@lifeready/core 9.0.6 → 9.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/bundles/lifeready-core.umd.js +182 -164
  2. package/bundles/lifeready-core.umd.js.map +1 -1
  3. package/bundles/lifeready-core.umd.min.js +1 -1
  4. package/bundles/lifeready-core.umd.min.js.map +1 -1
  5. package/esm2015/lib/key-exchange/key-exchange.service.js +17 -1
  6. package/fesm2015/lifeready-core.js +16 -0
  7. package/fesm2015/lifeready-core.js.map +1 -1
  8. package/package.json +1 -1
package/bundles/lifeready-core.umd.js CHANGED
@@ -8261,12 +8261,12 @@
8261
8261
  KeyExchangeService.prototype.getOtKey = function (keyExchange, otKeyK) {
8262
8262
  return __awaiter(this, void 0, void 0, function () {
8263
8263
  var prk, decryptedCipher;
8264
- return __generator(this, function (_a) {
8265
- switch (_a.label) {
8264
+ return __generator(this, function (_b) {
8265
+ switch (_b.label) {
8266
8266
  case 0:
8267
8267
  if (!otKeyK) return [3 /*break*/, 2];
8268
8268
  return [4 /*yield*/, KeyFactoryService.asKey(Object.assign(Object.assign({}, JSON.parse(keyExchange.otk.otKeyParams)), { k: otKeyK }))];
8269
- case 1: return [2 /*return*/, _a.sent()];
8269
+ case 1: return [2 /*return*/, _b.sent()];
8270
8270
  case 2:
8271
8271
  if (!(keyExchange.otk.state === 'OTK_INITIATED' &&
8272
8272
  !keyExchange.isInitiator &&
@@ -8276,10 +8276,10 @@
8276
8276
  serializations: [JoseSerialization.COMPACT],
8277
8277
  })];
8278
8278
  case 3:
8279
- decryptedCipher = _a.sent();
8279
+ decryptedCipher = _b.sent();
8280
8280
  if (!decryptedCipher.otKey) return [3 /*break*/, 5];
8281
8281
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedCipher.otKey)];
8282
- case 4: return [2 /*return*/, _a.sent()];
8282
+ case 4: return [2 /*return*/, _b.sent()];
8283
8283
  case 5: return [2 /*return*/, null];
8284
8284
  }
8285
8285
  });
@@ -8287,22 +8287,32 @@
8287
8287
  };
8288
8288
  KeyExchangeService.prototype.decryptOtk = function (keyExchange, otKeyK) {
8289
8289
  return __awaiter(this, void 0, void 0, function () {
8290
- var otKey, otk, _a, _b, _c, _d;
8291
- return __generator(this, function (_e) {
8292
- switch (_e.label) {
8290
+ var otKey, otk, _b, _c, _d, _e;
8291
+ return __generator(this, function (_f) {
8292
+ switch (_f.label) {
8293
8293
  case 0: return [4 /*yield*/, this.getOtKey(keyExchange, otKeyK)];
8294
8294
  case 1:
8295
- otKey = _e.sent();
8295
+ otKey = _f.sent();
8296
8296
  otk = keyExchange.otk;
8297
8297
  if (!(otKey && otk.otKeyCipher)) return [3 /*break*/, 3];
8298
- _b = (_a = Object).assign;
8299
- _c = [Object.assign({}, otk)];
8300
- _d = { otKey: otKey };
8298
+ _c = (_b = Object).assign;
8299
+ _d = [Object.assign({}, otk)];
8300
+ _e = { otKey: otKey };
8301
8301
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, keyExchange.otk.otKeyCipher)];
8302
8302
  case 2:
8303
- otk = _b.apply(_a, _c.concat([(_d.otKeyCipherClearJson = _e.sent(), _d)]));
8304
- _e.label = 3;
8305
- case 3: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8303
+ otk = _c.apply(_b, _d.concat([(_e.otKeyCipherClearJson = _f.sent(), _e)]));
8304
+ return [3 /*break*/, 4];
8305
+ case 3:
8306
+ if (otk.otKeyCipher && !otKey) {
8307
+ // Log a warning when we have cipher data but couldn't obtain the key to decrypt it.
8308
+ // This typically happens when:
8309
+ // - The otKeyK (raw one-time key from URL hash) was not provided or was empty
8310
+ // - The responder doesn't have a responderPbkCipher (new user via invite)
8311
+ console.warn('KeyExchangeService: Unable to decrypt OTK cipher - one-time key not available. ' +
8312
+ 'otKeyK provided:', !!otKeyK, 'otKeyK value:', otKeyK ? '[present]' : '[empty/missing]');
8313
+ }
8314
+ _f.label = 4;
8315
+ case 4: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8306
8316
  }
8307
8317
  });
8308
8318
  });
@@ -8310,16 +8320,16 @@
8310
8320
  KeyExchangeService.prototype.decryptResponseCipher = function (otKey, otPrk, content) {
8311
8321
  return __awaiter(this, void 0, void 0, function () {
8312
8322
  var error_1;
8313
- return __generator(this, function (_a) {
8314
- switch (_a.label) {
8323
+ return __generator(this, function (_b) {
8324
+ switch (_b.label) {
8315
8325
  case 0:
8316
- _a.trys.push([0, 2, , 3]);
8326
+ _b.trys.push([0, 2, , 3]);
8317
8327
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, content)];
8318
8328
  case 1:
8319
- content = _a.sent();
8329
+ content = _b.sent();
8320
8330
  return [3 /*break*/, 3];
8321
8331
  case 2:
8322
- error_1 = _a.sent();
8332
+ error_1 = _b.sent();
8323
8333
  if (error_1.message !== 'no key found') {
8324
8334
  throw error_1;
8325
8335
  }
@@ -8327,44 +8337,44 @@
8327
8337
  case 3: return [4 /*yield*/, this.encryptionService.decrypt(otPrk, content)];
8328
8338
  case 4:
8329
8339
  // The Prk is single-use and only used to send information from the responder back to the initiator.
8330
- return [2 /*return*/, _a.sent()];
8340
+ return [2 /*return*/, _b.sent()];
8331
8341
  }
8332
8342
  });
8333
8343
  });
8334
8344
  };
8335
8345
  KeyExchangeService.prototype.decryptKeyExchangeAsInitiator = function (keyExchange) {
8336
8346
  return __awaiter(this, void 0, void 0, function () {
8337
- var rootKey, initiatorRootKeyCipherClearJson, otKey, otk, _a, _b, _c, _d, _e, _f, _g;
8338
- return __generator(this, function (_h) {
8339
- switch (_h.label) {
8347
+ var rootKey, initiatorRootKeyCipherClearJson, otKey, otk, _b, _c, _d, _e, _f, _g, _h;
8348
+ return __generator(this, function (_j) {
8349
+ switch (_j.label) {
8340
8350
  case 0:
8341
8351
  rootKey = this.keyService.currentRootKey;
8342
8352
  return [4 /*yield*/, this.encryptionService.decrypt(rootKey.jwk, keyExchange.initiatorRootKeyCipher)];
8343
8353
  case 1:
8344
- initiatorRootKeyCipherClearJson = (_h.sent());
8354
+ initiatorRootKeyCipherClearJson = (_j.sent());
8345
8355
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey)];
8346
8356
  case 2:
8347
- otKey = _h.sent();
8357
+ otKey = _j.sent();
8348
8358
  keyExchange = Object.assign(Object.assign({}, keyExchange), { initiatorRootKeyCipherClearJson: initiatorRootKeyCipherClearJson });
8349
8359
  otk = keyExchange.otk;
8350
8360
  if (!otk.initiatorOneTimePbkCipher) return [3 /*break*/, 5];
8351
- _b = (_a = Object).assign;
8352
- _c = [Object.assign({}, otk)];
8353
- _d = {};
8354
- _e = this.decryptResponseCipher;
8355
- _f = [otKey];
8361
+ _c = (_b = Object).assign;
8362
+ _d = [Object.assign({}, otk)];
8363
+ _e = {};
8364
+ _f = this.decryptResponseCipher;
8365
+ _g = [otKey];
8356
8366
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk)];
8357
- case 3: return [4 /*yield*/, _e.apply(this, _f.concat([_h.sent(), otk.initiatorOneTimePbkCipher]))];
8367
+ case 3: return [4 /*yield*/, _f.apply(this, _g.concat([_j.sent(), otk.initiatorOneTimePbkCipher]))];
8358
8368
  case 4:
8359
- otk = _b.apply(_a, _c.concat([(_d.initiatorOneTimePbkCipherClearJson = _h.sent(), _d)]));
8360
- _h.label = 5;
8369
+ otk = _c.apply(_b, _d.concat([(_e.initiatorOneTimePbkCipherClearJson = _j.sent(), _e)]));
8370
+ _j.label = 5;
8361
8371
  case 5:
8362
8372
  if (!otk.otKeyCipher) return [3 /*break*/, 7];
8363
- _g = otk;
8373
+ _h = otk;
8364
8374
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, otk.otKeyCipher)];
8365
8375
  case 6:
8366
- _g.otKeyCipherClearJson = _h.sent();
8367
- _h.label = 7;
8376
+ _h.otKeyCipherClearJson = _j.sent();
8377
+ _j.label = 7;
8368
8378
  case 7: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8369
8379
  }
8370
8380
  });
@@ -8372,14 +8382,14 @@
8372
8382
  };
8373
8383
  KeyExchangeService.prototype.decryptKeyExchangeAsResponder = function (keyExchange, otKeyK) {
8374
8384
  return __awaiter(this, void 0, void 0, function () {
8375
- return __generator(this, function (_a) {
8385
+ return __generator(this, function (_b) {
8376
8386
  return [2 /*return*/, this.decryptOtk(keyExchange, otKeyK)];
8377
8387
  });
8378
8388
  });
8379
8389
  };
8380
8390
  KeyExchangeService.prototype.decryptKeyExchange = function (keyExchange, otKeyK) {
8381
8391
  return __awaiter(this, void 0, void 0, function () {
8382
- return __generator(this, function (_a) {
8392
+ return __generator(this, function (_b) {
8383
8393
  if (keyExchange.isInitiator) {
8384
8394
  return [2 /*return*/, this.decryptKeyExchangeAsInitiator(keyExchange)];
8385
8395
  }
@@ -8390,13 +8400,13 @@
8390
8400
  });
8391
8401
  });
8392
8402
  };
8393
- KeyExchangeService.prototype.getKeyExchanges = function (_a) {
8394
- var _b = _a === void 0 ? {} : _a, state = _b.state;
8403
+ KeyExchangeService.prototype.getKeyExchanges = function (_b) {
8404
+ var _c = _b === void 0 ? {} : _b, state = _c.state;
8395
8405
  return __awaiter(this, void 0, void 0, function () {
8396
8406
  var keyExchanges;
8397
8407
  var _this = this;
8398
- return __generator(this, function (_a) {
8399
- switch (_a.label) {
8408
+ return __generator(this, function (_b) {
8409
+ switch (_b.label) {
8400
8410
  case 0: return [4 /*yield*/, this.query({
8401
8411
  query: KeyExchangesQuery2,
8402
8412
  variables: {
@@ -8404,7 +8414,7 @@
8404
8414
  },
8405
8415
  })];
8406
8416
  case 1:
8407
- keyExchanges = (_a.sent()).keyExchanges;
8417
+ keyExchanges = (_b.sent()).keyExchanges;
8408
8418
  return [2 /*return*/, Promise.all(keyExchanges.edges.map(function (edge) { return _this.decryptKeyExchange(edge.node); }))];
8409
8419
  }
8410
8420
  });
@@ -8416,12 +8426,12 @@
8416
8426
  * @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
8417
8427
  * it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
8418
8428
  */
8419
- KeyExchangeService.prototype.getKeyExchange = function (id, _a) {
8420
- var _b = _a === void 0 ? {} : _a, otKeyK = _b.otKeyK, token = _b.token;
8429
+ KeyExchangeService.prototype.getKeyExchange = function (id, _b) {
8430
+ var _c = _b === void 0 ? {} : _b, otKeyK = _c.otKeyK, token = _c.token;
8421
8431
  return __awaiter(this, void 0, void 0, function () {
8422
8432
  var res;
8423
- return __generator(this, function (_a) {
8424
- switch (_a.label) {
8433
+ return __generator(this, function (_b) {
8434
+ switch (_b.label) {
8425
8435
  case 0: return [4 /*yield*/, this.query({
8426
8436
  query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
8427
8437
  variables: {
@@ -8431,7 +8441,7 @@
8431
8441
  includeKeyGraph: !token,
8432
8442
  })];
8433
8443
  case 1:
8434
- res = _a.sent();
8444
+ res = _b.sent();
8435
8445
  return [2 /*return*/, this.decryptKeyExchange(res.keyExchange, otKeyK)];
8436
8446
  }
8437
8447
  });
@@ -8439,7 +8449,7 @@
8439
8449
  };
8440
8450
  KeyExchangeService.prototype.getCurrentUserSharedKey = function (input) {
8441
8451
  return __awaiter(this, void 0, void 0, function () {
8442
- return __generator(this, function (_a) {
8452
+ return __generator(this, function (_b) {
8443
8453
  return [2 /*return*/, this.query({
8444
8454
  query: CurrentUserSharedKeyQuery2,
8445
8455
  variables: {
@@ -8480,38 +8490,38 @@
8480
8490
  KeyExchangeService.prototype.initiateOtk = function (input) {
8481
8491
  if (input === void 0) { input = {}; }
8482
8492
  return __awaiter(this, void 0, void 0, function () {
8483
- var _a;
8484
- return __generator(this, function (_b) {
8485
- switch (_b.label) {
8493
+ var _b;
8494
+ return __generator(this, function (_c) {
8495
+ switch (_c.label) {
8486
8496
  case 0:
8487
- _a = this.mutate;
8497
+ _b = this.mutate;
8488
8498
  return [4 /*yield*/, this.initiateOtkMutation(input)];
8489
- case 1: return [2 /*return*/, _a.apply(this, [(_b.sent()).lrMutation])];
8499
+ case 1: return [2 /*return*/, _b.apply(this, [(_c.sent()).lrMutation])];
8490
8500
  }
8491
8501
  });
8492
8502
  });
8493
8503
  };
8494
- KeyExchangeService.prototype.initiateOtkMutation = function (_a) {
8495
- var _b = _a === void 0 ? {} : _a, message = _b.message, email = _b.email, contactCard = _b.contactCard, upgrade = _b.upgrade;
8504
+ KeyExchangeService.prototype.initiateOtkMutation = function (_b) {
8505
+ var _c = _b === void 0 ? {} : _b, message = _c.message, email = _c.email, contactCard = _c.contactCard, upgrade = _c.upgrade;
8496
8506
  return __awaiter(this, void 0, void 0, function () {
8497
8507
  var otKey, nonce, initiatorOneTimePrk, initiatorPrk, initiatorSigPrk, initiatorPlainDataSig, initiator, plainOtKeyCipher, otKeyCipher, initiatorRootKeyCipherClearJson, rootKey, initiatorRootKeyCipher, otKeyK, lrMutation;
8498
- return __generator(this, function (_a) {
8499
- switch (_a.label) {
8508
+ return __generator(this, function (_b) {
8509
+ switch (_b.label) {
8500
8510
  case 0: return [4 /*yield*/, this.keyFactory.createKey()];
8501
8511
  case 1:
8502
- otKey = _a.sent();
8512
+ otKey = _b.sent();
8503
8513
  nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
8504
8514
  return [4 /*yield*/, this.keyFactory.createPkcKey()];
8505
8515
  case 2:
8506
- initiatorOneTimePrk = _a.sent();
8516
+ initiatorOneTimePrk = _b.sent();
8507
8517
  initiatorPrk = this.keyService.currentPxk;
8508
8518
  initiatorSigPrk = this.keyService.currentSigPxk;
8509
8519
  initiatorPlainDataSig = null;
8510
8520
  if (!(contactCard && contactCard.ownerPlainDataJson)) return [3 /*break*/, 4];
8511
8521
  return [4 /*yield*/, this.encryptionService.signToString(initiatorSigPrk.jwk, contactCard.ownerPlainDataJson)];
8512
8522
  case 3:
8513
- initiatorPlainDataSig = _a.sent();
8514
- _a.label = 4;
8523
+ initiatorPlainDataSig = _b.sent();
8524
+ _b.label = 4;
8515
8525
  case 4:
8516
8526
  initiator = {
8517
8527
  message: message,
@@ -8530,7 +8540,7 @@
8530
8540
  };
8531
8541
  return [4 /*yield*/, this.keyGraph.encryptToString(otKey, plainOtKeyCipher)];
8532
8542
  case 5:
8533
- otKeyCipher = _a.sent();
8543
+ otKeyCipher = _b.sent();
8534
8544
  initiatorRootKeyCipherClearJson = {
8535
8545
  nonce: nonce,
8536
8546
  oneTimePrk: initiatorOneTimePrk.toJSON(true),
@@ -8548,7 +8558,7 @@
8548
8558
  rootKey = this.keyService.currentRootKey;
8549
8559
  return [4 /*yield*/, this.keyGraph.encryptToString(rootKey.jwk, initiatorRootKeyCipherClearJson)];
8550
8560
  case 6:
8551
- initiatorRootKeyCipher = _a.sent();
8561
+ initiatorRootKeyCipher = _b.sent();
8552
8562
  otKeyK = otKey.toJSON(true).k;
8553
8563
  lrMutation = new LrMutation({
8554
8564
  mutation: InitiateKeyExchangeOtkMutation,
@@ -8579,44 +8589,52 @@
8579
8589
  KeyExchangeService.prototype.respondOtk = function (input) {
8580
8590
  return this.mutate(this.respondOtkMutation(input));
8581
8591
  };
8582
- KeyExchangeService.prototype.respondOtkMutation = function (_a) {
8583
- var keyExchangeId = _a.keyExchangeId, token = _a.token, decryptedOtk = _a.decryptedOtk, message = _a.message, initiatorContactCard = _a.initiatorContactCard, responderContactCard = _a.responderContactCard;
8592
+ KeyExchangeService.prototype.respondOtkMutation = function (_b) {
8593
+ var keyExchangeId = _b.keyExchangeId, token = _b.token, decryptedOtk = _b.decryptedOtk, message = _b.message, initiatorContactCard = _b.initiatorContactCard, responderContactCard = _b.responderContactCard;
8594
+ var _a;
8584
8595
  return __awaiter(this, void 0, void 0, function () {
8585
- var rootKey, masterKey, sharedKey, mkSharedKey, rkWrappedSharedKey, mkWrappedMkSharedKey, initiatorOneTimePbk, initiatorPbk, initiatorSigPbk, responderPrk, responderSigPrk, signedInitiatorPbk, signedInitiatorSigPbk, initiatorOneTimePbkCipherClearJson, receivedCardInput, sharedCipherDataClearJson, receiverKey, ccSharedKey, sigPxk, _a, _b, _c, _d, _e, _f, _g, _h, sharedCipherData, _j, _k, _l, responderCardInput, ownerKey, ccSharedKey, sigPxk, _m, _o, _p, _q, _r, _s, _t, _u, sharedCipherData, _v, _w, _x, _y, _z, _0, initiatorOneTimePbkCipher;
8586
- return __generator(this, function (_1) {
8587
- switch (_1.label) {
8596
+ var rootKey, masterKey, sharedKey, mkSharedKey, rkWrappedSharedKey, mkWrappedMkSharedKey, initiatorOneTimePbk, initiatorPbk, initiatorSigPbk, responderPrk, responderSigPrk, signedInitiatorPbk, signedInitiatorSigPbk, initiatorOneTimePbkCipherClearJson, receivedCardInput, sharedCipherDataClearJson, receiverKey, ccSharedKey, sigPxk, _b, _c, _d, _e, _f, _g, _h, _j, sharedCipherData, _k, _l, _m, responderCardInput, ownerKey, ccSharedKey, sigPxk, _o, _p, _q, _r, _s, _t, _u, _v, sharedCipherData, _w, _x, _y, _z, _0, _1, initiatorOneTimePbkCipher;
8597
+ return __generator(this, function (_2) {
8598
+ switch (_2.label) {
8588
8599
  case 0:
8600
+ // Validate that the OTK was properly decrypted before proceeding.
8601
+ // This can fail if the one-time key (otKeyK) was not provided or was invalid,
8602
+ // which can happen if the invite URL hash fragment was lost (e.g., page refresh after hash removal).
8603
+ if (!((_a = decryptedOtk === null || decryptedOtk === void 0 ? void 0 : decryptedOtk.otKeyCipherClearJson) === null || _a === void 0 ? void 0 : _a.initiator)) {
8604
+ throw new Error('Failed to decrypt key exchange data. The invite link may be invalid or expired. ' +
8605
+ 'Please request a new invite from the sender.');
8606
+ }
8589
8607
  rootKey = this.keyService.currentRootKey;
8590
8608
  masterKey = this.keyService.currentMasterKey;
8591
8609
  return [4 /*yield*/, this.keyFactory.createKey()];
8592
8610
  case 1:
8593
- sharedKey = _1.sent();
8611
+ sharedKey = _2.sent();
8594
8612
  return [4 /*yield*/, this.keyFactory.createKey()];
8595
8613
  case 2:
8596
- mkSharedKey = _1.sent();
8614
+ mkSharedKey = _2.sent();
8597
8615
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true))];
8598
8616
  case 3:
8599
- rkWrappedSharedKey = _1.sent();
8617
+ rkWrappedSharedKey = _2.sent();
8600
8618
  return [4 /*yield*/, this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true))];
8601
8619
  case 4:
8602
- mkWrappedMkSharedKey = _1.sent();
8620
+ mkWrappedMkSharedKey = _2.sent();
8603
8621
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk)];
8604
8622
  case 5:
8605
- initiatorOneTimePbk = _1.sent();
8623
+ initiatorOneTimePbk = _2.sent();
8606
8624
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.pbk)];
8607
8625
  case 6:
8608
- initiatorPbk = _1.sent();
8626
+ initiatorPbk = _2.sent();
8609
8627
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.sigPbk)];
8610
8628
  case 7:
8611
- initiatorSigPbk = _1.sent();
8629
+ initiatorSigPbk = _2.sent();
8612
8630
  responderPrk = this.keyService.currentPxk;
8613
8631
  responderSigPrk = this.keyService.currentSigPxk;
8614
8632
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, initiatorPbk.toJSON())];
8615
8633
  case 8:
8616
- signedInitiatorPbk = _1.sent();
8634
+ signedInitiatorPbk = _2.sent();
8617
8635
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, initiatorSigPbk.toJSON())];
8618
8636
  case 9:
8619
- signedInitiatorSigPbk = _1.sent();
8637
+ signedInitiatorSigPbk = _2.sent();
8620
8638
  initiatorOneTimePbkCipherClearJson = {
8621
8639
  nonce: decryptedOtk.otKeyCipherClearJson.nonce,
8622
8640
  sharedKey: sharedKey.toJSON(true),
@@ -8632,102 +8650,102 @@
8632
8650
  .sharedCipherDataClearJson;
8633
8651
  return [4 /*yield*/, this.keyFactory.createKey()];
8634
8652
  case 10:
8635
- receiverKey = _1.sent();
8653
+ receiverKey = _2.sent();
8636
8654
  return [4 /*yield*/, this.keyFactory.createKey()];
8637
8655
  case 11:
8638
- ccSharedKey = _1.sent();
8656
+ ccSharedKey = _2.sent();
8639
8657
  sigPxk = this.keyService.currentSigPxk;
8640
- _a = {};
8641
- _c = (_b = JSON).stringify;
8658
+ _b = {};
8659
+ _d = (_c = JSON).stringify;
8642
8660
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))];
8643
8661
  case 12:
8644
- _a.receiverWrappedKey = _c.apply(_b, [_1.sent()]),
8645
- _a.receiverWrappingKeyId = rootKey.id;
8662
+ _b.receiverWrappedKey = _d.apply(_c, [_2.sent()]),
8663
+ _b.receiverWrappingKeyId = rootKey.id;
8646
8664
  if (!initiatorContactCard) return [3 /*break*/, 14];
8647
- _f = (_e = JSON).stringify;
8665
+ _g = (_f = JSON).stringify;
8648
8666
  return [4 /*yield*/, this.encryptionService.encrypt(receiverKey, initiatorContactCard.receiverCipherDataClearJson)];
8649
8667
  case 13:
8650
- _d = _f.apply(_e, [_1.sent()]);
8668
+ _e = _g.apply(_f, [_2.sent()]);
8651
8669
  return [3 /*break*/, 15];
8652
8670
  case 14:
8653
- _d = '';
8654
- _1.label = 15;
8671
+ _e = '';
8672
+ _2.label = 15;
8655
8673
  case 15:
8656
- _a.receiverCipherData = _d;
8657
- _h = (_g = JSON).stringify;
8674
+ _b.receiverCipherData = _e;
8675
+ _j = (_h = JSON).stringify;
8658
8676
  return [4 /*yield*/, this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))];
8659
8677
  case 16:
8660
- receivedCardInput = (_a.sharedWrappedKey = _h.apply(_g, [_1.sent()]),
8661
- _a);
8678
+ receivedCardInput = (_b.sharedWrappedKey = _j.apply(_h, [_2.sent()]),
8679
+ _b);
8662
8680
  return [4 /*yield*/, this.encryptionService.encrypt(ccSharedKey, sharedCipherDataClearJson)];
8663
8681
  case 17:
8664
- sharedCipherData = _1.sent();
8665
- _j = receivedCardInput;
8666
- _l = (_k = JSON).stringify;
8682
+ sharedCipherData = _2.sent();
8683
+ _k = receivedCardInput;
8684
+ _m = (_l = JSON).stringify;
8667
8685
  return [4 /*yield*/, this.encryptionService.sign(sigPxk.jwk, sharedCipherData)];
8668
8686
  case 18:
8669
- _j.sharedCipherDataSig = _l.apply(_k, [_1.sent()]);
8687
+ _k.sharedCipherDataSig = _m.apply(_l, [_2.sent()]);
8670
8688
  receivedCardInput.sigPxkId = sigPxk.id;
8671
8689
  initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherKey: ccSharedKey.toJSON(true) });
8672
- _1.label = 19;
8690
+ _2.label = 19;
8673
8691
  case 19:
8674
8692
  if (!responderContactCard) return [3 /*break*/, 31];
8675
8693
  return [4 /*yield*/, this.keyFactory.createKey()];
8676
8694
  case 20:
8677
- ownerKey = _1.sent();
8695
+ ownerKey = _2.sent();
8678
8696
  return [4 /*yield*/, this.keyFactory.createKey()];
8679
8697
  case 21:
8680
- ccSharedKey = _1.sent();
8698
+ ccSharedKey = _2.sent();
8681
8699
  sigPxk = this.keyService.currentSigPxk;
8682
- _m = {};
8683
- _p = (_o = JSON).stringify;
8700
+ _o = {};
8701
+ _q = (_p = JSON).stringify;
8684
8702
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))];
8685
8703
  case 22:
8686
- _m.ownerWrappedKey = _p.apply(_o, [_1.sent()]),
8687
- _m.ownerWrappingKeyId = rootKey.id;
8704
+ _o.ownerWrappedKey = _q.apply(_p, [_2.sent()]),
8705
+ _o.ownerWrappingKeyId = rootKey.id;
8688
8706
  if (!responderContactCard.ownerCipherDataClearJson) return [3 /*break*/, 24];
8689
- _s = (_r = JSON).stringify;
8707
+ _t = (_s = JSON).stringify;
8690
8708
  return [4 /*yield*/, this.encryptionService.encrypt(ownerKey, responderContactCard.ownerCipherDataClearJson)];
8691
8709
  case 23:
8692
- _q = _s.apply(_r, [_1.sent()]);
8710
+ _r = _t.apply(_s, [_2.sent()]);
8693
8711
  return [3 /*break*/, 25];
8694
8712
  case 24:
8695
- _q = '';
8696
- _1.label = 25;
8713
+ _r = '';
8714
+ _2.label = 25;
8697
8715
  case 25:
8698
- _m.ownerCipherData = _q;
8699
- _u = (_t = JSON).stringify;
8716
+ _o.ownerCipherData = _r;
8717
+ _v = (_u = JSON).stringify;
8700
8718
  return [4 /*yield*/, this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))];
8701
8719
  case 26:
8702
- responderCardInput = (_m.sharedWrappedKey = _u.apply(_t, [_1.sent()]),
8703
- _m);
8720
+ responderCardInput = (_o.sharedWrappedKey = _v.apply(_u, [_2.sent()]),
8721
+ _o);
8704
8722
  return [4 /*yield*/, this.encryptionService.encrypt(ccSharedKey, responderContactCard.sharedCipherDataClearJson)];
8705
8723
  case 27:
8706
- sharedCipherData = _1.sent();
8707
- _v = responderCardInput;
8708
- _x = (_w = JSON).stringify;
8724
+ sharedCipherData = _2.sent();
8725
+ _w = responderCardInput;
8726
+ _y = (_x = JSON).stringify;
8709
8727
  return [4 /*yield*/, this.encryptionService.sign(sigPxk.jwk, sharedCipherData)];
8710
8728
  case 28:
8711
- _v.sharedCipherDataSig = _x.apply(_w, [_1.sent()]);
8729
+ _w.sharedCipherDataSig = _y.apply(_x, [_2.sent()]);
8712
8730
  responderCardInput.sigPxkId = sigPxk.id;
8713
8731
  if (!responderContactCard.ownerPlainDataJson) return [3 /*break*/, 30];
8714
- _y = responderCardInput;
8715
- _0 = (_z = JSON).stringify;
8732
+ _z = responderCardInput;
8733
+ _1 = (_0 = JSON).stringify;
8716
8734
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, responderContactCard.ownerPlainDataJson)];
8717
8735
  case 29:
8718
- _y.ownerPlainDataSig = _0.apply(_z, [_1.sent()]);
8719
- _1.label = 30;
8736
+ _z.ownerPlainDataSig = _1.apply(_0, [_2.sent()]);
8737
+ _2.label = 30;
8720
8738
  case 30:
8721
8739
  // Contact card info readable by the initiator
8722
8740
  initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherDataClearJson: responderContactCard.sharedCipherDataClearJson });
8723
- _1.label = 31;
8741
+ _2.label = 31;
8724
8742
  case 31: return [4 /*yield*/, this.encryptionService.encrypt(initiatorOneTimePbk, initiatorOneTimePbkCipherClearJson)];
8725
8743
  case 32:
8726
- initiatorOneTimePbkCipher = _1.sent();
8744
+ initiatorOneTimePbkCipher = _2.sent();
8727
8745
  return [4 /*yield*/, this.encryptionService.encrypt(decryptedOtk.otKey, initiatorOneTimePbkCipher)];
8728
8746
  case 33:
8729
8747
  // Encrypt with the otk again to keep use of asymmetric keys to a minimum.
8730
- initiatorOneTimePbkCipher = _1.sent();
8748
+ initiatorOneTimePbkCipher = _2.sent();
8731
8749
  return [2 /*return*/, new LrMutation({
8732
8750
  mutation: RespondKeyExchangeOtkMutation,
8733
8751
  variables: {
@@ -8760,26 +8778,26 @@
8760
8778
  KeyExchangeService.prototype.completeOtk = function (input) {
8761
8779
  return this.mutate(this.completeOtkMutation(input));
8762
8780
  };
8763
- KeyExchangeService.prototype.completeOtkMutation = function (_a) {
8764
- var keyExchangeId = _a.keyExchangeId, initiatorRootKeyCipher = _a.initiatorRootKeyCipher, initiatorOneTimePbkCipher = _a.initiatorOneTimePbkCipher, responderContactCard = _a.responderContactCard, initiatorContactCard = _a.initiatorContactCard;
8781
+ KeyExchangeService.prototype.completeOtkMutation = function (_b) {
8782
+ var keyExchangeId = _b.keyExchangeId, initiatorRootKeyCipher = _b.initiatorRootKeyCipher, initiatorOneTimePbkCipher = _b.initiatorOneTimePbkCipher, responderContactCard = _b.responderContactCard, initiatorContactCard = _b.initiatorContactCard;
8765
8783
  return __awaiter(this, void 0, void 0, function () {
8766
- var rootKey, masterKey, initiatorRootKeyCipherClearJson, plainInitiatorOneTimePbkCipher, _a, _b, initiatorSigPrk, responderSigPbk, responderPbk, signedResponderPbk, signedResponderSigPbk, sharedKey, rkWrappedSharedKey, mkSharedKey, mkWrappedMkSharedKey, responderContactCardCipherInput, receiverKey, _c, _d, _e, _f, _g, initiatorContactCardCipherInput, initiatorContactCardSharedCipherInput, initiatorContactCardFromInit, ownerKey, sharedCipherKey, ownerWrappedKey, _h, _j, ownerCipherDataClearJson, ownerCipherData, _k, sharedCipherData, _l, _m, _o;
8767
- return __generator(this, function (_p) {
8768
- switch (_p.label) {
8784
+ var rootKey, masterKey, initiatorRootKeyCipherClearJson, plainInitiatorOneTimePbkCipher, _b, _c, initiatorSigPrk, responderSigPbk, responderPbk, signedResponderPbk, signedResponderSigPbk, sharedKey, rkWrappedSharedKey, mkSharedKey, mkWrappedMkSharedKey, responderContactCardCipherInput, receiverKey, _d, _e, _f, _g, _h, initiatorContactCardCipherInput, initiatorContactCardSharedCipherInput, initiatorContactCardFromInit, ownerKey, sharedCipherKey, ownerWrappedKey, _j, _k, ownerCipherDataClearJson, ownerCipherData, _l, sharedCipherData, _m, _o, _p;
8785
+ return __generator(this, function (_q) {
8786
+ switch (_q.label) {
8769
8787
  case 0:
8770
8788
  rootKey = this.keyService.currentRootKey;
8771
8789
  masterKey = this.keyService.currentMasterKey;
8772
8790
  return [4 /*yield*/, this.encryptionService.decrypt(rootKey.jwk, initiatorRootKeyCipher)];
8773
8791
  case 1:
8774
- initiatorRootKeyCipherClearJson = (_p.sent());
8775
- _a = this.decryptResponseCipher;
8792
+ initiatorRootKeyCipherClearJson = (_q.sent());
8793
+ _b = this.decryptResponseCipher;
8776
8794
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey)];
8777
8795
  case 2:
8778
- _b = [_p.sent()];
8796
+ _c = [_q.sent()];
8779
8797
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk)];
8780
- case 3: return [4 /*yield*/, _a.apply(this, _b.concat([_p.sent(), initiatorOneTimePbkCipher]))];
8798
+ case 3: return [4 /*yield*/, _b.apply(this, _c.concat([_q.sent(), initiatorOneTimePbkCipher]))];
8781
8799
  case 4:
8782
- plainInitiatorOneTimePbkCipher = _p.sent();
8800
+ plainInitiatorOneTimePbkCipher = _q.sent();
8783
8801
  // Check the nonce match to ensure the responder was the one holding the OTK
8784
8802
  if (initiatorRootKeyCipherClearJson.nonce !==
8785
8803
  plainInitiatorOneTimePbkCipher.nonce) {
@@ -8788,69 +8806,69 @@
8788
8806
  initiatorSigPrk = this.keyService.currentSigPxk;
8789
8807
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.sigPbk)];
8790
8808
  case 5:
8791
- responderSigPbk = _p.sent();
8809
+ responderSigPbk = _q.sent();
8792
8810
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.pbk)];
8793
8811
  case 6:
8794
- responderPbk = _p.sent();
8812
+ responderPbk = _q.sent();
8795
8813
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, responderPbk.toJSON())];
8796
8814
  case 7:
8797
- signedResponderPbk = _p.sent();
8815
+ signedResponderPbk = _q.sent();
8798
8816
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, responderSigPbk.toJSON())];
8799
8817
  case 8:
8800
- signedResponderSigPbk = _p.sent();
8818
+ signedResponderSigPbk = _q.sent();
8801
8819
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.sharedKey)];
8802
8820
  case 9:
8803
- sharedKey = _p.sent();
8821
+ sharedKey = _q.sent();
8804
8822
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true))];
8805
8823
  case 10:
8806
- rkWrappedSharedKey = _p.sent();
8824
+ rkWrappedSharedKey = _q.sent();
8807
8825
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.mkSharedKey)];
8808
8826
  case 11:
8809
- mkSharedKey = _p.sent();
8827
+ mkSharedKey = _q.sent();
8810
8828
  return [4 /*yield*/, this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true))];
8811
8829
  case 12:
8812
- mkWrappedMkSharedKey = _p.sent();
8830
+ mkWrappedMkSharedKey = _q.sent();
8813
8831
  if (!responderContactCard) return [3 /*break*/, 16];
8814
8832
  return [4 /*yield*/, this.keyFactory.createKey()];
8815
8833
  case 13:
8816
- receiverKey = _p.sent();
8817
- _c = {};
8818
- _e = (_d = JSON).stringify;
8834
+ receiverKey = _q.sent();
8835
+ _d = {};
8836
+ _f = (_e = JSON).stringify;
8819
8837
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))];
8820
8838
  case 14:
8821
- _c.receiverWrappedKey = _e.apply(_d, [_p.sent()]),
8822
- _c.receiverWrappingKeyId = rootKey.id;
8823
- _g = (_f = JSON).stringify;
8839
+ _d.receiverWrappedKey = _f.apply(_e, [_q.sent()]),
8840
+ _d.receiverWrappingKeyId = rootKey.id;
8841
+ _h = (_g = JSON).stringify;
8824
8842
  return [4 /*yield*/, this.encryptionService.encrypt(receiverKey, responderContactCard.receiverCipherDataClearJson)];
8825
8843
  case 15:
8826
- responderContactCardCipherInput = (_c.receiverCipherData = _g.apply(_f, [_p.sent()]),
8827
- _c);
8828
- _p.label = 16;
8844
+ responderContactCardCipherInput = (_d.receiverCipherData = _h.apply(_g, [_q.sent()]),
8845
+ _d);
8846
+ _q.label = 16;
8829
8847
  case 16:
8830
8848
  if (!initiatorRootKeyCipherClearJson.initiatorContactCard) return [3 /*break*/, 25];
8831
8849
  initiatorContactCardFromInit = initiatorRootKeyCipherClearJson.initiatorContactCard;
8832
8850
  return [4 /*yield*/, this.keyFactory.createKey()];
8833
8851
  case 17:
8834
- ownerKey = _p.sent();
8852
+ ownerKey = _q.sent();
8835
8853
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey)];
8836
8854
  case 18:
8837
- sharedCipherKey = _p.sent();
8838
- _j = (_h = JSON).stringify;
8855
+ sharedCipherKey = _q.sent();
8856
+ _k = (_j = JSON).stringify;
8839
8857
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))];
8840
8858
  case 19:
8841
- ownerWrappedKey = _j.apply(_h, [_p.sent()]);
8859
+ ownerWrappedKey = _k.apply(_j, [_q.sent()]);
8842
8860
  ownerCipherDataClearJson = (initiatorContactCard === null || initiatorContactCard === void 0 ? void 0 : initiatorContactCard.ownerCipherDataClearJson) ||
8843
8861
  initiatorContactCardFromInit.ownerCipherDataClearJson;
8844
8862
  if (!ownerCipherDataClearJson) return [3 /*break*/, 21];
8845
8863
  return [4 /*yield*/, this.keyGraph.encryptToString(ownerKey, ownerCipherDataClearJson)];
8846
8864
  case 20:
8847
- _k = _p.sent();
8865
+ _l = _q.sent();
8848
8866
  return [3 /*break*/, 22];
8849
8867
  case 21:
8850
- _k = '';
8851
- _p.label = 22;
8868
+ _l = '';
8869
+ _q.label = 22;
8852
8870
  case 22:
8853
- ownerCipherData = _k;
8871
+ ownerCipherData = _l;
8854
8872
  initiatorContactCardCipherInput = {
8855
8873
  ownerWrappedKey: ownerWrappedKey,
8856
8874
  ownerWrappingKeyId: rootKey.id,
@@ -8861,14 +8879,14 @@
8861
8879
  };
8862
8880
  return [4 /*yield*/, this.encryptionService.encrypt(sharedCipherKey, initiatorContactCardFromInit.sharedCipherDataClearJson)];
8863
8881
  case 23:
8864
- sharedCipherData = _p.sent();
8865
- _l = initiatorContactCardSharedCipherInput;
8866
- _o = (_m = JSON).stringify;
8882
+ sharedCipherData = _q.sent();
8883
+ _m = initiatorContactCardSharedCipherInput;
8884
+ _p = (_o = JSON).stringify;
8867
8885
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData)];
8868
8886
  case 24:
8869
- _l.sharedCipherDataSig =
8870
- _o.apply(_m, [_p.sent()]);
8871
- _p.label = 25;
8887
+ _m.sharedCipherDataSig =
8888
+ _p.apply(_o, [_q.sent()]);
8889
+ _q.label = 25;
8872
8890
  case 25:
8873
8891
  // TODO ideally we update the shared data in the contact card sent to the responder as well since that
8874
8892
  // CC was created by the responder.