, keyId)\n\n try {\n let jwks: { publicJwk: Kms.KmsJwkPublic; privateJwk: Kms.KmsJwkPrivate }\n if (type.kty === 'EC') {\n assertNodeSupportedEcCrv(type)\n jwks = await createEcKey(type)\n } else if (type.kty === 'OKP') {\n assertNodeSupportedOkpCrv(type)\n jwks = await createOkpKey(type)\n } else if (type.kty === 'RSA') {\n jwks = await createRsaKey(type)\n } else if (type.kty === 'oct') {\n assertNodeSupportedOctAlgorithm(type)\n jwks = await createOctKey(type)\n } else {\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty '${type.kty}'`, this.backend)\n }\n\n jwks.privateJwk.kid = keyId ?? randomUUID()\n jwks.publicJwk.kid = jwks.privateJwk.kid\n\n await this.#storage.set(agentContext, jwks.privateJwk.kid, jwks.privateJwk)\n\n return {\n publicJwk: jwks.publicJwk as Kms.KmsCreateKeyReturn<Type>['publicJwk'],\n keyId: jwks.publicJwk.kid,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error creating key', { cause: error })\n }\n }\n\n public async sign(agentContext: AgentContext, options: Kms.KmsSignOptions): Promise<Kms.KmsSignReturn> {\n const { keyId, algorithm, data } = options\n\n // 1. Retrieve the key\n const key = await this.getKeyAsserted(agentContext, keyId)\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedSigningAlgForKey(key, algorithm)\n Kms.assertKeyAllowsSign(key)\n\n // 3. Perform the signing operation\n const signature = await performSign(key, algorithm, data)\n\n return {\n signature,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error signing with key', { cause: error })\n }\n }\n\n public async verify(agentContext: AgentContext, options: Kms.KmsVerifyOptions): Promise<Kms.KmsVerifyReturn> {\n const { algorithm, data, signature } = options\n\n try {\n let key: Exclude<Kms.KmsJwkPublic, Kms.KmsJwkPublicOct> | Kms.KmsJwkPrivate\n if (options.key.keyId) {\n key = await this.getKeyAsserted(agentContext, options.key.keyId)\n } else if (options.key.publicJwk?.kty === 'EC') {\n assertNodeSupportedEcCrv(options.key.publicJwk)\n key = options.key.publicJwk\n } else if (options.key.publicJwk?.kty === 'OKP') {\n assertNodeSupportedOkpCrv(options.key.publicJwk)\n key = options.key.publicJwk\n } else if (options.key.publicJwk?.kty === 'RSA') {\n key = options.key.publicJwk\n } else {\n // @ts-expect-error\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`kty ${options.key.kty}`, this.backend)\n }\n\n // 2. Validate alg and use for key\n Kms.assertAllowedSigningAlgForKey(key, algorithm)\n Kms.assertKeyAllowsVerify(key)\n\n // 3. Perform the verify operation\n const verified = await performVerify(key, algorithm, data, signature)\n if (verified) {\n return {\n verified: true,\n publicJwk: Kms.publicJwkFromPrivateJwk(key),\n }\n }\n\n return {\n verified: false,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error verifying with key', { cause: error })\n }\n }\n\n public async encrypt(agentContext: AgentContext, options: Kms.KmsEncryptOptions): Promise<Kms.KmsEncryptReturn> {\n const { data, encryption, key } = options\n\n Kms.assertSupportedEncryptionAlgorithm(encryption, nodeSupportedEncryptionAlgorithms, this.backend)\n\n let encryptionKey: Kms.KmsJwkPrivate\n let encryptedKey: Kms.KmsEncryptedKey | undefined\n\n if (key.keyId) {\n encryptionKey = await this.getKeyAsserted(agentContext, key.keyId)\n } else if (key.privateJwk) {\n encryptionKey = key.privateJwk\n } else if (key.keyAgreement) {\n Kms.assertAllowedKeyDerivationAlgForKey(key.keyAgreement.externalPublicJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(key.keyAgreement.externalPublicJwk)\n Kms.assertSupportedKeyAgreementAlgorithm(key.keyAgreement, nodeSupportedKeyAgreementAlgorithms, this.backend)\n\n const privateJwk = await this.getKeyAsserted(agentContext, key.keyAgreement.keyId)\n Kms.assertJwkAsymmetric(privateJwk, key.keyAgreement.keyId)\n Kms.assertAllowedKeyDerivationAlgForKey(privateJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(privateJwk)\n Kms.assertAsymmetricJwkKeyTypeMatches(privateJwk, key.keyAgreement.externalPublicJwk)\n\n const { contentEncryptionKey, encryptedContentEncryptionKey } = await deriveEncryptionKey({\n keyAgreement: key.keyAgreement,\n encryption,\n privateJwk,\n })\n\n encryptionKey = contentEncryptionKey\n encryptedKey = encryptedContentEncryptionKey\n } else {\n throw new Kms.KeyManagementError('Unexpected key parameter for encrypt')\n }\n\n if (encryptionKey.kty !== 'oct') {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `kty '${encryptionKey.kty} for content encryption'`,\n this.backend\n )\n }\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedEncryptionAlgForKey(encryptionKey, encryption.algorithm)\n Kms.assertKeyAllowsEncrypt(encryptionKey)\n\n // 3. Perform the encryption operation\n const encrypted = await performEncrypt(encryptionKey, options.encryption, data)\n return {\n ...encrypted,\n encryptedKey,\n }\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error encrypting', { cause: error })\n }\n }\n\n public async decrypt(agentContext: AgentContext, options: Kms.KmsDecryptOptions): Promise<Kms.KmsDecryptReturn> {\n const { decryption, encrypted, key } = options\n\n Kms.assertSupportedEncryptionAlgorithm(decryption, nodeSupportedEncryptionAlgorithms, this.backend)\n\n let decryptionKey: Kms.KmsJwkPrivate\n if (key.keyId) {\n decryptionKey = await this.getKeyAsserted(agentContext, key.keyId)\n } else if (key.privateJwk) {\n decryptionKey = key.privateJwk\n } else if (key.keyAgreement) {\n Kms.assertSupportedKeyAgreementAlgorithm(key.keyAgreement, nodeSupportedKeyAgreementAlgorithms, this.backend)\n Kms.assertAllowedKeyDerivationAlgForKey(key.keyAgreement.externalPublicJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(key.keyAgreement.externalPublicJwk)\n\n const privateJwk = await this.getKeyAsserted(agentContext, key.keyAgreement.keyId)\n Kms.assertJwkAsymmetric(privateJwk, key.keyAgreement.keyId)\n Kms.assertAllowedKeyDerivationAlgForKey(privateJwk, key.keyAgreement.algorithm)\n Kms.assertKeyAllowsDerive(privateJwk)\n Kms.assertAsymmetricJwkKeyTypeMatches(privateJwk, key.keyAgreement.externalPublicJwk)\n\n const { contentEncryptionKey } = await deriveDecryptionKey({\n keyAgreement: key.keyAgreement,\n decryption,\n privateJwk,\n })\n\n decryptionKey = contentEncryptionKey\n } else {\n throw new Kms.KeyManagementError('Unexpected key parameter for decrypt')\n }\n\n if (decryptionKey.kty !== 'oct') {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `kty '${decryptionKey.kty}' for content encryption`,\n this.backend\n )\n }\n\n try {\n // 2. Validate alg and use for key\n Kms.assertAllowedEncryptionAlgForKey(decryptionKey, decryption.algorithm)\n Kms.assertKeyAllowsEncrypt(decryptionKey)\n\n // 3. Perform the decryption operation\n return await performDecrypt(decryptionKey, decryption, encrypted)\n } catch (error) {\n if (error instanceof Kms.KeyManagementError) throw error\n\n throw new Kms.KeyManagementError('Error decrypting', { cause: error })\n }\n }\n\n private async getKeyAsserted(agentContext: AgentContext, keyId: string) {\n const storageKey = await this.#storage.get(agentContext, keyId)\n if (!storageKey) {\n throw new Kms.KeyManagementKeyNotFoundError(keyId, [this.backend])\n }\n\n return storageKey\n }\n\n private async assertKeyNotExists(agentContext: AgentContext, keyId: string) {\n const storageKey = await this.#storage.get(agentContext, keyId)\n\n if (storageKey) {\n throw new Kms.KeyManagementKeyExistsError(keyId, this.backend)\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAmBA,IAAa,2BAAb,MAA0E;CAKxE,AAAO,YAAY,SAAmC;OAJtC,UAAU;;AAKxB,yCAAgB,QAAO;;CAGzB,AAAO,qBAAqB,eAA6B,WAAsC;AAC7F,MAAI,UAAU,cAAc,YAAa,QAAO;AAChD,MAAI,UAAU,cAAc,cAAe,QAAO;AAElD,MAAI,UAAU,cAAc,aAAa;AAEvC,OAAI;AACF,QAAI,UAAU,KAAK,QAAQ,MACzB,QAAO;AAGT,QAAI,UAAU,KAAK,QAAQ,MAAM;AAC/B,8BAAyB,UAAU,KAAK;AACxC,YAAO;;AAGT,QAAI,UAAU,KAAK,QAAQ,OAAO;AAChC,+BAA0B,UAAU,KAAK;AACzC,YAAO;;AAGT,QAAI,UAAU,KAAK,QAAQ,OAAO;AAChC,qCAAgC,UAAU,KAAK;AAC/C,YAAO;;WAEH;AACN,WAAO;;AAGT,UAAO;;AAGT,MAAI,UAAU,cAAc,YAC1B,KAAI;AACF,OAAI,UAAU,WAAW,QAAQ,SAAS,UAAU,WAAW,QAAQ,MACrE,QAAO;AAGT,OAAI,UAAU,WAAW,QAAQ,MAAM;AACrC,6BAAyB;KAAE,KAAK,UAAU,WAAW;KAAK,KAAK,UAAU,WAAW;KAAK,CAAC;AAC1F,WAAO;;AAGT,OAAI,UAAU,WAAW,QAAQ,OAAO;AACtC,8BAA0B;KAAE,KAAK,UAAU,WAAW;KAAK,KAAK,UAAU,WAAW;KAAK,CAAC;AAC3F,WAAO;;UAEH;AACN,UAAO;;AAIX,MAAI,UAAU,cAAc,UAAU,UAAU,cAAc,SAC5D,QAAO,0BAA0B,SAAS,UAAU,UAAU;AAGhE,MAAI,UAAU,cAAc,WAAW;AAIrC,OAAI,CAHmC,kCAAkC,SACvE,UAAU,WAAW,UACtB,CACoC,QAAO;AAC5C,OAAI,CAAC,UAAU,aAAc,QAAO;AAEpC,UAAO,oCAAoC,SACzC,UAAU,aAAa,UACxB;;AAGH,MAAI,UAAU,cAAc,WAAW;AAIrC,OAAI,CAHmC,kCAAkC,SACvE,UAAU,WAAW,UACtB,CACoC,QAAO;AAC5C,OAAI,CAAC,UAAU,aAAc,QAAO;AAEpC,UAAO,oCAAoC,SACzC,UAAU,aAAa,UACxB;;AAGH,SAAO;;CAGT,AAAO,YAAY,eAA6B,SAA8D;AAC5G,SAAO,YAAY,QAAQ,OAAO;;CAGpC,MAAa,aAAa,cAA4B,OAAiD;EACrG,MAAM,aAAa,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM;AAC/D,MAAI,CAAC,WAAY,QAAO;AAExB,SAAO,IAAI,wBAAwB,WAAW;;CAGhD,MAAa,UACX,cACA,SACsC;EACtC,MAAM,EAAE,QAAQ,QAAQ;AAExB,MAAI,IAAK,OAAM,KAAK,mBAAmB,cAAc,IAAI;EAEzD,MAAM,aAAa;GACjB,GAAG,QAAQ;GACX,KAAK,OAAO,YAAY;GACzB;AAED,MAAI;AACF,OAAI,WAAW,QAAQ,MAErB,iBAAgB,kBAAkB,WAAW,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,OAAO,CAAC;YAC5E,WAAW,QAAQ,MAAM;AAClC,6BAAyB;KAAE,KAAK,WAAW;KAAK,KAAK,WAAW;KAAK,CAAC;AAEtE,qBAAiB;KACf,QAAQ;KACR,KAAK;KACN,CAAC;cACO,WAAW,QAAQ,OAAO;AACnC,8BAA0B;KAAE,KAAK,WAAW;KAAK,KAAK,WAAW;KAAK,CAAC;AAEvE,qBAAiB;KACf,QAAQ;KACR,KAAK;KACN,CAAC;cACO,WAAW,QAAQ,MAE5B,kBAAiB;IACf,QAAQ;IACR,KAAK;IACN,CAAC;OAIF,OAAM,IAAI,IAAI,wCAAwC,QAAQ,WAAW,IAAI,IAAI,KAAK,QAAQ;AAGhG,0CAAM,KAAa,CAAC,IAAI,cAAc,WAAW,KAAK,WAAW;GACjE,MAAM,YAAY,IAAI,wBAAwB,WAAW;AAEzD,UAAO;IACL,OAAO,WAAW;IAClB,WAAW;KACT,GAAG;KACH,KAAK,WAAW;KACjB;IACF;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,uBAAuB,EAAE,OAAO,OAAO,CAAC;;;CAI7E,MAAa,UAAU,cAA4B,SAAoD;AACrG,SAAO,uCAAM,KAAa,CAAC,OAAO,cAAc,QAAQ,MAAM;;CAGhE,MAAa,UACX,cACA,SACuC;EACvC,MAAM,EAAE,MAAM,UAAU;AAExB,MAAI,MAAO,OAAM,KAAK,mBAAmB,cAAc,MAAM;AAE7D,MAAI;GACF,IAAI;AACJ,OAAI,KAAK,QAAQ,MAAM;AACrB,6BAAyB,KAAK;AAC9B,WAAO,MAAM,YAAY,KAAK;cACrB,KAAK,QAAQ,OAAO;AAC7B,8BAA0B,KAAK;AAC/B,WAAO,MAAM,aAAa,KAAK;cACtB,KAAK,QAAQ,MACtB,QAAO,MAAM,aAAa,KAAK;YACtB,KAAK,QAAQ,OAAO;AAC7B,oCAAgC,KAAK;AACrC,WAAO,MAAM,aAAa,KAAK;SAG/B,OAAM,IAAI,IAAI,wCAAwC,QAAQ,KAAK,IAAI,IAAI,KAAK,QAAQ;AAG1F,QAAK,WAAW,MAAM,SAAS,YAAY;AAC3C,QAAK,UAAU,MAAM,KAAK,WAAW;AAErC,0CAAM,KAAa,CAAC,IAAI,cAAc,KAAK,WAAW,KAAK,KAAK,WAAW;AAE3E,UAAO;IACL,WAAW,KAAK;IAChB,OAAO,KAAK,UAAU;IACvB;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,sBAAsB,EAAE,OAAO,OAAO,CAAC;;;CAI5E,MAAa,KAAK,cAA4B,SAAyD;EACrG,MAAM,EAAE,OAAO,WAAW,SAAS;EAGnC,MAAM,MAAM,MAAM,KAAK,eAAe,cAAc,MAAM;AAE1D,MAAI;AAEF,OAAI,8BAA8B,KAAK,UAAU;AACjD,OAAI,oBAAoB,IAAI;AAK5B,UAAO,EACL,WAHgB,MAAM,YAAY,KAAK,WAAW,KAAK,EAIxD;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,0BAA0B,EAAE,OAAO,OAAO,CAAC;;;CAIhF,MAAa,OAAO,cAA4B,SAA6D;EAC3G,MAAM,EAAE,WAAW,MAAM,cAAc;AAEvC,MAAI;GACF,IAAI;AACJ,OAAI,QAAQ,IAAI,MACd,OAAM,MAAM,KAAK,eAAe,cAAc,QAAQ,IAAI,MAAM;YACvD,QAAQ,IAAI,WAAW,QAAQ,MAAM;AAC9C,6BAAyB,QAAQ,IAAI,UAAU;AAC/C,UAAM,QAAQ,IAAI;cACT,QAAQ,IAAI,WAAW,QAAQ,OAAO;AAC/C,8BAA0B,QAAQ,IAAI,UAAU;AAChD,UAAM,QAAQ,IAAI;cACT,QAAQ,IAAI,WAAW,QAAQ,MACxC,OAAM,QAAQ,IAAI;OAGlB,OAAM,IAAI,IAAI,wCAAwC,OAAO,QAAQ,IAAI,OAAO,KAAK,QAAQ;AAI/F,OAAI,8BAA8B,KAAK,UAAU;AACjD,OAAI,sBAAsB,IAAI;AAI9B,OADiB,MAAM,cAAc,KAAK,WAAW,MAAM,UAAU,CAEnE,QAAO;IACL,UAAU;IACV,WAAW,IAAI,wBAAwB,IAAI;IAC5C;AAGH,UAAO,EACL,UAAU,OACX;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,4BAA4B,EAAE,OAAO,OAAO,CAAC;;;CAIlF,MAAa,QAAQ,cAA4B,SAA+D;EAC9G,MAAM,EAAE,MAAM,YAAY,QAAQ;AAElC,MAAI,mCAAmC,YAAY,mCAAmC,KAAK,QAAQ;EAEnG,IAAI;EACJ,IAAI;AAEJ,MAAI,IAAI,MACN,iBAAgB,MAAM,KAAK,eAAe,cAAc,IAAI,MAAM;WACzD,IAAI,WACb,iBAAgB,IAAI;WACX,IAAI,cAAc;AAC3B,OAAI,oCAAoC,IAAI,aAAa,mBAAmB,IAAI,aAAa,UAAU;AACvG,OAAI,sBAAsB,IAAI,aAAa,kBAAkB;AAC7D,OAAI,qCAAqC,IAAI,cAAc,qCAAqC,KAAK,QAAQ;GAE7G,MAAM,aAAa,MAAM,KAAK,eAAe,cAAc,IAAI,aAAa,MAAM;AAClF,OAAI,oBAAoB,YAAY,IAAI,aAAa,MAAM;AAC3D,OAAI,oCAAoC,YAAY,IAAI,aAAa,UAAU;AAC/E,OAAI,sBAAsB,WAAW;AACrC,OAAI,kCAAkC,YAAY,IAAI,aAAa,kBAAkB;GAErF,MAAM,EAAE,sBAAsB,kCAAkC,MAAM,oBAAoB;IACxF,cAAc,IAAI;IAClB;IACA;IACD,CAAC;AAEF,mBAAgB;AAChB,kBAAe;QAEf,OAAM,IAAI,IAAI,mBAAmB,uCAAuC;AAG1E,MAAI,cAAc,QAAQ,MACxB,OAAM,IAAI,IAAI,wCACZ,QAAQ,cAAc,IAAI,2BAC1B,KAAK,QACN;AAGH,MAAI;AAEF,OAAI,iCAAiC,eAAe,WAAW,UAAU;AACzE,OAAI,uBAAuB,cAAc;AAIzC,UAAO;IACL,GAFgB,MAAM,eAAe,eAAe,QAAQ,YAAY,KAAK;IAG7E;IACD;WACM,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,oBAAoB,EAAE,OAAO,OAAO,CAAC;;;CAI1E,MAAa,QAAQ,cAA4B,SAA+D;EAC9G,MAAM,EAAE,YAAY,WAAW,QAAQ;AAEvC,MAAI,mCAAmC,YAAY,mCAAmC,KAAK,QAAQ;EAEnG,IAAI;AACJ,MAAI,IAAI,MACN,iBAAgB,MAAM,KAAK,eAAe,cAAc,IAAI,MAAM;WACzD,IAAI,WACb,iBAAgB,IAAI;WACX,IAAI,cAAc;AAC3B,OAAI,qCAAqC,IAAI,cAAc,qCAAqC,KAAK,QAAQ;AAC7G,OAAI,oCAAoC,IAAI,aAAa,mBAAmB,IAAI,aAAa,UAAU;AACvG,OAAI,sBAAsB,IAAI,aAAa,kBAAkB;GAE7D,MAAM,aAAa,MAAM,KAAK,eAAe,cAAc,IAAI,aAAa,MAAM;AAClF,OAAI,oBAAoB,YAAY,IAAI,aAAa,MAAM;AAC3D,OAAI,oCAAoC,YAAY,IAAI,aAAa,UAAU;AAC/E,OAAI,sBAAsB,WAAW;AACrC,OAAI,kCAAkC,YAAY,IAAI,aAAa,kBAAkB;GAErF,MAAM,EAAE,yBAAyB,MAAM,oBAAoB;IACzD,cAAc,IAAI;IAClB;IACA;IACD,CAAC;AAEF,mBAAgB;QAEhB,OAAM,IAAI,IAAI,mBAAmB,uCAAuC;AAG1E,MAAI,cAAc,QAAQ,MACxB,OAAM,IAAI,IAAI,wCACZ,QAAQ,cAAc,IAAI,2BAC1B,KAAK,QACN;AAGH,MAAI;AAEF,OAAI,iCAAiC,eAAe,WAAW,UAAU;AACzE,OAAI,uBAAuB,cAAc;AAGzC,UAAO,MAAM,eAAe,eAAe,YAAY,UAAU;WAC1D,OAAO;AACd,OAAI,iBAAiB,IAAI,mBAAoB,OAAM;AAEnD,SAAM,IAAI,IAAI,mBAAmB,oBAAoB,EAAE,OAAO,OAAO,CAAC;;;CAI1E,MAAc,eAAe,cAA4B,OAAe;EACtE,MAAM,aAAa,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM;AAC/D,MAAI,CAAC,WACH,OAAM,IAAI,IAAI,8BAA8B,OAAO,CAAC,KAAK,QAAQ,CAAC;AAGpE,SAAO;;CAGT,MAAc,mBAAmB,cAA4B,OAAe;AAG1E,MAFmB,uCAAM,KAAa,CAAC,IAAI,cAAc,MAAM,CAG7D,OAAM,IAAI,IAAI,4BAA4B,OAAO,KAAK,QAAQ"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NodeKeyManagementStorage.d.mts","names":[],"sources":["../../src/kms/NodeKeyManagementStorage.ts"],"
|
|
1
|
+
{"version":3,"file":"NodeKeyManagementStorage.d.mts","names":[],"sources":["../../src/kms/NodeKeyManagementStorage.ts"],"mappings":";;;UAEiB,wBAAA;EACf,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA,WAAgB,YAAA,CAAa,GAAA,CAAI,aAAA;EACjE,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA,WAAgB,YAAA;EAGhD,GAAA,CAAI,YAAA,EAAc,YAAA,EAAc,KAAA,UAAe,GAAA,EAAK,GAAA,CAAI,aAAA,GAAgB,YAAA;;;;EAKxE,MAAA,CAAO,YAAA,EAAc,YAAA,EAAc,KAAA,WAAgB,YAAA;AAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"createKey.mjs","names":["generateKeyPair","_generateKeyPair"],"sources":["../../../src/kms/crypto/createKey.ts"],"sourcesContent":["import { generateKeyPair as _generateKeyPair, randomBytes } from 'node:crypto'\nimport { promisify } from 'node:util'\nimport { Kms } from '@credo-ts/core'\n\nconst generateKeyPair = promisify(_generateKeyPair)\n\nconst nodeSupportedEcCrvs = ['P-256', 'P-384', 'P-521', 'secp256k1'] satisfies Kms.KmsJwkPublicEc['crv'][]\nexport type NodeKmsSupportedEcCrvs = (typeof nodeSupportedEcCrvs)[number]\nexport function assertNodeSupportedEcCrv(\n options: Kms.KmsCreateKeyTypeEc\n): asserts options is Kms.KmsCreateKeyTypeEc & { crv: NodeKmsSupportedEcCrvs } {\n if (!nodeSupportedEcCrvs.includes(options.crv as NodeKmsSupportedEcCrvs)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`crv '${options.crv}' for kty '${options.kty}'`, 'node')\n }\n}\n\nexport async function createEcKey({ crv }: Kms.KmsCreateKeyTypeEc & { crv: NodeKmsSupportedEcCrvs }) {\n const { publicKey, privateKey } = await generateKeyPair('ec', {\n namedCurve: crv,\n })\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateEc,\n publicJwk: publicJwk as Kms.KmsJwkPublicEc,\n }\n}\n\nexport async function createRsaKey({ modulusLength }: Kms.KmsCreateKeyTypeRsa) {\n const { publicKey, privateKey } = await generateKeyPair('rsa', {\n modulusLength,\n })\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateRsa,\n publicJwk: publicJwk as Kms.KmsJwkPublicRsa,\n }\n}\n\nconst nodeSupportedOkpCrvs = ['Ed25519', 'X25519'] satisfies Kms.KmsJwkPublicOkp['crv'][]\ntype NodeKmsSupportedOkpCrvs = (typeof nodeSupportedOkpCrvs)[number]\nexport function assertNodeSupportedOkpCrv(\n options: Kms.KmsCreateKeyTypeOkp\n): asserts options is Kms.KmsCreateKeyTypeOkp & { crv: NodeKmsSupportedOkpCrvs } {\n if (!nodeSupportedOkpCrvs.includes(options.crv as NodeKmsSupportedOkpCrvs)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`crv '${options.crv}' for kty '${options.kty}'`, 'node')\n }\n}\n\nexport async function createOkpKey({ crv }: Kms.KmsCreateKeyTypeOkp & { crv: NodeKmsSupportedOkpCrvs }) {\n const { publicKey, privateKey } =\n crv === 'Ed25519' ? await generateKeyPair('ed25519') : await generateKeyPair('x25519')\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateOkp,\n publicJwk: publicJwk as Kms.KmsJwkPublicOkp,\n }\n}\n\nconst nodeSupportedOctAlgorithms = ['aes', 'hmac'] satisfies Kms.KmsCreateKeyTypeOct['algorithm'][]\ntype NodeSupportedOctAlgorithms = (typeof nodeSupportedOctAlgorithms)[number]\nexport function assertNodeSupportedOctAlgorithm(\n options: Kms.KmsCreateKeyTypeOct\n): asserts options is Kms.KmsCreateKeyTypeOct & { algorithm: NodeSupportedOctAlgorithms } {\n if (!nodeSupportedOctAlgorithms.includes(options.algorithm as NodeSupportedOctAlgorithms)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `algorithm '${options.algorithm}' for kty '${options.kty}'`,\n 'node'\n )\n }\n}\n\nexport async function createOctKey(options: Kms.KmsCreateKeyTypeOct & { algorithm: NodeSupportedOctAlgorithms }) {\n const secretBytes = randomBytes(options.length >> 3)\n\n const privateJwk = {\n kty: 'oct',\n k: secretBytes.toString('base64url'),\n }\n\n
|
|
1
|
+
{"version":3,"file":"createKey.mjs","names":["generateKeyPair","_generateKeyPair"],"sources":["../../../src/kms/crypto/createKey.ts"],"sourcesContent":["import { generateKeyPair as _generateKeyPair, randomBytes } from 'node:crypto'\nimport { promisify } from 'node:util'\nimport { Kms } from '@credo-ts/core'\n\nconst generateKeyPair = promisify(_generateKeyPair)\n\nconst nodeSupportedEcCrvs = ['P-256', 'P-384', 'P-521', 'secp256k1'] satisfies Kms.KmsJwkPublicEc['crv'][]\nexport type NodeKmsSupportedEcCrvs = (typeof nodeSupportedEcCrvs)[number]\nexport function assertNodeSupportedEcCrv(\n options: Kms.KmsCreateKeyTypeEc\n): asserts options is Kms.KmsCreateKeyTypeEc & { crv: NodeKmsSupportedEcCrvs } {\n if (!nodeSupportedEcCrvs.includes(options.crv as NodeKmsSupportedEcCrvs)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`crv '${options.crv}' for kty '${options.kty}'`, 'node')\n }\n}\n\nexport async function createEcKey({ crv }: Kms.KmsCreateKeyTypeEc & { crv: NodeKmsSupportedEcCrvs }) {\n const { publicKey, privateKey } = await generateKeyPair('ec', {\n namedCurve: crv,\n })\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateEc,\n publicJwk: publicJwk as Kms.KmsJwkPublicEc,\n }\n}\n\nexport async function createRsaKey({ modulusLength }: Kms.KmsCreateKeyTypeRsa) {\n const { publicKey, privateKey } = await generateKeyPair('rsa', {\n modulusLength,\n })\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateRsa,\n publicJwk: publicJwk as Kms.KmsJwkPublicRsa,\n }\n}\n\nconst nodeSupportedOkpCrvs = ['Ed25519', 'X25519'] satisfies Kms.KmsJwkPublicOkp['crv'][]\ntype NodeKmsSupportedOkpCrvs = (typeof nodeSupportedOkpCrvs)[number]\nexport function assertNodeSupportedOkpCrv(\n options: Kms.KmsCreateKeyTypeOkp\n): asserts options is Kms.KmsCreateKeyTypeOkp & { crv: NodeKmsSupportedOkpCrvs } {\n if (!nodeSupportedOkpCrvs.includes(options.crv as NodeKmsSupportedOkpCrvs)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(`crv '${options.crv}' for kty '${options.kty}'`, 'node')\n }\n}\n\nexport async function createOkpKey({ crv }: Kms.KmsCreateKeyTypeOkp & { crv: NodeKmsSupportedOkpCrvs }) {\n const { publicKey, privateKey } =\n crv === 'Ed25519' ? await generateKeyPair('ed25519') : await generateKeyPair('x25519')\n\n const privateJwk = privateKey.export({\n format: 'jwk',\n })\n\n const publicJwk = publicKey.export({\n format: 'jwk',\n })\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateOkp,\n publicJwk: publicJwk as Kms.KmsJwkPublicOkp,\n }\n}\n\nconst nodeSupportedOctAlgorithms = ['aes', 'hmac'] satisfies Kms.KmsCreateKeyTypeOct['algorithm'][]\ntype NodeSupportedOctAlgorithms = (typeof nodeSupportedOctAlgorithms)[number]\nexport function assertNodeSupportedOctAlgorithm(\n options: Kms.KmsCreateKeyTypeOct\n): asserts options is Kms.KmsCreateKeyTypeOct & { algorithm: NodeSupportedOctAlgorithms } {\n if (!nodeSupportedOctAlgorithms.includes(options.algorithm as NodeSupportedOctAlgorithms)) {\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `algorithm '${options.algorithm}' for kty '${options.kty}'`,\n 'node'\n )\n }\n}\n\nexport async function createOctKey(options: Kms.KmsCreateKeyTypeOct & { algorithm: NodeSupportedOctAlgorithms }) {\n const secretBytes = randomBytes(options.length >> 3)\n\n const privateJwk = {\n kty: 'oct',\n k: secretBytes.toString('base64url'),\n }\n\n const { k, ...publicJwk } = privateJwk\n\n return {\n privateJwk: privateJwk as Kms.KmsJwkPrivateOct,\n publicJwk: publicJwk as Kms.KmsJwkPublicOct,\n }\n}\n"],"mappings":";;;;;AAIA,MAAMA,oBAAkB,UAAUC,gBAAiB;AAEnD,MAAM,sBAAsB;CAAC;CAAS;CAAS;CAAS;CAAY;AAEpE,SAAgB,yBACd,SAC6E;AAC7E,KAAI,CAAC,oBAAoB,SAAS,QAAQ,IAA8B,CACtE,OAAM,IAAI,IAAI,wCAAwC,QAAQ,QAAQ,IAAI,aAAa,QAAQ,IAAI,IAAI,OAAO;;AAIlH,eAAsB,YAAY,EAAE,OAAiE;CACnG,MAAM,EAAE,WAAW,eAAe,MAAMD,kBAAgB,MAAM,EAC5D,YAAY,KACb,CAAC;AAUF,QAAO;EACL,YATiB,WAAW,OAAO,EACnC,QAAQ,OACT,CAAC;EAQA,WANgB,UAAU,OAAO,EACjC,QAAQ,OACT,CAAC;EAKD;;AAGH,eAAsB,aAAa,EAAE,iBAA0C;CAC7E,MAAM,EAAE,WAAW,eAAe,MAAMA,kBAAgB,OAAO,EAC7D,eACD,CAAC;AAUF,QAAO;EACL,YATiB,WAAW,OAAO,EACnC,QAAQ,OACT,CAAC;EAQA,WANgB,UAAU,OAAO,EACjC,QAAQ,OACT,CAAC;EAKD;;AAGH,MAAM,uBAAuB,CAAC,WAAW,SAAS;AAElD,SAAgB,0BACd,SAC+E;AAC/E,KAAI,CAAC,qBAAqB,SAAS,QAAQ,IAA+B,CACxE,OAAM,IAAI,IAAI,wCAAwC,QAAQ,QAAQ,IAAI,aAAa,QAAQ,IAAI,IAAI,OAAO;;AAIlH,eAAsB,aAAa,EAAE,OAAmE;CACtG,MAAM,EAAE,WAAW,eACjB,QAAQ,YAAY,MAAMA,kBAAgB,UAAU,GAAG,MAAMA,kBAAgB,SAAS;AAUxF,QAAO;EACL,YATiB,WAAW,OAAO,EACnC,QAAQ,OACT,CAAC;EAQA,WANgB,UAAU,OAAO,EACjC,QAAQ,OACT,CAAC;EAKD;;AAGH,MAAM,6BAA6B,CAAC,OAAO,OAAO;AAElD,SAAgB,gCACd,SACwF;AACxF,KAAI,CAAC,2BAA2B,SAAS,QAAQ,UAAwC,CACvF,OAAM,IAAI,IAAI,wCACZ,cAAc,QAAQ,UAAU,aAAa,QAAQ,IAAI,IACzD,OACD;;AAIL,eAAsB,aAAa,SAA8E;CAG/G,MAAM,aAAa;EACjB,KAAK;EACL,GAJkB,YAAY,QAAQ,UAAU,EAAE,CAInC,SAAS,YAAY;EACrC;CAED,MAAM,EAAE,GAAG,GAAG,cAAc;AAE5B,QAAO;EACO;EACD;EACZ"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt.mjs","names":[
|
|
1
|
+
{"version":3,"file":"decrypt.mjs","names":[],"sources":["../../../src/kms/crypto/decrypt.ts"],"sourcesContent":["import { Buffer } from 'node:buffer'\nimport type { DecipherGCM } from 'node:crypto'\nimport { createDecipheriv, createSecretKey, timingSafeEqual } from 'node:crypto'\nimport { type AnyUint8Array, Kms, type Uint8ArrayBuffer } from '@credo-ts/core'\n\nimport { performSign } from './sign'\n\nexport async function performDecrypt(\n key: Kms.KmsJwkPrivateOct,\n dataDecryption: Kms.KmsDecryptDataDecryption,\n encrypted: AnyUint8Array\n): Promise<{ data: Uint8ArrayBuffer }> {\n const secretKeyBytes = Buffer.from(key.k, 'base64url')\n const nodeKey = createSecretKey(secretKeyBytes)\n\n // Create decipher with key and IV\n if (dataDecryption.algorithm === 'A128CBC' || dataDecryption.algorithm === 'A256CBC') {\n const nodeAlgorithm = dataDecryption.algorithm === 'A128CBC' ? 'aes-128-cbc' : 'aes-256-cbc'\n\n const decipher = createDecipheriv(nodeAlgorithm, nodeKey, dataDecryption.iv)\n\n // Get decrypted data\n const data = Buffer.concat([decipher.update(encrypted), decipher.final()])\n\n return { data }\n }\n if (\n dataDecryption.algorithm === 'A128GCM' ||\n dataDecryption.algorithm === 'A192GCM' ||\n dataDecryption.algorithm === 'A256GCM'\n ) {\n const nodeAlgorithm =\n dataDecryption.algorithm === 'A128GCM'\n ? 'aes-128-gcm'\n : dataDecryption.algorithm === 'A192GCM'\n ? 'aes-192-gcm'\n : 'aes-256-gcm'\n\n const decipher = createDecipheriv(nodeAlgorithm, nodeKey, dataDecryption.iv)\n\n // Set auth tag before decryption for authenticated modes\n decipher.setAuthTag(dataDecryption.tag)\n\n // If AAD was used during encryption, it must be provided for decryption\n if (dataDecryption.aad) {\n decipher.setAAD(dataDecryption.aad)\n }\n\n // Get decrypted data\n const data = Buffer.concat([decipher.update(encrypted), decipher.final()])\n\n return { data }\n }\n if (\n dataDecryption.algorithm === 'A128CBC-HS256' ||\n dataDecryption.algorithm === 'A192CBC-HS384' ||\n dataDecryption.algorithm === 'A256CBC-HS512'\n ) {\n // Map algorithms to their corresponding CBC and HMAC settings\n const algSettings = {\n 'A128CBC-HS256': { cbcAlg: 'aes-128-cbc', hmacAlg: 'HS256', keySize: 16 } as const,\n 'A192CBC-HS384': { cbcAlg: 'aes-192-cbc', hmacAlg: 'HS384', keySize: 24 } as const,\n 'A256CBC-HS512': { cbcAlg: 'aes-256-cbc', hmacAlg: 'HS512', keySize: 32 } as const,\n }[dataDecryption.algorithm]\n\n // Split the input key into MAC and ENC keys (MAC key is first half, ENC key is second half)\n const macKey = secretKeyBytes.subarray(0, algSettings.keySize)\n const encKey = createSecretKey(secretKeyBytes.subarray(algSettings.keySize))\n\n // Calculate authentication tag for verification\n // AL (Associated Length) is 64-bit big-endian length of AAD in bits\n const al = Buffer.alloc(8)\n const aadLength = dataDecryption.aad ? dataDecryption.aad.length * 8 : 0\n al.writeBigUInt64BE(BigInt(aadLength))\n\n // Create concatenated buffer for MAC verification\n const macData = Buffer.concat([dataDecryption.aad ?? Buffer.alloc(0), dataDecryption.iv, encrypted, al])\n\n // Verify the authentication tag\n const hmac = await performSign({ kty: 'oct', k: macKey.toString('base64url') }, algSettings.hmacAlg, macData)\n const calculatedTag = Buffer.from(hmac).subarray(0, algSettings.keySize) // Truncate to appropriate size\n\n if (!timingSafeEqual(calculatedTag, dataDecryption.tag)) {\n throw new Kms.KeyManagementError(\n `Error during verification of authentication tag with decryption algorithm '${dataDecryption.algorithm}'`\n )\n }\n\n // After verification, perform decryption\n const decipher = createDecipheriv(algSettings.cbcAlg, encKey, dataDecryption.iv)\n const data = Buffer.concat([decipher.update(encrypted), decipher.final()])\n\n return { data }\n }\n if (dataDecryption.algorithm === 'C20P') {\n const decipher: DecipherGCM = createDecipheriv('chacha20-poly1305', nodeKey, dataDecryption.iv, {\n authTagLength: 16,\n })\n\n // Set auth tag before decryption\n decipher.setAuthTag(dataDecryption.tag)\n\n // If AAD was used during encryption, it must be provided for decryption\n if (dataDecryption.aad) {\n decipher.setAAD(dataDecryption.aad)\n }\n\n // Get decrypted data\n const data = Buffer.concat([decipher.update(encrypted), decipher.final()])\n\n return { data }\n }\n\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `JWA content decryption algorithm '${dataDecryption.algorithm}'`,\n 'node'\n )\n}\n"],"mappings":";;;;;;AAOA,eAAsB,eACpB,KACA,gBACA,WACqC;CACrC,MAAM,iBAAiB,OAAO,KAAK,IAAI,GAAG,YAAY;CACtD,MAAM,UAAU,gBAAgB,eAAe;AAG/C,KAAI,eAAe,cAAc,aAAa,eAAe,cAAc,WAAW;EAGpF,MAAM,WAAW,iBAFK,eAAe,cAAc,YAAY,gBAAgB,eAE9B,SAAS,eAAe,GAAG;AAK5E,SAAO,EAAE,MAFI,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,EAE3D;;AAEjB,KACE,eAAe,cAAc,aAC7B,eAAe,cAAc,aAC7B,eAAe,cAAc,WAC7B;EAQA,MAAM,WAAW,iBANf,eAAe,cAAc,YACzB,gBACA,eAAe,cAAc,YAC3B,gBACA,eAEyC,SAAS,eAAe,GAAG;AAG5E,WAAS,WAAW,eAAe,IAAI;AAGvC,MAAI,eAAe,IACjB,UAAS,OAAO,eAAe,IAAI;AAMrC,SAAO,EAAE,MAFI,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,EAE3D;;AAEjB,KACE,eAAe,cAAc,mBAC7B,eAAe,cAAc,mBAC7B,eAAe,cAAc,iBAC7B;EAEA,MAAM,cAAc;GAClB,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GACzE,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GACzE,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GAC1E,CAAC,eAAe;EAGjB,MAAM,SAAS,eAAe,SAAS,GAAG,YAAY,QAAQ;EAC9D,MAAM,SAAS,gBAAgB,eAAe,SAAS,YAAY,QAAQ,CAAC;EAI5E,MAAM,KAAK,OAAO,MAAM,EAAE;EAC1B,MAAM,YAAY,eAAe,MAAM,eAAe,IAAI,SAAS,IAAI;AACvE,KAAG,iBAAiB,OAAO,UAAU,CAAC;EAGtC,MAAM,UAAU,OAAO,OAAO;GAAC,eAAe,OAAO,OAAO,MAAM,EAAE;GAAE,eAAe;GAAI;GAAW;GAAG,CAAC;EAGxG,MAAM,OAAO,MAAM,YAAY;GAAE,KAAK;GAAO,GAAG,OAAO,SAAS,YAAY;GAAE,EAAE,YAAY,SAAS,QAAQ;AAG7G,MAAI,CAAC,gBAFiB,OAAO,KAAK,KAAK,CAAC,SAAS,GAAG,YAAY,QAAQ,EAEpC,eAAe,IAAI,CACrD,OAAM,IAAI,IAAI,mBACZ,8EAA8E,eAAe,UAAU,GACxG;EAIH,MAAM,WAAW,iBAAiB,YAAY,QAAQ,QAAQ,eAAe,GAAG;AAGhF,SAAO,EAAE,MAFI,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,EAE3D;;AAEjB,KAAI,eAAe,cAAc,QAAQ;EACvC,MAAM,WAAwB,iBAAiB,qBAAqB,SAAS,eAAe,IAAI,EAC9F,eAAe,IAChB,CAAC;AAGF,WAAS,WAAW,eAAe,IAAI;AAGvC,MAAI,eAAe,IACjB,UAAS,OAAO,eAAe,IAAI;AAMrC,SAAO,EAAE,MAFI,OAAO,OAAO,CAAC,SAAS,OAAO,UAAU,EAAE,SAAS,OAAO,CAAC,CAAC,EAE3D;;AAGjB,OAAM,IAAI,IAAI,wCACZ,qCAAqC,eAAe,UAAU,IAC9D,OACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encrypt.mjs","names":[
|
|
1
|
+
{"version":3,"file":"encrypt.mjs","names":[],"sources":["../../../src/kms/crypto/encrypt.ts"],"sourcesContent":["import { Buffer } from 'node:buffer'\nimport type { CipherGCM } from 'node:crypto'\nimport { createCipheriv, createSecretKey, randomBytes } from 'node:crypto'\nimport { type AnyUint8Array, Kms, type Uint8ArrayBuffer } from '@credo-ts/core'\n\nimport { performSign } from './sign'\n\nexport const nodeSupportedEncryptionAlgorithms = [\n 'A128CBC',\n 'A256CBC',\n 'A128CBC-HS256',\n 'A192CBC-HS384',\n 'A256CBC-HS512',\n 'A128GCM',\n 'A192GCM',\n 'A256GCM',\n 'C20P',\n] as const satisfies Kms.KnownJwaContentEncryptionAlgorithm[]\n\nexport async function performEncrypt(\n key: Kms.KmsJwkPrivateOct,\n dataEncryption: Kms.KmsEncryptDataEncryption,\n data: AnyUint8Array\n): Promise<{ encrypted: Uint8ArrayBuffer; tag?: Uint8ArrayBuffer; iv: AnyUint8Array }> {\n const secretKeyBytes = Buffer.from(key.k, 'base64url')\n const nodeKey = createSecretKey(secretKeyBytes)\n\n // Create cipher with key and IV\n if (dataEncryption.algorithm === 'A128CBC' || dataEncryption.algorithm === 'A256CBC') {\n const nodeAlgorithm = dataEncryption.algorithm === 'A128CBC' ? 'aes-128-cbc' : 'aes-256-cbc'\n\n // IV should be exactly 16 bytes (128 bits) for CBC mode\n const iv = dataEncryption.iv ?? randomBytes(16)\n\n const cipher = createCipheriv(nodeAlgorithm, nodeKey, iv)\n\n // Get encrypted data\n const encrypted = Buffer.concat([cipher.update(data), cipher.final()])\n\n return { encrypted, iv }\n }\n if (\n dataEncryption.algorithm === 'A128CBC-HS256' ||\n dataEncryption.algorithm === 'A192CBC-HS384' ||\n dataEncryption.algorithm === 'A256CBC-HS512'\n ) {\n // Map algorithms to their corresponding CBC and HMAC settings\n const algSettings = {\n 'A128CBC-HS256': { cbcAlg: 'aes-128-cbc', hmacAlg: 'HS256', keySize: 16 } as const,\n 'A192CBC-HS384': { cbcAlg: 'aes-192-cbc', hmacAlg: 'HS384', keySize: 24 } as const,\n 'A256CBC-HS512': { cbcAlg: 'aes-256-cbc', hmacAlg: 'HS512', keySize: 32 } as const,\n }[dataEncryption.algorithm]\n\n // IV should be exactly 16 bytes (128 bits) for CBC mode\n const iv = dataEncryption.iv ?? randomBytes(16)\n\n // Split the input key into MAC and ENC keys (MAC key is first half, ENC key is second half)\n const macKey = secretKeyBytes.subarray(0, algSettings.keySize)\n const encKey = createSecretKey(secretKeyBytes.subarray(algSettings.keySize))\n\n // Perform encryption\n const cipher = createCipheriv(algSettings.cbcAlg, encKey, iv)\n const encrypted = Buffer.concat([cipher.update(data), cipher.final()])\n\n // Calculate authentication tag\n // AL (Associated Length) is 64-bit big-endian length of AAD in bits\n const al = Buffer.alloc(8)\n const aadLength = dataEncryption.aad ? dataEncryption.aad.length * 8 : 0\n al.writeBigUInt64BE(BigInt(aadLength))\n\n // Create concatenated buffer for MAC calculation\n const macData = Buffer.concat([\n // If AAD exists, include it first, otherwise empty buffer\n dataEncryption.aad ?? Buffer.alloc(0),\n iv, // Initial Vector\n encrypted, // Ciphertext\n al, // Associated Length (AL)\n ])\n\n const hmac = await performSign({ kty: 'oct', k: macKey.toString('base64url') }, algSettings.hmacAlg, macData)\n const tag = Buffer.from(hmac).subarray(0, algSettings.keySize) // Truncate to appropriate size\n\n return { encrypted, tag, iv }\n }\n if (\n dataEncryption.algorithm === 'A128GCM' ||\n dataEncryption.algorithm === 'A192GCM' ||\n dataEncryption.algorithm === 'A256GCM'\n ) {\n const nodeAlgorithm =\n dataEncryption.algorithm === 'A128GCM'\n ? 'aes-128-gcm'\n : dataEncryption.algorithm === 'A192GCM'\n ? 'aes-192-gcm'\n : 'aes-256-gcm'\n\n // IV should be exactly 12 bytes (96 bits) for GCM\n const iv = dataEncryption.iv ?? randomBytes(12)\n\n const cipher = createCipheriv(nodeAlgorithm, nodeKey, iv)\n\n // If AAD is provided, update the cipher with it before encryption\n if (dataEncryption.aad) {\n cipher.setAAD(dataEncryption.aad)\n }\n\n // Get encrypted data\n const encrypted = Buffer.concat([cipher.update(data), cipher.final()])\n\n // Get auth tag - must be saved to verify decryption\n const tag = cipher.getAuthTag() as Uint8ArrayBuffer\n\n return {\n encrypted,\n tag,\n iv,\n }\n }\n if (dataEncryption.algorithm === 'C20P') {\n // IV should be exactly 12 bytes (96 bits) for C20P\n const iv = dataEncryption.iv ?? randomBytes(12)\n\n const cipher: CipherGCM = createCipheriv('chacha20-poly1305', nodeKey, iv, {\n authTagLength: 16,\n })\n\n // If AAD is provided, update the cipher with it before encryption\n if (dataEncryption.aad) {\n cipher.setAAD(dataEncryption.aad)\n }\n\n // Get encrypted data\n const encrypted = Buffer.concat([cipher.update(data), cipher.final()])\n\n // Get auth tag - must be saved to verify decryption\n const tag = cipher.getAuthTag() as Uint8ArrayBuffer\n\n return {\n encrypted,\n tag,\n iv,\n }\n }\n\n throw new Kms.KeyManagementAlgorithmNotSupportedError(\n `JWA content encryption algorithm '${dataEncryption.algorithm}'`,\n 'node'\n )\n}\n"],"mappings":";;;;;;AAOA,MAAa,oCAAoC;CAC/C;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;AAED,eAAsB,eACpB,KACA,gBACA,MACqF;CACrF,MAAM,iBAAiB,OAAO,KAAK,IAAI,GAAG,YAAY;CACtD,MAAM,UAAU,gBAAgB,eAAe;AAG/C,KAAI,eAAe,cAAc,aAAa,eAAe,cAAc,WAAW;EACpF,MAAM,gBAAgB,eAAe,cAAc,YAAY,gBAAgB;EAG/E,MAAM,KAAK,eAAe,MAAM,YAAY,GAAG;EAE/C,MAAM,SAAS,eAAe,eAAe,SAAS,GAAG;AAKzD,SAAO;GAAE,WAFS,OAAO,OAAO,CAAC,OAAO,OAAO,KAAK,EAAE,OAAO,OAAO,CAAC,CAAC;GAElD;GAAI;;AAE1B,KACE,eAAe,cAAc,mBAC7B,eAAe,cAAc,mBAC7B,eAAe,cAAc,iBAC7B;EAEA,MAAM,cAAc;GAClB,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GACzE,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GACzE,iBAAiB;IAAE,QAAQ;IAAe,SAAS;IAAS,SAAS;IAAI;GAC1E,CAAC,eAAe;EAGjB,MAAM,KAAK,eAAe,MAAM,YAAY,GAAG;EAG/C,MAAM,SAAS,eAAe,SAAS,GAAG,YAAY,QAAQ;EAC9D,MAAM,SAAS,gBAAgB,eAAe,SAAS,YAAY,QAAQ,CAAC;EAG5E,MAAM,SAAS,eAAe,YAAY,QAAQ,QAAQ,GAAG;EAC7D,MAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,KAAK,EAAE,OAAO,OAAO,CAAC,CAAC;EAItE,MAAM,KAAK,OAAO,MAAM,EAAE;EAC1B,MAAM,YAAY,eAAe,MAAM,eAAe,IAAI,SAAS,IAAI;AACvE,KAAG,iBAAiB,OAAO,UAAU,CAAC;EAGtC,MAAM,UAAU,OAAO,OAAO;GAE5B,eAAe,OAAO,OAAO,MAAM,EAAE;GACrC;GACA;GACA;GACD,CAAC;EAEF,MAAM,OAAO,MAAM,YAAY;GAAE,KAAK;GAAO,GAAG,OAAO,SAAS,YAAY;GAAE,EAAE,YAAY,SAAS,QAAQ;AAG7G,SAAO;GAAE;GAAW,KAFR,OAAO,KAAK,KAAK,CAAC,SAAS,GAAG,YAAY,QAAQ;GAErC;GAAI;;AAE/B,KACE,eAAe,cAAc,aAC7B,eAAe,cAAc,aAC7B,eAAe,cAAc,WAC7B;EACA,MAAM,gBACJ,eAAe,cAAc,YACzB,gBACA,eAAe,cAAc,YAC3B,gBACA;EAGR,MAAM,KAAK,eAAe,MAAM,YAAY,GAAG;EAE/C,MAAM,SAAS,eAAe,eAAe,SAAS,GAAG;AAGzD,MAAI,eAAe,IACjB,QAAO,OAAO,eAAe,IAAI;AASnC,SAAO;GACL,WANgB,OAAO,OAAO,CAAC,OAAO,OAAO,KAAK,EAAE,OAAO,OAAO,CAAC,CAAC;GAOpE,KAJU,OAAO,YAAY;GAK7B;GACD;;AAEH,KAAI,eAAe,cAAc,QAAQ;EAEvC,MAAM,KAAK,eAAe,MAAM,YAAY,GAAG;EAE/C,MAAM,SAAoB,eAAe,qBAAqB,SAAS,IAAI,EACzE,eAAe,IAChB,CAAC;AAGF,MAAI,eAAe,IACjB,QAAO,OAAO,eAAe,IAAI;AASnC,SAAO;GACL,WANgB,OAAO,OAAO,CAAC,OAAO,OAAO,KAAK,EAAE,OAAO,OAAO,CAAC,CAAC;GAOpE,KAJU,OAAO,YAAY;GAK7B;GACD;;AAGH,OAAM,IAAI,IAAI,wCACZ,qCAAqC,eAAe,UAAU,IAC9D,OACD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DidCommHttpInboundTransport.d.mts","names":[],"sources":["../../src/transport/DidCommHttpInboundTransport.ts"],"
|
|
1
|
+
{"version":3,"file":"DidCommHttpInboundTransport.d.mts","names":[],"sources":["../../src/transport/DidCommHttpInboundTransport.ts"],"mappings":";;;;;;;cAiBa,2BAAA,YAAuC,uBAAA;EAAA,SAClC,GAAA,EAAK,OAAA;EAAA,QACb,IAAA;EAAA,QACA,IAAA;EAAA,QACA,OAAA;EAAA,QACA,iCAAA;EAAA,IAEG,MAAA,CAAA,GAAM,MAAA,QANW,KAAA,CAMX,eAAA,SAAA,KAAA,CAAA,cAAA;;IAKf,GAAA;IACA,IAAA;IACA,IAAA;IACA;EAAA;IAEA,GAAA,GAAM,OAAA;IACN,IAAA;IACA,IAAA;IACA,iCAAA;EAAA;EAYW,KAAA,CAAM,YAAA,EAAc,YAAA,GAAY,OAAA;EAwEhC,IAAA,CAAA,GAAQ,OAAA;AAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DidCommHttpInboundTransport.mjs","names":[
|
|
1
|
+
{"version":3,"file":"DidCommHttpInboundTransport.mjs","names":[],"sources":["../../src/transport/DidCommHttpInboundTransport.ts"],"sourcesContent":["import type { AgentContext } from '@credo-ts/core'\nimport { CredoError, EventEmitter, utils } from '@credo-ts/core'\nimport type {\n DidCommEncryptedMessage,\n DidCommInboundTransport,\n DidCommMessageProcessedEvent,\n DidCommMessageReceivedEvent,\n DidCommTransportSession,\n} from '@credo-ts/didcomm'\nimport { DidCommEventTypes, DidCommMimeType, DidCommModuleConfig, DidCommTransportService } from '@credo-ts/didcomm'\nimport type { Express, Request, Response } from 'express'\nimport express, { text } from 'express'\nimport type { Server } from 'http'\nimport { filter, firstValueFrom, ReplaySubject, take, timeout } from 'rxjs'\n\nconst supportedContentTypes: string[] = [DidCommMimeType.V0, DidCommMimeType.V1]\n\nexport class DidCommHttpInboundTransport implements DidCommInboundTransport {\n public readonly app: Express\n private port: number\n private path: string\n private _server?: Server\n private processedMessageListenerTimeoutMs: number\n\n public get server() {\n return this._server\n }\n\n public constructor({\n app,\n path,\n port,\n processedMessageListenerTimeoutMs,\n }: {\n app?: Express\n path?: string\n port: number\n processedMessageListenerTimeoutMs?: number\n }) {\n this.port = port\n this.processedMessageListenerTimeoutMs = processedMessageListenerTimeoutMs ?? 10000 // timeout after 10 seconds\n\n // Create Express App\n this.app = app ?? express()\n this.path = path ?? '/'\n\n this.app.use(text({ type: supportedContentTypes, limit: '5mb' }))\n }\n\n public async start(agentContext: AgentContext) {\n const transportService = agentContext.dependencyManager.resolve(DidCommTransportService)\n\n agentContext.config.logger.debug('Starting HTTP inbound transport', {\n port: this.port,\n })\n\n this.app.post(this.path, async (req, res) => {\n const contentType = req.headers['content-type']\n\n if (!contentType || !supportedContentTypes.includes(contentType)) {\n return res\n .status(415)\n .send(`Unsupported content-type. Supported content-types are: ${supportedContentTypes.join(', ')}`)\n }\n\n const session = new HttpTransportSession(utils.uuid(), req, res)\n // We want to make sure the session is removed if the connection is closed, as it\n // can't be used anymore then. This could happen if the client abruptly closes the connection.\n req.once('close', () => transportService.removeSession(session))\n\n try {\n const message = req.body\n const encryptedMessage = JSON.parse(message) as DidCommEncryptedMessage\n\n const eventEmitter = agentContext.dependencyManager.resolve(EventEmitter)\n const observable = eventEmitter.observable<DidCommMessageProcessedEvent>(\n DidCommEventTypes.DidCommMessageProcessed\n )\n const subject = new ReplaySubject(1)\n\n observable\n .pipe(\n filter((e) => e.type === DidCommEventTypes.DidCommMessageProcessed),\n filter((e) => e.payload.encryptedMessage === encryptedMessage),\n timeout({\n first: this.processedMessageListenerTimeoutMs,\n meta: 'DidCommHttpInboundTransport.start',\n }),\n take(1) // automatically unsubscribe after the first matching event\n )\n .subscribe(subject)\n\n eventEmitter.emit<DidCommMessageReceivedEvent>(agentContext, {\n type: DidCommEventTypes.DidCommMessageReceived,\n payload: {\n message: encryptedMessage,\n session: session,\n },\n })\n\n // Wait for message to be processed\n await firstValueFrom(subject)\n\n // If agent did not use session when processing message we need to send response here.\n if (!res.headersSent) {\n res.status(200).end()\n }\n } catch (error) {\n agentContext.config.logger.error(`Error processing inbound message: ${error.message}`, error)\n\n if (!res.headersSent) {\n res.status(500).send('Error processing message')\n }\n } finally {\n transportService.removeSession(session)\n }\n })\n\n this._server = this.app.listen(this.port)\n }\n\n public async stop(): Promise<void> {\n return new Promise((resolve, reject) => this._server?.close((err) => (err ? reject(err) : resolve())))\n }\n}\n\nexport class HttpTransportSession implements DidCommTransportSession {\n public id: string\n public readonly type = 'http'\n public req: Request\n public res: Response\n\n public constructor(id: string, req: Request, res: Response) {\n this.id = id\n this.req = req\n this.res = res\n }\n\n public async close(): Promise<void> {\n if (!this.res.headersSent) {\n this.res.status(200).end()\n }\n }\n\n public async send(agentContext: AgentContext, encryptedMessage: DidCommEncryptedMessage): Promise<void> {\n if (this.res.headersSent) {\n throw new CredoError(`${this.type} transport session has been closed.`)\n }\n\n // By default we take the agent config's default DIDComm content-type\n const didcommConfig = agentContext.dependencyManager.resolve(DidCommModuleConfig)\n let responseMimeType = didcommConfig.didCommMimeType as string\n\n // However, if the request mime-type is a mime-type that is supported by us, we use that\n // to minimize the chance of interoperability issues\n const requestMimeType = this.req.headers['content-type']\n if (requestMimeType && supportedContentTypes.includes(requestMimeType)) {\n responseMimeType = requestMimeType\n }\n\n this.res.status(200).contentType(responseMimeType).json(encryptedMessage).end()\n }\n}\n"],"mappings":";;;;;;AAeA,MAAM,wBAAkC,CAAC,gBAAgB,IAAI,gBAAgB,GAAG;AAEhF,IAAa,8BAAb,MAA4E;CAO1E,IAAW,SAAS;AAClB,SAAO,KAAK;;CAGd,AAAO,YAAY,EACjB,KACA,MACA,MACA,qCAMC;AACD,OAAK,OAAO;AACZ,OAAK,oCAAoC,qCAAqC;AAG9E,OAAK,MAAM,OAAO,SAAS;AAC3B,OAAK,OAAO,QAAQ;AAEpB,OAAK,IAAI,IAAI,KAAK;GAAE,MAAM;GAAuB,OAAO;GAAO,CAAC,CAAC;;CAGnE,MAAa,MAAM,cAA4B;EAC7C,MAAM,mBAAmB,aAAa,kBAAkB,QAAQ,wBAAwB;AAExF,eAAa,OAAO,OAAO,MAAM,mCAAmC,EAClE,MAAM,KAAK,MACZ,CAAC;AAEF,OAAK,IAAI,KAAK,KAAK,MAAM,OAAO,KAAK,QAAQ;GAC3C,MAAM,cAAc,IAAI,QAAQ;AAEhC,OAAI,CAAC,eAAe,CAAC,sBAAsB,SAAS,YAAY,CAC9D,QAAO,IACJ,OAAO,IAAI,CACX,KAAK,0DAA0D,sBAAsB,KAAK,KAAK,GAAG;GAGvG,MAAM,UAAU,IAAI,qBAAqB,MAAM,MAAM,EAAE,KAAK,IAAI;AAGhE,OAAI,KAAK,eAAe,iBAAiB,cAAc,QAAQ,CAAC;AAEhE,OAAI;IACF,MAAM,UAAU,IAAI;IACpB,MAAM,mBAAmB,KAAK,MAAM,QAAQ;IAE5C,MAAM,eAAe,aAAa,kBAAkB,QAAQ,aAAa;IACzE,MAAM,aAAa,aAAa,WAC9B,kBAAkB,wBACnB;IACD,MAAM,UAAU,IAAI,cAAc,EAAE;AAEpC,eACG,KACC,QAAQ,MAAM,EAAE,SAAS,kBAAkB,wBAAwB,EACnE,QAAQ,MAAM,EAAE,QAAQ,qBAAqB,iBAAiB,EAC9D,QAAQ;KACN,OAAO,KAAK;KACZ,MAAM;KACP,CAAC,EACF,KAAK,EAAE,CACR,CACA,UAAU,QAAQ;AAErB,iBAAa,KAAkC,cAAc;KAC3D,MAAM,kBAAkB;KACxB,SAAS;MACP,SAAS;MACA;MACV;KACF,CAAC;AAGF,UAAM,eAAe,QAAQ;AAG7B,QAAI,CAAC,IAAI,YACP,KAAI,OAAO,IAAI,CAAC,KAAK;YAEhB,OAAO;AACd,iBAAa,OAAO,OAAO,MAAM,qCAAqC,MAAM,WAAW,MAAM;AAE7F,QAAI,CAAC,IAAI,YACP,KAAI,OAAO,IAAI,CAAC,KAAK,2BAA2B;aAE1C;AACR,qBAAiB,cAAc,QAAQ;;IAEzC;AAEF,OAAK,UAAU,KAAK,IAAI,OAAO,KAAK,KAAK;;CAG3C,MAAa,OAAsB;AACjC,SAAO,IAAI,SAAS,SAAS,WAAW,KAAK,SAAS,OAAO,QAAS,MAAM,OAAO,IAAI,GAAG,SAAS,CAAE,CAAC;;;AAI1G,IAAa,uBAAb,MAAqE;CAMnE,AAAO,YAAY,IAAY,KAAc,KAAe;OAJ5C,OAAO;AAKrB,OAAK,KAAK;AACV,OAAK,MAAM;AACX,OAAK,MAAM;;CAGb,MAAa,QAAuB;AAClC,MAAI,CAAC,KAAK,IAAI,YACZ,MAAK,IAAI,OAAO,IAAI,CAAC,KAAK;;CAI9B,MAAa,KAAK,cAA4B,kBAA0D;AACtG,MAAI,KAAK,IAAI,YACX,OAAM,IAAI,WAAW,GAAG,KAAK,KAAK,qCAAqC;EAKzE,IAAI,mBADkB,aAAa,kBAAkB,QAAQ,oBAAoB,CAC5C;EAIrC,MAAM,kBAAkB,KAAK,IAAI,QAAQ;AACzC,MAAI,mBAAmB,sBAAsB,SAAS,gBAAgB,CACpE,oBAAmB;AAGrB,OAAK,IAAI,OAAO,IAAI,CAAC,YAAY,iBAAiB,CAAC,KAAK,iBAAiB,CAAC,KAAK"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DidCommWsInboundTransport.d.mts","names":[],"sources":["../../src/transport/DidCommWsInboundTransport.ts"],"
|
|
1
|
+
{"version":3,"file":"DidCommWsInboundTransport.d.mts","names":[],"sources":["../../src/transport/DidCommWsInboundTransport.ts"],"mappings":";;;;;cAWa,yBAAA,YAAqC,uBAAA;EAAA,QACxC,YAAA;EAAA,QACA,MAAA;EAAA,QAGA,SAAA;;IAGN,MAAA;IACA;EAAA;IACG,MAAA,EAAQ,eAAA;IAAiB,IAAA;EAAA;IAAuB,MAAA;IAAoB,IAAA;EAAA;EAI5D,KAAA,CAAM,YAAA,EAAc,YAAA,GAAY,OAAA;EA8BhC,IAAA,CAAA,GAAI,OAAA;EAAA,QAaT,yBAAA;AAAA"}
|
package/package.json
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
".": "./build/index.mjs",
|
|
5
5
|
"./package.json": "./package.json"
|
|
6
6
|
},
|
|
7
|
-
"version": "0.6.2-alpha-
|
|
7
|
+
"version": "0.6.2-alpha-20260204094529",
|
|
8
8
|
"files": [
|
|
9
9
|
"build"
|
|
10
10
|
],
|
|
@@ -23,20 +23,20 @@
|
|
|
23
23
|
},
|
|
24
24
|
"dependencies": {
|
|
25
25
|
"@types/express": "^5.0.6",
|
|
26
|
-
"express": "^5.2.
|
|
26
|
+
"express": "^5.2.1",
|
|
27
27
|
"rxjs": "^7.8.2",
|
|
28
|
-
"ws": "^8.
|
|
29
|
-
"@credo-ts/core": "0.6.2-alpha-
|
|
30
|
-
"@credo-ts/didcomm": "0.6.2-alpha-
|
|
28
|
+
"ws": "^8.19.0",
|
|
29
|
+
"@credo-ts/core": "0.6.2-alpha-20260204094529",
|
|
30
|
+
"@credo-ts/didcomm": "0.6.2-alpha-20260204094529"
|
|
31
31
|
},
|
|
32
32
|
"devDependencies": {
|
|
33
|
-
"@types/node": "^20.19.
|
|
33
|
+
"@types/node": "^20.19.31",
|
|
34
34
|
"@types/ws": "^8.18.1",
|
|
35
35
|
"nock": "^14.0.10",
|
|
36
36
|
"typescript": "~5.9.3"
|
|
37
37
|
},
|
|
38
38
|
"scripts": {
|
|
39
|
-
"build": "tsdown --config-loader
|
|
39
|
+
"build": "tsdown --config-loader unrun"
|
|
40
40
|
},
|
|
41
41
|
"types": "./build/index.d.mts",
|
|
42
42
|
"module": "./build/index.mjs"
|