@opentdf/sdk 0.1.0-beta.1718 → 0.2.0-beta.1941
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -38
- package/dist/cjs/src/access.js +99 -62
- package/dist/cjs/src/auth/auth.js +5 -26
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +1 -1
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +1 -1
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +1 -1
- package/dist/cjs/src/auth/oidc.js +1 -1
- package/dist/cjs/src/auth/providers.js +1 -1
- package/dist/cjs/src/concurrency.js +3 -4
- package/dist/cjs/src/encodings/base64.js +4 -4
- package/dist/cjs/src/encodings/hex.js +5 -6
- package/dist/cjs/src/encodings/index.js +18 -8
- package/dist/cjs/src/errors.js +1 -1
- package/dist/cjs/src/index.js +28 -320
- package/dist/cjs/src/nanoclients.js +285 -0
- package/dist/cjs/src/nanoindex.js +47 -0
- package/dist/cjs/src/nanotdf/Client.js +35 -30
- package/dist/cjs/src/nanotdf/NanoTDF.js +1 -1
- package/dist/cjs/src/nanotdf/decrypt.js +2 -2
- package/dist/cjs/src/nanotdf/encrypt-dataset.js +2 -2
- package/dist/cjs/src/nanotdf/encrypt.js +2 -2
- package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +3 -4
- package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +2 -2
- package/dist/cjs/src/nanotdf/models/Ciphers.js +3 -3
- package/dist/cjs/src/nanotdf/models/EcCurves.js +3 -3
- package/dist/cjs/src/nanotdf/models/Header.js +1 -1
- package/dist/cjs/src/nanotdf/models/Payload.js +1 -1
- package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +1 -1
- package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +1 -1
- package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +1 -1
- package/dist/cjs/src/nanotdf/models/ResourceLocator.js +1 -1
- package/dist/cjs/src/nanotdf/models/Signature.js +1 -1
- package/dist/cjs/src/nanotdf-crypto/ciphers.js +1 -1
- package/dist/cjs/src/nanotdf-crypto/decrypt.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/digest.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +4 -5
- package/dist/cjs/src/nanotdf-crypto/encrypt.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +2 -2
- package/dist/cjs/src/nanotdf-crypto/index.js +21 -13
- package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +10 -8
- package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +20 -11
- package/dist/cjs/src/opentdf.js +243 -0
- package/dist/cjs/src/policy/api.js +2 -3
- package/dist/cjs/src/policy/granter.js +3 -4
- package/dist/cjs/src/seekable.js +157 -0
- package/dist/cjs/src/tdf/AttributeObject.js +2 -4
- package/dist/cjs/src/tdf/Policy.js +3 -3
- package/dist/cjs/src/utils.js +13 -21
- package/dist/cjs/src/version.js +7 -3
- package/dist/cjs/tdf3/index.js +27 -16
- package/dist/cjs/tdf3/src/assertions.js +25 -11
- package/dist/cjs/tdf3/src/binary.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +1 -1
- package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +7 -74
- package/dist/cjs/tdf3/src/client/builders.js +26 -22
- package/dist/cjs/tdf3/src/client/index.js +91 -117
- package/dist/cjs/tdf3/src/client/validation.js +3 -3
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +18 -18
- package/dist/cjs/tdf3/src/index.js +22 -11
- package/dist/cjs/tdf3/src/models/attribute-set.js +1 -1
- package/dist/cjs/tdf3/src/models/encryption-information.js +3 -3
- package/dist/cjs/tdf3/src/models/index.js +1 -2
- package/dist/cjs/tdf3/src/models/key-access.js +67 -35
- package/dist/cjs/tdf3/src/models/policy.js +3 -3
- package/dist/cjs/tdf3/src/tdf.js +180 -395
- package/dist/cjs/tdf3/src/utils/buffer-crc32.js +2 -3
- package/dist/cjs/tdf3/src/utils/index.js +48 -38
- package/dist/cjs/tdf3/src/utils/keysplit.js +4 -5
- package/dist/cjs/tdf3/src/utils/unwrap.js +21 -0
- package/dist/cjs/tdf3/src/utils/zip-reader.js +4 -4
- package/dist/cjs/tdf3/src/utils/zip-writer.js +4 -4
- package/dist/types/src/access.d.ts +10 -4
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +1 -28
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +5 -136
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/nanoclients.d.ts +107 -0
- package/dist/types/src/nanoclients.d.ts.map +1 -0
- package/dist/types/src/nanoindex.d.ts +5 -0
- package/dist/types/src/nanoindex.d.ts.map +1 -0
- package/dist/types/src/nanotdf/Client.d.ts +1 -13
- package/dist/types/src/nanotdf/Client.d.ts.map +1 -1
- package/dist/types/src/nanotdf/NanoTDF.d.ts +1 -1
- package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -1
- package/dist/types/src/nanotdf/encrypt-dataset.d.ts +1 -1
- package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -1
- package/dist/types/src/nanotdf/encrypt.d.ts +1 -1
- package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -1
- package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +1 -1
- package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -1
- package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +1 -1
- package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -1
- package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +1 -1
- package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -1
- package/dist/types/src/nanotdf/models/DefaultParams.d.ts +1 -1
- package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -1
- package/dist/types/src/nanotdf-crypto/digest.d.ts +1 -1
- package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -1
- package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +1 -1
- package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -1
- package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +1 -1
- package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -1
- package/dist/types/src/nanotdf-crypto/index.d.ts +2 -3
- package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -1
- package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +106 -0
- package/dist/types/src/opentdf.d.ts.map +1 -0
- package/dist/types/src/seekable.d.ts +39 -0
- package/dist/types/src/seekable.d.ts.map +1 -0
- package/dist/types/src/tdf/AttributeObject.d.ts +0 -2
- package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -1
- package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +2 -2
- package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -1
- package/dist/types/src/tdf/Policy.d.ts +1 -1
- package/dist/types/src/tdf/Policy.d.ts.map +1 -1
- package/dist/types/src/tdf/PolicyObject.d.ts +1 -2
- package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -1
- package/dist/types/src/tdf/TypedArray.d.ts +1 -2
- package/dist/types/src/tdf/TypedArray.d.ts.map +1 -1
- package/dist/types/src/utils.d.ts +1 -3
- package/dist/types/src/utils.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +5 -1
- package/dist/types/src/version.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +5 -4
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +3 -3
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +2 -15
- package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +43 -42
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +12 -17
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/validation.d.ts +3 -3
- package/dist/types/tdf3/src/client/validation.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/index.d.ts +1 -1
- package/dist/types/tdf3/src/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/index.d.ts +0 -1
- package/dist/types/tdf3/src/models/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +63 -15
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/manifest.d.ts +2 -0
- package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/policy.d.ts +0 -1
- package/dist/types/tdf3/src/models/policy.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +24 -37
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +0 -4
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/unwrap.d.ts +2 -0
- package/dist/types/tdf3/src/utils/unwrap.d.ts.map +1 -0
- package/dist/types/tdf3/src/utils/zip-reader.d.ts +1 -1
- package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/zip-writer.d.ts +2 -2
- package/dist/web/src/access.js +93 -58
- package/dist/web/src/auth/auth.js +1 -21
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +1 -1
- package/dist/web/src/auth/oidc-externaljwt-provider.js +1 -1
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +1 -1
- package/dist/web/src/auth/oidc.js +1 -1
- package/dist/web/src/auth/providers.js +1 -1
- package/dist/web/src/concurrency.js +1 -1
- package/dist/web/src/encodings/base64.js +1 -1
- package/dist/web/src/encodings/hex.js +1 -1
- package/dist/web/src/errors.js +1 -1
- package/dist/web/src/index.js +6 -312
- package/dist/web/src/nanoclients.js +280 -0
- package/dist/web/src/nanoindex.js +5 -0
- package/dist/web/src/nanotdf/Client.js +18 -23
- package/dist/web/src/nanotdf/NanoTDF.js +1 -1
- package/dist/web/src/nanotdf/encrypt-dataset.js +1 -1
- package/dist/web/src/nanotdf/encrypt.js +1 -1
- package/dist/web/src/nanotdf/models/Ciphers.js +1 -1
- package/dist/web/src/nanotdf/models/EcCurves.js +1 -1
- package/dist/web/src/nanotdf/models/Header.js +1 -1
- package/dist/web/src/nanotdf/models/Payload.js +1 -1
- package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +1 -1
- package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +1 -1
- package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +1 -1
- package/dist/web/src/nanotdf/models/ResourceLocator.js +1 -1
- package/dist/web/src/nanotdf/models/Signature.js +1 -1
- package/dist/web/src/nanotdf-crypto/ciphers.js +1 -1
- package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +1 -1
- package/dist/web/src/nanotdf-crypto/generateKeyPair.js +2 -2
- package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +2 -2
- package/dist/web/src/nanotdf-crypto/index.js +3 -4
- package/dist/web/src/nanotdf-crypto/keyAgreement.js +9 -6
- package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +1 -1
- package/dist/web/src/opentdf.js +234 -0
- package/dist/web/src/policy/api.js +1 -1
- package/dist/web/src/policy/granter.js +1 -1
- package/dist/web/src/seekable.js +148 -0
- package/dist/web/src/tdf/AttributeObject.js +1 -2
- package/dist/web/src/tdf/Policy.js +2 -4
- package/dist/web/src/utils.js +3 -10
- package/dist/web/src/version.js +6 -2
- package/dist/web/tdf3/index.js +5 -4
- package/dist/web/tdf3/src/assertions.js +21 -6
- package/dist/web/tdf3/src/binary.js +1 -1
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +1 -1
- package/dist/web/tdf3/src/client/DecoratedReadableStream.js +4 -68
- package/dist/web/tdf3/src/client/builders.js +26 -22
- package/dist/web/tdf3/src/client/index.js +74 -105
- package/dist/web/tdf3/src/client/validation.js +1 -1
- package/dist/web/tdf3/src/crypto/crypto-utils.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +1 -1
- package/dist/web/tdf3/src/index.js +2 -2
- package/dist/web/tdf3/src/models/attribute-set.js +1 -1
- package/dist/web/tdf3/src/models/encryption-information.js +3 -3
- package/dist/web/tdf3/src/models/index.js +1 -2
- package/dist/web/tdf3/src/models/key-access.js +47 -24
- package/dist/web/tdf3/src/models/policy.js +1 -1
- package/dist/web/tdf3/src/tdf.js +153 -371
- package/dist/web/tdf3/src/utils/buffer-crc32.js +1 -1
- package/dist/web/tdf3/src/utils/index.js +19 -14
- package/dist/web/tdf3/src/utils/keysplit.js +1 -1
- package/dist/web/tdf3/src/utils/unwrap.js +18 -0
- package/dist/web/tdf3/src/utils/zip-reader.js +1 -1
- package/dist/web/tdf3/src/utils/zip-writer.js +1 -1
- package/package.json +45 -45
- package/src/access.ts +111 -54
- package/src/auth/auth.ts +1 -31
- package/src/index.ts +5 -440
- package/src/nanoclients.ts +405 -0
- package/src/nanoindex.ts +4 -0
- package/src/nanotdf/Client.ts +18 -25
- package/src/nanotdf/NanoTDF.ts +1 -1
- package/src/nanotdf/encrypt-dataset.ts +1 -1
- package/src/nanotdf/encrypt.ts +1 -1
- package/src/nanotdf/helpers/getHkdfSalt.ts +1 -1
- package/src/nanotdf-crypto/digest.ts +1 -1
- package/src/nanotdf-crypto/generateKeyPair.ts +1 -1
- package/src/nanotdf-crypto/generateRandomNumber.ts +1 -1
- package/src/nanotdf-crypto/index.ts +2 -3
- package/src/nanotdf-crypto/keyAgreement.ts +14 -7
- package/src/opentdf.ts +441 -0
- package/src/seekable.ts +180 -0
- package/src/tdf/AttributeObject.ts +0 -3
- package/src/tdf/Policy.ts +1 -2
- package/src/tdf/PolicyObject.ts +1 -2
- package/src/tdf/TypedArray.ts +1 -3
- package/src/utils.ts +3 -11
- package/src/version.ts +6 -1
- package/tdf3/index.ts +15 -10
- package/tdf3/src/assertions.ts +33 -8
- package/tdf3/src/client/DecoratedReadableStream.ts +3 -80
- package/tdf3/src/client/builders.ts +44 -28
- package/tdf3/src/client/index.ts +109 -165
- package/tdf3/src/index.ts +1 -1
- package/tdf3/src/models/encryption-information.ts +2 -2
- package/tdf3/src/models/index.ts +0 -1
- package/tdf3/src/models/key-access.ts +120 -38
- package/tdf3/src/models/manifest.ts +3 -0
- package/tdf3/src/models/policy.ts +0 -1
- package/tdf3/src/tdf.ts +266 -522
- package/tdf3/src/utils/index.ts +19 -18
- package/tdf3/src/utils/unwrap.ts +17 -0
- package/tdf3/src/utils/zip-reader.ts +1 -1
- package/dist/cjs/src/auth/Eas.js +0 -60
- package/dist/cjs/src/nanotdf-crypto/importRawKey.js +0 -18
- package/dist/cjs/src/tdf/Crypto.js +0 -47
- package/dist/cjs/src/tdf/EntityObject.js +0 -3
- package/dist/cjs/src/tdf/index.js +0 -35
- package/dist/cjs/tdf3/src/models/upsert-response.js +0 -3
- package/dist/cjs/tdf3/src/templates/default.html.js +0 -98
- package/dist/cjs/tdf3/src/templates/escaper.js +0 -15
- package/dist/cjs/tdf3/src/templates/index.js +0 -12
- package/dist/cjs/tdf3/src/utils/chunkers.js +0 -106
- package/dist/cjs/tdf3/src/version.js +0 -6
- package/dist/types/src/auth/Eas.d.ts +0 -34
- package/dist/types/src/auth/Eas.d.ts.map +0 -1
- package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +0 -13
- package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +0 -1
- package/dist/types/src/tdf/Crypto.d.ts +0 -37
- package/dist/types/src/tdf/Crypto.d.ts.map +0 -1
- package/dist/types/src/tdf/EntityObject.d.ts +0 -18
- package/dist/types/src/tdf/EntityObject.d.ts.map +0 -1
- package/dist/types/src/tdf/index.d.ts +0 -7
- package/dist/types/src/tdf/index.d.ts.map +0 -1
- package/dist/types/tdf3/src/models/upsert-response.d.ts +0 -16
- package/dist/types/tdf3/src/models/upsert-response.d.ts.map +0 -1
- package/dist/types/tdf3/src/templates/default.html.d.ts +0 -8
- package/dist/types/tdf3/src/templates/default.html.d.ts.map +0 -1
- package/dist/types/tdf3/src/templates/escaper.d.ts +0 -6
- package/dist/types/tdf3/src/templates/escaper.d.ts.map +0 -1
- package/dist/types/tdf3/src/templates/index.d.ts +0 -3
- package/dist/types/tdf3/src/templates/index.d.ts.map +0 -1
- package/dist/types/tdf3/src/utils/chunkers.d.ts +0 -29
- package/dist/types/tdf3/src/utils/chunkers.d.ts.map +0 -1
- package/dist/types/tdf3/src/version.d.ts +0 -3
- package/dist/types/tdf3/src/version.d.ts.map +0 -1
- package/dist/web/src/auth/Eas.js +0 -55
- package/dist/web/src/nanotdf-crypto/importRawKey.js +0 -15
- package/dist/web/src/tdf/Crypto.js +0 -44
- package/dist/web/src/tdf/EntityObject.js +0 -2
- package/dist/web/src/tdf/index.js +0 -4
- package/dist/web/tdf3/src/models/upsert-response.js +0 -2
- package/dist/web/tdf3/src/templates/default.html.js +0 -96
- package/dist/web/tdf3/src/templates/escaper.js +0 -10
- package/dist/web/tdf3/src/templates/index.js +0 -3
- package/dist/web/tdf3/src/utils/chunkers.js +0 -96
- package/dist/web/tdf3/src/version.js +0 -3
- package/src/auth/Eas.ts +0 -79
- package/src/nanotdf-crypto/importRawKey.ts +0 -19
- package/src/tdf/Crypto.ts +0 -42
- package/src/tdf/EntityObject.ts +0 -18
- package/src/tdf/index.ts +0 -6
- package/tdf3/src/models/upsert-response.ts +0 -17
- package/tdf3/src/templates/default.html.ts +0 -105
- package/tdf3/src/templates/escaper.ts +0 -10
- package/tdf3/src/templates/index.ts +0 -2
- package/tdf3/src/utils/chunkers.ts +0 -118
- package/tdf3/src/version.ts +0 -2
|
@@ -1,74 +1,97 @@
|
|
|
1
|
-
import { Binary } from '../binary.js';
|
|
2
1
|
import { base64, hex } from '../../../src/encodings/index.js';
|
|
2
|
+
import { generateRandomNumber } from '../../../src/nanotdf-crypto/generateRandomNumber.js';
|
|
3
|
+
import { keyAgreement } from '../../../src/nanotdf-crypto/keyAgreement.js';
|
|
4
|
+
import { pemPublicToCrypto } from '../../../src/nanotdf-crypto/pemPublicToCrypto.js';
|
|
5
|
+
import { cryptoPublicToPem } from '../../../src/utils.js';
|
|
6
|
+
import { Binary } from '../binary.js';
|
|
3
7
|
import * as cryptoService from '../crypto/index.js';
|
|
4
|
-
export
|
|
5
|
-
|
|
6
|
-
}
|
|
7
|
-
export class Wrapped {
|
|
8
|
+
export const schemaVersion = '1.0';
|
|
9
|
+
export class ECWrapped {
|
|
8
10
|
constructor(url, kid, publicKey, metadata, sid) {
|
|
9
11
|
this.url = url;
|
|
10
12
|
this.kid = kid;
|
|
11
13
|
this.publicKey = publicKey;
|
|
12
14
|
this.metadata = metadata;
|
|
13
15
|
this.sid = sid;
|
|
14
|
-
this.type = 'wrapped';
|
|
16
|
+
this.type = 'ec-wrapped';
|
|
17
|
+
this.ephemeralKeyPair = crypto.subtle.generateKey({
|
|
18
|
+
name: 'ECDH',
|
|
19
|
+
namedCurve: 'P-256',
|
|
20
|
+
}, false, ['deriveBits', 'deriveKey']);
|
|
15
21
|
}
|
|
16
|
-
async write(policy,
|
|
22
|
+
async write(policy, dek, encryptedMetadataStr) {
|
|
17
23
|
const policyStr = JSON.stringify(policy);
|
|
18
|
-
const
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
24
|
+
const [ek, clientPublicKey] = await Promise.all([
|
|
25
|
+
this.ephemeralKeyPair,
|
|
26
|
+
pemPublicToCrypto(this.publicKey),
|
|
27
|
+
]);
|
|
28
|
+
const kek = await keyAgreement(ek.privateKey, clientPublicKey, {
|
|
29
|
+
hkdfSalt: new TextEncoder().encode('salt'),
|
|
30
|
+
hkdfHash: 'SHA-256',
|
|
31
|
+
});
|
|
32
|
+
const iv = generateRandomNumber(12);
|
|
33
|
+
const cek = await crypto.subtle.encrypt({ name: 'AES-GCM', iv, tagLength: 128 }, kek, dek);
|
|
34
|
+
const entityWrappedKey = new Uint8Array(iv.length + cek.byteLength);
|
|
35
|
+
entityWrappedKey.set(iv);
|
|
36
|
+
entityWrappedKey.set(new Uint8Array(cek), iv.length);
|
|
37
|
+
const policyBinding = await cryptoService.hmac(hex.encodeArrayBuffer(dek), base64.encode(policyStr));
|
|
38
|
+
const ephemeralPublicKeyPEM = await cryptoPublicToPem(ek.publicKey);
|
|
39
|
+
const kao = {
|
|
40
|
+
type: 'ec-wrapped',
|
|
23
41
|
url: this.url,
|
|
24
42
|
protocol: 'kas',
|
|
25
|
-
wrappedKey: base64.
|
|
43
|
+
wrappedKey: base64.encodeArrayBuffer(entityWrappedKey),
|
|
26
44
|
encryptedMetadata: base64.encode(encryptedMetadataStr),
|
|
27
45
|
policyBinding: {
|
|
28
46
|
alg: 'HS256',
|
|
29
47
|
hash: base64.encode(policyBinding),
|
|
30
48
|
},
|
|
49
|
+
schemaVersion,
|
|
50
|
+
ephemeralPublicKey: ephemeralPublicKeyPEM,
|
|
31
51
|
};
|
|
32
52
|
if (this.kid) {
|
|
33
|
-
|
|
53
|
+
kao.kid = this.kid;
|
|
34
54
|
}
|
|
35
55
|
if (this.sid?.length) {
|
|
36
|
-
|
|
56
|
+
kao.sid = this.sid;
|
|
37
57
|
}
|
|
38
|
-
|
|
58
|
+
this.keyAccessObject = kao;
|
|
59
|
+
return kao;
|
|
39
60
|
}
|
|
40
61
|
}
|
|
41
|
-
export class
|
|
62
|
+
export class Wrapped {
|
|
42
63
|
constructor(url, kid, publicKey, metadata, sid) {
|
|
43
64
|
this.url = url;
|
|
44
65
|
this.kid = kid;
|
|
45
66
|
this.publicKey = publicKey;
|
|
46
67
|
this.metadata = metadata;
|
|
47
68
|
this.sid = sid;
|
|
48
|
-
this.type = '
|
|
69
|
+
this.type = 'wrapped';
|
|
49
70
|
}
|
|
50
71
|
async write(policy, keyBuffer, encryptedMetadataStr) {
|
|
51
72
|
const policyStr = JSON.stringify(policy);
|
|
52
|
-
const policyBinding = await cryptoService.hmac(hex.encodeArrayBuffer(keyBuffer), base64.encode(policyStr));
|
|
53
73
|
const unwrappedKeyBinary = Binary.fromArrayBuffer(keyBuffer.buffer);
|
|
54
74
|
const wrappedKeyBinary = await cryptoService.encryptWithPublicKey(unwrappedKeyBinary, this.publicKey);
|
|
55
|
-
|
|
56
|
-
this.wrappedKey = base64.encode(wrappedKeyBinary.asString());
|
|
75
|
+
const policyBinding = await cryptoService.hmac(hex.encodeArrayBuffer(keyBuffer), base64.encode(policyStr));
|
|
57
76
|
this.keyAccessObject = {
|
|
58
|
-
type: '
|
|
77
|
+
type: 'wrapped',
|
|
59
78
|
url: this.url,
|
|
60
79
|
protocol: 'kas',
|
|
61
|
-
wrappedKey:
|
|
80
|
+
wrappedKey: base64.encode(wrappedKeyBinary.asString()),
|
|
62
81
|
encryptedMetadata: base64.encode(encryptedMetadataStr),
|
|
63
82
|
policyBinding: {
|
|
64
83
|
alg: 'HS256',
|
|
65
84
|
hash: base64.encode(policyBinding),
|
|
66
85
|
},
|
|
86
|
+
schemaVersion,
|
|
67
87
|
};
|
|
68
88
|
if (this.kid) {
|
|
69
89
|
this.keyAccessObject.kid = this.kid;
|
|
70
90
|
}
|
|
91
|
+
if (this.sid?.length) {
|
|
92
|
+
this.keyAccessObject.sid = this.sid;
|
|
93
|
+
}
|
|
71
94
|
return this.keyAccessObject;
|
|
72
95
|
}
|
|
73
96
|
}
|
|
74
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
97
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWFjY2Vzcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3RkZjMvc3JjL21vZGVscy9rZXktYWNjZXNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFDOUQsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0scURBQXFELENBQUM7QUFDM0YsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLDZDQUE2QyxDQUFDO0FBQzNFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGtEQUFrRCxDQUFDO0FBQ3JGLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQzFELE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxLQUFLLGFBQWEsTUFBTSxvQkFBb0IsQ0FBQztBQUtwRCxNQUFNLENBQUMsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDO0FBRW5DLE1BQU0sT0FBTyxTQUFTO0lBS3BCLFlBQ2tCLEdBQVcsRUFDWCxHQUF1QixFQUN2QixTQUFpQixFQUNqQixRQUFpQixFQUNqQixHQUFZO1FBSlosUUFBRyxHQUFILEdBQUcsQ0FBUTtRQUNYLFFBQUcsR0FBSCxHQUFHLENBQW9CO1FBQ3ZCLGNBQVMsR0FBVCxTQUFTLENBQVE7UUFDakIsYUFBUSxHQUFSLFFBQVEsQ0FBUztRQUNqQixRQUFHLEdBQUgsR0FBRyxDQUFTO1FBVHJCLFNBQUksR0FBRyxZQUFZLENBQUM7UUFXM0IsSUFBSSxDQUFDLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUMvQztZQUNFLElBQUksRUFBRSxNQUFNO1lBQ1osVUFBVSxFQUFFLE9BQU87U0FDcEIsRUFDRCxLQUFLLEVBQ0wsQ0FBQyxZQUFZLEVBQUUsV0FBVyxDQUFDLENBQzVCLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUssQ0FDVCxNQUFjLEVBQ2QsR0FBZSxFQUNmLG9CQUE0QjtRQUU1QixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3pDLE1BQU0sQ0FBQyxFQUFFLEVBQUUsZUFBZSxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDO1lBQzlDLElBQUksQ0FBQyxnQkFBZ0I7WUFDckIsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQztTQUNsQyxDQUFDLENBQUM7UUFDSCxNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxFQUFFLENBQUMsVUFBVSxFQUFFLGVBQWUsRUFBRTtZQUM3RCxRQUFRLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO1lBQzFDLFFBQVEsRUFBRSxTQUFTO1NBQ3BCLENBQUMsQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLG9CQUFvQixDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BDLE1BQU0sR0FBRyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzNGLE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDcEUsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3pCLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFckQsTUFBTSxhQUFhLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUM1QyxHQUFHLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLEVBQzFCLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQ3pCLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLE1BQU0saUJBQWlCLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3BFLE1BQU0sR0FBRyxHQUFvQjtZQUMzQixJQUFJLEVBQUUsWUFBWTtZQUNsQixHQUFHLEVBQUUsSUFBSSxDQUFDLEdBQUc7WUFDYixRQUFRLEVBQUUsS0FBSztZQUNmLFVBQVUsRUFBRSxNQUFNLENBQUMsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUM7WUFDdEQsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQztZQUN0RCxhQUFhLEVBQUU7Z0JBQ2IsR0FBRyxFQUFFLE9BQU87Z0JBQ1osSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDO2FBQ25DO1lBQ0QsYUFBYTtZQUNiLGtCQUFrQixFQUFFLHFCQUFxQjtTQUMxQyxDQUFDO1FBQ0YsSUFBSSxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDYixHQUFHLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7UUFDckIsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUNyQixHQUFHLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7UUFDckIsQ0FBQztRQUNELElBQUksQ0FBQyxlQUFlLEdBQUcsR0FBRyxDQUFDO1FBQzNCLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztDQUNGO0FBRUQsTUFBTSxPQUFPLE9BQU87SUFJbEIsWUFDa0IsR0FBVyxFQUNYLEdBQXVCLEVBQ3ZCLFNBQWlCLEVBQ2pCLFFBQWlCLEVBQ2pCLEdBQVk7UUFKWixRQUFHLEdBQUgsR0FBRyxDQUFRO1FBQ1gsUUFBRyxHQUFILEdBQUcsQ0FBb0I7UUFDdkIsY0FBUyxHQUFULFNBQVMsQ0FBUTtRQUNqQixhQUFRLEdBQVIsUUFBUSxDQUFTO1FBQ2pCLFFBQUcsR0FBSCxHQUFHLENBQVM7UUFSckIsU0FBSSxHQUFHLFNBQVMsQ0FBQztJQVN2QixDQUFDO0lBRUosS0FBSyxDQUFDLEtBQUssQ0FDVCxNQUFjLEVBQ2QsU0FBcUIsRUFDckIsb0JBQTRCO1FBRTVCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwRSxNQUFNLGdCQUFnQixHQUFHLE1BQU0sYUFBYSxDQUFDLG9CQUFvQixDQUMvRCxrQkFBa0IsRUFDbEIsSUFBSSxDQUFDLFNBQVMsQ0FDZixDQUFDO1FBRUYsTUFBTSxhQUFhLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUM1QyxHQUFHLENBQUMsaUJBQWlCLENBQUMsU0FBUyxDQUFDLEVBQ2hDLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQ3pCLENBQUM7UUFFRixJQUFJLENBQUMsZUFBZSxHQUFHO1lBQ3JCLElBQUksRUFBRSxTQUFTO1lBQ2YsR0FBRyxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ2IsUUFBUSxFQUFFLEtBQUs7WUFDZixVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUN0RCxpQkFBaUIsRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLG9CQUFvQixDQUFDO1lBQ3RELGFBQWEsRUFBRTtnQkFDYixHQUFHLEVBQUUsT0FBTztnQkFDWixJQUFJLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLENBQUM7YUFDbkM7WUFDRCxhQUFhO1NBQ2QsQ0FBQztRQUNGLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ2IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQztRQUN0QyxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3JCLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUM7UUFDdEMsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQztJQUM5QixDQUFDO0NBQ0YifQ==
|
|
@@ -17,4 +17,4 @@ export function validatePolicyObject(policyMaybe) {
|
|
|
17
17
|
}
|
|
18
18
|
return true;
|
|
19
19
|
}
|
|
20
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvbW9kZWxzL3BvbGljeS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUc1RCxNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsT0FBTyxDQUFDO0FBWXZDLE1BQU0sVUFBVSxvQkFBb0IsQ0FBQyxXQUFvQjtJQUN2RCxJQUFJLE9BQU8sV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3BDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsc0RBQXNELFdBQVcsRUFBRSxDQUNwRSxDQUFDO0lBQ0osQ0FBQztJQUNELE1BQU0sTUFBTSxHQUFHLFdBQXFCLENBQUM7SUFDckMsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO0lBQ3pCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSTtRQUFFLGFBQWEsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDN0MsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJO1FBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDNUQsSUFBSSxNQUFNLENBQUMsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNO1FBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUUxRSxJQUFJLGFBQWEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN6QixNQUFNLElBQUksa0JBQWtCLENBQzFCLDhEQUE4RCxhQUFhLEVBQUUsQ0FDOUUsQ0FBQztJQUNKLENBQUM7SUFDRCxPQUFPLElBQUksQ0FBQztBQUNkLENBQUMifQ==
|