@opentdf/sdk 0.1.0-beta.1701

package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js

@@ -0,0 +1,225 @@
+"use strict";
+/**
+ *
+ * Copyright (c) 2016 SafeBash
+ * Cryptography consultant: Andrew Kozlik, Ph.D.
+ *
+ * @link https://github.com/safebash/opencrypto
+ *
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pemCertToCrypto = exports.pemPublicToCrypto = void 0;
+/**
+ * MIT License
+ *
+ * Copyright (c) 2016 SafeBash
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+ * to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+ * NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+const base64 = __importStar(require("../encodings/base64.js"));
+const jose_1 = require("jose");
+const hex_js_1 = require("../encodings/hex.js");
+const errors_js_1 = require("../errors.js");
+const RSA_OID = '06092a864886f70d010101';
+const EC_OID = '06072a8648ce3d0201';
+const P256_OID = '06082a8648ce3d030107';
+const P384_OID = '06052b81040022';
+const P521_OID = '06052b81040023';
+const SHA_512 = 'SHA-512';
+const SPKI = 'spki';
+const CERT_BEGIN = '-----BEGIN CERTIFICATE-----';
+const CERT_END = '-----END CERTIFICATE-----';
+const P_256 = 'P-256';
+const P_384 = 'P-384';
+const P_512 = 'P-512';
+const ECDH = 'ECDH';
+const ECDSA = 'ECDSA';
+const RSA_OAEP = 'RSA-OAEP';
+const RSA_PSS = 'RSA-PSS';
+function guessKeyUsages(algorithmName, usages) {
+    if (usages)
+        return usages;
+    switch (algorithmName) {
+        case ECDSA:
+            return ['verify'];
+        case RSA_OAEP:
+            return ['encrypt', 'wrapKey'];
+        case RSA_PSS:
+            return ['verify'];
+        case ECDH:
+        default:
+            return [];
+    }
+}
+function guessAlgorithmName(hex, algorithmName) {
+    if (hex.includes(EC_OID)) {
+        if (!algorithmName || algorithmName === ECDH) {
+            return ECDH;
+        }
+        else if (algorithmName === ECDSA) {
+            return ECDSA;
+        }
+    }
+    else if (hex.includes(RSA_OID)) {
+        if (!algorithmName || algorithmName === RSA_OAEP) {
+            return RSA_OAEP;
+        }
+        else if (algorithmName === RSA_PSS) {
+            return RSA_PSS;
+        }
+    }
+    throw new TypeError(`Invalid public key, ${algorithmName}`);
+}
+function guessCurveName(hex) {
+    if (hex.includes(P256_OID)) {
+        return P_256;
+    }
+    else if (hex.includes(P384_OID)) {
+        return P_384;
+    }
+    else if (hex.includes(P521_OID)) {
+        return P_512;
+    }
+    throw new errors_js_1.TdfError('Unsupported curve name or invalid key');
+}
+/**
+ *
+ * Converts asymmetric public key from PEM to CryptoKey
+ * - publicKey       {String}      default: "undefined" PEM public key
+ * - options         {Object}      default: (depends on algorithm)
+ * -- ECDH: { name: 'ECDH', usages: [], isExtractable: true }
+ * -- ECDSA: { name: 'ECDSA', usages: ['verify'], isExtractable: true }
+ * -- RSA-OAEP: { name: 'RSA-OAEP', hash: { name: 'SHA-512' }, usages: ['encrypt', 'wrapKey'], isExtractable: true }
+ * -- RSA-PSS: { name: 'RSA-PSS', hash: { name: 'SHA-512' }, usages: ['verify'], isExtractable: true }
+ */
+async function pemPublicToCrypto(pem, options = {
+    isExtractable: true,
+}) {
+    pem = pem.replace('-----BEGIN PUBLIC KEY-----', '');
+    pem = pem.replace('-----END PUBLIC KEY-----', '');
+    const b64 = pem.replace(/\s/g, '');
+    const arrayBuffer = base64.decodeArrayBuffer(b64);
+    const hex = (0, hex_js_1.encodeArrayBuffer)(arrayBuffer);
+    const algorithmName = guessAlgorithmName(hex, options.name);
+    const keyUsages = guessKeyUsages(algorithmName, options.usages);
+    if (algorithmName === ECDH || algorithmName === ECDSA) {
+        const namedCurve = guessCurveName(hex);
+        return crypto.subtle.importKey(SPKI, arrayBuffer, {
+            name: algorithmName,
+            namedCurve,
+        }, options.isExtractable, keyUsages);
+    }
+    else if (algorithmName === RSA_OAEP || algorithmName === RSA_PSS) {
+        return crypto.subtle.importKey(SPKI, arrayBuffer, {
+            name: algorithmName,
+            hash: {
+                name: options.hash || SHA_512,
+            },
+        }, options.isExtractable, keyUsages);
+    }
+    else {
+        throw new TypeError('Invalid public key');
+    }
+}
+exports.pemPublicToCrypto = pemPublicToCrypto;
+/**
+ * Look up JWK algorithm at https://github.com/panva/jose/issues/210
+ */
+function toJwsAlg(hex) {
+    const a = guessAlgorithmName(hex);
+    if (a === ECDH) {
+        return 'ECDH-ES';
+    }
+    else if (a === ECDSA) {
+        switch (guessCurveName(hex)) {
+            case 'P-256':
+                return 'ES256';
+            case 'P-384':
+                return 'ES384';
+            case 'P-512':
+                return 'ES512';
+        }
+    }
+    else if (a === RSA_OAEP) {
+        return 'RS512';
+    }
+    else {
+        return 'RSA-OAEP-512';
+    }
+}
+function toSubtleAlg(hex) {
+    const name = guessAlgorithmName(hex);
+    if (name === ECDH || name === ECDSA) {
+        return {
+            name,
+            namedCurve: guessCurveName(hex),
+        };
+    }
+    return {
+        name,
+        hash: { name: SHA_512 },
+    };
+}
+async function pemCertToCrypto(pem, options = {
+    isExtractable: true,
+}) {
+    let crt = pem.replace(CERT_BEGIN, '');
+    crt = crt.replace(CERT_END, '');
+    const b64 = crt.replace(/\s/g, '');
+    const arrayBuffer = base64.decodeArrayBuffer(b64);
+    const hex = (0, hex_js_1.encodeArrayBuffer)(arrayBuffer);
+    const jwsAlg = toJwsAlg(hex);
+    const keylike = await (0, jose_1.importX509)(pem, jwsAlg, { extractable: options.isExtractable });
+    const { type } = keylike;
+    if (type !== 'public') {
+        throw new errors_js_1.ConfigurationError('unpublic');
+    }
+    // FIXME Jose workaround for node clients.
+    // jose returns a crypto key on node, but we expect a subtle-crypto key
+    // The below should convert it, I hope, by exporting to a JWK and back.
+    if (keylike?.export) {
+        const keyObject = keylike;
+        const subtleAlg = toSubtleAlg(hex);
+        const keyUsages = guessKeyUsages(subtleAlg.name, options.usages);
+        const subtleKey = await crypto.subtle.importKey('jwk', keyObject.export({ format: 'jwk' }), subtleAlg, options.isExtractable, keyUsages);
+        return subtleKey;
+    }
+    return keylike;
+}
+exports.pemCertToCrypto = pemCertToCrypto;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVtUHVibGljVG9DcnlwdG8uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvbmFub3RkZi1jcnlwdG8vcGVtUHVibGljVG9DcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7O0dBT0c7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBRUg7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUVILCtEQUFpRDtBQUNqRCwrQkFBa0M7QUFFbEMsZ0RBQWdGO0FBQ2hGLDRDQUE0RDtBQUU1RCxNQUFNLE9BQU8sR0FBRyx3QkFBd0IsQ0FBQztBQUN6QyxNQUFNLE1BQU0sR0FBRyxvQkFBb0IsQ0FBQztBQUNwQyxNQUFNLFFBQVEsR0FBRyxzQkFBc0IsQ0FBQztBQUN4QyxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQztBQUNsQyxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQztBQUNsQyxNQUFNLE9BQU8sR0FBRyxTQUFTLENBQUM7QUFDMUIsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDO0FBQ3BCLE1BQU0sVUFBVSxHQUFHLDZCQUE2QixDQUFDO0FBQ2pELE1BQU0sUUFBUSxHQUFHLDJCQUEyQixDQUFDO0FBRTdDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDO0FBR3RCLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQztBQUNwQixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUM7QUFDdEIsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDO0FBQzVCLE1BQU0sT0FBTyxHQUFHLFNBQVMsQ0FBQztBQVUxQixTQUFTLGNBQWMsQ0FBQyxhQUE0QixFQUFFLE1BQW1CO0lBQ3ZFLElBQUksTUFBTTtRQUFFLE9BQU8sTUFBTSxDQUFDO0lBQzFCLFFBQVEsYUFBYSxFQUFFO1FBQ3JCLEtBQUssS0FBSztZQUNSLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwQixLQUFLLFFBQVE7WUFDWCxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ2hDLEtBQUssT0FBTztZQUNWLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwQixLQUFLLElBQUksQ0FBQztRQUNWO1lBQ0UsT0FBTyxFQUFFLENBQUM7S0FDYjtBQUNILENBQUM7QUFFRCxTQUFTLGtCQUFrQixDQUFDLEdBQVcsRUFBRSxhQUFzQjtJQUM3RCxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUU7UUFDeEIsSUFBSSxDQUFDLGFBQWEsSUFBSSxhQUFhLEtBQUssSUFBSSxFQUFFO1lBQzVDLE9BQU8sSUFBSSxDQUFDO1NBQ2I7YUFBTSxJQUFJLGFBQWEsS0FBSyxLQUFLLEVBQUU7WUFDbEMsT0FBTyxLQUFLLENBQUM7U0FDZDtLQUNGO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFO1FBQ2hDLElBQUksQ0FBQyxhQUFhLElBQUksYUFBYSxLQUFLLFFBQVEsRUFBRTtZQUNoRCxPQUFPLFFBQVEsQ0FBQztTQUNqQjthQUFNLElBQUksYUFBYSxLQUFLLE9BQU8sRUFBRTtZQUNwQyxPQUFPLE9BQU8sQ0FBQztTQUNoQjtLQUNGO0lBQ0QsTUFBTSxJQUFJLFNBQVMsQ0FBQyx1QkFBdUIsYUFBYSxFQUFFLENBQUMsQ0FBQztBQUM5RCxDQUFDO0FBRUQsU0FBUyxjQUFjLENBQUMsR0FBVztJQUNqQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUU7UUFDMUIsT0FBTyxLQUFLLENBQUM7S0FDZDtTQUFNLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRTtRQUNqQyxPQUFPLEtBQUssQ0FBQztLQUNkO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFO1FBQ2pDLE9BQU8sS0FBSyxDQUFDO0tBQ2Q7SUFDRCxNQUFNLElBQUksb0JBQVEsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0FBQzlELENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSSxLQUFLLFVBQVUsaUJBQWlCLENBQ3JDLEdBQVcsRUFDWCxVQUFvQztJQUNsQyxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLDRCQUE0QixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3BELEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLDBCQUEwQixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ25DLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNsRCxNQUFNLEdBQUcsR0FBRyxJQUFBLDBCQUFvQixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRTlDLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDNUQsTUFBTSxTQUFTLEdBQUcsY0FBYyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFaEUsSUFBSSxhQUFhLEtBQUssSUFBSSxJQUFJLGFBQWEsS0FBSyxLQUFLLEVBQUU7UUFDckQsTUFBTSxVQUFVLEdBQUcsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZDLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQzVCLElBQUksRUFDSixXQUFXLEVBQ1g7WUFDRSxJQUFJLEVBQUUsYUFBYTtZQUNuQixVQUFVO1NBQ1gsRUFDRCxPQUFPLENBQUMsYUFBYSxFQUNyQixTQUFTLENBQ1YsQ0FBQztLQUNIO1NBQU0sSUFBSSxhQUFhLEtBQUssUUFBUSxJQUFJLGFBQWEsS0FBSyxPQUFPLEVBQUU7UUFDbEUsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDNUIsSUFBSSxFQUNKLFdBQVcsRUFDWDtZQUNFLElBQUksRUFBRSxhQUFhO1lBQ25CLElBQUksRUFBRTtnQkFDSixJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUksSUFBSSxPQUFPO2FBQzlCO1NBQ0YsRUFDRCxPQUFPLENBQUMsYUFBYSxFQUNyQixTQUFTLENBQ1YsQ0FBQztLQUNIO1NBQU07UUFDTCxNQUFNLElBQUksU0FBUyxDQUFDLG9CQUFvQixDQUFDLENBQUM7S0FDM0M7QUFDSCxDQUFDO0FBM0NELDhDQTJDQztBQUVEOztHQUVHO0FBQ0gsU0FBUyxRQUFRLENBQUMsR0FBVztJQUMzQixNQUFNLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNsQyxJQUFJLENBQUMsS0FBSyxJQUFJLEVBQUU7UUFDZCxPQUFPLFNBQVMsQ0FBQztLQUNsQjtTQUFNLElBQUksQ0FBQyxLQUFLLEtBQUssRUFBRTtRQUN0QixRQUFRLGNBQWMsQ0FBQyxHQUFHLENBQUMsRUFBRTtZQUMzQixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxPQUFPLENBQUM7WUFDakIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sT0FBTyxDQUFDO1lBQ2pCLEtBQUssT0FBTztnQkFDVixPQUFPLE9BQU8sQ0FBQztTQUNsQjtLQUNGO1NBQU0sSUFBSSxDQUFDLEtBQUssUUFBUSxFQUFFO1FBQ3pCLE9BQU8sT0FBTyxDQUFDO0tBQ2hCO1NBQU07UUFDTCxPQUFPLGNBQWMsQ0FBQztLQUN2QjtBQUNILENBQUM7QUFDRCxTQUFTLFdBQVcsQ0FBQyxHQUFXO0lBQzlCLE1BQU0sSUFBSSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3JDLElBQUksSUFBSSxLQUFLLElBQUksSUFBSSxJQUFJLEtBQUssS0FBSyxFQUFFO1FBQ25DLE9BQU87WUFDTCxJQUFJO1lBQ0osVUFBVSxFQUFFLGNBQWMsQ0FBQyxHQUFHLENBQUM7U0FDaEMsQ0FBQztLQUNIO0lBQ0QsT0FBTztRQUNMLElBQUk7UUFDSixJQUFJLEVBQUUsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFO0tBQ3hCLENBQUM7QUFDSixDQUFDO0FBRU0sS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFVBQW9DO0lBQ2xDLGFBQWEsRUFBRSxJQUFJO0NBQ3BCO0lBRUQsSUFBSSxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDdEMsR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2hDLE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ25DLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNsRCxNQUFNLEdBQUcsR0FBRyxJQUFBLDBCQUFvQixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQzlDLE1BQU0sTUFBTSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM3QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUEsaUJBQVUsRUFBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUUsV0FBVyxFQUFFLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ3RGLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUM7SUFDekIsSUFBSSxJQUFJLEtBQUssUUFBUSxFQUFFO1FBQ3JCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztLQUMxQztJQUNELDBDQUEwQztJQUMxQyx1RUFBdUU7SUFDdkUsdUVBQXVFO0lBQ3ZFLElBQUssT0FBcUIsRUFBRSxNQUFNLEVBQUU7UUFDbEMsTUFBTSxTQUFTLEdBQUcsT0FBb0IsQ0FBQztRQUN2QyxNQUFNLFNBQVMsR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDbkMsTUFBTSxTQUFTLEdBQUcsY0FBYyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pFLE1BQU0sU0FBUyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQzdDLEtBQUssRUFDTCxTQUFTLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQ25DLFNBQVMsRUFDVCxPQUFPLENBQUMsYUFBYSxFQUNyQixTQUFTLENBQ1YsQ0FBQztRQUNGLE9BQU8sU0FBUyxDQUFDO0tBQ2xCO0lBQ0QsT0FBTyxPQUFvQixDQUFDO0FBQzlCLENBQUM7QUFsQ0QsMENBa0NDIn0=

package/dist/cjs/src/policy/api.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.attributeFQNsAsValues = void 0;
+const errors_js_1 = require("../errors.js");
+const utils_js_1 = require("../utils.js");
+async function attributeFQNsAsValues(kasUrl, authProvider, ...fqns) {
+    const avs = new URLSearchParams();
+    for (const fqn of fqns) {
+        avs.append('fqns', fqn);
+    }
+    avs.append('withValue.withKeyAccessGrants', 'true');
+    avs.append('withValue.withAttribute.withKeyAccessGrants', 'true');
+    const uNoSlash = (0, utils_js_1.rstrip)(kasUrl, '/');
+    const uNoKas = uNoSlash.endsWith('/kas') ? uNoSlash.slice(0, -4) : uNoSlash;
+    const url = `${uNoKas}/attributes/*/fqn?${avs}`;
+    const req = await authProvider.withCreds({
+        url,
+        headers: {},
+        method: 'GET',
+    });
+    let response;
+    try {
+        response = await fetch(req.url, {
+            mode: 'cors',
+            credentials: 'same-origin',
+            headers: req.headers,
+            redirect: 'follow',
+            referrerPolicy: 'no-referrer',
+        });
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`network error [${req.method} ${req.url}]`, e);
+    }
+    if (!response.ok) {
+        throw new errors_js_1.ServiceError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
+    }
+    let resp;
+    try {
+        resp = (await response.json());
+    }
+    catch (e) {
+        throw new errors_js_1.ServiceError(`response parse error [${req.method} ${req.url}]`, e);
+    }
+    const values = [];
+    for (const [fqn, av] of Object.entries(resp.fqnAttributeValues)) {
+        if (!av.value) {
+            console.log(`Missing value definition for [${fqn}]; is this a valid attribute?`);
+            continue;
+        }
+        if (av.attribute && !av.value.attribute) {
+            av.value.attribute = av.attribute;
+        }
+        values.push(av.value);
+    }
+    return values;
+}
+exports.attributeFQNsAsValues = attributeFQNsAsValues;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3BvbGljeS9hcGkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNENBQTBEO0FBRTFELDBDQUFxQztBQUc5QixLQUFLLFVBQVUscUJBQXFCLENBQ3pDLE1BQWMsRUFDZCxZQUEwQixFQUMxQixHQUFHLElBQWM7SUFFakIsTUFBTSxHQUFHLEdBQUcsSUFBSSxlQUFlLEVBQUUsQ0FBQztJQUNsQyxLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRTtRQUN0QixHQUFHLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQztLQUN6QjtJQUNELEdBQUcsQ0FBQyxNQUFNLENBQUMsK0JBQStCLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDcEQsR0FBRyxDQUFDLE1BQU0sQ0FBQyw2Q0FBNkMsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUNsRSxNQUFNLFFBQVEsR0FBRyxJQUFBLGlCQUFNLEVBQUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQ3JDLE1BQU0sTUFBTSxHQUFHLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQztJQUM1RSxNQUFNLEdBQUcsR0FBRyxHQUFHLE1BQU0scUJBQXFCLEdBQUcsRUFBRSxDQUFDO0lBQ2hELE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsT0FBTyxFQUFFLEVBQUU7UUFDWCxNQUFNLEVBQUUsS0FBSztLQUNkLENBQUMsQ0FBQztJQUNILElBQUksUUFBa0IsQ0FBQztJQUN2QixJQUFJO1FBQ0YsUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxFQUFFLE1BQU07WUFDWixXQUFXLEVBQUUsYUFBYTtZQUMxQixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87WUFDcEIsUUFBUSxFQUFFLFFBQVE7WUFDbEIsY0FBYyxFQUFFLGFBQWE7U0FDOUIsQ0FBQyxDQUFDO0tBQ0o7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE1BQU0sSUFBSSx3QkFBWSxDQUFDLGtCQUFrQixHQUFHLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztLQUN2RTtJQUVELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFO1FBQ2hCLE1BQU0sSUFBSSx3QkFBWSxDQUFDLEdBQUcsR0FBRyxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsR0FBRyxPQUFPLFFBQVEsQ0FBQyxNQUFNLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7S0FDakc7SUFFRCxJQUFJLElBQXNDLENBQUM7SUFDM0MsSUFBSTtRQUNGLElBQUksR0FBRyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFxQyxDQUFDO0tBQ3BFO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixNQUFNLElBQUksd0JBQVksQ0FBQyx5QkFBeUIsR0FBRyxDQUFDLE1BQU0sSUFBSSxHQUFHLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7S0FDOUU7SUFFRCxNQUFNLE1BQU0sR0FBWSxFQUFFLENBQUM7SUFDM0IsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEVBQUU7UUFDL0QsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUU7WUFDYixPQUFPLENBQUMsR0FBRyxDQUFDLGlDQUFpQyxHQUFHLCtCQUErQixDQUFDLENBQUM7WUFDakYsU0FBUztTQUNWO1FBQ0QsSUFBSSxFQUFFLENBQUMsU0FBUyxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUU7WUFDdkMsRUFBRSxDQUFDLEtBQUssQ0FBQyxTQUFTLEdBQUcsRUFBRSxDQUFDLFNBQVMsQ0FBQztTQUNuQztRQUNELE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO0tBQ3ZCO0lBQ0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQXZERCxzREF1REMifQ==

package/dist/cjs/src/policy/attributes.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0cmlidXRlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9wb2xpY3kvYXR0cmlidXRlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/dist/cjs/src/policy/granter.js

@@ -0,0 +1,146 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.plan = exports.booleanOperatorFor = void 0;
+const errors_js_1 = require("../errors.js");
+function booleanOperatorFor(rule) {
+    if (!rule) {
+        return 'allOf';
+    }
+    switch (rule) {
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED':
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF':
+            return 'allOf';
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF':
+            return 'anyOf';
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY':
+            return 'hierarchy';
+    }
+}
+exports.booleanOperatorFor = booleanOperatorFor;
+function plan(dataAttrs) {
+    // KASes by value
+    const grants = {};
+    // KAS detail by KAS url
+    const kasInfo = {};
+    // Attribute definitions in use
+    const prefixes = new Set();
+    // Values grouped by normalized attribute prefix
+    const allClauses = {};
+    // Values by normalized FQN
+    const allValues = {};
+    const addGrants = (val, gs) => {
+        if (!gs?.length) {
+            if (!(val in grants)) {
+                grants[val] = new Set();
+            }
+            return false;
+        }
+        for (const g of gs) {
+            if (val in grants) {
+                grants[val].add(g.uri);
+            }
+            else {
+                grants[val] = new Set([g.uri]);
+            }
+            kasInfo[g.uri] = g;
+        }
+        return true;
+    };
+    for (const v of dataAttrs) {
+        const { attribute, fqn } = v;
+        if (!attribute) {
+            throw new errors_js_1.ConfigurationError(`attribute not defined for [${fqn}]`);
+        }
+        const valFqn = fqn.toLowerCase();
+        const attrFqn = attribute.fqn.toLowerCase();
+        if (!prefixes.has(attrFqn)) {
+            prefixes.add(attrFqn);
+            allClauses[attrFqn] = {
+                def: attribute,
+                values: [],
+            };
+        }
+        allClauses[attrFqn].values.push(valFqn);
+        allValues[valFqn] = v;
+        if (!addGrants(valFqn, v.grants)) {
+            if (!addGrants(valFqn, attribute.grants)) {
+                addGrants(valFqn, attribute.namespace?.grants);
+            }
+        }
+    }
+    const kcs = [];
+    for (const attrClause of Object.values(allClauses)) {
+        const ccv = [];
+        for (const term of attrClause.values) {
+            const grantsForTerm = Array.from(grants[term] || []);
+            if (grantsForTerm?.length) {
+                ccv.push({
+                    op: 'anyOf',
+                    kases: grantsForTerm,
+                });
+            }
+        }
+        const op = booleanOperatorFor(attrClause.def.rule);
+        kcs.push({
+            op,
+            children: ccv,
+        });
+    }
+    return simplify(kcs, kasInfo);
+}
+exports.plan = plan;
+function simplify(clauses, kasInfo) {
+    const conjunction = {};
+    function keyFor(kases) {
+        const k = Array.from(new Set([kases])).sort();
+        return k.join('|');
+    }
+    for (const { op, children } of clauses) {
+        if (!children) {
+            continue;
+        }
+        if (op === 'anyOf') {
+            const anyKids = [];
+            for (const bc of children) {
+                if (bc.op != 'anyOf') {
+                    throw new Error('internal: autoconfigure inversion in disjunction');
+                }
+                if (!bc.kases?.length) {
+                    continue;
+                }
+                anyKids.push(...bc.kases);
+            }
+            if (!anyKids?.length) {
+                continue;
+            }
+            const k = keyFor(anyKids);
+            conjunction[k] = anyKids;
+        }
+        else {
+            for (const bc of children) {
+                if (bc.op != 'anyOf') {
+                    throw new Error('insternal: autoconfigure inversion in conjunction');
+                }
+                if (!bc.kases?.length) {
+                    continue;
+                }
+                const k = keyFor(bc.kases);
+                conjunction[k] = bc.kases;
+            }
+        }
+    }
+    const t = [];
+    let i = 0;
+    for (const k of Object.keys(conjunction).sort()) {
+        if (!conjunction[k]) {
+            continue;
+        }
+        i += 1;
+        const sid = '' + i;
+        for (const kas of conjunction[k]) {
+            t.push({ sid, kas: kasInfo[kas] });
+        }
+    }
+    return t;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ3JhbnRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9wb2xpY3kvZ3JhbnRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw0Q0FBa0Q7QUFxQ2xELFNBQWdCLGtCQUFrQixDQUFDLElBQXdCO0lBQ3pELElBQUksQ0FBQyxJQUFJLEVBQUU7UUFDVCxPQUFPLE9BQU8sQ0FBQztLQUNoQjtJQUNELFFBQVEsSUFBSSxFQUFFO1FBQ1osS0FBSyxzQ0FBc0MsQ0FBQztRQUM1QyxLQUFLLGlDQUFpQztZQUNwQyxPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGlDQUFpQztZQUNwQyxPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLG9DQUFvQztZQUN2QyxPQUFPLFdBQVcsQ0FBQztLQUN0QjtBQUNILENBQUM7QUFiRCxnREFhQztBQUVELFNBQWdCLElBQUksQ0FBQyxTQUFrQjtJQUNyQyxpQkFBaUI7SUFDakIsTUFBTSxNQUFNLEdBQWdDLEVBQUUsQ0FBQztJQUMvQyx3QkFBd0I7SUFDeEIsTUFBTSxPQUFPLEdBQW9DLEVBQUUsQ0FBQztJQUNwRCwrQkFBK0I7SUFDL0IsTUFBTSxRQUFRLEdBQWdCLElBQUksR0FBRyxFQUFFLENBQUM7SUFDeEMsZ0RBQWdEO0lBQ2hELE1BQU0sVUFBVSxHQUFvQyxFQUFFLENBQUM7SUFDdkQsMkJBQTJCO0lBQzNCLE1BQU0sU0FBUyxHQUEwQixFQUFFLENBQUM7SUFFNUMsTUFBTSxTQUFTLEdBQUcsQ0FBQyxHQUFXLEVBQUUsRUFBc0IsRUFBVyxFQUFFO1FBQ2pFLElBQUksQ0FBQyxFQUFFLEVBQUUsTUFBTSxFQUFFO1lBQ2YsSUFBSSxDQUFDLENBQUMsR0FBRyxJQUFJLE1BQU0sQ0FBQyxFQUFFO2dCQUNwQixNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLEVBQUUsQ0FBQzthQUN6QjtZQUNELE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFDRCxLQUFLLE1BQU0sQ0FBQyxJQUFJLEVBQUUsRUFBRTtZQUNsQixJQUFJLEdBQUcsSUFBSSxNQUFNLEVBQUU7Z0JBQ2pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2FBQ3hCO2lCQUFNO2dCQUNMLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2FBQ2hDO1lBQ0QsT0FBTyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDcEI7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUMsQ0FBQztJQUVGLEtBQUssTUFBTSxDQUFDLElBQUksU0FBUyxFQUFFO1FBQ3pCLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLElBQUksQ0FBQyxTQUFTLEVBQUU7WUFDZCxNQUFNLElBQUksOEJBQWtCLENBQUMsOEJBQThCLEdBQUcsR0FBRyxDQUFDLENBQUM7U0FDcEU7UUFDRCxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakMsTUFBTSxPQUFPLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM1QyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUMxQixRQUFRLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3RCLFVBQVUsQ0FBQyxPQUFPLENBQUMsR0FBRztnQkFDcEIsR0FBRyxFQUFFLFNBQVM7Z0JBQ2QsTUFBTSxFQUFFLEVBQUU7YUFDWCxDQUFDO1NBQ0g7UUFDRCxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4QyxTQUFTLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RCLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRTtZQUNoQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDLEVBQUU7Z0JBQ3hDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQzthQUNoRDtTQUNGO0tBQ0Y7SUFDRCxNQUFNLEdBQUcsR0FBMkIsRUFBRSxDQUFDO0lBQ3ZDLEtBQUssTUFBTSxVQUFVLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsRUFBRTtRQUNsRCxNQUFNLEdBQUcsR0FBb0IsRUFBRSxDQUFDO1FBQ2hDLEtBQUssTUFBTSxJQUFJLElBQUksVUFBVSxDQUFDLE1BQU0sRUFBRTtZQUNwQyxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNyRCxJQUFJLGFBQWEsRUFBRSxNQUFNLEVBQUU7Z0JBQ3pCLEdBQUcsQ0FBQyxJQUFJLENBQUM7b0JBQ1AsRUFBRSxFQUFFLE9BQU87b0JBQ1gsS0FBSyxFQUFFLGFBQWE7aUJBQ3JCLENBQUMsQ0FBQzthQUNKO1NBQ0Y7UUFDRCxNQUFNLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25ELEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDUCxFQUFFO1lBQ0YsUUFBUSxFQUFFLEdBQUc7U0FDZCxDQUFDLENBQUM7S0FDSjtJQUNELE9BQU8sUUFBUSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUNoQyxDQUFDO0FBdkVELG9CQXVFQztBQUVELFNBQVMsUUFBUSxDQUNmLE9BQStCLEVBQy9CLE9BQXdDO0lBRXhDLE1BQU0sV0FBVyxHQUE2QixFQUFFLENBQUM7SUFDakQsU0FBUyxNQUFNLENBQUMsS0FBZTtRQUM3QixNQUFNLENBQUMsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzlDLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNyQixDQUFDO0lBQ0QsS0FBSyxNQUFNLEVBQUUsRUFBRSxFQUFFLFFBQVEsRUFBRSxJQUFJLE9BQU8sRUFBRTtRQUN0QyxJQUFJLENBQUMsUUFBUSxFQUFFO1lBQ2IsU0FBUztTQUNWO1FBQ0QsSUFBSSxFQUFFLEtBQUssT0FBTyxFQUFFO1lBQ2xCLE1BQU0sT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNuQixLQUFLLE1BQU0sRUFBRSxJQUFJLFFBQVEsRUFBRTtnQkFDekIsSUFBSSxFQUFFLENBQUMsRUFBRSxJQUFJLE9BQU8sRUFBRTtvQkFDcEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO2lCQUNyRTtnQkFDRCxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUU7b0JBQ3JCLFNBQVM7aUJBQ1Y7Z0JBQ0QsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQzthQUMzQjtZQUNELElBQUksQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFO2dCQUNwQixTQUFTO2FBQ1Y7WUFDRCxNQUFNLENBQUMsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDMUIsV0FBVyxDQUFDLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQztTQUMxQjthQUFNO1lBQ0wsS0FBSyxNQUFNLEVBQUUsSUFBSSxRQUFRLEVBQUU7Z0JBQ3pCLElBQUksRUFBRSxDQUFDLEVBQUUsSUFBSSxPQUFPLEVBQUU7b0JBQ3BCLE1BQU0sSUFBSSxLQUFLLENBQUMsbURBQW1ELENBQUMsQ0FBQztpQkFDdEU7Z0JBQ0QsSUFBSSxDQUFDLEVBQUUsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFO29CQUNyQixTQUFTO2lCQUNWO2dCQUNELE1BQU0sQ0FBQyxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQzNCLFdBQVcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLENBQUMsS0FBSyxDQUFDO2FBQzNCO1NBQ0Y7S0FDRjtJQUNELE1BQU0sQ0FBQyxHQUFtQixFQUFFLENBQUM7SUFDN0IsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ1YsS0FBSyxNQUFNLENBQUMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO1FBQy9DLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDbkIsU0FBUztTQUNWO1FBQ0QsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNQLE1BQU0sR0FBRyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbkIsS0FBSyxNQUFNLEdBQUcsSUFBSSxXQUFXLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDaEMsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztTQUNwQztLQUNGO0lBQ0QsT0FBTyxDQUFDLENBQUM7QUFDWCxDQUFDIn0=

package/dist/cjs/src/tdf/AttributeObject.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAttribute = void 0;
+async function createAttribute(attribute, pubKey, kasUrl) {
+    return {
+        attribute,
+        isDefault: false,
+        displayName: '',
+        pubKey: pubKey.publicKey,
+        kasUrl,
+        schemaVersion: '1.1.0',
+    };
+}
+exports.createAttribute = createAttribute;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXR0cmlidXRlT2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9BdHRyaWJ1dGVPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBYU8sS0FBSyxVQUFVLGVBQWUsQ0FDbkMsU0FBaUIsRUFDakIsTUFBd0IsRUFDeEIsTUFBYztJQUVkLE9BQU87UUFDTCxTQUFTO1FBQ1QsU0FBUyxFQUFFLEtBQUs7UUFDaEIsV0FBVyxFQUFFLEVBQUU7UUFDZixNQUFNLEVBQUUsTUFBTSxDQUFDLFNBQVM7UUFDeEIsTUFBTTtRQUNOLGFBQWEsRUFBRSxPQUFPO0tBQ3ZCLENBQUM7QUFDSixDQUFDO0FBYkQsMENBYUMifQ==

package/dist/cjs/src/tdf/AttributeObjectJwt.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXR0cmlidXRlT2JqZWN0Snd0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9BdHRyaWJ1dGVPYmplY3RKd3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/src/tdf/Crypto.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyUsageType = exports.KeyType = exports.KeyFormat = exports.HashType = exports.CipherType = exports.NamedCurve = exports.AlgorithmName = void 0;
+var AlgorithmName;
+(function (AlgorithmName) {
+    AlgorithmName["ECDH"] = "ECDH";
+    AlgorithmName["ECDSA"] = "ECDSA";
+    AlgorithmName["ES256"] = "ES256";
+    AlgorithmName["HKDF"] = "HKDF";
+    AlgorithmName["RSA_OAEP"] = "RSA-OAEP";
+    AlgorithmName["RSA_PSS"] = "RSA-PSS";
+})(AlgorithmName || (exports.AlgorithmName = AlgorithmName = {}));
+var NamedCurve;
+(function (NamedCurve) {
+    NamedCurve["P256"] = "P-256";
+    NamedCurve["P384"] = "P-384";
+    NamedCurve["P512"] = "P-512";
+})(NamedCurve || (exports.NamedCurve = NamedCurve = {}));
+var CipherType;
+(function (CipherType) {
+    CipherType["AesGcm"] = "AES-GCM";
+})(CipherType || (exports.CipherType = CipherType = {}));
+var HashType;
+(function (HashType) {
+    HashType["Sha256"] = "SHA-256";
+})(HashType || (exports.HashType = HashType = {}));
+var KeyFormat;
+(function (KeyFormat) {
+    KeyFormat["Raw"] = "raw";
+    KeyFormat["Pkcs8"] = "pkcs8";
+    KeyFormat["Spki"] = "spki";
+})(KeyFormat || (exports.KeyFormat = KeyFormat = {}));
+var KeyType;
+(function (KeyType) {
+    KeyType["Private"] = "private";
+    KeyType["Public"] = "public";
+})(KeyType || (exports.KeyType = KeyType = {}));
+var KeyUsageType;
+(function (KeyUsageType) {
+    KeyUsageType["Encrypt"] = "encrypt";
+    KeyUsageType["Decrypt"] = "decrypt";
+    KeyUsageType["Verify"] = "verify";
+    KeyUsageType["Sign"] = "sign";
+    KeyUsageType["UnwrapKey"] = "unwrapKey";
+    KeyUsageType["WrapKey"] = "wrapKey";
+})(KeyUsageType || (exports.KeyUsageType = KeyUsageType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9DcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsSUFBWSxhQU9YO0FBUEQsV0FBWSxhQUFhO0lBQ3ZCLDhCQUFhLENBQUE7SUFDYixnQ0FBZSxDQUFBO0lBQ2YsZ0NBQWUsQ0FBQTtJQUNmLDhCQUFhLENBQUE7SUFDYixzQ0FBcUIsQ0FBQTtJQUNyQixvQ0FBbUIsQ0FBQTtBQUNyQixDQUFDLEVBUFcsYUFBYSw2QkFBYixhQUFhLFFBT3hCO0FBRUQsSUFBWSxVQUlYO0FBSkQsV0FBWSxVQUFVO0lBQ3BCLDRCQUFjLENBQUE7SUFDZCw0QkFBYyxDQUFBO0lBQ2QsNEJBQWMsQ0FBQTtBQUNoQixDQUFDLEVBSlcsVUFBVSwwQkFBVixVQUFVLFFBSXJCO0FBRUQsSUFBWSxVQUVYO0FBRkQsV0FBWSxVQUFVO0lBQ3BCLGdDQUFrQixDQUFBO0FBQ3BCLENBQUMsRUFGVyxVQUFVLDBCQUFWLFVBQVUsUUFFckI7QUFFRCxJQUFZLFFBRVg7QUFGRCxXQUFZLFFBQVE7SUFDbEIsOEJBQWtCLENBQUE7QUFDcEIsQ0FBQyxFQUZXLFFBQVEsd0JBQVIsUUFBUSxRQUVuQjtBQUVELElBQVksU0FJWDtBQUpELFdBQVksU0FBUztJQUNuQix3QkFBVyxDQUFBO0lBQ1gsNEJBQWUsQ0FBQTtJQUNmLDBCQUFhLENBQUE7QUFDZixDQUFDLEVBSlcsU0FBUyx5QkFBVCxTQUFTLFFBSXBCO0FBRUQsSUFBWSxPQUdYO0FBSEQsV0FBWSxPQUFPO0lBQ2pCLDhCQUFtQixDQUFBO0lBQ25CLDRCQUFpQixDQUFBO0FBQ25CLENBQUMsRUFIVyxPQUFPLHVCQUFQLE9BQU8sUUFHbEI7QUFFRCxJQUFZLFlBT1g7QUFQRCxXQUFZLFlBQVk7SUFDdEIsbUNBQW1CLENBQUE7SUFDbkIsbUNBQW1CLENBQUE7SUFDbkIsaUNBQWlCLENBQUE7SUFDakIsNkJBQWEsQ0FBQTtJQUNiLHVDQUF1QixDQUFBO0lBQ3ZCLG1DQUFtQixDQUFBO0FBQ3JCLENBQUMsRUFQVyxZQUFZLDRCQUFaLFlBQVksUUFPdkIifQ==

package/dist/cjs/src/tdf/EntityObject.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW50aXR5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9FbnRpdHlPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/src/tdf/NanoTDF/NanoTDF.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyType = exports.ResourceLocatorProtocol = void 0;
+var CipherType;
+(function (CipherType) {
+    CipherType[CipherType["Aes256Gcm64"] = 0] = "Aes256Gcm64";
+    CipherType[CipherType["Aes256Gcm96"] = 1] = "Aes256Gcm96";
+    CipherType[CipherType["Aes256Gcm104"] = 2] = "Aes256Gcm104";
+    CipherType[CipherType["Aes256Gcm112"] = 3] = "Aes256Gcm112";
+    CipherType[CipherType["Aes256Gcm120"] = 4] = "Aes256Gcm120";
+    CipherType[CipherType["Aes256Gcm128"] = 5] = "Aes256Gcm128";
+})(CipherType || (CipherType = {}));
+/**
+ * The Signature ECC Mode is used to determine the length of the signature at the end of a nanotdf. This, in
+ * combination with the previous HAS_SIGNATURE section, describe the signature of the nanotdf. The following table
+ * describes the valid values and the associated ECC Params.
+ */
+var CurveName;
+(function (CurveName) {
+    CurveName[CurveName["Secp256R1"] = 0] = "Secp256R1";
+    CurveName[CurveName["Secp384R1"] = 1] = "Secp384R1";
+    CurveName[CurveName["Secp521R1"] = 2] = "Secp521R1";
+})(CurveName || (CurveName = {}));
+var ResourceLocatorProtocol;
+(function (ResourceLocatorProtocol) {
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Http"] = 0] = "Http";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Https"] = 1] = "Https";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Unreserverd"] = 2] = "Unreserverd";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["SharedResourceDirectory"] = 255] = "SharedResourceDirectory";
+})(ResourceLocatorProtocol || (exports.ResourceLocatorProtocol = ResourceLocatorProtocol = {}));
+var PolicyType;
+(function (PolicyType) {
+    PolicyType[PolicyType["Remote"] = 0] = "Remote";
+    PolicyType[PolicyType["EmbeddedText"] = 1] = "EmbeddedText";
+    PolicyType[PolicyType["EmbeddedEncrypted"] = 2] = "EmbeddedEncrypted";
+    PolicyType[PolicyType["EmbeddedEncryptedPKA"] = 3] = "EmbeddedEncryptedPKA";
+})(PolicyType || (exports.PolicyType = PolicyType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTmFub1RERi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy90ZGYvTmFub1RERi9OYW5vVERGLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLElBQUssVUFPSjtBQVBELFdBQUssVUFBVTtJQUNiLHlEQUFXLENBQUE7SUFDWCx5REFBVyxDQUFBO0lBQ1gsMkRBQVksQ0FBQTtJQUNaLDJEQUFZLENBQUE7SUFDWiwyREFBWSxDQUFBO0lBQ1osMkRBQVksQ0FBQTtBQUNkLENBQUMsRUFQSSxVQUFVLEtBQVYsVUFBVSxRQU9kO0FBRUQ7Ozs7R0FJRztBQUNILElBQUssU0FJSjtBQUpELFdBQUssU0FBUztJQUNaLG1EQUFTLENBQUE7SUFDVCxtREFBUyxDQUFBO0lBQ1QsbURBQVMsQ0FBQTtBQUNYLENBQUMsRUFKSSxTQUFTLEtBQVQsU0FBUyxRQUliO0FBRUQsSUFBWSx1QkFLWDtBQUxELFdBQVksdUJBQXVCO0lBQ2pDLHFFQUFJLENBQUE7SUFDSix1RUFBSyxDQUFBO0lBQ0wsbUZBQVcsQ0FBQTtJQUNYLDZHQUE4QixDQUFBO0FBQ2hDLENBQUMsRUFMVyx1QkFBdUIsdUNBQXZCLHVCQUF1QixRQUtsQztBQUVELElBQVksVUFLWDtBQUxELFdBQVksVUFBVTtJQUNwQiwrQ0FBTSxDQUFBO0lBQ04sMkRBQVksQ0FBQTtJQUNaLHFFQUFpQixDQUFBO0lBQ2pCLDJFQUFvQixDQUFBO0FBQ3RCLENBQUMsRUFMVyxVQUFVLDBCQUFWLFVBQVUsUUFLckIifQ==

package/dist/cjs/src/tdf/Policy.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const uuid_1 = require("uuid");
+class Policy {
+    constructor() {
+        this.uuidStr = (0, uuid_1.v4)();
+        this.dataAttributesList = [];
+        this.dissemList = [];
+    }
+    // private schemaVersionStr = Policy.CURRENT_VERSION;
+    /**
+     * Adds a group of entities, to the Policy's dissem list
+     *
+     * @param entities The entities will be added to the policy and
+     * they will have access to the TDF
+     */
+    addEntities(entities) {
+        this.dissemList.push(...entities);
+        // Remove any duplicates
+        this.dissemList = this.dissemList.filter((elem, index, self) => {
+            return index === self.indexOf(elem);
+        });
+    }
+    /**
+     *
+     * Adds an Attribute object to the policy
+     *
+     * @param attribute will be added to the policy
+     */
+    addAttribute(attribute) {
+        this.dataAttributesList.push(attribute);
+    }
+    /**
+     * Returns the JSON string of Policy object
+     *
+     * @return {string} [The constructed Policy object as JSON string]
+     */
+    toJSON() {
+        return JSON.stringify({
+            uuid: this.uuidStr,
+            body: {
+                dataAttributes: this.dataAttributesList,
+                dissem: this.dissemList,
+            },
+        });
+    }
+}
+Policy.CURRENT_VERSION = '1.1.0';
+exports.default = Policy;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSwrQkFBa0M7QUFFbEMsTUFBcUIsTUFBTTtJQUEzQjtRQUdVLFlBQU8sR0FBRyxJQUFBLFNBQUksR0FBRSxDQUFDO1FBQ2pCLHVCQUFrQixHQUFzQixFQUFFLENBQUM7UUFDM0MsZUFBVSxHQUFhLEVBQUUsQ0FBQztJQTBDcEMsQ0FBQztJQXpDQyxxREFBcUQ7SUFFckQ7Ozs7O09BS0c7SUFDSCxXQUFXLENBQUMsUUFBa0I7UUFDNUIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxRQUFRLENBQUMsQ0FBQztRQUVsQyx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLEVBQUU7WUFDN0QsT0FBTyxLQUFLLEtBQUssSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN0QyxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILFlBQVksQ0FBQyxTQUEwQjtRQUNyQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTTtRQUNKLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztZQUNwQixJQUFJLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDbEIsSUFBSSxFQUFFO2dCQUNKLGNBQWMsRUFBRSxJQUFJLENBQUMsa0JBQWtCO2dCQUN2QyxNQUFNLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDeEI7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDOztBQTdDTSxzQkFBZSxHQUFHLE9BQU8sQUFBVixDQUFXO2tCQURkLE1BQU0ifQ==

package/dist/cjs/src/tdf/PolicyObject.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3lPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/src/tdf/TypedArray.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVHlwZWRBcnJheS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy90ZGYvVHlwZWRBcnJheS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=