npm - @opentdf/sdk - Versions diffs - 0.1.0-beta.1718 → 0.2.0-beta.1941 - Mend

@opentdf/sdk 0.1.0-beta.1718 → 0.2.0-beta.1941

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

package/README.md +45 -38
package/dist/cjs/src/access.js +99 -62
package/dist/cjs/src/auth/auth.js +5 -26
package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +1 -1
package/dist/cjs/src/auth/oidc-externaljwt-provider.js +1 -1
package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +1 -1
package/dist/cjs/src/auth/oidc.js +1 -1
package/dist/cjs/src/auth/providers.js +1 -1
package/dist/cjs/src/concurrency.js +3 -4
package/dist/cjs/src/encodings/base64.js +4 -4
package/dist/cjs/src/encodings/hex.js +5 -6
package/dist/cjs/src/encodings/index.js +18 -8
package/dist/cjs/src/errors.js +1 -1
package/dist/cjs/src/index.js +28 -320
package/dist/cjs/src/nanoclients.js +285 -0
package/dist/cjs/src/nanoindex.js +47 -0
package/dist/cjs/src/nanotdf/Client.js +35 -30
package/dist/cjs/src/nanotdf/NanoTDF.js +1 -1
package/dist/cjs/src/nanotdf/decrypt.js +2 -2
package/dist/cjs/src/nanotdf/encrypt-dataset.js +2 -2
package/dist/cjs/src/nanotdf/encrypt.js +2 -2
package/dist/cjs/src/nanotdf/helpers/calculateByCurve.js +3 -4
package/dist/cjs/src/nanotdf/helpers/getHkdfSalt.js +2 -2
package/dist/cjs/src/nanotdf/models/Ciphers.js +3 -3
package/dist/cjs/src/nanotdf/models/EcCurves.js +3 -3
package/dist/cjs/src/nanotdf/models/Header.js +1 -1
package/dist/cjs/src/nanotdf/models/Payload.js +1 -1
package/dist/cjs/src/nanotdf/models/Policy/AbstractPolicy.js +1 -1
package/dist/cjs/src/nanotdf/models/Policy/EmbeddedPolicy.js +1 -1
package/dist/cjs/src/nanotdf/models/Policy/PolicyFactory.js +1 -1
package/dist/cjs/src/nanotdf/models/ResourceLocator.js +1 -1
package/dist/cjs/src/nanotdf/models/Signature.js +1 -1
package/dist/cjs/src/nanotdf-crypto/ciphers.js +1 -1
package/dist/cjs/src/nanotdf-crypto/decrypt.js +2 -2
package/dist/cjs/src/nanotdf-crypto/digest.js +2 -2
package/dist/cjs/src/nanotdf-crypto/ecdsaSignature.js +4 -5
package/dist/cjs/src/nanotdf-crypto/encrypt.js +2 -2
package/dist/cjs/src/nanotdf-crypto/exportCryptoKey.js +2 -2
package/dist/cjs/src/nanotdf-crypto/generateKeyPair.js +2 -2
package/dist/cjs/src/nanotdf-crypto/generateRandomNumber.js +2 -2
package/dist/cjs/src/nanotdf-crypto/index.js +21 -13
package/dist/cjs/src/nanotdf-crypto/keyAgreement.js +10 -8
package/dist/cjs/src/nanotdf-crypto/pemPublicToCrypto.js +20 -11
package/dist/cjs/src/opentdf.js +243 -0
package/dist/cjs/src/policy/api.js +2 -3
package/dist/cjs/src/policy/granter.js +3 -4
package/dist/cjs/src/seekable.js +157 -0
package/dist/cjs/src/tdf/AttributeObject.js +2 -4
package/dist/cjs/src/tdf/Policy.js +3 -3
package/dist/cjs/src/utils.js +13 -21
package/dist/cjs/src/version.js +7 -3
package/dist/cjs/tdf3/index.js +27 -16
package/dist/cjs/tdf3/src/assertions.js +25 -11
package/dist/cjs/tdf3/src/binary.js +1 -1
package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +1 -1
package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +7 -74
package/dist/cjs/tdf3/src/client/builders.js +26 -22
package/dist/cjs/tdf3/src/client/index.js +91 -117
package/dist/cjs/tdf3/src/client/validation.js +3 -3
package/dist/cjs/tdf3/src/crypto/crypto-utils.js +1 -1
package/dist/cjs/tdf3/src/crypto/index.js +18 -18
package/dist/cjs/tdf3/src/index.js +22 -11
package/dist/cjs/tdf3/src/models/attribute-set.js +1 -1
package/dist/cjs/tdf3/src/models/encryption-information.js +3 -3
package/dist/cjs/tdf3/src/models/index.js +1 -2
package/dist/cjs/tdf3/src/models/key-access.js +67 -35
package/dist/cjs/tdf3/src/models/policy.js +3 -3
package/dist/cjs/tdf3/src/tdf.js +180 -395
package/dist/cjs/tdf3/src/utils/buffer-crc32.js +2 -3
package/dist/cjs/tdf3/src/utils/index.js +48 -38
package/dist/cjs/tdf3/src/utils/keysplit.js +4 -5
package/dist/cjs/tdf3/src/utils/unwrap.js +21 -0
package/dist/cjs/tdf3/src/utils/zip-reader.js +4 -4
package/dist/cjs/tdf3/src/utils/zip-writer.js +4 -4
package/dist/types/src/access.d.ts +10 -4
package/dist/types/src/access.d.ts.map +1 -1
package/dist/types/src/auth/auth.d.ts +1 -28
package/dist/types/src/auth/auth.d.ts.map +1 -1
package/dist/types/src/auth/providers.d.ts.map +1 -1
package/dist/types/src/index.d.ts +5 -136
package/dist/types/src/index.d.ts.map +1 -1
package/dist/types/src/nanoclients.d.ts +107 -0
package/dist/types/src/nanoclients.d.ts.map +1 -0
package/dist/types/src/nanoindex.d.ts +5 -0
package/dist/types/src/nanoindex.d.ts.map +1 -0
package/dist/types/src/nanotdf/Client.d.ts +1 -13
package/dist/types/src/nanotdf/Client.d.ts.map +1 -1
package/dist/types/src/nanotdf/NanoTDF.d.ts +1 -1
package/dist/types/src/nanotdf/NanoTDF.d.ts.map +1 -1
package/dist/types/src/nanotdf/encrypt-dataset.d.ts +1 -1
package/dist/types/src/nanotdf/encrypt-dataset.d.ts.map +1 -1
package/dist/types/src/nanotdf/encrypt.d.ts +1 -1
package/dist/types/src/nanotdf/encrypt.d.ts.map +1 -1
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts +1 -1
package/dist/types/src/nanotdf/enum/CipherEnum.d.ts.map +1 -1
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts +1 -1
package/dist/types/src/nanotdf/enum/PolicyTypeEnum.d.ts.map +1 -1
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts +1 -1
package/dist/types/src/nanotdf/helpers/getHkdfSalt.d.ts.map +1 -1
package/dist/types/src/nanotdf/models/DefaultParams.d.ts +1 -1
package/dist/types/src/nanotdf/models/ResourceLocator.d.ts.map +1 -1
package/dist/types/src/nanotdf-crypto/digest.d.ts +1 -1
package/dist/types/src/nanotdf-crypto/digest.d.ts.map +1 -1
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts +1 -1
package/dist/types/src/nanotdf-crypto/generateKeyPair.d.ts.map +1 -1
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts +1 -1
package/dist/types/src/nanotdf-crypto/generateRandomNumber.d.ts.map +1 -1
package/dist/types/src/nanotdf-crypto/index.d.ts +2 -3
package/dist/types/src/nanotdf-crypto/index.d.ts.map +1 -1
package/dist/types/src/nanotdf-crypto/keyAgreement.d.ts.map +1 -1
package/dist/types/src/opentdf.d.ts +106 -0
package/dist/types/src/opentdf.d.ts.map +1 -0
package/dist/types/src/seekable.d.ts +39 -0
package/dist/types/src/seekable.d.ts.map +1 -0
package/dist/types/src/tdf/AttributeObject.d.ts +0 -2
package/dist/types/src/tdf/AttributeObject.d.ts.map +1 -1
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts +2 -2
package/dist/types/src/tdf/NanoTDF/NanoTDF.d.ts.map +1 -1
package/dist/types/src/tdf/Policy.d.ts +1 -1
package/dist/types/src/tdf/Policy.d.ts.map +1 -1
package/dist/types/src/tdf/PolicyObject.d.ts +1 -2
package/dist/types/src/tdf/PolicyObject.d.ts.map +1 -1
package/dist/types/src/tdf/TypedArray.d.ts +1 -2
package/dist/types/src/tdf/TypedArray.d.ts.map +1 -1
package/dist/types/src/utils.d.ts +1 -3
package/dist/types/src/utils.d.ts.map +1 -1
package/dist/types/src/version.d.ts +5 -1
package/dist/types/src/version.d.ts.map +1 -1
package/dist/types/tdf3/index.d.ts +5 -4
package/dist/types/tdf3/index.d.ts.map +1 -1
package/dist/types/tdf3/src/assertions.d.ts +3 -3
package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +2 -15
package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -1
package/dist/types/tdf3/src/client/builders.d.ts +43 -42
package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
package/dist/types/tdf3/src/client/index.d.ts +12 -17
package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
package/dist/types/tdf3/src/client/validation.d.ts +3 -3
package/dist/types/tdf3/src/client/validation.d.ts.map +1 -1
package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
package/dist/types/tdf3/src/index.d.ts +1 -1
package/dist/types/tdf3/src/index.d.ts.map +1 -1
package/dist/types/tdf3/src/models/index.d.ts +0 -1
package/dist/types/tdf3/src/models/index.d.ts.map +1 -1
package/dist/types/tdf3/src/models/key-access.d.ts +63 -15
package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
package/dist/types/tdf3/src/models/manifest.d.ts +2 -0
package/dist/types/tdf3/src/models/manifest.d.ts.map +1 -1
package/dist/types/tdf3/src/models/policy.d.ts +0 -1
package/dist/types/tdf3/src/models/policy.d.ts.map +1 -1
package/dist/types/tdf3/src/tdf.d.ts +24 -37
package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
package/dist/types/tdf3/src/utils/index.d.ts +0 -4
package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
package/dist/types/tdf3/src/utils/unwrap.d.ts +2 -0
package/dist/types/tdf3/src/utils/unwrap.d.ts.map +1 -0
package/dist/types/tdf3/src/utils/zip-reader.d.ts +1 -1
package/dist/types/tdf3/src/utils/zip-reader.d.ts.map +1 -1
package/dist/types/tdf3/src/utils/zip-writer.d.ts +2 -2
package/dist/web/src/access.js +93 -58
package/dist/web/src/auth/auth.js +1 -21
package/dist/web/src/auth/oidc-clientcredentials-provider.js +1 -1
package/dist/web/src/auth/oidc-externaljwt-provider.js +1 -1
package/dist/web/src/auth/oidc-refreshtoken-provider.js +1 -1
package/dist/web/src/auth/oidc.js +1 -1
package/dist/web/src/auth/providers.js +1 -1
package/dist/web/src/concurrency.js +1 -1
package/dist/web/src/encodings/base64.js +1 -1
package/dist/web/src/encodings/hex.js +1 -1
package/dist/web/src/errors.js +1 -1
package/dist/web/src/index.js +6 -312
package/dist/web/src/nanoclients.js +280 -0
package/dist/web/src/nanoindex.js +5 -0
package/dist/web/src/nanotdf/Client.js +18 -23
package/dist/web/src/nanotdf/NanoTDF.js +1 -1
package/dist/web/src/nanotdf/encrypt-dataset.js +1 -1
package/dist/web/src/nanotdf/encrypt.js +1 -1
package/dist/web/src/nanotdf/models/Ciphers.js +1 -1
package/dist/web/src/nanotdf/models/EcCurves.js +1 -1
package/dist/web/src/nanotdf/models/Header.js +1 -1
package/dist/web/src/nanotdf/models/Payload.js +1 -1
package/dist/web/src/nanotdf/models/Policy/AbstractPolicy.js +1 -1
package/dist/web/src/nanotdf/models/Policy/EmbeddedPolicy.js +1 -1
package/dist/web/src/nanotdf/models/Policy/PolicyFactory.js +1 -1
package/dist/web/src/nanotdf/models/ResourceLocator.js +1 -1
package/dist/web/src/nanotdf/models/Signature.js +1 -1
package/dist/web/src/nanotdf-crypto/ciphers.js +1 -1
package/dist/web/src/nanotdf-crypto/ecdsaSignature.js +1 -1
package/dist/web/src/nanotdf-crypto/generateKeyPair.js +2 -2
package/dist/web/src/nanotdf-crypto/generateRandomNumber.js +2 -2
package/dist/web/src/nanotdf-crypto/index.js +3 -4
package/dist/web/src/nanotdf-crypto/keyAgreement.js +9 -6
package/dist/web/src/nanotdf-crypto/pemPublicToCrypto.js +1 -1
package/dist/web/src/opentdf.js +234 -0
package/dist/web/src/policy/api.js +1 -1
package/dist/web/src/policy/granter.js +1 -1
package/dist/web/src/seekable.js +148 -0
package/dist/web/src/tdf/AttributeObject.js +1 -2
package/dist/web/src/tdf/Policy.js +2 -4
package/dist/web/src/utils.js +3 -10
package/dist/web/src/version.js +6 -2
package/dist/web/tdf3/index.js +5 -4
package/dist/web/tdf3/src/assertions.js +21 -6
package/dist/web/tdf3/src/binary.js +1 -1
package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +1 -1
package/dist/web/tdf3/src/client/DecoratedReadableStream.js +4 -68
package/dist/web/tdf3/src/client/builders.js +26 -22
package/dist/web/tdf3/src/client/index.js +74 -105
package/dist/web/tdf3/src/client/validation.js +1 -1
package/dist/web/tdf3/src/crypto/crypto-utils.js +1 -1
package/dist/web/tdf3/src/crypto/index.js +1 -1
package/dist/web/tdf3/src/index.js +2 -2
package/dist/web/tdf3/src/models/attribute-set.js +1 -1
package/dist/web/tdf3/src/models/encryption-information.js +3 -3
package/dist/web/tdf3/src/models/index.js +1 -2
package/dist/web/tdf3/src/models/key-access.js +47 -24
package/dist/web/tdf3/src/models/policy.js +1 -1
package/dist/web/tdf3/src/tdf.js +153 -371
package/dist/web/tdf3/src/utils/buffer-crc32.js +1 -1
package/dist/web/tdf3/src/utils/index.js +19 -14
package/dist/web/tdf3/src/utils/keysplit.js +1 -1
package/dist/web/tdf3/src/utils/unwrap.js +18 -0
package/dist/web/tdf3/src/utils/zip-reader.js +1 -1
package/dist/web/tdf3/src/utils/zip-writer.js +1 -1
package/package.json +45 -45
package/src/access.ts +111 -54
package/src/auth/auth.ts +1 -31
package/src/index.ts +5 -440
package/src/nanoclients.ts +405 -0
package/src/nanoindex.ts +4 -0
package/src/nanotdf/Client.ts +18 -25
package/src/nanotdf/NanoTDF.ts +1 -1
package/src/nanotdf/encrypt-dataset.ts +1 -1
package/src/nanotdf/encrypt.ts +1 -1
package/src/nanotdf/helpers/getHkdfSalt.ts +1 -1
package/src/nanotdf-crypto/digest.ts +1 -1
package/src/nanotdf-crypto/generateKeyPair.ts +1 -1
package/src/nanotdf-crypto/generateRandomNumber.ts +1 -1
package/src/nanotdf-crypto/index.ts +2 -3
package/src/nanotdf-crypto/keyAgreement.ts +14 -7
package/src/opentdf.ts +441 -0
package/src/seekable.ts +180 -0
package/src/tdf/AttributeObject.ts +0 -3
package/src/tdf/Policy.ts +1 -2
package/src/tdf/PolicyObject.ts +1 -2
package/src/tdf/TypedArray.ts +1 -3
package/src/utils.ts +3 -11
package/src/version.ts +6 -1
package/tdf3/index.ts +15 -10
package/tdf3/src/assertions.ts +33 -8
package/tdf3/src/client/DecoratedReadableStream.ts +3 -80
package/tdf3/src/client/builders.ts +44 -28
package/tdf3/src/client/index.ts +109 -165
package/tdf3/src/index.ts +1 -1
package/tdf3/src/models/encryption-information.ts +2 -2
package/tdf3/src/models/index.ts +0 -1
package/tdf3/src/models/key-access.ts +120 -38
package/tdf3/src/models/manifest.ts +3 -0
package/tdf3/src/models/policy.ts +0 -1
package/tdf3/src/tdf.ts +266 -522
package/tdf3/src/utils/index.ts +19 -18
package/tdf3/src/utils/unwrap.ts +17 -0
package/tdf3/src/utils/zip-reader.ts +1 -1
package/dist/cjs/src/auth/Eas.js +0 -60
package/dist/cjs/src/nanotdf-crypto/importRawKey.js +0 -18
package/dist/cjs/src/tdf/Crypto.js +0 -47
package/dist/cjs/src/tdf/EntityObject.js +0 -3
package/dist/cjs/src/tdf/index.js +0 -35
package/dist/cjs/tdf3/src/models/upsert-response.js +0 -3
package/dist/cjs/tdf3/src/templates/default.html.js +0 -98
package/dist/cjs/tdf3/src/templates/escaper.js +0 -15
package/dist/cjs/tdf3/src/templates/index.js +0 -12
package/dist/cjs/tdf3/src/utils/chunkers.js +0 -106
package/dist/cjs/tdf3/src/version.js +0 -6
package/dist/types/src/auth/Eas.d.ts +0 -34
package/dist/types/src/auth/Eas.d.ts.map +0 -1
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts +0 -13
package/dist/types/src/nanotdf-crypto/importRawKey.d.ts.map +0 -1
package/dist/types/src/tdf/Crypto.d.ts +0 -37
package/dist/types/src/tdf/Crypto.d.ts.map +0 -1
package/dist/types/src/tdf/EntityObject.d.ts +0 -18
package/dist/types/src/tdf/EntityObject.d.ts.map +0 -1
package/dist/types/src/tdf/index.d.ts +0 -7
package/dist/types/src/tdf/index.d.ts.map +0 -1
package/dist/types/tdf3/src/models/upsert-response.d.ts +0 -16
package/dist/types/tdf3/src/models/upsert-response.d.ts.map +0 -1
package/dist/types/tdf3/src/templates/default.html.d.ts +0 -8
package/dist/types/tdf3/src/templates/default.html.d.ts.map +0 -1
package/dist/types/tdf3/src/templates/escaper.d.ts +0 -6
package/dist/types/tdf3/src/templates/escaper.d.ts.map +0 -1
package/dist/types/tdf3/src/templates/index.d.ts +0 -3
package/dist/types/tdf3/src/templates/index.d.ts.map +0 -1
package/dist/types/tdf3/src/utils/chunkers.d.ts +0 -29
package/dist/types/tdf3/src/utils/chunkers.d.ts.map +0 -1
package/dist/types/tdf3/src/version.d.ts +0 -3
package/dist/types/tdf3/src/version.d.ts.map +0 -1
package/dist/web/src/auth/Eas.js +0 -55
package/dist/web/src/nanotdf-crypto/importRawKey.js +0 -15
package/dist/web/src/tdf/Crypto.js +0 -44
package/dist/web/src/tdf/EntityObject.js +0 -2
package/dist/web/src/tdf/index.js +0 -4
package/dist/web/tdf3/src/models/upsert-response.js +0 -2
package/dist/web/tdf3/src/templates/default.html.js +0 -96
package/dist/web/tdf3/src/templates/escaper.js +0 -10
package/dist/web/tdf3/src/templates/index.js +0 -3
package/dist/web/tdf3/src/utils/chunkers.js +0 -96
package/dist/web/tdf3/src/version.js +0 -3
package/src/auth/Eas.ts +0 -79
package/src/nanotdf-crypto/importRawKey.ts +0 -19
package/src/tdf/Crypto.ts +0 -42
package/src/tdf/EntityObject.ts +0 -18
package/src/tdf/index.ts +0 -6
package/tdf3/src/models/upsert-response.ts +0 -17
package/tdf3/src/templates/default.html.ts +0 -105
package/tdf3/src/templates/escaper.ts +0 -10
package/tdf3/src/templates/index.ts +0 -2
package/tdf3/src/utils/chunkers.ts +0 -118
package/tdf3/src/version.ts +0 -2

package/tdf3/src/client/index.ts CHANGED Viewed

@@ -1,51 +1,34 @@
 import { v4 } from 'uuid';
-import axios from 'axios';
 import {
   ZipReader,
-  fromBuffer,
-  fromDataSource,
   streamToBuffer,
-  isAppIdProviderCheck,
-  type Chunker,
   keyMiddleware as defaultKeyMiddleware,
 } from '../utils/index.js';
 import { base64 } from '../../../src/encodings/index.js';
 import {
   buildKeyAccess,
-  EncryptConfiguration,
+  type EncryptConfiguration,
   fetchKasPublicKey,
   loadTDFStream,
-  unwrapHtml,
   validatePolicyObject,
   readStream,
-  wrapHtml,
   writeStream,
 } from '../tdf.js';
+import { unwrapHtml } from '../utils/unwrap.js';
 import { OIDCRefreshTokenProvider } from '../../../src/auth/oidc-refreshtoken-provider.js';
 import { OIDCExternalJwtProvider } from '../../../src/auth/oidc-externaljwt-provider.js';
 import { CryptoService } from '../crypto/declarations.js';
-import {
-  type AuthProvider,
-  AppIdAuthProvider,
-  HttpRequest,
-  withHeaders,
-} from '../../../src/auth/auth.js';
-import EAS from '../../../src/auth/Eas.js';
-import {
-  cryptoPublicToPem,
-  pemToCryptoPublicKey,
-  rstrip,
-  validateSecureUrl,
-} from '../../../src/utils.js';
+import { type AuthProvider, HttpRequest, withHeaders } from '../../../src/auth/auth.js';
+import { pemToCryptoPublicKey, rstrip, validateSecureUrl } from '../../../src/utils.js';
 import {
-  EncryptParams,
-  DecryptParams,
+  type EncryptParams,
+  type DecryptParams,
   type Scope,
-  DecryptStreamMiddleware,
-  EncryptKeyMiddleware,
-  EncryptStreamMiddleware,
-  SplitStep,
+  type DecryptStreamMiddleware,
+  type EncryptKeyMiddleware,
+  type EncryptStreamMiddleware,
+  type SplitStep,
 } from './builders.js';
 import { DecoratedReadableStream } from './DecoratedReadableStream.js';
@@ -55,48 +38,51 @@ import {
   type DecryptSource,
   EncryptParamsBuilder,
 } from './builders.js';
-import { KasPublicKeyInfo, OriginAllowList } from '../../../src/access.js';
+import {
+  type KasPublicKeyInfo,
+  keyAlgorithmToPublicKeyAlgorithm,
+  OriginAllowList,
+} from '../../../src/access.js';
 import { ConfigurationError } from '../../../src/errors.js';
-import { EntityObject } from '../../../src/tdf/EntityObject.js';
 import { Binary } from '../binary.js';
 import { AesGcmCipher } from '../ciphers/aes-gcm-cipher.js';
 import { toCryptoKeyPair } from '../crypto/crypto-utils.js';
 import * as defaultCryptoService from '../crypto/index.js';
-import { type AttributeObject, AttributeSet, type Policy, SplitKey } from '../models/index.js';
+import {
+  type AttributeObject,
+  type KeyAccessType,
+  type Policy,
+  SplitKey,
+} from '../models/index.js';
 import { plan } from '../../../src/policy/granter.js';
 import { attributeFQNsAsValues } from '../../../src/policy/api.js';
 import { type Value } from '../../../src/policy/attributes.js';
+import { type Chunker, fromBuffer, fromSource } from '../../../src/seekable.js';
 const GLOBAL_BYTE_LIMIT = 64 * 1000 * 1000 * 1000; // 64 GB, see WS-9363.
-const HTML_BYTE_LIMIT = 100 * 1000 * 1000; // 100 MB, see WS-9476.
 // No default config for now. Delegate to Virtru wrapper for endpoints.
 const defaultClientConfig = { oidcOrigin: '', cryptoService: defaultCryptoService };
-export const uploadBinaryToS3 = async function (
-  stream: ReadableStream<Uint8Array>,
-  uploadUrl: string,
-  fileSize: number
-) {
-  try {
-    const body: Uint8Array = await streamToBuffer(stream);
-    await axios.put(uploadUrl, body, {
-      headers: {
-        'Content-Length': fileSize,
-        'content-type': 'application/zip',
-        'cache-control': 'no-store',
-      },
-      maxContentLength: Infinity,
-      maxBodyLength: Infinity,
-    });
-  } catch (e) {
-    console.error(e);
-    throw e;
-  }
-};
 const getFirstTwoBytes = async (chunker: Chunker) => new TextDecoder().decode(await chunker(0, 2));
+// Convert a PEM string to a CryptoKey
+export const resolveKasInfo = async (
+  pem: string,
+  uri: string,
+  kid?: string
+): Promise<KasPublicKeyInfo> => {
+  const k: CryptoKey = await pemToCryptoPublicKey(pem);
+  const algorithm = keyAlgorithmToPublicKeyAlgorithm(k.algorithm);
+  return {
+    key: Promise.resolve(k),
+    publicKey: pem,
+    url: uri,
+    algorithm,
+    kid: kid,
+  };
+};
 const makeChunkable = async (source: DecryptSource) => {
   if (!source) {
     throw new ConfigurationError('invalid source');
@@ -118,7 +104,7 @@ const makeChunkable = async (source: DecryptSource) => {
       initialChunker = source.location;
       break;
     default:
-      initialChunker = await fromDataSource(source);
+      initialChunker = await fromSource(source);
   }
   const magic: string = await getFirstTwoBytes(initialChunker);
@@ -135,7 +121,7 @@ const makeChunkable = async (source: DecryptSource) => {
 export interface ClientConfig {
   cryptoService?: CryptoService;
-  organizationName?: string;
+  /// oauth client id; used to generate oauth authProvider
   clientId?: string;
   dpopEnabled?: boolean;
   dpopKeys?: Promise<CryptoKeyPair>;
@@ -160,7 +146,7 @@ export interface ClientConfig {
   kasPublicKey?: string;
   oidcOrigin?: string;
   externalJwt?: string;
-  authProvider?: AuthProvider | AppIdAuthProvider;
+  authProvider?: AuthProvider;
   readerUrl?: string;
   entityObjectEndpoint?: string;
   fileStreamServiceWorker?: string;
@@ -179,7 +165,7 @@ export async function createSessionKeys({
   cryptoService,
   dpopKeys,
 }: {
-  authProvider?: AuthProvider | AppIdAuthProvider;
+  authProvider?: AuthProvider;
   cryptoService: CryptoService;
   dpopKeys?: Promise<CryptoKeyPair>;
 }): Promise<CryptoKeyPair> {
@@ -197,7 +183,7 @@ export async function createSessionKeys({
   // Note that we base64 encode the PEM string here as a quick workaround, simply because
   // a formatted raw PEM string isn't a valid header value and sending it raw makes keycloak's
   // header parser barf. There are more subtle ways to solve this, but this works for now.
-  if (authProvider && !isAppIdProviderCheck(authProvider)) {
+  if (authProvider) {
     await authProvider?.updateClientPublicKey(signingKeys);
   }
   return signingKeys;
@@ -253,13 +239,13 @@ export class Client {
    */
   readonly allowedKases: OriginAllowList;
-  readonly kasKeys: Record<string, Promise<KasPublicKeyInfo>> = {};
+  readonly kasKeys: Record<string, Promise<KasPublicKeyInfo>[]> = {};
   readonly easEndpoint?: string;
   readonly clientId?: string;
-  readonly authProvider?: AuthProvider | AppIdAuthProvider;
+  readonly authProvider?: AuthProvider;
   readonly readerUrl?: string;
@@ -270,8 +256,6 @@ export class Client {
    */
   readonly dpopKeys: Promise<CryptoKeyPair>;
-  readonly eas?: EAS;
   readonly dpopEnabled: boolean;
   readonly clientConfig: ClientConfig;
@@ -330,14 +314,6 @@ export class Client {
     this.authProvider = config.authProvider;
     this.clientConfig = clientConfig;
-    if (this.authProvider && isAppIdProviderCheck(this.authProvider)) {
-      this.eas = new EAS({
-        authProvider: this.authProvider,
-        endpoint:
-          clientConfig.entityObjectEndpoint ?? `${clientConfig.easEndpoint}/api/entityobject`,
-      });
-    }
     this.clientId = clientConfig.clientId;
     if (!this.authProvider) {
       if (!clientConfig.clientId) {
@@ -369,12 +345,9 @@ export class Client {
       dpopKeys: clientConfig.dpopKeys,
     });
     if (clientConfig.kasPublicKey) {
-      this.kasKeys[this.kasEndpoint] = Promise.resolve({
-        url: this.kasEndpoint,
-        algorithm: 'rsa:2048',
-        key: pemToCryptoPublicKey(clientConfig.kasPublicKey),
-        publicKey: clientConfig.kasPublicKey,
-      });
+      this.kasKeys[this.kasEndpoint] = [
+        resolveKasInfo(clientConfig.kasPublicKey, this.kasEndpoint),
+      ];
     }
   }
@@ -383,38 +356,39 @@ export class Client {
    *
    * @param scope dissem and attributes for constructing the policy
    * @param source source object of unencrypted data
-   * @param [asHtml] If we should wrap the TDF data in a self-opening HTML wrapper. Defaults to false
    * @param [autoconfigure] If we should use scope.attributes to configure KAOs
    * @param [metadata] Additional non-secret data to store with the TDF
    * @param [opts] Test only
    * @param [mimeType] mime type of source. defaults to `unknown`
-   * @param [offline] Where to store the policy. Defaults to `false` - which results in `upsert` events to store/update a policy
    * @param [windowSize] - segment size in bytes. Defaults to a a million bytes.
    * @param [keyMiddleware] - function that handle keys
    * @param [streamMiddleware] - function that handle stream
    * @param [eo] - (deprecated) entity object
    * @return a {@link https://nodejs.org/api/stream.html#stream_class_stream_readable|Readable} a new stream containing the TDF ciphertext
    */
-  async encrypt({
-    scope = { attributes: [], dissem: [] },
-    autoconfigure,
-    source,
-    asHtml = false,
-    metadata,
-    mimeType,
-    offline = false,
-    windowSize = DEFAULT_SEGMENT_SIZE,
-    eo,
-    keyMiddleware = defaultKeyMiddleware,
-    streamMiddleware = async (stream: DecoratedReadableStream) => stream,
-    splitPlan,
-    assertionConfigs = [],
-  }: EncryptParams): Promise<DecoratedReadableStream> {
+  async encrypt(opts: EncryptParams): Promise<DecoratedReadableStream> {
+    if (opts.offline === false) {
+      throw new ConfigurationError('online mode not supported');
+    }
+    if (opts.asHtml) {
+      throw new ConfigurationError('html mode not supported');
+    }
     const dpopKeys = await this.dpopKeys;
+    const {
+      autoconfigure,
+      metadata,
+      mimeType = 'unknown',
+      windowSize = DEFAULT_SEGMENT_SIZE,
+      keyMiddleware = defaultKeyMiddleware,
+      streamMiddleware = async (stream: DecoratedReadableStream) => stream,
+      wrappingKeyAlgorithm = 'rsa:2048',
+    } = opts;
+    const scope = opts.scope ?? { attributes: [], dissem: [] };
     const policyObject = asPolicy(scope);
     validatePolicyObject(policyObject);
+    let splitPlan = opts.splitPlan;
     if (!splitPlan && autoconfigure) {
       let avs: Value[] = scope.attributeValues ?? [];
       const fqns: string[] = scope.attributes
@@ -440,7 +414,7 @@ export class Client {
         }
       }
       if (
-        avs.length != scope.attributes?.length ||
+        avs.length != (scope.attributes?.length || 0) ||
         !avs.map(({ fqn }) => fqn).every((a) => fqns.indexOf(a) >= 0)
       ) {
         throw new ConfigurationError(
@@ -453,18 +427,9 @@ export class Client {
       splitPlan = detailedPlan.map((kat) => {
         const { kas, sid } = kat;
         if (kas?.publicKey?.cached?.keys && !(kas.uri in this.kasKeys)) {
-          const keys = kas.publicKey.cached.keys.filter(
-            ({ alg }) => alg == 'KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048'
-          );
+          const keys = kas.publicKey.cached.keys;
           if (keys?.length) {
-            const key = keys[0];
-            this.kasKeys[kas.uri] = Promise.resolve({
-              key: pemToCryptoPublicKey(key.pem),
-              publicKey: key.pem,
-              url: kas.uri,
-              algorithm: 'rsa:2048',
-              kid: key.kid,
-            });
+            this.kasKeys[kas.uri] = keys.map((key) => resolveKasInfo(key.pem, kas.uri, key.kid));
           }
         }
         return { kas: kas.uri, sid };
@@ -473,27 +438,40 @@ export class Client {
     // TODO: Refactor underlying builder to remove some of this unnecessary config.
-    const byteLimit = asHtml ? HTML_BYTE_LIMIT : GLOBAL_BYTE_LIMIT;
+    const maxByteLimit = GLOBAL_BYTE_LIMIT;
+    const byteLimit =
+      opts.byteLimit === undefined || opts.byteLimit <= 0 || opts.byteLimit > maxByteLimit
+        ? maxByteLimit
+        : opts.byteLimit;
     const encryptionInformation = new SplitKey(new AesGcmCipher(this.cryptoService));
-    let attributeSet: undefined | AttributeSet;
-    let entity: undefined | EntityObject;
-    if (eo) {
-      entity = eo;
-      const s = new AttributeSet();
-      eo.attributes.forEach((attr) => s.addJwtAttribute(attr));
-      attributeSet = s;
-    }
-    const splits: SplitStep[] = splitPlan?.length ? splitPlan : [{ kas: this.kasEndpoint }];
+    const splits: SplitStep[] = splitPlan?.length
+      ? splitPlan
+      : [{ kas: opts.defaultKASEndpoint ?? this.kasEndpoint }];
     encryptionInformation.keyAccess = await Promise.all(
       splits.map(async ({ kas, sid }) => {
         if (!(kas in this.kasKeys)) {
-          this.kasKeys[kas] = fetchKasPublicKey(kas);
+          this.kasKeys[kas] = [fetchKasPublicKey(kas, wrappingKeyAlgorithm)];
+        }
+        const kasPublicKey = await Promise.any(this.kasKeys[kas]);
+        if (kasPublicKey.algorithm !== wrappingKeyAlgorithm) {
+          console.warn(
+            `Mismatched wrapping key algorithm: [${kasPublicKey.algorithm}] is not requested type, [${wrappingKeyAlgorithm}]`
+          );
+        }
+        let type: KeyAccessType;
+        switch (kasPublicKey.algorithm) {
+          case 'rsa:2048':
+            type = 'wrapped';
+            break;
+          case 'ec:secp256r1':
+            type = 'ec-wrapped';
+            break;
+          default:
+            throw new ConfigurationError(`Unsupported algorithm ${kasPublicKey.algorithm}`);
         }
-        const kasPublicKey = await this.kasKeys[kas];
         return buildKeyAccess({
-          attributeSet,
-          type: offline ? 'wrapped' : 'remote',
+          alg: kasPublicKey.algorithm,
+          type,
           url: kasPublicKey.url,
           kid: kasPublicKey.kid,
           publicKey: kasPublicKey.publicKey,
@@ -505,43 +483,24 @@ export class Client {
     const { keyForEncryption, keyForManifest } = await (keyMiddleware as EncryptKeyMiddleware)();
     const ecfg: EncryptConfiguration = {
       allowList: this.allowedKases,
-      attributeSet,
       byteLimit,
       cryptoService: this.cryptoService,
       dpopKeys,
       encryptionInformation,
-      entity,
       segmentSizeDefault: windowSize,
       integrityAlgorithm: 'HS256',
       segmentIntegrityAlgorithm: 'GMAC',
-      contentStream: source,
+      contentStream: opts.source,
       mimeType,
       policy: policyObject,
       authProvider: this.authProvider,
       progressHandler: this.clientConfig.progressHandler,
       keyForEncryption,
       keyForManifest,
-      assertionConfigs,
+      assertionConfigs: opts.assertionConfigs,
     };
-    const stream = await (streamMiddleware as EncryptStreamMiddleware)(await writeStream(ecfg));
-    if (!asHtml) {
-      return stream;
-    }
-    // Wrap if it's html.
-    if (!stream.manifest) {
-      throw new Error('internal: missing manifest in encrypt function');
-    }
-    const htmlBuf = wrapHtml(await stream.toBuffer(), stream.manifest, this.readerUrl ?? '');
-    return new DecoratedReadableStream({
-      pull(controller: ReadableStreamDefaultController) {
-        controller.enqueue(htmlBuf);
-        controller.close();
-      },
-    });
+    return (streamMiddleware as EncryptStreamMiddleware)(await writeStream(ecfg));
   }
   /**
@@ -556,47 +515,40 @@ export class Client {
    * @see DecryptParamsBuilder
    */
   async decrypt({
-    eo,
     source,
+    allowList,
     keyMiddleware = async (key: Binary) => key,
     streamMiddleware = async (stream: DecoratedReadableStream) => stream,
     assertionVerificationKeys,
     noVerifyAssertions,
     concurrencyLimit = 1,
+    wrappingKeyAlgorithm,
   }: DecryptParams): Promise<DecoratedReadableStream> {
     const dpopKeys = await this.dpopKeys;
-    let entityObject;
-    if (this.eas || eo) {
-      const sessionPublicKey = await cryptoPublicToPem(dpopKeys.publicKey);
-      if (eo && eo.publicKey == sessionPublicKey) {
-        entityObject = eo;
-      } else if (this.eas) {
-        entityObject = await this.eas.fetchEntityObject({
-          publicKey: sessionPublicKey,
-        });
-      }
-    }
     if (!this.authProvider) {
       throw new ConfigurationError('AuthProvider missing');
     }
     const chunker = await makeChunkable(source);
+    if (!allowList) {
+      allowList = this.allowedKases;
+    }
     // Await in order to catch any errors from this call.
     // TODO: Write error event to stream and don't await.
     return await (streamMiddleware as DecryptStreamMiddleware)(
       await readStream({
-        allowList: this.allowedKases,
+        allowList,
         authProvider: this.authProvider,
         chunker,
         concurrencyLimit,
         cryptoService: this.cryptoService,
         dpopKeys,
-        entity: entityObject,
         fileStreamServiceWorker: this.clientConfig.fileStreamServiceWorker,
         keyMiddleware,
         progressHandler: this.clientConfig.progressHandler,
         assertionVerificationKeys,
         noVerifyAssertions,
+        wrappingKeyAlgorithm,
       })
     );
   }
@@ -628,12 +580,4 @@ export class Client {
 export type { AuthProvider };
-export {
-  AppIdAuthProvider,
-  DecryptParamsBuilder,
-  DecryptSource,
-  EncryptParamsBuilder,
-  HttpRequest,
-  fromDataSource,
-  withHeaders,
-};
+export { DecryptParamsBuilder, DecryptSource, EncryptParamsBuilder, HttpRequest, withHeaders };

package/tdf3/src/index.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 export * as Client from './client/index.js';
 export { Client as TDF3Client } from './client/index.js';
 export * as Errors from '../../src/errors.js';
-export { version, clientType } from './version.js';
+export { clientType, tdfSpecVersion, version } from '../../src/version.js';

package/tdf3/src/models/encryption-information.ts CHANGED Viewed

@@ -78,7 +78,7 @@ export class SplitKey {
   }
   async getKeyAccessObjects(policy: Policy, keyInfo: KeyInfo): Promise<KeyAccessObject[]> {
-    const splitIds = [...new Set(this.keyAccess.map(({ sid }) => sid))].sort((a, b) =>
+    const splitIds = [...new Set(this.keyAccess.map(({ sid }) => sid))].sort((a = '', b = '') =>
       a.localeCompare(b)
     );
     const unwrappedKeySplitBuffers = await keySplit(
@@ -93,7 +93,7 @@ export class SplitKey {
     const keyAccessObjects = [];
     for (const item of this.keyAccess) {
       // use the key split to encrypt metadata for each key access object
-      const unwrappedKeySplitBuffer = splitsByName[item.sid];
+      const unwrappedKeySplitBuffer = splitsByName[item.sid || ''];
       const unwrappedKeySplitBinary = Binary.fromArrayBuffer(unwrappedKeySplitBuffer.buffer);
       const metadata = item.metadata || '';

package/tdf3/src/models/index.ts CHANGED Viewed

@@ -4,5 +4,4 @@ export * from './key-access.js';
 export * from './manifest.js';
 export * from './payload.js';
 export * from './policy.js';
-export * from './upsert-response.js';
 export * from '../assertions.js';