@opentdf/sdk 0.11.0 → 0.12.0-beta.112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -16
- package/dist/cjs/src/opentdf.js +21 -5
- package/dist/cjs/src/platform.js +23 -10
- package/dist/cjs/src/version.js +1 -1
- package/dist/cjs/tdf3/src/crypto/core/ec.js +88 -0
- package/dist/cjs/tdf3/src/crypto/core/key-format.js +359 -0
- package/dist/cjs/tdf3/src/crypto/core/keys.js +85 -0
- package/dist/cjs/tdf3/src/crypto/core/rsa.js +120 -0
- package/dist/cjs/tdf3/src/crypto/core/signing.js +178 -0
- package/dist/cjs/tdf3/src/crypto/core/symmetric.js +205 -0
- package/dist/cjs/tdf3/src/crypto/index.js +69 -1051
- package/dist/types/src/opentdf.d.ts +2 -0
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/tdf3/src/crypto/core/ec.d.ts +11 -0
- package/dist/types/tdf3/src/crypto/core/ec.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/core/key-format.d.ts +41 -0
- package/dist/types/tdf3/src/crypto/core/key-format.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/core/keys.d.ts +27 -0
- package/dist/types/tdf3/src/crypto/core/keys.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/core/rsa.d.ts +35 -0
- package/dist/types/tdf3/src/crypto/core/rsa.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/core/signing.d.ts +10 -0
- package/dist/types/tdf3/src/crypto/core/signing.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/core/symmetric.d.ts +68 -0
- package/dist/types/tdf3/src/crypto/core/symmetric.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/index.d.ts +11 -164
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/web/src/opentdf.js +21 -5
- package/dist/web/src/platform.js +23 -10
- package/dist/web/src/version.js +1 -1
- package/dist/web/tdf3/src/crypto/core/ec.js +84 -0
- package/dist/web/tdf3/src/crypto/core/key-format.js +348 -0
- package/dist/web/tdf3/src/crypto/core/keys.js +78 -0
- package/dist/web/tdf3/src/crypto/core/rsa.js +112 -0
- package/dist/web/tdf3/src/crypto/core/signing.js +174 -0
- package/dist/web/tdf3/src/crypto/core/symmetric.js +192 -0
- package/dist/web/tdf3/src/crypto/index.js +13 -994
- package/package.json +1 -1
- package/src/opentdf.ts +22 -4
- package/src/platform.ts +23 -9
- package/src/version.ts +1 -1
- package/tdf3/src/crypto/core/ec.ts +118 -0
- package/tdf3/src/crypto/core/key-format.ts +420 -0
- package/tdf3/src/crypto/core/keys.ts +86 -0
- package/tdf3/src/crypto/core/rsa.ts +144 -0
- package/tdf3/src/crypto/core/signing.ts +214 -0
- package/tdf3/src/crypto/core/symmetric.ts +265 -0
- package/tdf3/src/crypto/index.ts +71 -1239
package/README.md
CHANGED
|
@@ -1,34 +1,35 @@
|
|
|
1
|
-
#
|
|
1
|
+
# OpenTDF SDK for Browser Applications
|
|
2
2
|
|
|
3
3
|
This project presents client code to write and read OpenTDF data formats.
|
|
4
4
|
|
|
5
5
|
## Usage
|
|
6
6
|
|
|
7
7
|
```typescript
|
|
8
|
-
import {
|
|
8
|
+
import { AuthProviders, OpenTDF } from '@opentdf/sdk';
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
// Use refreshAuthProvider for browser applications.
|
|
11
|
+
// The refresh token is obtained after the user logs in via your OIDC provider.
|
|
12
|
+
const authProvider = await AuthProviders.refreshAuthProvider({
|
|
13
|
+
clientId: 'my-client-id',
|
|
13
14
|
refreshToken: refreshToken,
|
|
14
|
-
oidcOrigin:
|
|
15
|
-
};
|
|
16
|
-
|
|
15
|
+
oidcOrigin: 'https://keycloak.example.com/auth/realms/my-realm',
|
|
16
|
+
});
|
|
17
|
+
|
|
17
18
|
const client = new OpenTDF({
|
|
18
19
|
authProvider,
|
|
19
|
-
|
|
20
|
-
defaultKASEndpoint: kasEndpoint, // Server used for Key Access Control
|
|
21
|
-
},
|
|
22
|
-
dpopKeys: authProvider.getSigningKey(),
|
|
20
|
+
platformUrl: 'https://platform.example.com',
|
|
23
21
|
});
|
|
24
22
|
|
|
25
23
|
// Encrypt
|
|
26
24
|
const cipherText = await client.createTDF({
|
|
27
|
-
source: { type: '
|
|
28
|
-
|
|
25
|
+
source: { type: 'buffer', location: new TextEncoder().encode('hello, world') },
|
|
26
|
+
defaultKASEndpoint: 'https://platform.example.com/kas',
|
|
29
27
|
});
|
|
30
28
|
|
|
31
29
|
// Decrypt
|
|
32
|
-
const
|
|
33
|
-
const
|
|
30
|
+
const encrypted = new Uint8Array(await new Response(cipherText).arrayBuffer());
|
|
31
|
+
const plainText = await client.read({
|
|
32
|
+
source: { type: 'buffer', location: encrypted },
|
|
33
|
+
});
|
|
34
|
+
console.log(await new Response(plainText).text()); // "hello, world"
|
|
34
35
|
```
|
package/dist/cjs/src/opentdf.js
CHANGED
|
@@ -80,7 +80,7 @@ class OpenTDF {
|
|
|
80
80
|
this.authProvider = authProvider;
|
|
81
81
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
82
82
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
83
|
-
this.dpopEnabled =
|
|
83
|
+
this.dpopEnabled = !disableDPoP;
|
|
84
84
|
if (platformUrl) {
|
|
85
85
|
this.platformUrl = platformUrl;
|
|
86
86
|
}
|
|
@@ -89,16 +89,32 @@ class OpenTDF {
|
|
|
89
89
|
}
|
|
90
90
|
this.policyEndpoint = policyEndpoint || '';
|
|
91
91
|
this.cryptoService = cryptoService ?? DefaultCryptoService;
|
|
92
|
+
// Use CryptoService for key generation (returns opaque KeyPair)
|
|
93
|
+
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
92
94
|
this.tdf3Client = new index_js_2.Client({
|
|
93
95
|
authProvider,
|
|
94
|
-
|
|
96
|
+
dpopEnabled: this.dpopEnabled,
|
|
97
|
+
dpopKeys: this.dpopEnabled ? this.dpopKeys : undefined,
|
|
95
98
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
96
99
|
platformUrl,
|
|
97
100
|
policyEndpoint,
|
|
98
101
|
cryptoService: this.cryptoService,
|
|
99
102
|
});
|
|
100
|
-
//
|
|
101
|
-
|
|
103
|
+
// Eagerly bind DPoP keys to the auth provider so PlatformClient
|
|
104
|
+
// can make gRPC calls without waiting for a TDF operation first.
|
|
105
|
+
// Note: TDF3Client.createSessionKeys() also calls updateClientPublicKey
|
|
106
|
+
// with the same keys, but the duplicate call is benign —
|
|
107
|
+
// refreshTokenClaimsWithClientPubkeyIfNeeded short-circuits when
|
|
108
|
+
// the signing key hasn't changed.
|
|
109
|
+
this.ready = this.dpopEnabled
|
|
110
|
+
? this.dpopKeys.then((keys) => authProvider.updateClientPublicKey(keys))
|
|
111
|
+
: Promise.resolve();
|
|
112
|
+
// Prevent unhandled rejection if caller doesn't await ready.
|
|
113
|
+
// The error will still surface via TDF3Client's own key binding
|
|
114
|
+
// when encrypt/decrypt is called.
|
|
115
|
+
this.ready.catch((err) => {
|
|
116
|
+
console.warn('OpenTDF: DPoP key binding failed during initialization:', err);
|
|
117
|
+
});
|
|
102
118
|
}
|
|
103
119
|
/** Creates a new TDF stream. */
|
|
104
120
|
async createTDF(opts) {
|
|
@@ -289,4 +305,4 @@ class ZTDFReader {
|
|
|
289
305
|
return this.requiredObligations ?? { fqns: [] };
|
|
290
306
|
}
|
|
291
307
|
}
|
|
292
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
308
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQXNNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQWEsT0FBTztJQXNCbEIsWUFBWSxFQUNWLFlBQVksRUFDWixRQUFRLEVBQ1Isb0JBQW9CLEVBQ3BCLGtCQUFrQixFQUNsQixXQUFXLEVBQ1gsY0FBYyxFQUNkLFdBQVcsRUFDWCxhQUFhLEdBQ0U7UUFDZixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsb0JBQW9CLElBQUksRUFBRSxDQUFDO1FBQ3ZELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsSUFBSSxFQUFFLENBQUM7UUFDbkQsSUFBSSxDQUFDLFdBQVcsR0FBRyxDQUFDLFdBQVcsQ0FBQztRQUNoQyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO1FBQ2pDLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxDQUFDLElBQUksQ0FDVix1SEFBdUgsQ0FDeEgsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLENBQUMsY0FBYyxHQUFHLGNBQWMsSUFBSSxFQUFFLENBQUM7UUFDM0MsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLElBQUksb0JBQW9CLENBQUM7UUFDM0QsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztRQUN4RSxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksaUJBQVUsQ0FBQztZQUMvQixZQUFZO1lBQ1osV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLFFBQVEsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RELFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFDSCxnRUFBZ0U7UUFDaEUsaUVBQWlFO1FBQ2pFLHdFQUF3RTtRQUN4RSx5REFBeUQ7UUFDekQsaUVBQWlFO1FBQ2pFLGtDQUFrQztRQUNsQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxXQUFXO1lBQzNCLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsWUFBWSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3hFLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDdEIsNkRBQTZEO1FBQzdELGdFQUFnRTtRQUNoRSxrQ0FBa0M7UUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUN2QixPQUFPLENBQUMsSUFBSSxDQUFDLHlEQUF5RCxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQy9FLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGdDQUFnQztJQUNoQyxLQUFLLENBQUMsU0FBUyxDQUFDLElBQXNCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUF1QjtRQUN0QyxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDOUMsTUFBTSxFQUFFLE1BQU0sSUFBQSw0QkFBYyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFFekMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUN2QyxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixLQUFLLEVBQUU7Z0JBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsb0JBQW9CO1lBQy9DLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztTQUNwQyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELHNEQUFzRDtJQUN0RCxJQUFJLENBQUMsSUFBaUI7UUFDcEIsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMvQyxPQUFPLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFpQjtRQUMxQixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSztRQUNILGdEQUFnRDtJQUNsRCxDQUFDO0NBQ0Y7QUExSEQsMEJBMEhDO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBQSx3QkFBVSxFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLDRCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBQSxzQkFBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELElBQUksU0FBc0MsQ0FBQztRQUUzQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdkUsU0FBUyxHQUFHLElBQUksMkJBQWUsQ0FDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUMxQixDQUFDO1FBQ0osQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQyxTQUFTLEdBQUcsTUFBTSxJQUFBLGlDQUFxQixFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFBLDBCQUFpQixFQUN2QztZQUNFLFNBQVM7WUFDVCxZQUFZO1lBQ1osT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ3BCLGdCQUFnQixFQUFFLENBQUM7WUFDbkIsYUFBYTtZQUNiLFFBQVE7WUFDUix1QkFBdUIsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7WUFDekUsYUFBYSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDN0IsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDekQseUJBQXlCO1lBQ3pCLGtCQUFrQjtZQUNsQixvQkFBb0I7WUFDcEIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsSUFBSSxFQUFFO1NBQ2xFLEVBQ0QsUUFBUSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsbUJBQW1CLEdBQUc7WUFDekIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxXQUFXLEVBQUU7U0FDOUIsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDckQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUs7UUFDVCx5REFBeUQ7SUFDM0QsQ0FBQztJQUVELDRDQUE0QztJQUM1QyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUM7SUFDM0IsQ0FBQztJQUVELDhDQUE4QztJQUM5QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sVUFBVSxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBVyxDQUFDO1FBQ2hELE9BQU8sTUFBTSxFQUFFLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVztRQUNmLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2xELENBQUM7Q0FDRiJ9
|
package/dist/cjs/src/platform.js
CHANGED
|
@@ -128,15 +128,28 @@ function createAuthInterceptor(authProvider) {
|
|
|
128
128
|
const url = new URL(req.url);
|
|
129
129
|
const pathOnly = url.pathname;
|
|
130
130
|
// Signs only the path of the url in the request
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
131
|
+
let token;
|
|
132
|
+
try {
|
|
133
|
+
token = await authProvider.withCreds({
|
|
134
|
+
url: pathOnly,
|
|
135
|
+
method: 'POST',
|
|
136
|
+
// Start with any headers Connect already has
|
|
137
|
+
headers: {
|
|
138
|
+
...Object.fromEntries(req.header.entries()),
|
|
139
|
+
'Content-Type': 'application/json',
|
|
140
|
+
},
|
|
141
|
+
});
|
|
142
|
+
}
|
|
143
|
+
catch (err) {
|
|
144
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
145
|
+
if (msg.includes('public key') || msg.includes('updateClientPublicKey')) {
|
|
146
|
+
throw new Error('PlatformClient: DPoP key binding is not complete. ' +
|
|
147
|
+
'If you are using OpenTDF with PlatformClient, create OpenTDF first and ' +
|
|
148
|
+
'`await client.ready` before constructing PlatformClient. ' +
|
|
149
|
+
`Original error: ${msg}`);
|
|
150
|
+
}
|
|
151
|
+
throw err;
|
|
152
|
+
}
|
|
140
153
|
Object.entries(token.headers).forEach(([key, value]) => {
|
|
141
154
|
req.header.set(key, value);
|
|
142
155
|
});
|
|
@@ -144,4 +157,4 @@ function createAuthInterceptor(authProvider) {
|
|
|
144
157
|
};
|
|
145
158
|
return authInterceptor;
|
|
146
159
|
}
|
|
147
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
160
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhdGZvcm0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGxhdGZvcm0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0JBQStCO0FBQy9CLDhFQUE4RDtBQUM5RCx1RUFBdUQ7QUFFdkQseURBQWlFO0FBR2pFLGlEQUF3RTtBQUN4RSxtSEFBbUc7QUFDbkcsc0ZBQW9GO0FBQ3BGLHlGQUFpSDtBQUNqSCxpR0FBOEY7QUFDOUYsd0RBQXlEO0FBQ3pELDJFQUF3RTtBQUN4RSxvRkFBa0Y7QUFDbEYscUhBQWdIO0FBQ2hILCtGQUE0RjtBQUM1Rix1RkFBK0Y7QUFDL0Ysb0ZBQWlGO0FBQ2pGLGlIQUE4RztBQUM5RyxxR0FBa0c7QUFDbEcsa0dBQStGO0FBQy9GLHdFQUFzRTtBQWdDdEU7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBdUJHO0FBRUgsTUFBYSxjQUFjO0lBSXpCLFlBQVksT0FBOEI7UUFDeEMsTUFBTSxZQUFZLEdBQWtCLEVBQUUsQ0FBQztRQUV2QyxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN6QixNQUFNLGVBQWUsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDcEUsWUFBWSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNyQyxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsWUFBWSxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLElBQUEsb0NBQXNCLEVBQUM7WUFDdkMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxXQUFXO1lBQzVCLFlBQVk7U0FDYixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsRUFBRSxHQUFHO1lBQ1IsYUFBYSxFQUFFLElBQUEsc0JBQVksRUFBQywwQ0FBb0IsRUFBRSxTQUFTLENBQUM7WUFDNUQsZ0JBQWdCLEVBQUUsSUFBQSxzQkFBWSxFQUFDLGlEQUF1QixFQUFFLFNBQVMsQ0FBQztZQUNsRSxNQUFNLEVBQUUsSUFBQSxzQkFBWSxFQUFDLHlCQUFhLEVBQUUsU0FBUyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxJQUFBLHNCQUFZLEVBQUMsNkJBQWEsRUFBRSxTQUFTLENBQUM7WUFDOUMsVUFBVSxFQUFFLElBQUEsc0JBQVksRUFBQyxvQ0FBaUIsRUFBRSxTQUFTLENBQUM7WUFDdEQsdUJBQXVCLEVBQUUsSUFBQSxzQkFBWSxFQUFDLGlFQUE4QixFQUFFLFNBQVMsQ0FBQztZQUNoRixhQUFhLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDJDQUFvQixFQUFFLFNBQVMsQ0FBQztZQUM1RCxTQUFTLEVBQUUsSUFBQSxzQkFBWSxFQUFDLG1DQUFnQixFQUFFLFNBQVMsQ0FBQztZQUNwRCxVQUFVLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDJCQUFpQixFQUFFLFNBQVMsQ0FBQztZQUN0RCxtQkFBbUIsRUFBRSxJQUFBLHNCQUFZLEVBQUMsdURBQTBCLEVBQUUsU0FBUyxDQUFDO1lBQ3hFLGVBQWUsRUFBRSxJQUFBLHNCQUFZLEVBQUMsK0NBQXNCLEVBQUUsU0FBUyxDQUFDO1lBQ2hFLGNBQWMsRUFBRSxJQUFBLHNCQUFZLEVBQUMsNkNBQXFCLEVBQUUsU0FBUyxDQUFDO1lBQzlELE1BQU0sRUFBRSxJQUFBLHNCQUFZLEVBQUMsNEJBQWEsRUFBRSxTQUFTLENBQUM7WUFDOUMsU0FBUyxFQUFFLElBQUEsc0JBQVksRUFBQyxnREFBZ0IsRUFBRSxTQUFTLENBQUM7U0FDckQsQ0FBQztRQUVGLElBQUksQ0FBQyxFQUFFLEdBQUc7WUFDUixhQUFhLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDBDQUFzQixFQUFFLFNBQVMsQ0FBQztTQUMvRCxDQUFDO0lBQ0osQ0FBQztDQUNGO0FBMUNELHdDQTBDQztBQUVEOzs7Ozs7OztHQVFHO0FBQ0gsU0FBUyxxQkFBcUIsQ0FBQyxZQUEwQjtJQUN2RCxNQUFNLGVBQWUsR0FBZ0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtRQUMzRCxNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDN0IsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQztRQUM5QixnREFBZ0Q7UUFDaEQsSUFBSSxLQUFLLENBQUM7UUFDVixJQUFJLENBQUM7WUFDSCxLQUFLLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO2dCQUNuQyxHQUFHLEVBQUUsUUFBUTtnQkFDYixNQUFNLEVBQUUsTUFBTTtnQkFDZCw2Q0FBNkM7Z0JBQzdDLE9BQU8sRUFBRTtvQkFDUCxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztvQkFDM0MsY0FBYyxFQUFFLGtCQUFrQjtpQkFDbkM7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxHQUFHLEdBQUcsWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUM3RCxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hFLE1BQU0sSUFBSSxLQUFLLENBQ2Isb0RBQW9EO29CQUNsRCx5RUFBeUU7b0JBQ3pFLDJEQUEyRDtvQkFDM0QsbUJBQW1CLEdBQUcsRUFBRSxDQUMzQixDQUFDO1lBQ0osQ0FBQztZQUNELE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDckQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzdCLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QixDQUFDLENBQUM7SUFDRixPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDIn0=
|
package/dist/cjs/src/version.js
CHANGED
|
@@ -4,7 +4,7 @@ exports.tdfSpecVersion = exports.clientType = exports.version = void 0;
|
|
|
4
4
|
/**
|
|
5
5
|
* Exposes the released version number of the `@opentdf/sdk` package
|
|
6
6
|
*/
|
|
7
|
-
exports.version = '0.
|
|
7
|
+
exports.version = '0.12.0'; // x-release-please-version
|
|
8
8
|
/**
|
|
9
9
|
* A string name used to label requests as coming from this library client.
|
|
10
10
|
*/
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.generateECKeyPair = generateECKeyPair;
|
|
4
|
+
exports.deriveKeyFromECDH = deriveKeyFromECDH;
|
|
5
|
+
const errors_js_1 = require("../../../../src/errors.js");
|
|
6
|
+
const keys_js_1 = require("./keys.js");
|
|
7
|
+
/**
|
|
8
|
+
* Map ECCurve to Web Crypto named curve.
|
|
9
|
+
*/
|
|
10
|
+
function curveToNamedCurve(curve) {
|
|
11
|
+
switch (curve) {
|
|
12
|
+
case 'P-256':
|
|
13
|
+
return 'P-256';
|
|
14
|
+
case 'P-384':
|
|
15
|
+
return 'P-384';
|
|
16
|
+
case 'P-521':
|
|
17
|
+
return 'P-521';
|
|
18
|
+
default:
|
|
19
|
+
throw new errors_js_1.ConfigurationError(`Unsupported curve: ${curve}`);
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Generate an EC key pair for ECDH key agreement.
|
|
24
|
+
*/
|
|
25
|
+
async function generateECKeyPair(curve = 'P-256') {
|
|
26
|
+
const namedCurve = curveToNamedCurve(curve);
|
|
27
|
+
// Generate key pair for ECDH key agreement
|
|
28
|
+
const keyPair = await crypto.subtle.generateKey({ name: 'ECDH', namedCurve }, true, [
|
|
29
|
+
'deriveBits',
|
|
30
|
+
]);
|
|
31
|
+
// Map to KeyAlgorithm literal type
|
|
32
|
+
let algorithm;
|
|
33
|
+
switch (namedCurve) {
|
|
34
|
+
case 'P-256':
|
|
35
|
+
algorithm = 'ec:secp256r1';
|
|
36
|
+
break;
|
|
37
|
+
case 'P-384':
|
|
38
|
+
algorithm = 'ec:secp384r1';
|
|
39
|
+
break;
|
|
40
|
+
case 'P-521':
|
|
41
|
+
algorithm = 'ec:secp521r1';
|
|
42
|
+
break;
|
|
43
|
+
default:
|
|
44
|
+
throw new errors_js_1.ConfigurationError(`Unsupported curve: ${namedCurve}`);
|
|
45
|
+
}
|
|
46
|
+
return {
|
|
47
|
+
publicKey: (0, keys_js_1.wrapPublicKey)(keyPair.publicKey, algorithm),
|
|
48
|
+
privateKey: (0, keys_js_1.wrapPrivateKey)(keyPair.privateKey, algorithm),
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Perform ECDH key agreement followed by HKDF key derivation.
|
|
53
|
+
* Returns opaque symmetric key for symmetric encryption.
|
|
54
|
+
*/
|
|
55
|
+
async function deriveKeyFromECDH(privateKey, publicKey, hkdfParams) {
|
|
56
|
+
// Unwrap the internal CryptoKeys
|
|
57
|
+
const privateKeyCrypto = (0, keys_js_1.unwrapKey)(privateKey);
|
|
58
|
+
const publicKeyCrypto = (0, keys_js_1.unwrapKey)(publicKey);
|
|
59
|
+
// Get curve from key metadata
|
|
60
|
+
const curve = publicKey.curve;
|
|
61
|
+
if (!curve) {
|
|
62
|
+
throw new errors_js_1.ConfigurationError('EC curve not found on public key');
|
|
63
|
+
}
|
|
64
|
+
// Determine bits based on curve
|
|
65
|
+
const curveBits = {
|
|
66
|
+
'P-256': 256,
|
|
67
|
+
'P-384': 384,
|
|
68
|
+
// P-521 derives 528 bits (66 bytes)
|
|
69
|
+
'P-521': 528,
|
|
70
|
+
};
|
|
71
|
+
const bits = curveBits[curve];
|
|
72
|
+
// Perform ECDH to get shared secret
|
|
73
|
+
const sharedSecret = await crypto.subtle.deriveBits({ name: 'ECDH', public: publicKeyCrypto }, privateKeyCrypto, bits);
|
|
74
|
+
// Import shared secret as HKDF key material
|
|
75
|
+
const hkdfKey = await crypto.subtle.importKey('raw', sharedSecret, 'HKDF', false, ['deriveKey']);
|
|
76
|
+
// Derive the final key using HKDF
|
|
77
|
+
const keyLength = hkdfParams.keyLength ?? 256;
|
|
78
|
+
const derivedKey = await crypto.subtle.deriveKey({
|
|
79
|
+
name: 'HKDF',
|
|
80
|
+
hash: hkdfParams.hash,
|
|
81
|
+
salt: hkdfParams.salt,
|
|
82
|
+
info: hkdfParams.info ?? new Uint8Array(0),
|
|
83
|
+
}, hkdfKey, { name: 'AES-GCM', length: keyLength }, true, ['encrypt', 'decrypt']);
|
|
84
|
+
// Export the derived key as raw bytes and wrap as SymmetricKey
|
|
85
|
+
const keyBytes = await crypto.subtle.exportKey('raw', derivedKey);
|
|
86
|
+
return (0, keys_js_1.wrapSymmetricKey)(new Uint8Array(keyBytes));
|
|
87
|
+
}
|
|
88
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jcnlwdG8vY29yZS9lYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQStCQSw4Q0E0QkM7QUFNRCw4Q0FvREM7QUE1R0QseURBQStEO0FBQy9ELHVDQUF1RjtBQUV2Rjs7R0FFRztBQUNILFNBQVMsaUJBQWlCLENBQUMsS0FBYztJQUN2QyxRQUFRLEtBQUssRUFBRSxDQUFDO1FBQ2QsS0FBSyxPQUFPO1lBQ1YsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxPQUFPO1lBQ1YsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxPQUFPO1lBQ1YsT0FBTyxPQUFPLENBQUM7UUFDakI7WUFDRSxNQUFNLElBQUksOEJBQWtCLENBQUMsc0JBQXNCLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDaEUsQ0FBQztBQUNILENBQUM7QUFFRDs7R0FFRztBQUNJLEtBQUssVUFBVSxpQkFBaUIsQ0FBQyxRQUFpQixPQUFPO0lBQzlELE1BQU0sVUFBVSxHQUFHLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxDQUFDO0lBRTVDLDJDQUEyQztJQUMzQyxNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUU7UUFDbEYsWUFBWTtLQUNiLENBQUMsQ0FBQztJQUVILG1DQUFtQztJQUNuQyxJQUFJLFNBQXVCLENBQUM7SUFDNUIsUUFBUSxVQUFVLEVBQUUsQ0FBQztRQUNuQixLQUFLLE9BQU87WUFDVixTQUFTLEdBQUcsY0FBYyxDQUFDO1lBQzNCLE1BQU07UUFDUixLQUFLLE9BQU87WUFDVixTQUFTLEdBQUcsY0FBYyxDQUFDO1lBQzNCLE1BQU07UUFDUixLQUFLLE9BQU87WUFDVixTQUFTLEdBQUcsY0FBYyxDQUFDO1lBQzNCLE1BQU07UUFDUjtZQUNFLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxzQkFBc0IsVUFBVSxFQUFFLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQsT0FBTztRQUNMLFNBQVMsRUFBRSxJQUFBLHVCQUFhLEVBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUM7UUFDdEQsVUFBVSxFQUFFLElBQUEsd0JBQWMsRUFBQyxPQUFPLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQztLQUMxRCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSxpQkFBaUIsQ0FDckMsVUFBc0IsRUFDdEIsU0FBb0IsRUFDcEIsVUFBc0I7SUFFdEIsaUNBQWlDO0lBQ2pDLE1BQU0sZ0JBQWdCLEdBQUcsSUFBQSxtQkFBUyxFQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQy9DLE1BQU0sZUFBZSxHQUFHLElBQUEsbUJBQVMsRUFBQyxTQUFTLENBQUMsQ0FBQztJQUU3Qyw4QkFBOEI7SUFDOUIsTUFBTSxLQUFLLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQztJQUM5QixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksOEJBQWtCLENBQUMsa0NBQWtDLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQsZ0NBQWdDO0lBQ2hDLE1BQU0sU0FBUyxHQUE0QjtRQUN6QyxPQUFPLEVBQUUsR0FBRztRQUNaLE9BQU8sRUFBRSxHQUFHO1FBQ1osb0NBQW9DO1FBQ3BDLE9BQU8sRUFBRSxHQUFHO0tBQ2IsQ0FBQztJQUNGLE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUU5QixvQ0FBb0M7SUFDcEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FDakQsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxlQUFlLEVBQUUsRUFDekMsZ0JBQWdCLEVBQ2hCLElBQUksQ0FDTCxDQUFDO0lBRUYsNENBQTRDO0lBQzVDLE1BQU0sT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsS0FBSyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQztJQUVqRyxrQ0FBa0M7SUFDbEMsTUFBTSxTQUFTLEdBQUcsVUFBVSxDQUFDLFNBQVMsSUFBSSxHQUFHLENBQUM7SUFDOUMsTUFBTSxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDOUM7UUFDRSxJQUFJLEVBQUUsTUFBTTtRQUNaLElBQUksRUFBRSxVQUFVLENBQUMsSUFBSTtRQUNyQixJQUFJLEVBQUUsVUFBVSxDQUFDLElBQUk7UUFDckIsSUFBSSxFQUFFLFVBQVUsQ0FBQyxJQUFJLElBQUksSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDO0tBQzNDLEVBQ0QsT0FBTyxFQUNQLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLEVBQ3RDLElBQUksRUFDSixDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FDdkIsQ0FBQztJQUVGLCtEQUErRDtJQUMvRCxNQUFNLFFBQVEsR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsQ0FBQztJQUNsRSxPQUFPLElBQUEsMEJBQWdCLEVBQUMsSUFBSSxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztBQUNwRCxDQUFDIn0=
|