@dfns/sdk-awskmssigner 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +17 -0
- package/index.js +35 -0
- package/package.json +15 -0
package/index.d.ts
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { CredentialSigner, KeyAssertion } from '@dfns/sdk';
|
|
2
|
+
import { KMSClientConfig, SigningAlgorithmSpec } from '@aws-sdk/client-kms';
|
|
3
|
+
export declare class AwsKmsKeySigner implements CredentialSigner<KeyAssertion> {
|
|
4
|
+
private options;
|
|
5
|
+
private client;
|
|
6
|
+
constructor(options: {
|
|
7
|
+
kmsClientConfig: KMSClientConfig;
|
|
8
|
+
kmsKeyConfig: {
|
|
9
|
+
id: string;
|
|
10
|
+
algorithm: SigningAlgorithmSpec;
|
|
11
|
+
};
|
|
12
|
+
credId: string;
|
|
13
|
+
appOrigin: string;
|
|
14
|
+
crossOrigin?: boolean;
|
|
15
|
+
});
|
|
16
|
+
sign(challenge: string): Promise<KeyAssertion>;
|
|
17
|
+
}
|
package/index.js
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AwsKmsKeySigner = void 0;
|
|
4
|
+
const utils_1 = require("@dfns/sdk/utils");
|
|
5
|
+
const client_kms_1 = require("@aws-sdk/client-kms");
|
|
6
|
+
class AwsKmsKeySigner {
|
|
7
|
+
constructor(options) {
|
|
8
|
+
this.options = options;
|
|
9
|
+
this.client = new client_kms_1.KMSClient(this.options.kmsClientConfig);
|
|
10
|
+
}
|
|
11
|
+
async sign(challenge) {
|
|
12
|
+
const clientData = Buffer.from(JSON.stringify({
|
|
13
|
+
type: 'key.get',
|
|
14
|
+
challenge,
|
|
15
|
+
origin: this.options.appOrigin,
|
|
16
|
+
crossOrigin: this.options.crossOrigin ?? false,
|
|
17
|
+
}));
|
|
18
|
+
const command = new client_kms_1.SignCommand({
|
|
19
|
+
KeyId: this.options.kmsKeyConfig.id,
|
|
20
|
+
Message: clientData,
|
|
21
|
+
MessageType: 'RAW',
|
|
22
|
+
SigningAlgorithm: this.options.kmsKeyConfig.algorithm,
|
|
23
|
+
});
|
|
24
|
+
const response = await this.client.send(command);
|
|
25
|
+
return {
|
|
26
|
+
kind: 'Key',
|
|
27
|
+
credentialAssertion: {
|
|
28
|
+
credId: this.options.credId,
|
|
29
|
+
clientData: (0, utils_1.toBase64Url)(clientData),
|
|
30
|
+
signature: (0, utils_1.toBase64Url)(Buffer.from(response.Signature)),
|
|
31
|
+
},
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
exports.AwsKmsKeySigner = AwsKmsKeySigner;
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@dfns/sdk-awskmssigner",
|
|
3
|
+
"version": "0.2.2",
|
|
4
|
+
"dependencies": {
|
|
5
|
+
"@aws-sdk/client-kms": "^3.485.0",
|
|
6
|
+
"buffer": "6.0.3",
|
|
7
|
+
"cross-fetch": "3.1.6",
|
|
8
|
+
"uuid": "9.0.0"
|
|
9
|
+
},
|
|
10
|
+
"peerDependencies": {
|
|
11
|
+
"@dfns/sdk": "0.2.2"
|
|
12
|
+
},
|
|
13
|
+
"main": "./index.js",
|
|
14
|
+
"type": "commonjs"
|
|
15
|
+
}
|