@lightsparkdev/core 0.2.1 → 0.2.3

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @lightsparkdev/core
 
+## 0.2.3
+
+### Patch Changes
+
+- 8bf7fe0: Patch release for core and wallet sdks.
+
+  - Expose a function for raw subscriptions from the wallet client.
+  - Fix type exports.
+  - Fix a parsing bug in the wallet dashboard query
+
+## 0.2.2
+
+### Patch Changes
+
+- Refactor internals to allow for a custom react native crypto implementation to be injected into the LightsparkClient.
+
 ## 0.2.1
 
 ### Patch Changes

package/README.md

@@ -1,5 +1,7 @@
 # The Lightspark JS+TS Core package
 
+![npm (scoped)](https://img.shields.io/npm/v/@lightsparkdev/core)
+
 This is the Lightspark Typescript Core package, which can be used either from a node or browser environment. The package contains core objects and utilities that are used by all Lightspark Typescript SDKs and may be useful for your project.
 
 ## Getting started
@@ -9,3 +11,5 @@ To use the package, you'll need to install it from npm:
 ```bash
 $ npm install @lightsparkdev/core
 ```
+
+TODO

package/dist/index.cjs

@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  DefaultCrypto: () => DefaultCrypto,
   LightsparkAuthException: () => LightsparkAuthException_default,
   LightsparkException: () => LightsparkException_default,
   LightsparkSigningException: () => LightsparkSigningException_default,
@@ -41,19 +42,9 @@ __export(src_exports, {
   b64decode: () => b64decode,
   b64encode: () => b64encode,
   convertCurrencyAmount: () => convertCurrencyAmount,
-  decode: () => decode,
-  decrypt: () => decrypt,
-  decryptSecretWithNodePassword: () => decryptSecretWithNodePassword,
-  encrypt: () => encrypt,
-  encryptWithNodeKey: () => encryptWithNodeKey,
-  generateSigningKeyPair: () => generateSigningKeyPair,
-  getCrypto: () => getCrypto,
-  getNonce: () => getNonce,
   isBrowser: () => isBrowser,
   isNode: () => isNode,
   isType: () => isType,
-  loadNodeEncryptionKey: () => loadNodeEncryptionKey,
-  serializeSigningKey: () => serializeSigningKey,
   urlsafe_b64decode: () => urlsafe_b64decode
 });
 module.exports = __toCommonJS(src_exports);
@@ -94,14 +85,44 @@ var StubAuthProvider = class {
 };
 
 // src/utils/base64.ts
+var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+var Base64 = {
+  btoa: (input = "") => {
+    let str = input;
+    let output = "";
+    for (let block = 0, charCode, i = 0, map = chars; str.charAt(i | 0) || (map = "=", i % 1); output += map.charAt(63 & block >> 8 - i % 1 * 8)) {
+      charCode = str.charCodeAt(i += 3 / 4);
+      if (charCode > 255) {
+        throw new Error(
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+        );
+      }
+      block = block << 8 | charCode;
+    }
+    return output;
+  },
+  atob: (input = "") => {
+    let str = input.replace(/=+$/, "");
+    let output = "";
+    if (str.length % 4 == 1) {
+      throw new Error(
+        "'atob' failed: The string to be decoded is not correctly encoded."
+      );
+    }
+    for (let bc = 0, bs = 0, buffer, i = 0; buffer = str.charAt(i++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0) {
+      buffer = chars.indexOf(buffer);
+    }
+    return output;
+  }
+};
 var b64decode = (encoded) => {
-  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+  return Uint8Array.from(Base64.atob(encoded), (c) => c.charCodeAt(0));
 };
 var urlsafe_b64decode = (encoded) => {
   return b64decode(encoded.replace(/_/g, "/").replace(/-/g, "+"));
 };
 var b64encode = (data) => {
-  return btoa(
+  return Base64.btoa(
     String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
   );
 };
@@ -115,8 +136,7 @@ var LightsparkSigningException = class extends LightsparkException_default {
 var LightsparkSigningException_default = LightsparkSigningException;
 
 // src/crypto/crypto.ts
-var ITERATIONS = 5e5;
-function getCrypto() {
+var getCrypto = () => {
   let cryptoImplPromise;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -126,34 +146,26 @@ function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-var getRandomValues = async (arr) => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
-  }
 };
 var getRandomValues32 = async (arr) => {
   if (typeof crypto !== "undefined") {
     return crypto.getRandomValues(arr);
   } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
   }
 };
 var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const enc = new TextEncoder();
-  const cryptoImpl2 = await getCrypto();
-  const password_key = await cryptoImpl2.subtle.importKey(
+  const cryptoImpl = await getCrypto();
+  const password_key = await cryptoImpl.subtle.importKey(
     "raw",
     enc.encode(password),
     "PBKDF2",
     false,
     ["deriveBits", "deriveKey"]
   );
-  const derived = await cryptoImpl2.subtle.deriveBits(
+  const derived = await cryptoImpl.subtle.deriveBits(
     {
       name: "PBKDF2",
       salt,
@@ -163,7 +175,7 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
     password_key,
     bit_len
   );
-  const key = await cryptoImpl2.subtle.importKey(
+  const key = await cryptoImpl.subtle.importKey(
     "raw",
     derived.slice(0, 32),
     { name: algorithm, length: 256 },
@@ -173,25 +185,6 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const iv = derived.slice(32);
   return [key, iv];
 };
-var encrypt = async (plaintext, password, salt) => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl2 = await getCrypto();
-  const encrypted = new Uint8Array(
-    await cryptoImpl2.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-  const header = {
-    v: 4,
-    i: ITERATIONS
-  };
-  return [JSON.stringify(header), b64encode(output)];
-};
 var decrypt = async (header_json, ciphertext, password) => {
   var decoded = b64decode(ciphertext);
   var header;
@@ -210,7 +203,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       "Unknown version ".concat(header.v)
     );
   }
-  const cryptoImpl2 = await getCrypto();
+  const cryptoImpl = await getCrypto();
   const algorithm = header.v < 2 ? "AES-CBC" : "AES-GCM";
   const bit_len = header.v < 4 ? 384 : 352;
   const salt_len = header.v < 4 ? 8 : 16;
@@ -225,7 +218,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       256
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv: nonce.buffer },
       key,
       cipherText
@@ -240,7 +233,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       bit_len
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv },
       key,
       encrypted
@@ -256,13 +249,9 @@ async function decryptSecretWithNodePassword(cipher, encryptedSecret, nodePasswo
   }
   return decryptedValue;
 }
-function decode(arrBuff) {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
 var generateSigningKeyPair = async () => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.generateKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/
     {
       name: "RSA-PSS",
@@ -277,74 +266,72 @@ var generateSigningKeyPair = async () => {
   );
 };
 var serializeSigningKey = async (key, format) => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.exportKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.exportKey(
     /*format*/
     format,
     /*key*/
     key
   );
 };
-var encryptWithNodeKey = async (key, data) => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/
+var getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+var sign = async (key, data) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
     {
-      name: "RSA-OAEP"
+      name: "RSA-PSS",
+      saltLength: 32
     },
-    /*key*/
     key,
-    /*data*/
-    encoded
+    data
   );
-  return b64encode(encrypted);
 };
-var loadNodeEncryptionKey = async (rawPublicKey) => {
-  const encoded = b64decode(rawPublicKey);
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.importKey(
+var importPrivateSigningKey = async (keyData, format) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.importKey(
     /*format*/
-    "spki",
+    format,
     /*keyData*/
-    encoded,
-    /*algorithm:*/
+    keyData,
+    /*algorithm*/
     {
-      name: "RSA-OAEP",
+      name: "RSA-PSS",
       hash: "SHA-256"
     },
     /*extractable*/
     true,
     /*keyUsages*/
-    ["encrypt"]
+    ["sign"]
   );
 };
-var getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+var DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey
 };
 
 // src/crypto/NodeKeyCache.ts
 var import_auto_bind = __toESM(require("auto-bind"), 1);
 var NodeKeyCache = class {
-  idToKey;
-  constructor() {
+  constructor(cryptoImpl = DefaultCrypto) {
+    this.cryptoImpl = cryptoImpl;
     this.idToKey = /* @__PURE__ */ new Map();
     (0, import_auto_bind.default)(this);
   }
-  async loadKey(id, rawKey) {
-    const decoded = b64decode(rawKey);
+  idToKey;
+  async loadKey(id, rawKey, format = "pkcs8") {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl2 = await getCrypto();
-      const key = await cryptoImpl2.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256"
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -359,6 +346,9 @@ var NodeKeyCache = class {
   hasKey(id) {
     return this.idToKey.has(id);
   }
+  stripPemTags(pem) {
+    return pem.replace(/-----BEGIN (.*)-----/, "").replace(/-----END (.*)----/, "");
+  }
 };
 var NodeKeyCache_default = NodeKeyCache;
 
@@ -380,12 +370,13 @@ var LIGHTSPARK_BETA_HEADER_KEY = "X-Lightspark-Beta";
 var LIGHTSPARK_BETA_HEADER_VALUE = "z2h0BBYxTA83cjW7fi8QwWtBPCzkQKiemcuhKY08LOo";
 import_dayjs.default.extend(import_utc.default);
 var Requester = class {
-  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL) {
+  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL, cryptoImpl = DefaultCrypto) {
     this.nodeKeyCache = nodeKeyCache;
     this.schemaEndpoint = schemaEndpoint;
     this.sdkUserAgent = sdkUserAgent;
     this.authProvider = authProvider;
     this.baseUrl = baseUrl;
+    this.cryptoImpl = cryptoImpl;
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
       websocketImpl = import_ws.default;
@@ -511,7 +502,7 @@ var Requester = class {
     const query = queryPayload.query;
     const variables = queryPayload.variables;
     const operationName = queryPayload.operationName;
-    const nonce = await getNonce();
+    const nonce = await this.cryptoImpl.getNonce();
     const expiration = import_dayjs.default.utc().add(1, "hour").format();
     const payload = {
       query,
@@ -526,16 +517,11 @@ var Requester = class {
         "Missing node of encrypted_signing_private_key"
       );
     }
+    if (typeof TextEncoder === "undefined") {
+      const TextEncoder2 = (await import("text-encoding")).TextEncoder;
+    }
     const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
-    const cryptoImpl2 = await getCrypto();
-    const signedPayload = await cryptoImpl2.subtle.sign(
-      {
-        name: "RSA-PSS",
-        saltLength: 32
-      },
-      key,
-      encodedPayload
-    );
+    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -635,6 +621,7 @@ var isType = (typename) => (node) => {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DefaultCrypto,
   LightsparkAuthException,
   LightsparkException,
   LightsparkSigningException,
@@ -646,18 +633,8 @@ var isType = (typename) => (node) => {
   b64decode,
   b64encode,
   convertCurrencyAmount,
-  decode,
-  decrypt,
-  decryptSecretWithNodePassword,
-  encrypt,
-  encryptWithNodeKey,
-  generateSigningKeyPair,
-  getCrypto,
-  getNonce,
   isBrowser,
   isNode,
   isType,
-  loadNodeEncryptionKey,
-  serializeSigningKey,
   urlsafe_b64decode
 });

package/dist/index.d.ts

@@ -27,26 +27,38 @@ declare class LightsparkSigningException extends LightsparkException {
     constructor(message: string, extraInfo?: any);
 }
 
-declare function getCrypto(): Promise<Crypto>;
-declare const encrypt: (plaintext: ArrayBuffer, password: string, salt?: Uint8Array) => Promise<[
-    string,
-    string
-]>;
-declare const decrypt: (header_json: string, ciphertext: string, password: string) => Promise<ArrayBuffer>;
+type CryptoInterface = {
+    decryptSecretWithNodePassword: (cipher: string, encryptedSecret: string, nodePassword: string) => Promise<ArrayBuffer | null>;
+    generateSigningKeyPair: () => Promise<{
+        publicKey: CryptoKey | string;
+        privateKey: CryptoKey | string;
+    }>;
+    serializeSigningKey: (key: CryptoKey | string, format: "pkcs8" | "spki") => Promise<ArrayBuffer>;
+    getNonce: () => Promise<number>;
+    sign: (key: CryptoKey | Uint8Array, data: Uint8Array) => Promise<ArrayBuffer>;
+    importPrivateSigningKey: (keyData: Uint8Array, format: "pkcs8" | "spki") => Promise<CryptoKey | Uint8Array>;
+};
 declare function decryptSecretWithNodePassword(cipher: string, encryptedSecret: string, nodePassword: string): Promise<ArrayBuffer | null>;
-declare function decode(arrBuff: ArrayBuffer): string;
-declare const generateSigningKeyPair: () => Promise<CryptoKeyPair>;
-declare const serializeSigningKey: (key: CryptoKey, format: "pkcs8" | "spki") => Promise<ArrayBuffer>;
-declare const encryptWithNodeKey: (key: CryptoKey, data: string) => Promise<string>;
-declare const loadNodeEncryptionKey: (rawPublicKey: string) => Promise<CryptoKey>;
-declare const getNonce: () => Promise<number>;
+declare const DefaultCrypto: {
+    decryptSecretWithNodePassword: typeof decryptSecretWithNodePassword;
+    generateSigningKeyPair: () => Promise<CryptoKeyPair | {
+        publicKey: string;
+        privateKey: string;
+    }>;
+    serializeSigningKey: (key: CryptoKey | string, format: "pkcs8" | "spki") => Promise<ArrayBuffer>;
+    getNonce: () => Promise<number>;
+    sign: (key: CryptoKey | Uint8Array, data: Uint8Array) => Promise<ArrayBuffer>;
+    importPrivateSigningKey: (keyData: Uint8Array, format: "pkcs8" | "spki") => Promise<CryptoKey | Uint8Array>;
+};
 
 declare class NodeKeyCache {
+    private readonly cryptoImpl;
     private idToKey;
-    constructor();
-    loadKey(id: string, rawKey: string): Promise<CryptoKey | null>;
-    getKey(id: string): CryptoKey | undefined;
+    constructor(cryptoImpl?: CryptoInterface);
+    loadKey(id: string, rawKey: string, format?: "pkcs8" | "spki"): Promise<CryptoKey | Uint8Array | null>;
+    getKey(id: string): CryptoKey | Uint8Array | undefined;
     hasKey(id: string): boolean;
+    private stripPemTags;
 }
 
 type Query<T> = {
@@ -68,8 +80,9 @@ declare class Requester {
     private readonly sdkUserAgent;
     private readonly authProvider;
     private readonly baseUrl;
+    private readonly cryptoImpl;
     private readonly wsClient;
-    constructor(nodeKeyCache: NodeKeyCache, schemaEndpoint: string, sdkUserAgent: string, authProvider?: AuthProvider, baseUrl?: string);
+    constructor(nodeKeyCache: NodeKeyCache, schemaEndpoint: string, sdkUserAgent: string, authProvider?: AuthProvider, baseUrl?: string, cryptoImpl?: CryptoInterface);
     executeQuery<T>(query: Query<T>): Promise<T | null>;
     subscribe(queryPayload: string, variables?: {
         [key: string]: any;
@@ -150,4 +163,4 @@ declare const isType: <T extends string>(typename: T) => <N extends {
     __typename: T;
 }>;
 
-export { AuthProvider, ById, ExpandRecursively, LightsparkAuthException, LightsparkException, LightsparkSigningException, Maybe, NodeKeyCache, OmitTypename, Query, Requester, ServerEnvironment, StubAuthProvider, apiDomainForEnvironment, b64decode, b64encode, convertCurrencyAmount, decode, decrypt, decryptSecretWithNodePassword, encrypt, encryptWithNodeKey, generateSigningKeyPair, getCrypto, getNonce, isBrowser, isNode, isType, loadNodeEncryptionKey, serializeSigningKey, urlsafe_b64decode };
+export { AuthProvider, ById, CryptoInterface, DefaultCrypto, ExpandRecursively, LightsparkAuthException, LightsparkException, LightsparkSigningException, Maybe, NodeKeyCache, OmitTypename, Query, Requester, ServerEnvironment, StubAuthProvider, apiDomainForEnvironment, b64decode, b64encode, convertCurrencyAmount, isBrowser, isNode, isType, urlsafe_b64decode };

package/dist/index.js

@@ -34,14 +34,44 @@ var StubAuthProvider = class {
 };
 
 // src/utils/base64.ts
+var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+var Base64 = {
+  btoa: (input = "") => {
+    let str = input;
+    let output = "";
+    for (let block = 0, charCode, i = 0, map = chars; str.charAt(i | 0) || (map = "=", i % 1); output += map.charAt(63 & block >> 8 - i % 1 * 8)) {
+      charCode = str.charCodeAt(i += 3 / 4);
+      if (charCode > 255) {
+        throw new Error(
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+        );
+      }
+      block = block << 8 | charCode;
+    }
+    return output;
+  },
+  atob: (input = "") => {
+    let str = input.replace(/=+$/, "");
+    let output = "";
+    if (str.length % 4 == 1) {
+      throw new Error(
+        "'atob' failed: The string to be decoded is not correctly encoded."
+      );
+    }
+    for (let bc = 0, bs = 0, buffer, i = 0; buffer = str.charAt(i++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0) {
+      buffer = chars.indexOf(buffer);
+    }
+    return output;
+  }
+};
 var b64decode = (encoded) => {
-  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+  return Uint8Array.from(Base64.atob(encoded), (c) => c.charCodeAt(0));
 };
 var urlsafe_b64decode = (encoded) => {
   return b64decode(encoded.replace(/_/g, "/").replace(/-/g, "+"));
 };
 var b64encode = (data) => {
-  return btoa(
+  return Base64.btoa(
     String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
   );
 };
@@ -55,8 +85,7 @@ var LightsparkSigningException = class extends LightsparkException_default {
 var LightsparkSigningException_default = LightsparkSigningException;
 
 // src/crypto/crypto.ts
-var ITERATIONS = 5e5;
-function getCrypto() {
+var getCrypto = () => {
   let cryptoImplPromise;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -66,34 +95,26 @@ function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-var getRandomValues = async (arr) => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
-  }
 };
 var getRandomValues32 = async (arr) => {
   if (typeof crypto !== "undefined") {
     return crypto.getRandomValues(arr);
   } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
   }
 };
 var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const enc = new TextEncoder();
-  const cryptoImpl2 = await getCrypto();
-  const password_key = await cryptoImpl2.subtle.importKey(
+  const cryptoImpl = await getCrypto();
+  const password_key = await cryptoImpl.subtle.importKey(
     "raw",
     enc.encode(password),
     "PBKDF2",
     false,
     ["deriveBits", "deriveKey"]
   );
-  const derived = await cryptoImpl2.subtle.deriveBits(
+  const derived = await cryptoImpl.subtle.deriveBits(
     {
       name: "PBKDF2",
       salt,
@@ -103,7 +124,7 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
     password_key,
     bit_len
   );
-  const key = await cryptoImpl2.subtle.importKey(
+  const key = await cryptoImpl.subtle.importKey(
     "raw",
     derived.slice(0, 32),
     { name: algorithm, length: 256 },
@@ -113,25 +134,6 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const iv = derived.slice(32);
   return [key, iv];
 };
-var encrypt = async (plaintext, password, salt) => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl2 = await getCrypto();
-  const encrypted = new Uint8Array(
-    await cryptoImpl2.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-  const header = {
-    v: 4,
-    i: ITERATIONS
-  };
-  return [JSON.stringify(header), b64encode(output)];
-};
 var decrypt = async (header_json, ciphertext, password) => {
   var decoded = b64decode(ciphertext);
   var header;
@@ -150,7 +152,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       "Unknown version ".concat(header.v)
     );
   }
-  const cryptoImpl2 = await getCrypto();
+  const cryptoImpl = await getCrypto();
   const algorithm = header.v < 2 ? "AES-CBC" : "AES-GCM";
   const bit_len = header.v < 4 ? 384 : 352;
   const salt_len = header.v < 4 ? 8 : 16;
@@ -165,7 +167,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       256
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv: nonce.buffer },
       key,
       cipherText
@@ -180,7 +182,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       bit_len
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv },
       key,
       encrypted
@@ -196,13 +198,9 @@ async function decryptSecretWithNodePassword(cipher, encryptedSecret, nodePasswo
   }
   return decryptedValue;
 }
-function decode(arrBuff) {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
 var generateSigningKeyPair = async () => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.generateKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/
     {
       name: "RSA-PSS",
@@ -217,74 +215,72 @@ var generateSigningKeyPair = async () => {
   );
 };
 var serializeSigningKey = async (key, format) => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.exportKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.exportKey(
     /*format*/
     format,
     /*key*/
     key
   );
 };
-var encryptWithNodeKey = async (key, data) => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/
+var getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+var sign = async (key, data) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
     {
-      name: "RSA-OAEP"
+      name: "RSA-PSS",
+      saltLength: 32
     },
-    /*key*/
     key,
-    /*data*/
-    encoded
+    data
   );
-  return b64encode(encrypted);
 };
-var loadNodeEncryptionKey = async (rawPublicKey) => {
-  const encoded = b64decode(rawPublicKey);
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.importKey(
+var importPrivateSigningKey = async (keyData, format) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.importKey(
     /*format*/
-    "spki",
+    format,
     /*keyData*/
-    encoded,
-    /*algorithm:*/
+    keyData,
+    /*algorithm*/
     {
-      name: "RSA-OAEP",
+      name: "RSA-PSS",
       hash: "SHA-256"
     },
     /*extractable*/
     true,
     /*keyUsages*/
-    ["encrypt"]
+    ["sign"]
   );
 };
-var getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+var DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey
 };
 
 // src/crypto/NodeKeyCache.ts
 import autoBind from "auto-bind";
 var NodeKeyCache = class {
-  idToKey;
-  constructor() {
+  constructor(cryptoImpl = DefaultCrypto) {
+    this.cryptoImpl = cryptoImpl;
     this.idToKey = /* @__PURE__ */ new Map();
     autoBind(this);
   }
-  async loadKey(id, rawKey) {
-    const decoded = b64decode(rawKey);
+  idToKey;
+  async loadKey(id, rawKey, format = "pkcs8") {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl2 = await getCrypto();
-      const key = await cryptoImpl2.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256"
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -299,6 +295,9 @@ var NodeKeyCache = class {
   hasKey(id) {
     return this.idToKey.has(id);
   }
+  stripPemTags(pem) {
+    return pem.replace(/-----BEGIN (.*)-----/, "").replace(/-----END (.*)----/, "");
+  }
 };
 var NodeKeyCache_default = NodeKeyCache;
 
@@ -320,12 +319,13 @@ var LIGHTSPARK_BETA_HEADER_KEY = "X-Lightspark-Beta";
 var LIGHTSPARK_BETA_HEADER_VALUE = "z2h0BBYxTA83cjW7fi8QwWtBPCzkQKiemcuhKY08LOo";
 dayjs.extend(utc);
 var Requester = class {
-  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL) {
+  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL, cryptoImpl = DefaultCrypto) {
     this.nodeKeyCache = nodeKeyCache;
     this.schemaEndpoint = schemaEndpoint;
     this.sdkUserAgent = sdkUserAgent;
     this.authProvider = authProvider;
     this.baseUrl = baseUrl;
+    this.cryptoImpl = cryptoImpl;
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
       websocketImpl = NodeWebSocket;
@@ -451,7 +451,7 @@ var Requester = class {
     const query = queryPayload.query;
     const variables = queryPayload.variables;
     const operationName = queryPayload.operationName;
-    const nonce = await getNonce();
+    const nonce = await this.cryptoImpl.getNonce();
     const expiration = dayjs.utc().add(1, "hour").format();
     const payload = {
       query,
@@ -466,16 +466,11 @@ var Requester = class {
         "Missing node of encrypted_signing_private_key"
       );
     }
+    if (typeof TextEncoder === "undefined") {
+      const TextEncoder2 = (await import("text-encoding")).TextEncoder;
+    }
     const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
-    const cryptoImpl2 = await getCrypto();
-    const signedPayload = await cryptoImpl2.subtle.sign(
-      {
-        name: "RSA-PSS",
-        saltLength: 32
-      },
-      key,
-      encodedPayload
-    );
+    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -574,6 +569,7 @@ var isType = (typename) => (node) => {
   return node?.__typename === typename;
 };
 export {
+  DefaultCrypto,
   LightsparkAuthException_default as LightsparkAuthException,
   LightsparkException_default as LightsparkException,
   LightsparkSigningException_default as LightsparkSigningException,
@@ -585,18 +581,8 @@ export {
   b64decode,
   b64encode,
   convertCurrencyAmount,
-  decode,
-  decrypt,
-  decryptSecretWithNodePassword,
-  encrypt,
-  encryptWithNodeKey,
-  generateSigningKeyPair,
-  getCrypto,
-  getNonce,
   isBrowser,
   isNode,
   isType,
-  loadNodeEncryptionKey,
-  serializeSigningKey,
   urlsafe_b64decode
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightsparkdev/core",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "Lightspark JS SDK",
   "author": "Lightspark Inc.",
   "keywords": [
@@ -22,6 +22,19 @@
   "main": "./dist/index.js",
   "module": "./dist/index.js",
   "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
   "engines": {
     "node": ">=14.16"
   },
@@ -52,6 +65,7 @@
     "dayjs": "^1.11.7",
     "graphql": "^16.6.0",
     "graphql-ws": "^5.11.3",
+    "text-encoding": "^0.7.0",
     "ws": "^8.12.1",
     "zen-observable-ts": "^1.1.0"
   },

package/src/crypto/NodeKeyCache.ts

@@ -3,28 +3,25 @@
 import autoBind from "auto-bind";
 
 import { b64decode } from "../utils/base64.js";
-import { getCrypto } from "./crypto.js";
+import { CryptoInterface, DefaultCrypto } from "./crypto.js";
 
 class NodeKeyCache {
-  private idToKey: Map<string, CryptoKey>;
-  constructor() {
+  private idToKey: Map<string, CryptoKey | Uint8Array>;
+  constructor(private readonly cryptoImpl: CryptoInterface = DefaultCrypto) {
     this.idToKey = new Map();
     autoBind(this);
   }
 
-  public async loadKey(id: string, rawKey: string): Promise<CryptoKey | null> {
-    const decoded = b64decode(rawKey);
+  public async loadKey(
+    id: string,
+    rawKey: string,
+    format: "pkcs8" | "spki" = "pkcs8"
+  ): Promise<CryptoKey | Uint8Array | null> {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl = await getCrypto();
-      const key = await cryptoImpl.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256",
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -34,13 +31,19 @@ class NodeKeyCache {
     return null;
   }
 
-  public getKey(id: string): CryptoKey | undefined {
+  public getKey(id: string): CryptoKey | Uint8Array | undefined {
     return this.idToKey.get(id);
   }
 
   public hasKey(id: string): boolean {
     return this.idToKey.has(id);
   }
+
+  private stripPemTags(pem: string): string {
+    return pem
+      .replace(/-----BEGIN (.*)-----/, "")
+      .replace(/-----END (.*)----/, "");
+  }
 }
 
 export default NodeKeyCache;

package/src/crypto/crypto.ts

@@ -1,11 +1,36 @@
 // Copyright  ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
 import LightsparkException from "../LightsparkException.js";
 
-import { b64decode, b64encode } from "../utils/base64.js";
+import { b64decode } from "../utils/base64.js";
 
-const ITERATIONS = 500000;
+export type CryptoInterface = {
+  decryptSecretWithNodePassword: (
+    cipher: string,
+    encryptedSecret: string,
+    nodePassword: string
+  ) => Promise<ArrayBuffer | null>;
 
-export function getCrypto() {
+  generateSigningKeyPair: () => Promise<{
+    publicKey: CryptoKey | string;
+    privateKey: CryptoKey | string;
+  }>;
+
+  serializeSigningKey: (
+    key: CryptoKey | string,
+    format: "pkcs8" | "spki"
+  ) => Promise<ArrayBuffer>;
+
+  getNonce: () => Promise<number>;
+
+  sign: (key: CryptoKey | Uint8Array, data: Uint8Array) => Promise<ArrayBuffer>;
+
+  importPrivateSigningKey: (
+    keyData: Uint8Array,
+    format: "pkcs8" | "spki"
+  ) => Promise<CryptoKey | Uint8Array>;
+};
+
+const getCrypto = () => {
   let cryptoImplPromise: Promise<typeof crypto>;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -15,15 +40,6 @@ export function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-
-const getRandomValues = async (arr: Uint8Array): Promise<Uint8Array> => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl = await getCrypto();
-    return cryptoImpl.getRandomValues(arr);
-  }
 };
 
 const getRandomValues32 = async (arr: Uint32Array): Promise<Uint32Array> => {
@@ -77,36 +93,7 @@ const deriveKey = async (
   return [key, iv];
 };
 
-export const encrypt = async (
-  plaintext: ArrayBuffer,
-  password: string,
-  salt?: Uint8Array
-): Promise<[string, string]> => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl = await getCrypto();
-
-  const encrypted = new Uint8Array(
-    await cryptoImpl.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-
-  const header = {
-    v: 4,
-    i: ITERATIONS,
-  };
-
-  return [JSON.stringify(header), b64encode(output)];
-};
-
-export const decrypt = async (
+const decrypt = async (
   header_json: string,
   ciphertext: string,
   password: string
@@ -172,7 +159,7 @@ export const decrypt = async (
   }
 };
 
-export async function decryptSecretWithNodePassword(
+async function decryptSecretWithNodePassword(
   cipher: string,
   encryptedSecret: string,
   nodePassword: string
@@ -188,12 +175,9 @@ export async function decryptSecretWithNodePassword(
   return decryptedValue;
 }
 
-export function decode(arrBuff: ArrayBuffer): string {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
-
-export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
+const generateSigningKeyPair = async (): Promise<
+  CryptoKeyPair | { publicKey: string; privateKey: string }
+> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/ {
@@ -207,52 +191,62 @@ export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
   );
 };
 
-export const serializeSigningKey = async (
-  key: CryptoKey,
+const serializeSigningKey = async (
+  key: CryptoKey | string,
   format: "pkcs8" | "spki"
 ): Promise<ArrayBuffer> => {
   const cryptoImpl = await getCrypto();
-  return await cryptoImpl.subtle.exportKey(/*format*/ format, /*key*/ key);
+  return await cryptoImpl.subtle.exportKey(
+    /*format*/ format,
+    /*key*/ key as CryptoKey
+  );
 };
 
-export const encryptWithNodeKey = async (
-  key: CryptoKey,
-  data: string
-): Promise<string> => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  // @ts-ignore
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+const getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+
+const sign = async (
+  key: CryptoKey | Uint8Array,
+  data: Uint8Array
+): Promise<ArrayBuffer> => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
+    {
+      name: "RSA-PSS",
+      saltLength: 32,
     },
-    /*key*/ key,
-    /*data*/ encoded
+    key as CryptoKey,
+    data
   );
-  // @ts-ignore
-  return b64encode(encrypted);
 };
 
-export const loadNodeEncryptionKey = async (
-  rawPublicKey: string
-): Promise<CryptoKey> => {
-  const encoded = b64decode(rawPublicKey);
+const importPrivateSigningKey = async (
+  keyData: Uint8Array,
+  format: "pkcs8" | "spki"
+): Promise<CryptoKey | Uint8Array> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.importKey(
-    /*format*/ "spki",
-    /*keyData*/ encoded,
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+    /*format*/ format,
+    /*keyData*/ keyData,
+    /*algorithm*/ {
+      name: "RSA-PSS",
       hash: "SHA-256",
     },
     /*extractable*/ true,
-    /*keyUsages*/ ["encrypt"]
+    /*keyUsages*/ ["sign"]
   );
 };
 
-export const getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+export const DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey,
 };
 
 export { default as LightsparkSigningException } from "./LightsparkSigningException.js";

package/src/requester/Requester.ts

@@ -12,8 +12,8 @@ import Query from "./Query.js";
 import AuthProvider from "../auth/AuthProvider.js";
 import StubAuthProvider from "../auth/StubAuthProvider.js";
 import {
-  getCrypto,
-  getNonce,
+  CryptoInterface,
+  DefaultCrypto,
   LightsparkSigningException,
 } from "../crypto/crypto.js";
 import NodeKeyCache from "../crypto/NodeKeyCache.js";
@@ -34,7 +34,8 @@ class Requester {
     private readonly schemaEndpoint: string,
     private readonly sdkUserAgent: string,
     private readonly authProvider: AuthProvider = new StubAuthProvider(),
-    private readonly baseUrl: string = DEFAULT_BASE_URL
+    private readonly baseUrl: string = DEFAULT_BASE_URL,
+    private readonly cryptoImpl: CryptoInterface = DefaultCrypto
   ) {
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
@@ -183,7 +184,7 @@ class Requester {
     const variables = queryPayload.variables;
     const operationName = queryPayload.operationName;
 
-    const nonce = await getNonce();
+    const nonce = await this.cryptoImpl.getNonce();
     const expiration = dayjs.utc().add(1, "hour").format();
 
     const payload = {
@@ -201,16 +202,11 @@ class Requester {
       );
     }
 
+    if (typeof TextEncoder === "undefined") {
+      const TextEncoder = (await import("text-encoding")).TextEncoder;
+    }
     const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
-    const cryptoImpl = await getCrypto();
-    const signedPayload = await cryptoImpl.subtle.sign(
-      {
-        name: "RSA-PSS",
-        saltLength: 32,
-      },
-      key,
-      encodedPayload
-    );
+    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
 
     headers["X-Lightspark-Signing"] = JSON.stringify({

package/src/utils/base64.ts

@@ -1,7 +1,56 @@
 // Copyright  ©, 2023, Lightspark Group, Inc. - All Rights Reserved
 
+const chars =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+const Base64 = {
+  btoa: (input: string = "") => {
+    let str = input;
+    let output = "";
+
+    for (
+      let block = 0, charCode, i = 0, map = chars;
+      str.charAt(i | 0) || ((map = "="), i % 1);
+      output += map.charAt(63 & (block >> (8 - (i % 1) * 8)))
+    ) {
+      charCode = str.charCodeAt((i += 3 / 4));
+
+      if (charCode > 0xff) {
+        throw new Error(
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+        );
+      }
+
+      block = (block << 8) | charCode;
+    }
+
+    return output;
+  },
+
+  atob: (input: string = "") => {
+    let str = input.replace(/=+$/, "");
+    let output = "";
+
+    if (str.length % 4 == 1) {
+      throw new Error(
+        "'atob' failed: The string to be decoded is not correctly encoded."
+      );
+    }
+    for (
+      let bc = 0, bs = 0, buffer, i = 0;
+      (buffer = str.charAt(i++));
+      ~buffer && ((bs = bc % 4 ? bs * 64 + buffer : buffer), bc++ % 4)
+        ? (output += String.fromCharCode(255 & (bs >> ((-2 * bc) & 6))))
+        : 0
+    ) {
+      buffer = chars.indexOf(buffer);
+    }
+
+    return output;
+  },
+};
+
 export const b64decode = (encoded: string): Uint8Array => {
-  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+  return Uint8Array.from(Base64.atob(encoded), (c) => c.charCodeAt(0));
 };
 
 export const urlsafe_b64decode = (encoded: string): Uint8Array => {
@@ -9,7 +58,7 @@ export const urlsafe_b64decode = (encoded: string): Uint8Array => {
 };
 
 export const b64encode = (data: ArrayBuffer): string => {
-  return btoa(
+  return Base64.btoa(
     String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
   );
 };