@opentdf/sdk 0.1.0-beta.1701

package/dist/cjs/tdf3/src/crypto/crypto-utils.js

@@ -0,0 +1,116 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toCryptoKeyPair = exports.isCryptoKeyPair = exports.isPemKeyPair = exports.removePemFormatting = exports.formatAsPem = exports.isValidAsymmetricKeySize = void 0;
+const index_js_1 = require("../../../src/encodings/index.js");
+const index_js_2 = require("./index.js");
+/**
+ * Validates a specified key size
+ * @param size in bits requested
+ * @param minSize in bits allowed
+ */
+const isValidAsymmetricKeySize = (size, minSize) => {
+    // No size specified is fine because the minSize will be used
+    if (size === undefined) {
+        return !!minSize;
+    }
+    if (typeof size !== 'number' || (minSize && size < minSize)) {
+        return false;
+    }
+    return true;
+};
+exports.isValidAsymmetricKeySize = isValidAsymmetricKeySize;
+/**
+ * Format a base64 string representation of a key file
+ * in PEM PKCS#8 format by adding a header and footer
+ * and new lines.
+ *
+ * The PEM spec says to use <CR><LF> (\r\n) per
+ * https://tools.ietf.org/html/rfc1421#section-4.3.2.2, but
+ * many implementations use just \n, so this function
+ * follows the convention over the spec.
+ *
+ * @param  base64KeyString input
+ * @param  label header and footer label that identifies key type
+ * @return formatted output
+ */
+const formatAsPem = (bytes, label) => {
+    let pemCert = `-----BEGIN ${label}-----\n`;
+    let nextIndex = 0;
+    const base64KeyString = index_js_1.base64.encodeArrayBuffer(bytes);
+    while (nextIndex < base64KeyString.length) {
+        if (nextIndex + 64 <= base64KeyString.length) {
+            pemCert += `${base64KeyString.substr(nextIndex, 64)}\n`;
+        }
+        else {
+            pemCert += `${base64KeyString.substr(nextIndex)}\n`;
+        }
+        nextIndex += 64;
+    }
+    pemCert += `-----END ${label}-----\n`;
+    return pemCert;
+};
+exports.formatAsPem = formatAsPem;
+/**
+ * Remove PEM formatting (new line characters and headers / footers)
+ * from a PEM string
+ *
+ * @param  input - PEM formatted string
+ * @return String with formatting removed
+ */
+const removePemFormatting = (input) => {
+    if (typeof input !== 'string') {
+        console.error('Not a pem string', input);
+        return input;
+    }
+    const oneLiner = input.replace(/[\n\r]/g, '');
+    // https://www.rfc-editor.org/rfc/rfc7468#section-2
+    return oneLiner.replace(/-----(?:BEGIN|END)\s(?:RSA\s)?(?:PUBLIC|PRIVATE|CERTIFICATE)\sKEY-----/g, '');
+};
+exports.removePemFormatting = removePemFormatting;
+const PEMRE = /-----BEGIN\s((?:RSA\s)?(?:PUBLIC\sKEY|PRIVATE\sKEY|CERTIFICATE))-----[\s0-9A-Za-z+/=]+-----END\s\1-----/;
+const isPemKeyPair = (i) => {
+    const { privateKey, publicKey } = i;
+    if (typeof privateKey !== 'string' || typeof publicKey !== 'string') {
+        return false;
+    }
+    const privateMatch = PEMRE.exec(privateKey);
+    if (!privateMatch || !privateMatch[1] || privateMatch[1].indexOf('PRIVATE KEY') < 0) {
+        return false;
+    }
+    const publicMatch = PEMRE.exec(publicKey);
+    if (!publicMatch || !publicMatch[1] || publicMatch[1].indexOf('PRIVATE') >= 0) {
+        return false;
+    }
+    return true;
+};
+exports.isPemKeyPair = isPemKeyPair;
+const isCryptoKeyPair = (i) => {
+    const { privateKey, publicKey } = i;
+    if (typeof privateKey !== 'object' || typeof publicKey !== 'object') {
+        return false;
+    }
+    if (!(privateKey instanceof CryptoKey) || !(publicKey instanceof CryptoKey)) {
+        return false;
+    }
+    return privateKey.type === 'private' && publicKey.type === 'public';
+};
+exports.isCryptoKeyPair = isCryptoKeyPair;
+const toCryptoKeyPair = async (input) => {
+    if ((0, exports.isCryptoKeyPair)(input)) {
+        return input;
+    }
+    if (!(0, exports.isPemKeyPair)(input)) {
+        throw new Error('internal: generated invalid keypair');
+    }
+    const k = [input.publicKey, input.privateKey]
+        .map(exports.removePemFormatting)
+        .map((e) => index_js_1.base64.decodeArrayBuffer(e));
+    const algorithm = (0, index_js_2.rsaPkcs1Sha256)();
+    const [publicKey, privateKey] = await Promise.all([
+        crypto.subtle.importKey('spki', k[0], algorithm, true, ['verify']),
+        crypto.subtle.importKey('pkcs8', k[1], algorithm, true, ['sign']),
+    ]);
+    return { privateKey, publicKey };
+};
+exports.toCryptoKeyPair = toCryptoKeyPair;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY3J5cHRvLXV0aWxzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY3J5cHRvL2NyeXB0by11dGlscy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw4REFBeUQ7QUFFekQseUNBQTRDO0FBRTVDOzs7O0dBSUc7QUFDSSxNQUFNLHdCQUF3QixHQUFHLENBQUMsSUFBd0IsRUFBRSxPQUFnQixFQUFXLEVBQUU7SUFDOUYsNkRBQTZEO0lBQzdELElBQUksSUFBSSxLQUFLLFNBQVMsRUFBRTtRQUN0QixPQUFPLENBQUMsQ0FBQyxPQUFPLENBQUM7S0FDbEI7SUFFRCxJQUFJLE9BQU8sSUFBSSxLQUFLLFFBQVEsSUFBSSxDQUFDLE9BQU8sSUFBSSxJQUFJLEdBQUcsT0FBTyxDQUFDLEVBQUU7UUFDM0QsT0FBTyxLQUFLLENBQUM7S0FDZDtJQUVELE9BQU8sSUFBSSxDQUFDO0FBQ2QsQ0FBQyxDQUFDO0FBWFcsUUFBQSx3QkFBd0IsNEJBV25DO0FBRUY7Ozs7Ozs7Ozs7Ozs7R0FhRztBQUNJLE1BQU0sV0FBVyxHQUFHLENBQUMsS0FBa0IsRUFBRSxLQUFhLEVBQVUsRUFBRTtJQUN2RSxJQUFJLE9BQU8sR0FBRyxjQUFjLEtBQUssU0FBUyxDQUFDO0lBQzNDLElBQUksU0FBUyxHQUFHLENBQUMsQ0FBQztJQUNsQixNQUFNLGVBQWUsR0FBRyxpQkFBTSxDQUFDLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3hELE9BQU8sU0FBUyxHQUFHLGVBQWUsQ0FBQyxNQUFNLEVBQUU7UUFDekMsSUFBSSxTQUFTLEdBQUcsRUFBRSxJQUFJLGVBQWUsQ0FBQyxNQUFNLEVBQUU7WUFDNUMsT0FBTyxJQUFJLEdBQUcsZUFBZSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQztTQUN6RDthQUFNO1lBQ0wsT0FBTyxJQUFJLEdBQUcsZUFBZSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDO1NBQ3JEO1FBQ0QsU0FBUyxJQUFJLEVBQUUsQ0FBQztLQUNqQjtJQUNELE9BQU8sSUFBSSxZQUFZLEtBQUssU0FBUyxDQUFDO0lBQ3RDLE9BQU8sT0FBTyxDQUFDO0FBQ2pCLENBQUMsQ0FBQztBQWRXLFFBQUEsV0FBVyxlQWN0QjtBQUVGOzs7Ozs7R0FNRztBQUNJLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxLQUFhLEVBQVUsRUFBRTtJQUMzRCxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsRUFBRTtRQUM3QixPQUFPLENBQUMsS0FBSyxDQUFDLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3pDLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFDRCxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM5QyxtREFBbUQ7SUFDbkQsT0FBTyxRQUFRLENBQUMsT0FBTyxDQUNyQix5RUFBeUUsRUFDekUsRUFBRSxDQUNILENBQUM7QUFDSixDQUFDLENBQUM7QUFYVyxRQUFBLG1CQUFtQix1QkFXOUI7QUFFRixNQUFNLEtBQUssR0FDVCx5R0FBeUcsQ0FBQztBQUVyRyxNQUFNLFlBQVksR0FBRyxDQUFDLENBQWEsRUFBbUIsRUFBRTtJQUM3RCxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztJQUNwQyxJQUFJLE9BQU8sVUFBVSxLQUFLLFFBQVEsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUU7UUFDbkUsT0FBTyxLQUFLLENBQUM7S0FDZDtJQUNELE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDNUMsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsSUFBSSxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsRUFBRTtRQUNuRixPQUFPLEtBQUssQ0FBQztLQUNkO0lBQ0QsTUFBTSxXQUFXLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUMxQyxJQUFJLENBQUMsV0FBVyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFO1FBQzdFLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFDRCxPQUFPLElBQUksQ0FBQztBQUNkLENBQUMsQ0FBQztBQWRXLFFBQUEsWUFBWSxnQkFjdkI7QUFFSyxNQUFNLGVBQWUsR0FBRyxDQUFDLENBQWEsRUFBc0IsRUFBRTtJQUNuRSxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztJQUNwQyxJQUFJLE9BQU8sVUFBVSxLQUFLLFFBQVEsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUU7UUFDbkUsT0FBTyxLQUFLLENBQUM7S0FDZDtJQUNELElBQUksQ0FBQyxDQUFDLFVBQVUsWUFBWSxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxZQUFZLFNBQVMsQ0FBQyxFQUFFO1FBQzNFLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFDRCxPQUFPLFVBQVUsQ0FBQyxJQUFJLEtBQUssU0FBUyxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssUUFBUSxDQUFDO0FBQ3RFLENBQUMsQ0FBQztBQVRXLFFBQUEsZUFBZSxtQkFTMUI7QUFFSyxNQUFNLGVBQWUsR0FBRyxLQUFLLEVBQUUsS0FBaUIsRUFBMEIsRUFBRTtJQUNqRixJQUFJLElBQUEsdUJBQWUsRUFBQyxLQUFLLENBQUMsRUFBRTtRQUMxQixPQUFPLEtBQUssQ0FBQztLQUNkO0lBQ0QsSUFBSSxDQUFDLElBQUEsb0JBQVksRUFBQyxLQUFLLENBQUMsRUFBRTtRQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLENBQUM7S0FDeEQ7SUFDRCxNQUFNLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLFVBQVUsQ0FBQztTQUMxQyxHQUFHLENBQUMsMkJBQW1CLENBQUM7U0FDeEIsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxpQkFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDM0MsTUFBTSxTQUFTLEdBQUcsSUFBQSx5QkFBYyxHQUFFLENBQUM7SUFDbkMsTUFBTSxDQUFDLFNBQVMsRUFBRSxVQUFVLENBQUMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDaEQsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDbEUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7S0FDbEUsQ0FBQyxDQUFDO0lBQ0gsT0FBTyxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsQ0FBQztBQUNuQyxDQUFDLENBQUM7QUFoQlcsUUFBQSxlQUFlLG1CQWdCMUIifQ==

package/dist/cjs/tdf3/src/crypto/declarations.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MIN_ASYMMETRIC_KEY_SIZE_BITS = void 0;
+/**
+ * The minimum acceptable asymetric key size, currently 2^11.
+ */
+exports.MIN_ASYMMETRIC_KEY_SIZE_BITS = 2048;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjbGFyYXRpb25zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY3J5cHRvL2RlY2xhcmF0aW9ucy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFzQkE7O0dBRUc7QUFDVSxRQUFBLDRCQUE0QixHQUFHLElBQUksQ0FBQyJ9

package/dist/cjs/tdf3/src/crypto/index.js

@@ -0,0 +1,315 @@
+"use strict";
+/**
+ * This file is for using native crypto in the browser.
+ *
+ * @private
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultCryptoService = exports.hex2Ab = exports.hmac = exports.sha256 = exports.encrypt = exports.decrypt = exports.decryptWithPrivateKey = exports.randomBytesAsHex = exports.randomBytes = exports.generateInitializationVector = exports.encryptWithPublicKey = exports.cryptoToPemPair = exports.generateSigningKeyPair = exports.generateKeyPair = exports.generateKey = exports.rsaPkcs1Sha256 = exports.rsaOaepSha1 = exports.name = exports.method = exports.isSupported = void 0;
+const index_js_1 = require("../ciphers/index.js");
+const binary_js_1 = require("../binary.js");
+const declarations_js_1 = require("./declarations.js");
+const errors_js_1 = require("../../../src/errors.js");
+const crypto_utils_js_1 = require("./crypto-utils.js");
+const hex_js_1 = require("../../../src/encodings/hex.js");
+const base64_js_1 = require("../../../src/encodings/base64.js");
+// Used to pass into native crypto functions
+const METHODS = ['encrypt', 'decrypt'];
+exports.isSupported = typeof globalThis?.crypto !== 'undefined';
+exports.method = 'http://www.w3.org/2001/04/xmlenc#aes256-cbc';
+exports.name = 'BrowserNativeCryptoService';
+/**
+ * Get a DOMString representing the algorithm to use for an
+ * asymmetric key generation.
+ */
+function rsaOaepSha1(modulusLength = declarations_js_1.MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+    if (!modulusLength || modulusLength < declarations_js_1.MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+        throw new errors_js_1.ConfigurationError('Invalid key size requested');
+    }
+    return {
+        name: 'RSA-OAEP',
+        hash: {
+            name: 'SHA-1',
+        },
+        modulusLength,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // 24 bit representation of 65537
+    };
+}
+exports.rsaOaepSha1 = rsaOaepSha1;
+function rsaPkcs1Sha256(modulusLength = declarations_js_1.MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+    if (!modulusLength || modulusLength < declarations_js_1.MIN_ASYMMETRIC_KEY_SIZE_BITS) {
+        throw new errors_js_1.ConfigurationError('Invalid key size requested');
+    }
+    return {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: {
+            name: 'SHA-256',
+        },
+        modulusLength,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // 24 bit representation of 65537
+    };
+}
+exports.rsaPkcs1Sha256 = rsaPkcs1Sha256;
+/**
+ * Generate a random hex key
+ * @return New key as a hex string
+ */
+async function generateKey(length) {
+    return randomBytesAsHex(length || 32);
+}
+exports.generateKey = generateKey;
+/**
+ * Generate an RSA key pair
+ * @see    {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey}
+ * @param  size in bits
+ */
+async function generateKeyPair(size) {
+    const algoDomString = rsaOaepSha1(size || declarations_js_1.MIN_ASYMMETRIC_KEY_SIZE_BITS);
+    return crypto.subtle.generateKey(algoDomString, true, METHODS);
+}
+exports.generateKeyPair = generateKeyPair;
+/**
+ * Generate an RSA key pair suitable for signatures
+ * @see    {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey}
+ */
+async function generateSigningKeyPair() {
+    return crypto.subtle.generateKey({
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: 'SHA-256',
+        modulusLength: 2048,
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+    }, true, ['sign', 'verify']);
+}
+exports.generateSigningKeyPair = generateSigningKeyPair;
+async function cryptoToPemPair(keysMaybe) {
+    const keys = keysMaybe;
+    if (!keys.privateKey || !keys.publicKey) {
+        // These are only ever generated here, so this should not happen
+        throw new Error('internal: invalid keys');
+    }
+    const [exPublic, exPrivate] = await Promise.all([
+        crypto.subtle.exportKey('spki', keys.publicKey),
+        crypto.subtle.exportKey('pkcs8', keys.privateKey),
+    ]);
+    return {
+        publicKey: (0, crypto_utils_js_1.formatAsPem)(exPublic, 'PUBLIC KEY'),
+        privateKey: (0, crypto_utils_js_1.formatAsPem)(exPrivate, 'PRIVATE KEY'),
+    };
+}
+exports.cryptoToPemPair = cryptoToPemPair;
+/**
+ * Encrypt using a public key
+ * @param payload Payload to encrypt
+ * @param publicKey PEM formatted public key
+ * @return Encrypted payload
+ */
+async function encryptWithPublicKey(payload, publicKey) {
+    console.assert(typeof payload === 'object');
+    console.assert(typeof publicKey === 'string');
+    const algoDomString = rsaOaepSha1();
+    // Web Crypto APIs don't work with PEM formatted strings
+    publicKey = (0, crypto_utils_js_1.removePemFormatting)(publicKey);
+    const keyBuffer = (0, base64_js_1.decodeArrayBuffer)(publicKey);
+    const cryptoKey = await crypto.subtle.importKey('spki', keyBuffer, algoDomString, false, [
+        'encrypt',
+    ]);
+    const result = await crypto.subtle.encrypt({ name: 'RSA-OAEP' }, cryptoKey, payload.asArrayBuffer());
+    return binary_js_1.Binary.fromArrayBuffer(result);
+}
+exports.encryptWithPublicKey = encryptWithPublicKey;
+/**
+ * Generate a 16-byte initialization vector
+ */
+async function generateInitializationVector(length) {
+    return randomBytesAsHex(length || 16);
+}
+exports.generateInitializationVector = generateInitializationVector;
+async function randomBytes(byteLength) {
+    const r = new Uint8Array(byteLength);
+    crypto.getRandomValues(r);
+    return r;
+}
+exports.randomBytes = randomBytes;
+/**
+ * Returns a promise to the encryption key as a binary string.
+ *
+ * Note: This function should almost never fail as it includes a fallback
+ * if for some reason the native generate key fails.
+ *
+ * @param length The key length, defaults to 256
+ *
+ * @returns The hex string.
+ */
+async function randomBytesAsHex(length) {
+    // Create a typed array of the correct length to fill
+    const r = new Uint8Array(length);
+    crypto.getRandomValues(r);
+    return (0, hex_js_1.encodeArrayBuffer)(r.buffer);
+}
+exports.randomBytesAsHex = randomBytesAsHex;
+/**
+ * Decrypt a public-key encrypted payload with a private key
+ * @param  encryptedPayload  Payload to decrypt
+ * @param  privateKey        PEM formatted private keynpmv
+ * @return Decrypted payload
+ */
+async function decryptWithPrivateKey(encryptedPayload, privateKey) {
+    console.assert(typeof encryptedPayload === 'object', 'encryptedPayload must be object');
+    console.assert(typeof privateKey === 'string', 'privateKey must be string');
+    const algoDomString = rsaOaepSha1();
+    // Web Crypto APIs don't work with PEM formatted strings
+    const keyDataString = (0, crypto_utils_js_1.removePemFormatting)(privateKey);
+    const keyData = (0, base64_js_1.decodeArrayBuffer)(keyDataString);
+    const key = await crypto.subtle.importKey('pkcs8', keyData, algoDomString, false, ['decrypt']);
+    const payload = await crypto.subtle.decrypt({ name: 'RSA-OAEP' }, key, encryptedPayload.asArrayBuffer());
+    const bufferView = new Uint8Array(payload);
+    return binary_js_1.Binary.fromArrayBuffer(bufferView.buffer);
+}
+exports.decryptWithPrivateKey = decryptWithPrivateKey;
+/**
+ * Decrypt content synchronously
+ * @param payload The payload to decrypt
+ * @param key     The encryption key
+ * @param iv      The initialization vector
+ * @param algorithm The algorithm to use for encryption
+ * @param authTag The authentication tag for authenticated crypto.
+ */
+function decrypt(payload, key, iv, algorithm, authTag) {
+    return _doDecrypt(payload, key, iv, algorithm, authTag);
+}
+exports.decrypt = decrypt;
+/**
+ * Encrypt content synchronously
+ * @param payload   The payload to encrypt
+ * @param key       The encryption key
+ * @param iv        The initialization vector
+ * @param algorithm The algorithm to use for encryption
+ */
+function encrypt(payload, key, iv, algorithm) {
+    return _doEncrypt(payload, key, iv, algorithm);
+}
+exports.encrypt = encrypt;
+async function _doEncrypt(payload, key, iv, algorithm) {
+    console.assert(payload != null);
+    console.assert(key != null);
+    console.assert(iv != null);
+    const payloadBuffer = payload.asArrayBuffer();
+    const algoDomString = getSymmetricAlgoDomString(iv, algorithm);
+    const importedKey = await _importKey(key, algoDomString);
+    const encrypted = await crypto.subtle.encrypt(algoDomString, importedKey, payloadBuffer);
+    if (algoDomString.name === 'AES-GCM') {
+        return {
+            payload: binary_js_1.Binary.fromArrayBuffer(encrypted.slice(0, -16)),
+            authTag: binary_js_1.Binary.fromArrayBuffer(encrypted.slice(-16)),
+        };
+    }
+    return {
+        payload: binary_js_1.Binary.fromArrayBuffer(encrypted),
+    };
+}
+async function _doDecrypt(payload, key, iv, algorithm, authTag) {
+    console.assert(payload != null);
+    console.assert(key != null);
+    console.assert(iv != null);
+    let payloadBuffer = payload.asArrayBuffer();
+    // Concat the the auth tag to the payload for decryption
+    if (authTag) {
+        const authTagBuffer = authTag.asArrayBuffer();
+        const gcmPayload = new Uint8Array(payloadBuffer.byteLength + authTagBuffer.byteLength);
+        gcmPayload.set(new Uint8Array(payloadBuffer), 0);
+        gcmPayload.set(new Uint8Array(authTagBuffer), payloadBuffer.byteLength);
+        payloadBuffer = gcmPayload.buffer;
+    }
+    const algoDomString = getSymmetricAlgoDomString(iv, algorithm);
+    const importedKey = await _importKey(key, algoDomString);
+    algoDomString.iv = iv.asArrayBuffer();
+    const decrypted = await crypto.subtle
+        .decrypt(algoDomString, importedKey, payloadBuffer)
+        // Catching this error so we can specifically check for OperationError
+        .catch((err) => {
+        if (err.name === 'OperationError') {
+            throw new errors_js_1.DecryptError(err);
+        }
+        throw err;
+    });
+    return { payload: binary_js_1.Binary.fromArrayBuffer(decrypted) };
+}
+function _importKey(key, algorithm) {
+    return crypto.subtle.importKey('raw', key.asArrayBuffer(), algorithm, true, METHODS);
+}
+/**
+ * Get a DOMString representing the algorithm to use for a crypto
+ * operation. Defaults to AES-CBC.
+ * @param  {String|undefined} algorithm
+ * @return {DOMString} Algorithm to use
+ */
+function getSymmetricAlgoDomString(iv, algorithm) {
+    let nativeAlgorithm = 'AES-CBC';
+    if (algorithm === index_js_1.Algorithms.AES_256_GCM) {
+        nativeAlgorithm = 'AES-GCM';
+    }
+    return {
+        name: nativeAlgorithm,
+        iv: iv.asArrayBuffer(),
+    };
+}
+/**
+ * Create a SHA256 hash. Code refrenced from MDN:
+ * https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
+ * @param  content  String content
+ * @return Hex hash
+ */
+async function sha256(content) {
+    const buffer = new TextEncoder().encode(content);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', buffer);
+    return (0, hex_js_1.encodeArrayBuffer)(hashBuffer);
+}
+exports.sha256 = sha256;
+/**
+ * Create an HMAC SHA256 hash
+ * @param  key     Key string
+ * @param  content Content string
+ * @return Hex hash
+ */
+async function hmac(key, content) {
+    const contentBuffer = new TextEncoder().encode(content);
+    const keyBuffer = hex2Ab(key);
+    const cryptoKey = await crypto.subtle.importKey('raw', keyBuffer, {
+        name: 'HMAC',
+        hash: { name: 'SHA-256' },
+    }, true, ['sign', 'verify']);
+    const hashBuffer = await crypto.subtle.sign('HMAC', cryptoKey, contentBuffer);
+    return (0, hex_js_1.encodeArrayBuffer)(hashBuffer);
+}
+exports.hmac = hmac;
+/**
+ * Create an ArrayBuffer from a hex string.
+ * https://developers.google.com/web/updates/2012/06/How-to-convert-ArrayBuffer-to-and-from-String?hl=en
+ * @param  hex - Hex string
+ */
+function hex2Ab(hex) {
+    const buffer = new ArrayBuffer(hex.length / 2);
+    const bufferView = new Uint8Array(buffer);
+    for (let i = 0; i < hex.length; i += 2) {
+        bufferView[i / 2] = parseInt(hex.substr(i, 2), 16);
+    }
+    return buffer;
+}
+exports.hex2Ab = hex2Ab;
+exports.DefaultCryptoService = {
+    name: exports.name,
+    method: exports.method,
+    cryptoToPemPair,
+    decrypt,
+    decryptWithPrivateKey,
+    encrypt,
+    encryptWithPublicKey,
+    generateInitializationVector,
+    generateKey,
+    generateKeyPair,
+    generateSigningKeyPair,
+    hmac,
+    randomBytes,
+    sha256,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jcnlwdG8vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7O0dBSUc7OztBQUVILGtEQUFpRDtBQUNqRCw0Q0FBc0M7QUFDdEMsdURBTTJCO0FBQzNCLHNEQUEwRTtBQUMxRSx1REFBcUU7QUFDckUsMERBQStFO0FBQy9FLGdFQUFxRjtBQUdyRiw0Q0FBNEM7QUFDNUMsTUFBTSxPQUFPLEdBQWUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7QUFDdEMsUUFBQSxXQUFXLEdBQUcsT0FBTyxVQUFVLEVBQUUsTUFBTSxLQUFLLFdBQVcsQ0FBQztBQUV4RCxRQUFBLE1BQU0sR0FBRyw2Q0FBNkMsQ0FBQztBQUN2RCxRQUFBLElBQUksR0FBRyw0QkFBNEIsQ0FBQztBQUVqRDs7O0dBR0c7QUFDSCxTQUFnQixXQUFXLENBQ3pCLGdCQUF3Qiw4Q0FBNEI7SUFFcEQsSUFBSSxDQUFDLGFBQWEsSUFBSSxhQUFhLEdBQUcsOENBQTRCLEVBQUU7UUFDbEUsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDRCQUE0QixDQUFDLENBQUM7S0FDNUQ7SUFDRCxPQUFPO1FBQ0wsSUFBSSxFQUFFLFVBQVU7UUFDaEIsSUFBSSxFQUFFO1lBQ0osSUFBSSxFQUFFLE9BQU87U0FDZDtRQUNELGFBQWE7UUFDYixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDLEVBQUUsaUNBQWlDO0tBQ3RGLENBQUM7QUFDSixDQUFDO0FBZEQsa0NBY0M7QUFFRCxTQUFnQixjQUFjLENBQzVCLGdCQUF3Qiw4Q0FBNEI7SUFFcEQsSUFBSSxDQUFDLGFBQWEsSUFBSSxhQUFhLEdBQUcsOENBQTRCLEVBQUU7UUFDbEUsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDRCQUE0QixDQUFDLENBQUM7S0FDNUQ7SUFDRCxPQUFPO1FBQ0wsSUFBSSxFQUFFLG1CQUFtQjtRQUN6QixJQUFJLEVBQUU7WUFDSixJQUFJLEVBQUUsU0FBUztTQUNoQjtRQUNELGFBQWE7UUFDYixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDLEVBQUUsaUNBQWlDO0tBQ3RGLENBQUM7QUFDSixDQUFDO0FBZEQsd0NBY0M7QUFFRDs7O0dBR0c7QUFDSSxLQUFLLFVBQVUsV0FBVyxDQUFDLE1BQWU7SUFDL0MsT0FBTyxnQkFBZ0IsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLENBQUM7QUFDeEMsQ0FBQztBQUZELGtDQUVDO0FBRUQ7Ozs7R0FJRztBQUNJLEtBQUssVUFBVSxlQUFlLENBQUMsSUFBYTtJQUNqRCxNQUFNLGFBQWEsR0FBRyxXQUFXLENBQUMsSUFBSSxJQUFJLDhDQUE0QixDQUFDLENBQUM7SUFDeEUsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxhQUFhLEVBQUUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0FBQ2pFLENBQUM7QUFIRCwwQ0FHQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSxzQkFBc0I7SUFDMUMsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FDOUI7UUFDRSxJQUFJLEVBQUUsbUJBQW1CO1FBQ3pCLElBQUksRUFBRSxTQUFTO1FBQ2YsYUFBYSxFQUFFLElBQUk7UUFDbkIsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztLQUNuRCxFQUNELElBQUksRUFDSixDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FDbkIsQ0FBQztBQUNKLENBQUM7QUFYRCx3REFXQztBQUVNLEtBQUssVUFBVSxlQUFlLENBQUMsU0FBa0I7SUFDdEQsTUFBTSxJQUFJLEdBQUcsU0FBMEIsQ0FBQztJQUN4QyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUU7UUFDdkMsZ0VBQWdFO1FBQ2hFLE1BQU0sSUFBSSxLQUFLLENBQUMsd0JBQXdCLENBQUMsQ0FBQztLQUMzQztJQUVELE1BQU0sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDO1FBQzlDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQy9DLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDO0tBQ2xELENBQUMsQ0FBQztJQUNILE9BQU87UUFDTCxTQUFTLEVBQUUsSUFBQSw2QkFBVyxFQUFDLFFBQVEsRUFBRSxZQUFZLENBQUM7UUFDOUMsVUFBVSxFQUFFLElBQUEsNkJBQVcsRUFBQyxTQUFTLEVBQUUsYUFBYSxDQUFDO0tBQ2xELENBQUM7QUFDSixDQUFDO0FBZkQsMENBZUM7QUFFRDs7Ozs7R0FLRztBQUNJLEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxPQUFlLEVBQUUsU0FBaUI7SUFDM0UsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLE9BQU8sS0FBSyxRQUFRLENBQUMsQ0FBQztJQUM1QyxPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sU0FBUyxLQUFLLFFBQVEsQ0FBQyxDQUFDO0lBRTlDLE1BQU0sYUFBYSxHQUFHLFdBQVcsRUFBRSxDQUFDO0lBRXBDLHdEQUF3RDtJQUN4RCxTQUFTLEdBQUcsSUFBQSxxQ0FBbUIsRUFBQyxTQUFTLENBQUMsQ0FBQztJQUUzQyxNQUFNLFNBQVMsR0FBRyxJQUFBLDZCQUFZLEVBQUMsU0FBUyxDQUFDLENBQUM7SUFDMUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUU7UUFDdkYsU0FBUztLQUNWLENBQUMsQ0FBQztJQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQ3hDLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxFQUNwQixTQUFTLEVBQ1QsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUN4QixDQUFDO0lBQ0YsT0FBTyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUN4QyxDQUFDO0FBbkJELG9EQW1CQztBQUVEOztHQUVHO0FBQ0ksS0FBSyxVQUFVLDRCQUE0QixDQUFDLE1BQWU7SUFDaEUsT0FBTyxnQkFBZ0IsQ0FBQyxNQUFNLElBQUksRUFBRSxDQUFDLENBQUM7QUFDeEMsQ0FBQztBQUZELG9FQUVDO0FBRU0sS0FBSyxVQUFVLFdBQVcsQ0FBQyxVQUFrQjtJQUNsRCxNQUFNLENBQUMsR0FBRyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNyQyxNQUFNLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQzFCLE9BQU8sQ0FBQyxDQUFDO0FBQ1gsQ0FBQztBQUpELGtDQUlDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0ksS0FBSyxVQUFVLGdCQUFnQixDQUFDLE1BQWM7SUFDbkQscURBQXFEO0lBQ3JELE1BQU0sQ0FBQyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ2pDLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDMUIsT0FBTyxJQUFBLDBCQUFTLEVBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQzdCLENBQUM7QUFMRCw0Q0FLQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxnQkFBd0IsRUFDeEIsVUFBa0I7SUFFbEIsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLGdCQUFnQixLQUFLLFFBQVEsRUFBRSxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3hGLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxVQUFVLEtBQUssUUFBUSxFQUFFLDJCQUEyQixDQUFDLENBQUM7SUFFNUUsTUFBTSxhQUFhLEdBQUcsV0FBVyxFQUFFLENBQUM7SUFFcEMsd0RBQXdEO0lBQ3hELE1BQU0sYUFBYSxHQUFHLElBQUEscUNBQW1CLEVBQUMsVUFBVSxDQUFDLENBQUM7SUFDdEQsTUFBTSxPQUFPLEdBQUcsSUFBQSw2QkFBWSxFQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRTVDLE1BQU0sR0FBRyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztJQUMvRixNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUN6QyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsRUFDcEIsR0FBRyxFQUNILGdCQUFnQixDQUFDLGFBQWEsRUFBRSxDQUNqQyxDQUFDO0lBQ0YsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDM0MsT0FBTyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDbkQsQ0FBQztBQXJCRCxzREFxQkM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsU0FBZ0IsT0FBTyxDQUNyQixPQUFlLEVBQ2YsR0FBVyxFQUNYLEVBQVUsRUFDVixTQUF3QixFQUN4QixPQUFnQjtJQUVoQixPQUFPLFVBQVUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7QUFDMUQsQ0FBQztBQVJELDBCQVFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBZ0IsT0FBTyxDQUNyQixPQUFlLEVBQ2YsR0FBVyxFQUNYLEVBQVUsRUFDVixTQUF3QjtJQUV4QixPQUFPLFVBQVUsQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxTQUFTLENBQUMsQ0FBQztBQUNqRCxDQUFDO0FBUEQsMEJBT0M7QUFFRCxLQUFLLFVBQVUsVUFBVSxDQUN2QixPQUFlLEVBQ2YsR0FBVyxFQUNYLEVBQVUsRUFDVixTQUF3QjtJQUV4QixPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sSUFBSSxJQUFJLENBQUMsQ0FBQztJQUNoQyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsSUFBSSxJQUFJLENBQUMsQ0FBQztJQUM1QixPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsSUFBSSxJQUFJLENBQUMsQ0FBQztJQUUzQixNQUFNLGFBQWEsR0FBRyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDOUMsTUFBTSxhQUFhLEdBQUcseUJBQXlCLENBQUMsRUFBRSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBRS9ELE1BQU0sV0FBVyxHQUFHLE1BQU0sVUFBVSxDQUFDLEdBQUcsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUN6RCxNQUFNLFNBQVMsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxXQUFXLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDekYsSUFBSSxhQUFhLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtRQUNwQyxPQUFPO1lBQ0wsT0FBTyxFQUFFLGtCQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDeEQsT0FBTyxFQUFFLGtCQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztTQUN0RCxDQUFDO0tBQ0g7SUFDRCxPQUFPO1FBQ0wsT0FBTyxFQUFFLGtCQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQztLQUMzQyxDQUFDO0FBQ0osQ0FBQztBQUVELEtBQUssVUFBVSxVQUFVLENBQ3ZCLE9BQWUsRUFDZixHQUFXLEVBQ1gsRUFBVSxFQUNWLFNBQXdCLEVBQ3hCLE9BQWdCO0lBRWhCLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxDQUFDO0lBQ2hDLE9BQU8sQ0FBQyxNQUFNLENBQUMsR0FBRyxJQUFJLElBQUksQ0FBQyxDQUFDO0lBQzVCLE9BQU8sQ0FBQyxNQUFNLENBQUMsRUFBRSxJQUFJLElBQUksQ0FBQyxDQUFDO0lBRTNCLElBQUksYUFBYSxHQUFHLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUU1Qyx3REFBd0Q7SUFDeEQsSUFBSSxPQUFPLEVBQUU7UUFDWCxNQUFNLGFBQWEsR0FBRyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDOUMsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUMsYUFBYSxDQUFDLFVBQVUsR0FBRyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDdkYsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNqRCxVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLGFBQWEsQ0FBQyxFQUFFLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUN4RSxhQUFhLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQztLQUNuQztJQUVELE1BQU0sYUFBYSxHQUFHLHlCQUF5QixDQUFDLEVBQUUsRUFBRSxTQUFTLENBQUMsQ0FBQztJQUUvRCxNQUFNLFdBQVcsR0FBRyxNQUFNLFVBQVUsQ0FBQyxHQUFHLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDekQsYUFBYSxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUMsYUFBYSxFQUFFLENBQUM7SUFFdEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTTtTQUNsQyxPQUFPLENBQUMsYUFBYSxFQUFFLFdBQVcsRUFBRSxhQUFhLENBQUM7UUFDbkQsc0VBQXNFO1NBQ3JFLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1FBQ2IsSUFBSSxHQUFHLENBQUMsSUFBSSxLQUFLLGdCQUFnQixFQUFFO1lBQ2pDLE1BQU0sSUFBSSx3QkFBWSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1NBQzdCO1FBRUQsTUFBTSxHQUFHLENBQUM7SUFDWixDQUFDLENBQUMsQ0FBQztJQUNMLE9BQU8sRUFBRSxPQUFPLEVBQUUsa0JBQU0sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztBQUN4RCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsR0FBVyxFQUFFLFNBQXNDO0lBQ3JFLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxhQUFhLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0FBQ3ZGLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILFNBQVMseUJBQXlCLENBQ2hDLEVBQVUsRUFDVixTQUF3QjtJQUV4QixJQUFJLGVBQWUsR0FBRyxTQUFTLENBQUM7SUFDaEMsSUFBSSxTQUFTLEtBQUsscUJBQVUsQ0FBQyxXQUFXLEVBQUU7UUFDeEMsZUFBZSxHQUFHLFNBQVMsQ0FBQztLQUM3QjtJQUVELE9BQU87UUFDTCxJQUFJLEVBQUUsZUFBZTtRQUNyQixFQUFFLEVBQUUsRUFBRSxDQUFDLGFBQWEsRUFBRTtLQUN2QixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLE1BQU0sQ0FBQyxPQUFlO0lBQzFDLE1BQU0sTUFBTSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ2pELE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2pFLE9BQU8sSUFBQSwwQkFBUyxFQUFDLFVBQVUsQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFKRCx3QkFJQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLElBQUksQ0FBQyxHQUFXLEVBQUUsT0FBZTtJQUNyRCxNQUFNLGFBQWEsR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN4RCxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUIsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDN0MsS0FBSyxFQUNMLFNBQVMsRUFDVDtRQUNFLElBQUksRUFBRSxNQUFNO1FBQ1osSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtLQUMxQixFQUNELElBQUksRUFDSixDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FDbkIsQ0FBQztJQUNGLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUM5RSxPQUFPLElBQUEsMEJBQVMsRUFBQyxVQUFVLENBQUMsQ0FBQztBQUMvQixDQUFDO0FBZkQsb0JBZUM7QUFFRDs7OztHQUlHO0FBQ0gsU0FBZ0IsTUFBTSxDQUFDLEdBQVc7SUFDaEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxXQUFXLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztJQUMvQyxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUUxQyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxFQUFFO1FBQ3RDLFVBQVUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0tBQ3BEO0lBRUQsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQVRELHdCQVNDO0FBRVksUUFBQSxvQkFBb0IsR0FBa0I7SUFDakQsSUFBSSxFQUFKLFlBQUk7SUFDSixNQUFNLEVBQU4sY0FBTTtJQUNOLGVBQWU7SUFDZixPQUFPO0lBQ1AscUJBQXFCO0lBQ3JCLE9BQU87SUFDUCxvQkFBb0I7SUFDcEIsNEJBQTRCO0lBQzVCLFdBQVc7SUFDWCxlQUFlO0lBQ2Ysc0JBQXNCO0lBQ3RCLElBQUk7SUFDSixXQUFXO0lBQ1gsTUFBTTtDQUNQLENBQUMifQ==

package/dist/cjs/tdf3/src/index.js

@@ -0,0 +1,34 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clientType = exports.version = exports.Errors = exports.TDF3Client = exports.Client = void 0;
+exports.Client = __importStar(require("./client/index.js"));
+var index_js_1 = require("./client/index.js");
+Object.defineProperty(exports, "TDF3Client", { enumerable: true, get: function () { return index_js_1.Client; } });
+exports.Errors = __importStar(require("../../src/errors.js"));
+var version_js_1 = require("./version.js");
+Object.defineProperty(exports, "version", { enumerable: true, get: function () { return version_js_1.version; } });
+Object.defineProperty(exports, "clientType", { enumerable: true, get: function () { return version_js_1.clientType; } });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi90ZGYzL3NyYy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDREQUE0QztBQUM1Qyw4Q0FBeUQ7QUFBaEQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLDhEQUE4QztBQUM5QywyQ0FBbUQ7QUFBMUMscUdBQUEsT0FBTyxPQUFBO0FBQUUsd0dBQUEsVUFBVSxPQUFBIn0=

package/dist/cjs/tdf3/src/models/attribute-set.js

@@ -0,0 +1,122 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AttributeSet = void 0;
+const jose_1 = require("jose");
+class AttributeSet {
+    constructor() {
+        this.verbose = false;
+        this.attributes = [];
+    }
+    /**
+     * Check if attribute is in the list
+     * @param attribute URL of the attribute
+     * @return if attribute is in the set
+     */
+    has(attribute = '') {
+        // This could be much more elegant with something other than an
+        // array as the data structure. This is OK-ish only because the
+        // expected size of the data structure is small
+        // console.log(">>> ----- Has Attribute" + attribute);
+        return !!this.attributes.find((attrObj) => attrObj.attribute === attribute);
+    }
+    /**
+     * Get an attribute by URL
+     * @param  attribute URL of the attribute
+     * @return attribute in object form, if found
+     */
+    get(attribute = '') {
+        // This could be much more elegant with something other than an
+        // array as the data structure. This is OK-ish only because the
+        // expected size of the data structure is small
+        // console.log(">>> ----- Get Attribute" + attribute);
+        const result = this.attributes.filter((attrObj) => attrObj.attribute == attribute);
+        return result.length > 0 ? result[0] : null;
+    }
+    /**
+     * Get all the attributes.
+     * @return default attribute in object form or null
+     */
+    getDefault() {
+        return this.defaultAttribute || null;
+    }
+    /**
+     * Get the default attribute, if it exists.
+     * @return return all the attribute urls
+     */
+    getUrls() {
+        return this.attributes.map((attr) => attr.attribute);
+    }
+    /**
+     * Add an attribute to the set. Should be idempotent.
+     * @param attrObj AttributeObject to add, in non-JWT form
+     * @return the attribute object if successful, or null
+     */
+    addAttribute(attrObj) {
+        // Check for duplicate entries to assure idempotency.
+        if (this.has(attrObj.attribute)) {
+            // This may be a common occurance, so only un-comment this log message
+            // if you want verbose mode.
+            // console.log(`Attribute ${attrObj.attribute} is already loaded.`);
+            return null; // reject silently
+        }
+        if (attrObj.isDefault === true) {
+            if (this.defaultAttribute && this.defaultAttribute.attribute !== attrObj.attribute) {
+                // Remove the existing default attribute to make room for the new one
+                this.deleteAttribute(this.defaultAttribute.attribute);
+            }
+            this.defaultAttribute = attrObj;
+        }
+        this.attributes.push(attrObj);
+        return attrObj;
+    }
+    /**
+     * Delete an attribute from the set. Should be idempotent.
+     * @param attrUrl - URL of Attribute object to delete.
+     * @return The attribute object if successful or null if not
+     */
+    deleteAttribute(attrUrl = '') {
+        const deleted = this.get(attrUrl);
+        if (deleted) {
+            this.attributes = this.attributes.filter((attrObj) => attrObj.attribute != attrUrl);
+        }
+        return deleted;
+    }
+    /**
+     * Add a list of attributes in object form
+     * @param  attributes List of attribute objects as provided in an EntityObject
+     * @param  easPublicKey EAS public key for decrypting the JWTs
+     * @return list of attribute objects
+     */
+    addAttributes(attributes = []) {
+        return attributes
+            .map((attrObj) => {
+            return this.addAttribute(attrObj); // Returns promise
+        })
+            .filter((x) => x);
+    }
+    /**
+     * Add an attribute in JWT form = { jwt: <string jwt> }
+     * @param  {Object} jwtAttribute - Attribute object in JWT form.
+     * @return {Object} - Decrypted and added attribute object
+     */
+    addJwtAttribute(jwtAttribute) {
+        const attrJwt = jwtAttribute?.jwt;
+        // Can't verify the JWT because the client does not have the easPublicKey,
+        // but the contents of the JWT can be decoded.
+        const attrObjPayload = attrJwt && (0, jose_1.decodeJwt)(attrJwt);
+        if (!attrObjPayload) {
+            return null;
+        }
+        // JWT payloads contain many things, incluing .iat and .exp. This
+        // extraneous material should be stripped away before adding the
+        // attribute to the attributeSet.
+        const { attribute, displayName, pubKey, kasUrl } = attrObjPayload;
+        const attrObj = { attribute, displayName, pubKey, kasUrl, jwt: attrJwt };
+        if (attrObjPayload.isDefault) {
+            attrObj.isDefault = !!attrObjPayload.isDefault;
+        }
+        return this.addAttribute(attrObj);
+    }
+}
+exports.AttributeSet = AttributeSet;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlLXNldC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9hdHRyaWJ1dGUtc2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLCtCQUFpQztBQVlqQyxNQUFhLFlBQVk7SUFPdkI7UUFKQSxZQUFPLEdBQVksS0FBSyxDQUFDO1FBS3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsR0FBRyxDQUFDLFNBQVMsR0FBRyxFQUFFO1FBQ2hCLCtEQUErRDtRQUMvRCwrREFBK0Q7UUFDL0QsK0NBQStDO1FBQy9DLHNEQUFzRDtRQUN0RCxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsS0FBSyxTQUFTLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEdBQUcsQ0FBQyxTQUFTLEdBQUcsRUFBRTtRQUNoQiwrREFBK0Q7UUFDL0QsK0RBQStEO1FBQy9ELCtDQUErQztRQUMvQyxzREFBc0Q7UUFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLElBQUksU0FBUyxDQUFDLENBQUM7UUFDbkYsT0FBTyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDOUMsQ0FBQztJQUVEOzs7T0FHRztJQUNILFVBQVU7UUFDUixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsSUFBSSxJQUFJLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7T0FHRztJQUNILE9BQU87UUFDTCxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsT0FBd0I7UUFDbkMscURBQXFEO1FBQ3JELElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUU7WUFDL0Isc0VBQXNFO1lBQ3RFLDRCQUE0QjtZQUM1QixvRUFBb0U7WUFDcEUsT0FBTyxJQUFJLENBQUMsQ0FBQyxrQkFBa0I7U0FDaEM7UUFFRCxJQUFJLE9BQU8sQ0FBQyxTQUFTLEtBQUssSUFBSSxFQUFFO1lBQzlCLElBQUksSUFBSSxDQUFDLGdCQUFnQixJQUFJLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLEtBQUssT0FBTyxDQUFDLFNBQVMsRUFBRTtnQkFDbEYscUVBQXFFO2dCQUNyRSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsQ0FBQzthQUN2RDtZQUNELElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxPQUFPLENBQUM7U0FDakM7UUFDRCxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILGVBQWUsQ0FBQyxPQUFPLEdBQUcsRUFBRTtRQUMxQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xDLElBQUksT0FBTyxFQUFFO1lBQ1gsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsSUFBSSxPQUFPLENBQUMsQ0FBQztTQUNyRjtRQUNELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILGFBQWEsQ0FBQyxhQUFnQyxFQUFFO1FBQzlDLE9BQU8sVUFBVTthQUNkLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO1lBQ2YsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsa0JBQWtCO1FBQ3ZELENBQUMsQ0FBQzthQUNELE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxlQUFlLENBQUMsWUFBNkI7UUFDM0MsTUFBTSxPQUFPLEdBQUcsWUFBWSxFQUFFLEdBQUcsQ0FBQztRQUNsQywwRUFBMEU7UUFDMUUsOENBQThDO1FBQzlDLE1BQU0sY0FBYyxHQUFHLE9BQU8sSUFBSSxJQUFBLGdCQUFTLEVBQUMsT0FBTyxDQUFDLENBQUM7UUFDckQsSUFBSSxDQUFDLGNBQWMsRUFBRTtZQUNuQixPQUFPLElBQUksQ0FBQztTQUNiO1FBQ0QsaUVBQWlFO1FBQ2pFLGdFQUFnRTtRQUNoRSxpQ0FBaUM7UUFDakMsTUFBTSxFQUFFLFNBQVMsRUFBRSxXQUFXLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLGNBQWlDLENBQUM7UUFDckYsTUFBTSxPQUFPLEdBQW9CLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUUsQ0FBQztRQUMxRixJQUFJLGNBQWMsQ0FBQyxTQUFTLEVBQUU7WUFDNUIsT0FBTyxDQUFDLFNBQVMsR0FBRyxDQUFDLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQztTQUNoRDtRQUNELE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwQyxDQUFDO0NBQ0Y7QUFqSUQsb0NBaUlDIn0=