@nmshd/transport 1.0.0

package/dist/modules/certificates/data/items/CertificateRoleItem.js

@@ -0,0 +1,38 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var CertificateRoleItem_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CertificateRoleItem = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const CertificateItem_1 = require("../CertificateItem");
+/**
+ * A CertificateRoleItem certifies a certain role, that the subject got from
+ * the issuer.
+ *
+ * Example:
+ *  - Employee
+ *  - Administrator
+ */
+let CertificateRoleItem = CertificateRoleItem_1 = class CertificateRoleItem extends CertificateItem_1.CertificateItem {
+    static async from(value) {
+        return await super.fromT(value, CertificateRoleItem_1);
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], CertificateRoleItem.prototype, "role", void 0);
+CertificateRoleItem = CertificateRoleItem_1 = __decorate([
+    (0, ts_serval_1.type)("CertificateRoleItem")
+], CertificateRoleItem);
+exports.CertificateRoleItem = CertificateRoleItem;
+//# sourceMappingURL=CertificateRoleItem.js.map

package/dist/modules/certificates/data/items/CertificateRoleItem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertificateRoleItem.js","sourceRoot":"","sources":["../../../../../src/modules/certificates/data/items/CertificateRoleItem.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,wDAAsE;AAMtE;;;;;;;GAOG;AAEH,IAAa,mBAAmB,2BAAhC,MAAa,mBAAoB,SAAQ,iCAAe;IAK7C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAA2B;QAChD,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,qBAAmB,CAAC,CAAA;IACxD,CAAC;CACJ,CAAA;AALG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;iDACO;AAHV,mBAAmB;IAD/B,IAAA,gBAAI,EAAC,qBAAqB,CAAC;GACf,mBAAmB,CAQ/B;AARY,kDAAmB"}

package/dist/modules/challenges/ChallengeController.d.ts

@@ -0,0 +1,16 @@
+import { CryptoSignatureKeypair } from "@nmshd/crypto";
+import { TransportController } from "../../core/TransportController";
+import { AccountController } from "../accounts/AccountController";
+import { Relationship } from "../relationships/local/Relationship";
+import { ChallengeType } from "./data/Challenge";
+import { ChallengeSigned } from "./data/ChallengeSigned";
+export declare class ChallengeController extends TransportController {
+    private client;
+    private authClient;
+    constructor(parent: AccountController);
+    init(): Promise<this>;
+    private verifyChallengeLocally;
+    checkChallenge(signedChallenge: ChallengeSigned, requiredType?: ChallengeType): Promise<Relationship | undefined>;
+    createAccountCreationChallenge(identity: CryptoSignatureKeypair): Promise<ChallengeSigned>;
+    createChallenge(type?: ChallengeType, relationship?: Relationship): Promise<ChallengeSigned>;
+}

package/dist/modules/challenges/ChallengeController.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeController = void 0;
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../core");
+const TransportController_1 = require("../../core/TransportController");
+const Relationship_1 = require("../relationships/local/Relationship");
+const ChallengeAuthClient_1 = require("./backbone/ChallengeAuthClient");
+const ChallengeClient_1 = require("./backbone/ChallengeClient");
+const Challenge_1 = require("./data/Challenge");
+const ChallengeSigned_1 = require("./data/ChallengeSigned");
+class ChallengeController extends TransportController_1.TransportController {
+    constructor(parent) {
+        super(TransportController_1.ControllerName.Challenge, parent);
+    }
+    async init() {
+        await super.init();
+        this.client = new ChallengeClient_1.ChallengeClient(this.config);
+        this.authClient = new ChallengeAuthClient_1.ChallengeAuthClient(this.config, this.parent.authenticator);
+        return this;
+    }
+    async verifyChallengeLocally(challenge, signedChallenge) {
+        if (!challenge.createdBy) {
+            return;
+        }
+        const relationship = await this.parent.relationships.getActiveRelationshipToIdentity(challenge.createdBy);
+        if (!relationship) {
+            throw core_1.TransportErrors.general.recordNotFound(Relationship_1.Relationship, challenge.createdBy.toString());
+        }
+        const challengeBuffer = crypto_1.CoreBuffer.fromUtf8(signedChallenge.challenge);
+        let verified = false;
+        switch (challenge.type) {
+            case Challenge_1.ChallengeType.Identity:
+                verified = await this.parent.relationships.verifyIdentity(relationship, challengeBuffer, signedChallenge.signature);
+                break;
+            case Challenge_1.ChallengeType.Device:
+                throw core_1.TransportErrors.general.notImplemented().logWith(this._log);
+            case Challenge_1.ChallengeType.Relationship:
+                verified = await this.parent.relationships.verify(relationship, challengeBuffer, signedChallenge.signature);
+                break;
+        }
+        if (!verified) {
+            return;
+        }
+        return relationship;
+    }
+    async checkChallenge(signedChallenge, requiredType) {
+        const challenge = await Challenge_1.Challenge.deserialize(signedChallenge.challenge);
+        if (requiredType && challenge.type !== requiredType) {
+            return;
+        }
+        if (challenge.expiresAt.isExpired()) {
+            return;
+        }
+        const [relationship, response] = await Promise.all([
+            this.verifyChallengeLocally(challenge, signedChallenge),
+            this.authClient.getChallenge(challenge.id.toString())
+        ]);
+        if (!relationship ||
+            (challenge.createdBy && response.value.createdBy !== challenge.createdBy.toString()) ||
+            // TODO: JSSNMSHDD-2472 (Reenable check once the backbone returns with same timestamp)
+            // response.expiresAt !== challenge.expiresAt.toString() ||
+            response.value.id !== challenge.id.toString()) {
+            return;
+        }
+        return relationship;
+    }
+    async createAccountCreationChallenge(identity) {
+        const backboneResponse = (await this.client.createChallenge()).value;
+        const challenge = await Challenge_1.Challenge.from({
+            id: core_1.CoreId.from(backboneResponse.id),
+            expiresAt: core_1.CoreDate.from(backboneResponse.expiresAt),
+            type: Challenge_1.ChallengeType.Identity
+        });
+        const serializedChallenge = challenge.serialize(false);
+        const challengeBuffer = crypto_1.CoreBuffer.fromUtf8(serializedChallenge);
+        const signature = await core_1.CoreCrypto.sign(challengeBuffer, identity.privateKey);
+        const signedChallenge = await ChallengeSigned_1.ChallengeSigned.from({
+            challenge: serializedChallenge,
+            signature: signature
+        });
+        return signedChallenge;
+    }
+    async createChallenge(type = Challenge_1.ChallengeType.Identity, relationship) {
+        if (type === Challenge_1.ChallengeType.Relationship && !relationship) {
+            throw core_1.TransportErrors.challenges.challengeTypeRequiredRelationship().logWith(this._log);
+        }
+        const backboneResponse = (await this.authClient.createChallenge()).value;
+        const challenge = await Challenge_1.Challenge.from({
+            id: core_1.CoreId.from(backboneResponse.id),
+            expiresAt: core_1.CoreDate.from(backboneResponse.expiresAt),
+            createdBy: backboneResponse.createdBy ? core_1.CoreAddress.from(backboneResponse.createdBy) : undefined,
+            createdByDevice: backboneResponse.createdByDevice
+                ? core_1.CoreId.from(backboneResponse.createdByDevice)
+                : undefined,
+            type: type
+        });
+        const serializedChallenge = challenge.serialize(false);
+        const challengeBuffer = crypto_1.CoreBuffer.fromUtf8(serializedChallenge);
+        let signature;
+        switch (type) {
+            case Challenge_1.ChallengeType.Identity:
+                signature = await this.parent.identity.sign(challengeBuffer);
+                break;
+            case Challenge_1.ChallengeType.Device:
+                signature = await this.parent.activeDevice.sign(challengeBuffer);
+                break;
+            case Challenge_1.ChallengeType.Relationship:
+                if (!relationship) {
+                    throw core_1.TransportErrors.challenges.challengeTypeRequiredRelationship().logWith(this._log);
+                }
+                signature = await this.parent.relationships.sign(relationship, challengeBuffer);
+                break;
+        }
+        const signedChallenge = await ChallengeSigned_1.ChallengeSigned.from({
+            challenge: serializedChallenge,
+            signature: signature
+        });
+        return signedChallenge;
+    }
+}
+exports.ChallengeController = ChallengeController;
+//# sourceMappingURL=ChallengeController.js.map

package/dist/modules/challenges/ChallengeController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ChallengeController.js","sourceRoot":"","sources":["../../../src/modules/challenges/ChallengeController.ts"],"names":[],"mappings":";;;AAAA,0CAAkE;AAClE,qCAAuF;AACvF,wEAAoF;AAEpF,sEAAkE;AAClE,wEAAoE;AACpE,gEAA4D;AAC5D,gDAA2D;AAC3D,4DAAwD;AAExD,MAAa,mBAAoB,SAAQ,yCAAmB;IAIxD,YAAmB,MAAyB;QACxC,KAAK,CAAC,oCAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IAC3C,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;QAElB,IAAI,CAAC,MAAM,GAAG,IAAI,iCAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC9C,IAAI,CAAC,UAAU,GAAG,IAAI,yCAAmB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QACjF,OAAO,IAAI,CAAA;IACf,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAChC,SAAoB,EACpB,eAAgC;QAEhC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE;YACtB,OAAM;SACT;QACD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,+BAA+B,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;QACzG,IAAI,CAAC,YAAY,EAAE;YACf,MAAM,sBAAe,CAAC,OAAO,CAAC,cAAc,CAAC,2BAAY,EAAE,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAA;SAC7F;QACD,MAAM,eAAe,GAAG,mBAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;QACtE,IAAI,QAAQ,GAAG,KAAK,CAAA;QACpB,QAAQ,SAAS,CAAC,IAAI,EAAE;YACpB,KAAK,yBAAa,CAAC,QAAQ;gBACvB,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CACrD,YAAY,EACZ,eAAe,EACf,eAAe,CAAC,SAAS,CAC5B,CAAA;gBACD,MAAK;YACT,KAAK,yBAAa,CAAC,MAAM;gBACrB,MAAM,sBAAe,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACrE,KAAK,yBAAa,CAAC,YAAY;gBAC3B,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAC7C,YAAY,EACZ,eAAe,EACf,eAAe,CAAC,SAAS,CAC5B,CAAA;gBACD,MAAK;SACZ;QAED,IAAI,CAAC,QAAQ,EAAE;YACX,OAAM;SACT;QACD,OAAO,YAAY,CAAA;IACvB,CAAC;IAEM,KAAK,CAAC,cAAc,CACvB,eAAgC,EAChC,YAA4B;QAE5B,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,CAAA;QACxE,IAAI,YAAY,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE;YACjD,OAAM;SACT;QAED,IAAI,SAAS,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE;YACjC,OAAM;SACT;QAED,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC/C,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,eAAe,CAAC;YACvD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC;SACxD,CAAC,CAAA;QAEF,IACI,CAAC,YAAY;YACb,CAAC,SAAS,CAAC,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACpF,sFAAsF;YACtF,2DAA2D;YAC3D,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,EAC/C;YACE,OAAM;SACT;QAED,OAAO,YAAY,CAAA;IACvB,CAAC;IAEM,KAAK,CAAC,8BAA8B,CAAC,QAAgC;QACxE,MAAM,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAA;QACpE,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,IAAI,CAAC;YACnC,EAAE,EAAE,aAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,SAAS,EAAE,eAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC;YACpD,IAAI,EAAE,yBAAa,CAAC,QAAQ;SAC/B,CAAC,CAAA;QACF,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACtD,MAAM,eAAe,GAAG,mBAAU,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAA;QAChE,MAAM,SAAS,GAAG,MAAM,iBAAU,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAC7E,MAAM,eAAe,GAAG,MAAM,iCAAe,CAAC,IAAI,CAAC;YAC/C,SAAS,EAAE,mBAAmB;YAC9B,SAAS,EAAE,SAAS;SACvB,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IAC1B,CAAC;IAEM,KAAK,CAAC,eAAe,CACxB,OAAsB,yBAAa,CAAC,QAAQ,EAC5C,YAA2B;QAE3B,IAAI,IAAI,KAAK,yBAAa,CAAC,YAAY,IAAI,CAAC,YAAY,EAAE;YACtD,MAAM,sBAAe,CAAC,UAAU,CAAC,iCAAiC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SAC1F;QACD,MAAM,gBAAgB,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAA;QACxE,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,IAAI,CAAC;YACnC,EAAE,EAAE,aAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,SAAS,EAAE,eAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC;YACpD,SAAS,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YAChG,eAAe,EAAE,gBAAgB,CAAC,eAAe;gBAC7C,CAAC,CAAC,aAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;gBAC/C,CAAC,CAAC,SAAS;YACf,IAAI,EAAE,IAAI;SACb,CAAC,CAAA;QAEF,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACtD,MAAM,eAAe,GAAG,mBAAU,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAA;QAChE,IAAI,SAAS,CAAA;QACb,QAAQ,IAAI,EAAE;YACV,KAAK,yBAAa,CAAC,QAAQ;gBACvB,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;gBAC5D,MAAK;YACT,KAAK,yBAAa,CAAC,MAAM;gBACrB,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;gBAChE,MAAK;YACT,KAAK,yBAAa,CAAC,YAAY;gBAC3B,IAAI,CAAC,YAAY,EAAE;oBACf,MAAM,sBAAe,CAAC,UAAU,CAAC,iCAAiC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;iBAC1F;gBACD,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,eAAe,CAAC,CAAA;gBAC/E,MAAK;SACZ;QAED,MAAM,eAAe,GAAG,MAAM,iCAAe,CAAC,IAAI,CAAC;YAC/C,SAAS,EAAE,mBAAmB;YAC9B,SAAS,EAAE,SAAS;SACvB,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IAC1B,CAAC;CACJ;AAhJD,kDAgJC"}

package/dist/modules/challenges/backbone/ChallengeAuthClient.d.ts

@@ -0,0 +1,18 @@
+import { ClientResult } from "../../../core/backbone/ClientResult";
+import { RESTClientAuthenticate } from "../../../core/backbone/RESTClientAuthenticate";
+export interface ChallengeClientGetChallengeResponse {
+    id: string;
+    createdBy: string;
+    createdByDevice: string;
+    expiresAt: string;
+}
+export interface ChallengeClientCreateChallengeResponse {
+    id: string;
+    createdBy: string;
+    createdByDevice: string;
+    expiresAt: string;
+}
+export declare class ChallengeAuthClient extends RESTClientAuthenticate {
+    createChallenge(): Promise<ClientResult<ChallengeClientCreateChallengeResponse>>;
+    getChallenge(id: string): Promise<ClientResult<ChallengeClientGetChallengeResponse>>;
+}

package/dist/modules/challenges/backbone/ChallengeAuthClient.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeAuthClient = void 0;
+const RESTClientAuthenticate_1 = require("../../../core/backbone/RESTClientAuthenticate");
+class ChallengeAuthClient extends RESTClientAuthenticate_1.RESTClientAuthenticate {
+    async createChallenge() {
+        return await this.post("/api/v1/Challenges", {});
+    }
+    async getChallenge(id) {
+        return await this.get(`/api/v1/Challenges/${id}`);
+    }
+}
+exports.ChallengeAuthClient = ChallengeAuthClient;
+//# sourceMappingURL=ChallengeAuthClient.js.map

package/dist/modules/challenges/backbone/ChallengeAuthClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ChallengeAuthClient.js","sourceRoot":"","sources":["../../../../src/modules/challenges/backbone/ChallengeAuthClient.ts"],"names":[],"mappings":";;;AACA,0FAAsF;AAgBtF,MAAa,mBAAoB,SAAQ,+CAAsB;IACpD,KAAK,CAAC,eAAe;QACxB,OAAO,MAAM,IAAI,CAAC,IAAI,CAAyC,oBAAoB,EAAE,EAAE,CAAC,CAAA;IAC5F,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,EAAU;QAChC,OAAO,MAAM,IAAI,CAAC,GAAG,CAAsC,sBAAsB,EAAE,EAAE,CAAC,CAAA;IAC1F,CAAC;CACJ;AARD,kDAQC"}

package/dist/modules/challenges/backbone/ChallengeClient.d.ts

@@ -0,0 +1,6 @@
+import { RESTClient } from "../../../core";
+import { ClientResult } from "../../../core/backbone/ClientResult";
+import { ChallengeClientCreateChallengeResponse } from "./ChallengeAuthClient";
+export declare class ChallengeClient extends RESTClient {
+    createChallenge(): Promise<ClientResult<ChallengeClientCreateChallengeResponse>>;
+}

package/dist/modules/challenges/backbone/ChallengeClient.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeClient = void 0;
+const core_1 = require("../../../core");
+class ChallengeClient extends core_1.RESTClient {
+    async createChallenge() {
+        return await this.post("/api/v1/Challenges", {});
+    }
+}
+exports.ChallengeClient = ChallengeClient;
+//# sourceMappingURL=ChallengeClient.js.map

package/dist/modules/challenges/backbone/ChallengeClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ChallengeClient.js","sourceRoot":"","sources":["../../../../src/modules/challenges/backbone/ChallengeClient.ts"],"names":[],"mappings":";;;AAAA,wCAA0C;AAI1C,MAAa,eAAgB,SAAQ,iBAAU;IACpC,KAAK,CAAC,eAAe;QACxB,OAAO,MAAM,IAAI,CAAC,IAAI,CAAyC,oBAAoB,EAAE,EAAE,CAAC,CAAA;IAC5F,CAAC;CACJ;AAJD,0CAIC"}

package/dist/modules/challenges/data/Challenge.d.ts

@@ -0,0 +1,22 @@
+import { CoreAddress, CoreDate, CoreId, CoreSerializableAsync, ICoreId, ICoreSerializableAsync } from "../../../core";
+export interface IChallenge extends ICoreSerializableAsync {
+    id: ICoreId;
+    expiresAt: CoreDate;
+    createdBy?: CoreAddress;
+    createdByDevice?: CoreId;
+    type: ChallengeType;
+}
+export declare enum ChallengeType {
+    Identity = "Identity",
+    Device = "Device",
+    Relationship = "Relationship"
+}
+export declare class Challenge extends CoreSerializableAsync implements IChallenge {
+    id: CoreId;
+    expiresAt: CoreDate;
+    createdBy?: CoreAddress;
+    createdByDevice?: CoreId;
+    type: ChallengeType;
+    static from(value: IChallenge): Promise<Challenge>;
+    static deserialize(value: string): Promise<Challenge>;
+}

package/dist/modules/challenges/data/Challenge.js

@@ -0,0 +1,59 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var Challenge_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Challenge = exports.ChallengeType = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const core_1 = require("../../../core");
+var ChallengeType;
+(function (ChallengeType) {
+    ChallengeType["Identity"] = "Identity";
+    ChallengeType["Device"] = "Device";
+    ChallengeType["Relationship"] = "Relationship";
+})(ChallengeType = exports.ChallengeType || (exports.ChallengeType = {}));
+let Challenge = Challenge_1 = class Challenge extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, Challenge_1);
+    }
+    static async deserialize(value) {
+        return await this.deserializeT(value, Challenge_1);
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreId)
+], Challenge.prototype, "id", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreDate)
+], Challenge.prototype, "expiresAt", void 0);
+__decorate([
+    (0, ts_serval_1.validate)({ nullable: true }),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreAddress)
+], Challenge.prototype, "createdBy", void 0);
+__decorate([
+    (0, ts_serval_1.validate)({ nullable: true }),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", core_1.CoreId)
+], Challenge.prototype, "createdByDevice", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)(),
+    __metadata("design:type", String)
+], Challenge.prototype, "type", void 0);
+Challenge = Challenge_1 = __decorate([
+    (0, ts_serval_1.type)("Challenge")
+], Challenge);
+exports.Challenge = Challenge;
+//# sourceMappingURL=Challenge.js.map

package/dist/modules/challenges/data/Challenge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Challenge.js","sourceRoot":"","sources":["../../../../src/modules/challenges/data/Challenge.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA8D;AAC9D,wCAAqH;AAUrH,IAAY,aAIX;AAJD,WAAY,aAAa;IACrB,sCAAqB,CAAA;IACrB,kCAAiB,CAAA;IACjB,8CAA6B,CAAA;AACjC,CAAC,EAJW,aAAa,GAAb,qBAAa,KAAb,qBAAa,QAIxB;AAGD,IAAa,SAAS,iBAAtB,MAAa,SAAU,SAAQ,4BAAqB;IAqBzC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAiB;QACtC,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,WAAS,CAAC,CAAA;IAC9C,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAa;QACzC,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,WAAS,CAAC,CAAA;IACpD,CAAC;CACJ,CAAA;AAzBG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACD,aAAM;qCAAA;AAIjB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;8BACM,eAAQ;4CAAA;AAI1B;IAFC,IAAA,oBAAQ,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAA,qBAAS,GAAE;8BACO,kBAAW;4CAAA;AAI9B;IAFC,IAAA,oBAAQ,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAA,qBAAS,GAAE;8BACa,aAAM;kDAAA;AAI/B;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,GAAE;;uCACc;AAnBjB,SAAS;IADrB,IAAA,gBAAI,EAAC,WAAW,CAAC;GACL,SAAS,CA4BrB;AA5BY,8BAAS"}

package/dist/modules/challenges/data/ChallengeSigned.d.ts

@@ -0,0 +1,18 @@
+import { ISerialized } from "@js-soft/ts-serval";
+import { CryptoSignature, ICryptoSignature } from "@nmshd/crypto";
+import { CoreSerializableAsync, ICoreSerializableAsync } from "../../../core";
+export interface IChallengeSignedSerialized extends ISerialized {
+    challenge: string;
+    signature: string;
+}
+export interface IChallengeSigned extends ICoreSerializableAsync {
+    challenge: string;
+    signature: ICryptoSignature;
+}
+export declare class ChallengeSigned extends CoreSerializableAsync implements IChallengeSigned {
+    challenge: string;
+    signature: CryptoSignature;
+    static from(value: IChallengeSigned): Promise<ChallengeSigned>;
+    static fromJSON(value: IChallengeSignedSerialized): Promise<ChallengeSigned>;
+    toJSON(verbose?: boolean): IChallengeSignedSerialized;
+}

package/dist/modules/challenges/data/ChallengeSigned.js

@@ -0,0 +1,50 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var ChallengeSigned_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChallengeSigned = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../../core");
+let ChallengeSigned = ChallengeSigned_1 = class ChallengeSigned extends core_1.CoreSerializableAsync {
+    static async from(value) {
+        return await super.fromT(value, ChallengeSigned_1);
+    }
+    static async fromJSON(value) {
+        const signature = await crypto_1.CryptoSignature.fromBase64(value.signature);
+        return await this.from({ signature: signature, challenge: value.challenge });
+    }
+    toJSON(verbose = true) {
+        const obj = {
+            challenge: this.challenge,
+            signature: this.signature.toBase64()
+        };
+        if (verbose) {
+            obj["@type"] = "ChallengeSigned";
+        }
+        return obj;
+    }
+};
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)({ enforceString: true }),
+    __metadata("design:type", String)
+], ChallengeSigned.prototype, "challenge", void 0);
+__decorate([
+    (0, ts_serval_1.validate)(),
+    (0, ts_serval_1.serialize)({ enforceString: true }),
+    __metadata("design:type", crypto_1.CryptoSignature)
+], ChallengeSigned.prototype, "signature", void 0);
+ChallengeSigned = ChallengeSigned_1 = __decorate([
+    (0, ts_serval_1.type)("ChallengeSigned")
+], ChallengeSigned);
+exports.ChallengeSigned = ChallengeSigned;
+//# sourceMappingURL=ChallengeSigned.js.map

package/dist/modules/challenges/data/ChallengeSigned.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ChallengeSigned.js","sourceRoot":"","sources":["../../../../src/modules/challenges/data/ChallengeSigned.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,kDAA2E;AAC3E,0CAAiE;AACjE,wCAA6E;AAa7E,IAAa,eAAe,uBAA5B,MAAa,eAAgB,SAAQ,4BAAqB;IAS/C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAuB;QAC5C,OAAO,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,iBAAe,CAAC,CAAA;IACpD,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAiC;QAC1D,MAAM,SAAS,GAAG,MAAM,wBAAe,CAAC,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAEnE,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAA;IAChF,CAAC;IAEM,MAAM,CAAC,OAAO,GAAG,IAAI;QACxB,MAAM,GAAG,GAA+B;YACpC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE;SACvC,CAAA;QACD,IAAI,OAAO,EAAE;YACT,GAAG,CAAC,OAAO,CAAC,GAAG,iBAAiB,CAAA;SACnC;QACD,OAAO,GAAG,CAAA;IACd,CAAC;CACJ,CAAA;AA1BG;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,EAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;;kDACX;AAIxB;IAFC,IAAA,oBAAQ,GAAE;IACV,IAAA,qBAAS,EAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;8BACjB,wBAAe;kDAAA;AAPxB,eAAe;IAD3B,IAAA,gBAAI,EAAC,iBAAiB,CAAC;GACX,eAAe,CA6B3B;AA7BY,0CAAe"}

package/dist/modules/devices/DeviceController.d.ts

@@ -0,0 +1,27 @@
+import { CoreBuffer, CryptoSecretKey, CryptoSignature, CryptoSignaturePublicKey } from "@nmshd/crypto";
+import { CoreDate, CoreId, CredentialsBasic, TransportController } from "../../core";
+import { AccountController } from "../accounts/AccountController";
+import { DeviceSecretController } from "./DeviceSecretController";
+import { Device, DeviceType } from "./local/Device";
+export declare class DeviceController extends TransportController {
+    get secrets(): DeviceSecretController;
+    private _secrets;
+    get id(): CoreId;
+    get publicKey(): CryptoSignaturePublicKey | undefined;
+    get certificate(): string | undefined;
+    get name(): string;
+    get description(): string | undefined;
+    get operatingSystem(): string | undefined;
+    get createdAt(): CoreDate;
+    get type(): DeviceType;
+    private _device?;
+    get device(): Device;
+    get deviceOrUndefined(): Device | undefined;
+    constructor(parent: AccountController);
+    init(baseKey?: CryptoSecretKey, device?: Device): Promise<DeviceController>;
+    changePassword(newPassword: string): Promise<void>;
+    update(name: string, description: string): Promise<void>;
+    sign(content: CoreBuffer): Promise<CryptoSignature>;
+    verify(content: CoreBuffer, signature: CryptoSignature): Promise<boolean>;
+    getCredentials(): Promise<CredentialsBasic>;
+}

package/dist/modules/devices/DeviceController.js

@@ -0,0 +1,120 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DeviceController = void 0;
+const crypto_1 = require("@nmshd/crypto");
+const core_1 = require("../../core");
+const DeviceSecretController_1 = require("./DeviceSecretController");
+const DeviceSecretCredentials_1 = require("./local/DeviceSecretCredentials");
+class DeviceController extends core_1.TransportController {
+    constructor(parent) {
+        super(core_1.ControllerName.Device, parent);
+    }
+    get secrets() {
+        return this._secrets;
+    }
+    get id() {
+        return this.device.id;
+    }
+    get publicKey() {
+        return this.device.publicKey;
+    }
+    get certificate() {
+        return this.device.certificate;
+    }
+    get name() {
+        return this.device.name;
+    }
+    get description() {
+        return this.device.description;
+    }
+    get operatingSystem() {
+        return this.device.operatingSystem;
+    }
+    get createdAt() {
+        return this.device.createdAt;
+    }
+    get type() {
+        return this.device.type;
+    }
+    get device() {
+        if (!this._device)
+            throw core_1.TransportErrors.device.deviceNotSet();
+        return this._device;
+    }
+    get deviceOrUndefined() {
+        return this._device;
+    }
+    async init(baseKey, device) {
+        await super.init();
+        if (!device) {
+            throw core_1.TransportErrors.device.deviceNotSet().logWith(this._log);
+        }
+        if (!baseKey) {
+            throw core_1.TransportErrors.secrets.secretNotFound("BaseKey").logWith(this._log);
+        }
+        this._device = device;
+        this._secrets = await new DeviceSecretController_1.DeviceSecretController(this.parent, baseKey).init();
+        return this;
+    }
+    async changePassword(newPassword) {
+        const oldPassword = (await this.getCredentials()).password;
+        await this.parent.deviceAuthClient.changeDevicePassword({
+            oldPassword: oldPassword,
+            newPassword: newPassword
+        });
+        try {
+            const credentialContainer = await this.secrets.loadSecret(DeviceSecretController_1.DeviceSecretType.DeviceCredentials);
+            if (!credentialContainer) {
+                throw new Error("There was an error while accessing the device_credentials secret.");
+            }
+            const credentials = credentialContainer.secret;
+            credentials.password = newPassword;
+            await this.secrets.storeSecret(credentials, DeviceSecretController_1.DeviceSecretType.DeviceCredentials);
+        }
+        catch (e) {
+            // TODO: JSSNMSHDD-2473 (rollback if password saving failed)
+            this.log.warn(`We've changed the device password on the backboen but weren't able to store it to the database. The new password is '${newPassword}'.`);
+            throw e;
+        }
+    }
+    async update(name, description) {
+        this.device.name = name;
+        this.device.description = description;
+        await this.parent.info.set("device", this.device);
+    }
+    async sign(content) {
+        const privateKeyContainer = await this.secrets.loadSecret(DeviceSecretController_1.DeviceSecretType.DeviceSignature);
+        if (!privateKeyContainer || !(privateKeyContainer.secret instanceof crypto_1.CryptoSignaturePrivateKey)) {
+            throw core_1.TransportErrors.secrets.secretNotFound(DeviceSecretController_1.DeviceSecretType.DeviceSignature).logWith(this._log);
+        }
+        const privateKey = privateKeyContainer.secret;
+        const signature = await core_1.CoreCrypto.sign(content, privateKey);
+        privateKey.privateKey.clear();
+        return signature;
+    }
+    async verify(content, signature) {
+        if (!this.publicKey) {
+            throw core_1.TransportErrors.device.notOnboardedYet().logWith(this._log);
+        }
+        return await core_1.CoreCrypto.verify(content, signature, this.publicKey);
+    }
+    async getCredentials() {
+        const credentialContainer = await this.secrets.loadSecret(DeviceSecretController_1.DeviceSecretType.DeviceCredentials);
+        if (!credentialContainer) {
+            throw core_1.TransportErrors.secrets.secretNotFound(DeviceSecretController_1.DeviceSecretType.DeviceCredentials).logWith(this._log);
+        }
+        if (!(credentialContainer.secret instanceof DeviceSecretCredentials_1.DeviceSecretCredentials)) {
+            throw core_1.TransportErrors.secrets.wrongSecretType(DeviceSecretController_1.DeviceSecretType.DeviceCredentials).logWith(this._log);
+        }
+        const credentials = credentialContainer.secret;
+        if (!credentials.username || !credentials.password) {
+            throw core_1.TransportErrors.secrets.wrongSecretType(DeviceSecretController_1.DeviceSecretType.DeviceCredentials).logWith(this._log);
+        }
+        return {
+            username: credentials.username,
+            password: credentials.password
+        };
+    }
+}
+exports.DeviceController = DeviceController;
+//# sourceMappingURL=DeviceController.js.map

package/dist/modules/devices/DeviceController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DeviceController.js","sourceRoot":"","sources":["../../../src/modules/devices/DeviceController.ts"],"names":[],"mappings":";;;AAAA,0CAMsB;AACtB,qCAQmB;AAEnB,qEAAmF;AAEnF,6EAAyE;AAEzE,MAAa,gBAAiB,SAAQ,0BAAmB;IA+CrD,YAAmB,MAAyB;QACxC,KAAK,CAAC,qBAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxC,CAAC;IAhDD,IAAW,OAAO;QACd,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAGD,IAAW,EAAE;QACT,OAAO,IAAI,CAAC,MAAM,CAAC,EAAE,CAAA;IACzB,CAAC;IAED,IAAW,SAAS;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAA;IAChC,CAAC;IAED,IAAW,WAAW;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA;IAClC,CAAC;IAED,IAAW,IAAI;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAA;IAC3B,CAAC;IAED,IAAW,WAAW;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAA;IAClC,CAAC;IAED,IAAW,eAAe;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAA;IACtC,CAAC;IAED,IAAW,SAAS;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAA;IAChC,CAAC;IAED,IAAW,IAAI;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAA;IAC3B,CAAC;IAGD,IAAW,MAAM;QACb,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,sBAAe,CAAC,MAAM,CAAC,YAAY,EAAE,CAAA;QAC9D,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;IACD,IAAW,iBAAiB;QACxB,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;IAMM,KAAK,CAAC,IAAI,CAAC,OAAyB,EAAE,MAAe;QACxD,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;QAElB,IAAI,CAAC,MAAM,EAAE;YACT,MAAM,sBAAe,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACjE;QACD,IAAI,CAAC,OAAO,EAAE;YACV,MAAM,sBAAe,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SAC7E;QACD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;QAErB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,+CAAsB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAA;QAE7E,OAAO,IAAI,CAAA;IACf,CAAC;IAEM,KAAK,CAAC,cAAc,CAAC,WAAmB;QAC3C,MAAM,WAAW,GAAW,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,QAAQ,CAAA;QAClE,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,oBAAoB,CAAC;YACpD,WAAW,EAAE,WAAW;YACxB,WAAW,EAAE,WAAW;SAC3B,CAAC,CAAA;QAEF,IAAI;YACA,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,yCAAgB,CAAC,iBAAiB,CAAC,CAAA;YAC7F,IAAI,CAAC,mBAAmB,EAAE;gBACtB,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAA;aACvF;YACD,MAAM,WAAW,GAA4B,mBAAmB,CAAC,MAAiC,CAAA;YAClG,WAAW,CAAC,QAAQ,GAAG,WAAW,CAAA;YAElC,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,yCAAgB,CAAC,iBAAiB,CAAC,CAAA;SAClF;QAAC,OAAO,CAAC,EAAE;YACR,4DAA4D;YAC5D,IAAI,CAAC,GAAG,CAAC,IAAI,CACT,wHAAwH,WAAW,IAAI,CAC1I,CAAA;YACD,MAAM,CAAC,CAAA;SACV;IACL,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY,EAAE,WAAmB;QACjD,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAA;QACvB,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAA;QACrC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;IACrD,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,OAAmB;QACjC,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,yCAAgB,CAAC,eAAe,CAAC,CAAA;QAC3F,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC,mBAAmB,CAAC,MAAM,YAAY,kCAAyB,CAAC,EAAE;YAC5F,MAAM,sBAAe,CAAC,OAAO,CAAC,cAAc,CAAC,yCAAgB,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACpG;QACD,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAA;QAC7C,MAAM,SAAS,GAAG,MAAM,iBAAU,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;QAC5D,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,CAAA;QAE7B,OAAO,SAAS,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,OAAmB,EAAE,SAA0B;QAC/D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;YACjB,MAAM,sBAAe,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACpE;QACD,OAAO,MAAM,iBAAU,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IACtE,CAAC;IAEM,KAAK,CAAC,cAAc;QACvB,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,yCAAgB,CAAC,iBAAiB,CAAC,CAAA;QAE7F,IAAI,CAAC,mBAAmB,EAAE;YACtB,MAAM,sBAAe,CAAC,OAAO,CAAC,cAAc,CAAC,yCAAgB,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACtG;QAED,IAAI,CAAC,CAAC,mBAAmB,CAAC,MAAM,YAAY,iDAAuB,CAAC,EAAE;YAClE,MAAM,sBAAe,CAAC,OAAO,CAAC,eAAe,CAAC,yCAAgB,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACvG;QAED,MAAM,WAAW,GAAG,mBAAmB,CAAC,MAAM,CAAA;QAC9C,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE;YAChD,MAAM,sBAAe,CAAC,OAAO,CAAC,eAAe,CAAC,yCAAgB,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;SACvG;QAED,OAAO;YACH,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,QAAQ,EAAE,WAAW,CAAC,QAAQ;SACjC,CAAA;IACL,CAAC;CACJ;AA1ID,4CA0IC"}

package/dist/modules/devices/DeviceSecretController.d.ts

@@ -0,0 +1,36 @@
+import { CryptoExchangeKeypair, CryptoExchangePrivateKey, CryptoSecretKey, CryptoSignatureKeypair, CryptoSignaturePrivateKey } from "@nmshd/crypto";
+import { TransportController } from "../../core/TransportController";
+import { AccountController } from "../accounts/AccountController";
+import { SecretContainerCipher } from "../secrets/data/SecretContainerCipher";
+import { SecretContainerPlain } from "../secrets/data/SecretContainerPlain";
+import { DatawalletModification } from "../sync/local/DatawalletModification";
+import { Device } from "./local/Device";
+import { DeviceSecretCredentials } from "./local/DeviceSecretCredentials";
+import { DeviceSharedSecret } from "./transmission/DeviceSharedSecret";
+export declare enum DeviceSecretType {
+    IdentitySynchronizationMaster = "identity_synchronization_master",
+    IdentitySignature = "identity_signature",
+    SharedSecretBaseKey = "shared_basekey",
+    DeviceSecretBaseKey = "secret_basekey",
+    DeviceSignature = "device_signature",
+    DeviceCredentials = "device_credentials"
+}
+/**
+ * The SecretController which acts as a single touchpoint to access any secret within the runtime.
+ * Each access can be audited.
+ *
+ */
+export declare class DeviceSecretController extends TransportController {
+    private secrets;
+    private static readonly secretContext;
+    private readonly baseKey?;
+    constructor(parent: AccountController, baseKey: CryptoSecretKey);
+    init(): Promise<DeviceSecretController>;
+    storeSecret(secret: DeviceSecretCredentials | CryptoExchangeKeypair | CryptoExchangePrivateKey | CryptoSignatureKeypair | CryptoSignaturePrivateKey | CryptoSecretKey, name: string): Promise<SecretContainerCipher>;
+    loadSecret(name: string): Promise<SecretContainerPlain | undefined>;
+    deleteSecret(name: string): Promise<boolean>;
+    createDeviceSharedSecret(device: Device, deviceIndex: number, includeIdentityPrivateKey?: boolean): Promise<DeviceSharedSecret>;
+    encryptDatawalletModificationPayload(event: DatawalletModification, index: number): Promise<string | undefined>;
+    decryptDatawalletModificationPayload(payloadCipherBase64: string | null, index: number): Promise<object | undefined>;
+    private getBaseKey;
+}