@opentdf/sdk 0.3.2-beta.2292 → 0.3.2-beta.2435
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +155 -0
- package/dist/cjs/src/access/access-rpc.js +83 -0
- package/dist/cjs/src/access.js +33 -141
- package/dist/cjs/src/auth/oidc.js +2 -2
- package/dist/cjs/src/nanotdf/Client.js +6 -8
- package/dist/cjs/src/nanotdf/models/Header.js +2 -2
- package/dist/cjs/src/platform/authorization/authorization_pb.js +138 -0
- package/dist/cjs/src/platform/buf/validate/validate_pb.js +410 -0
- package/dist/cjs/src/platform/common/common_pb.js +79 -0
- package/dist/cjs/src/platform/entityresolution/entity_resolution_pb.js +49 -0
- package/dist/cjs/src/platform/google/api/annotations_pb.js +30 -0
- package/dist/cjs/src/platform/google/api/http_pb.js +37 -0
- package/dist/cjs/src/platform/kas/kas_pb.js +96 -0
- package/dist/cjs/src/platform/policy/actions/actions_pb.js +70 -0
- package/dist/cjs/src/platform/policy/attributes/attributes_pb.js +240 -0
- package/dist/cjs/src/platform/policy/kasregistry/key_access_server_registry_pb.js +236 -0
- package/dist/cjs/src/platform/policy/keymanagement/key_management_pb.js +70 -0
- package/dist/cjs/src/platform/policy/namespaces/namespaces_pb.js +121 -0
- package/dist/cjs/src/platform/policy/objects_pb.js +395 -0
- package/dist/cjs/src/platform/policy/registeredresources/registered_resources_pb.js +132 -0
- package/dist/cjs/src/platform/policy/resourcemapping/resource_mapping_pb.js +139 -0
- package/dist/cjs/src/platform/policy/selectors_pb.js +67 -0
- package/dist/cjs/src/platform/policy/subjectmapping/subject_mapping_pb.js +146 -0
- package/dist/cjs/src/platform/policy/unsafe/unsafe_pb.js +124 -0
- package/dist/cjs/src/platform/protoc-gen-openapiv2/options/annotations_pb.js +68 -0
- package/dist/cjs/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.js +307 -0
- package/dist/cjs/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +33 -0
- package/dist/cjs/src/platform.js +140 -0
- package/dist/cjs/src/policy/api.js +21 -38
- package/dist/cjs/src/policy/attributes.js +4 -1
- package/dist/cjs/src/policy/granter.js +9 -9
- package/dist/cjs/src/utils.js +31 -1
- package/dist/cjs/tdf3/src/client/index.js +5 -7
- package/dist/cjs/tdf3/src/tdf.js +4 -11
- package/dist/types/src/access/access-fetch.d.ts +21 -0
- package/dist/types/src/access/access-fetch.d.ts.map +1 -0
- package/dist/types/src/access/access-rpc.d.ts +14 -0
- package/dist/types/src/access/access-rpc.d.ts.map +1 -0
- package/dist/types/src/access.d.ts +3 -7
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/nanotdf/Client.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/authorization_pb.d.ts +609 -0
- package/dist/types/src/platform/authorization/authorization_pb.d.ts.map +1 -0
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts +4466 -0
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts.map +1 -0
- package/dist/types/src/platform/common/common_pb.d.ts +112 -0
- package/dist/types/src/platform/common/common_pb.d.ts.map +1 -0
- package/dist/types/src/platform/entityresolution/entity_resolution_pb.d.ts +199 -0
- package/dist/types/src/platform/entityresolution/entity_resolution_pb.d.ts.map +1 -0
- package/dist/types/src/platform/google/api/annotations_pb.d.ts +14 -0
- package/dist/types/src/platform/google/api/annotations_pb.d.ts.map +1 -0
- package/dist/types/src/platform/google/api/http_pb.d.ts +441 -0
- package/dist/types/src/platform/google/api/http_pb.d.ts.map +1 -0
- package/dist/types/src/platform/kas/kas_pb.d.ts +404 -0
- package/dist/types/src/platform/kas/kas_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/actions/actions_pb.d.ts +265 -0
- package/dist/types/src/platform/policy/actions/actions_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts +1022 -0
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +1306 -0
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/keymanagement/key_management_pb.d.ts +269 -0
- package/dist/types/src/platform/policy/keymanagement/key_management_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts +448 -0
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/objects_pb.d.ts +1112 -0
- package/dist/types/src/platform/policy/objects_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts +539 -0
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +558 -0
- package/dist/types/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/selectors_pb.d.ts +221 -0
- package/dist/types/src/platform/policy/selectors_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +582 -0
- package/dist/types/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts +513 -0
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts.map +1 -0
- package/dist/types/src/platform/protoc-gen-openapiv2/options/annotations_pb.d.ts +62 -0
- package/dist/types/src/platform/protoc-gen-openapiv2/options/annotations_pb.d.ts.map +1 -0
- package/dist/types/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.d.ts +1441 -0
- package/dist/types/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.d.ts.map +1 -0
- package/dist/types/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +59 -0
- package/dist/types/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts.map +1 -0
- package/dist/types/src/platform.d.ts +64 -0
- package/dist/types/src/platform.d.ts.map +1 -0
- package/dist/types/src/policy/api.d.ts +1 -1
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/attributes.d.ts +10 -87
- package/dist/types/src/policy/attributes.d.ts.map +1 -1
- package/dist/types/src/policy/granter.d.ts.map +1 -1
- package/dist/types/src/utils.d.ts +10 -0
- package/dist/types/src/utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +150 -0
- package/dist/web/src/access/access-rpc.js +78 -0
- package/dist/web/src/access.js +35 -144
- package/dist/web/src/auth/oidc.js +2 -2
- package/dist/web/src/nanotdf/Client.js +6 -8
- package/dist/web/src/nanotdf/models/Header.js +2 -2
- package/dist/web/src/platform/authorization/authorization_pb.js +135 -0
- package/dist/web/src/platform/buf/validate/validate_pb.js +407 -0
- package/dist/web/src/platform/common/common_pb.js +76 -0
- package/dist/web/src/platform/entityresolution/entity_resolution_pb.js +46 -0
- package/dist/web/src/platform/google/api/annotations_pb.js +27 -0
- package/dist/web/src/platform/google/api/http_pb.js +34 -0
- package/dist/web/src/platform/kas/kas_pb.js +93 -0
- package/dist/web/src/platform/policy/actions/actions_pb.js +67 -0
- package/dist/web/src/platform/policy/attributes/attributes_pb.js +237 -0
- package/dist/web/src/platform/policy/kasregistry/key_access_server_registry_pb.js +233 -0
- package/dist/web/src/platform/policy/keymanagement/key_management_pb.js +67 -0
- package/dist/web/src/platform/policy/namespaces/namespaces_pb.js +118 -0
- package/dist/web/src/platform/policy/objects_pb.js +392 -0
- package/dist/web/src/platform/policy/registeredresources/registered_resources_pb.js +129 -0
- package/dist/web/src/platform/policy/resourcemapping/resource_mapping_pb.js +136 -0
- package/dist/web/src/platform/policy/selectors_pb.js +64 -0
- package/dist/web/src/platform/policy/subjectmapping/subject_mapping_pb.js +143 -0
- package/dist/web/src/platform/policy/unsafe/unsafe_pb.js +121 -0
- package/dist/web/src/platform/protoc-gen-openapiv2/options/annotations_pb.js +65 -0
- package/dist/web/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.js +304 -0
- package/dist/web/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +30 -0
- package/dist/web/src/platform.js +103 -0
- package/dist/web/src/policy/api.js +23 -40
- package/dist/web/src/policy/attributes.js +3 -2
- package/dist/web/src/policy/granter.js +9 -9
- package/dist/web/src/utils.js +29 -1
- package/dist/web/tdf3/src/client/index.js +6 -8
- package/dist/web/tdf3/src/tdf.js +4 -11
- package/package.json +12 -1
- package/src/access/access-fetch.ts +202 -0
- package/src/access/access-rpc.ts +107 -0
- package/src/access.ts +54 -175
- package/src/auth/oidc.ts +1 -1
- package/src/nanotdf/Client.ts +6 -12
- package/src/nanotdf/models/Header.ts +1 -1
- package/src/platform/authorization/authorization_pb.ts +689 -0
- package/src/platform/buf/validate/validate_pb.ts +4626 -0
- package/src/platform/common/common_pb.ts +135 -0
- package/src/platform/entityresolution/entity_resolution_pb.ts +233 -0
- package/src/platform/google/api/annotations_pb.ts +39 -0
- package/src/platform/google/api/http_pb.ts +474 -0
- package/src/platform/kas/kas_pb.ts +484 -0
- package/src/platform/policy/actions/actions_pb.ts +312 -0
- package/src/platform/policy/attributes/attributes_pb.ts +1181 -0
- package/src/platform/policy/kasregistry/key_access_server_registry_pb.ts +1482 -0
- package/src/platform/policy/keymanagement/key_management_pb.ts +316 -0
- package/src/platform/policy/namespaces/namespaces_pb.ts +528 -0
- package/src/platform/policy/objects_pb.ts +1319 -0
- package/src/platform/policy/registeredresources/registered_resources_pb.ts +623 -0
- package/src/platform/policy/resourcemapping/resource_mapping_pb.ts +658 -0
- package/src/platform/policy/selectors_pb.ts +277 -0
- package/src/platform/policy/subjectmapping/subject_mapping_pb.ts +687 -0
- package/src/platform/policy/unsafe/unsafe_pb.ts +593 -0
- package/src/platform/protoc-gen-openapiv2/options/annotations_pb.ts +83 -0
- package/src/platform/protoc-gen-openapiv2/options/openapiv2_pb.ts +1615 -0
- package/src/platform/wellknownconfiguration/wellknown_configuration_pb.ts +78 -0
- package/src/platform.ts +139 -0
- package/src/policy/api.ts +29 -42
- package/src/policy/attributes.ts +12 -108
- package/src/policy/granter.ts +7 -8
- package/src/utils.ts +30 -0
- package/tdf3/src/client/index.ts +11 -6
- package/tdf3/src/tdf.ts +4 -12
- package/src/platform/authorization/authorization_connect.d.ts +0 -44
- package/src/platform/authorization/authorization_connect.js +0 -44
- package/src/platform/authorization/authorization_pb.d.ts +0 -707
- package/src/platform/authorization/authorization_pb.js +0 -372
- package/src/platform/common/common_pb.d.ts +0 -129
- package/src/platform/common/common_pb.js +0 -58
- package/src/platform/entityresolution/entity_resolution_connect.d.ts +0 -35
- package/src/platform/entityresolution/entity_resolution_connect.js +0 -35
- package/src/platform/entityresolution/entity_resolution_pb.d.ts +0 -242
- package/src/platform/entityresolution/entity_resolution_pb.js +0 -139
- package/src/platform/kas/kas_connect.d.ts +0 -59
- package/src/platform/kas/kas_connect.js +0 -59
- package/src/platform/kas/kas_pb.d.ts +0 -200
- package/src/platform/kas/kas_pb.js +0 -84
- package/src/platform/policy/attributes/attributes_connect.d.ts +0 -168
- package/src/platform/policy/attributes/attributes_connect.js +0 -168
- package/src/platform/policy/attributes/attributes_pb.d.ts +0 -929
- package/src/platform/policy/attributes/attributes_pb.js +0 -363
- package/src/platform/policy/kasregistry/key_access_server_registry_connect.d.ts +0 -62
- package/src/platform/policy/kasregistry/key_access_server_registry_connect.js +0 -62
- package/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +0 -283
- package/src/platform/policy/kasregistry/key_access_server_registry_pb.js +0 -113
- package/src/platform/policy/namespaces/namespaces_connect.d.ts +0 -62
- package/src/platform/policy/namespaces/namespaces_connect.js +0 -62
- package/src/platform/policy/namespaces/namespaces_pb.d.ts +0 -270
- package/src/platform/policy/namespaces/namespaces_pb.js +0 -110
- package/src/platform/policy/objects_pb.d.ts +0 -725
- package/src/platform/policy/objects_pb.js +0 -288
- package/src/platform/policy/resourcemapping/resource_mapping_connect.d.ts +0 -259
- package/src/platform/policy/resourcemapping/resource_mapping_connect.js +0 -259
- package/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts +0 -314
- package/src/platform/policy/resourcemapping/resource_mapping_pb.js +0 -142
- package/src/platform/policy/selectors_pb.d.ts +0 -269
- package/src/platform/policy/selectors_pb.js +0 -110
- package/src/platform/policy/subjectmapping/subject_mapping_connect.d.ts +0 -118
- package/src/platform/policy/subjectmapping/subject_mapping_connect.js +0 -118
- package/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts +0 -672
- package/src/platform/policy/subjectmapping/subject_mapping_pb.js +0 -260
- package/src/platform/wellknownconfiguration/wellknown_configuration_connect.d.ts +0 -26
- package/src/platform/wellknownconfiguration/wellknown_configuration_connect.js +0 -26
- package/src/platform/wellknownconfiguration/wellknown_configuration_pb.d.ts +0 -75
- package/src/platform/wellknownconfiguration/wellknown_configuration_pb.js +0 -35
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.fetchWrappedKey = fetchWrappedKey;
|
|
4
|
+
exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
5
|
+
exports.fetchKasPubKey = fetchKasPubKey;
|
|
6
|
+
const access_js_1 = require("../access.js");
|
|
7
|
+
const errors_js_1 = require("../errors.js");
|
|
8
|
+
const utils_js_1 = require("../utils.js");
|
|
9
|
+
/**
|
|
10
|
+
* Get a rewrapped access key to the document, if possible
|
|
11
|
+
* @param url Key access server rewrap endpoint
|
|
12
|
+
* @param requestBody a signed request with an encrypted document key
|
|
13
|
+
* @param authProvider Authorization middleware
|
|
14
|
+
*/
|
|
15
|
+
async function fetchWrappedKey(url, requestBody, authProvider) {
|
|
16
|
+
const req = await authProvider.withCreds({
|
|
17
|
+
url,
|
|
18
|
+
method: 'POST',
|
|
19
|
+
headers: {
|
|
20
|
+
'Content-Type': 'application/json',
|
|
21
|
+
},
|
|
22
|
+
body: JSON.stringify(requestBody),
|
|
23
|
+
});
|
|
24
|
+
let response;
|
|
25
|
+
try {
|
|
26
|
+
response = await fetch(req.url, {
|
|
27
|
+
method: req.method,
|
|
28
|
+
mode: 'cors', // no-cors, *cors, same-origin
|
|
29
|
+
cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
|
|
30
|
+
credentials: 'same-origin', // include, *same-origin, omit
|
|
31
|
+
headers: req.headers,
|
|
32
|
+
redirect: 'follow', // manual, *follow, error
|
|
33
|
+
referrerPolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
|
|
34
|
+
body: req.body,
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
catch (e) {
|
|
38
|
+
throw new errors_js_1.NetworkError(`unable to fetch wrapped key from [${url}]`, e);
|
|
39
|
+
}
|
|
40
|
+
if (!response.ok) {
|
|
41
|
+
switch (response.status) {
|
|
42
|
+
case 400:
|
|
43
|
+
throw new errors_js_1.InvalidFileError(`400 for [${req.url}]: rewrap bad request [${await response.text()}]`);
|
|
44
|
+
case 401:
|
|
45
|
+
throw new errors_js_1.UnauthenticatedError(`401 for [${req.url}]; rewrap auth failure`);
|
|
46
|
+
case 403:
|
|
47
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied`);
|
|
48
|
+
default:
|
|
49
|
+
if (response.status >= 500) {
|
|
50
|
+
throw new errors_js_1.ServiceError(`${response.status} for [${req.url}]: rewrap failure due to service error [${await response.text()}]`);
|
|
51
|
+
}
|
|
52
|
+
throw new errors_js_1.NetworkError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
return response.json();
|
|
56
|
+
}
|
|
57
|
+
async function fetchKeyAccessServers(platformUrl, authProvider) {
|
|
58
|
+
let nextOffset = 0;
|
|
59
|
+
const allServers = [];
|
|
60
|
+
do {
|
|
61
|
+
const req = await authProvider.withCreds({
|
|
62
|
+
url: `${platformUrl}/key-access-servers?pagination.offset=${nextOffset}`,
|
|
63
|
+
method: 'GET',
|
|
64
|
+
headers: {
|
|
65
|
+
'Content-Type': 'application/json',
|
|
66
|
+
},
|
|
67
|
+
});
|
|
68
|
+
let response;
|
|
69
|
+
try {
|
|
70
|
+
response = await fetch(req.url, {
|
|
71
|
+
method: req.method,
|
|
72
|
+
headers: req.headers,
|
|
73
|
+
body: req.body,
|
|
74
|
+
mode: 'cors',
|
|
75
|
+
cache: 'no-cache',
|
|
76
|
+
credentials: 'same-origin',
|
|
77
|
+
redirect: 'follow',
|
|
78
|
+
referrerPolicy: 'no-referrer',
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
catch (e) {
|
|
82
|
+
throw new errors_js_1.NetworkError(`unable to fetch kas list from [${req.url}]`, e);
|
|
83
|
+
}
|
|
84
|
+
// if we get an error from the kas registry, throw an error
|
|
85
|
+
if (!response.ok) {
|
|
86
|
+
throw new errors_js_1.ServiceError(`unable to fetch kas list from [${req.url}], status: ${response.status}`);
|
|
87
|
+
}
|
|
88
|
+
const { keyAccessServers = [], pagination = {} } = await response.json();
|
|
89
|
+
allServers.push(...keyAccessServers);
|
|
90
|
+
nextOffset = pagination.nextOffset || 0;
|
|
91
|
+
} while (nextOffset > 0);
|
|
92
|
+
const serverUrls = allServers.map((server) => server.uri);
|
|
93
|
+
// add base platform kas
|
|
94
|
+
if (!serverUrls.includes(`${platformUrl}/kas`)) {
|
|
95
|
+
serverUrls.push(`${platformUrl}/kas`);
|
|
96
|
+
}
|
|
97
|
+
return new access_js_1.OriginAllowList(serverUrls, false);
|
|
98
|
+
}
|
|
99
|
+
async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
100
|
+
if (!kasEndpoint) {
|
|
101
|
+
throw new errors_js_1.ConfigurationError('KAS definition not found');
|
|
102
|
+
}
|
|
103
|
+
// Logs insecure KAS. Secure is enforced in constructor
|
|
104
|
+
(0, utils_js_1.validateSecureUrl)(kasEndpoint);
|
|
105
|
+
// Parse kasEndpoint to URL, then append to its path and update its query parameters
|
|
106
|
+
let pkUrlV2;
|
|
107
|
+
try {
|
|
108
|
+
pkUrlV2 = new URL(kasEndpoint);
|
|
109
|
+
}
|
|
110
|
+
catch (e) {
|
|
111
|
+
throw new errors_js_1.ConfigurationError(`KAS definition invalid: [${kasEndpoint}]`, e);
|
|
112
|
+
}
|
|
113
|
+
if (!pkUrlV2.pathname.endsWith('kas_public_key')) {
|
|
114
|
+
if (!pkUrlV2.pathname.endsWith('/')) {
|
|
115
|
+
pkUrlV2.pathname += '/';
|
|
116
|
+
}
|
|
117
|
+
pkUrlV2.pathname += 'v2/kas_public_key';
|
|
118
|
+
}
|
|
119
|
+
pkUrlV2.searchParams.set('algorithm', algorithm || 'rsa:2048');
|
|
120
|
+
if (!pkUrlV2.searchParams.get('v')) {
|
|
121
|
+
pkUrlV2.searchParams.set('v', '2');
|
|
122
|
+
}
|
|
123
|
+
let kasPubKeyResponseV2;
|
|
124
|
+
try {
|
|
125
|
+
kasPubKeyResponseV2 = await fetch(pkUrlV2);
|
|
126
|
+
}
|
|
127
|
+
catch (e) {
|
|
128
|
+
throw new errors_js_1.NetworkError(`unable to fetch public key from [${pkUrlV2}]`, e);
|
|
129
|
+
}
|
|
130
|
+
if (!kasPubKeyResponseV2.ok) {
|
|
131
|
+
switch (kasPubKeyResponseV2.status) {
|
|
132
|
+
case 404:
|
|
133
|
+
throw new errors_js_1.ConfigurationError(`404 for [${pkUrlV2}]`);
|
|
134
|
+
case 401:
|
|
135
|
+
throw new errors_js_1.UnauthenticatedError(`401 for [${pkUrlV2}]`);
|
|
136
|
+
case 403:
|
|
137
|
+
throw new errors_js_1.PermissionDeniedError(`403 for [${pkUrlV2}]`);
|
|
138
|
+
default:
|
|
139
|
+
throw new errors_js_1.NetworkError(`${pkUrlV2} => ${kasPubKeyResponseV2.status} ${kasPubKeyResponseV2.statusText}`);
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
const jsonContent = await kasPubKeyResponseV2.json();
|
|
143
|
+
const { publicKey, kid } = jsonContent;
|
|
144
|
+
if (!publicKey) {
|
|
145
|
+
throw new errors_js_1.NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
|
|
146
|
+
}
|
|
147
|
+
return {
|
|
148
|
+
key: (0, access_js_1.noteInvalidPublicKey)(pkUrlV2, (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
|
|
149
|
+
publicKey,
|
|
150
|
+
url: kasEndpoint,
|
|
151
|
+
algorithm: algorithm || 'rsa:2048',
|
|
152
|
+
...(kid && { kid }),
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFrQ0EsMENBc0RDO0FBRUQsc0RBK0NDO0FBRUQsd0NBOERDO0FBek1ELDRDQUtzQjtBQUV0Qiw0Q0FPc0I7QUFDdEIsMENBQXNFO0FBYXRFOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFdBQTBCLEVBQzFCLFlBQTBCO0lBRTFCLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsa0JBQWtCO1NBQ25DO1FBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO0tBQ2xDLENBQUMsQ0FBQztJQUVILElBQUksUUFBa0IsQ0FBQztJQUV2QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsSUFBSSxFQUFFLE1BQU0sRUFBRSw4QkFBOEI7WUFDNUMsS0FBSyxFQUFFLFVBQVUsRUFBRSwwREFBMEQ7WUFDN0UsV0FBVyxFQUFFLGFBQWEsRUFBRSw4QkFBOEI7WUFDMUQsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRLEVBQUUseUJBQXlCO1lBQzdDLGNBQWMsRUFBRSxhQUFhLEVBQUUsc0pBQXNKO1lBQ3JMLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7U0FDM0IsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxxQ0FBcUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDakIsUUFBUSxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEIsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSw0QkFBZ0IsQ0FDeEIsWUFBWSxHQUFHLENBQUMsR0FBRywwQkFBMEIsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEUsQ0FBQztZQUNKLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyx3QkFBd0IsQ0FBQyxDQUFDO1lBQzlFLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3BGO2dCQUNFLElBQUksUUFBUSxDQUFDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQztvQkFDM0IsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsUUFBUSxDQUFDLE1BQU0sU0FBUyxHQUFHLENBQUMsR0FBRywyQ0FBMkMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEcsQ0FBQztnQkFDSixDQUFDO2dCQUNELE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsT0FBTyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDeEUsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7QUFDekIsQ0FBQztBQUVNLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsWUFBMEI7SUFFMUIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixHQUFHLENBQUM7UUFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7WUFDdkMsR0FBRyxFQUFFLEdBQUcsV0FBVyx5Q0FBeUMsVUFBVSxFQUFFO1lBQ3hFLE1BQU0sRUFBRSxLQUFLO1lBQ2IsT0FBTyxFQUFFO2dCQUNQLGNBQWMsRUFBRSxrQkFBa0I7YUFDbkM7U0FDRixDQUFDLENBQUM7UUFDSCxJQUFJLFFBQWtCLENBQUM7UUFDdkIsSUFBSSxDQUFDO1lBQ0gsUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtnQkFDbEIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO2dCQUNwQixJQUFJLEVBQUUsR0FBRyxDQUFDLElBQWdCO2dCQUMxQixJQUFJLEVBQUUsTUFBTTtnQkFDWixLQUFLLEVBQUUsVUFBVTtnQkFDakIsV0FBVyxFQUFFLGFBQWE7Z0JBQzFCLFFBQVEsRUFBRSxRQUFRO2dCQUNsQixjQUFjLEVBQUUsYUFBYTthQUM5QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUNELDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixrQ0FBa0MsR0FBRyxDQUFDLEdBQUcsY0FBYyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQ3pFLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxFQUFFLGdCQUFnQixHQUFHLEVBQUUsRUFBRSxVQUFVLEdBQUcsRUFBRSxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDekUsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLGdCQUFnQixDQUFDLENBQUM7UUFDckMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxVQUFVLElBQUksQ0FBQyxDQUFDO0lBQzFDLENBQUMsUUFBUSxVQUFVLEdBQUcsQ0FBQyxFQUFFO0lBRXpCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRCx3QkFBd0I7SUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0MsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sSUFBSSwyQkFBZSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUNoRCxDQUFDO0FBRU0sS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCx1REFBdUQ7SUFDdkQsSUFBQSw0QkFBaUIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixvRkFBb0Y7SUFDcEYsSUFBSSxPQUFZLENBQUM7SUFDakIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxHQUFHLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDRCQUE0QixXQUFXLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztRQUNqRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsUUFBUSxJQUFJLEdBQUcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxDQUFDLFFBQVEsSUFBSSxtQkFBbUIsQ0FBQztJQUMxQyxDQUFDO0lBQ0QsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLFNBQVMsSUFBSSxVQUFVLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNuQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVELElBQUksbUJBQTZCLENBQUM7SUFDbEMsSUFBSSxDQUFDO1FBQ0gsbUJBQW1CLEdBQUcsTUFBTSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxvQ0FBb0MsT0FBTyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUNELElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUM1QixRQUFRLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ25DLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksOEJBQWtCLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ3ZELEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ3pELEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzFEO2dCQUNFLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLE9BQU8sT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLElBQUksbUJBQW1CLENBQUMsVUFBVSxFQUFFLENBQ2hGLENBQUM7UUFDTixDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sV0FBVyxHQUFHLE1BQU0sbUJBQW1CLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDckQsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsR0FBcUIsV0FBVyxDQUFDO0lBQ3pELElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNmLE1BQU0sSUFBSSx3QkFBWSxDQUNwQiw4Q0FBOEMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUM3RSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU87UUFDTCxHQUFHLEVBQUUsSUFBQSxnQ0FBb0IsRUFBQyxPQUFPLEVBQUUsSUFBQSwrQkFBb0IsRUFBQyxTQUFTLENBQUMsQ0FBQztRQUNuRSxTQUFTO1FBQ1QsR0FBRyxFQUFFLFdBQVc7UUFDaEIsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1FBQ2xDLEdBQUcsQ0FBQyxHQUFHLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztLQUNwQixDQUFDO0FBQ0osQ0FBQyJ9
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.fetchWrappedKey = fetchWrappedKey;
|
|
4
|
+
exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
5
|
+
exports.fetchKasPubKey = fetchKasPubKey;
|
|
6
|
+
const access_js_1 = require("../access.js");
|
|
7
|
+
const errors_js_1 = require("../errors.js");
|
|
8
|
+
const platform_js_1 = require("../platform.js");
|
|
9
|
+
const utils_js_1 = require("../utils.js");
|
|
10
|
+
/**
|
|
11
|
+
* Get a rewrapped access key to the document, if possible
|
|
12
|
+
* @param url Key access server rewrap endpoint
|
|
13
|
+
* @param requestBody a signed request with an encrypted document key
|
|
14
|
+
* @param authProvider Authorization middleware
|
|
15
|
+
* @param clientVersion
|
|
16
|
+
*/
|
|
17
|
+
async function fetchWrappedKey(url, signedRequestToken, authProvider) {
|
|
18
|
+
const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
|
|
19
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
20
|
+
try {
|
|
21
|
+
return await platform.v1.access.rewrap({
|
|
22
|
+
signedRequestToken,
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
catch (e) {
|
|
26
|
+
throw new errors_js_1.NetworkError(`[${platformUrl}] [Rewrap] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
async function fetchKeyAccessServers(platformUrl, authProvider) {
|
|
30
|
+
let nextOffset = 0;
|
|
31
|
+
const allServers = [];
|
|
32
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
33
|
+
do {
|
|
34
|
+
let response;
|
|
35
|
+
try {
|
|
36
|
+
response = await platform.v1.keyAccessServerRegistry.listKeyAccessServers({
|
|
37
|
+
pagination: {
|
|
38
|
+
offset: nextOffset,
|
|
39
|
+
},
|
|
40
|
+
});
|
|
41
|
+
}
|
|
42
|
+
catch (e) {
|
|
43
|
+
throw new errors_js_1.NetworkError(`[${platformUrl}] [ListKeyAccessServers] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
44
|
+
}
|
|
45
|
+
allServers.push(...response.keyAccessServers);
|
|
46
|
+
nextOffset = response?.pagination?.nextOffset || 0;
|
|
47
|
+
} while (nextOffset > 0);
|
|
48
|
+
const serverUrls = allServers.map((server) => server.uri);
|
|
49
|
+
// add base platform kas
|
|
50
|
+
if (!serverUrls.includes(`${platformUrl}/kas`)) {
|
|
51
|
+
serverUrls.push(`${platformUrl}/kas`);
|
|
52
|
+
}
|
|
53
|
+
return new access_js_1.OriginAllowList(serverUrls, false);
|
|
54
|
+
}
|
|
55
|
+
async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
56
|
+
if (!kasEndpoint) {
|
|
57
|
+
throw new errors_js_1.ConfigurationError('KAS definition not found');
|
|
58
|
+
}
|
|
59
|
+
// Logs insecure KAS. Secure is enforced in constructor
|
|
60
|
+
(0, utils_js_1.validateSecureUrl)(kasEndpoint);
|
|
61
|
+
const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(kasEndpoint);
|
|
62
|
+
const platform = new platform_js_1.PlatformClient({
|
|
63
|
+
platformUrl,
|
|
64
|
+
});
|
|
65
|
+
try {
|
|
66
|
+
const { kid, publicKey } = await platform.v1.access.publicKey({
|
|
67
|
+
algorithm: algorithm || 'rsa:2048',
|
|
68
|
+
v: '2',
|
|
69
|
+
});
|
|
70
|
+
const result = {
|
|
71
|
+
key: (0, access_js_1.noteInvalidPublicKey)(new URL(platformUrl), (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
|
|
72
|
+
publicKey,
|
|
73
|
+
url: kasEndpoint,
|
|
74
|
+
algorithm: algorithm || 'rsa:2048',
|
|
75
|
+
...(kid && { kid }),
|
|
76
|
+
};
|
|
77
|
+
return result;
|
|
78
|
+
}
|
|
79
|
+
catch (e) {
|
|
80
|
+
throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQXlCQSwwQ0FjQztBQUVELHNEQWlDQztBQUVELHdDQThCQztBQTFHRCw0Q0FLc0I7QUFFdEIsNENBQWdFO0FBQ2hFLGdEQUFnRDtBQUdoRCwwQ0FLcUI7QUFFckI7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixZQUEwQjtJQUUxQixNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7WUFDckMsa0JBQWtCO1NBQ25CLENBQUMsQ0FBQztJQUNMLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkYsQ0FBQztBQUNILENBQUM7QUFFTSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsTUFBTSxRQUFRLEdBQUcsSUFBSSw0QkFBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFFbkUsR0FBRyxDQUFDO1FBQ0YsSUFBSSxRQUFzQyxDQUFDO1FBQzNDLElBQUksQ0FBQztZQUNILFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsdUJBQXVCLENBQUMsb0JBQW9CLENBQUM7Z0JBQ3hFLFVBQVUsRUFBRTtvQkFDVixNQUFNLEVBQUUsVUFBVTtpQkFDbkI7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixJQUFJLFdBQVcsNEJBQTRCLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FDdkUsQ0FBQztRQUNKLENBQUM7UUFFRCxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsUUFBUSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDOUMsVUFBVSxHQUFHLFFBQVEsRUFBRSxVQUFVLEVBQUUsVUFBVSxJQUFJLENBQUMsQ0FBQztJQUNyRCxDQUFDLFFBQVEsVUFBVSxHQUFHLENBQUMsRUFBRTtJQUV6QixNQUFNLFVBQVUsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDMUQsd0JBQXdCO0lBQ3hCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQy9DLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxPQUFPLElBQUksMkJBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsdURBQXVEO0lBQ3ZELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDNUQsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLENBQUMsRUFBRSxHQUFHO1NBQ1AsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLEdBQUcsRUFBRSxJQUFBLGdDQUFvQixFQUFDLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFLElBQUEsK0JBQW9CLEVBQUMsU0FBUyxDQUFDLENBQUM7WUFDaEYsU0FBUztZQUNULEdBQUcsRUFBRSxXQUFXO1lBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQyJ9
|
package/dist/cjs/src/access.js
CHANGED
|
@@ -2,11 +2,18 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.OriginAllowList = exports.publicKeyAlgorithmToJwa = exports.keyAlgorithmToPublicKeyAlgorithm = exports.isPublicKeyAlgorithm = void 0;
|
|
4
4
|
exports.fetchWrappedKey = fetchWrappedKey;
|
|
5
|
+
exports.noteInvalidPublicKey = noteInvalidPublicKey;
|
|
5
6
|
exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
6
7
|
exports.fetchECKasPubKey = fetchECKasPubKey;
|
|
7
8
|
exports.fetchKasPubKey = fetchKasPubKey;
|
|
8
9
|
const errors_js_1 = require("./errors.js");
|
|
9
10
|
const utils_js_1 = require("./utils.js");
|
|
11
|
+
const access_rpc_js_1 = require("./access/access-rpc.js");
|
|
12
|
+
const access_fetch_js_1 = require("./access/access-fetch.js");
|
|
13
|
+
const access_rpc_js_2 = require("./access/access-rpc.js");
|
|
14
|
+
const access_fetch_js_2 = require("./access/access-fetch.js");
|
|
15
|
+
const access_rpc_js_3 = require("./access/access-rpc.js");
|
|
16
|
+
const access_fetch_js_3 = require("./access/access-fetch.js");
|
|
10
17
|
/**
|
|
11
18
|
* Get a rewrapped access key to the document, if possible
|
|
12
19
|
* @param url Key access server rewrap endpoint
|
|
@@ -14,47 +21,9 @@ const utils_js_1 = require("./utils.js");
|
|
|
14
21
|
* @param authProvider Authorization middleware
|
|
15
22
|
* @param clientVersion
|
|
16
23
|
*/
|
|
17
|
-
async function fetchWrappedKey(url,
|
|
18
|
-
const
|
|
19
|
-
|
|
20
|
-
method: 'POST',
|
|
21
|
-
headers: {
|
|
22
|
-
'Content-Type': 'application/json',
|
|
23
|
-
},
|
|
24
|
-
body: JSON.stringify(requestBody),
|
|
25
|
-
});
|
|
26
|
-
let response;
|
|
27
|
-
try {
|
|
28
|
-
response = await fetch(req.url, {
|
|
29
|
-
method: req.method,
|
|
30
|
-
mode: 'cors', // no-cors, *cors, same-origin
|
|
31
|
-
cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
|
|
32
|
-
credentials: 'same-origin', // include, *same-origin, omit
|
|
33
|
-
headers: req.headers,
|
|
34
|
-
redirect: 'follow', // manual, *follow, error
|
|
35
|
-
referrerPolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
|
|
36
|
-
body: req.body,
|
|
37
|
-
});
|
|
38
|
-
}
|
|
39
|
-
catch (e) {
|
|
40
|
-
throw new errors_js_1.NetworkError(`unable to fetch wrapped key from [${url}]`, e);
|
|
41
|
-
}
|
|
42
|
-
if (!response.ok) {
|
|
43
|
-
switch (response.status) {
|
|
44
|
-
case 400:
|
|
45
|
-
throw new errors_js_1.InvalidFileError(`400 for [${req.url}]: rewrap bad request [${await response.text()}]`);
|
|
46
|
-
case 401:
|
|
47
|
-
throw new errors_js_1.UnauthenticatedError(`401 for [${req.url}]; rewrap auth failure`);
|
|
48
|
-
case 403:
|
|
49
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied`);
|
|
50
|
-
default:
|
|
51
|
-
if (response.status >= 500) {
|
|
52
|
-
throw new errors_js_1.ServiceError(`${response.status} for [${req.url}]: rewrap failure due to service error [${await response.text()}]`);
|
|
53
|
-
}
|
|
54
|
-
throw new errors_js_1.NetworkError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
return response.json();
|
|
24
|
+
async function fetchWrappedKey(url, signedRequestToken, authProvider) {
|
|
25
|
+
const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
|
|
26
|
+
return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_2.fetchWrappedKey)(platformUrl, signedRequestToken, authProvider), () => (0, access_fetch_js_2.fetchWrappedKey)(url, { signedRequestToken }, authProvider));
|
|
58
27
|
}
|
|
59
28
|
const isPublicKeyAlgorithm = (a) => {
|
|
60
29
|
return a === 'ec:secp256r1' || a === 'rsa:2048';
|
|
@@ -104,51 +73,7 @@ async function noteInvalidPublicKey(url, r) {
|
|
|
104
73
|
}
|
|
105
74
|
}
|
|
106
75
|
async function fetchKeyAccessServers(platformUrl, authProvider) {
|
|
107
|
-
|
|
108
|
-
const allServers = [];
|
|
109
|
-
do {
|
|
110
|
-
const req = await authProvider.withCreds({
|
|
111
|
-
url: `${platformUrl}/policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServers`,
|
|
112
|
-
method: 'POST',
|
|
113
|
-
headers: {
|
|
114
|
-
'Content-Type': 'application/json',
|
|
115
|
-
},
|
|
116
|
-
body: JSON.stringify({
|
|
117
|
-
pagination: {
|
|
118
|
-
offset: nextOffset,
|
|
119
|
-
},
|
|
120
|
-
}),
|
|
121
|
-
});
|
|
122
|
-
let response;
|
|
123
|
-
try {
|
|
124
|
-
response = await fetch(req.url, {
|
|
125
|
-
method: req.method,
|
|
126
|
-
headers: req.headers,
|
|
127
|
-
body: req.body,
|
|
128
|
-
mode: 'cors',
|
|
129
|
-
cache: 'no-cache',
|
|
130
|
-
credentials: 'same-origin',
|
|
131
|
-
redirect: 'follow',
|
|
132
|
-
referrerPolicy: 'no-referrer',
|
|
133
|
-
});
|
|
134
|
-
}
|
|
135
|
-
catch (e) {
|
|
136
|
-
throw new errors_js_1.NetworkError(`unable to fetch kas list from [${req.url}]`, e);
|
|
137
|
-
}
|
|
138
|
-
// if we get an error from the kas registry, throw an error
|
|
139
|
-
if (!response.ok) {
|
|
140
|
-
throw new errors_js_1.ServiceError(`unable to fetch kas list from [${req.url}], status: ${response.status}`);
|
|
141
|
-
}
|
|
142
|
-
const { keyAccessServers = [], pagination = {} } = await response.json();
|
|
143
|
-
allServers.push(...keyAccessServers);
|
|
144
|
-
nextOffset = pagination.nextOffset || 0;
|
|
145
|
-
} while (nextOffset > 0);
|
|
146
|
-
const serverUrls = allServers.map((server) => server.uri);
|
|
147
|
-
// add base platform kas
|
|
148
|
-
if (!serverUrls.includes(`${platformUrl}/kas`)) {
|
|
149
|
-
serverUrls.push(`${platformUrl}/kas`);
|
|
150
|
-
}
|
|
151
|
-
return new OriginAllowList(serverUrls, false);
|
|
76
|
+
return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_1.fetchKeyAccessServers)(platformUrl, authProvider), () => (0, access_fetch_js_1.fetchKeyAccessServers)(platformUrl, authProvider));
|
|
152
77
|
}
|
|
153
78
|
/**
|
|
154
79
|
* If we have KAS url but not public key we can fetch it from KAS, fetching
|
|
@@ -158,60 +83,7 @@ async function fetchECKasPubKey(kasEndpoint) {
|
|
|
158
83
|
return fetchKasPubKey(kasEndpoint, 'ec:secp256r1');
|
|
159
84
|
}
|
|
160
85
|
async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
161
|
-
|
|
162
|
-
throw new errors_js_1.ConfigurationError('KAS definition not found');
|
|
163
|
-
}
|
|
164
|
-
// Logs insecure KAS. Secure is enforced in constructor
|
|
165
|
-
(0, utils_js_1.validateSecureUrl)(kasEndpoint);
|
|
166
|
-
// Parse kasEndpoint to URL, then append to its path and update its query parameters
|
|
167
|
-
let pkUrlV2;
|
|
168
|
-
try {
|
|
169
|
-
pkUrlV2 = new URL(kasEndpoint);
|
|
170
|
-
}
|
|
171
|
-
catch (e) {
|
|
172
|
-
throw new errors_js_1.ConfigurationError(`KAS definition invalid: [${kasEndpoint}]`, e);
|
|
173
|
-
}
|
|
174
|
-
if (!pkUrlV2.pathname.endsWith('kas_public_key')) {
|
|
175
|
-
if (!pkUrlV2.pathname.endsWith('/')) {
|
|
176
|
-
pkUrlV2.pathname += '/';
|
|
177
|
-
}
|
|
178
|
-
pkUrlV2.pathname += 'v2/kas_public_key';
|
|
179
|
-
}
|
|
180
|
-
pkUrlV2.searchParams.set('algorithm', algorithm || 'rsa:2048');
|
|
181
|
-
if (!pkUrlV2.searchParams.get('v')) {
|
|
182
|
-
pkUrlV2.searchParams.set('v', '2');
|
|
183
|
-
}
|
|
184
|
-
let kasPubKeyResponseV2;
|
|
185
|
-
try {
|
|
186
|
-
kasPubKeyResponseV2 = await fetch(pkUrlV2);
|
|
187
|
-
}
|
|
188
|
-
catch (e) {
|
|
189
|
-
throw new errors_js_1.NetworkError(`unable to fetch public key from [${pkUrlV2}]`, e);
|
|
190
|
-
}
|
|
191
|
-
if (!kasPubKeyResponseV2.ok) {
|
|
192
|
-
switch (kasPubKeyResponseV2.status) {
|
|
193
|
-
case 404:
|
|
194
|
-
throw new errors_js_1.ConfigurationError(`404 for [${pkUrlV2}]`);
|
|
195
|
-
case 401:
|
|
196
|
-
throw new errors_js_1.UnauthenticatedError(`401 for [${pkUrlV2}]`);
|
|
197
|
-
case 403:
|
|
198
|
-
throw new errors_js_1.PermissionDeniedError(`403 for [${pkUrlV2}]`);
|
|
199
|
-
default:
|
|
200
|
-
throw new errors_js_1.NetworkError(`${pkUrlV2} => ${kasPubKeyResponseV2.status} ${kasPubKeyResponseV2.statusText}`);
|
|
201
|
-
}
|
|
202
|
-
}
|
|
203
|
-
const jsonContent = await kasPubKeyResponseV2.json();
|
|
204
|
-
const { publicKey, kid } = jsonContent;
|
|
205
|
-
if (!publicKey) {
|
|
206
|
-
throw new errors_js_1.NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
|
|
207
|
-
}
|
|
208
|
-
return {
|
|
209
|
-
key: noteInvalidPublicKey(pkUrlV2, (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
|
|
210
|
-
publicKey,
|
|
211
|
-
url: kasEndpoint,
|
|
212
|
-
algorithm: algorithm || 'rsa:2048',
|
|
213
|
-
...(kid && { kid }),
|
|
214
|
-
};
|
|
86
|
+
return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_3.fetchKasPubKey)(kasEndpoint, algorithm), () => (0, access_fetch_js_3.fetchKasPubKey)(kasEndpoint, algorithm));
|
|
215
87
|
}
|
|
216
88
|
const origin = (u) => {
|
|
217
89
|
try {
|
|
@@ -236,4 +108,24 @@ class OriginAllowList {
|
|
|
236
108
|
}
|
|
237
109
|
}
|
|
238
110
|
exports.OriginAllowList = OriginAllowList;
|
|
239
|
-
|
|
111
|
+
/**
|
|
112
|
+
* Tries two promise-returning functions in order and returns the first successful result.
|
|
113
|
+
* If both fail, throws the error from the second.
|
|
114
|
+
* @param first First function returning a promise to try.
|
|
115
|
+
* @param second Second function returning a promise to try if the first fails.
|
|
116
|
+
*/
|
|
117
|
+
async function tryPromisesUntilFirstSuccess(first, second) {
|
|
118
|
+
try {
|
|
119
|
+
return await first();
|
|
120
|
+
}
|
|
121
|
+
catch (e1) {
|
|
122
|
+
console.info('v2 request error', e1);
|
|
123
|
+
try {
|
|
124
|
+
return await second();
|
|
125
|
+
}
|
|
126
|
+
catch (err) {
|
|
127
|
+
throw err;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUF1QkEsMENBZ0JDO0FBK0RELG9EQVNDO0FBRUQsc0RBUUM7QUFNRCw0Q0FFQztBQUVELHdDQVFDO0FBMUlELDJDQUEyQztBQUUzQyx5Q0FBOEU7QUFFOUUsMERBQTJGO0FBQzNGLDhEQUFnRztBQUNoRywwREFBZ0Y7QUFDaEYsOERBQXFGO0FBQ3JGLDBEQUE2RTtBQUM3RSw4REFBa0Y7QUFNbEY7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixZQUEwQjtJQUUxQixNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXZELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSwrQkFBbUIsRUFBQyxXQUFXLEVBQUUsa0JBQWtCLEVBQUUsWUFBWSxDQUFDLEVBQ3hFLEdBQUcsRUFBRSxDQUNILElBQUEsaUNBQXNCLEVBQ3BCLEdBQUcsRUFDSCxFQUFFLGtCQUFrQixFQUFFLEVBQ3RCLFlBQVksQ0FDeUIsQ0FDMUMsQ0FBQztBQUNKLENBQUM7QUFJTSxNQUFNLG9CQUFvQixHQUFHLENBQUMsQ0FBUyxFQUE4QixFQUFFO0lBQzVFLE9BQU8sQ0FBQyxLQUFLLGNBQWMsSUFBSSxDQUFDLEtBQUssVUFBVSxDQUFDO0FBQ2xELENBQUMsQ0FBQztBQUZXLFFBQUEsb0JBQW9CLHdCQUUvQjtBQUVLLE1BQU0sZ0NBQWdDLEdBQUcsQ0FBQyxDQUFlLEVBQXlCLEVBQUU7SUFDekYsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE9BQU8sSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQzVDLE1BQU0sR0FBRyxHQUFHLENBQW1CLENBQUM7UUFDaEMsSUFBSSxHQUFHLENBQUMsVUFBVSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQy9CLE9BQU8sY0FBYyxDQUFDO1FBQ3hCLENBQUM7UUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixHQUFHLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsRUFBRSxDQUFDO1FBQzFCLE1BQU0sSUFBSSxHQUFHLENBQTBCLENBQUM7UUFDeEMsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLElBQUksRUFBRSxDQUFDO1lBQ2hDLGdEQUFnRDtZQUNoRCxnRUFBZ0U7WUFDaEUsSUFBSTtZQUNKLElBQUksSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsS0FBSyxPQUFPLEVBQUUsQ0FBQztnQkFDL0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7WUFDN0UsQ0FBQztZQUNELE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7SUFDSCxDQUFDO0lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7QUFDMUQsQ0FBQyxDQUFDO0FBckJXLFFBQUEsZ0NBQWdDLG9DQXFCM0M7QUFFSyxNQUFNLHVCQUF1QixHQUFHLENBQUMsQ0FBd0IsRUFBVSxFQUFFO0lBQzFFLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDVixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxVQUFVO1lBQ2IsT0FBTyxPQUFPLENBQUM7SUFDbkIsQ0FBQztBQUNILENBQUMsQ0FBQztBQVBXLFFBQUEsdUJBQXVCLDJCQU9sQztBQXlCSyxLQUFLLFVBQVUsb0JBQW9CLENBQUMsR0FBUSxFQUFFLENBQXFCO0lBQ3hFLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxJQUFJLENBQUMsWUFBWSxTQUFTLEVBQUUsQ0FBQztZQUMzQixNQUFNLElBQUksd0JBQVksQ0FBQyw0QkFBNEIsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUM7QUFFTSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSxxQ0FBd0IsRUFBQyxXQUFXLEVBQUUsWUFBWSxDQUFDLEVBQ3pELEdBQUcsRUFBRSxDQUFDLElBQUEsdUNBQTJCLEVBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUM3RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSxnQkFBZ0IsQ0FBQyxXQUFtQjtJQUN4RCxPQUFPLGNBQWMsQ0FBQyxXQUFXLEVBQUUsY0FBYyxDQUFDLENBQUM7QUFDckQsQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSw4QkFBaUIsRUFBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQy9DLEdBQUcsRUFBRSxDQUFDLElBQUEsZ0NBQW9CLEVBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUNuRCxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sTUFBTSxHQUFHLENBQUMsQ0FBUyxFQUFVLEVBQUU7SUFDbkMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZDLE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUMsQ0FBQztBQUVGLE1BQWEsZUFBZTtJQUcxQixZQUFZLElBQWMsRUFBRSxRQUFrQjtRQUM1QyxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLE9BQU8sQ0FBQyw0QkFBaUIsQ0FBQyxDQUFDO1FBQ2hDLElBQUksQ0FBQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQztJQUM3QixDQUFDO0lBQ0QsTUFBTSxDQUFDLEdBQVc7UUFDaEIsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUM1QyxDQUFDO0NBQ0Y7QUFkRCwwQ0FjQztBQUVEOzs7OztHQUtHO0FBQ0gsS0FBSyxVQUFVLDRCQUE0QixDQUN6QyxLQUF1QixFQUN2QixNQUF3QjtJQUV4QixJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sS0FBSyxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDWixPQUFPLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3JDLElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxNQUFNLEVBQUUsQ0FBQztRQUN4QixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDIn0=
|
|
@@ -148,7 +148,7 @@ class AccessToken {
|
|
|
148
148
|
}
|
|
149
149
|
catch (e) {
|
|
150
150
|
console.log('access_token fails on user_info endpoint; attempting to renew', e);
|
|
151
|
-
if (this.data
|
|
151
|
+
if (this.data?.refresh_token) {
|
|
152
152
|
// Prefer the latest refresh_token if present over creds passed in
|
|
153
153
|
// to constructor
|
|
154
154
|
this.config = {
|
|
@@ -219,4 +219,4 @@ class AccessToken {
|
|
|
219
219
|
}
|
|
220
220
|
}
|
|
221
221
|
exports.AccessToken = AccessToken;
|
|
222
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
222
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsZ0RBQXlDO0FBQ3pDLHVDQUFxRDtBQUNyRCxvREFBK0M7QUFDL0MsNENBQTREO0FBQzVELDBDQUF3RDtBQWtEeEQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUEyQixFQUFFLEVBQUUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztBQU94Rjs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBcUJHO0FBQ0gsTUFBYSxXQUFXO0lBZXRCLFlBQVksR0FBb0IsRUFBRSxPQUFzQjtRQUp4RCxpQkFBWSxHQUEyQixFQUFFLENBQUM7UUFLeEMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksOEJBQWtCLENBQzFCLDRFQUE0RSxDQUM3RSxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksR0FBRyxDQUFDLFFBQVEsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiw0RUFBNEUsQ0FDN0UsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssU0FBUyxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1FBQzdGLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFDRCxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQztRQUNsQixJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUN2QixJQUFJLENBQUMsT0FBTyxHQUFHLElBQUEsaUJBQU0sRUFBQyxHQUFHLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzNDLElBQUksQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFDLFVBQVUsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBbUI7UUFDNUIsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxtQ0FBbUMsQ0FBQztRQUMvRCxNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLFlBQVk7WUFDcEIsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO1NBQ2IsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQyxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDNUQsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRTtZQUNsRCxPQUFPO1NBQ1IsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLHdCQUF3QixHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQzVFLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFZLENBQUM7SUFDNUMsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBVyxFQUFFLENBQXlCO1FBQ2pELE1BQU0sT0FBTyxHQUEyQjtZQUN0QyxjQUFjLEVBQUUsbUNBQW1DO1lBQ25ELE1BQU0sRUFBRSxrQkFBa0I7U0FDM0IsQ0FBQztRQUNGLGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDMUQsQ0FBQztZQUNELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBQSw0QkFBaUIsRUFBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ3hELE9BQU8sQ0FBQyxJQUFJLEdBQUcsTUFBTSxJQUFBLGNBQU0sRUFBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBQ0QsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFO1lBQ2xDLE1BQU0sRUFBRSxNQUFNO1lBQ2QsT0FBTztZQUNQLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsaUJBQWlCLENBQUMsR0FBb0I7UUFDMUMsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxnQ0FBZ0MsQ0FBQztRQUM1RCxJQUFJLElBQUksQ0FBQztRQUNULFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLEtBQUssUUFBUTtnQkFDWCxJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLG9CQUFvQjtvQkFDaEMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO29CQUN2QixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7aUJBQ2hDLENBQUM7Z0JBQ0YsTUFBTTtZQUNSLEtBQUssVUFBVTtnQkFDYixJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLGlEQUFpRDtvQkFDN0QsYUFBYSxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM5QixrQkFBa0IsRUFBRSxzQ0FBc0M7b0JBQzFELFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtvQkFDdEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN4QixDQUFDO2dCQUNGLE1BQU07WUFDUixLQUFLLFNBQVM7Z0JBQ1osSUFBSSxHQUFHO29CQUNMLFVBQVUsRUFBRSxlQUFlO29CQUMzQixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQy9CLFNBQVMsRUFBRSxHQUFHLENBQUMsUUFBUTtpQkFDeEIsQ0FBQztnQkFDRixNQUFNO1FBQ1YsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDOUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLG1DQUFtQyxHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQ3ZGLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJO1FBQ3ZCLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUM7Z0JBQ0gsSUFBSSxRQUFRLEVBQUUsQ0FBQztvQkFDYixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDMUMsQ0FBQztnQkFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1lBQ2hDLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsK0RBQStELEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hGLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztvQkFDN0Isa0VBQWtFO29CQUNsRSxpQkFBaUI7b0JBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7d0JBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTt3QkFDZCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYTtxQkFDdEMsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUM5RSxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxVQUF5QjtRQUN4RSxzREFBc0Q7UUFDdEQsNkNBQTZDO1FBQzdDLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLEtBQUssSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzlELE9BQU87UUFDVCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDL0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLHVCQUF1QjtRQUMzQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQ3hCLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUM1RCxNQUFNLElBQUksOEJBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sQ0FDTCxDQUFDLEdBQUcsQ0FBQyxRQUFRLElBQUksU0FBUyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUM7Z0JBQy9DLENBQUMsR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQztnQkFDL0MsRUFBRSxDQUNILENBQUM7UUFDSixDQUFDO1FBQ0Qsa0VBQWtFO1FBQ2xFLGlCQUFpQjtRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHO1lBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTtZQUNkLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFlBQVksRUFBRSxhQUFhLENBQUMsYUFBYTtTQUMxQyxDQUFDO1FBQ0YsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDO0lBQ3BDLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiwwSUFBMEksQ0FDM0ksQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsS0FBSyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQzVCLElBQUksQ0FBQyxVQUFVLEVBQ2YsT0FBTyxDQUFDLEdBQUcsRUFDWCxPQUFPLENBQUMsTUFBTTtZQUNkLFdBQVcsQ0FBQyxTQUFTLEVBQ3JCLFdBQVcsQ0FDWixDQUFDO1lBQ0YsdUVBQXVFO1lBQ3ZFLE9BQU8sSUFBQSxxQkFBVyxFQUFDLE9BQU8sRUFBRSxFQUFFLGFBQWEsRUFBRSxVQUFVLFdBQVcsRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFDRCxPQUFPLElBQUEscUJBQVcsRUFBQyxPQUFPLEVBQUUsRUFBRSxhQUFhLEVBQUUsVUFBVSxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztDQUNGO0FBL05ELGtDQStOQyJ9
|
|
@@ -227,15 +227,13 @@ class Client {
|
|
|
227
227
|
clientPublicKey: await (0, utils_js_1.cryptoPublicToPem)(ephemeralKeyPair.publicKey),
|
|
228
228
|
});
|
|
229
229
|
const jwtPayload = { requestBody: requestBodyStr };
|
|
230
|
-
const
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
}),
|
|
234
|
-
};
|
|
230
|
+
const signedRequestToken = await (0, providers_js_1.reqSignature)(jwtPayload, requestSignerKeyPair.privateKey, {
|
|
231
|
+
alg: toJWSAlg(requestSignerKeyPair.publicKey),
|
|
232
|
+
});
|
|
235
233
|
// Wrapped
|
|
236
|
-
const wrappedKey = await (0, access_js_1.fetchWrappedKey)(kasRewrapUrl,
|
|
234
|
+
const wrappedKey = await (0, access_js_1.fetchWrappedKey)(kasRewrapUrl, signedRequestToken, this.authProvider);
|
|
237
235
|
// Extract the iv and ciphertext
|
|
238
|
-
const entityWrappedKey =
|
|
236
|
+
const entityWrappedKey = wrappedKey.entityWrappedKey;
|
|
239
237
|
const ivLength = clientVersion == Client.SDK_INITIAL_RELEASE ? Client.INITIAL_RELEASE_IV_SIZE : Client.IV_SIZE;
|
|
240
238
|
const iv = entityWrappedKey.subarray(0, ivLength);
|
|
241
239
|
const encryptedSharedKey = entityWrappedKey.subarray(ivLength);
|
|
@@ -304,4 +302,4 @@ Client.SDK_INITIAL_RELEASE = '0.0.0';
|
|
|
304
302
|
Client.INITIAL_RELEASE_IV_SIZE = 3;
|
|
305
303
|
Client.IV_SIZE = 12;
|
|
306
304
|
exports.default = Client;
|
|
307
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
305
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL25hbm90ZGYvQ2xpZW50LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0RBQWlEO0FBQ2pELHlEQUEyRTtBQUMzRSw4RUFBbUQ7QUFDbkQsaUZBQXNEO0FBQ3RELDRDQUtzQjtBQUN0Qix1REFBa0Y7QUFDbEYsNENBQTBGO0FBQzFGLDBDQUF5RjtBQWF6RixTQUFTLFFBQVEsQ0FBQyxDQUFZO0lBQzVCLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDeEIsUUFBUSxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDdkIsS0FBSyxtQkFBbUIsQ0FBQztRQUN6QixLQUFLLFNBQVMsQ0FBQztRQUNmLEtBQUssVUFBVSxDQUFDLENBQUMsQ0FBQztZQUNoQixNQUFNLENBQUMsR0FBRyxTQUFrQyxDQUFDO1lBQzdDLFFBQVEsQ0FBQyxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUN4QixLQUFLLElBQUk7b0JBQ1AsT0FBTyxPQUFPLENBQUM7Z0JBQ2pCLEtBQUssSUFBSTtvQkFDUCxPQUFPLE9BQU8sQ0FBQztnQkFDakIsS0FBSyxJQUFJO29CQUNQLE9BQU8sT0FBTyxDQUFDO1lBQ25CLENBQUM7WUFDRCxNQUFNO1FBQ1IsQ0FBQztRQUNELEtBQUssT0FBTyxDQUFDO1FBQ2IsS0FBSyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBQ1osT0FBTyxPQUFPLENBQUM7UUFDakIsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksOEJBQWtCLENBQUMsNkJBQTZCLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ3pGLENBQUM7QUFFRCxLQUFLLFVBQVUsd0JBQXdCO0lBQ3JDLE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxJQUFBLDBCQUFlLEdBQUUsQ0FBQztJQUMxRCxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDOUIsTUFBTSxLQUFLLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUM1QyxDQUFDO0lBQ0QsT0FBTyxFQUFFLFNBQVMsRUFBRSxVQUFVLEVBQUUsQ0FBQztBQUNuQyxDQUFDO0FBRUQsS0FBSyxVQUFVLHFCQUFxQjtJQUNsQyxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUM5QjtRQUNFLElBQUksRUFBRSxtQkFBbUI7UUFDekIsSUFBSSxFQUFFLFNBQVM7UUFDZixhQUFhLEVBQUUsSUFBSTtRQUNuQixjQUFjLEVBQUUsSUFBSSxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0tBQ25ELEVBQ0QsSUFBSSxFQUNKLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUNuQixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBNEJHO0FBQ0gsTUFBcUIsTUFBTTtJQXVCekI7Ozs7OztPQU1HO0lBQ0gsWUFDRSxxQkFBa0QsRUFDbEQsTUFBZSxFQUNmLGdCQUFnQyxFQUNoQyxXQUFXLEdBQUcsS0FBSztRQWpCckIsWUFBTyxHQUFhLEVBQUUsQ0FBQztRQUN2QixtQkFBYyxHQUFhLEVBQUUsQ0FBQztRQWtCNUIsTUFBTSxrQkFBa0IsR0FBRyxDQUFDLENBQWUsRUFBZ0IsRUFBRTtZQUMzRCxPQUFPO2dCQUNMLHFCQUFxQixFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsRUFBRTtvQkFDMUMsTUFBTSxDQUFDLENBQUMscUJBQXFCLENBQUMsVUFBVSxDQUFDLENBQUM7Z0JBQzVDLENBQUM7Z0JBQ0QsU0FBUyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRTtvQkFDM0IsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsb0JBQW9CLENBQUM7b0JBQy9DLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQzt3QkFDWixNQUFNLElBQUksOEJBQWtCLENBQUMsK0NBQStDLENBQUMsQ0FBQztvQkFDaEYsQ0FBQztvQkFDRCxNQUFNLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztvQkFDdEMsT0FBTyxDQUFDLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUM5QixDQUFDO2FBQ0YsQ0FBQztRQUNKLENBQUMsQ0FBQztRQUNGLElBQUksSUFBQSw2QkFBYyxFQUFDLHFCQUFxQixDQUFDLEVBQUUsQ0FBQztZQUMxQyxJQUFJLENBQUMsWUFBWSxHQUFHLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLENBQUM7WUFDOUQsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNaLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1lBQzdELENBQUM7WUFDRCxvREFBb0Q7WUFDcEQsSUFBQSw0QkFBaUIsRUFBQyxNQUFNLENBQUMsQ0FBQztZQUMxQixJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQztZQUNyQixJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztZQUUvQixJQUFJLGdCQUFnQixFQUFFLENBQUM7Z0JBQ3JCLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDNUQsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyx3QkFBd0IsRUFBRSxDQUFDO1lBQ3JELENBQUM7WUFDRCxJQUFJLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNkLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxFQUNKLFlBQVksRUFDWixlQUFlLEVBQ2YsWUFBWSxFQUNaLFdBQVcsRUFDWCxRQUFRLEVBQ1IsZ0JBQWdCLEVBQ2hCLFdBQVcsRUFDWCxXQUFXLEdBQ1osR0FBRyxxQkFBcUIsQ0FBQztZQUMxQixJQUFJLENBQUMsWUFBWSxHQUFHLGtCQUFrQixDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ3JELG9EQUFvRDtZQUNwRCxJQUFBLDRCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQy9CLElBQUksQ0FBQyxNQUFNLEdBQUcsV0FBVyxDQUFDO1lBQzFCLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO1lBQy9CLElBQUksWUFBWSxFQUFFLE1BQU0sSUFBSSxlQUFlLEVBQUUsQ0FBQztnQkFDNUMsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLDJCQUFlLENBQUMsWUFBWSxJQUFJLEVBQUUsRUFBRSxlQUFlLENBQUMsQ0FBQztZQUMvRSxDQUFDO1lBQ0QsSUFBSSxDQUFDLFdBQVcsR0FBRyxDQUFDLENBQUMsV0FBVyxDQUFDO1lBQ2pDLElBQUksUUFBUSxFQUFFLENBQUM7Z0JBQ2IsSUFBSSxDQUFDLG9CQUFvQixHQUFHLFFBQVEsQ0FBQztZQUN2QyxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sSUFBSSxDQUFDLG9CQUFvQixHQUFHLHFCQUFxQixFQUFFLENBQUM7WUFDdEQsQ0FBQztZQUVELElBQUksZ0JBQWdCLEVBQUUsQ0FBQztnQkFDckIsSUFBSSxDQUFDLGdCQUFnQixHQUFHLGdCQUFnQixDQUFDO1lBQzNDLENBQUM7aUJBQU0sQ0FBQztnQkFDTixJQUFJLENBQUMsZ0JBQWdCLEdBQUcsd0JBQXdCLEVBQUUsQ0FBQztZQUNyRCxDQUFDO1lBQ0QsSUFBSSxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxZQUFZLENBQUMsU0FBaUI7UUFDNUIsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsS0FBSyxDQUFDLFNBQVMsQ0FDYixhQUE4QixFQUM5QixZQUFvQixFQUNwQixrQkFBbUMsRUFDbkMsYUFBcUI7UUFFckIsSUFBSSxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztRQUVyQyxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsWUFBWSxHQUFHLE1BQU0sSUFBQSxpQ0FBcUIsRUFBQyxJQUFJLENBQUMsV0FBVyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksMEJBQWMsQ0FBQyxpQkFBaUIsWUFBWSxDQUFDLE9BQU8sR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQ25GLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDO1FBQ3JELE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsb0JBQW9CLENBQUM7UUFFN0Qsa0ZBQWtGO1FBQ2xGLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsQ0FBQztZQUNsQyxNQUFNLElBQUksOEJBQWtCLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUM5RSxDQUFDO1FBRUQsSUFBSSxDQUFDLG9CQUFvQixFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ3RDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQ0FBMEMsQ0FBQyxDQUFDO1FBQzNFLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1lBQ3BDLFNBQVMsRUFBRSwwQkFBYSxDQUFDLGtCQUFrQjtZQUMzQyxrREFBa0Q7WUFDbEQsU0FBUyxFQUFFO2dCQUNULElBQUksRUFBRSxNQUFNLENBQUMsaUJBQWlCO2dCQUM5QixHQUFHLEVBQUUsRUFBRTtnQkFDUCxRQUFRLEVBQUUsTUFBTSxDQUFDLFlBQVk7Z0JBQzdCLE1BQU0sRUFBRSxNQUFNLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDO2FBQ2hEO1lBQ0QsZUFBZSxFQUFFLE1BQU0sSUFBQSw0QkFBaUIsRUFBQyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUM7U0FDckUsQ0FBQyxDQUFDO1FBRUgsTUFBTSxVQUFVLEdBQUcsRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLENBQUM7UUFFbkQsTUFBTSxrQkFBa0IsR0FBRyxNQUFNLElBQUEsMkJBQVksRUFBQyxVQUFVLEVBQUUsb0JBQW9CLENBQUMsVUFBVSxFQUFFO1lBQ3pGLEdBQUcsRUFBRSxRQUFRLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDO1NBQzlDLENBQUMsQ0FBQztRQUVILFVBQVU7UUFDVixNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUEsMkJBQWUsRUFBQyxZQUFZLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRTlGLGdDQUFnQztRQUNoQyxNQUFNLGdCQUFnQixHQUFHLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQztRQUNyRCxNQUFNLFFBQVEsR0FDWixhQUFhLElBQUksTUFBTSxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsdUJBQXVCLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7UUFDaEcsTUFBTSxFQUFFLEdBQUcsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNsRCxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUUvRCxJQUFJLFlBQVksQ0FBQztRQUNqQixJQUFJLENBQUM7WUFDSCxtREFBbUQ7WUFDbkQsWUFBWSxHQUFHLE1BQU0sSUFBQSwrQkFBb0IsRUFBQyxVQUFVLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUN6RSxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIsY0FBYyxZQUFZLDJFQUEyRSxFQUNyRyxLQUFLLENBQ04sQ0FBQztRQUNKLENBQUM7UUFFRCxJQUFJLFFBQVEsQ0FBQztRQUNiLElBQUksQ0FBQztZQUNILDJCQUEyQjtZQUMzQixRQUFRLEdBQUcsTUFBTSxJQUFBLHdCQUFXLEVBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUNuRCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSxvQkFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQy9DLENBQUM7UUFDRCxNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUM7UUFFbkQseUJBQXlCO1FBQ3pCLElBQUksYUFBYSxDQUFDO1FBQ2xCLElBQUksQ0FBQztZQUNILGFBQWEsR0FBRyxNQUFNLElBQUEsdUJBQVk7WUFDaEMsd0JBQXdCO1lBQ3hCLFVBQVUsRUFDVixZQUFZLEVBQ1osUUFBUSxDQUNULENBQUM7UUFDSixDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLElBQUksQ0FBQyxDQUFDLElBQUksSUFBSSxvQkFBb0IsSUFBSSxDQUFDLENBQUMsSUFBSSxJQUFJLGdCQUFnQixFQUFFLENBQUM7Z0JBQ2pFLE1BQU0sSUFBSSx3QkFBWSxDQUFDLCtCQUErQixFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQzdELENBQUM7aUJBQU0sSUFBSSxDQUFDLENBQUMsSUFBSSxJQUFJLGNBQWMsRUFBRSxDQUFDO2dCQUNwQyxNQUFNLElBQUksOEJBQWtCLENBQUMsK0JBQStCLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFDbkUsQ0FBQztZQUNELE1BQU0sSUFBSSxvQkFBUSxDQUFDLDJCQUEyQixFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3JELENBQUM7UUFFRCxNQUFNLGFBQWEsR0FBRyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxVQUFVLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDL0QsSUFBSSxZQUFZLENBQUM7UUFDakIsSUFBSSxDQUFDO1lBQ0gsMEJBQTBCO1lBQzFCLFlBQVksR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUN4QyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsRUFDakQsYUFBYSxFQUNiLGtCQUFrQixDQUNuQixDQUFDO1FBQ0osQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixNQUFNLElBQUksd0JBQVksQ0FDcEIsMEVBQTBFLEVBQzFFLEtBQUssQ0FDTixDQUFDO1FBQ0osQ0FBQztRQUVELGVBQWU7UUFDZixJQUFJLFlBQVksQ0FBQztRQUNqQixJQUFJLENBQUM7WUFDSCxZQUFZLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDMUMsS0FBSyxFQUNMLFlBQVksRUFDWixTQUFTO1lBQ1Qsd0VBQXdFO1lBQ3hFLDBFQUEwRTtZQUMxRSx3RUFBd0U7WUFDeEUsSUFBSTtZQUNKLDhFQUE4RTtZQUM5RSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FDdkIsQ0FBQztRQUNKLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsTUFBTSxJQUFJLHdCQUFZLENBQUMsMkJBQTJCLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUVELE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7O0FBeFBlLHdCQUFpQixHQUFHLFFBQVEsQUFBWCxDQUFZO0FBQzdCLG1CQUFZLEdBQUcsS0FBSyxBQUFSLENBQVM7QUFDckIsMEJBQW1CLEdBQUcsT0FBTyxBQUFWLENBQVc7QUFDOUIsOEJBQXVCLEdBQUcsQ0FBQyxBQUFKLENBQUs7QUFDNUIsY0FBTyxHQUFHLEVBQUUsQUFBTCxDQUFNO2tCQUxWLE1BQU0ifQ==
|