@icure/api 8.0.24 → 8.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/icc-x-api/crypto/AES.d.ts +54 -2
  2. package/icc-x-api/crypto/AES.js +5 -5
  3. package/icc-x-api/crypto/AES.js.map +1 -1
  4. package/icc-x-api/crypto/CryptoPrimitives.d.ts +21 -12
  5. package/icc-x-api/crypto/CryptoPrimitives.js +8 -19
  6. package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -1
  7. package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
  8. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
  9. package/icc-x-api/crypto/HMACUtils.d.ts +8 -1
  10. package/icc-x-api/crypto/HMACUtils.js +3 -3
  11. package/icc-x-api/crypto/HMACUtils.js.map +1 -1
  12. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.d.ts +113 -0
  13. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js +477 -0
  14. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js.map +1 -0
  15. package/icc-x-api/crypto/RSA.d.ts +107 -4
  16. package/icc-x-api/crypto/RSA.js +4 -4
  17. package/icc-x-api/crypto/RSA.js.map +1 -1
  18. package/icc-x-api/crypto/shamir.d.ts +7 -3
  19. package/icc-x-api/crypto/shamir.js +14 -5
  20. package/icc-x-api/crypto/shamir.js.map +1 -1
  21. package/icc-x-api/index.d.ts +4 -2
  22. package/icc-x-api/index.js +5 -3
  23. package/icc-x-api/index.js.map +1 -1
  24. package/package.json +1 -1
  25. package/test/icc-api/api/IccMedicalLocationApi.js +6 -6
  26. package/test/icc-api/api/IccMedicalLocationApi.js.map +1 -1
  27. package/test/icc-x-api/crud/comprehensive-crud-test.js +1 -1
  28. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -1
  29. package/test/icc-x-api/crud/entities-crud-test-interface.js +1 -0
  30. package/test/icc-x-api/crud/entities-crud-test-interface.js.map +1 -1
  31. package/test/icc-x-api/crypto/anonymous-delegations-test.js +1 -2
  32. package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +1 -1
  33. package/test/icc-x-api/crypto/crypto-utils.js +1 -2
  34. package/test/icc-x-api/crypto/crypto-utils.js.map +1 -1
  35. package/test/icc-x-api/crypto/exchange-data-manager-test.js +1 -1
  36. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -1
  37. package/test/icc-x-api/crypto/full-crypto-test.js +1 -2
  38. package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -1
  39. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +1 -1
  40. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -1
  41. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js +2 -2
  42. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js.map +1 -1
  43. package/test/icc-x-api/crypto/shamir.js +6 -7
  44. package/test/icc-x-api/crypto/shamir.js.map +1 -1
  45. package/test/icc-x-api/crypto/signature-keys-manager-test.js +1 -1
  46. package/test/icc-x-api/crypto/signature-keys-manager-test.js.map +1 -1
  47. package/test/icc-x-api/icc-maintenance-task-x-api-test.js +3 -2
  48. package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +1 -1
  49. package/test/icc-x-api/icc-user-x-api-test.js +1 -1
  50. package/test/icc-x-api/icc-user-x-api-test.js.map +1 -1
  51. package/test/icc-x-api/patient-user.js +1 -2
  52. package/test/icc-x-api/patient-user.js.map +1 -1
  53. package/test/icc-x-api/test-legacy-data-support.js +2 -3
  54. package/test/icc-x-api/test-legacy-data-support.js.map +1 -1
  55. package/test/utils/FakeDataOwnerApi.js +1 -1
  56. package/test/utils/FakeDataOwnerApi.js.map +1 -1
  57. package/test/utils/FakeGenericApi.js +1 -1
  58. package/test/utils/FakeGenericApi.js.map +1 -1
  59. package/test/utils/TestApi.js +1 -1
  60. package/test/utils/TestApi.js.map +1 -1
  61. package/test/utils/TestCryptoStrategies.js +1 -1
  62. package/test/utils/TestCryptoStrategies.js.map +1 -1
  63. package/test/utils/test_utils.js +6 -6
  64. package/test/utils/test_utils.js.map +1 -1
  65. package/test/icc-api/api/IccArticleApi.d.ts +0 -1
  66. package/test/icc-api/api/IccArticleApi.js +0 -64
  67. package/test/icc-api/api/IccArticleApi.js.map +0 -1
@@ -0,0 +1,477 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.NativeCryptoPrimitivesBridge = void 0;
13
+ const shamir_1 = require("./shamir");
14
+ const utils_1 = require("../utils");
15
+ const crypto_1 = require("crypto");
16
+ /**
17
+ * Allows to use the expo-kryptom module as crypto primitives. This is necessary when building expo (react native) apps.
18
+ */
19
+ class NativeCryptoPrimitivesBridge {
20
+ constructor(expoKryptomModule) {
21
+ this.strongRandom = expoKryptomModule.StrongRandom;
22
+ this.digest = expoKryptomModule.Digest;
23
+ this.shamir = new StrongRandomShamir(this.strongRandom);
24
+ this.AES = new NativeAesBridge(expoKryptomModule.Aes, this.strongRandom);
25
+ this.HMAC = new NativeHmacBridge(expoKryptomModule.Hmac);
26
+ this.RSA = new NativeRsaBridge(expoKryptomModule.Rsa);
27
+ }
28
+ randomBytes(n) {
29
+ return this.strongRandom.randomBytes(n);
30
+ }
31
+ randomUuid() {
32
+ return this.strongRandom.randomUUID();
33
+ }
34
+ sha256(data) {
35
+ return __awaiter(this, void 0, void 0, function* () {
36
+ return yield this.digest.sha256(data instanceof ArrayBuffer ? new Uint8Array(data) : data);
37
+ });
38
+ }
39
+ }
40
+ exports.NativeCryptoPrimitivesBridge = NativeCryptoPrimitivesBridge;
41
+ class StrongRandomShamir extends shamir_1.ShamirClass {
42
+ constructor(strongRandom) {
43
+ super();
44
+ this.strongRandom = strongRandom;
45
+ }
46
+ fillRandom(arr) {
47
+ const random = this.strongRandom.randomBytes(arr.byteLength);
48
+ // Note that the new Uint32Array does not copy the random array
49
+ arr.set(new Uint32Array(random.buffer));
50
+ }
51
+ }
52
+ class NativeAesBridge {
53
+ constructor(aes, random) {
54
+ this.aes = aes;
55
+ this.random = random;
56
+ }
57
+ decrypt(cryptoKey, encryptedData) {
58
+ return __awaiter(this, void 0, void 0, function* () {
59
+ return yield this.aes.decrypt(new Uint8Array(encryptedData), getKryptomKey(cryptoKey));
60
+ });
61
+ }
62
+ decryptSome(cryptoKeys, uint8Array) {
63
+ try {
64
+ return this.decrypt(cryptoKeys[0], uint8Array);
65
+ }
66
+ catch (e) {
67
+ if (cryptoKeys.length > 1) {
68
+ return this.decryptSome(cryptoKeys.slice(1), uint8Array);
69
+ }
70
+ else {
71
+ throw e;
72
+ }
73
+ }
74
+ }
75
+ decryptWithRawKey(rawKey, plainData) {
76
+ return __awaiter(this, void 0, void 0, function* () {
77
+ const imported = yield this.importKey('raw', (0, utils_1.hex2ua)(rawKey));
78
+ return this.decrypt(imported, plainData);
79
+ });
80
+ }
81
+ encrypt(cryptoKey, plainData) {
82
+ return __awaiter(this, void 0, void 0, function* () {
83
+ return yield this.aes.encrypt(new Uint8Array(plainData), getKryptomKey(cryptoKey), null);
84
+ });
85
+ }
86
+ encryptWithRawKey(rawKey, plainData) {
87
+ return __awaiter(this, void 0, void 0, function* () {
88
+ const imported = yield this.importKey('raw', (0, utils_1.hex2ua)(rawKey));
89
+ return this.encrypt(imported, plainData);
90
+ });
91
+ }
92
+ exportKey(cryptoKey, format) {
93
+ return __awaiter(this, void 0, void 0, function* () {
94
+ const rawKey = yield this.aes.exportRawKey(getKryptomKey(cryptoKey));
95
+ if (format == 'raw')
96
+ return rawKey;
97
+ return {
98
+ kty: 'oct',
99
+ alg: rawKey.byteLength == 32 ? 'A256CBC' : 'A128CBC',
100
+ ext: true,
101
+ key_ops: ['encrypt', 'decrypt'],
102
+ k: (0, utils_1.ua2b64)(rawKey).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'),
103
+ };
104
+ });
105
+ }
106
+ generateCryptoKey(toHex) {
107
+ return __awaiter(this, void 0, void 0, function* () {
108
+ if (toHex) {
109
+ return Promise.resolve((0, utils_1.ua2hex)(this.random.randomBytes(32)));
110
+ }
111
+ else {
112
+ const aesKey = yield this.aes.generateKey(AesAlgorithm.AesCbcPkcs7, 256);
113
+ return new AesCryptoKey(aesKey, 256);
114
+ }
115
+ });
116
+ }
117
+ generateIV(ivByteLength) {
118
+ return (0, crypto_1.randomBytes)(ivByteLength);
119
+ }
120
+ importKey(format, aesKey) {
121
+ var _a, _b;
122
+ return __awaiter(this, void 0, void 0, function* () {
123
+ let keyBytes;
124
+ if (format === 'jwk') {
125
+ if (aesKey.kty !== 'oct' ||
126
+ (aesKey.alg !== 'A256CBC' && aesKey.alg !== 'A128CBC') ||
127
+ !aesKey.ext ||
128
+ !((_a = aesKey.key_ops) === null || _a === void 0 ? void 0 : _a.includes('encrypt')) ||
129
+ !((_b = aesKey.key_ops) === null || _b === void 0 ? void 0 : _b.includes('decrypt')) ||
130
+ !aesKey.k) {
131
+ throw new Error('Invalid JWK - must have kty=oct, alg=(A256CBC||A128CBC), ext=true, key_ops=[encrypt, decrypt], and must have non-empty k field');
132
+ }
133
+ // b64_2ua works also with url-safe base64
134
+ keyBytes = new Uint8Array((0, utils_1.b64_2ua)(aesKey.k));
135
+ }
136
+ else if (format === 'raw') {
137
+ if (aesKey instanceof ArrayBuffer && !ArrayBuffer.isView(aesKey))
138
+ throw new Error("aesKey must be an ArrayBuffer or an ArrayBufferView when format is 'raw'");
139
+ keyBytes = new Uint8Array(aesKey);
140
+ }
141
+ else
142
+ throw new Error(`Invalid format ${format}`);
143
+ const imported = yield this.aes.importRawKey(keyBytes, AesAlgorithm.AesCbcPkcs7);
144
+ return new AesCryptoKey(imported, keyBytes.length);
145
+ });
146
+ }
147
+ }
148
+ function getKryptomKey(cryptoKey) {
149
+ if ('kryptomKey' in cryptoKey) {
150
+ return cryptoKey.kryptomKey;
151
+ }
152
+ else
153
+ throw new Error('Invalid crypto key: only crypto keys generated or loaded with this implementation of crypto primitives are supported');
154
+ }
155
+ class AesCryptoKey {
156
+ constructor(kryptomKey, size) {
157
+ this.kryptomKey = kryptomKey;
158
+ this.size = size;
159
+ }
160
+ get algorithm() {
161
+ return { name: 'AES-CBC', length: this.size };
162
+ }
163
+ get extractable() {
164
+ return true;
165
+ }
166
+ get type() {
167
+ return 'secret';
168
+ }
169
+ get usages() {
170
+ return ['encrypt', 'decrypt'];
171
+ }
172
+ toJSON() {
173
+ return {};
174
+ }
175
+ }
176
+ class NativeHmacBridge {
177
+ constructor(hmac) {
178
+ this.hmac = hmac;
179
+ }
180
+ exportKey(key) {
181
+ return __awaiter(this, void 0, void 0, function* () {
182
+ return yield this.hmac.exportRawKey(getKryptomKey(key));
183
+ });
184
+ }
185
+ generateKey() {
186
+ return __awaiter(this, void 0, void 0, function* () {
187
+ const kryptomKey = yield this.hmac.generateKey(HmacAlgorithm.HmacSha512);
188
+ return new HmacCryptoKey(kryptomKey);
189
+ });
190
+ }
191
+ importKey(key) {
192
+ return __awaiter(this, void 0, void 0, function* () {
193
+ const kryptomKey = yield this.hmac.importRawKey(new Uint8Array(key), HmacAlgorithm.HmacSha512);
194
+ return new HmacCryptoKey(kryptomKey);
195
+ });
196
+ }
197
+ sign(key, data) {
198
+ return __awaiter(this, void 0, void 0, function* () {
199
+ return yield this.hmac.sign(new Uint8Array(data), getKryptomKey(key));
200
+ });
201
+ }
202
+ verify(key, data, signature) {
203
+ return __awaiter(this, void 0, void 0, function* () {
204
+ return yield this.hmac.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(key));
205
+ });
206
+ }
207
+ }
208
+ class HmacCryptoKey {
209
+ constructor(kryptomKey) {
210
+ this.kryptomKey = kryptomKey;
211
+ }
212
+ get algorithm() {
213
+ return { name: 'HMAC', hash: { name: 'SHA-512' }, length: 1024 };
214
+ }
215
+ get extractable() {
216
+ return true;
217
+ }
218
+ get type() {
219
+ return 'secret';
220
+ }
221
+ get usages() {
222
+ return ['sign', 'verify'];
223
+ }
224
+ toJSON() {
225
+ return {};
226
+ }
227
+ }
228
+ class NativeRsaBridge {
229
+ constructor(rsa) {
230
+ this.rsa = rsa;
231
+ }
232
+ checkKeyPairValidity(keyPair) {
233
+ return __awaiter(this, void 0, void 0, function* () {
234
+ try {
235
+ const text = 'shibboleth';
236
+ const encryptedText = yield this.encrypt(keyPair.publicKey, (0, utils_1.utf8_2ua)(text));
237
+ const decryptedText = (0, utils_1.ua2utf8)(yield this.decrypt(keyPair.privateKey, new Uint8Array(encryptedText)));
238
+ return decryptedText === text;
239
+ }
240
+ catch (e) {
241
+ return false;
242
+ }
243
+ });
244
+ }
245
+ decrypt(privateKey, encryptedData) {
246
+ return __awaiter(this, void 0, void 0, function* () {
247
+ return yield this.rsa.decrypt(encryptedData, getKryptomKey(privateKey));
248
+ });
249
+ }
250
+ encrypt(publicKey, plainData) {
251
+ return __awaiter(this, void 0, void 0, function* () {
252
+ return yield this.rsa.encrypt(plainData, getKryptomKey(publicKey));
253
+ });
254
+ }
255
+ exportKey(cryptoKey, format) {
256
+ return __awaiter(this, void 0, void 0, function* () {
257
+ if (format === 'jwk') {
258
+ if (cryptoKey.type === 'private') {
259
+ return yield this.rsa.exportPrivateKeyJwk(getKryptomKey(cryptoKey));
260
+ }
261
+ else {
262
+ return yield this.rsa.exportPublicKeyJwk(getKryptomKey(cryptoKey));
263
+ }
264
+ }
265
+ else if (format === 'spki') {
266
+ return yield this.rsa.exportPrivateKeyPkcs8(getKryptomKey(cryptoKey));
267
+ }
268
+ else if (format === 'pkcs8') {
269
+ return yield this.rsa.exportPublicKeySpki(getKryptomKey(cryptoKey));
270
+ }
271
+ else
272
+ throw new Error(`Invalid format ${format}`);
273
+ });
274
+ }
275
+ exportKeys(keyPair, privKeyFormat, pubKeyFormat) {
276
+ return __awaiter(this, void 0, void 0, function* () {
277
+ let privateKey;
278
+ if (privKeyFormat === 'jwk') {
279
+ privateKey = yield this.rsa.exportPrivateKeyJwk(getKryptomKey(keyPair.privateKey));
280
+ }
281
+ else {
282
+ privateKey = yield this.rsa.exportPrivateKeyPkcs8(getKryptomKey(keyPair.privateKey));
283
+ }
284
+ let publicKey;
285
+ if (pubKeyFormat === 'jwk') {
286
+ publicKey = yield this.rsa.exportPublicKeyJwk(getKryptomKey(keyPair.publicKey));
287
+ }
288
+ else {
289
+ publicKey = yield this.rsa.exportPublicKeySpki(getKryptomKey(keyPair.publicKey));
290
+ }
291
+ return { privateKey, publicKey };
292
+ });
293
+ }
294
+ generateKeyPair(shaVersion) {
295
+ return __awaiter(this, void 0, void 0, function* () {
296
+ const generated = yield this.rsa.generateKey(this.kryptomAlgorithm(shaVersion), 2048);
297
+ // In expo-kryptom a private keys and public keys are supertypes of keypair.
298
+ return {
299
+ privateKey: new PrivateRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),
300
+ publicKey: new PublicRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),
301
+ };
302
+ });
303
+ }
304
+ generateSignatureKeyPair() {
305
+ return __awaiter(this, void 0, void 0, function* () {
306
+ const generated = yield this.rsa.generateKey(RsaSignatureAlgorithm.PssWithSha256, 2048);
307
+ return {
308
+ privateKey: new PrivateRsaCryptoKey(generated, this.signatureKeysAlgorithm()),
309
+ publicKey: new PublicRsaCryptoKey(generated, this.signatureKeysAlgorithm()),
310
+ };
311
+ });
312
+ }
313
+ importKey(format, keydata, keyUsages, hashAlgorithm) {
314
+ if (keyUsages[0] == 'encrypt' && (format == 'jwk' || format == 'spki')) {
315
+ return this.importPublicKey(format, keydata, hashAlgorithm);
316
+ }
317
+ else if (keyUsages[0] == 'decrypt' && (format == 'jwk' || format == 'pkcs8')) {
318
+ return this.importPrivateKey(format, keydata, hashAlgorithm);
319
+ }
320
+ else
321
+ throw new Error(`Combination of key usages and key format not supported: ${keyUsages} ${format}`);
322
+ }
323
+ importKeyPair(privateKeyFormat, privateKeydata, publicKeyFormat, publicKeyData, hashAlgorithm) {
324
+ return __awaiter(this, void 0, void 0, function* () {
325
+ let importedPrivate;
326
+ let importedPublic;
327
+ const algorithm = this.kryptomAlgorithm(hashAlgorithm);
328
+ if (privateKeyFormat == 'jwk') {
329
+ importedPrivate = yield this.rsa.importPrivateKeyJwk(privateKeydata, algorithm);
330
+ }
331
+ else {
332
+ importedPrivate = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(privateKeydata), algorithm);
333
+ }
334
+ if (publicKeyFormat == 'jwk') {
335
+ importedPublic = yield this.rsa.importPublicKeyJwk(publicKeyData, algorithm);
336
+ }
337
+ else {
338
+ importedPublic = yield this.rsa.importPublicKeySpki(new Uint8Array(publicKeyData), algorithm);
339
+ }
340
+ return {
341
+ privateKey: new PrivateRsaCryptoKey(importedPrivate, this.encryptionKeysAlgorithm(hashAlgorithm)),
342
+ publicKey: new PublicRsaCryptoKey(importedPublic, this.encryptionKeysAlgorithm(hashAlgorithm)),
343
+ };
344
+ });
345
+ }
346
+ importPrivateKey(format, keydata, hashAlgorithm) {
347
+ return __awaiter(this, void 0, void 0, function* () {
348
+ let imported;
349
+ if (format == 'jwk') {
350
+ imported = yield this.rsa.importPrivateKeyJwk(keydata, this.kryptomAlgorithm(hashAlgorithm));
351
+ }
352
+ else {
353
+ imported = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata), this.kryptomAlgorithm(hashAlgorithm));
354
+ }
355
+ return new PrivateRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm));
356
+ });
357
+ }
358
+ importPublicKey(format, keydata, hashAlgorithm) {
359
+ return __awaiter(this, void 0, void 0, function* () {
360
+ let imported;
361
+ if (format == 'jwk') {
362
+ imported = yield this.rsa.importPublicKeyJwk(keydata, this.kryptomAlgorithm(hashAlgorithm));
363
+ }
364
+ else {
365
+ imported = yield this.rsa.importPublicKeySpki(new Uint8Array(keydata), this.kryptomAlgorithm(hashAlgorithm));
366
+ }
367
+ return new PublicRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm));
368
+ });
369
+ }
370
+ importSignatureKey(format, keydata) {
371
+ return __awaiter(this, void 0, void 0, function* () {
372
+ let importedKey;
373
+ if (format == 'jwk') {
374
+ importedKey = yield this.rsa.importPrivateKeyJwk(keydata, RsaSignatureAlgorithm.PssWithSha256);
375
+ }
376
+ else {
377
+ importedKey = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata), RsaSignatureAlgorithm.PssWithSha256);
378
+ }
379
+ return new PrivateRsaCryptoKey(importedKey, this.signatureKeysAlgorithm());
380
+ });
381
+ }
382
+ importVerificationKey(format, keydata) {
383
+ return __awaiter(this, void 0, void 0, function* () {
384
+ let importedKey;
385
+ if (format == 'jwk') {
386
+ importedKey = yield this.rsa.importPublicKeyJwk(keydata, RsaSignatureAlgorithm.PssWithSha256);
387
+ }
388
+ else {
389
+ importedKey = yield this.rsa.importPublicKeySpki(new Uint8Array(keydata), RsaSignatureAlgorithm.PssWithSha256);
390
+ }
391
+ return new PublicRsaCryptoKey(importedKey, this.signatureKeysAlgorithm());
392
+ });
393
+ }
394
+ sign(privateKey, data) {
395
+ return __awaiter(this, void 0, void 0, function* () {
396
+ return yield this.rsa.signature(new Uint8Array(data), getKryptomKey(privateKey));
397
+ });
398
+ }
399
+ verifySignature(publicKey, signature, data) {
400
+ return __awaiter(this, void 0, void 0, function* () {
401
+ return yield this.rsa.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(publicKey));
402
+ });
403
+ }
404
+ kryptomAlgorithm(shaVersion) {
405
+ return shaVersion == 'sha-256' ? RsaEncryptionAlgorithm.OaepWithSha256 : RsaEncryptionAlgorithm.OaepWithSha1;
406
+ }
407
+ encryptionKeysAlgorithm(shaVersion) {
408
+ return {
409
+ name: 'RSA-OAEP',
410
+ modulusLength: 2048,
411
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
412
+ hash: { name: shaVersion == 'sha-256' ? 'SHA-256' : 'SHA-1' },
413
+ };
414
+ }
415
+ signatureKeysAlgorithm() {
416
+ return {
417
+ name: 'RSA-PSS',
418
+ modulusLength: 2048,
419
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
420
+ hash: { name: 'SHA-256' },
421
+ };
422
+ }
423
+ }
424
+ class PrivateRsaCryptoKey {
425
+ constructor(kryptomKey, algorithm) {
426
+ this.kryptomKey = kryptomKey;
427
+ this.algorithm = algorithm;
428
+ }
429
+ get extractable() {
430
+ return true;
431
+ }
432
+ get type() {
433
+ return 'private';
434
+ }
435
+ get usages() {
436
+ return this.algorithm.name != 'RSA-PSS' ? ['decrypt'] : ['sign'];
437
+ }
438
+ toJSON() {
439
+ return {};
440
+ }
441
+ }
442
+ class PublicRsaCryptoKey {
443
+ constructor(kryptomKey, algorithm) {
444
+ this.kryptomKey = kryptomKey;
445
+ this.algorithm = algorithm;
446
+ }
447
+ get extractable() {
448
+ return true;
449
+ }
450
+ get type() {
451
+ return 'public';
452
+ }
453
+ get usages() {
454
+ return this.algorithm.name != 'RSA-PSS' ? ['encrypt'] : ['verify'];
455
+ }
456
+ toJSON() {
457
+ return {};
458
+ }
459
+ }
460
+ var AesAlgorithm;
461
+ (function (AesAlgorithm) {
462
+ AesAlgorithm["AesCbcPkcs7"] = "AesCbcPkcs7";
463
+ })(AesAlgorithm || (AesAlgorithm = {}));
464
+ var RsaEncryptionAlgorithm;
465
+ (function (RsaEncryptionAlgorithm) {
466
+ RsaEncryptionAlgorithm["OaepWithSha1"] = "OaepWithSha1";
467
+ RsaEncryptionAlgorithm["OaepWithSha256"] = "OaepWithSha256";
468
+ })(RsaEncryptionAlgorithm || (RsaEncryptionAlgorithm = {}));
469
+ var RsaSignatureAlgorithm;
470
+ (function (RsaSignatureAlgorithm) {
471
+ RsaSignatureAlgorithm["PssWithSha256"] = "PssWithSha256";
472
+ })(RsaSignatureAlgorithm || (RsaSignatureAlgorithm = {}));
473
+ var HmacAlgorithm;
474
+ (function (HmacAlgorithm) {
475
+ HmacAlgorithm["HmacSha512"] = "HmacSha512";
476
+ })(HmacAlgorithm || (HmacAlgorithm = {}));
477
+ //# sourceMappingURL=NativeCryptoPrimitivesBridge.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"NativeCryptoPrimitivesBridge.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/NativeCryptoPrimitivesBridge.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,qCAAsC;AAGtC,oCAA6E;AAC7E,mCAAoC;AAEpC;;GAEG;AACH,MAAa,4BAA4B;IACvC,YAAY,iBAAoI;QAC9I,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC,YAAY,CAAA;QAClD,IAAI,CAAC,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAA;QACtC,IAAI,CAAC,MAAM,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvD,IAAI,CAAC,GAAG,GAAG,IAAI,eAAe,CAAC,iBAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAA;QACxE,IAAI,CAAC,IAAI,GAAG,IAAI,gBAAgB,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,GAAG,GAAG,IAAI,eAAe,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;IACvD,CAAC;IASD,WAAW,CAAC,CAAS;QACnB,OAAO,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC,CAAA;IACzC,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAA;IACvC,CAAC;IAEK,MAAM,CAAC,IAA8B;;YACzC,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,YAAY,WAAW,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QAC5F,CAAC;KAAA;CACF;AA5BD,oEA4BC;AAED,MAAM,kBAAmB,SAAQ,oBAAW;IAC1C,YAA6B,YAAiC;QAC5D,KAAK,EAAE,CAAA;QADoB,iBAAY,GAAZ,YAAY,CAAqB;IAE9D,CAAC;IAES,UAAU,CAAC,GAAgB;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QAC5D,+DAA+D;QAC/D,GAAG,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IACzC,CAAC;CACF;AAED,MAAM,eAAe;IACnB,YAA6B,GAAe,EAAmB,MAA2B;QAA7D,QAAG,GAAH,GAAG,CAAY;QAAmB,WAAM,GAAN,MAAM,CAAqB;IAAG,CAAC;IAExF,OAAO,CAAC,SAAoB,EAAE,aAAuC;;YACzE,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;QACxF,CAAC;KAAA;IAED,WAAW,CAAC,UAAuB,EAAE,UAAsB;QACzD,IAAI;YACF,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;SAC/C;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzB,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;aACzD;iBAAM;gBACL,MAAM,CAAC,CAAA;aACR;SACF;IACH,CAAC;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC,CAAA;YAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAC1C,CAAC;KAAA;IAEK,OAAO,CAAC,SAAoB,EAAE,SAAmC;;YACrE,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,aAAa,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,CAAA;QAC1F,CAAC;KAAA;IAEK,iBAAiB,CAAC,MAAc,EAAE,SAAmC;;YACzE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC,CAAA;YAC5D,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAC1C,CAAC;KAAA;IAIK,SAAS,CAAC,SAAoB,EAAE,MAAqB;;YACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;YACpE,IAAI,MAAM,IAAI,KAAK;gBAAE,OAAO,MAAM,CAAA;YAClC,OAAO;gBACL,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;gBACpD,GAAG,EAAE,IAAI;gBACT,OAAO,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;gBAC/B,CAAC,EAAE,IAAA,cAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aAC5E,CAAA;QACH,CAAC;KAAA;IAIK,iBAAiB,CAAC,KAAc;;YACpC,IAAI,KAAK,EAAE;gBACT,OAAO,OAAO,CAAC,OAAO,CAAC,IAAA,cAAM,EAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;aAC5D;iBAAM;gBACL,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;gBACxE,OAAO,IAAI,YAAY,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;aACrC;QACH,CAAC;KAAA;IAED,UAAU,CAAC,YAAoB;QAC7B,OAAO,IAAA,oBAAW,EAAC,YAAY,CAAC,CAAA;IAClC,CAAC;IAEK,SAAS,CAAC,MAAqB,EAAE,MAA6C;;;YAClF,IAAI,QAAoB,CAAA;YACxB,IAAI,MAAM,KAAK,KAAK,EAAE;gBACpB,IACG,MAAqB,CAAC,GAAG,KAAK,KAAK;oBACpC,CAAE,MAAqB,CAAC,GAAG,KAAK,SAAS,IAAK,MAAqB,CAAC,GAAG,KAAK,SAAS,CAAC;oBACtF,CAAE,MAAqB,CAAC,GAAG;oBAC3B,CAAC,CAAA,MAAC,MAAqB,CAAC,OAAO,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;oBACpD,CAAC,CAAA,MAAC,MAAqB,CAAC,OAAO,0CAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;oBACpD,CAAE,MAAqB,CAAC,CAAC,EACzB;oBACA,MAAM,IAAI,KAAK,CACb,gIAAgI,CACjI,CAAA;iBACF;gBACD,0CAA0C;gBAC1C,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAA,eAAO,EAAE,MAAqB,CAAC,CAAE,CAAC,CAAC,CAAA;aAC9D;iBAAM,IAAI,MAAM,KAAK,KAAK,EAAE;gBAC3B,IAAI,MAAO,YAAY,WAAW,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;oBAC/D,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAA;gBAC7F,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAyB,CAAC,CAAA;aACrD;;gBAAM,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;YAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,WAAW,CAAC,CAAA;YAChF,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAA;;KACnD;CACF;AAED,SAAS,aAAa,CAAI,SAAoB;IAC5C,IAAI,YAAY,IAAI,SAAS,EAAE;QAC7B,OAAO,SAAS,CAAC,UAAe,CAAA;KACjC;;QAAM,MAAM,IAAI,KAAK,CAAC,sHAAsH,CAAC,CAAA;AAChJ,CAAC;AAED,MAAM,YAAY;IAChB,YAAqB,UAAkB,EAAW,IAAY;QAAzC,eAAU,GAAV,UAAU,CAAQ;QAAW,SAAI,GAAJ,IAAI,CAAQ;IAAG,CAAC;IAElE,IAAI,SAAS;QACX,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,CAAA;IAC/C,CAAC;IACD,IAAI,WAAW;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,IAAI;QACN,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,IAAI,MAAM;QACR,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;IAC/B,CAAC;IAED,MAAM;QACJ,OAAO,EAAE,CAAA;IACX,CAAC;CACF;AAED,MAAM,gBAAgB;IACpB,YAA6B,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;IAAG,CAAC;IAE5C,SAAS,CAAC,GAAc;;YAC5B,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACzD,CAAC;KAAA;IAEK,WAAW;;YACf,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,UAAU,CAAC,CAAA;YACxE,OAAO,IAAI,aAAa,CAAC,UAAU,CAAC,CAAA;QACtC,CAAC;KAAA;IAEK,SAAS,CAAC,GAAgB;;YAC9B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,UAAU,CAAC,CAAA;YAC9F,OAAO,IAAI,aAAa,CAAC,UAAU,CAAC,CAAA;QACtC,CAAC;KAAA;IAEK,IAAI,CAAC,GAAc,EAAE,IAAiB;;YAC1C,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACvE,CAAC;KAAA;IAEK,MAAM,CAAC,GAAc,EAAE,IAAiB,EAAE,SAAsB;;YACpE,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACpG,CAAC;KAAA;CACF;AAED,MAAM,aAAa;IACjB,YAAqB,UAAmB;QAAnB,eAAU,GAAV,UAAU,CAAS;IAAG,CAAC;IAE5C,IAAI,SAAS;QACX,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IAClE,CAAC;IACD,IAAI,WAAW;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,IAAI;QACN,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,IAAI,MAAM;QACR,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;IAC3B,CAAC;IAED,MAAM;QACJ,OAAO,EAAE,CAAA;IACX,CAAC;CACF;AAED,MAAM,eAAe;IACnB,YAA6B,GAAe;QAAf,QAAG,GAAH,GAAG,CAAY;IAAG,CAAC;IAE1C,oBAAoB,CAAC,OAA2B;;YACpD,IAAI;gBACF,MAAM,IAAI,GAAG,YAAY,CAAA;gBACzB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC,CAAA;gBAC3E,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAA;gBACpG,OAAO,aAAa,KAAK,IAAI,CAAA;aAC9B;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,KAAK,CAAA;aACb;QACH,CAAC;KAAA;IAEK,OAAO,CAAC,UAAqB,EAAE,aAAyB;;YAC5D,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC,CAAA;QACzE,CAAC;KAAA;IAEK,OAAO,CAAC,SAAoB,EAAE,SAAqB;;YACvD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;QACpE,CAAC;KAAA;IAKK,SAAS,CAAC,SAAoB,EAAE,MAAgC;;YACpE,IAAI,MAAM,KAAK,KAAK,EAAE;gBACpB,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS,EAAE;oBAChC,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;iBACpE;qBAAM;oBACL,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;iBACnE;aACF;iBAAM,IAAI,MAAM,KAAK,MAAM,EAAE;gBAC5B,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;aACtE;iBAAM,IAAI,MAAM,KAAK,OAAO,EAAE;gBAC7B,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;aACpE;;gBAAM,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAA;QACpD,CAAC;KAAA;IAIK,UAAU,CACd,OAA2B,EAC3B,aAA8B,EAC9B,YAA4B;;YAE5B,IAAI,UAAoC,CAAA;YACxC,IAAI,aAAa,KAAK,KAAK,EAAE;gBAC3B,UAAU,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;aACnF;iBAAM;gBACL,UAAU,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;aACrF;YACD,IAAI,SAAmC,CAAA;YACvC,IAAI,YAAY,KAAK,KAAK,EAAE;gBAC1B,SAAS,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAA;aAChF;iBAAM;gBACL,SAAS,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAA;aACjF;YACD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;QAClC,CAAC;KAAA;IAEK,eAAe,CAAC,UAAsB;;YAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAA;YACrF,4EAA4E;YAC5E,OAAO;gBACL,UAAU,EAAE,IAAI,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;gBACxF,SAAS,EAAE,IAAI,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;aACvF,CAAA;QACH,CAAC;KAAA;IAEK,wBAAwB;;YAC5B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,qBAAqB,CAAC,aAAa,EAAE,IAAI,CAAC,CAAA;YACvF,OAAO;gBACL,UAAU,EAAE,IAAI,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC7E,SAAS,EAAE,IAAI,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,sBAAsB,EAAE,CAAC;aAC5E,CAAA;QACH,CAAC;KAAA;IAED,SAAS,CACP,MAAgC,EAChC,OAAiC,EACjC,SAAqB,EACrB,aAAyB;QAEzB,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,IAAI,CAAC,MAAM,IAAI,KAAK,IAAI,MAAM,IAAI,MAAM,CAAC,EAAE;YACtE,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,aAAa,CAAC,CAAA;SAC5D;aAAM,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,IAAI,CAAC,MAAM,IAAI,KAAK,IAAI,MAAM,IAAI,OAAO,CAAC,EAAE;YAC9E,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE,aAAa,CAAC,CAAA;SAC7D;;YAAM,MAAM,IAAI,KAAK,CAAC,2DAA2D,SAAS,IAAI,MAAM,EAAE,CAAC,CAAA;IAC1G,CAAC;IAEK,aAAa,CACjB,gBAAwB,EACxB,cAAwC,EACxC,eAAuB,EACvB,aAAuC,EACvC,aAAyB;;YAEzB,IAAI,eAA8B,CAAA;YAClC,IAAI,cAA4B,CAAA;YAChC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAA;YACtD,IAAI,gBAAgB,IAAI,KAAK,EAAE;gBAC7B,eAAe,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,cAAkC,EAAE,SAAS,CAAC,CAAA;aACpG;iBAAM;gBACL,eAAe,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,cAA6B,CAAC,EAAE,SAAS,CAAC,CAAA;aACjH;YACD,IAAI,eAAe,IAAI,KAAK,EAAE;gBAC5B,cAAc,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,aAAgC,EAAE,SAAS,CAAC,CAAA;aAChG;iBAAM;gBACL,cAAc,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,aAA4B,CAAC,EAAE,SAAS,CAAC,CAAA;aAC7G;YACD,OAAO;gBACL,UAAU,EAAE,IAAI,mBAAmB,CAAC,eAAe,EAAE,IAAI,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC;gBACjG,SAAS,EAAE,IAAI,kBAAkB,CAAC,cAAc,EAAE,IAAI,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC;aAC/F,CAAA;QACH,CAAC;KAAA;IAEK,gBAAgB,CAAC,MAAuB,EAAE,OAAiC,EAAE,aAAyB;;YAC1G,IAAI,QAAuB,CAAA;YAC3B,IAAI,MAAM,IAAI,KAAK,EAAE;gBACnB,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,OAA2B,EAAE,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;aACjH;iBAAM;gBACL,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,OAAsB,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;aAC9H;YACD,OAAO,IAAI,mBAAmB,CAAC,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;QACvF,CAAC;KAAA;IAEK,eAAe,CAAC,MAAsB,EAAE,OAAiC,EAAE,aAAyB;;YACxG,IAAI,QAAsB,CAAA;YAC1B,IAAI,MAAM,IAAI,KAAK,EAAE;gBACnB,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,OAA0B,EAAE,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;aAC/G;iBAAM;gBACL,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,OAAsB,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;aAC5H;YACD,OAAO,IAAI,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC,CAAA;QACtF,CAAC;KAAA;IAEK,kBAAkB,CAAC,MAAuB,EAAE,OAAiC;;YACjF,IAAI,WAA0B,CAAA;YAC9B,IAAI,MAAM,IAAI,KAAK,EAAE;gBACnB,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,OAA2B,EAAE,qBAAqB,CAAC,aAAa,CAAC,CAAA;aACnH;iBAAM;gBACL,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,UAAU,CAAC,OAAsB,CAAC,EAAE,qBAAqB,CAAC,aAAa,CAAC,CAAA;aAChI;YACD,OAAO,IAAI,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAA;QAC5E,CAAC;KAAA;IAEK,qBAAqB,CAAC,MAAsB,EAAE,OAAiC;;YACnF,IAAI,WAAyB,CAAA;YAC7B,IAAI,MAAM,IAAI,KAAK,EAAE;gBACnB,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,OAA0B,EAAE,qBAAqB,CAAC,aAAa,CAAC,CAAA;aACjH;iBAAM;gBACL,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC,OAAsB,CAAC,EAAE,qBAAqB,CAAC,aAAa,CAAC,CAAA;aAC9H;YACD,OAAO,IAAI,kBAAkB,CAAC,WAAW,EAAE,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAA;QAC3E,CAAC;KAAA;IAEK,IAAI,CAAC,UAAqB,EAAE,IAAiB;;YACjD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC,CAAA;QAClF,CAAC;KAAA;IAEK,eAAe,CAAC,SAAoB,EAAE,SAAsB,EAAE,IAAiB;;YACnF,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,CAAA;QACzG,CAAC;KAAA;IAEO,gBAAgB,CAAC,UAAsB;QAC7C,OAAO,UAAU,IAAI,SAAS,CAAC,CAAC,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,YAAY,CAAA;IAC9G,CAAC;IAEO,uBAAuB,CAAC,UAAsB;QACpD,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,UAAU,IAAI,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE;SAC9D,CAAA;IACH,CAAC;IAEO,sBAAsB;QAC5B,OAAO;YACL,IAAI,EAAE,SAAS;YACf,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC1B,CAAA;IACH,CAAC;CACF;AAED,MAAM,mBAAmB;IACvB,YAAqB,UAAyB,EAAW,SAA0B;QAA9D,eAAU,GAAV,UAAU,CAAe;QAAW,cAAS,GAAT,SAAS,CAAiB;IAAG,CAAC;IAEvF,IAAI,WAAW;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,IAAI;QACN,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;IAClE,CAAC;IAED,MAAM;QACJ,OAAO,EAAE,CAAA;IACX,CAAC;CACF;AAED,MAAM,kBAAkB;IACtB,YAAqB,UAAwB,EAAW,SAA0B;QAA7D,eAAU,GAAV,UAAU,CAAc;QAAW,cAAS,GAAT,SAAS,CAAiB;IAAG,CAAC;IAEtF,IAAI,WAAW;QACb,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,IAAI;QACN,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;IACpE,CAAC;IAED,MAAM;QACJ,OAAO,EAAE,CAAA;IACX,CAAC;CACF;AAED,IAAK,YAEJ;AAFD,WAAK,YAAY;IACf,2CAA2B,CAAA;AAC7B,CAAC,EAFI,YAAY,KAAZ,YAAY,QAEhB;AACD,IAAK,sBAGJ;AAHD,WAAK,sBAAsB;IACzB,uDAA6B,CAAA;IAC7B,2DAAiC,CAAA;AACnC,CAAC,EAHI,sBAAsB,KAAtB,sBAAsB,QAG1B;AACD,IAAK,qBAEJ;AAFD,WAAK,qBAAqB;IACxB,wDAA+B,CAAA;AACjC,CAAC,EAFI,qBAAqB,KAArB,qBAAqB,QAEzB;AAED,IAAK,aAEJ;AAFD,WAAK,aAAa;IAChB,0CAAyB,CAAA;AAC3B,CAAC,EAFI,aAAa,KAAb,aAAa,QAEjB","sourcesContent":["import { CryptoPrimitives } from './CryptoPrimitives'\nimport { HMACUtils } from './HMACUtils'\nimport { ShamirClass } from './shamir'\nimport { AESUtils } from './AES'\nimport { KeyPair, RSAUtils, ShaVersion } from './RSA'\nimport { b64_2ua, hex2ua, ua2b64, ua2hex, ua2utf8, utf8_2ua } from '../utils'\nimport { randomBytes } from 'crypto'\n\n/**\n * Allows to use the expo-kryptom module as crypto primitives. This is necessary when building expo (react native) apps.\n */\nexport class NativeCryptoPrimitivesBridge implements CryptoPrimitives {\n constructor(expoKryptomModule: { Aes: AesService; Rsa: RsaService; Hmac: HmacService; StrongRandom: StrongRandomService; Digest: DigestService }) {\n this.strongRandom = expoKryptomModule.StrongRandom\n this.digest = expoKryptomModule.Digest\n this.shamir = new StrongRandomShamir(this.strongRandom)\n this.AES = new NativeAesBridge(expoKryptomModule.Aes, this.strongRandom)\n this.HMAC = new NativeHmacBridge(expoKryptomModule.Hmac)\n this.RSA = new NativeRsaBridge(expoKryptomModule.Rsa)\n }\n\n readonly AES: AESUtils\n readonly HMAC: HMACUtils\n readonly RSA: RSAUtils\n readonly shamir: ShamirClass\n private readonly strongRandom: StrongRandomService\n private readonly digest: DigestService\n\n randomBytes(n: number): Uint8Array {\n return this.strongRandom.randomBytes(n)\n }\n\n randomUuid(): string {\n return this.strongRandom.randomUUID()\n }\n\n async sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return await this.digest.sha256(data instanceof ArrayBuffer ? new Uint8Array(data) : data)\n }\n}\n\nclass StrongRandomShamir extends ShamirClass {\n constructor(private readonly strongRandom: StrongRandomService) {\n super()\n }\n\n protected fillRandom(arr: Uint32Array): void {\n const random = this.strongRandom.randomBytes(arr.byteLength)\n // Note that the new Uint32Array does not copy the random array\n arr.set(new Uint32Array(random.buffer))\n }\n}\n\nclass NativeAesBridge implements AESUtils {\n constructor(private readonly aes: AesService, private readonly random: StrongRandomService) {}\n\n async decrypt(cryptoKey: CryptoKey, encryptedData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return await this.aes.decrypt(new Uint8Array(encryptedData), getKryptomKey(cryptoKey))\n }\n\n decryptSome(cryptoKeys: CryptoKey[], uint8Array: Uint8Array): Promise<ArrayBuffer> {\n try {\n return this.decrypt(cryptoKeys[0], uint8Array)\n } catch (e) {\n if (cryptoKeys.length > 1) {\n return this.decryptSome(cryptoKeys.slice(1), uint8Array)\n } else {\n throw e\n }\n }\n }\n\n async decryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n const imported = await this.importKey('raw', hex2ua(rawKey))\n return this.decrypt(imported, plainData)\n }\n\n async encrypt(cryptoKey: CryptoKey, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n return await this.aes.encrypt(new Uint8Array(plainData), getKryptomKey(cryptoKey), null)\n }\n\n async encryptWithRawKey(rawKey: string, plainData: ArrayBuffer | Uint8Array): Promise<ArrayBuffer> {\n const imported = await this.importKey('raw', hex2ua(rawKey))\n return this.encrypt(imported, plainData)\n }\n\n exportKey(cryptoKey: CryptoKey, format: 'raw'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n async exportKey(cryptoKey: CryptoKey, format: 'jwk' | 'raw'): Promise<ArrayBuffer | JsonWebKey> {\n const rawKey = await this.aes.exportRawKey(getKryptomKey(cryptoKey))\n if (format == 'raw') return rawKey\n return {\n kty: 'oct',\n alg: rawKey.byteLength == 32 ? 'A256CBC' : 'A128CBC',\n ext: true,\n key_ops: ['encrypt', 'decrypt'],\n k: ua2b64(rawKey).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_'),\n }\n }\n\n generateCryptoKey(toHex: false): Promise<CryptoKey>\n generateCryptoKey(toHex: true): Promise<string>\n async generateCryptoKey(toHex: boolean): Promise<string | CryptoKey> {\n if (toHex) {\n return Promise.resolve(ua2hex(this.random.randomBytes(32)))\n } else {\n const aesKey = await this.aes.generateKey(AesAlgorithm.AesCbcPkcs7, 256)\n return new AesCryptoKey(aesKey, 256)\n }\n }\n\n generateIV(ivByteLength: number): Uint8Array {\n return randomBytes(ivByteLength)\n }\n\n async importKey(format: 'jwk' | 'raw', aesKey: JsonWebKey | ArrayBuffer | Uint8Array): Promise<CryptoKey> {\n let keyBytes: Uint8Array\n if (format === 'jwk') {\n if (\n (aesKey as JsonWebKey).kty !== 'oct' ||\n ((aesKey as JsonWebKey).alg !== 'A256CBC' && (aesKey as JsonWebKey).alg !== 'A128CBC') ||\n !(aesKey as JsonWebKey).ext ||\n !(aesKey as JsonWebKey).key_ops?.includes('encrypt') ||\n !(aesKey as JsonWebKey).key_ops?.includes('decrypt') ||\n !(aesKey as JsonWebKey).k\n ) {\n throw new Error(\n 'Invalid JWK - must have kty=oct, alg=(A256CBC||A128CBC), ext=true, key_ops=[encrypt, decrypt], and must have non-empty k field'\n )\n }\n // b64_2ua works also with url-safe base64\n keyBytes = new Uint8Array(b64_2ua((aesKey as JsonWebKey).k!))\n } else if (format === 'raw') {\n if (aesKey! instanceof ArrayBuffer && !ArrayBuffer.isView(aesKey))\n throw new Error(\"aesKey must be an ArrayBuffer or an ArrayBufferView when format is 'raw'\")\n keyBytes = new Uint8Array(aesKey as ArrayBufferLike)\n } else throw new Error(`Invalid format ${format}`)\n const imported = await this.aes.importRawKey(keyBytes, AesAlgorithm.AesCbcPkcs7)\n return new AesCryptoKey(imported, keyBytes.length)\n }\n}\n\nfunction getKryptomKey<T>(cryptoKey: CryptoKey) {\n if ('kryptomKey' in cryptoKey) {\n return cryptoKey.kryptomKey as T\n } else throw new Error('Invalid crypto key: only crypto keys generated or loaded with this implementation of crypto primitives are supported')\n}\n\nclass AesCryptoKey implements CryptoKey {\n constructor(readonly kryptomKey: AesKey, readonly size: number) {}\n\n get algorithm(): AesKeyAlgorithm {\n return { name: 'AES-CBC', length: this.size }\n }\n get extractable(): boolean {\n return true\n }\n get type(): KeyType {\n return 'secret'\n }\n get usages(): KeyUsage[] {\n return ['encrypt', 'decrypt']\n }\n\n toJSON() {\n return {}\n }\n}\n\nclass NativeHmacBridge implements HMACUtils {\n constructor(private readonly hmac: HmacService) {}\n\n async exportKey(key: CryptoKey): Promise<ArrayBuffer> {\n return await this.hmac.exportRawKey(getKryptomKey(key))\n }\n\n async generateKey(): Promise<CryptoKey> {\n const kryptomKey = await this.hmac.generateKey(HmacAlgorithm.HmacSha512)\n return new HmacCryptoKey(kryptomKey)\n }\n\n async importKey(key: ArrayBuffer): Promise<CryptoKey> {\n const kryptomKey = await this.hmac.importRawKey(new Uint8Array(key), HmacAlgorithm.HmacSha512)\n return new HmacCryptoKey(kryptomKey)\n }\n\n async sign(key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {\n return await this.hmac.sign(new Uint8Array(data), getKryptomKey(key))\n }\n\n async verify(key: CryptoKey, data: ArrayBuffer, signature: ArrayBuffer): Promise<boolean> {\n return await this.hmac.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(key))\n }\n}\n\nclass HmacCryptoKey implements CryptoKey {\n constructor(readonly kryptomKey: HmacKey) {}\n\n get algorithm(): HmacKeyAlgorithm {\n return { name: 'HMAC', hash: { name: 'SHA-512' }, length: 1024 }\n }\n get extractable(): boolean {\n return true\n }\n get type(): KeyType {\n return 'secret'\n }\n get usages(): KeyUsage[] {\n return ['sign', 'verify']\n }\n\n toJSON() {\n return {}\n }\n}\n\nclass NativeRsaBridge implements RSAUtils {\n constructor(private readonly rsa: RsaService) {}\n\n async checkKeyPairValidity(keyPair: KeyPair<CryptoKey>): Promise<boolean> {\n try {\n const text = 'shibboleth'\n const encryptedText = await this.encrypt(keyPair.publicKey, utf8_2ua(text))\n const decryptedText = ua2utf8(await this.decrypt(keyPair.privateKey, new Uint8Array(encryptedText)))\n return decryptedText === text\n } catch (e) {\n return false\n }\n }\n\n async decrypt(privateKey: CryptoKey, encryptedData: Uint8Array): Promise<ArrayBuffer> {\n return await this.rsa.decrypt(encryptedData, getKryptomKey(privateKey))\n }\n\n async encrypt(publicKey: CryptoKey, plainData: Uint8Array): Promise<ArrayBuffer> {\n return await this.rsa.encrypt(plainData, getKryptomKey(publicKey))\n }\n\n exportKey(cryptoKey: CryptoKey, format: 'jwk'): Promise<JsonWebKey>\n exportKey(cryptoKey: CryptoKey, format: 'spki'): Promise<ArrayBuffer>\n exportKey(cryptoKey: CryptoKey, format: 'pkcs8'): Promise<ArrayBuffer>\n async exportKey(cryptoKey: CryptoKey, format: 'jwk' | 'spki' | 'pkcs8'): Promise<JsonWebKey | ArrayBuffer> {\n if (format === 'jwk') {\n if (cryptoKey.type === 'private') {\n return await this.rsa.exportPrivateKeyJwk(getKryptomKey(cryptoKey))\n } else {\n return await this.rsa.exportPublicKeyJwk(getKryptomKey(cryptoKey))\n }\n } else if (format === 'spki') {\n return await this.rsa.exportPrivateKeyPkcs8(getKryptomKey(cryptoKey))\n } else if (format === 'pkcs8') {\n return await this.rsa.exportPublicKeySpki(getKryptomKey(cryptoKey))\n } else throw new Error(`Invalid format ${format}`)\n }\n\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'jwk', pubKeyFormat: 'jwk'): Promise<KeyPair<JsonWebKey>>\n exportKeys(keyPair: KeyPair<CryptoKey>, privKeyFormat: 'pkcs8', pubKeyFormat: 'spki'): Promise<KeyPair<ArrayBuffer>>\n async exportKeys(\n keyPair: KeyPair<CryptoKey>,\n privKeyFormat: 'jwk' | 'pkcs8',\n pubKeyFormat: 'jwk' | 'spki'\n ): Promise<KeyPair<JsonWebKey | ArrayBuffer>> {\n let privateKey: JsonWebKey | ArrayBuffer\n if (privKeyFormat === 'jwk') {\n privateKey = await this.rsa.exportPrivateKeyJwk(getKryptomKey(keyPair.privateKey))\n } else {\n privateKey = await this.rsa.exportPrivateKeyPkcs8(getKryptomKey(keyPair.privateKey))\n }\n let publicKey: JsonWebKey | ArrayBuffer\n if (pubKeyFormat === 'jwk') {\n publicKey = await this.rsa.exportPublicKeyJwk(getKryptomKey(keyPair.publicKey))\n } else {\n publicKey = await this.rsa.exportPublicKeySpki(getKryptomKey(keyPair.publicKey))\n }\n return { privateKey, publicKey }\n }\n\n async generateKeyPair(shaVersion: ShaVersion): Promise<KeyPair<CryptoKey>> {\n const generated = await this.rsa.generateKey(this.kryptomAlgorithm(shaVersion), 2048)\n // In expo-kryptom a private keys and public keys are supertypes of keypair.\n return {\n privateKey: new PrivateRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),\n publicKey: new PublicRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),\n }\n }\n\n async generateSignatureKeyPair(): Promise<KeyPair<CryptoKey>> {\n const generated = await this.rsa.generateKey(RsaSignatureAlgorithm.PssWithSha256, 2048)\n return {\n privateKey: new PrivateRsaCryptoKey(generated, this.signatureKeysAlgorithm()),\n publicKey: new PublicRsaCryptoKey(generated, this.signatureKeysAlgorithm()),\n }\n }\n\n importKey(\n format: 'jwk' | 'spki' | 'pkcs8',\n keydata: JsonWebKey | ArrayBuffer,\n keyUsages: KeyUsage[],\n hashAlgorithm: ShaVersion\n ): Promise<CryptoKey> {\n if (keyUsages[0] == 'encrypt' && (format == 'jwk' || format == 'spki')) {\n return this.importPublicKey(format, keydata, hashAlgorithm)\n } else if (keyUsages[0] == 'decrypt' && (format == 'jwk' || format == 'pkcs8')) {\n return this.importPrivateKey(format, keydata, hashAlgorithm)\n } else throw new Error(`Combination of key usages and key format not supported: ${keyUsages} ${format}`)\n }\n\n async importKeyPair(\n privateKeyFormat: string,\n privateKeydata: JsonWebKey | ArrayBuffer,\n publicKeyFormat: string,\n publicKeyData: JsonWebKey | ArrayBuffer,\n hashAlgorithm: ShaVersion\n ): Promise<KeyPair<CryptoKey>> {\n let importedPrivate: RsaPrivateKey\n let importedPublic: RsaPublicKey\n const algorithm = this.kryptomAlgorithm(hashAlgorithm)\n if (privateKeyFormat == 'jwk') {\n importedPrivate = await this.rsa.importPrivateKeyJwk(privateKeydata as PrivateRsaKeyJwk, algorithm)\n } else {\n importedPrivate = await this.rsa.importPrivateKeyPkcs8(new Uint8Array(privateKeydata as ArrayBuffer), algorithm)\n }\n if (publicKeyFormat == 'jwk') {\n importedPublic = await this.rsa.importPublicKeyJwk(publicKeyData as PublicRsaKeyJwk, algorithm)\n } else {\n importedPublic = await this.rsa.importPublicKeySpki(new Uint8Array(publicKeyData as ArrayBuffer), algorithm)\n }\n return {\n privateKey: new PrivateRsaCryptoKey(importedPrivate, this.encryptionKeysAlgorithm(hashAlgorithm)),\n publicKey: new PublicRsaCryptoKey(importedPublic, this.encryptionKeysAlgorithm(hashAlgorithm)),\n }\n }\n\n async importPrivateKey(format: 'jwk' | 'pkcs8', keydata: JsonWebKey | ArrayBuffer, hashAlgorithm: ShaVersion): Promise<CryptoKey> {\n let imported: RsaPrivateKey\n if (format == 'jwk') {\n imported = await this.rsa.importPrivateKeyJwk(keydata as PrivateRsaKeyJwk, this.kryptomAlgorithm(hashAlgorithm))\n } else {\n imported = await this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata as ArrayBuffer), this.kryptomAlgorithm(hashAlgorithm))\n }\n return new PrivateRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm))\n }\n\n async importPublicKey(format: 'jwk' | 'spki', keydata: JsonWebKey | ArrayBuffer, hashAlgorithm: ShaVersion): Promise<CryptoKey> {\n let imported: RsaPublicKey\n if (format == 'jwk') {\n imported = await this.rsa.importPublicKeyJwk(keydata as PublicRsaKeyJwk, this.kryptomAlgorithm(hashAlgorithm))\n } else {\n imported = await this.rsa.importPublicKeySpki(new Uint8Array(keydata as ArrayBuffer), this.kryptomAlgorithm(hashAlgorithm))\n }\n return new PublicRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm))\n }\n\n async importSignatureKey(format: 'jwk' | 'pkcs8', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey> {\n let importedKey: RsaPrivateKey\n if (format == 'jwk') {\n importedKey = await this.rsa.importPrivateKeyJwk(keydata as PrivateRsaKeyJwk, RsaSignatureAlgorithm.PssWithSha256)\n } else {\n importedKey = await this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata as ArrayBuffer), RsaSignatureAlgorithm.PssWithSha256)\n }\n return new PrivateRsaCryptoKey(importedKey, this.signatureKeysAlgorithm())\n }\n\n async importVerificationKey(format: 'jwk' | 'spki', keydata: JsonWebKey | ArrayBuffer): Promise<CryptoKey> {\n let importedKey: RsaPublicKey\n if (format == 'jwk') {\n importedKey = await this.rsa.importPublicKeyJwk(keydata as PublicRsaKeyJwk, RsaSignatureAlgorithm.PssWithSha256)\n } else {\n importedKey = await this.rsa.importPublicKeySpki(new Uint8Array(keydata as ArrayBuffer), RsaSignatureAlgorithm.PssWithSha256)\n }\n return new PublicRsaCryptoKey(importedKey, this.signatureKeysAlgorithm())\n }\n\n async sign(privateKey: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {\n return await this.rsa.signature(new Uint8Array(data), getKryptomKey(privateKey))\n }\n\n async verifySignature(publicKey: CryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean> {\n return await this.rsa.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(publicKey))\n }\n\n private kryptomAlgorithm(shaVersion: ShaVersion): RsaEncryptionAlgorithm {\n return shaVersion == 'sha-256' ? RsaEncryptionAlgorithm.OaepWithSha256 : RsaEncryptionAlgorithm.OaepWithSha1\n }\n\n private encryptionKeysAlgorithm(shaVersion: ShaVersion): RsaHashedKeyAlgorithm {\n return {\n name: 'RSA-OAEP',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: shaVersion == 'sha-256' ? 'SHA-256' : 'SHA-1' },\n }\n }\n\n private signatureKeysAlgorithm(): RsaHashedKeyAlgorithm {\n return {\n name: 'RSA-PSS',\n modulusLength: 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537 (Fermat F4), read http://en.wikipedia.org/wiki/65537_(number)\n hash: { name: 'SHA-256' },\n }\n }\n}\n\nclass PrivateRsaCryptoKey implements CryptoKey {\n constructor(readonly kryptomKey: RsaPrivateKey, readonly algorithm: RsaKeyAlgorithm) {}\n\n get extractable(): boolean {\n return true\n }\n\n get type(): KeyType {\n return 'private'\n }\n\n get usages(): KeyUsage[] {\n return this.algorithm.name != 'RSA-PSS' ? ['decrypt'] : ['sign']\n }\n\n toJSON() {\n return {}\n }\n}\n\nclass PublicRsaCryptoKey implements CryptoKey {\n constructor(readonly kryptomKey: RsaPublicKey, readonly algorithm: RsaKeyAlgorithm) {}\n\n get extractable(): boolean {\n return true\n }\n\n get type(): KeyType {\n return 'public'\n }\n\n get usages(): KeyUsage[] {\n return this.algorithm.name != 'RSA-PSS' ? ['encrypt'] : ['verify']\n }\n\n toJSON() {\n return {}\n }\n}\n\nenum AesAlgorithm {\n AesCbcPkcs7 = 'AesCbcPkcs7',\n}\nenum RsaEncryptionAlgorithm {\n OaepWithSha1 = 'OaepWithSha1',\n OaepWithSha256 = 'OaepWithSha256',\n}\nenum RsaSignatureAlgorithm {\n PssWithSha256 = 'PssWithSha256',\n}\ntype RsaAlgorithm = RsaEncryptionAlgorithm | RsaSignatureAlgorithm\nenum HmacAlgorithm {\n HmacSha512 = 'HmacSha512',\n}\n\ninterface HmacKey {\n algorithmIdentifier: HmacAlgorithm\n}\n\ninterface AesKey {\n algorithmIdentifier: AesAlgorithm\n}\n\ninterface RsaKeyPair {\n algorithmIdentifier: RsaAlgorithm\n}\n\ninterface RsaPrivateKey {\n algorithmIdentifier: RsaAlgorithm\n}\n\ninterface RsaPublicKey {\n algorithmIdentifier: RsaAlgorithm\n}\n\ntype PrivateRsaKeyJwk = {\n alg: string\n d: string\n dp: string\n dq: string\n e: string\n ext: boolean\n key_ops: string[]\n n: string\n p: string\n q: string\n qi: string\n}\n\ntype PublicRsaKeyJwk = {\n alg: string\n e: string\n ext: boolean\n key_ops: string[]\n n: string\n}\n\ninterface AesService {\n generateKey(algorithmIdentifier: AesAlgorithm, size: number): Promise<AesKey>\n encrypt(data: Uint8Array, key: AesKey, iv: Uint8Array | null): Promise<Uint8Array>\n decrypt(ivAndEncryptedData: Uint8Array, key: AesKey): Promise<Uint8Array>\n exportRawKey(key: AesKey): Promise<Uint8Array>\n importRawKey(rawKey: Uint8Array, algorithmIdentifier: AesAlgorithm): Promise<AesKey>\n}\n\ninterface RsaService {\n generateKey(algorithmIdentifier: RsaAlgorithm, size: number): Promise<RsaKeyPair>\n encrypt(data: Uint8Array, key: RsaPublicKey): Promise<Uint8Array>\n decrypt(data: Uint8Array, key: RsaPrivateKey): Promise<Uint8Array>\n signature(data: Uint8Array, key: RsaPrivateKey): Promise<Uint8Array>\n verify(signature: Uint8Array, data: Uint8Array, key: RsaPublicKey): Promise<boolean>\n exportPrivateKeyPkcs8(key: RsaPrivateKey): Promise<Uint8Array>\n exportPrivateKeyJwk(key: RsaPrivateKey): Promise<PrivateRsaKeyJwk>\n exportPublicKeySpki(key: RsaPublicKey): Promise<Uint8Array>\n exportPublicKeyJwk(key: RsaPublicKey): Promise<PublicRsaKeyJwk>\n importPrivateKeyPkcs8(privateKeyPkcs8: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaPrivateKey>\n importPrivateKeyJwk(privateKey: PrivateRsaKeyJwk, algorithmIdentifier: RsaAlgorithm): Promise<RsaPrivateKey>\n importPublicKeySpki(publicKeySpki: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaPublicKey>\n importPublicKeyJwk(publicKey: PublicRsaKeyJwk, algorithmIdentifier: RsaAlgorithm): Promise<RsaPublicKey>\n importKeyPair(privateKeyPkcs8: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaKeyPair>\n}\n\ninterface HmacService {\n generateKey(algorithmIdentifier: HmacAlgorithm): Promise<HmacKey>\n sign(data: Uint8Array, key: HmacKey): Promise<Uint8Array>\n verify(signature: Uint8Array, data: Uint8Array, key: HmacKey): Promise<boolean>\n exportRawKey(key: HmacKey): Promise<Uint8Array>\n importRawKey(rawKey: Uint8Array, algorithmIdentifier: HmacAlgorithm): Promise<HmacKey>\n}\n\ninterface StrongRandomService {\n randomBytes(length: number): Uint8Array\n randomUUID(): string\n}\n\ninterface DigestService {\n sha256(data: Uint8Array): Promise<Uint8Array>\n}\n"]}