@opentdf/sdk 0.4.1-rc.37 → 0.5.0-beta.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +2 -1
- package/dist/cjs/src/access/access-rpc.js +11 -5
- package/dist/cjs/src/access/constants.js +6 -0
- package/dist/cjs/src/access.js +39 -4
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +4 -2
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +5 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +19 -3
- package/dist/cjs/src/auth/oidc.js +9 -8
- package/dist/cjs/src/auth/providers.js +7 -1
- package/dist/cjs/src/index.js +4 -2
- package/dist/cjs/src/nanoclients.js +4 -4
- package/dist/cjs/src/nanotdf/Client.js +10 -6
- package/dist/cjs/src/opentdf.js +102 -13
- package/dist/cjs/src/platform/authorization/v2/authorization_pb.js +112 -0
- package/dist/cjs/src/platform/buf/validate/validate_pb.js +114 -170
- package/dist/cjs/src/platform/common/common_pb.js +16 -5
- package/dist/cjs/src/platform/entity/entity_pb.js +51 -0
- package/dist/cjs/src/platform/entityresolution/entity_resolution_pb.js +1 -1
- package/dist/cjs/src/platform/entityresolution/v2/entity_resolution_pb.js +49 -0
- package/dist/cjs/src/platform/google/api/annotations_pb.js +1 -1
- package/dist/cjs/src/platform/google/api/http_pb.js +3 -3
- package/dist/cjs/src/platform/kas/kas_pb.js +2 -2
- package/dist/cjs/src/platform/policy/attributes/attributes_pb.js +12 -2
- package/dist/cjs/src/platform/policy/kasregistry/key_access_server_registry_pb.js +57 -4
- package/dist/cjs/src/platform/policy/keymanagement/key_management_pb.js +2 -2
- package/dist/cjs/src/platform/policy/namespaces/namespaces_pb.js +31 -4
- package/dist/cjs/src/platform/policy/objects_pb.js +116 -42
- package/dist/cjs/src/platform/policy/obligations/obligations_pb.js +159 -0
- package/dist/cjs/src/platform/policy/registeredresources/registered_resources_pb.js +20 -15
- package/dist/cjs/src/platform/policy/resourcemapping/resource_mapping_pb.js +2 -3
- package/dist/cjs/src/platform/policy/selectors_pb.js +1 -1
- package/dist/cjs/src/platform/policy/subjectmapping/subject_mapping_pb.js +2 -3
- package/dist/cjs/src/platform/policy/unsafe/unsafe_pb.js +2 -4
- package/dist/cjs/src/platform.js +20 -3
- package/dist/cjs/src/policy/api.js +27 -7
- package/dist/cjs/src/policy/granter.js +75 -48
- package/dist/cjs/src/seekable.js +32 -1
- package/dist/cjs/src/utils.js +85 -3
- package/dist/cjs/src/version.js +1 -1
- package/dist/cjs/tdf3/src/assertions.js +39 -2
- package/dist/cjs/tdf3/src/client/DecoratedReadableStream.js +8 -1
- package/dist/cjs/tdf3/src/client/builders.js +13 -1
- package/dist/cjs/tdf3/src/client/index.js +213 -54
- package/dist/cjs/tdf3/src/client/validation.js +3 -3
- package/dist/cjs/tdf3/src/tdf.js +42 -9
- package/dist/cjs/tdf3/src/utils/unwrap.js +2 -2
- package/dist/types/src/access/access-fetch.d.ts +1 -0
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts +2 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access/constants.d.ts +3 -0
- package/dist/types/src/access/constants.d.ts.map +1 -0
- package/dist/types/src/access.d.ts +30 -1
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +1 -1
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +15 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +4 -0
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/nanotdf/Client.d.ts +8 -1
- package/dist/types/src/nanotdf/Client.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +137 -6
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform/authorization/v2/authorization_pb.d.ts +439 -0
- package/dist/types/src/platform/authorization/v2/authorization_pb.d.ts.map +1 -0
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts +495 -370
- package/dist/types/src/platform/buf/validate/validate_pb.d.ts.map +1 -1
- package/dist/types/src/platform/common/common_pb.d.ts +36 -0
- package/dist/types/src/platform/common/common_pb.d.ts.map +1 -1
- package/dist/types/src/platform/entity/entity_pb.d.ts +130 -0
- package/dist/types/src/platform/entity/entity_pb.d.ts.map +1 -0
- package/dist/types/src/platform/entityresolution/entity_resolution_pb.d.ts +4 -0
- package/dist/types/src/platform/entityresolution/entity_resolution_pb.d.ts.map +1 -1
- package/dist/types/src/platform/entityresolution/v2/entity_resolution_pb.d.ts +136 -0
- package/dist/types/src/platform/entityresolution/v2/entity_resolution_pb.d.ts.map +1 -0
- package/dist/types/src/platform/google/api/http_pb.d.ts.map +1 -1
- package/dist/types/src/platform/kas/kas_pb.d.ts +5 -0
- package/dist/types/src/platform/kas/kas_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts +44 -13
- package/dist/types/src/platform/policy/attributes/attributes_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts +329 -24
- package/dist/types/src/platform/policy/kasregistry/key_access_server_registry_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/keymanagement/key_management_pb.d.ts +20 -1
- package/dist/types/src/platform/policy/keymanagement/key_management_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts +143 -5
- package/dist/types/src/platform/policy/namespaces/namespaces_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/objects_pb.d.ts +382 -33
- package/dist/types/src/platform/policy/objects_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/obligations/obligations_pb.d.ts +670 -0
- package/dist/types/src/platform/policy/obligations/obligations_pb.d.ts.map +1 -0
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts +67 -0
- package/dist/types/src/platform/policy/registeredresources/registered_resources_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/resourcemapping/resource_mapping_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/selectors_pb.d.ts +18 -0
- package/dist/types/src/platform/policy/selectors_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/subjectmapping/subject_mapping_pb.d.ts.map +1 -1
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts +18 -4
- package/dist/types/src/platform/policy/unsafe/unsafe_pb.d.ts.map +1 -1
- package/dist/types/src/platform.d.ts +21 -0
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +2 -0
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/granter.d.ts +11 -6
- package/dist/types/src/policy/granter.d.ts.map +1 -1
- package/dist/types/src/seekable.d.ts +31 -0
- package/dist/types/src/seekable.d.ts.map +1 -1
- package/dist/types/src/utils.d.ts +61 -2
- package/dist/types/src/utils.d.ts.map +1 -1
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +4 -0
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts +6 -0
- package/dist/types/tdf3/src/client/DecoratedReadableStream.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +14 -0
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +25 -4
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/validation.d.ts +3 -3
- package/dist/types/tdf3/src/client/validation.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +3 -1
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/unwrap.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +2 -1
- package/dist/web/src/access/access-rpc.js +11 -5
- package/dist/web/src/access/constants.js +3 -0
- package/dist/web/src/access.js +37 -3
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -2
- package/dist/web/src/auth/oidc-externaljwt-provider.js +5 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +19 -3
- package/dist/web/src/auth/oidc.js +9 -8
- package/dist/web/src/auth/providers.js +7 -1
- package/dist/web/src/index.js +2 -1
- package/dist/web/src/nanoclients.js +4 -4
- package/dist/web/src/nanotdf/Client.js +11 -7
- package/dist/web/src/opentdf.js +102 -13
- package/dist/web/src/platform/authorization/v2/authorization_pb.js +109 -0
- package/dist/web/src/platform/buf/validate/validate_pb.js +113 -169
- package/dist/web/src/platform/common/common_pb.js +15 -4
- package/dist/web/src/platform/entity/entity_pb.js +48 -0
- package/dist/web/src/platform/entityresolution/entity_resolution_pb.js +1 -1
- package/dist/web/src/platform/entityresolution/v2/entity_resolution_pb.js +46 -0
- package/dist/web/src/platform/google/api/annotations_pb.js +1 -1
- package/dist/web/src/platform/google/api/http_pb.js +3 -3
- package/dist/web/src/platform/kas/kas_pb.js +2 -2
- package/dist/web/src/platform/policy/attributes/attributes_pb.js +12 -2
- package/dist/web/src/platform/policy/kasregistry/key_access_server_registry_pb.js +55 -3
- package/dist/web/src/platform/policy/keymanagement/key_management_pb.js +2 -2
- package/dist/web/src/platform/policy/namespaces/namespaces_pb.js +30 -3
- package/dist/web/src/platform/policy/objects_pb.js +114 -41
- package/dist/web/src/platform/policy/obligations/obligations_pb.js +156 -0
- package/dist/web/src/platform/policy/registeredresources/registered_resources_pb.js +19 -14
- package/dist/web/src/platform/policy/resourcemapping/resource_mapping_pb.js +2 -3
- package/dist/web/src/platform/policy/selectors_pb.js +1 -1
- package/dist/web/src/platform/policy/subjectmapping/subject_mapping_pb.js +2 -3
- package/dist/web/src/platform/policy/unsafe/unsafe_pb.js +2 -4
- package/dist/web/src/platform.js +20 -3
- package/dist/web/src/policy/api.js +26 -7
- package/dist/web/src/policy/granter.js +75 -48
- package/dist/web/src/seekable.js +32 -1
- package/dist/web/src/utils.js +84 -3
- package/dist/web/src/version.js +1 -1
- package/dist/web/tdf3/src/assertions.js +38 -2
- package/dist/web/tdf3/src/client/DecoratedReadableStream.js +8 -1
- package/dist/web/tdf3/src/client/builders.js +13 -1
- package/dist/web/tdf3/src/client/index.js +215 -57
- package/dist/web/tdf3/src/client/validation.js +3 -3
- package/dist/web/tdf3/src/tdf.js +42 -9
- package/dist/web/tdf3/src/utils/unwrap.js +2 -2
- package/package.json +7 -5
- package/src/access/access-fetch.ts +1 -0
- package/src/access/access-rpc.ts +13 -4
- package/src/access/constants.ts +2 -0
- package/src/access.ts +54 -2
- package/src/auth/oidc-clientcredentials-provider.ts +4 -0
- package/src/auth/oidc-externaljwt-provider.ts +5 -1
- package/src/auth/oidc-refreshtoken-provider.ts +19 -1
- package/src/auth/oidc.ts +12 -7
- package/src/auth/providers.ts +6 -0
- package/src/index.ts +1 -0
- package/src/nanoclients.ts +3 -3
- package/src/nanotdf/Client.ts +28 -6
- package/src/opentdf.ts +205 -73
- package/src/platform/authorization/v2/authorization_pb.ts +503 -0
- package/src/platform/buf/validate/validate_pb.ts +529 -401
- package/src/platform/common/common_pb.ts +48 -3
- package/src/platform/entity/entity_pb.ts +154 -0
- package/src/platform/entityresolution/entity_resolution_pb.ts +4 -0
- package/src/platform/entityresolution/v2/entity_resolution_pb.ts +170 -0
- package/src/platform/google/api/annotations_pb.ts +1 -1
- package/src/platform/google/api/http_pb.ts +2 -2
- package/src/platform/kas/kas_pb.ts +6 -1
- package/src/platform/policy/attributes/attributes_pb.ts +46 -16
- package/src/platform/policy/kasregistry/key_access_server_registry_pb.ts +371 -27
- package/src/platform/policy/keymanagement/key_management_pb.ts +24 -2
- package/src/platform/policy/namespaces/namespaces_pb.ts +163 -7
- package/src/platform/policy/objects_pb.ts +474 -59
- package/src/platform/policy/obligations/obligations_pb.ts +788 -0
- package/src/platform/policy/registeredresources/registered_resources_pb.ts +80 -13
- package/src/platform/policy/resourcemapping/resource_mapping_pb.ts +1 -2
- package/src/platform/policy/selectors_pb.ts +18 -0
- package/src/platform/policy/subjectmapping/subject_mapping_pb.ts +1 -2
- package/src/platform/policy/unsafe/unsafe_pb.ts +21 -6
- package/src/platform.ts +29 -5
- package/src/policy/api.ts +37 -6
- package/src/policy/granter.ts +82 -56
- package/src/seekable.ts +31 -0
- package/src/utils.ts +88 -2
- package/src/version.ts +1 -1
- package/tdf3/src/assertions.ts +52 -1
- package/tdf3/src/client/DecoratedReadableStream.ts +9 -0
- package/tdf3/src/client/builders.ts +16 -0
- package/tdf3/src/client/index.ts +309 -73
- package/tdf3/src/client/validation.ts +2 -2
- package/tdf3/src/tdf.ts +53 -9
- package/tdf3/src/utils/unwrap.ts +2 -1
|
@@ -11,77 +11,161 @@ import { type Segment, type SplitType, type EncryptionInformation } from '../tdf
|
|
|
11
11
|
import { type KeyAccessObject } from '../tdf3/src/models/key-access.js';
|
|
12
12
|
import { type IntegrityAlgorithm } from '../tdf3/src/tdf.js';
|
|
13
13
|
export { type Assertion, type EncryptionInformation, type IntegrityAlgorithm, type KasPublicKeyAlgorithm, type KeyAccessObject, type Manifest, type Payload, type Segment, type SplitType, isPublicKeyAlgorithm, };
|
|
14
|
+
/** A map of key identifiers to cryptographic keys. */
|
|
14
15
|
export type Keys = {
|
|
15
16
|
[keyID: string]: CryptoKey | CryptoKeyPair;
|
|
16
17
|
};
|
|
18
|
+
/** The fully qualified obligations that the caller is required to fulfill. */
|
|
19
|
+
export type RequiredObligations = {
|
|
20
|
+
/** List of obligations values' fully qualified names. */
|
|
21
|
+
fqns: string[];
|
|
22
|
+
};
|
|
23
|
+
/** Options for creating a new TDF object, shared between all container types. */
|
|
17
24
|
export type CreateOptions = {
|
|
25
|
+
/** If the policy service should be used to control creation options. */
|
|
18
26
|
autoconfigure?: boolean;
|
|
27
|
+
/** List of attributes that will be assigned to the object's policy. */
|
|
19
28
|
attributes?: string[];
|
|
29
|
+
/**
|
|
30
|
+
* If set and positive, this represents the maxiumum number of bytes to read from a stream to encrypt.
|
|
31
|
+
* This is helpful for enforcing size limits and preventing DoS attacks.
|
|
32
|
+
*/
|
|
20
33
|
byteLimit?: number;
|
|
34
|
+
/** The KAS to use for creation, if none is specified by the attribute service. */
|
|
21
35
|
defaultKASEndpoint?: string;
|
|
36
|
+
/** Private (or shared) keys for signing assertions and bindings. */
|
|
22
37
|
signers?: Keys;
|
|
38
|
+
/** Source of plaintext data. */
|
|
23
39
|
source: Source;
|
|
24
40
|
};
|
|
41
|
+
/** Options for creating a NanoTDF. */
|
|
25
42
|
export type CreateNanoTDFOptions = CreateOptions & {
|
|
43
|
+
/** The type of binding to use for the NanoTDF. */
|
|
26
44
|
bindingType?: 'ecdsa' | 'gmac';
|
|
45
|
+
/** When creating a new collection, use ECDSA binding with this key id from the signers, instead of the DEK. */
|
|
27
46
|
ecdsaBindingKeyID?: string;
|
|
47
|
+
/**
|
|
48
|
+
* When creating a new collection, use the key in the `signers` list with this id
|
|
49
|
+
* to generate a signature for each element. When absent, the nanotdf is unsigned.
|
|
50
|
+
*/
|
|
28
51
|
signingKeyID?: string;
|
|
29
52
|
};
|
|
53
|
+
/** Options for creating a NanoTDF collection. */
|
|
30
54
|
export type CreateNanoTDFCollectionOptions = CreateNanoTDFOptions & {
|
|
55
|
+
/** The platform URL. */
|
|
31
56
|
platformUrl: string;
|
|
57
|
+
/** The maximum number of key iterations to use for a single DEK. */
|
|
32
58
|
maxKeyIterations?: number;
|
|
33
59
|
};
|
|
60
|
+
/** Metadata for a TDF object. */
|
|
34
61
|
export type Metadata = object;
|
|
62
|
+
/** MIME type of the decrypted content. */
|
|
35
63
|
export type MimeType = `${string}/${string}`;
|
|
64
|
+
/** Template for a Key Access Object (KAO) to be filled in during encrypt. */
|
|
36
65
|
export type SplitStep = {
|
|
66
|
+
/** Which KAS to use to rewrap this segment of the key. */
|
|
37
67
|
kas: string;
|
|
68
|
+
/**
|
|
69
|
+
* An identifier for a key segment.
|
|
70
|
+
* Leave empty to share the key.
|
|
71
|
+
*/
|
|
38
72
|
sid?: string;
|
|
39
73
|
};
|
|
74
|
+
/** Options specific to the ZTDF container format. */
|
|
40
75
|
export type CreateZTDFOptions = CreateOptions & {
|
|
76
|
+
/** Configuration for bound metadata. */
|
|
41
77
|
assertionConfigs?: AssertionConfig[];
|
|
78
|
+
/** Unbound metadata (deprecated). */
|
|
42
79
|
metadata?: Metadata;
|
|
80
|
+
/** MIME type of the decrypted content. Used for display. */
|
|
43
81
|
mimeType?: MimeType;
|
|
82
|
+
/** How to split or share the data encryption key across multiple KASes. */
|
|
44
83
|
splitPlan?: SplitStep[];
|
|
84
|
+
/**
|
|
85
|
+
* The segment size for the content; smaller is slower, but allows faster random access.
|
|
86
|
+
* The current default is 1 MiB (2^20 bytes).
|
|
87
|
+
*/
|
|
45
88
|
windowSize?: number;
|
|
89
|
+
/** Preferred algorithm to use for Key Access Objects. */
|
|
46
90
|
wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
|
|
91
|
+
/** TDF spec version to target. */
|
|
47
92
|
tdfSpecVersion?: '4.2.2' | '4.3.0';
|
|
48
93
|
};
|
|
94
|
+
/** Settings for decrypting any variety of TDF file. */
|
|
49
95
|
export type ReadOptions = {
|
|
96
|
+
/** The ciphertext source. */
|
|
50
97
|
source: Source;
|
|
98
|
+
/** The platform URL. */
|
|
51
99
|
platformUrl?: string;
|
|
100
|
+
/** List of KASes that may be contacted for a rewrap. */
|
|
52
101
|
allowedKASEndpoints?: string[];
|
|
102
|
+
/** Optionally disable checking the allowlist. */
|
|
53
103
|
ignoreAllowlist?: boolean;
|
|
104
|
+
/** Optionally override client fulfillableObligationFQNs. */
|
|
105
|
+
fulfillableObligationFQNs?: string[];
|
|
106
|
+
/** Public (or shared) keys for verifying assertions. */
|
|
54
107
|
assertionVerificationKeys?: AssertionVerificationKeys;
|
|
108
|
+
/** Optionally disable assertion verification. */
|
|
55
109
|
noVerify?: boolean;
|
|
110
|
+
/** If set, prevents more than this number of concurrent requests to the KAS. */
|
|
56
111
|
concurrencyLimit?: number;
|
|
112
|
+
/** Type of key to use for wrapping responses. */
|
|
57
113
|
wrappingKeyAlgorithm?: KasPublicKeyAlgorithm;
|
|
58
114
|
};
|
|
115
|
+
/** Defaults and shared settings that are relevant to creating TDF objects. */
|
|
59
116
|
export type OpenTDFOptions = {
|
|
117
|
+
/** Policy service endpoint. */
|
|
60
118
|
policyEndpoint?: string;
|
|
119
|
+
/** Platform URL. */
|
|
61
120
|
platformUrl?: string;
|
|
121
|
+
/** Auth provider for connections to the policy service and KASes. */
|
|
62
122
|
authProvider: AuthProvider;
|
|
123
|
+
/** Default settings for 'encrypt' type requests. */
|
|
63
124
|
defaultCreateOptions?: Omit<CreateOptions, 'source'>;
|
|
125
|
+
/** Default settings for 'decrypt' type requests. */
|
|
64
126
|
defaultReadOptions?: Omit<ReadOptions, 'source'>;
|
|
127
|
+
/** If we want to *not* send a DPoP token. */
|
|
65
128
|
disableDPoP?: boolean;
|
|
129
|
+
/**
|
|
130
|
+
* Optional keys for DPoP requests to a server.
|
|
131
|
+
* These often must be registered via a DPoP flow with the IdP
|
|
132
|
+
* which is out of the scope of this library.
|
|
133
|
+
*/
|
|
66
134
|
dpopKeys?: Promise<CryptoKeyPair>;
|
|
135
|
+
/** Configuration options for the collection header cache. */
|
|
67
136
|
rewrapCacheOptions?: RewrapCacheOptions;
|
|
68
137
|
};
|
|
138
|
+
/** A decorated readable stream. */
|
|
69
139
|
export type DecoratedStream = ReadableStream<Uint8Array> & {
|
|
140
|
+
/** If the source is a TDF3/ZTDF, and includes metadata, and it has been read. */
|
|
70
141
|
metadata?: Promise<unknown>;
|
|
142
|
+
/** The TDF manifest. */
|
|
71
143
|
manifest?: Promise<Manifest>;
|
|
144
|
+
/** If the source is a NanoTDF, this will be set. */
|
|
72
145
|
header?: Header;
|
|
73
146
|
};
|
|
147
|
+
/** Configuration options for the collection header cache. */
|
|
74
148
|
export type RewrapCacheOptions = {
|
|
149
|
+
/** If we should disable (bypass) the cache. */
|
|
75
150
|
bypass?: boolean;
|
|
151
|
+
/** Evict keys after this many milliseconds. */
|
|
76
152
|
maxAge?: number;
|
|
153
|
+
/** Check for expired keys once every this many milliseconds. */
|
|
77
154
|
pollInterval?: number;
|
|
78
155
|
};
|
|
156
|
+
/**
|
|
157
|
+
* Cache for headers of nanotdf collections, to quickly open multiple entries of the same collection.
|
|
158
|
+
* It has a demon that removes all keys that have not been accessed in the last 5 minutes.
|
|
159
|
+
* To cancel the demon, and clear the cache, call `close()`.
|
|
160
|
+
* */
|
|
79
161
|
export declare class RewrapCache {
|
|
80
162
|
private cache?;
|
|
81
163
|
private closer?;
|
|
82
164
|
constructor(opts?: RewrapCacheOptions);
|
|
83
165
|
get(key: Uint8Array): CryptoKey | undefined;
|
|
166
|
+
/** Set a key in the cache. */
|
|
84
167
|
set(key: Uint8Array, value: CryptoKey): void;
|
|
168
|
+
/** Close the cache and release any resources. */
|
|
85
169
|
close(): void;
|
|
86
170
|
}
|
|
87
171
|
/**
|
|
@@ -104,36 +188,83 @@ export type TDFReader = {
|
|
|
104
188
|
* @returns Any data attributes found in the policy. Currently only works for plain text, embedded policies (not remote or encrypted policies)
|
|
105
189
|
*/
|
|
106
190
|
attributes: () => Promise<string[]>;
|
|
191
|
+
/**
|
|
192
|
+
* @returns Any obligation value FQNs that are required to be fulfilled on the TDF, populated during the decrypt flow.
|
|
193
|
+
*/
|
|
194
|
+
obligations: () => Promise<RequiredObligations>;
|
|
107
195
|
};
|
|
196
|
+
/**
|
|
197
|
+
* The main OpenTDF class that provides methods for creating and reading TDF files.
|
|
198
|
+
* It supports both NanoTDF and ZTDF formats.
|
|
199
|
+
* It can be used to create new TDF files and read existing ones.
|
|
200
|
+
* This class is the entry point for using the OpenTDF SDK.
|
|
201
|
+
* It requires an authentication provider to be passed in the constructor.
|
|
202
|
+
* It also requires a platform URL to be set, which is used to fetch key access servers and policies.
|
|
203
|
+
* @example
|
|
204
|
+
* ```
|
|
205
|
+
* import { type Chunker, OpenTDF } from '@opentdf/sdk';
|
|
206
|
+
*
|
|
207
|
+
* const oidcCredentials: RefreshTokenCredentials = {
|
|
208
|
+
* clientId: keycloakClientId,
|
|
209
|
+
* exchange: 'refresh',
|
|
210
|
+
* refreshToken: refreshToken,
|
|
211
|
+
* oidcOrigin: keycloakUrl,
|
|
212
|
+
* };
|
|
213
|
+
* const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
|
|
214
|
+
*
|
|
215
|
+
* const client = new OpenTDF({
|
|
216
|
+
* authProvider,
|
|
217
|
+
* platformUrl: 'https://platform.example.com',
|
|
218
|
+
* });
|
|
219
|
+
*
|
|
220
|
+
* const cipherText = await client.createZTDF({
|
|
221
|
+
* source: { type: 'stream', location: source },
|
|
222
|
+
* autoconfigure: false,
|
|
223
|
+
* });
|
|
224
|
+
*
|
|
225
|
+
* const clearText = await client.read({ type: 'stream', location: cipherText });
|
|
226
|
+
* ```
|
|
227
|
+
*/
|
|
108
228
|
export declare class OpenTDF {
|
|
229
|
+
/** The platform URL */
|
|
109
230
|
readonly platformUrl: string;
|
|
231
|
+
/** The policy service endpoint */
|
|
110
232
|
readonly policyEndpoint: string;
|
|
233
|
+
/** The auth provider for the OpenTDF instance. */
|
|
111
234
|
readonly authProvider: AuthProvider;
|
|
235
|
+
/** If DPoP is enabled for this instance. */
|
|
112
236
|
readonly dpopEnabled: boolean;
|
|
237
|
+
/** Default options for creating TDF objects. */
|
|
113
238
|
defaultCreateOptions: Omit<CreateOptions, 'source'>;
|
|
239
|
+
/** Default options for reading TDF objects. */
|
|
114
240
|
defaultReadOptions: Omit<ReadOptions, 'source'>;
|
|
241
|
+
/** The DPoP keys for this instance, if any. */
|
|
115
242
|
readonly dpopKeys: Promise<CryptoKeyPair>;
|
|
243
|
+
/** Cache for rewrapped keys */
|
|
116
244
|
private readonly rewrapCache;
|
|
245
|
+
/** The TDF3 client for encrypting and decrypting ZTDF files. */
|
|
117
246
|
readonly tdf3Client: TDF3Client;
|
|
118
247
|
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, rewrapCacheOptions, platformUrl, }: OpenTDFOptions);
|
|
248
|
+
/** Creates a new NanoTDF stream. */
|
|
119
249
|
createNanoTDF(opts: CreateNanoTDFOptions): Promise<DecoratedStream>;
|
|
120
250
|
/**
|
|
121
251
|
* Creates a new collection object, which can be used to encrypt a series of data with the same policy.
|
|
122
|
-
* @returns
|
|
123
252
|
*/
|
|
124
253
|
createNanoTDFCollection(opts: CreateNanoTDFCollectionOptions): Promise<NanoTDFCollectionWriter>;
|
|
254
|
+
/** Creates a new ZTDF stream. */
|
|
125
255
|
createZTDF(opts: CreateZTDFOptions): Promise<DecoratedStream>;
|
|
126
|
-
/**
|
|
127
|
-
* Opens a TDF file for inspection and decryption.
|
|
128
|
-
* @param opts the file to open, and any appropriate configuration options
|
|
129
|
-
* @returns
|
|
130
|
-
*/
|
|
256
|
+
/** Opens a TDF file for inspection and decryption. */
|
|
131
257
|
open(opts: ReadOptions): TDFReader;
|
|
258
|
+
/** Decrypts a TDF file. */
|
|
132
259
|
read(opts: ReadOptions): Promise<DecoratedStream>;
|
|
260
|
+
/** Closes the OpenTDF instance and releases any resources. */
|
|
133
261
|
close(): void;
|
|
134
262
|
}
|
|
263
|
+
/** A writer for NanoTDF collections. */
|
|
135
264
|
export type NanoTDFCollectionWriter = {
|
|
265
|
+
/** The NanoTDF client used for encrypting data in this collection. */
|
|
136
266
|
encrypt: (source: Source) => Promise<ReadableStream<Uint8Array>>;
|
|
267
|
+
/** Closes the collection and releases any resources. */
|
|
137
268
|
close: () => Promise<void>;
|
|
138
269
|
};
|
|
139
270
|
//# sourceMappingURL=opentdf.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGxD,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAInE,OAAO,MAAM,MAAM,4BAA4B,CAAC;AAChD,OAAO,EAAuC,KAAK,MAAM,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EACL,KAAK,SAAS,EACd,eAAe,EACf,yBAAyB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,KAAK,qBAAqB,EAG1B,oBAAoB,EACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC3B,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EACL,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,oBAAoB,GACrB,CAAC;AAEF,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,aAAa,CAAC;CAC5C,CAAC;
|
|
1
|
+
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGxD,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAInE,OAAO,MAAM,MAAM,4BAA4B,CAAC;AAChD,OAAO,EAAuC,KAAK,MAAM,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EACL,KAAK,SAAS,EACd,eAAe,EACf,yBAAyB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,KAAK,qBAAqB,EAG1B,oBAAoB,EACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC3B,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EACL,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,oBAAoB,GACrB,CAAC;AAEF,sDAAsD;AACtD,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,aAAa,CAAC;CAC5C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,mBAAmB,GAAG;IAChC,yDAAyD;IACzD,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,CAAC;AAEF,iFAAiF;AACjF,MAAM,MAAM,aAAa,GAAG;IAC1B,wEAAwE;IACxE,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,oEAAoE;IACpE,OAAO,CAAC,EAAE,IAAI,CAAC;IAEf,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,sCAAsC;AACtC,MAAM,MAAM,oBAAoB,GAAG,aAAa,GAAG;IACjD,kDAAkD;IAClD,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAE/B,+GAA+G;IAC/G,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,iDAAiD;AACjD,MAAM,MAAM,8BAA8B,GAAG,oBAAoB,GAAG;IAClE,wBAAwB;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,iCAAiC;AACjC,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC;AAE9B,0CAA0C;AAC1C,MAAM,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;AAE7C,6EAA6E;AAC7E,MAAM,MAAM,SAAS,GAAG;IACtB,0DAA0D;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,qDAAqD;AACrD,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG;IAC9C,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IAErC,qCAAqC;IACrC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IAExB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,yDAAyD;IACzD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;IAE7C,kCAAkC;IAClC,cAAc,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;CACpC,CAAC;AAEF,uDAAuD;AACvD,MAAM,MAAM,WAAW,GAAG;IACxB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iDAAiD;IACjD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,4DAA4D;IAC5D,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,wDAAwD;IACxD,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,iDAAiD;IACjD,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,gFAAgF;IAChF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,cAAc,GAAG;IAC3B,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,oBAAoB;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,qEAAqE;IACrE,YAAY,EAAE,YAAY,CAAC;IAE3B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAErD,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAEjD,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAElC,6DAA6D;IAC7D,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;CACzC,CAAC;AAEF,mCAAmC;AACnC,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,UAAU,CAAC,GAAG;IACzD,iFAAiF;IACjF,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,wBAAwB;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7B,oDAAoD;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,6DAA6D;AAC7D,MAAM,MAAM,kBAAkB,GAAG;IAC/B,+CAA+C;IAC/C,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAQF;;;;KAIK;AACL,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAC,CAAgE;IAC9E,OAAO,CAAC,MAAM,CAAC,CAAiC;gBACpC,IAAI,CAAC,EAAE,kBAAkB;IAoBrC,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,SAAS,GAAG,SAAS;IAY3C,8BAA8B;IAC9B,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,SAAS;IAOrC,iDAAiD;IACjD,KAAK;CAON;AAED;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,eAAe,CAAC,CAAC;IACxC;;OAEG;IACH,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAElC;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,qBAAa,OAAO;IAClB,uBAAuB;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,kCAAkC;IAClC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,kDAAkD;IAClD,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,4CAA4C;IAC5C,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,gDAAgD;IAChD,oBAAoB,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IACpD,+CAA+C;IAC/C,kBAAkB,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,+CAA+C;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,+BAA+B;IAC/B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,gEAAgE;IAChE,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;gBAEpB,EACV,YAAY,EACZ,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,cAAc,EACd,kBAAkB,EAClB,WAAW,GACZ,EAAE,cAAc;IAmCjB,oCAAoC;IAC9B,aAAa,CAAC,IAAI,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IAgBzE;;OAEG;IACG,uBAAuB,CAC3B,IAAI,EAAE,8BAA8B,GACnC,OAAO,CAAC,uBAAuB,CAAC;IAKnC,iCAAiC;IAC3B,UAAU,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAwBnE,sDAAsD;IACtD,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,SAAS;IAKlC,2BAA2B;IACrB,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC;IAKvD,8DAA8D;IAC9D,KAAK;CAGN;AAiTD,wCAAwC;AACxC,MAAM,MAAM,uBAAuB,GAAG;IACpC,sEAAsE;IACtE,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;IACjE,wDAAwD;IACxD,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B,CAAC"}
|