@enbox/dwn-sdk-js 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -301
- package/dist/bundles/dwn.js +19 -21
- package/dist/esm/generated/precompiled-validators.js +2764 -1773
- package/dist/esm/generated/precompiled-validators.js.map +1 -1
- package/dist/esm/src/core/dwn-error.js +27 -3
- package/dist/esm/src/core/dwn-error.js.map +1 -1
- package/dist/esm/src/core/message.js.map +1 -1
- package/dist/esm/src/core/messages-grant-authorization.js +17 -6
- package/dist/esm/src/core/messages-grant-authorization.js.map +1 -1
- package/dist/esm/src/core/protocol-authorization.js +245 -69
- package/dist/esm/src/core/protocol-authorization.js.map +1 -1
- package/dist/esm/src/core/resumable-task-manager.js +4 -4
- package/dist/esm/src/core/resumable-task-manager.js.map +1 -1
- package/dist/esm/src/dwn.js +10 -8
- package/dist/esm/src/dwn.js.map +1 -1
- package/dist/esm/src/enums/dwn-interface-method.js +4 -2
- package/dist/esm/src/enums/dwn-interface-method.js.map +1 -1
- package/dist/esm/src/event-stream/event-emitter-stream.js.map +1 -0
- package/dist/esm/src/handlers/messages-subscribe.js +1 -1
- package/dist/esm/src/handlers/messages-subscribe.js.map +1 -1
- package/dist/esm/src/handlers/messages-sync.js +116 -0
- package/dist/esm/src/handlers/messages-sync.js.map +1 -0
- package/dist/esm/src/handlers/protocols-configure.js +149 -16
- package/dist/esm/src/handlers/protocols-configure.js.map +1 -1
- package/dist/esm/src/handlers/protocols-query.js +2 -2
- package/dist/esm/src/handlers/protocols-query.js.map +1 -1
- package/dist/esm/src/handlers/records-count.js +143 -0
- package/dist/esm/src/handlers/records-count.js.map +1 -0
- package/dist/esm/src/handlers/records-query.js +4 -0
- package/dist/esm/src/handlers/records-query.js.map +1 -1
- package/dist/esm/src/handlers/records-read.js +4 -6
- package/dist/esm/src/handlers/records-read.js.map +1 -1
- package/dist/esm/src/handlers/records-write.js +17 -18
- package/dist/esm/src/handlers/records-write.js.map +1 -1
- package/dist/esm/src/index.js +9 -5
- package/dist/esm/src/index.js.map +1 -1
- package/dist/esm/src/interfaces/messages-read.js +2 -7
- package/dist/esm/src/interfaces/messages-read.js.map +1 -1
- package/dist/esm/src/interfaces/messages-subscribe.js +1 -0
- package/dist/esm/src/interfaces/messages-subscribe.js.map +1 -1
- package/dist/esm/src/interfaces/{messages-query.js → messages-sync.js} +11 -12
- package/dist/esm/src/interfaces/messages-sync.js.map +1 -0
- package/dist/esm/src/interfaces/protocols-configure.js +153 -30
- package/dist/esm/src/interfaces/protocols-configure.js.map +1 -1
- package/dist/esm/src/interfaces/protocols-query.js +1 -0
- package/dist/esm/src/interfaces/protocols-query.js.map +1 -1
- package/dist/esm/src/interfaces/records-count.js +91 -0
- package/dist/esm/src/interfaces/records-count.js.map +1 -0
- package/dist/esm/src/interfaces/records-read.js +15 -1
- package/dist/esm/src/interfaces/records-read.js.map +1 -1
- package/dist/esm/src/interfaces/records-write.js +64 -15
- package/dist/esm/src/interfaces/records-write.js.map +1 -1
- package/dist/esm/src/jose/algorithms/signing/ed25519.js.map +1 -1
- package/dist/esm/src/jose/algorithms/signing/signature-algorithms.js.map +1 -1
- package/dist/esm/src/jose/jws/general/builder.js.map +1 -1
- package/dist/esm/src/jose/jws/general/verifier.js.map +1 -1
- package/dist/esm/src/protocols/permission-grant.js +30 -0
- package/dist/esm/src/protocols/permission-grant.js.map +1 -1
- package/dist/esm/src/protocols/permission-request.js +24 -0
- package/dist/esm/src/protocols/permission-request.js.map +1 -1
- package/dist/esm/src/protocols/permissions.js +1 -1
- package/dist/esm/src/protocols/permissions.js.map +1 -1
- package/dist/esm/src/schema-validator.js +0 -1
- package/dist/esm/src/schema-validator.js.map +1 -1
- package/dist/esm/src/smt/smt-store-level.js +125 -0
- package/dist/esm/src/smt/smt-store-level.js.map +1 -0
- package/dist/esm/src/smt/smt-store-memory.js +67 -0
- package/dist/esm/src/smt/smt-store-memory.js.map +1 -0
- package/dist/esm/src/smt/smt-utils.js +146 -0
- package/dist/esm/src/smt/smt-utils.js.map +1 -0
- package/dist/esm/src/smt/sparse-merkle-tree.js +622 -0
- package/dist/esm/src/smt/sparse-merkle-tree.js.map +1 -0
- package/dist/esm/src/state-index/state-index-level.js +228 -0
- package/dist/esm/src/state-index/state-index-level.js.map +1 -0
- package/dist/esm/src/store/data-store-level.js +6 -6
- package/dist/esm/src/store/data-store-level.js.map +1 -1
- package/dist/esm/src/store/index-level.js +375 -17
- package/dist/esm/src/store/index-level.js.map +1 -1
- package/dist/esm/src/store/message-store-level.js +56 -0
- package/dist/esm/src/store/message-store-level.js.map +1 -1
- package/dist/esm/src/store/storage-controller.js +19 -16
- package/dist/esm/src/store/storage-controller.js.map +1 -1
- package/dist/esm/src/types/encryption-types.js +2 -0
- package/dist/esm/src/types/encryption-types.js.map +1 -0
- package/dist/esm/src/types/message-types.js.map +1 -1
- package/dist/esm/src/types/protocols-types.js +0 -2
- package/dist/esm/src/types/protocols-types.js.map +1 -1
- package/dist/esm/src/types/records-types.js +2 -0
- package/dist/esm/src/types/records-types.js.map +1 -1
- package/dist/esm/src/types/smt-types.js +5 -0
- package/dist/esm/src/types/smt-types.js.map +1 -0
- package/dist/esm/src/types/state-index.js +2 -0
- package/dist/esm/src/types/state-index.js.map +1 -0
- package/dist/esm/src/utils/cid.js +2 -1
- package/dist/esm/src/utils/cid.js.map +1 -1
- package/dist/esm/src/utils/data-stream.js +84 -29
- package/dist/esm/src/utils/data-stream.js.map +1 -1
- package/dist/esm/src/utils/encryption.js +22 -31
- package/dist/esm/src/utils/encryption.js.map +1 -1
- package/dist/esm/src/utils/hd-key.js +3 -3
- package/dist/esm/src/utils/hd-key.js.map +1 -1
- package/dist/esm/src/utils/jws.js +4 -4
- package/dist/esm/src/utils/jws.js.map +1 -1
- package/dist/esm/src/utils/private-key-signer.js +4 -3
- package/dist/esm/src/utils/private-key-signer.js.map +1 -1
- package/dist/esm/src/utils/protocols.js +82 -9
- package/dist/esm/src/utils/protocols.js.map +1 -1
- package/dist/esm/src/utils/records.js +82 -26
- package/dist/esm/src/utils/records.js.map +1 -1
- package/dist/esm/src/utils/secp256k1.js +4 -3
- package/dist/esm/src/utils/secp256k1.js.map +1 -1
- package/dist/esm/src/utils/secp256r1.js +3 -2
- package/dist/esm/src/utils/secp256r1.js.map +1 -1
- package/dist/esm/src/utils/time.js +1 -1
- package/dist/esm/src/utils/url.js +1 -1
- package/dist/esm/src/utils/url.js.map +1 -1
- package/dist/esm/tests/core/auth.spec.js +2 -2
- package/dist/esm/tests/core/auth.spec.js.map +1 -1
- package/dist/esm/tests/core/message-reply.spec.js +3 -3
- package/dist/esm/tests/core/message-reply.spec.js.map +1 -1
- package/dist/esm/tests/core/message.spec.js +13 -13
- package/dist/esm/tests/core/message.spec.js.map +1 -1
- package/dist/esm/tests/core/protocol-authorization.spec.js +3 -3
- package/dist/esm/tests/core/protocol-authorization.spec.js.map +1 -1
- package/dist/esm/tests/dwn.spec.js +27 -37
- package/dist/esm/tests/dwn.spec.js.map +1 -1
- package/dist/esm/tests/{event-log → event-stream}/event-emitter-stream.spec.js +14 -15
- package/dist/esm/tests/event-stream/event-emitter-stream.spec.js.map +1 -0
- package/dist/esm/tests/{event-log → event-stream}/event-stream.spec.js +13 -15
- package/dist/esm/tests/event-stream/event-stream.spec.js.map +1 -0
- package/dist/esm/tests/features/author-delegated-grant.spec.js +281 -135
- package/dist/esm/tests/features/author-delegated-grant.spec.js.map +1 -1
- package/dist/esm/tests/features/owner-delegated-grant.spec.js +57 -59
- package/dist/esm/tests/features/owner-delegated-grant.spec.js.map +1 -1
- package/dist/esm/tests/features/owner-signature.spec.js +32 -34
- package/dist/esm/tests/features/owner-signature.spec.js.map +1 -1
- package/dist/esm/tests/features/permissions.spec.js +73 -95
- package/dist/esm/tests/features/permissions.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-composition.spec.js +1645 -0
- package/dist/esm/tests/features/protocol-composition.spec.js.map +1 -0
- package/dist/esm/tests/features/protocol-create-action.spec.js +25 -27
- package/dist/esm/tests/features/protocol-create-action.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-delete-action.spec.js +42 -44
- package/dist/esm/tests/features/protocol-delete-action.spec.js.map +1 -1
- package/dist/esm/tests/features/protocol-update-action.spec.js +53 -55
- package/dist/esm/tests/features/protocol-update-action.spec.js.map +1 -1
- package/dist/esm/tests/features/records-prune.spec.js +126 -100
- package/dist/esm/tests/features/records-prune.spec.js.map +1 -1
- package/dist/esm/tests/features/records-tags.spec.js +272 -272
- package/dist/esm/tests/features/records-tags.spec.js.map +1 -1
- package/dist/esm/tests/features/resumable-tasks.spec.js +35 -37
- package/dist/esm/tests/features/resumable-tasks.spec.js.map +1 -1
- package/dist/esm/tests/handlers/messages-read.spec.js +112 -112
- package/dist/esm/tests/handlers/messages-read.spec.js.map +1 -1
- package/dist/esm/tests/handlers/messages-subscribe.spec.js +78 -76
- package/dist/esm/tests/handlers/messages-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/handlers/messages-sync.spec.js +528 -0
- package/dist/esm/tests/handlers/messages-sync.spec.js.map +1 -0
- package/dist/esm/tests/handlers/protocols-configure.spec.js +545 -152
- package/dist/esm/tests/handlers/protocols-configure.spec.js.map +1 -1
- package/dist/esm/tests/handlers/protocols-query.spec.js +70 -72
- package/dist/esm/tests/handlers/protocols-query.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-count.spec.js +313 -0
- package/dist/esm/tests/handlers/records-count.spec.js.map +1 -0
- package/dist/esm/tests/handlers/records-delete.spec.js +106 -109
- package/dist/esm/tests/handlers/records-delete.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-query.spec.js +863 -463
- package/dist/esm/tests/handlers/records-query.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-read.spec.js +439 -209
- package/dist/esm/tests/handlers/records-read.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-subscribe.spec.js +292 -97
- package/dist/esm/tests/handlers/records-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/handlers/records-write.spec.js +481 -483
- package/dist/esm/tests/handlers/records-write.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/messages-get.spec.js +31 -11
- package/dist/esm/tests/interfaces/messages-get.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/messages-subscribe.spec.js +5 -5
- package/dist/esm/tests/interfaces/messages-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/protocols-configure.spec.js +64 -134
- package/dist/esm/tests/interfaces/protocols-configure.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/protocols-query.spec.js +4 -6
- package/dist/esm/tests/interfaces/protocols-query.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-delete.spec.js +3 -5
- package/dist/esm/tests/interfaces/records-delete.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-query.spec.js +9 -11
- package/dist/esm/tests/interfaces/records-query.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-read.spec.js +76 -7
- package/dist/esm/tests/interfaces/records-read.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-subscribe.spec.js +7 -9
- package/dist/esm/tests/interfaces/records-subscribe.spec.js.map +1 -1
- package/dist/esm/tests/interfaces/records-write.spec.js +244 -48
- package/dist/esm/tests/interfaces/records-write.spec.js.map +1 -1
- package/dist/esm/tests/jose/jws/general.spec.js +15 -18
- package/dist/esm/tests/jose/jws/general.spec.js.map +1 -1
- package/dist/esm/tests/protocols/permission-grant.spec.js +114 -0
- package/dist/esm/tests/protocols/permission-grant.spec.js.map +1 -0
- package/dist/esm/tests/protocols/permission-request.spec.js +43 -7
- package/dist/esm/tests/protocols/permission-request.spec.js.map +1 -1
- package/dist/esm/tests/protocols/permissions.spec.js +9 -11
- package/dist/esm/tests/protocols/permissions.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/aggregator.spec.js +90 -92
- package/dist/esm/tests/scenarios/aggregator.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/deleted-record.spec.js +17 -19
- package/dist/esm/tests/scenarios/deleted-record.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js +27 -29
- package/dist/esm/tests/scenarios/end-to-end-tests.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/nested-roles.spec.js +37 -39
- package/dist/esm/tests/scenarios/nested-roles.spec.js.map +1 -1
- package/dist/esm/tests/scenarios/subscriptions.spec.js +163 -163
- package/dist/esm/tests/scenarios/subscriptions.spec.js.map +1 -1
- package/dist/esm/tests/smt/smt-store-level.spec.js +143 -0
- package/dist/esm/tests/smt/smt-store-level.spec.js.map +1 -0
- package/dist/esm/tests/smt/sparse-merkle-tree.spec.js +741 -0
- package/dist/esm/tests/smt/sparse-merkle-tree.spec.js.map +1 -0
- package/dist/esm/tests/state-index/state-index-level.spec.js +254 -0
- package/dist/esm/tests/state-index/state-index-level.spec.js.map +1 -0
- package/dist/esm/tests/store/blockstore-level.spec.js +136 -0
- package/dist/esm/tests/store/blockstore-level.spec.js.map +1 -0
- package/dist/esm/tests/store/blockstore-mock.spec.js +29 -28
- package/dist/esm/tests/store/blockstore-mock.spec.js.map +1 -1
- package/dist/esm/tests/store/data-store-level.spec.js +23 -25
- package/dist/esm/tests/store/data-store-level.spec.js.map +1 -1
- package/dist/esm/tests/store/index-level.spec.js +544 -194
- package/dist/esm/tests/store/index-level.spec.js.map +1 -1
- package/dist/esm/tests/store/message-store-level.spec.js +4 -4
- package/dist/esm/tests/store/message-store-level.spec.js.map +1 -1
- package/dist/esm/tests/store/message-store.spec.js +147 -73
- package/dist/esm/tests/store/message-store.spec.js.map +1 -1
- package/dist/esm/tests/store-dependent-tests.spec.js +1 -0
- package/dist/esm/tests/store-dependent-tests.spec.js.map +1 -1
- package/dist/esm/tests/test-stores.js +5 -5
- package/dist/esm/tests/test-stores.js.map +1 -1
- package/dist/esm/tests/test-suite.js +9 -8
- package/dist/esm/tests/test-suite.js.map +1 -1
- package/dist/esm/tests/utils/cid.spec.js +8 -11
- package/dist/esm/tests/utils/cid.spec.js.map +1 -1
- package/dist/esm/tests/utils/data-stream.spec.js +167 -13
- package/dist/esm/tests/utils/data-stream.spec.js.map +1 -1
- package/dist/esm/tests/utils/encryption-callbacks.spec.js +233 -0
- package/dist/esm/tests/utils/encryption-callbacks.spec.js.map +1 -0
- package/dist/esm/tests/utils/encryption.spec.js +34 -85
- package/dist/esm/tests/utils/encryption.spec.js.map +1 -1
- package/dist/esm/tests/utils/filters.spec.js +67 -69
- package/dist/esm/tests/utils/filters.spec.js.map +1 -1
- package/dist/esm/tests/utils/hd-key.spec.js +3 -3
- package/dist/esm/tests/utils/hd-key.spec.js.map +1 -1
- package/dist/esm/tests/utils/jws.spec.js +54 -3
- package/dist/esm/tests/utils/jws.spec.js.map +1 -1
- package/dist/esm/tests/utils/memory-cache.spec.js +6 -9
- package/dist/esm/tests/utils/memory-cache.spec.js.map +1 -1
- package/dist/esm/tests/utils/messages.spec.js +63 -29
- package/dist/esm/tests/utils/messages.spec.js.map +1 -1
- package/dist/esm/tests/utils/object.spec.js +3 -3
- package/dist/esm/tests/utils/object.spec.js.map +1 -1
- package/dist/esm/tests/utils/poller.js +1 -1
- package/dist/esm/tests/utils/poller.js.map +1 -1
- package/dist/esm/tests/utils/private-key-signer.spec.js +6 -6
- package/dist/esm/tests/utils/private-key-signer.spec.js.map +1 -1
- package/dist/esm/tests/utils/records.spec.js +37 -5
- package/dist/esm/tests/utils/records.spec.js.map +1 -1
- package/dist/esm/tests/utils/secp256k1.spec.js +7 -7
- package/dist/esm/tests/utils/secp256k1.spec.js.map +1 -1
- package/dist/esm/tests/utils/secp256r1.spec.js +7 -7
- package/dist/esm/tests/utils/secp256r1.spec.js.map +1 -1
- package/dist/esm/tests/utils/test-data-generator.js +47 -28
- package/dist/esm/tests/utils/test-data-generator.js.map +1 -1
- package/dist/esm/tests/utils/time.spec.js +7 -7
- package/dist/esm/tests/utils/time.spec.js.map +1 -1
- package/dist/esm/tests/utils/url.spec.js +25 -27
- package/dist/esm/tests/utils/url.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js +4 -4
- package/dist/esm/tests/validation/json-schemas/definitions.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js +15 -3
- package/dist/esm/tests/validation/json-schemas/jwk/general-jwk.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js +8 -8
- package/dist/esm/tests/validation/json-schemas/jwk/public-jwk.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js +8 -18
- package/dist/esm/tests/validation/json-schemas/jwk-verification-method.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js +3 -3
- package/dist/esm/tests/validation/json-schemas/protocols/protocols-configure.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js +9 -9
- package/dist/esm/tests/validation/json-schemas/records/records-query.spec.js.map +1 -1
- package/dist/esm/tests/validation/json-schemas/records/records-read.spec.js +106 -0
- package/dist/esm/tests/validation/json-schemas/records/records-read.spec.js.map +1 -0
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js +18 -18
- package/dist/esm/tests/validation/json-schemas/records/records-write.spec.js.map +1 -1
- package/dist/esm/tests/vectors/protocol-definitions/email.json +1 -1
- package/dist/esm/tests/vectors/protocol-definitions/friend-role.json +2 -4
- package/dist/esm/tests/vectors/protocol-definitions/slack.json +2 -6
- package/dist/esm/tests/vectors/protocol-definitions/thread-role.json +2 -6
- package/dist/types/generated/precompiled-validators.d.ts +82 -64
- package/dist/types/generated/precompiled-validators.d.ts.map +1 -1
- package/dist/types/src/core/dwn-error.d.ts +27 -3
- package/dist/types/src/core/dwn-error.d.ts.map +1 -1
- package/dist/types/src/core/message-reply.d.ts +1 -1
- package/dist/types/src/core/message.d.ts +3 -3
- package/dist/types/src/core/message.d.ts.map +1 -1
- package/dist/types/src/core/messages-grant-authorization.d.ts +4 -4
- package/dist/types/src/core/messages-grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/protocol-authorization.d.ts +43 -2
- package/dist/types/src/core/protocol-authorization.d.ts.map +1 -1
- package/dist/types/src/core/records-grant-authorization.d.ts +2 -2
- package/dist/types/src/core/records-grant-authorization.d.ts.map +1 -1
- package/dist/types/src/core/resumable-task-manager.d.ts +1 -0
- package/dist/types/src/core/resumable-task-manager.d.ts.map +1 -1
- package/dist/types/src/dwn.d.ts +8 -8
- package/dist/types/src/dwn.d.ts.map +1 -1
- package/dist/types/src/enums/dwn-interface-method.d.ts +5 -3
- package/dist/types/src/enums/dwn-interface-method.d.ts.map +1 -1
- package/dist/types/src/event-stream/event-emitter-stream.d.ts.map +1 -0
- package/dist/types/src/handlers/messages-sync.d.ts +21 -0
- package/dist/types/src/handlers/messages-sync.d.ts.map +1 -0
- package/dist/types/src/handlers/protocols-configure.d.ts +24 -4
- package/dist/types/src/handlers/protocols-configure.d.ts.map +1 -1
- package/dist/types/src/handlers/protocols-query.d.ts.map +1 -1
- package/dist/types/src/handlers/records-count.d.ts +43 -0
- package/dist/types/src/handlers/records-count.d.ts.map +1 -0
- package/dist/types/src/handlers/records-query.d.ts.map +1 -1
- package/dist/types/src/handlers/records-read.d.ts.map +1 -1
- package/dist/types/src/handlers/records-write.d.ts +5 -5
- package/dist/types/src/handlers/records-write.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +72 -37
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/interfaces/messages-read.d.ts +2 -2
- package/dist/types/src/interfaces/messages-read.d.ts.map +1 -1
- package/dist/types/src/interfaces/messages-subscribe.d.ts +2 -2
- package/dist/types/src/interfaces/messages-subscribe.d.ts.map +1 -1
- package/dist/types/src/interfaces/messages-sync.d.ts +16 -0
- package/dist/types/src/interfaces/messages-sync.d.ts.map +1 -0
- package/dist/types/src/interfaces/protocols-configure.d.ts +22 -2
- package/dist/types/src/interfaces/protocols-configure.d.ts.map +1 -1
- package/dist/types/src/interfaces/protocols-query.d.ts +2 -2
- package/dist/types/src/interfaces/protocols-query.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-count.d.ts +27 -0
- package/dist/types/src/interfaces/records-count.d.ts.map +1 -0
- package/dist/types/src/interfaces/records-delete.d.ts +2 -2
- package/dist/types/src/interfaces/records-delete.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-query.d.ts +2 -2
- package/dist/types/src/interfaces/records-query.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-read.d.ts +4 -2
- package/dist/types/src/interfaces/records-read.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-subscribe.d.ts +2 -2
- package/dist/types/src/interfaces/records-subscribe.d.ts.map +1 -1
- package/dist/types/src/interfaces/records-write.d.ts +37 -15
- package/dist/types/src/interfaces/records-write.d.ts.map +1 -1
- package/dist/types/src/jose/algorithms/signing/ed25519.d.ts.map +1 -1
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts +5 -1
- package/dist/types/src/jose/algorithms/signing/signature-algorithms.d.ts.map +1 -1
- package/dist/types/src/jose/jws/general/builder.d.ts +3 -3
- package/dist/types/src/jose/jws/general/builder.d.ts.map +1 -1
- package/dist/types/src/protocols/permission-grant.d.ts +11 -0
- package/dist/types/src/protocols/permission-grant.d.ts.map +1 -1
- package/dist/types/src/protocols/permission-request.d.ts +11 -0
- package/dist/types/src/protocols/permission-request.d.ts.map +1 -1
- package/dist/types/src/protocols/permissions.d.ts +4 -4
- package/dist/types/src/protocols/permissions.d.ts.map +1 -1
- package/dist/types/src/schema-validator.d.ts +1 -1
- package/dist/types/src/schema-validator.d.ts.map +1 -1
- package/dist/types/src/smt/smt-store-level.d.ts +32 -0
- package/dist/types/src/smt/smt-store-level.d.ts.map +1 -0
- package/dist/types/src/smt/smt-store-memory.d.ts +22 -0
- package/dist/types/src/smt/smt-store-memory.d.ts.map +1 -0
- package/dist/types/src/smt/smt-utils.d.ts +58 -0
- package/dist/types/src/smt/smt-utils.d.ts.map +1 -0
- package/dist/types/src/smt/sparse-merkle-tree.d.ts +124 -0
- package/dist/types/src/smt/sparse-merkle-tree.d.ts.map +1 -0
- package/dist/types/src/state-index/state-index-level.d.ts +83 -0
- package/dist/types/src/state-index/state-index-level.d.ts.map +1 -0
- package/dist/types/src/store/data-store-level.d.ts +1 -2
- package/dist/types/src/store/data-store-level.d.ts.map +1 -1
- package/dist/types/src/store/index-level.d.ts +98 -2
- package/dist/types/src/store/index-level.d.ts.map +1 -1
- package/dist/types/src/store/level-wrapper.d.ts.map +1 -1
- package/dist/types/src/store/message-store-level.d.ts +5 -0
- package/dist/types/src/store/message-store-level.d.ts.map +1 -1
- package/dist/types/src/store/storage-controller.d.ts +7 -7
- package/dist/types/src/store/storage-controller.d.ts.map +1 -1
- package/dist/types/src/types/data-store.d.ts +2 -3
- package/dist/types/src/types/data-store.d.ts.map +1 -1
- package/dist/types/src/types/encryption-types.d.ts +48 -0
- package/dist/types/src/types/encryption-types.d.ts.map +1 -0
- package/dist/types/src/types/jose-types.d.ts +9 -40
- package/dist/types/src/types/jose-types.d.ts.map +1 -1
- package/dist/types/src/types/message-store.d.ts +5 -0
- package/dist/types/src/types/message-store.d.ts.map +1 -1
- package/dist/types/src/types/message-types.d.ts +19 -0
- package/dist/types/src/types/message-types.d.ts.map +1 -1
- package/dist/types/src/types/messages-types.d.ts +16 -11
- package/dist/types/src/types/messages-types.d.ts.map +1 -1
- package/dist/types/src/types/method-handler.d.ts +1 -2
- package/dist/types/src/types/method-handler.d.ts.map +1 -1
- package/dist/types/src/types/permission-types.d.ts +2 -2
- package/dist/types/src/types/permission-types.d.ts.map +1 -1
- package/dist/types/src/types/protocols-types.d.ts +49 -5
- package/dist/types/src/types/protocols-types.d.ts.map +1 -1
- package/dist/types/src/types/records-types.d.ts +23 -7
- package/dist/types/src/types/records-types.d.ts.map +1 -1
- package/dist/types/src/types/signer.d.ts +1 -1
- package/dist/types/src/types/signer.d.ts.map +1 -1
- package/dist/types/src/types/smt-types.d.ts +81 -0
- package/dist/types/src/types/smt-types.d.ts.map +1 -0
- package/dist/types/src/types/state-index.d.ts +90 -0
- package/dist/types/src/types/state-index.d.ts.map +1 -0
- package/dist/types/src/utils/cid.d.ts +1 -2
- package/dist/types/src/utils/cid.d.ts.map +1 -1
- package/dist/types/src/utils/data-stream.d.ts +14 -7
- package/dist/types/src/utils/data-stream.d.ts.map +1 -1
- package/dist/types/src/utils/encryption.d.ts +2 -3
- package/dist/types/src/utils/encryption.d.ts.map +1 -1
- package/dist/types/src/utils/hd-key.d.ts +4 -4
- package/dist/types/src/utils/hd-key.d.ts.map +1 -1
- package/dist/types/src/utils/jws.d.ts +7 -7
- package/dist/types/src/utils/jws.d.ts.map +1 -1
- package/dist/types/src/utils/private-key-signer.d.ts +4 -4
- package/dist/types/src/utils/private-key-signer.d.ts.map +1 -1
- package/dist/types/src/utils/protocols.d.ts +46 -3
- package/dist/types/src/utils/protocols.d.ts.map +1 -1
- package/dist/types/src/utils/records.d.ts +33 -6
- package/dist/types/src/utils/records.d.ts.map +1 -1
- package/dist/types/src/utils/secp256k1.d.ts +11 -11
- package/dist/types/src/utils/secp256k1.d.ts.map +1 -1
- package/dist/types/src/utils/secp256r1.d.ts +8 -8
- package/dist/types/src/utils/secp256r1.d.ts.map +1 -1
- package/dist/types/src/utils/time.d.ts +1 -1
- package/dist/types/tests/dwn.spec.d.ts.map +1 -1
- package/dist/types/tests/event-stream/event-emitter-stream.spec.d.ts.map +1 -0
- package/dist/types/tests/event-stream/event-stream.spec.d.ts.map +1 -0
- package/dist/types/tests/features/author-delegated-grant.spec.d.ts.map +1 -1
- package/dist/types/tests/features/owner-delegated-grant.spec.d.ts.map +1 -1
- package/dist/types/tests/features/owner-signature.spec.d.ts.map +1 -1
- package/dist/types/tests/features/permissions.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-composition.spec.d.ts +5 -0
- package/dist/types/tests/features/protocol-composition.spec.d.ts.map +1 -0
- package/dist/types/tests/features/protocol-create-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-delete-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/protocol-update-action.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-prune.spec.d.ts.map +1 -1
- package/dist/types/tests/features/records-tags.spec.d.ts.map +1 -1
- package/dist/types/tests/features/resumable-tasks.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/messages-read.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/messages-subscribe.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/messages-sync.spec.d.ts +2 -0
- package/dist/types/tests/handlers/messages-sync.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/protocols-configure.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/protocols-query.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-count.spec.d.ts +2 -0
- package/dist/types/tests/handlers/records-count.spec.d.ts.map +1 -0
- package/dist/types/tests/handlers/records-delete.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-query.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-read.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-subscribe.spec.d.ts.map +1 -1
- package/dist/types/tests/handlers/records-write.spec.d.ts.map +1 -1
- package/dist/types/tests/protocols/permission-grant.spec.d.ts +2 -0
- package/dist/types/tests/protocols/permission-grant.spec.d.ts.map +1 -0
- package/dist/types/tests/scenarios/deleted-record.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/end-to-end-tests.spec.d.ts.map +1 -1
- package/dist/types/tests/scenarios/nested-roles.spec.d.ts.map +1 -1
- package/dist/types/tests/smt/smt-store-level.spec.d.ts +2 -0
- package/dist/types/tests/smt/smt-store-level.spec.d.ts.map +1 -0
- package/dist/types/tests/smt/sparse-merkle-tree.spec.d.ts +2 -0
- package/dist/types/tests/smt/sparse-merkle-tree.spec.d.ts.map +1 -0
- package/dist/types/tests/state-index/state-index-level.spec.d.ts +2 -0
- package/dist/types/tests/state-index/state-index-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/blockstore-level.spec.d.ts +2 -0
- package/dist/types/tests/store/blockstore-level.spec.d.ts.map +1 -0
- package/dist/types/tests/store/message-store.spec.d.ts.map +1 -1
- package/dist/types/tests/test-stores.d.ts +4 -4
- package/dist/types/tests/test-stores.d.ts.map +1 -1
- package/dist/types/tests/test-suite.d.ts +2 -2
- package/dist/types/tests/test-suite.d.ts.map +1 -1
- package/dist/types/tests/utils/encryption-callbacks.spec.d.ts +2 -0
- package/dist/types/tests/utils/encryption-callbacks.spec.d.ts.map +1 -0
- package/dist/types/tests/utils/test-data-generator.d.ts +31 -28
- package/dist/types/tests/utils/test-data-generator.d.ts.map +1 -1
- package/dist/types/tests/validation/json-schemas/records/records-read.spec.d.ts +2 -0
- package/dist/types/tests/validation/json-schemas/records/records-read.spec.d.ts.map +1 -0
- package/package.json +26 -45
- package/src/core/dwn-error.ts +27 -3
- package/src/core/message-reply.ts +1 -1
- package/src/core/message.ts +5 -5
- package/src/core/messages-grant-authorization.ts +22 -8
- package/src/core/protocol-authorization.ts +345 -68
- package/src/core/records-grant-authorization.ts +2 -2
- package/src/core/resumable-task-manager.ts +4 -5
- package/src/dwn.ts +25 -20
- package/src/enums/dwn-interface-method.ts +5 -3
- package/src/handlers/messages-subscribe.ts +1 -1
- package/src/handlers/messages-sync.ts +129 -0
- package/src/handlers/protocols-configure.ts +195 -17
- package/src/handlers/protocols-query.ts +7 -5
- package/src/handlers/records-count.ts +184 -0
- package/src/handlers/records-query.ts +4 -0
- package/src/handlers/records-read.ts +4 -8
- package/src/handlers/records-write.ts +20 -21
- package/src/index.ts +74 -37
- package/src/interfaces/messages-read.ts +6 -5
- package/src/interfaces/messages-subscribe.ts +7 -6
- package/src/interfaces/messages-sync.ts +59 -0
- package/src/interfaces/protocols-configure.ts +211 -33
- package/src/interfaces/protocols-query.ts +7 -6
- package/src/interfaces/records-count.ts +106 -0
- package/src/interfaces/records-delete.ts +2 -2
- package/src/interfaces/records-query.ts +2 -2
- package/src/interfaces/records-read.ts +26 -3
- package/src/interfaces/records-subscribe.ts +2 -2
- package/src/interfaces/records-write.ts +115 -46
- package/src/jose/algorithms/signing/ed25519.ts +13 -12
- package/src/jose/algorithms/signing/signature-algorithms.ts +6 -1
- package/src/jose/jws/general/builder.ts +3 -3
- package/src/jose/jws/general/verifier.ts +3 -3
- package/src/protocols/permission-grant.ts +51 -0
- package/src/protocols/permission-request.ts +37 -0
- package/src/protocols/permissions.ts +5 -5
- package/src/schema-validator.ts +11 -3
- package/src/smt/smt-store-level.ts +143 -0
- package/src/smt/smt-store-memory.ts +53 -0
- package/src/smt/smt-utils.ts +149 -0
- package/src/smt/sparse-merkle-tree.ts +698 -0
- package/src/state-index/state-index-level.ts +241 -0
- package/src/store/data-store-level.ts +8 -7
- package/src/store/index-level.ts +415 -19
- package/src/store/level-wrapper.ts +1 -1
- package/src/store/message-store-level.ts +62 -0
- package/src/store/storage-controller.ts +21 -19
- package/src/types/data-store.ts +2 -4
- package/src/types/encryption-types.ts +52 -0
- package/src/types/jose-types.ts +10 -42
- package/src/types/message-store.ts +11 -0
- package/src/types/message-types.ts +21 -0
- package/src/types/messages-types.ts +21 -15
- package/src/types/method-handler.ts +1 -2
- package/src/types/permission-types.ts +2 -2
- package/src/types/protocols-types.ts +55 -6
- package/src/types/records-types.ts +26 -7
- package/src/types/signer.ts +1 -1
- package/src/types/smt-types.ts +95 -0
- package/src/types/state-index.ts +100 -0
- package/src/utils/cid.ts +3 -4
- package/src/utils/data-stream.ts +75 -38
- package/src/utils/encryption.ts +24 -39
- package/src/utils/hd-key.ts +6 -6
- package/src/utils/jws.ts +9 -9
- package/src/utils/private-key-signer.ts +9 -8
- package/src/utils/protocols.ts +132 -6
- package/src/utils/records.ts +118 -29
- package/src/utils/secp256k1.ts +23 -21
- package/src/utils/secp256r1.ts +17 -15
- package/src/utils/time.ts +1 -1
- package/src/utils/url.ts +1 -1
- package/dist/cjs/index.js +0 -36749
- package/dist/cjs/package.json +0 -1
- package/dist/esm/src/event-log/event-emitter-stream.js.map +0 -1
- package/dist/esm/src/event-log/event-log-level.js +0 -63
- package/dist/esm/src/event-log/event-log-level.js.map +0 -1
- package/dist/esm/src/handlers/messages-query.js +0 -71
- package/dist/esm/src/handlers/messages-query.js.map +0 -1
- package/dist/esm/src/interfaces/messages-query.js.map +0 -1
- package/dist/esm/src/types/event-log.js +0 -2
- package/dist/esm/src/types/event-log.js.map +0 -1
- package/dist/esm/tests/event-log/event-emitter-stream.spec.js.map +0 -1
- package/dist/esm/tests/event-log/event-log-level.spec.js +0 -44
- package/dist/esm/tests/event-log/event-log-level.spec.js.map +0 -1
- package/dist/esm/tests/event-log/event-log.spec.js +0 -236
- package/dist/esm/tests/event-log/event-log.spec.js.map +0 -1
- package/dist/esm/tests/event-log/event-stream.spec.js.map +0 -1
- package/dist/esm/tests/handlers/messages-query.spec.js +0 -349
- package/dist/esm/tests/handlers/messages-query.spec.js.map +0 -1
- package/dist/esm/tests/interfaces/messagess-query.spec.js +0 -127
- package/dist/esm/tests/interfaces/messagess-query.spec.js.map +0 -1
- package/dist/esm/tests/scenarios/messages-query.spec.js +0 -395
- package/dist/esm/tests/scenarios/messages-query.spec.js.map +0 -1
- package/dist/types/src/event-log/event-emitter-stream.d.ts.map +0 -1
- package/dist/types/src/event-log/event-log-level.d.ts +0 -35
- package/dist/types/src/event-log/event-log-level.d.ts.map +0 -1
- package/dist/types/src/handlers/messages-query.d.ts +0 -17
- package/dist/types/src/handlers/messages-query.d.ts.map +0 -1
- package/dist/types/src/interfaces/messages-query.d.ts +0 -16
- package/dist/types/src/interfaces/messages-query.d.ts.map +0 -1
- package/dist/types/src/types/event-log.d.ts +0 -52
- package/dist/types/src/types/event-log.d.ts.map +0 -1
- package/dist/types/tests/event-log/event-emitter-stream.spec.d.ts.map +0 -1
- package/dist/types/tests/event-log/event-log-level.spec.d.ts +0 -2
- package/dist/types/tests/event-log/event-log-level.spec.d.ts.map +0 -1
- package/dist/types/tests/event-log/event-log.spec.d.ts +0 -2
- package/dist/types/tests/event-log/event-log.spec.d.ts.map +0 -1
- package/dist/types/tests/event-log/event-stream.spec.d.ts.map +0 -1
- package/dist/types/tests/handlers/messages-query.spec.d.ts +0 -2
- package/dist/types/tests/handlers/messages-query.spec.d.ts.map +0 -1
- package/dist/types/tests/interfaces/messagess-query.spec.d.ts +0 -2
- package/dist/types/tests/interfaces/messagess-query.spec.d.ts.map +0 -1
- package/dist/types/tests/scenarios/messages-query.spec.d.ts +0 -2
- package/dist/types/tests/scenarios/messages-query.spec.d.ts.map +0 -1
- package/src/event-log/event-log-level.ts +0 -72
- package/src/handlers/messages-query.ts +0 -67
- package/src/interfaces/messages-query.ts +0 -60
- package/src/types/event-log.ts +0 -52
- /package/dist/esm/src/{event-log → event-stream}/event-emitter-stream.js +0 -0
- /package/dist/types/src/{event-log → event-stream}/event-emitter-stream.d.ts +0 -0
- /package/dist/types/tests/{event-log → event-stream}/event-emitter-stream.spec.d.ts +0 -0
- /package/dist/types/tests/{event-log → event-stream}/event-stream.spec.d.ts +0 -0
- /package/src/{event-log → event-stream}/event-emitter-stream.ts +0 -0
package/src/utils/protocols.ts
CHANGED
|
@@ -1,10 +1,69 @@
|
|
|
1
1
|
import type { DerivedPrivateJwk } from '../utils/hd-key.js';
|
|
2
|
-
import type {
|
|
2
|
+
import type { EncryptionKeyDeriver } from '../types/encryption-types.js';
|
|
3
|
+
import type { PrivateKeyJwk } from '../types/jose-types.js';
|
|
3
4
|
import type { ProtocolDefinition, ProtocolRuleSet } from '../types/protocols-types.js';
|
|
4
5
|
|
|
5
6
|
import { Secp256k1 } from './secp256k1.js';
|
|
6
7
|
import { HdKey, KeyDerivationScheme } from '../utils/hd-key.js';
|
|
7
8
|
|
|
9
|
+
/**
|
|
10
|
+
* Result of parsing a cross-protocol reference in `alias:path` format.
|
|
11
|
+
*/
|
|
12
|
+
export type CrossProtocolRef = {
|
|
13
|
+
/** The alias key from the `uses` map. */
|
|
14
|
+
alias: string;
|
|
15
|
+
/** The protocol path within the referenced protocol. */
|
|
16
|
+
protocolPath: string;
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Parses a string that may be a cross-protocol reference in `alias:path` format.
|
|
21
|
+
* Returns `undefined` if the string is a local (non-cross-protocol) reference.
|
|
22
|
+
*
|
|
23
|
+
* Examples:
|
|
24
|
+
* - `"threads:thread"` → `{ alias: "threads", protocolPath: "thread" }`
|
|
25
|
+
* - `"threads:thread/participant"` → `{ alias: "threads", protocolPath: "thread/participant" }`
|
|
26
|
+
* - `"thread/comment"` → `undefined` (local reference, no alias)
|
|
27
|
+
*/
|
|
28
|
+
export function parseCrossProtocolRef(ref: string): CrossProtocolRef | undefined {
|
|
29
|
+
const colonIndex = ref.indexOf(':');
|
|
30
|
+
if (colonIndex === -1) {
|
|
31
|
+
return undefined;
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
const alias = ref.substring(0, colonIndex);
|
|
35
|
+
const protocolPath = ref.substring(colonIndex + 1);
|
|
36
|
+
|
|
37
|
+
return { alias, protocolPath };
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
/**
|
|
41
|
+
* Returns `true` if the given string contains a `:` indicating a cross-protocol reference.
|
|
42
|
+
*/
|
|
43
|
+
export function isCrossProtocolRef(ref: string): boolean {
|
|
44
|
+
return ref.includes(':');
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Gets the rule set at a given protocol path within a protocol definition's structure tree.
|
|
49
|
+
* Returns `undefined` if the path does not exist.
|
|
50
|
+
*/
|
|
51
|
+
export function getRuleSetAtPath(protocolPath: string, structure: { [key: string]: ProtocolRuleSet }): ProtocolRuleSet | undefined {
|
|
52
|
+
const segments = protocolPath.split('/');
|
|
53
|
+
let current: ProtocolRuleSet | undefined;
|
|
54
|
+
let currentLevel: { [key: string]: ProtocolRuleSet } = structure;
|
|
55
|
+
|
|
56
|
+
for (const segment of segments) {
|
|
57
|
+
current = currentLevel[segment];
|
|
58
|
+
if (current === undefined) {
|
|
59
|
+
return undefined;
|
|
60
|
+
}
|
|
61
|
+
currentLevel = current as { [key: string]: ProtocolRuleSet };
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
return current;
|
|
65
|
+
}
|
|
66
|
+
|
|
8
67
|
/**
|
|
9
68
|
* Class containing Protocol related utility methods.
|
|
10
69
|
*/
|
|
@@ -13,14 +72,73 @@ export class Protocols {
|
|
|
13
72
|
* Derives public encryptions keys and inject it in the `$encryption` property for each protocol path segment of the given Protocol definition,
|
|
14
73
|
* then returns the final encryption-enabled protocol definition.
|
|
15
74
|
* NOTE: The original definition passed in is unmodified.
|
|
75
|
+
*
|
|
76
|
+
* `$ref` nodes (cross-protocol attachment points) are skipped during `$encryption` injection
|
|
77
|
+
* because their records belong to the referenced protocol, whose own encryption keys govern them.
|
|
78
|
+
* Children of `$ref` nodes are still processed because they belong to the composing protocol.
|
|
79
|
+
*
|
|
80
|
+
* Overload 1 (callback-based): Accepts an EncryptionKeyDeriver that performs
|
|
81
|
+
* key derivation internally. The private key never leaves the caller's boundary.
|
|
82
|
+
*/
|
|
83
|
+
public static async deriveAndInjectPublicEncryptionKeys(
|
|
84
|
+
protocolDefinition: ProtocolDefinition,
|
|
85
|
+
keyDeriver: EncryptionKeyDeriver,
|
|
86
|
+
): Promise<ProtocolDefinition>;
|
|
87
|
+
|
|
88
|
+
/**
|
|
89
|
+
* Overload 2 (raw-key, existing): Takes rootKeyId and raw PrivateKeyJwk directly.
|
|
90
|
+
* Preserved for backward compatibility with tests and non-KMS callers.
|
|
16
91
|
*/
|
|
17
92
|
public static async deriveAndInjectPublicEncryptionKeys(
|
|
18
93
|
protocolDefinition: ProtocolDefinition,
|
|
19
94
|
rootKeyId: string,
|
|
20
|
-
privateJwk:
|
|
95
|
+
privateJwk: PrivateKeyJwk,
|
|
96
|
+
): Promise<ProtocolDefinition>;
|
|
97
|
+
|
|
98
|
+
// Implementation dispatches based on argument type
|
|
99
|
+
public static async deriveAndInjectPublicEncryptionKeys(
|
|
100
|
+
protocolDefinition: ProtocolDefinition,
|
|
101
|
+
rootKeyIdOrKeyDeriver: string | EncryptionKeyDeriver,
|
|
102
|
+
privateJwk?: PrivateKeyJwk,
|
|
21
103
|
): Promise<ProtocolDefinition> {
|
|
22
104
|
// clone before modify
|
|
23
|
-
const
|
|
105
|
+
const clone = JSON.parse(JSON.stringify(protocolDefinition)) as ProtocolDefinition;
|
|
106
|
+
|
|
107
|
+
if (typeof rootKeyIdOrKeyDeriver !== 'string') {
|
|
108
|
+
// Callback-based path
|
|
109
|
+
const keyDeriver = rootKeyIdOrKeyDeriver;
|
|
110
|
+
const basePath = [KeyDerivationScheme.ProtocolPath, protocolDefinition.protocol];
|
|
111
|
+
|
|
112
|
+
async function injectKeysViaCallback(
|
|
113
|
+
ruleSet: ProtocolRuleSet, parentPath: string[],
|
|
114
|
+
): Promise<void> {
|
|
115
|
+
for (const key in ruleSet) {
|
|
116
|
+
if (!key.startsWith('$')) {
|
|
117
|
+
const currentPath = [...parentPath, key];
|
|
118
|
+
|
|
119
|
+
// Skip $ref nodes — they are governed by the referenced protocol's encryption keys.
|
|
120
|
+
// Still recurse into children, which belong to the composing protocol.
|
|
121
|
+
if (ruleSet[key].$ref !== undefined) {
|
|
122
|
+
await injectKeysViaCallback(ruleSet[key], currentPath);
|
|
123
|
+
continue;
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
const publicKeyJwk = await keyDeriver.derivePublicKey(currentPath);
|
|
127
|
+
ruleSet[key].$encryption = {
|
|
128
|
+
rootKeyId: keyDeriver.rootKeyId,
|
|
129
|
+
publicKeyJwk,
|
|
130
|
+
};
|
|
131
|
+
await injectKeysViaCallback(ruleSet[key], currentPath);
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
await injectKeysViaCallback(clone.structure, basePath);
|
|
137
|
+
return clone;
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
// Raw-key path (existing logic, unchanged)
|
|
141
|
+
const rootKeyId = rootKeyIdOrKeyDeriver;
|
|
24
142
|
|
|
25
143
|
// a function that recursively creates and adds `$encryption` property to every rule set
|
|
26
144
|
async function addEncryptionProperty(ruleSet: ProtocolRuleSet, parentKey: DerivedPrivateJwk): Promise<void> {
|
|
@@ -28,6 +146,14 @@ export class Protocols {
|
|
|
28
146
|
// if we encounter a nested rule set (a property name that doesn't begin with '$'), recursively inject the `$encryption` property
|
|
29
147
|
if (!key.startsWith('$')) {
|
|
30
148
|
const derivedPrivateKey = await HdKey.derivePrivateKey(parentKey, [key]);
|
|
149
|
+
|
|
150
|
+
// Skip $ref nodes — they are governed by the referenced protocol's encryption keys.
|
|
151
|
+
// Still recurse into children, which belong to the composing protocol.
|
|
152
|
+
if (ruleSet[key].$ref !== undefined) {
|
|
153
|
+
await addEncryptionProperty(ruleSet[key], derivedPrivateKey);
|
|
154
|
+
continue;
|
|
155
|
+
}
|
|
156
|
+
|
|
31
157
|
const publicKeyJwk = await Secp256k1.getPublicJwk(derivedPrivateKey.derivedPrivateKey);
|
|
32
158
|
|
|
33
159
|
ruleSet[key].$encryption = { rootKeyId, publicKeyJwk };
|
|
@@ -39,12 +165,12 @@ export class Protocols {
|
|
|
39
165
|
// inject encryption property starting from each root level record type
|
|
40
166
|
const rootKey: DerivedPrivateJwk = {
|
|
41
167
|
derivationScheme : KeyDerivationScheme.ProtocolPath,
|
|
42
|
-
derivedPrivateKey : privateJwk
|
|
168
|
+
derivedPrivateKey : privateJwk!,
|
|
43
169
|
rootKeyId
|
|
44
170
|
};
|
|
45
171
|
const protocolLevelDerivedKey = await HdKey.derivePrivateKey(rootKey, [KeyDerivationScheme.ProtocolPath, protocolDefinition.protocol]);
|
|
46
|
-
await addEncryptionProperty(
|
|
172
|
+
await addEncryptionProperty(clone.structure, protocolLevelDerivedKey);
|
|
47
173
|
|
|
48
|
-
return
|
|
174
|
+
return clone;
|
|
49
175
|
}
|
|
50
176
|
}
|
package/src/utils/records.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import type { DerivedPrivateJwk } from './hd-key.js';
|
|
2
|
-
import type {
|
|
2
|
+
import type { KeyDecrypter } from '../types/encryption-types.js';
|
|
3
3
|
import type { Filter, KeyValues, StartsWithFilter } from '../types/query-types.js';
|
|
4
|
-
import type { GenericMessage, GenericSignaturePayload } from '../types/message-types.js';
|
|
5
|
-
import type { RecordsDeleteMessage, RecordsFilter, RecordsQueryMessage, RecordsReadMessage, RecordsSubscribeMessage, RecordsWriteDescriptor, RecordsWriteMessage, RecordsWriteTags, RecordsWriteTagsFilter } from '../types/records-types.js';
|
|
4
|
+
import type { GenericMessage, GenericSignaturePayload, MessageSort } from '../types/message-types.js';
|
|
5
|
+
import type { RecordsCountMessage, RecordsDeleteMessage, RecordsFilter, RecordsQueryMessage, RecordsReadMessage, RecordsSubscribeMessage, RecordsWriteDescriptor, RecordsWriteMessage, RecordsWriteTags, RecordsWriteTagsFilter } from '../types/records-types.js';
|
|
6
6
|
|
|
7
7
|
import { DateSort } from '../types/records-types.js';
|
|
8
8
|
import { Encoder } from './encoder.js';
|
|
@@ -13,6 +13,7 @@ import { Message } from '../core/message.js';
|
|
|
13
13
|
import { PermissionGrant } from '../protocols/permission-grant.js';
|
|
14
14
|
import { removeUndefinedProperties } from './object.js';
|
|
15
15
|
import { Secp256k1 } from './secp256k1.js';
|
|
16
|
+
import { SortDirection } from '../types/query-types.js';
|
|
16
17
|
import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
|
|
17
18
|
import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
|
|
18
19
|
import { HdKey, KeyDerivationScheme } from './hd-key.js';
|
|
@@ -35,47 +36,96 @@ export class Records {
|
|
|
35
36
|
}
|
|
36
37
|
|
|
37
38
|
/**
|
|
38
|
-
* Decrypts the encrypted data in a message reply
|
|
39
|
+
* Decrypts the encrypted data in a message reply.
|
|
40
|
+
*
|
|
41
|
+
* Overload 1 (callback-based): Accepts a KeyDecrypter that performs
|
|
42
|
+
* HKDF derivation + ECIES decryption internally.
|
|
43
|
+
*/
|
|
44
|
+
public static async decrypt(
|
|
45
|
+
recordsWrite: RecordsWriteMessage,
|
|
46
|
+
keyDecrypter: KeyDecrypter,
|
|
47
|
+
cipherStream: ReadableStream<Uint8Array>,
|
|
48
|
+
): Promise<ReadableStream<Uint8Array>>;
|
|
49
|
+
|
|
50
|
+
/**
|
|
51
|
+
* Overload 2 (raw-key, existing): Takes DerivedPrivateJwk directly.
|
|
39
52
|
* @param ancestorPrivateKey Any ancestor private key in the key derivation path.
|
|
40
53
|
*/
|
|
41
54
|
public static async decrypt(
|
|
42
55
|
recordsWrite: RecordsWriteMessage,
|
|
43
56
|
ancestorPrivateKey: DerivedPrivateJwk,
|
|
44
|
-
cipherStream:
|
|
45
|
-
): Promise<
|
|
57
|
+
cipherStream: ReadableStream<Uint8Array>,
|
|
58
|
+
): Promise<ReadableStream<Uint8Array>>;
|
|
59
|
+
|
|
60
|
+
// Implementation dispatches based on argument type
|
|
61
|
+
public static async decrypt(
|
|
62
|
+
recordsWrite: RecordsWriteMessage,
|
|
63
|
+
keyOrDecrypter: DerivedPrivateJwk | KeyDecrypter,
|
|
64
|
+
cipherStream: ReadableStream<Uint8Array>,
|
|
65
|
+
): Promise<ReadableStream<Uint8Array>> {
|
|
46
66
|
const { encryption } = recordsWrite;
|
|
67
|
+
const isCallback = 'decrypt' in keyOrDecrypter;
|
|
47
68
|
|
|
48
|
-
//
|
|
69
|
+
// Find matching key encryption entry
|
|
49
70
|
const matchingEncryptedKey = encryption!.keyEncryption.find(key =>
|
|
50
|
-
key.rootKeyId ===
|
|
51
|
-
key.derivationScheme ===
|
|
71
|
+
key.rootKeyId === keyOrDecrypter.rootKeyId &&
|
|
72
|
+
key.derivationScheme === keyOrDecrypter.derivationScheme
|
|
52
73
|
);
|
|
53
74
|
if (matchingEncryptedKey === undefined) {
|
|
54
75
|
throw new DwnError(
|
|
55
76
|
DwnErrorCode.RecordsDecryptNoMatchingKeyEncryptedFound,
|
|
56
77
|
`Unable to find a symmetric key encrypted using key \
|
|
57
|
-
with ID '${
|
|
78
|
+
with ID '${keyOrDecrypter.rootKeyId}' and '${keyOrDecrypter.derivationScheme}' derivation scheme.`
|
|
58
79
|
);
|
|
59
80
|
}
|
|
60
81
|
|
|
61
|
-
|
|
82
|
+
// Construct the full derivation path (reused for both paths)
|
|
83
|
+
const fullDerivationPath = Records.constructKeyDerivationPath(
|
|
84
|
+
matchingEncryptedKey.derivationScheme, recordsWrite,
|
|
85
|
+
);
|
|
86
|
+
|
|
87
|
+
let dataEncryptionKey: Uint8Array;
|
|
62
88
|
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
89
|
+
if (isCallback) {
|
|
90
|
+
// Callback-based: delegate HKDF + ECIES to the KeyDecrypter
|
|
91
|
+
const encryptedKeyBytes = Encoder.base64UrlToBytes(
|
|
92
|
+
matchingEncryptedKey.encryptedKey,
|
|
93
|
+
);
|
|
94
|
+
const ephemeralPublicKeyBytes = Secp256k1.publicJwkToBytes(
|
|
95
|
+
matchingEncryptedKey.ephemeralPublicKey,
|
|
96
|
+
);
|
|
97
|
+
const iv = Encoder.base64UrlToBytes(
|
|
98
|
+
matchingEncryptedKey.initializationVector,
|
|
99
|
+
);
|
|
100
|
+
const mac = Encoder.base64UrlToBytes(
|
|
101
|
+
matchingEncryptedKey.messageAuthenticationCode,
|
|
102
|
+
);
|
|
77
103
|
|
|
104
|
+
dataEncryptionKey = await keyOrDecrypter.decrypt(fullDerivationPath, {
|
|
105
|
+
ciphertext : encryptedKeyBytes,
|
|
106
|
+
ephemeralPublicKey : ephemeralPublicKeyBytes,
|
|
107
|
+
initializationVector : iv,
|
|
108
|
+
messageAuthenticationCode : mac,
|
|
109
|
+
});
|
|
110
|
+
} else {
|
|
111
|
+
// Raw-key path (existing logic, unchanged)
|
|
112
|
+
// NOTE: right now only `ECIES-ES256K` algorithm is supported for asymmetric encryption,
|
|
113
|
+
// so we will assume that's the algorithm without additional switch/if statements
|
|
114
|
+
const leafPrivateKey = await Records.derivePrivateKey(keyOrDecrypter, fullDerivationPath);
|
|
115
|
+
const encryptedKeyBytes = Encoder.base64UrlToBytes(matchingEncryptedKey.encryptedKey);
|
|
116
|
+
const ephemeralPublicKey = Secp256k1.publicJwkToBytes(matchingEncryptedKey.ephemeralPublicKey);
|
|
117
|
+
const keyEncryptionInitializationVector = Encoder.base64UrlToBytes(matchingEncryptedKey.initializationVector);
|
|
118
|
+
const messageAuthenticationCode = Encoder.base64UrlToBytes(matchingEncryptedKey.messageAuthenticationCode);
|
|
119
|
+
dataEncryptionKey = await Encryption.eciesSecp256k1Decrypt({
|
|
120
|
+
ciphertext : encryptedKeyBytes,
|
|
121
|
+
ephemeralPublicKey,
|
|
122
|
+
initializationVector : keyEncryptionInitializationVector,
|
|
123
|
+
messageAuthenticationCode,
|
|
124
|
+
privateKey : leafPrivateKey
|
|
125
|
+
});
|
|
126
|
+
}
|
|
78
127
|
|
|
128
|
+
// AES decrypt data (shared by both paths)
|
|
79
129
|
// NOTE: right now only `A256CTR` algorithm is supported for symmetric encryption,
|
|
80
130
|
// so we will assume that's the algorithm without additional switch/if statements
|
|
81
131
|
const dataEncryptionInitializationVector = Encoder.base64UrlToBytes(encryption!.initializationVector);
|
|
@@ -130,6 +180,11 @@ export class Records {
|
|
|
130
180
|
|
|
131
181
|
/**
|
|
132
182
|
* Constructs the full key derivation path using `protocolPath` scheme.
|
|
183
|
+
*
|
|
184
|
+
* The path is `[scheme, protocol, ...protocolPathSegments]`. Because each record's `protocol`
|
|
185
|
+
* field always refers to the protocol it was written under, records in composed protocols
|
|
186
|
+
* naturally derive independent key hierarchies — a `$ref` parent (referenced protocol) and
|
|
187
|
+
* its children (composing protocol) use different protocol URIs and thus different key trees.
|
|
133
188
|
*/
|
|
134
189
|
public static constructKeyDerivationPathUsingProtocolPathScheme(descriptor: RecordsWriteDescriptor): string[] {
|
|
135
190
|
// ensure `protocol` is defined
|
|
@@ -153,6 +208,13 @@ export class Records {
|
|
|
153
208
|
|
|
154
209
|
/**
|
|
155
210
|
* Constructs the full key derivation path using `protocolContext` scheme.
|
|
211
|
+
*
|
|
212
|
+
* NOTE on protocol composition: When a context tree spans two protocols via `$ref` composition,
|
|
213
|
+
* the root `contextId` segment (the `$ref` parent record's ID) is shared across both protocols.
|
|
214
|
+
* This means ProtocolContext-encrypted records from the composing protocol and the referenced
|
|
215
|
+
* protocol derive the same context key. This is by design — it enables multi-party access within
|
|
216
|
+
* a shared context (e.g., thread participants can decrypt messages from both the threads protocol
|
|
217
|
+
* and composing protocols that attach to those threads).
|
|
156
218
|
*/
|
|
157
219
|
public static constructKeyDerivationPathUsingProtocolContextScheme(contextId: string | undefined): string[] {
|
|
158
220
|
if (contextId === undefined) {
|
|
@@ -162,7 +224,7 @@ export class Records {
|
|
|
162
224
|
);
|
|
163
225
|
}
|
|
164
226
|
|
|
165
|
-
// TODO: issue #683 -Extend key derivation support to include the full contextId (https://github.com/
|
|
227
|
+
// TODO: issue #683 -Extend key derivation support to include the full contextId (https://github.com/enboxorg/enbox/issues/683)
|
|
166
228
|
const firstContextSegment = contextId.split('/')[0];
|
|
167
229
|
|
|
168
230
|
const fullDerivationPath = [
|
|
@@ -198,10 +260,11 @@ export class Records {
|
|
|
198
260
|
* so we will only derive SECP256K1 key without additional conditional checks
|
|
199
261
|
*/
|
|
200
262
|
public static async derivePrivateKey(ancestorPrivateKey: DerivedPrivateJwk, fullDescendantDerivationPath: string[]): Promise<Uint8Array> {
|
|
201
|
-
|
|
263
|
+
const crv = 'crv' in ancestorPrivateKey.derivedPrivateKey ? ancestorPrivateKey.derivedPrivateKey.crv : undefined;
|
|
264
|
+
if (crv !== 'secp256k1') {
|
|
202
265
|
throw new DwnError(
|
|
203
266
|
DwnErrorCode.RecordsDerivePrivateKeyUnSupportedCurve,
|
|
204
|
-
`Curve ${
|
|
267
|
+
`Curve ${crv} is not supported.`
|
|
205
268
|
);
|
|
206
269
|
}
|
|
207
270
|
|
|
@@ -388,7 +451,7 @@ export class Records {
|
|
|
388
451
|
* Passed purely as a performance optimization so we don't have to decode the owner signature payload again.
|
|
389
452
|
*/
|
|
390
453
|
public static async validateDelegatedGrantReferentialIntegrity(
|
|
391
|
-
message: RecordsReadMessage | RecordsQueryMessage | RecordsWriteMessage | RecordsDeleteMessage | RecordsSubscribeMessage,
|
|
454
|
+
message: RecordsCountMessage | RecordsReadMessage | RecordsQueryMessage | RecordsWriteMessage | RecordsDeleteMessage | RecordsSubscribeMessage,
|
|
392
455
|
authorSignaturePayload: GenericSignaturePayload | undefined,
|
|
393
456
|
ownerSignaturePayload?: GenericSignaturePayload | undefined
|
|
394
457
|
): Promise<void> {
|
|
@@ -479,6 +542,32 @@ export class Records {
|
|
|
479
542
|
}
|
|
480
543
|
}
|
|
481
544
|
|
|
545
|
+
/**
|
|
546
|
+
* Convert a `DateSort` value to a `MessageSort` object accepted by the `MessageStore`.
|
|
547
|
+
* Defaults to `messageTimestamp` descending (most recently updated first) when no sort is given.
|
|
548
|
+
*
|
|
549
|
+
* @param dateSort the optional `DateSort` value.
|
|
550
|
+
* @returns a `MessageSort` for `MessageStore` sorting.
|
|
551
|
+
*/
|
|
552
|
+
public static convertDateSort(dateSort?: DateSort): MessageSort {
|
|
553
|
+
switch (dateSort) {
|
|
554
|
+
case DateSort.CreatedAscending:
|
|
555
|
+
return { dateCreated: SortDirection.Ascending };
|
|
556
|
+
case DateSort.CreatedDescending:
|
|
557
|
+
return { dateCreated: SortDirection.Descending };
|
|
558
|
+
case DateSort.PublishedAscending:
|
|
559
|
+
return { datePublished: SortDirection.Ascending };
|
|
560
|
+
case DateSort.PublishedDescending:
|
|
561
|
+
return { datePublished: SortDirection.Descending };
|
|
562
|
+
case DateSort.UpdatedAscending:
|
|
563
|
+
return { messageTimestamp: SortDirection.Ascending };
|
|
564
|
+
case DateSort.UpdatedDescending:
|
|
565
|
+
return { messageTimestamp: SortDirection.Descending };
|
|
566
|
+
default:
|
|
567
|
+
return { messageTimestamp: SortDirection.Descending };
|
|
568
|
+
}
|
|
569
|
+
}
|
|
570
|
+
|
|
482
571
|
/**
|
|
483
572
|
* Determines if signature payload contains a protocolRole and should be authorized as such.
|
|
484
573
|
*/
|
package/src/utils/secp256k1.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { JwkParamsEcPrivate, JwkParamsEcPublic } from '@enbox/crypto';
|
|
2
|
+
import type { PrivateKeyJwk, PublicKeyJwk } from '../types/jose-types.js';
|
|
2
3
|
|
|
3
4
|
import * as secp256k1 from '@noble/secp256k1';
|
|
4
5
|
|
|
@@ -15,8 +16,8 @@ export class Secp256k1 {
|
|
|
15
16
|
* Validates the given JWK is a SECP256K1 key.
|
|
16
17
|
* @throws {Error} if fails validation.
|
|
17
18
|
*/
|
|
18
|
-
public static validateKey(jwk:
|
|
19
|
-
if (jwk.kty !== 'EC' || jwk.crv !== 'secp256k1') {
|
|
19
|
+
public static validateKey(jwk: PrivateKeyJwk | PublicKeyJwk): void {
|
|
20
|
+
if (jwk.kty !== 'EC' || (jwk as JwkParamsEcPublic).crv !== 'secp256k1') {
|
|
20
21
|
throw new DwnError(DwnErrorCode.Secp256k1KeyNotValid, 'Invalid SECP256K1 JWK: `kty` MUST be `EC`. `crv` MUST be `secp256k1`');
|
|
21
22
|
}
|
|
22
23
|
}
|
|
@@ -24,7 +25,7 @@ export class Secp256k1 {
|
|
|
24
25
|
/**
|
|
25
26
|
* Converts a public key in bytes into a JWK.
|
|
26
27
|
*/
|
|
27
|
-
public static async publicKeyToJwk(publicKeyBytes: Uint8Array): Promise<
|
|
28
|
+
public static async publicKeyToJwk(publicKeyBytes: Uint8Array): Promise<PublicKeyJwk> {
|
|
28
29
|
// ensure public key is in uncompressed format so we can convert it into both x and y value
|
|
29
30
|
let uncompressedPublicKeyBytes;
|
|
30
31
|
if (publicKeyBytes.byteLength === 33) {
|
|
@@ -43,7 +44,7 @@ export class Secp256k1 {
|
|
|
43
44
|
const x = Encoder.bytesToBase64Url(uncompressedPublicKeyBytes.subarray(1, 33));
|
|
44
45
|
const y = Encoder.bytesToBase64Url(uncompressedPublicKeyBytes.subarray(33, 65));
|
|
45
46
|
|
|
46
|
-
const publicJwk:
|
|
47
|
+
const publicJwk: PublicKeyJwk = {
|
|
47
48
|
alg : 'ES256K',
|
|
48
49
|
kty : 'EC',
|
|
49
50
|
crv : 'secp256k1',
|
|
@@ -57,21 +58,22 @@ export class Secp256k1 {
|
|
|
57
58
|
/**
|
|
58
59
|
* Converts a private key in bytes into a JWK.
|
|
59
60
|
*/
|
|
60
|
-
public static async privateKeyToJwk(privateKeyBytes: Uint8Array): Promise<
|
|
61
|
+
public static async privateKeyToJwk(privateKeyBytes: Uint8Array): Promise<PrivateKeyJwk> {
|
|
61
62
|
const publicKeyBytes = await Secp256k1.getPublicKey(privateKeyBytes);
|
|
62
63
|
|
|
63
64
|
const jwk = await Secp256k1.publicKeyToJwk(publicKeyBytes);
|
|
64
|
-
(jwk as
|
|
65
|
+
(jwk as JwkParamsEcPrivate).d = Encoder.bytesToBase64Url(privateKeyBytes);
|
|
65
66
|
|
|
66
|
-
return jwk as
|
|
67
|
+
return jwk as PrivateKeyJwk;
|
|
67
68
|
}
|
|
68
69
|
|
|
69
70
|
/**
|
|
70
71
|
* Creates a compressed key in raw bytes from the given SECP256K1 JWK.
|
|
71
72
|
*/
|
|
72
|
-
public static publicJwkToBytes(publicJwk:
|
|
73
|
-
const
|
|
74
|
-
const
|
|
73
|
+
public static publicJwkToBytes(publicJwk: PublicKeyJwk): Uint8Array {
|
|
74
|
+
const ecJwk = publicJwk as JwkParamsEcPublic;
|
|
75
|
+
const x = Encoder.base64UrlToBytes(ecJwk.x);
|
|
76
|
+
const y = Encoder.base64UrlToBytes(ecJwk.y!);
|
|
75
77
|
|
|
76
78
|
return secp256k1.ProjectivePoint.fromAffine({
|
|
77
79
|
x : secp256k1.etc.bytesToNumberBE(x),
|
|
@@ -82,15 +84,15 @@ export class Secp256k1 {
|
|
|
82
84
|
/**
|
|
83
85
|
* Creates a private key in raw bytes from the given SECP256K1 JWK.
|
|
84
86
|
*/
|
|
85
|
-
public static privateJwkToBytes(privateJwk:
|
|
86
|
-
const privateKey = Encoder.base64UrlToBytes(privateJwk.d);
|
|
87
|
+
public static privateJwkToBytes(privateJwk: PrivateKeyJwk): Uint8Array {
|
|
88
|
+
const privateKey = Encoder.base64UrlToBytes((privateJwk as JwkParamsEcPrivate).d);
|
|
87
89
|
return privateKey;
|
|
88
90
|
}
|
|
89
91
|
|
|
90
92
|
/**
|
|
91
93
|
* Signs the provided content using the provided JWK.
|
|
92
94
|
*/
|
|
93
|
-
public static async sign(content: Uint8Array, privateJwk:
|
|
95
|
+
public static async sign(content: Uint8Array, privateJwk: PrivateKeyJwk): Promise<Uint8Array> {
|
|
94
96
|
Secp256k1.validateKey(privateJwk);
|
|
95
97
|
|
|
96
98
|
// the underlying lib expects us to hash the content ourselves:
|
|
@@ -105,7 +107,7 @@ export class Secp256k1 {
|
|
|
105
107
|
* Verifies a signature against the provided payload hash and public key.
|
|
106
108
|
* @returns a boolean indicating whether the signature is valid.
|
|
107
109
|
*/
|
|
108
|
-
public static async verify(content: Uint8Array, signature: Uint8Array, publicJwk:
|
|
110
|
+
public static async verify(content: Uint8Array, signature: Uint8Array, publicJwk: PublicKeyJwk): Promise<boolean> {
|
|
109
111
|
Secp256k1.validateKey(publicJwk);
|
|
110
112
|
|
|
111
113
|
const publicKeyBytes = Secp256k1.publicJwkToBytes(publicJwk);
|
|
@@ -116,13 +118,13 @@ export class Secp256k1 {
|
|
|
116
118
|
/**
|
|
117
119
|
* Generates a random key pair in JWK format.
|
|
118
120
|
*/
|
|
119
|
-
public static async generateKeyPair(): Promise<{publicJwk:
|
|
121
|
+
public static async generateKeyPair(): Promise<{publicJwk: PublicKeyJwk, privateJwk: PrivateKeyJwk}> {
|
|
120
122
|
const privateKeyBytes = secp256k1.utils.randomPrivateKey();
|
|
121
123
|
const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, false); // `false` = uncompressed
|
|
122
124
|
|
|
123
125
|
const d = Encoder.bytesToBase64Url(privateKeyBytes);
|
|
124
|
-
const publicJwk:
|
|
125
|
-
const privateJwk:
|
|
126
|
+
const publicJwk: PublicKeyJwk = await Secp256k1.publicKeyToJwk(publicKeyBytes);
|
|
127
|
+
const privateJwk: PrivateKeyJwk = { ...publicJwk, d };
|
|
126
128
|
|
|
127
129
|
return { publicJwk, privateJwk };
|
|
128
130
|
}
|
|
@@ -148,10 +150,10 @@ export class Secp256k1 {
|
|
|
148
150
|
/**
|
|
149
151
|
* Gets the public JWK of the given private JWK.
|
|
150
152
|
*/
|
|
151
|
-
public static async getPublicJwk(privateKeyJwk:
|
|
153
|
+
public static async getPublicJwk(privateKeyJwk: PrivateKeyJwk): Promise<PublicKeyJwk> {
|
|
152
154
|
// strip away `d`
|
|
153
|
-
const { d: _d, ...publicKey } = privateKeyJwk;
|
|
154
|
-
return publicKey;
|
|
155
|
+
const { d: _d, ...publicKey } = privateKeyJwk as JwkParamsEcPrivate;
|
|
156
|
+
return publicKey as PublicKeyJwk;
|
|
155
157
|
}
|
|
156
158
|
}
|
|
157
159
|
|
package/src/utils/secp256r1.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { JwkParamsEcPrivate, JwkParamsEcPublic } from '@enbox/crypto';
|
|
2
|
+
import type { PrivateKeyJwk, PublicKeyJwk } from '../types/jose-types.js';
|
|
2
3
|
|
|
3
4
|
import { p256, secp256r1 } from '@noble/curves/p256';
|
|
4
5
|
|
|
@@ -17,8 +18,8 @@ export class Secp256r1 {
|
|
|
17
18
|
* Validates the given JWK is a SECP256R1 key.
|
|
18
19
|
* @throws {Error} if fails validation.
|
|
19
20
|
*/
|
|
20
|
-
public static validateKey(jwk:
|
|
21
|
-
if (jwk.kty !== 'EC' || jwk.crv !== 'P-256') {
|
|
21
|
+
public static validateKey(jwk: PrivateKeyJwk | PublicKeyJwk): void {
|
|
22
|
+
if (jwk.kty !== 'EC' || (jwk as JwkParamsEcPublic).crv !== 'P-256') {
|
|
22
23
|
throw new DwnError(
|
|
23
24
|
DwnErrorCode.Secp256r1KeyNotValid,
|
|
24
25
|
'Invalid SECP256R1 JWK: `kty` MUST be `EC`. `crv` MUST be `P-256`'
|
|
@@ -31,7 +32,7 @@ export class Secp256r1 {
|
|
|
31
32
|
*/
|
|
32
33
|
public static async publicKeyToJwk(
|
|
33
34
|
publicKeyBytes: Uint8Array
|
|
34
|
-
): Promise<
|
|
35
|
+
): Promise<PublicKeyJwk> {
|
|
35
36
|
// ensure public key is in uncompressed format so we can convert it into both x and y value
|
|
36
37
|
let uncompressedPublicKeyBytes;
|
|
37
38
|
if (publicKeyBytes.byteLength === 33) {
|
|
@@ -54,7 +55,7 @@ export class Secp256r1 {
|
|
|
54
55
|
uncompressedPublicKeyBytes.subarray(33, 65)
|
|
55
56
|
);
|
|
56
57
|
|
|
57
|
-
const publicJwk:
|
|
58
|
+
const publicJwk: PublicKeyJwk = {
|
|
58
59
|
alg : 'ES256',
|
|
59
60
|
kty : 'EC',
|
|
60
61
|
crv : 'P-256',
|
|
@@ -68,8 +69,8 @@ export class Secp256r1 {
|
|
|
68
69
|
/**
|
|
69
70
|
* Creates a private key in raw bytes from the given SECP256R1 JWK.
|
|
70
71
|
*/
|
|
71
|
-
public static privateJwkToBytes(privateJwk:
|
|
72
|
-
const privateKey = Encoder.base64UrlToBytes(privateJwk.d);
|
|
72
|
+
public static privateJwkToBytes(privateJwk: PrivateKeyJwk): Uint8Array {
|
|
73
|
+
const privateKey = Encoder.base64UrlToBytes((privateJwk as JwkParamsEcPrivate).d);
|
|
73
74
|
return privateKey;
|
|
74
75
|
}
|
|
75
76
|
|
|
@@ -79,7 +80,7 @@ export class Secp256r1 {
|
|
|
79
80
|
*/
|
|
80
81
|
public static async sign(
|
|
81
82
|
content: Uint8Array,
|
|
82
|
-
privateJwk:
|
|
83
|
+
privateJwk: PrivateKeyJwk
|
|
83
84
|
): Promise<Uint8Array> {
|
|
84
85
|
Secp256r1.validateKey(privateJwk);
|
|
85
86
|
|
|
@@ -99,7 +100,7 @@ export class Secp256r1 {
|
|
|
99
100
|
public static async verify(
|
|
100
101
|
content: Uint8Array,
|
|
101
102
|
signature: Uint8Array,
|
|
102
|
-
publicJwk:
|
|
103
|
+
publicJwk: PublicKeyJwk
|
|
103
104
|
): Promise<boolean> {
|
|
104
105
|
Secp256r1.validateKey(publicJwk);
|
|
105
106
|
|
|
@@ -111,9 +112,10 @@ export class Secp256r1 {
|
|
|
111
112
|
sig = p256.Signature.fromDER(signature);
|
|
112
113
|
}
|
|
113
114
|
const hashedContent = await sha256.encode(content);
|
|
115
|
+
const ecJwk = publicJwk as JwkParamsEcPublic;
|
|
114
116
|
const keyBytes = p256.ProjectivePoint.fromAffine({
|
|
115
|
-
x : Secp256r1.bytesToBigInt(Encoder.base64UrlToBytes(
|
|
116
|
-
y : Secp256r1.bytesToBigInt(Encoder.base64UrlToBytes(
|
|
117
|
+
x : Secp256r1.bytesToBigInt(Encoder.base64UrlToBytes(ecJwk.x)),
|
|
118
|
+
y : Secp256r1.bytesToBigInt(Encoder.base64UrlToBytes(ecJwk.y!)),
|
|
117
119
|
}).toRawBytes(false);
|
|
118
120
|
|
|
119
121
|
return p256.verify(sig, hashedContent, keyBytes);
|
|
@@ -123,15 +125,15 @@ export class Secp256r1 {
|
|
|
123
125
|
* Generates a random key pair in JWK format.
|
|
124
126
|
*/
|
|
125
127
|
public static async generateKeyPair(): Promise<{
|
|
126
|
-
publicJwk:
|
|
127
|
-
privateJwk:
|
|
128
|
+
publicJwk: PublicKeyJwk;
|
|
129
|
+
privateJwk: PrivateKeyJwk;
|
|
128
130
|
}> {
|
|
129
131
|
const privateKeyBytes = p256.utils.randomPrivateKey();
|
|
130
132
|
const publicKeyBytes = secp256r1.getPublicKey(privateKeyBytes, false); // `false` = uncompressed
|
|
131
133
|
|
|
132
134
|
const d = Encoder.bytesToBase64Url(privateKeyBytes);
|
|
133
|
-
const publicJwk:
|
|
134
|
-
const privateJwk:
|
|
135
|
+
const publicJwk: PublicKeyJwk = await Secp256r1.publicKeyToJwk(publicKeyBytes);
|
|
136
|
+
const privateJwk: PrivateKeyJwk = { ...publicJwk, d };
|
|
135
137
|
|
|
136
138
|
return { publicJwk, privateJwk };
|
|
137
139
|
}
|
package/src/utils/time.ts
CHANGED
|
@@ -16,7 +16,7 @@ export class Time {
|
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
18
|
* We must sleep for at least 2ms to avoid timestamp collisions during testing.
|
|
19
|
-
* https://github.com/
|
|
19
|
+
* https://github.com/enboxorg/enbox/issues/481
|
|
20
20
|
*/
|
|
21
21
|
public static async minimalSleep(): Promise<void> {
|
|
22
22
|
await Time.sleep(2);
|
package/src/utils/url.ts
CHANGED
|
@@ -51,7 +51,7 @@ function normalizeUrl(url: string): string {
|
|
|
51
51
|
result.search = '';
|
|
52
52
|
result.hash = '';
|
|
53
53
|
return removeTrailingSlash(result.href);
|
|
54
|
-
} catch
|
|
54
|
+
} catch {
|
|
55
55
|
throw new DwnError(DwnErrorCode.UrlProtocolNotNormalizable, 'Could not normalize protocol URI');
|
|
56
56
|
}
|
|
57
57
|
}
|