@opentdf/sdk 0.1.0-beta.1701

package/dist/web/src/nanotdf-crypto/ecdsaSignature.js

@@ -0,0 +1,77 @@
+import { ConfigurationError } from '../errors.js';
+import { AlgorithmName } from './../nanotdf-crypto/enums.js';
+/**
+ * Computes an ECDSA signature for the given data using the provided private key.
+ *
+ * This function uses the Web Crypto API to generate a digital signature
+ * for the input data using the ECDSA algorithm with SHA-256 as the hash function.
+ *
+ * @param {CryptoKey} privateKey - The ECDSA private key used for signing.
+ * @param {Uint8Array} data - The data to be signed.
+ * @returns {Promise<ArrayBuffer>} - A promise that resolves to the generated signature.
+ */
+export async function computeECDSASig(privateKey, data) {
+    const signature = await crypto.subtle.sign({
+        name: AlgorithmName.ECDSA,
+        hash: { name: 'SHA-256' },
+    }, privateKey, data);
+    return signature;
+}
+/**
+ * Verifies an ECDSA signature using the provided public key and data.
+ *
+ * This function uses the Web Crypto API to verify the digital signature
+ * for the input data using the ECDSA algorithm with SHA-256 as the hash function.
+ *
+ * @param {CryptoKey} publicKey - The ECDSA public key used for verification.
+ * @param {Uint8Array} signature - The signature to be verified.
+ * @param {Uint8Array} data - The data that was signed.
+ * @returns {Promise<boolean>} - A promise that resolves to a boolean indicating whether the signature is valid.
+ */
+export async function verifyECDSASignature(publicKey, signature, data) {
+    const isValid = await crypto.subtle.verify({
+        name: AlgorithmName.ECDSA,
+        hash: { name: 'SHA-256' },
+    }, publicKey, signature, data);
+    return isValid;
+}
+/**
+ * Extracts the r and s values from a given ECDSA signature.
+ *
+ * @param {Uint8Array} signatureBytes - The raw ECDSA signature bytes.
+ * @returns {{ r: Uint8Array; s: Uint8Array }} An object containing the r and s values as Uint8Arrays.
+ * @throws {Error} If the validation of the signature fails.
+ */
+export function extractRSValuesFromSignature(signatureBytes) {
+    // Split the raw signature into r and s values
+    const halfLength = Math.floor(signatureBytes.length / 2);
+    const rValue = signatureBytes.slice(0, halfLength);
+    const sValue = signatureBytes.slice(halfLength);
+    // Correct validation
+    if (!concatAndCompareUint8Arrays(rValue, sValue, signatureBytes)) {
+        throw new ConfigurationError('invalid ECDSA signature');
+    }
+    return {
+        r: rValue,
+        s: sValue,
+    };
+}
+function concatAndCompareUint8Arrays(arr1, arr2, arr3) {
+    // Create a new Uint8Array with the combined length of arr1 and arr2
+    const concatenated = new Uint8Array(arr1.length + arr2.length);
+    // Copy arr1 and arr2 into the new array
+    concatenated.set(arr1, 0);
+    concatenated.set(arr2, arr1.length);
+    // Check if the lengths are the same
+    if (concatenated.length !== arr3.length) {
+        return false;
+    }
+    // Compare each element
+    for (let i = 0; i < concatenated.length; i++) {
+        if (concatenated[i] !== arr3[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWNkc2FTaWduYXR1cmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZWNkc2FTaWduYXR1cmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ2xELE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSw4QkFBOEIsQ0FBQztBQUU3RDs7Ozs7Ozs7O0dBU0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsVUFBcUIsRUFDckIsSUFBZ0I7SUFFaEIsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FDeEM7UUFDRSxJQUFJLEVBQUUsYUFBYSxDQUFDLEtBQUs7UUFDekIsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtLQUMxQixFQUNELFVBQVUsRUFDVixJQUFJLENBQ0wsQ0FBQztJQUNGLE9BQU8sU0FBUyxDQUFDO0FBQ25CLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxvQkFBb0IsQ0FDeEMsU0FBb0IsRUFDcEIsU0FBcUIsRUFDckIsSUFBZ0I7SUFFaEIsTUFBTSxPQUFPLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FDeEM7UUFDRSxJQUFJLEVBQUUsYUFBYSxDQUFDLEtBQUs7UUFDekIsSUFBSSxFQUFFLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtLQUMxQixFQUNELFNBQVMsRUFDVCxTQUFTLEVBQ1QsSUFBSSxDQUNMLENBQUM7SUFDRixPQUFPLE9BQU8sQ0FBQztBQUNqQixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLDRCQUE0QixDQUFDLGNBQTBCO0lBSXJFLDhDQUE4QztJQUM5QyxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGNBQWMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDekQsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDbkQsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUVoRCxxQkFBcUI7SUFDckIsSUFBSSxDQUFDLDJCQUEyQixDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsY0FBYyxDQUFDLEVBQUU7UUFDaEUsTUFBTSxJQUFJLGtCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7S0FDekQ7SUFFRCxPQUFPO1FBQ0wsQ0FBQyxFQUFFLE1BQU07UUFDVCxDQUFDLEVBQUUsTUFBTTtLQUNWLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUywyQkFBMkIsQ0FDbEMsSUFBZ0IsRUFDaEIsSUFBZ0IsRUFDaEIsSUFBZ0I7SUFFaEIsb0VBQW9FO0lBQ3BFLE1BQU0sWUFBWSxHQUFHLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRS9ELHdDQUF3QztJQUN4QyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQztJQUMxQixZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFcEMsb0NBQW9DO0lBQ3BDLElBQUksWUFBWSxDQUFDLE1BQU0sS0FBSyxJQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3ZDLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFFRCx1QkFBdUI7SUFDdkIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFlBQVksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUU7UUFDNUMsSUFBSSxZQUFZLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFO1lBQy9CLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7S0FDRjtJQUVELE9BQU8sSUFBSSxDQUFDO0FBQ2QsQ0FBQyJ9

package/dist/web/src/nanotdf-crypto/encrypt.js

@@ -0,0 +1,21 @@
+import { Ciphers, CipherTagLengths } from './ciphers.js';
+/**
+ * Encrypt plaintext buffer to ciphertext buffer
+ *
+ * Only supports AES-GCM
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/decrypt
+ *
+ * @param key Encryption key
+ * @param plaintext Bytes to encrypt
+ * @param iv Initialization vector
+ * @param tagLength Size (bits) of authentication tag
+ * @returns Resolves ciphertext buffer
+ */
+export default async function encrypt(key, plaintext, iv, tagLength) {
+    return crypto.subtle.encrypt({
+        name: Ciphers.AesGcm,
+        iv,
+        tagLength: tagLength || CipherTagLengths.AesGcm,
+    }, key, plaintext);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jcnlwdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9uYW5vdGRmLWNyeXB0by9lbmNyeXB0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFekQ7Ozs7Ozs7Ozs7O0dBV0c7QUFDSCxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssVUFBVSxPQUFPLENBQ25DLEdBQWMsRUFDZCxTQUFxQixFQUNyQixFQUFjLEVBQ2QsU0FBa0I7SUFFbEIsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FDMUI7UUFDRSxJQUFJLEVBQUUsT0FBTyxDQUFDLE1BQU07UUFDcEIsRUFBRTtRQUNGLFNBQVMsRUFBRSxTQUFTLElBQUksZ0JBQWdCLENBQUMsTUFBTTtLQUNoRCxFQUNELEdBQUcsRUFDSCxTQUFTLENBQ1YsQ0FBQztBQUNKLENBQUMifQ==

package/dist/web/src/nanotdf-crypto/enums.js

@@ -0,0 +1,49 @@
+export var AlgorithmName;
+(function (AlgorithmName) {
+    AlgorithmName["ECDH"] = "ECDH";
+    AlgorithmName["ECDSA"] = "ECDSA";
+    AlgorithmName["ES256"] = "ES256";
+    AlgorithmName["HKDF"] = "HKDF";
+    AlgorithmName["RSA_OAEP"] = "RSA-OAEP";
+    AlgorithmName["RSA_PSS"] = "RSA-PSS";
+})(AlgorithmName || (AlgorithmName = {}));
+export var NamedCurve;
+(function (NamedCurve) {
+    NamedCurve["P256"] = "P-256";
+    NamedCurve["P384"] = "P-384";
+    NamedCurve["P512"] = "P-512";
+})(NamedCurve || (NamedCurve = {}));
+export var CipherType;
+(function (CipherType) {
+    CipherType["AesGcm"] = "AES-GCM";
+})(CipherType || (CipherType = {}));
+export var HashType;
+(function (HashType) {
+    HashType["Sha1"] = "SHA-1";
+    HashType["Sha256"] = "SHA-256";
+    HashType["Sha384"] = "SHA-384";
+    HashType["Sha512"] = "SHA-512";
+})(HashType || (HashType = {}));
+export var KeyFormat;
+(function (KeyFormat) {
+    KeyFormat["Raw"] = "raw";
+    KeyFormat["Pkcs8"] = "pkcs8";
+    KeyFormat["Spki"] = "spki";
+})(KeyFormat || (KeyFormat = {}));
+export var KeyType;
+(function (KeyType) {
+    KeyType["Private"] = "private";
+    KeyType["Public"] = "public";
+})(KeyType || (KeyType = {}));
+export var KeyUsageType;
+(function (KeyUsageType) {
+    KeyUsageType["Encrypt"] = "encrypt";
+    KeyUsageType["Decrypt"] = "decrypt";
+    KeyUsageType["DeriveBits"] = "deriveBits";
+    KeyUsageType["DeriveKey"] = "deriveKey";
+    KeyUsageType["Verify"] = "verify";
+    KeyUsageType["Sign"] = "sign";
+    KeyUsageType["UnwrapKey"] = "unwrapKey";
+    KeyUsageType["WrapKey"] = "wrapKey";
+})(KeyUsageType || (KeyUsageType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW51bXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZW51bXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxDQUFOLElBQVksYUFPWDtBQVBELFdBQVksYUFBYTtJQUN2Qiw4QkFBYSxDQUFBO0lBQ2IsZ0NBQWUsQ0FBQTtJQUNmLGdDQUFlLENBQUE7SUFDZiw4QkFBYSxDQUFBO0lBQ2Isc0NBQXFCLENBQUE7SUFDckIsb0NBQW1CLENBQUE7QUFDckIsQ0FBQyxFQVBXLGFBQWEsS0FBYixhQUFhLFFBT3hCO0FBRUQsTUFBTSxDQUFOLElBQVksVUFJWDtBQUpELFdBQVksVUFBVTtJQUNwQiw0QkFBYyxDQUFBO0lBQ2QsNEJBQWMsQ0FBQTtJQUNkLDRCQUFjLENBQUE7QUFDaEIsQ0FBQyxFQUpXLFVBQVUsS0FBVixVQUFVLFFBSXJCO0FBRUQsTUFBTSxDQUFOLElBQVksVUFFWDtBQUZELFdBQVksVUFBVTtJQUNwQixnQ0FBa0IsQ0FBQTtBQUNwQixDQUFDLEVBRlcsVUFBVSxLQUFWLFVBQVUsUUFFckI7QUFFRCxNQUFNLENBQU4sSUFBWSxRQUtYO0FBTEQsV0FBWSxRQUFRO0lBQ2xCLDBCQUFjLENBQUE7SUFDZCw4QkFBa0IsQ0FBQTtJQUNsQiw4QkFBa0IsQ0FBQTtJQUNsQiw4QkFBa0IsQ0FBQTtBQUNwQixDQUFDLEVBTFcsUUFBUSxLQUFSLFFBQVEsUUFLbkI7QUFFRCxNQUFNLENBQU4sSUFBWSxTQUlYO0FBSkQsV0FBWSxTQUFTO0lBQ25CLHdCQUFXLENBQUE7SUFDWCw0QkFBZSxDQUFBO0lBQ2YsMEJBQWEsQ0FBQTtBQUNmLENBQUMsRUFKVyxTQUFTLEtBQVQsU0FBUyxRQUlwQjtBQUVELE1BQU0sQ0FBTixJQUFZLE9BR1g7QUFIRCxXQUFZLE9BQU87SUFDakIsOEJBQW1CLENBQUE7SUFDbkIsNEJBQWlCLENBQUE7QUFDbkIsQ0FBQyxFQUhXLE9BQU8sS0FBUCxPQUFPLFFBR2xCO0FBRUQsTUFBTSxDQUFOLElBQVksWUFTWDtBQVRELFdBQVksWUFBWTtJQUN0QixtQ0FBbUIsQ0FBQTtJQUNuQixtQ0FBbUIsQ0FBQTtJQUNuQix5Q0FBeUIsQ0FBQTtJQUN6Qix1Q0FBdUIsQ0FBQTtJQUN2QixpQ0FBaUIsQ0FBQTtJQUNqQiw2QkFBYSxDQUFBO0lBQ2IsdUNBQXVCLENBQUE7SUFDdkIsbUNBQW1CLENBQUE7QUFDckIsQ0FBQyxFQVRXLFlBQVksS0FBWixZQUFZLFFBU3ZCIn0=

package/dist/web/src/nanotdf-crypto/exportCryptoKey.js

@@ -0,0 +1,17 @@
+/**
+ *
+ * Export to PEM format to binary buffer
+ * - key    {CryptoKey}     default: "undefined" CryptoKey generated by WebCrypto API
+ */
+export default async function exportCryptoKey(key) {
+    const exportedKey = await crypto.subtle.exportKey('raw', key);
+    const keyBuffer = new Uint8Array(exportedKey);
+    const len = keyBuffer.byteLength;
+    const xPoint = keyBuffer.slice(0, (1 + len) >>> 1); // drop `y`
+    xPoint[0] = 0x2 | (keyBuffer[len - 1] & 0x01); // encode sign of `y` in first bit
+    // Copy to Arraybuffer
+    const compressedPubKeyBuf = new ArrayBuffer(xPoint.byteLength);
+    new Uint8Array(compressedPubKeyBuf).set(new Uint8Array(xPoint));
+    return compressedPubKeyBuf;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXhwb3J0Q3J5cHRvS2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2V4cG9ydENyeXB0b0tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7OztHQUlHO0FBQ0gsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUFDLEdBQWM7SUFDMUQsTUFBTSxXQUFXLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDOUQsTUFBTSxTQUFTLEdBQUcsSUFBSSxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUMsTUFBTSxHQUFHLEdBQUcsU0FBUyxDQUFDLFVBQVUsQ0FBQztJQUNqQyxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFdBQVc7SUFDL0QsTUFBTSxDQUFDLENBQUMsQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDLFNBQVMsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDLENBQUMsQ0FBQyxrQ0FBa0M7SUFFakYsc0JBQXNCO0lBQ3RCLE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxXQUFXLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQy9ELElBQUksVUFBVSxDQUFDLG1CQUFtQixDQUFDLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7SUFDaEUsT0FBTyxtQkFBbUIsQ0FBQztBQUM3QixDQUFDIn0=

package/dist/web/src/nanotdf-crypto/generateKeyPair.js

@@ -0,0 +1,10 @@
+import { AlgorithmName, NamedCurve, KeyUsageType } from './enums.js';
+export default async function generateKeyPair({ type: name, curve: namedCurve, keyUsages, isExtractable } = {
+    type: AlgorithmName.ECDH,
+    curve: NamedCurve.P256,
+    keyUsages: [KeyUsageType.DeriveBits, KeyUsageType.DeriveKey],
+    isExtractable: true,
+}) {
+    return crypto.subtle.generateKey({ name, namedCurve }, isExtractable, keyUsages);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGVLZXlQYWlyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2dlbmVyYXRlS2V5UGFpci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsYUFBYSxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFTckUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUMzQyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsYUFBYSxLQUE2QjtJQUNwRixJQUFJLEVBQUUsYUFBYSxDQUFDLElBQUk7SUFDeEIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxJQUFJO0lBQ3RCLFNBQVMsRUFBRSxDQUFDLFlBQVksQ0FBQyxVQUFVLEVBQUUsWUFBWSxDQUFDLFNBQVMsQ0FBQztJQUM1RCxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEVBQUUsYUFBYSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ25GLENBQUMifQ==

package/dist/web/src/nanotdf-crypto/generateRandomNumber.js

@@ -0,0 +1,9 @@
+/**
+ * Generate a random number of given length
+ */
+export default function generateRandomNumber(length) {
+    const byteArray = new Uint8Array(length);
+    crypto.getRandomValues(byteArray);
+    return byteArray;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGVSYW5kb21OdW1iZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vZ2VuZXJhdGVSYW5kb21OdW1iZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFDSCxNQUFNLENBQUMsT0FBTyxVQUFVLG9CQUFvQixDQUFDLE1BQWM7SUFDekQsTUFBTSxTQUFTLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDekMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUNsQyxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDIn0=

package/dist/web/src/nanotdf-crypto/importRawKey.js

@@ -0,0 +1,15 @@
+import { CipherType, KeyFormat } from './enums.js';
+/**
+ * Import raw key
+ *
+ * A specific implementation of the importKey method to import raw keys. Specifies some defaults
+ * to ensure security.
+ *
+ * @param key Key which needs to be imported
+ * @param keyUsages How the key will be used
+ * @param isExtractable Whether key is extractable
+ */
+export default async function importRawKey(key, keyUsages, isExtractable = false) {
+    return crypto.subtle.importKey(KeyFormat.Raw, key, CipherType.AesGcm, isExtractable, keyUsages);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW1wb3J0UmF3S2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2ltcG9ydFJhd0tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBZ0IsTUFBTSxZQUFZLENBQUM7QUFFakU7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLFVBQVUsWUFBWSxDQUN4QyxHQUFnQixFQUNoQixTQUE4QixFQUM5QixhQUFhLEdBQUcsS0FBSztJQUVyQixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLFVBQVUsQ0FBQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQ2xHLENBQUMifQ==

package/dist/web/src/nanotdf-crypto/index.js

@@ -0,0 +1,12 @@
+export { Ciphers } from './ciphers.js';
+export { default as decrypt } from './decrypt.js';
+export { default as digest } from './digest.js';
+export { default as encrypt } from './encrypt.js';
+export { default as generateKeyPair } from './generateKeyPair.js';
+export { default as importRawKey } from './importRawKey.js';
+export { keyAgreement } from './keyAgreement.js';
+export { default as exportCryptoKey } from './exportCryptoKey.js';
+export { default as generateRandomNumber } from './generateRandomNumber.js';
+export { pemPublicToCrypto, pemCertToCrypto } from './pemPublicToCrypto.js';
+export * as enums from './enums.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE9BQU8sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUN2QyxPQUFPLEVBQUUsT0FBTyxJQUFJLE9BQU8sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUNsRCxPQUFPLEVBQUUsT0FBTyxJQUFJLE1BQU0sRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNoRCxPQUFPLEVBQUUsT0FBTyxJQUFJLE9BQU8sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUNsRCxPQUFPLEVBQUUsT0FBTyxJQUFJLGVBQWUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxPQUFPLElBQUksWUFBWSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDNUQsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2pELE9BQU8sRUFBRSxPQUFPLElBQUksZUFBZSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbEUsT0FBTyxFQUFFLE9BQU8sSUFBSSxvQkFBb0IsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQzVFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxlQUFlLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUM1RSxPQUFPLEtBQUssS0FBSyxNQUFNLFlBQVksQ0FBQyJ9

package/dist/web/src/nanotdf-crypto/keyAgreement.js

@@ -0,0 +1,87 @@
+/**
+ *
+ * Copyright (c) 2016 SafeBash
+ * Cryptography consultant: Andrew Kozlik, Ph.D.
+ *
+ * @link https://github.com/safebash/opencrypto
+ *
+ */
+/**
+ * MIT License
+ *
+ * Copyright (c) 2016 SafeBash
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+ * NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+import { ConfigurationError } from '../errors.js';
+import { AlgorithmName, CipherType, HashType, KeyFormat, KeyType, KeyUsageType } from './enums.js';
+const KEY_USAGE_DERIVE_KEY = 'deriveKey';
+/**
+ *
+ * ECDH Key Agreement
+ * - publicKey          {CryptoKey}     default: "undefined"
+ * - privateKey         {CryptoKey}     default: "undefined"
+ * - options            {Object}        default: { bitLength: 256, hkdfHash: 'SHA-512', hkdfSalt: "new UInt8Array()", hkdfInfo: "new UInt8Array()", keyCipher: 'AES-GCM', keyLength: 256, keyUsages: ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'], isExtractable: true }
+ */
+export async function keyAgreement(privateKey, publicKey, options = {
+    bitLength: 256,
+    hkdfHash: HashType.Sha256,
+    hkdfInfo: new Uint8Array(),
+    hkdfSalt: new Uint8Array(),
+    keyCipher: CipherType.AesGcm,
+    keyLength: 256,
+    keyUsages: [
+        KeyUsageType.Encrypt,
+        KeyUsageType.Decrypt,
+        KeyUsageType.UnwrapKey,
+        KeyUsageType.WrapKey,
+    ],
+    isExtractable: true,
+}) {
+    if (publicKey?.algorithm?.name !== AlgorithmName.ECDSA &&
+        publicKey?.algorithm?.name !== AlgorithmName.ECDH) {
+        throw new ConfigurationError('CryptoKey is expected to be of type ECDSA or ECDH');
+    }
+    if (privateKey.type !== KeyType.Private) {
+        throw new ConfigurationError('Expected input of privateKey to be a CryptoKey of type private');
+    }
+    if (publicKey.type !== KeyType.Public) {
+        throw new ConfigurationError('Expected input of publicKey to be a CryptoKey of type public');
+    }
+    const { bitLength = 256, hkdfHash = HashType.Sha256, hkdfInfo = new Uint8Array(), hkdfSalt = new Uint8Array(), keyCipher = CipherType.AesGcm, keyLength = 256, isExtractable = true, keyUsages = [
+        KeyUsageType.Encrypt,
+        KeyUsageType.Decrypt,
+        KeyUsageType.UnwrapKey,
+        KeyUsageType.WrapKey,
+    ], } = options;
+    const derivedBits = await crypto.subtle.deriveBits({
+        name: AlgorithmName.ECDH,
+        public: publicKey,
+    }, privateKey, bitLength);
+    const derivedKey = await crypto.subtle.importKey(KeyFormat.Raw, derivedBits, {
+        name: AlgorithmName.HKDF,
+    }, false, [KEY_USAGE_DERIVE_KEY]);
+    const symmetricKey = await crypto.subtle.deriveKey({
+        name: AlgorithmName.HKDF,
+        hash: hkdfHash,
+        salt: hkdfSalt,
+        info: hkdfInfo,
+    }, derivedKey, {
+        name: keyCipher,
+        length: keyLength,
+    }, isExtractable, keyUsages);
+    return symmetricKey;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5QWdyZWVtZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYtY3J5cHRvL2tleUFncmVlbWVudC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7OztHQU9HO0FBRUg7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUVILE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUNsRCxPQUFPLEVBQUUsYUFBYSxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFFbkcsTUFBTSxvQkFBb0IsR0FBRyxXQUFXLENBQUM7QUFhekM7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxZQUFZLENBQ2hDLFVBQXFCLEVBQ3JCLFNBQW9CLEVBQ3BCLFVBQXdDO0lBQ3RDLFNBQVMsRUFBRSxHQUFHO0lBQ2QsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNO0lBQ3pCLFFBQVEsRUFBRSxJQUFJLFVBQVUsRUFBRTtJQUMxQixRQUFRLEVBQUUsSUFBSSxVQUFVLEVBQUU7SUFDMUIsU0FBUyxFQUFFLFVBQVUsQ0FBQyxNQUFNO0lBQzVCLFNBQVMsRUFBRSxHQUFHO0lBQ2QsU0FBUyxFQUFFO1FBQ1QsWUFBWSxDQUFDLE9BQU87UUFDcEIsWUFBWSxDQUFDLE9BQU87UUFDcEIsWUFBWSxDQUFDLFNBQVM7UUFDdEIsWUFBWSxDQUFDLE9BQU87S0FDckI7SUFDRCxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELElBQ0UsU0FBUyxFQUFFLFNBQVMsRUFBRSxJQUFJLEtBQUssYUFBYSxDQUFDLEtBQUs7UUFDbEQsU0FBUyxFQUFFLFNBQVMsRUFBRSxJQUFJLEtBQUssYUFBYSxDQUFDLElBQUksRUFDakQ7UUFDQSxNQUFNLElBQUksa0JBQWtCLENBQUMsbURBQW1ELENBQUMsQ0FBQztLQUNuRjtJQUVELElBQUksVUFBVSxDQUFDLElBQUksS0FBSyxPQUFPLENBQUMsT0FBTyxFQUFFO1FBQ3ZDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxnRUFBZ0UsQ0FBQyxDQUFDO0tBQ2hHO0lBRUQsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLE9BQU8sQ0FBQyxNQUFNLEVBQUU7UUFDckMsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDhEQUE4RCxDQUFDLENBQUM7S0FDOUY7SUFFRCxNQUFNLEVBQ0osU0FBUyxHQUFHLEdBQUcsRUFDZixRQUFRLEdBQUcsUUFBUSxDQUFDLE1BQU0sRUFDMUIsUUFBUSxHQUFHLElBQUksVUFBVSxFQUFFLEVBQzNCLFFBQVEsR0FBRyxJQUFJLFVBQVUsRUFBRSxFQUMzQixTQUFTLEdBQUcsVUFBVSxDQUFDLE1BQU0sRUFDN0IsU0FBUyxHQUFHLEdBQUcsRUFDZixhQUFhLEdBQUcsSUFBSSxFQUNwQixTQUFTLEdBQUc7UUFDVixZQUFZLENBQUMsT0FBTztRQUNwQixZQUFZLENBQUMsT0FBTztRQUNwQixZQUFZLENBQUMsU0FBUztRQUN0QixZQUFZLENBQUMsT0FBTztLQUNyQixHQUNGLEdBQUcsT0FBTyxDQUFDO0lBRVosTUFBTSxXQUFXLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FDaEQ7UUFDRSxJQUFJLEVBQUUsYUFBYSxDQUFDLElBQUk7UUFDeEIsTUFBTSxFQUFFLFNBQVM7S0FDbEIsRUFDRCxVQUFVLEVBQ1YsU0FBUyxDQUNWLENBQUM7SUFFRixNQUFNLFVBQVUsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUM5QyxTQUFTLENBQUMsR0FBRyxFQUNiLFdBQVcsRUFDWDtRQUNFLElBQUksRUFBRSxhQUFhLENBQUMsSUFBSTtLQUN6QixFQUNELEtBQUssRUFDTCxDQUFDLG9CQUFvQixDQUFDLENBQ3ZCLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUNoRDtRQUNFLElBQUksRUFBRSxhQUFhLENBQUMsSUFBSTtRQUN4QixJQUFJLEVBQUUsUUFBUTtRQUNkLElBQUksRUFBRSxRQUFRO1FBQ2QsSUFBSSxFQUFFLFFBQVE7S0FDZixFQUNELFVBQVUsRUFDVjtRQUNFLElBQUksRUFBRSxTQUFTO1FBQ2YsTUFBTSxFQUFFLFNBQVM7S0FDbEIsRUFDRCxhQUFhLEVBQ2IsU0FBUyxDQUNWLENBQUM7SUFFRixPQUFPLFlBQVksQ0FBQztBQUN0QixDQUFDIn0=

package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js

@@ -0,0 +1,197 @@
+/**
+ *
+ * Copyright (c) 2016 SafeBash
+ * Cryptography consultant: Andrew Kozlik, Ph.D.
+ *
+ * @link https://github.com/safebash/opencrypto
+ *
+ */
+/**
+ * MIT License
+ *
+ * Copyright (c) 2016 SafeBash
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+ * NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+import * as base64 from '../encodings/base64.js';
+import { importX509 } from 'jose';
+import { encodeArrayBuffer as hexEncodeArrayBuffer } from '../encodings/hex.js';
+import { ConfigurationError, TdfError } from '../errors.js';
+const RSA_OID = '06092a864886f70d010101';
+const EC_OID = '06072a8648ce3d0201';
+const P256_OID = '06082a8648ce3d030107';
+const P384_OID = '06052b81040022';
+const P521_OID = '06052b81040023';
+const SHA_512 = 'SHA-512';
+const SPKI = 'spki';
+const CERT_BEGIN = '-----BEGIN CERTIFICATE-----';
+const CERT_END = '-----END CERTIFICATE-----';
+const P_256 = 'P-256';
+const P_384 = 'P-384';
+const P_512 = 'P-512';
+const ECDH = 'ECDH';
+const ECDSA = 'ECDSA';
+const RSA_OAEP = 'RSA-OAEP';
+const RSA_PSS = 'RSA-PSS';
+function guessKeyUsages(algorithmName, usages) {
+    if (usages)
+        return usages;
+    switch (algorithmName) {
+        case ECDSA:
+            return ['verify'];
+        case RSA_OAEP:
+            return ['encrypt', 'wrapKey'];
+        case RSA_PSS:
+            return ['verify'];
+        case ECDH:
+        default:
+            return [];
+    }
+}
+function guessAlgorithmName(hex, algorithmName) {
+    if (hex.includes(EC_OID)) {
+        if (!algorithmName || algorithmName === ECDH) {
+            return ECDH;
+        }
+        else if (algorithmName === ECDSA) {
+            return ECDSA;
+        }
+    }
+    else if (hex.includes(RSA_OID)) {
+        if (!algorithmName || algorithmName === RSA_OAEP) {
+            return RSA_OAEP;
+        }
+        else if (algorithmName === RSA_PSS) {
+            return RSA_PSS;
+        }
+    }
+    throw new TypeError(`Invalid public key, ${algorithmName}`);
+}
+function guessCurveName(hex) {
+    if (hex.includes(P256_OID)) {
+        return P_256;
+    }
+    else if (hex.includes(P384_OID)) {
+        return P_384;
+    }
+    else if (hex.includes(P521_OID)) {
+        return P_512;
+    }
+    throw new TdfError('Unsupported curve name or invalid key');
+}
+/**
+ *
+ * Converts asymmetric public key from PEM to CryptoKey
+ * - publicKey       {String}      default: "undefined" PEM public key
+ * - options         {Object}      default: (depends on algorithm)
+ * -- ECDH: { name: 'ECDH', usages: [], isExtractable: true }
+ * -- ECDSA: { name: 'ECDSA', usages: ['verify'], isExtractable: true }
+ * -- RSA-OAEP: { name: 'RSA-OAEP', hash: { name: 'SHA-512' }, usages: ['encrypt', 'wrapKey'], isExtractable: true }
+ * -- RSA-PSS: { name: 'RSA-PSS', hash: { name: 'SHA-512' }, usages: ['verify'], isExtractable: true }
+ */
+export async function pemPublicToCrypto(pem, options = {
+    isExtractable: true,
+}) {
+    pem = pem.replace('-----BEGIN PUBLIC KEY-----', '');
+    pem = pem.replace('-----END PUBLIC KEY-----', '');
+    const b64 = pem.replace(/\s/g, '');
+    const arrayBuffer = base64.decodeArrayBuffer(b64);
+    const hex = hexEncodeArrayBuffer(arrayBuffer);
+    const algorithmName = guessAlgorithmName(hex, options.name);
+    const keyUsages = guessKeyUsages(algorithmName, options.usages);
+    if (algorithmName === ECDH || algorithmName === ECDSA) {
+        const namedCurve = guessCurveName(hex);
+        return crypto.subtle.importKey(SPKI, arrayBuffer, {
+            name: algorithmName,
+            namedCurve,
+        }, options.isExtractable, keyUsages);
+    }
+    else if (algorithmName === RSA_OAEP || algorithmName === RSA_PSS) {
+        return crypto.subtle.importKey(SPKI, arrayBuffer, {
+            name: algorithmName,
+            hash: {
+                name: options.hash || SHA_512,
+            },
+        }, options.isExtractable, keyUsages);
+    }
+    else {
+        throw new TypeError('Invalid public key');
+    }
+}
+/**
+ * Look up JWK algorithm at https://github.com/panva/jose/issues/210
+ */
+function toJwsAlg(hex) {
+    const a = guessAlgorithmName(hex);
+    if (a === ECDH) {
+        return 'ECDH-ES';
+    }
+    else if (a === ECDSA) {
+        switch (guessCurveName(hex)) {
+            case 'P-256':
+                return 'ES256';
+            case 'P-384':
+                return 'ES384';
+            case 'P-512':
+                return 'ES512';
+        }
+    }
+    else if (a === RSA_OAEP) {
+        return 'RS512';
+    }
+    else {
+        return 'RSA-OAEP-512';
+    }
+}
+function toSubtleAlg(hex) {
+    const name = guessAlgorithmName(hex);
+    if (name === ECDH || name === ECDSA) {
+        return {
+            name,
+            namedCurve: guessCurveName(hex),
+        };
+    }
+    return {
+        name,
+        hash: { name: SHA_512 },
+    };
+}
+export async function pemCertToCrypto(pem, options = {
+    isExtractable: true,
+}) {
+    let crt = pem.replace(CERT_BEGIN, '');
+    crt = crt.replace(CERT_END, '');
+    const b64 = crt.replace(/\s/g, '');
+    const arrayBuffer = base64.decodeArrayBuffer(b64);
+    const hex = hexEncodeArrayBuffer(arrayBuffer);
+    const jwsAlg = toJwsAlg(hex);
+    const keylike = await importX509(pem, jwsAlg, { extractable: options.isExtractable });
+    const { type } = keylike;
+    if (type !== 'public') {
+        throw new ConfigurationError('unpublic');
+    }
+    // FIXME Jose workaround for node clients.
+    // jose returns a crypto key on node, but we expect a subtle-crypto key
+    // The below should convert it, I hope, by exporting to a JWK and back.
+    if (keylike?.export) {
+        const keyObject = keylike;
+        const subtleAlg = toSubtleAlg(hex);
+        const keyUsages = guessKeyUsages(subtleAlg.name, options.usages);
+        const subtleKey = await crypto.subtle.importKey('jwk', keyObject.export({ format: 'jwk' }), subtleAlg, options.isExtractable, keyUsages);
+        return subtleKey;
+    }
+    return keylike;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVtUHVibGljVG9DcnlwdG8uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vcGVtUHVibGljVG9DcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7R0FPRztBQUVIOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFFSCxPQUFPLEtBQUssTUFBTSxNQUFNLHdCQUF3QixDQUFDO0FBQ2pELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFbEMsT0FBTyxFQUFFLGlCQUFpQixJQUFJLG9CQUFvQixFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDaEYsT0FBTyxFQUFFLGtCQUFrQixFQUFFLFFBQVEsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUU1RCxNQUFNLE9BQU8sR0FBRyx3QkFBd0IsQ0FBQztBQUN6QyxNQUFNLE1BQU0sR0FBRyxvQkFBb0IsQ0FBQztBQUNwQyxNQUFNLFFBQVEsR0FBRyxzQkFBc0IsQ0FBQztBQUN4QyxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQztBQUNsQyxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQztBQUNsQyxNQUFNLE9BQU8sR0FBRyxTQUFTLENBQUM7QUFDMUIsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDO0FBQ3BCLE1BQU0sVUFBVSxHQUFHLDZCQUE2QixDQUFDO0FBQ2pELE1BQU0sUUFBUSxHQUFHLDJCQUEyQixDQUFDO0FBRTdDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDO0FBR3RCLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQztBQUNwQixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUM7QUFDdEIsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDO0FBQzVCLE1BQU0sT0FBTyxHQUFHLFNBQVMsQ0FBQztBQVUxQixTQUFTLGNBQWMsQ0FBQyxhQUE0QixFQUFFLE1BQW1CO0lBQ3ZFLElBQUksTUFBTTtRQUFFLE9BQU8sTUFBTSxDQUFDO0lBQzFCLFFBQVEsYUFBYSxFQUFFO1FBQ3JCLEtBQUssS0FBSztZQUNSLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwQixLQUFLLFFBQVE7WUFDWCxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ2hDLEtBQUssT0FBTztZQUNWLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwQixLQUFLLElBQUksQ0FBQztRQUNWO1lBQ0UsT0FBTyxFQUFFLENBQUM7S0FDYjtBQUNILENBQUM7QUFFRCxTQUFTLGtCQUFrQixDQUFDLEdBQVcsRUFBRSxhQUFzQjtJQUM3RCxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUU7UUFDeEIsSUFBSSxDQUFDLGFBQWEsSUFBSSxhQUFhLEtBQUssSUFBSSxFQUFFO1lBQzVDLE9BQU8sSUFBSSxDQUFDO1NBQ2I7YUFBTSxJQUFJLGFBQWEsS0FBSyxLQUFLLEVBQUU7WUFDbEMsT0FBTyxLQUFLLENBQUM7U0FDZDtLQUNGO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ2hDLElBQUksQ0FBQyxhQUFhLElBQUksYUFBYSxLQUFLLFFBQVEsRUFBRTtZQUNoRCxPQUFPLFFBQVEsQ0FBQztTQUNqQjthQUFNLElBQUksYUFBYSxLQUFLLE9BQU8sRUFBRTtZQUNwQyxPQUFPLE9BQU8sQ0FBQztTQUNoQjtLQUNGO0lBQ0QsTUFBTSxJQUFJLFNBQVMsQ0FBQyx1QkFBdUIsYUFBYSxFQUFFLENBQUMsQ0FBQztBQUM5RCxDQUFDO0FBRUQsU0FBUyxjQUFjLENBQUMsR0FBVztJQUNqQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUU7UUFDMUIsT0FBTyxLQUFLLENBQUM7S0FDZDtTQUFNLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRTtRQUNqQyxPQUFPLEtBQUssQ0FBQztLQUNkO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFO1FBQ2pDLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFDRCxNQUFNLElBQUksUUFBUSxDQUFDLHVDQUF1QyxDQUFDLENBQUM7QUFDOUQsQ0FBQztBQUVEOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsaUJBQWlCLENBQ3JDLEdBQVcsRUFDWCxVQUFvQztJQUNsQyxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLDRCQUE0QixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3BELEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLDBCQUEwQixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ25DLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNsRCxNQUFNLEdBQUcsR0FBRyxvQkFBb0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUU5QyxNQUFNLGFBQWEsR0FBRyxrQkFBa0IsQ0FBQyxHQUFHLEVBQUUsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzVELE1BQU0sU0FBUyxHQUFHLGNBQWMsQ0FBQyxhQUFhLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRWhFLElBQUksYUFBYSxLQUFLLElBQUksSUFBSSxhQUFhLEtBQUssS0FBSyxFQUFFO1FBQ3JELE1BQU0sVUFBVSxHQUFHLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN2QyxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUM1QixJQUFJLEVBQ0osV0FBVyxFQUNYO1lBQ0UsSUFBSSxFQUFFLGFBQWE7WUFDbkIsVUFBVTtTQUNYLEVBQ0QsT0FBTyxDQUFDLGFBQWEsRUFDckIsU0FBUyxDQUNWLENBQUM7S0FDSDtTQUFNLElBQUksYUFBYSxLQUFLLFFBQVEsSUFBSSxhQUFhLEtBQUssT0FBTyxFQUFFO1FBQ2xFLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQzVCLElBQUksRUFDSixXQUFXLEVBQ1g7WUFDRSxJQUFJLEVBQUUsYUFBYTtZQUNuQixJQUFJLEVBQUU7Z0JBQ0osSUFBSSxFQUFFLE9BQU8sQ0FBQyxJQUFJLElBQUksT0FBTzthQUM5QjtTQUNGLEVBQ0QsT0FBTyxDQUFDLGFBQWEsRUFDckIsU0FBUyxDQUNWLENBQUM7S0FDSDtTQUFNO1FBQ0wsTUFBTSxJQUFJLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0tBQzNDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsU0FBUyxRQUFRLENBQUMsR0FBVztJQUMzQixNQUFNLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNsQyxJQUFJLENBQUMsS0FBSyxJQUFJLEVBQUU7UUFDZCxPQUFPLFNBQVMsQ0FBQztLQUNsQjtTQUFNLElBQUksQ0FBQyxLQUFLLEtBQUssRUFBRTtRQUN0QixRQUFRLGNBQWMsQ0FBQyxHQUFHLENBQUMsRUFBRTtZQUMzQixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxPQUFPLENBQUM7WUFDakIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sT0FBTyxDQUFDO1lBQ2pCLEtBQUssT0FBTztnQkFDVixPQUFPLE9BQU8sQ0FBQztTQUNsQjtLQUNGO1NBQU0sSUFBSSxDQUFDLEtBQUssUUFBUSxFQUFFO1FBQ3pCLE9BQU8sT0FBTyxDQUFDO0tBQ2hCO1NBQU07UUFDTCxPQUFPLGNBQWMsQ0FBQztLQUN2QjtBQUNILENBQUM7QUFDRCxTQUFTLFdBQVcsQ0FBQyxHQUFXO0lBQzlCLE1BQU0sSUFBSSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3JDLElBQUksSUFBSSxLQUFLLElBQUksSUFBSSxJQUFJLEtBQUssS0FBSyxFQUFFO1FBQ25DLE9BQU87WUFDTCxJQUFJO1lBQ0osVUFBVSxFQUFFLGNBQWMsQ0FBQyxHQUFHLENBQUM7U0FDaEMsQ0FBQztLQUNIO0lBQ0QsT0FBTztRQUNMLElBQUk7UUFDSixJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFO0tBQ3hCLENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxVQUFvQztJQUNsQyxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELElBQUksR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3RDLEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNoQyxNQUFNLEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNuQyxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDbEQsTUFBTSxHQUFHLEdBQUcsb0JBQW9CLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUMsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzdCLE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsRUFBRSxXQUFXLEVBQUUsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7SUFDdEYsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUN6QixJQUFJLElBQUksS0FBSyxRQUFRLEVBQUU7UUFDckIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxDQUFDO0tBQzFDO0lBQ0QsMENBQTBDO0lBQzFDLHVFQUF1RTtJQUN2RSx1RUFBdUU7SUFDdkUsSUFBSyxPQUFxQixFQUFFLE1BQU0sRUFBRTtRQUNsQyxNQUFNLFNBQVMsR0FBRyxPQUFvQixDQUFDO1FBQ3ZDLE1BQU0sU0FBUyxHQUFHLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNuQyxNQUFNLFNBQVMsR0FBRyxjQUFjLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakUsTUFBTSxTQUFTLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDN0MsS0FBSyxFQUNMLFNBQVMsQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFDbkMsU0FBUyxFQUNULE9BQU8sQ0FBQyxhQUFhLEVBQ3JCLFNBQVMsQ0FDVixDQUFDO1FBQ0YsT0FBTyxTQUFTLENBQUM7S0FDbEI7SUFDRCxPQUFPLE9BQW9CLENBQUM7QUFDOUIsQ0FBQyJ9

package/dist/web/src/policy/api.js

@@ -0,0 +1,54 @@
+import { NetworkError, ServiceError } from '../errors.js';
+import { rstrip } from '../utils.js';
+export async function attributeFQNsAsValues(kasUrl, authProvider, ...fqns) {
+    const avs = new URLSearchParams();
+    for (const fqn of fqns) {
+        avs.append('fqns', fqn);
+    }
+    avs.append('withValue.withKeyAccessGrants', 'true');
+    avs.append('withValue.withAttribute.withKeyAccessGrants', 'true');
+    const uNoSlash = rstrip(kasUrl, '/');
+    const uNoKas = uNoSlash.endsWith('/kas') ? uNoSlash.slice(0, -4) : uNoSlash;
+    const url = `${uNoKas}/attributes/*/fqn?${avs}`;
+    const req = await authProvider.withCreds({
+        url,
+        headers: {},
+        method: 'GET',
+    });
+    let response;
+    try {
+        response = await fetch(req.url, {
+            mode: 'cors',
+            credentials: 'same-origin',
+            headers: req.headers,
+            redirect: 'follow',
+            referrerPolicy: 'no-referrer',
+        });
+    }
+    catch (e) {
+        throw new NetworkError(`network error [${req.method} ${req.url}]`, e);
+    }
+    if (!response.ok) {
+        throw new ServiceError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
+    }
+    let resp;
+    try {
+        resp = (await response.json());
+    }
+    catch (e) {
+        throw new ServiceError(`response parse error [${req.method} ${req.url}]`, e);
+    }
+    const values = [];
+    for (const [fqn, av] of Object.entries(resp.fqnAttributeValues)) {
+        if (!av.value) {
+            console.log(`Missing value definition for [${fqn}]; is this a valid attribute?`);
+            continue;
+        }
+        if (av.attribute && !av.value.attribute) {
+            av.value.attribute = av.attribute;
+        }
+        values.push(av.value);
+    }
+    return values;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3BvbGljeS9hcGkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFlBQVksRUFBRSxZQUFZLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFMUQsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUdyQyxNQUFNLENBQUMsS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxNQUFjLEVBQ2QsWUFBMEIsRUFDMUIsR0FBRyxJQUFjO0lBRWpCLE1BQU0sR0FBRyxHQUFHLElBQUksZUFBZSxFQUFFLENBQUM7SUFDbEMsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUU7UUFDdEIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUM7S0FDekI7SUFDRCxHQUFHLENBQUMsTUFBTSxDQUFDLCtCQUErQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3BELEdBQUcsQ0FBQyxNQUFNLENBQUMsNkNBQTZDLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDbEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQztJQUNyQyxNQUFNLE1BQU0sR0FBRyxRQUFRLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUM7SUFDNUUsTUFBTSxHQUFHLEdBQUcsR0FBRyxNQUFNLHFCQUFxQixHQUFHLEVBQUUsQ0FBQztJQUNoRCxNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7UUFDdkMsR0FBRztRQUNILE9BQU8sRUFBRSxFQUFFO1FBQ1gsTUFBTSxFQUFFLEtBQUs7S0FDZCxDQUFDLENBQUM7SUFDSCxJQUFJLFFBQWtCLENBQUM7SUFDdkIsSUFBSTtRQUNGLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFO1lBQzlCLElBQUksRUFBRSxNQUFNO1lBQ1osV0FBVyxFQUFFLGFBQWE7WUFDMUIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLGNBQWMsRUFBRSxhQUFhO1NBQzlCLENBQUMsQ0FBQztLQUNKO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixNQUFNLElBQUksWUFBWSxDQUFDLGtCQUFrQixHQUFHLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztLQUN2RTtJQUVELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFO1FBQ2hCLE1BQU0sSUFBSSxZQUFZLENBQUMsR0FBRyxHQUFHLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLE9BQU8sUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQztLQUNqRztJQUVELElBQUksSUFBc0MsQ0FBQztJQUMzQyxJQUFJO1FBQ0YsSUFBSSxHQUFHLENBQUMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQXFDLENBQUM7S0FDcEU7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE1BQU0sSUFBSSxZQUFZLENBQUMseUJBQXlCLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0tBQzlFO0lBRUQsTUFBTSxNQUFNLEdBQVksRUFBRSxDQUFDO0lBQzNCLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFO1FBQy9ELElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxFQUFFO1lBQ2IsT0FBTyxDQUFDLEdBQUcsQ0FBQyxpQ0FBaUMsR0FBRywrQkFBK0IsQ0FBQyxDQUFDO1lBQ2pGLFNBQVM7U0FDVjtRQUNELElBQUksRUFBRSxDQUFDLFNBQVMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFO1lBQ3ZDLEVBQUUsQ0FBQyxLQUFLLENBQUMsU0FBUyxHQUFHLEVBQUUsQ0FBQyxTQUFTLENBQUM7U0FDbkM7UUFDRCxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztLQUN2QjtJQUNELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUMifQ==

package/dist/web/src/policy/attributes.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9wb2xpY3kvYXR0cmlidXRlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=