@microsoft/ccf-app 5.0.0-dev13 → 5.0.0-dev15

package/converters.d.ts

@@ -157,6 +157,32 @@ export declare const string: DataConverter<string>;
  * ```
  */
 export declare const json: <T extends JsonCompatible<T>>() => DataConverter<T>;
+/**
+ * Returns a converter for JSON-compatible objects or values, with errors for
+ * known-incompatible types.
+ *
+ * Based on {@linkcode json}, but additionally runs a check during every encode
+ * call, throwing an error if the object contains fields which cannot be round-tripped
+ * to JSON (Date, Map). This incurs some cost in checking each instance, but gives
+ * clear errors rather than late serdes mismatches.
+ *
+ * Example:
+ * ```
+ * interface Data {
+ *   m: Map<string, string>
+ * }
+ * const d: Data = { m: new Map<string, string>() };
+ * d.m.set("hello", "John");
+ *
+ * const conv = ccfapp.json<Data>();
+ * const buffer = conv.encode(d); // ArrayBuffer, but contents of map silently lost!
+ * const d2 = conv.decode(buffer); // Data, but doesn't match d!
+ *
+ * const convChecked = ccfapp.checkedJson<Data>();
+ * const buffer2 = convChecked.encode(d); // Throws TypeError
+ * ```
+ */
+export declare const checkedJson: <T extends JsonCompatible<T>>() => DataConverter<T>;
 /**
  * Returns a converter for [TypedArray](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray) objects.
  *

package/converters.js

@@ -29,6 +29,12 @@ function checkNumber(val) {
         throw new TypeError(`Value ${val} is not a number`);
     }
 }
+function checkInt(val) {
+    checkNumber(val);
+    if (!Number.isInteger(val)) {
+        throw new TypeError(`Value ${val} is not an integer`);
+    }
+}
 function checkBigInt(val) {
     if (typeof val !== "bigint") {
         throw new TypeError(`Value ${val} is not a bigint`);
@@ -39,6 +45,23 @@ function checkString(val) {
         throw new TypeError(`Value ${val} is not a string`);
     }
 }
+function checkJsonSafe(val) {
+    // Hard to be exhaustive, but throw errors for any Map or Date elements found
+    if (val instanceof Map) {
+        throw TypeError(`Value contains a Map, which cannot be converted to JSON`);
+    }
+    if (val instanceof Date) {
+        throw TypeError(`Value contains a Date, which cannot be converted back from JSON`);
+    }
+    if (typeof val === "object") {
+        if (Array.isArray(val)) {
+            val.every((e) => checkJsonSafe(e));
+        }
+        else if (val !== null) {
+            Object.entries(val).every(([k, v]) => checkJsonSafe(v));
+        }
+    }
+}
 class BoolConverter {
     encode(val) {
         checkBoolean(val);
@@ -52,7 +75,7 @@ class BoolConverter {
 }
 class Int8Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < -128 || val > 127) {
             throw new RangeError("value is not within int8 range");
         }
@@ -66,7 +89,7 @@ class Int8Converter {
 }
 class Uint8Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < 0 || val > 255) {
             throw new RangeError("value is not within uint8 range");
         }
@@ -80,7 +103,7 @@ class Uint8Converter {
 }
 class Int16Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < -32768 || val > 32767) {
             throw new RangeError("value is not within int16 range");
         }
@@ -94,7 +117,7 @@ class Int16Converter {
 }
 class Uint16Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < 0 || val > 65535) {
             throw new RangeError("value is not within uint16 range");
         }
@@ -108,7 +131,7 @@ class Uint16Converter {
 }
 class Int32Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < -2147483648 || val > 2147483647) {
             throw new RangeError("value is not within int32 range");
         }
@@ -122,7 +145,7 @@ class Int32Converter {
 }
 class Uint32Converter {
     encode(val) {
-        checkNumber(val);
+        checkInt(val);
         if (val < 0 || val > 4294967295) {
             throw new RangeError("value is not within uint32 range");
         }
@@ -195,6 +218,12 @@ class JSONConverter {
         return ccf.bufToJsonCompatible(buf);
     }
 }
+class CheckedJSONConverter extends JSONConverter {
+    encode(val) {
+        checkJsonSafe(val);
+        return super.encode(val);
+    }
+}
 class TypedArrayConverter {
     constructor(clazz) {
         this.clazz = clazz;
@@ -364,6 +393,32 @@ export const string = new StringConverter();
  * ```
  */
 export const json = () => new JSONConverter();
+/**
+ * Returns a converter for JSON-compatible objects or values, with errors for
+ * known-incompatible types.
+ *
+ * Based on {@linkcode json}, but additionally runs a check during every encode
+ * call, throwing an error if the object contains fields which cannot be round-tripped
+ * to JSON (Date, Map). This incurs some cost in checking each instance, but gives
+ * clear errors rather than late serdes mismatches.
+ *
+ * Example:
+ * ```
+ * interface Data {
+ *   m: Map<string, string>
+ * }
+ * const d: Data = { m: new Map<string, string>() };
+ * d.m.set("hello", "John");
+ *
+ * const conv = ccfapp.json<Data>();
+ * const buffer = conv.encode(d); // ArrayBuffer, but contents of map silently lost!
+ * const d2 = conv.decode(buffer); // Data, but doesn't match d!
+ *
+ * const convChecked = ccfapp.checkedJson<Data>();
+ * const buffer2 = convChecked.encode(d); // Throws TypeError
+ * ```
+ */
+export const checkedJson = () => new CheckedJSONConverter();
 /**
  * Returns a converter for [TypedArray](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray) objects.
  *

package/crypto.d.ts

@@ -71,7 +71,7 @@ export declare const eddsaPemToJwk: (pem: string, kid?: string | undefined) => i
  */
 export declare const pubJwkToPem: (jwk: import("./global.js").JsonWebKeyECPublic) => string;
 /**
- * @inheritDoc global!CCFCrypto.JwkToPem
+ * @inheritDoc global!CCFCrypto.jwkToPem
  */
 export declare const jwkToPem: (jwk: import("./global.js").JsonWebKeyECPrivate) => string;
 /**

package/crypto.js

@@ -87,7 +87,7 @@ export const eddsaPemToJwk = ccf.crypto.eddsaPemToJwk;
  */
 export const pubJwkToPem = ccf.crypto.pubJwkToPem;
 /**
- * @inheritDoc global!CCFCrypto.JwkToPem
+ * @inheritDoc global!CCFCrypto.jwkToPem
  */
 export const jwkToPem = ccf.crypto.jwkToPem;
 /**

package/endpoints.d.ts

@@ -93,9 +93,10 @@ export interface AuthnIdentityCommon {
     /**
      * A string indicating which policy accepted this request,
      * for use when multiple policies are listed in the endpoint
-     * configuration of ``app.json``.
+     * configuration of ``app.json``, or list-of-strings to identify
+     * an all_of policy.
      */
-    policy: string;
+    policy: string | string[];
 }
 export interface EmptyAuthnIdentity extends AuthnIdentityCommon {
     policy: "no_auth";
@@ -155,12 +156,20 @@ export interface JwtAuthnIdentity extends AuthnIdentityCommon {
         payload: any;
     };
 }
+export interface AllOfAuthnIdentity extends AuthnIdentityCommon {
+    policy: string[];
+    user_cert?: UserCertAuthnIdentity;
+    member_cert?: MemberCertAuthnIdentity;
+    user_cose_sign1?: UserCOSESign1AuthnIdentity;
+    member_cose_sign1?: MemberCOSESign1AuthnIdentity;
+    jwt?: JwtAuthnIdentity;
+}
 /**
  * Authentication identities supported by CCF.
  * Each identity corresponds to a matching {@linkcode AuthnIdentityCommon.policy | policy}.
  * Policies have to be declared for each endpoint in ``app.json``.
  */
-export type AuthnIdentity = EmptyAuthnIdentity | UserCertAuthnIdentity | MemberCertAuthnIdentity | JwtAuthnIdentity | MemberCOSESign1AuthnIdentity | UserCOSESign1AuthnIdentity;
+export type AuthnIdentity = EmptyAuthnIdentity | UserCertAuthnIdentity | MemberCertAuthnIdentity | JwtAuthnIdentity | MemberCOSESign1AuthnIdentity | UserCOSESign1AuthnIdentity | AllOfAuthnIdentity;
 /** See {@linkcode Response.body}. */
 export type ResponseBodyType<T> = string | ArrayBuffer | JsonCompatible<T>;
 /**

package/global.d.ts

@@ -385,33 +385,33 @@ export interface CCFCrypto {
     /**
      * Converts an elliptic curve private key as JSON Web Key (JWK) object to PEM.
      *
-     * @param pem Elliptic curve private key as JWK
+     * @param jwk Elliptic curve private key as JWK
      */
     jwkToPem(jwk: JsonWebKeyECPrivate): string;
     /**
      * Converts an RSA public key as JSON Web Key (JWK) object to PEM.
      *
-     * @param pem RSA public key as JWK
+     * @param jwk RSA public key as JWK
      */
     pubRsaJwkToPem(jwk: JsonWebKeyRSAPublic): string;
     /**
      * Converts an RSA private key as JSON Web Key (JWK) object to PEM.
      *
-     * @param pem RSA private key as JWK
+     * @param jwk RSA private key as JWK
      */
     rsaJwkToPem(jwk: JsonWebKeyRSAPrivate): string;
     /**
      * Converts an EdDSA public key as JSON Web Key (JWK) object to PEM.
      * Currently only Curve25519 is supported.
      *
-     * @param pem EdDSA public key as JWK
+     * @param jwk EdDSA public key as JWK
      */
     pubEddsaJwkToPem(jwk: JsonWebKeyEdDSAPublic): string;
     /**
      * Converts an EdDSA private key as JSON Web Key (JWK) object to PEM.
      * Currently only Curve25519 is supported.
      *
-     * @param pem EdDSA private key as JWK
+     * @param jwk EdDSA private key as JWK
      */
     eddsaJwkToPem(jwk: JsonWebKeyEdDSAPrivate): string;
 }
@@ -677,5 +677,13 @@ export interface SnpAttestationResult {
 }
 export declare const snp_attestation: SnpAttestation;
 export interface SnpAttestation {
+    /**
+     * Verify SNP Attestation
+     *
+     * @param evidence Raw SNP attestation evidence
+     * @param endorsements SNP attestation endorsements
+     * @param uvm_endorsements UVM endorsements, optional
+     * @param endorsed_tcb Endorsed TCB version, optional
+     */
     verifySnpAttestation(evidence: ArrayBuffer, endorsements: ArrayBuffer, uvm_endorsements?: ArrayBuffer, endorsed_tcb?: string): SnpAttestationResult;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/ccf-app",
-  "version": "5.0.0-dev13",
+  "version": "5.0.0-dev15",
   "description": "CCF app support package",
   "main": "index.js",
   "files": [