@opentdf/sdk 0.9.0-beta.91 → 0.9.0-beta.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +17 -11
- package/dist/cjs/src/opentdf.js +40 -10
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +13 -4
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +11 -9
- package/dist/web/src/opentdf.js +7 -10
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +11 -9
- package/src/opentdf.ts +19 -14
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
|
@@ -146,11 +146,10 @@ async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
146
146
|
throw new errors_js_1.NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
|
|
147
147
|
}
|
|
148
148
|
return {
|
|
149
|
-
key: (0, access_js_1.noteInvalidPublicKey)(pkUrlV2, (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
|
|
150
149
|
publicKey,
|
|
151
150
|
url: kasEndpoint,
|
|
152
151
|
algorithm: algorithm || 'rsa:2048',
|
|
153
152
|
...(kid && { kid }),
|
|
154
153
|
};
|
|
155
154
|
}
|
|
156
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
155
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUE4QkEsMENBc0RDO0FBRUQsc0RBK0NDO0FBRUQsd0NBNkRDO0FBcE1ELDRDQUF3RjtBQUV4Riw0Q0FPc0I7QUFDdEIsMENBQWdEO0FBYWhEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxXQUEwQixFQUMxQixZQUEwQjtJQUUxQixNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7UUFDdkMsR0FBRztRQUNILE1BQU0sRUFBRSxNQUFNO1FBQ2QsT0FBTyxFQUFFO1lBQ1AsY0FBYyxFQUFFLGtCQUFrQjtTQUNuQztRQUNELElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQztLQUNsQyxDQUFDLENBQUM7SUFFSCxJQUFJLFFBQWtCLENBQUM7SUFFdkIsSUFBSSxDQUFDO1FBQ0gsUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7WUFDOUIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNO1lBQ2xCLElBQUksRUFBRSxNQUFNLEVBQUUsOEJBQThCO1lBQzVDLEtBQUssRUFBRSxVQUFVLEVBQUUsMERBQTBEO1lBQzdFLFdBQVcsRUFBRSxhQUFhLEVBQUUsOEJBQThCO1lBQzFELE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixRQUFRLEVBQUUsUUFBUSxFQUFFLHlCQUF5QjtZQUM3QyxjQUFjLEVBQUUsYUFBYSxFQUFFLHNKQUFzSjtZQUNyTCxJQUFJLEVBQUUsR0FBRyxDQUFDLElBQWdCO1NBQzNCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMscUNBQXFDLEdBQUcsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFFRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQ2pCLFFBQVEsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3hCLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksNEJBQWdCLENBQ3hCLFlBQVksR0FBRyxDQUFDLEdBQUcsMEJBQTBCLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxHQUFHLENBQ3RFLENBQUM7WUFDSixLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksR0FBRyxDQUFDLEdBQUcsd0JBQXdCLENBQUMsQ0FBQztZQUM5RSxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGlDQUFxQixDQUFDLFlBQVksR0FBRyxDQUFDLEdBQUcsNkJBQTZCLENBQUMsQ0FBQztZQUNwRjtnQkFDRSxJQUFJLFFBQVEsQ0FBQyxNQUFNLElBQUksR0FBRyxFQUFFLENBQUM7b0JBQzNCLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLFFBQVEsQ0FBQyxNQUFNLFNBQVMsR0FBRyxDQUFDLEdBQUcsMkNBQTJDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxHQUFHLENBQ3RHLENBQUM7Z0JBQ0osQ0FBQztnQkFDRCxNQUFNLElBQUksd0JBQVksQ0FDcEIsR0FBRyxHQUFHLENBQUMsTUFBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLE9BQU8sUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQ3hFLENBQUM7UUFDTixDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO0FBQ3pCLENBQUM7QUFFTSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsR0FBRyxDQUFDO1FBQ0YsTUFBTSxHQUFHLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO1lBQ3ZDLEdBQUcsRUFBRSxHQUFHLFdBQVcseUNBQXlDLFVBQVUsRUFBRTtZQUN4RSxNQUFNLEVBQUUsS0FBSztZQUNiLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsa0JBQWtCO2FBQ25DO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxRQUFrQixDQUFDO1FBQ3ZCLElBQUksQ0FBQztZQUNILFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07Z0JBQ2xCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztnQkFDcEIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFnQjtnQkFDMUIsSUFBSSxFQUFFLE1BQU07Z0JBQ1osS0FBSyxFQUFFLFVBQVU7Z0JBQ2pCLFdBQVcsRUFBRSxhQUFhO2dCQUMxQixRQUFRLEVBQUUsUUFBUTtnQkFDbEIsY0FBYyxFQUFFLGFBQWE7YUFDOUIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxrQ0FBa0MsR0FBRyxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzFFLENBQUM7UUFDRCwyREFBMkQ7UUFDM0QsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksd0JBQVksQ0FDcEIsa0NBQWtDLEdBQUcsQ0FBQyxHQUFHLGNBQWMsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUN6RSxDQUFDO1FBQ0osQ0FBQztRQUNELE1BQU0sRUFBRSxnQkFBZ0IsR0FBRyxFQUFFLEVBQUUsVUFBVSxHQUFHLEVBQUUsRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ3pFLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3JDLFVBQVUsR0FBRyxVQUFVLENBQUMsVUFBVSxJQUFJLENBQUMsQ0FBQztJQUMxQyxDQUFDLFFBQVEsVUFBVSxHQUFHLENBQUMsRUFBRTtJQUV6QixNQUFNLFVBQVUsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDMUQsd0JBQXdCO0lBQ3hCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQy9DLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxPQUFPLElBQUksMkJBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsdURBQXVEO0lBQ3ZELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0Isb0ZBQW9GO0lBQ3BGLElBQUksT0FBWSxDQUFDO0lBQ2pCLElBQUksQ0FBQztRQUNILE9BQU8sR0FBRyxJQUFJLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsV0FBVyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUNELElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7UUFDakQsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDcEMsT0FBTyxDQUFDLFFBQVEsSUFBSSxHQUFHLENBQUM7UUFDMUIsQ0FBQztRQUNELE9BQU8sQ0FBQyxRQUFRLElBQUksbUJBQW1CLENBQUM7SUFDMUMsQ0FBQztJQUNELE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxTQUFTLElBQUksVUFBVSxDQUFDLENBQUM7SUFDL0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDbkMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRCxJQUFJLG1CQUE2QixDQUFDO0lBQ2xDLElBQUksQ0FBQztRQUNILG1CQUFtQixHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsb0NBQW9DLE9BQU8sR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFDRCxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDNUIsUUFBUSxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNuQyxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLDhCQUFrQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUN2RCxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUN6RCxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGlDQUFxQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUMxRDtnQkFDRSxNQUFNLElBQUksd0JBQVksQ0FDcEIsR0FBRyxPQUFPLE9BQU8sbUJBQW1CLENBQUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLFVBQVUsRUFBRSxDQUNoRixDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLFdBQVcsR0FBRyxNQUFNLG1CQUFtQixDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQXFCLFdBQVcsQ0FBQztJQUN6RCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksd0JBQVksQ0FDcEIsOENBQThDLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FDN0UsQ0FBQztJQUNKLENBQUM7SUFDRCxPQUFPO1FBQ0wsU0FBUztRQUNULEdBQUcsRUFBRSxXQUFXO1FBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtRQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7S0FDcEIsQ0FBQztBQUNKLENBQUMifQ==
|
|
@@ -141,7 +141,6 @@ async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
141
141
|
v: '2',
|
|
142
142
|
});
|
|
143
143
|
const result = {
|
|
144
|
-
key: (0, access_js_1.noteInvalidPublicKey)(new URL(platformUrl), (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
|
|
145
144
|
publicKey,
|
|
146
145
|
url: kasEndpoint,
|
|
147
146
|
algorithm: algorithm || 'rsa:2048',
|
|
@@ -176,7 +175,6 @@ async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
176
175
|
throw new errors_js_1.NetworkError(`Invalid Platform Configuration: [${kasEndpoint}] is missing BaseKey in WellKnownConfiguration`);
|
|
177
176
|
}
|
|
178
177
|
const result = {
|
|
179
|
-
key: (0, access_js_1.noteInvalidPublicKey)(new URL(baseKey.kas_uri), (0, utils_js_1.pemToCryptoPublicKey)(baseKey.public_key.pem)),
|
|
180
178
|
publicKey: baseKey.public_key.pem,
|
|
181
179
|
url: baseKey.kas_uri,
|
|
182
180
|
algorithm: baseKey.public_key.algorithm,
|
|
@@ -188,4 +186,4 @@ async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
188
186
|
throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
189
187
|
}
|
|
190
188
|
}
|
|
191
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
189
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQW9DQSwwQ0FxQkM7QUFFRCxvREF3QkM7QUFFRCxnRUFrQ0M7QUFFRCxzREFpQ0M7QUEyQkQsd0NBNkJDO0FBU0QsZ0RBNkJDO0FBdlBELDRDQUtzQjtBQUd0Qiw0Q0FPc0I7QUFDdEIsZ0RBQWdEO0FBR2hELDBDQUlxQjtBQUNyQixpREFBNkQ7QUFDN0QsaURBQXlEO0FBRXpEOzs7Ozs7O0dBT0c7QUFDSSxLQUFLLFVBQVUsZUFBZSxDQUNuQyxHQUFXLEVBQ1gsa0JBQTBCLEVBQzFCLFlBQTBCLEVBQzFCLDZCQUFzQztJQUV0QyxNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLE1BQU0sT0FBTyxHQUFnQixFQUFFLENBQUM7SUFDaEMsSUFBSSw2QkFBNkIsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxPQUFPLEdBQUc7WUFDaEIsQ0FBQywwQ0FBMkIsQ0FBQyxFQUFFLDZCQUE2QjtTQUM3RCxDQUFDO0lBQ0osQ0FBQztJQUNELElBQUksUUFBd0IsQ0FBQztJQUM3QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxrQkFBa0IsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsb0JBQW9CLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsU0FBZ0Isb0JBQW9CLENBQUMsQ0FBVSxFQUFFLFdBQW1CO0lBQ2xFLElBQUksQ0FBQyxZQUFZLHNCQUFZLEVBQUUsQ0FBQztRQUM5QixPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLEtBQUssY0FBSSxDQUFDLGVBQWUsRUFBRSxrQkFBa0I7Z0JBQzNDLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzVGLEtBQUssY0FBSSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQjtnQkFDMUMsTUFBTSxJQUFJLGlDQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3hGLEtBQUssY0FBSSxDQUFDLGVBQWUsRUFBRSxtQkFBbUI7Z0JBQzVDLE1BQU0sSUFBSSxnQ0FBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztZQUNsRixLQUFLLGNBQUksQ0FBQyxRQUFRLENBQUM7WUFDbkIsS0FBSyxjQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3hCLEtBQUssY0FBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLGNBQUksQ0FBQyxPQUFPLENBQUM7WUFDbEIsS0FBSyxjQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFDM0IsS0FBSyxjQUFJLENBQUMsV0FBVyxFQUFFLHFCQUFxQjtnQkFDMUMsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsQ0FBQyxDQUFDLElBQUksU0FBUyxXQUFXLDJDQUEyQyxDQUFDLENBQUMsT0FBTyxHQUFHLENBQ3JGLENBQUM7WUFDSjtnQkFDRSxNQUFNLElBQUksd0JBQVksQ0FBQyxJQUFJLFdBQVcsY0FBYyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxjQUFjLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ25GLENBQUM7QUFFRCxTQUFnQiwwQkFBMEIsQ0FDeEMsQ0FBUyxFQUNULFdBQW1CLEVBQ25CLG1CQUE4QjtJQUU5QixJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDM0Msa0JBQWtCO1FBQ2xCLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLGdCQUFnQixDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzVDLElBQUksbUJBQW1CLElBQUksbUJBQW1CLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzFELE1BQU0sSUFBSSxpQ0FBcUIsQ0FDN0IsWUFBWSxXQUFXLDZCQUE2QixFQUNwRCxtQkFBbUIsQ0FDcEIsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxXQUFXLDZCQUE2QixDQUFDLENBQUM7SUFDeEYsQ0FBQztJQUNELElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUMzQyxtQkFBbUI7UUFDbkIsTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksV0FBVyx3QkFBd0IsQ0FBQyxDQUFDO0lBQ2xGLENBQUM7SUFDRCxJQUNFLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQixDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDcEMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQy9CLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUN2QyxDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsRUFDbEMsQ0FBQztRQUNELFFBQVE7UUFDUixNQUFNLElBQUksd0JBQVksQ0FBQyxTQUFTLFdBQVcsMkNBQTJDLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUYsQ0FBQztJQUNELE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDM0QsQ0FBQztBQUVNLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsWUFBMEI7SUFFMUIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUVuRSxHQUFHLENBQUM7UUFDRixJQUFJLFFBQXNDLENBQUM7UUFDM0MsSUFBSSxDQUFDO1lBQ0gsUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQztnQkFDeEUsVUFBVSxFQUFFO29CQUNWLE1BQU0sRUFBRSxVQUFVO2lCQUNuQjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLElBQUksV0FBVyw0QkFBNEIsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUN2RSxDQUFDO1FBQ0osQ0FBQztRQUVELFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUM5QyxVQUFVLEdBQUcsUUFBUSxFQUFFLFVBQVUsRUFBRSxVQUFVLElBQUksQ0FBQyxDQUFDO0lBQ3JELENBQUMsUUFBUSxVQUFVLEdBQUcsQ0FBQyxFQUFFO0lBRXpCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRCx3QkFBd0I7SUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0MsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sSUFBSSwyQkFBZSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUNoRCxDQUFDO0FBWUQsU0FBUyxTQUFTLENBQUMsT0FBaUI7SUFDbEMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2IsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBQ0QsTUFBTSxFQUFFLEdBQUcsT0FBMEIsQ0FBQztJQUN0QyxPQUFPLENBQ0wsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxPQUFPO1FBQ1osQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVO1FBQ2YsT0FBTyxFQUFFLENBQUMsVUFBVSxLQUFLLFFBQVE7UUFDakMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsR0FBRztRQUNuQixDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTO1FBQ3pCLElBQUEsZ0NBQW9CLEVBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FDOUMsQ0FBQztBQUNKLENBQUM7QUFFTSxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxJQUFBLDRCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9CLE1BQU0sV0FBVyxHQUFHLElBQUEsd0NBQTZCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSw0QkFBYyxDQUFDO1FBQ2xDLFdBQVc7S0FDWixDQUFDLENBQUM7SUFDSCxJQUFJLENBQUM7UUFDSCxNQUFNLEVBQUUsR0FBRyxFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQzVELFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxDQUFDLEVBQUUsR0FBRztTQUNQLENBQUMsQ0FBQztRQUNILE1BQU0sTUFBTSxHQUFxQjtZQUMvQixTQUFTO1lBQ1QsR0FBRyxFQUFFLFdBQVc7WUFDaEIsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLEdBQUcsQ0FBQyxHQUFHLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNwQixDQUFDO1FBQ0YsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3RGLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGtCQUFrQixDQUFDLFdBQW1CO0lBQzFELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsSUFBQSw0QkFBaUIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9ELE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLGFBQWEsRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMseUJBQXlCLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEYsTUFBTSxPQUFPLEdBQUcsYUFBYSxFQUFFLFFBQXNDLENBQUM7UUFDdEUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixvQ0FBb0MsV0FBVyxnREFBZ0QsQ0FDaEcsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRztZQUNqQyxHQUFHLEVBQUUsT0FBTyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsU0FBUztZQUN2QyxHQUFHLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1NBQzVCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxpQkFBaUIsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUMifQ==
|
package/dist/cjs/src/access.js
CHANGED
|
@@ -2,11 +2,9 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.OriginAllowList = exports.publicKeyAlgorithmToJwa = exports.keyAlgorithmToPublicKeyAlgorithm = exports.isPublicKeyAlgorithm = exports.rewrapAdditionalContextHeader = void 0;
|
|
4
4
|
exports.fetchWrappedKey = fetchWrappedKey;
|
|
5
|
-
exports.noteInvalidPublicKey = noteInvalidPublicKey;
|
|
6
5
|
exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
7
6
|
exports.fetchECKasPubKey = fetchECKasPubKey;
|
|
8
7
|
exports.fetchKasPubKey = fetchKasPubKey;
|
|
9
|
-
const errors_js_1 = require("./errors.js");
|
|
10
8
|
const utils_js_1 = require("./utils.js");
|
|
11
9
|
const index_js_1 = require("./encodings/index.js");
|
|
12
10
|
const access_rpc_js_1 = require("./access/access-rpc.js");
|
|
@@ -98,17 +96,6 @@ const publicKeyAlgorithmToJwa = (a) => {
|
|
|
98
96
|
}
|
|
99
97
|
};
|
|
100
98
|
exports.publicKeyAlgorithmToJwa = publicKeyAlgorithmToJwa;
|
|
101
|
-
async function noteInvalidPublicKey(url, r) {
|
|
102
|
-
try {
|
|
103
|
-
return await r;
|
|
104
|
-
}
|
|
105
|
-
catch (e) {
|
|
106
|
-
if (e instanceof TypeError) {
|
|
107
|
-
throw new errors_js_1.ServiceError(`invalid public key from [${url}]`, e);
|
|
108
|
-
}
|
|
109
|
-
throw e;
|
|
110
|
-
}
|
|
111
|
-
}
|
|
112
99
|
/**
|
|
113
100
|
* Fetches the key access servers for a given platform URL.
|
|
114
101
|
* @param platformUrl The platform URL to fetch key access servers for.
|
|
@@ -197,4 +184,4 @@ async function tryPromisesUntilFirstSuccess(first, second) {
|
|
|
197
184
|
}
|
|
198
185
|
}
|
|
199
186
|
}
|
|
200
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
187
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFvQ0EsMENBeUJDO0FBdUdELHNEQVFDO0FBT0QsNENBRUM7QUFZRCx3Q0FjQztBQTdNRCx5Q0FBOEU7QUFDOUUsbURBQThDO0FBRTlDLDBEQUdnQztBQUNoQyw4REFBZ0c7QUFDaEcsMERBQWdGO0FBQ2hGLDhEQUFxRjtBQUNyRiwwREFBNkU7QUFDN0UsOERBQWtGO0FBZWxGOzs7Ozs7O0dBT0c7QUFDSSxLQUFLLFVBQVUsZUFBZSxDQUNuQyxHQUFXLEVBQ1gsa0JBQTBCLEVBQzFCLFlBQTBCLEVBQzFCLHlCQUFtQztJQUVuQyxNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXZELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQ0gsSUFBQSwrQkFBbUIsRUFDakIsV0FBVyxFQUNYLGtCQUFrQixFQUNsQixZQUFZLEVBQ1osSUFBQSxxQ0FBNkIsRUFBQyx5QkFBeUIsQ0FBQyxDQUN6RDtJQUNILGlIQUFpSDtJQUNqSCxvR0FBb0c7SUFDcEcsR0FBRyxFQUFFLENBQ0gsSUFBQSxpQ0FBc0IsRUFDcEIsR0FBRyxFQUNILEVBQUUsa0JBQWtCLEVBQUUsRUFDdEIsWUFBWSxDQUN5QixDQUMxQyxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7R0FHRztBQUNJLE1BQU0sNkJBQTZCLEdBQUcsQ0FDM0MsOEJBQXdDLEVBQ3BCLEVBQUU7SUFDdEIsSUFBSSxDQUFDLDhCQUE4QixDQUFDLE1BQU07UUFBRSxPQUFPO0lBRW5ELE1BQU0sT0FBTyxHQUE0QjtRQUN2QyxXQUFXLEVBQUU7WUFDWCxlQUFlLEVBQUUsOEJBQThCLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7U0FDaEY7S0FDRixDQUFDO0lBQ0YsT0FBTyxpQkFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7QUFDaEQsQ0FBQyxDQUFDO0FBWFcsUUFBQSw2QkFBNkIsaUNBV3hDO0FBU0ssTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQVMsRUFBOEIsRUFBRTtJQUM1RSxPQUFPLENBQUMsS0FBSyxjQUFjLElBQUksQ0FBQyxLQUFLLFVBQVUsQ0FBQztBQUNsRCxDQUFDLENBQUM7QUFGVyxRQUFBLG9CQUFvQix3QkFFL0I7QUFFSyxNQUFNLGdDQUFnQyxHQUFHLENBQUMsQ0FBWSxFQUF5QixFQUFFO0lBQ3RGLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDdEIsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE9BQU8sSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQzVDLE1BQU0sR0FBRyxHQUFHLENBQW1CLENBQUM7UUFDaEMsUUFBUSxHQUFHLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDdkIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEI7Z0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7UUFDL0QsQ0FBQztJQUNILENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssbUJBQW1CLEVBQUUsQ0FBQztRQUM1RCxNQUFNLElBQUksR0FBRyxDQUEwQixDQUFDO1FBQ3hDLElBQUksSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUMvQyxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBQ0QsUUFBUSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDM0IsS0FBSyxJQUFJO2dCQUNQLE9BQU8sVUFBVSxDQUFDO1lBQ3BCLEtBQUssSUFBSTtnQkFDUCxPQUFPLFVBQVUsQ0FBQztZQUNwQjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0FBQzFELENBQUMsQ0FBQztBQTlCVyxRQUFBLGdDQUFnQyxvQ0E4QjNDO0FBRUssTUFBTSx1QkFBdUIsR0FBRyxDQUFDLENBQXdCLEVBQVUsRUFBRTtJQUMxRSxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ1YsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakI7WUFDRSxNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzlELENBQUM7QUFDSCxDQUFDLENBQUM7QUFmVyxRQUFBLHVCQUF1QiwyQkFlbEM7QUFvQkY7Ozs7O0dBS0c7QUFDSSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSxxQ0FBd0IsRUFBQyxXQUFXLEVBQUUsWUFBWSxDQUFDLEVBQ3pELEdBQUcsRUFBRSxDQUFDLElBQUEsdUNBQTJCLEVBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUM3RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsV0FBbUI7SUFDeEQsT0FBTyxjQUFjLENBQUMsV0FBVyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQ3JELENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSSxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sSUFBQSxrQ0FBa0IsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSw4QkFBaUIsRUFBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQy9DLEdBQUcsRUFBRSxDQUFDLElBQUEsZ0NBQW9CLEVBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUNuRCxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sTUFBTSxHQUFHLENBQUMsQ0FBUyxFQUFVLEVBQUU7SUFDbkMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZDLE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUMsQ0FBQztBQUVGOzs7Ozs7OztHQVFHO0FBQ0gsTUFBYSxlQUFlO0lBRzFCLFlBQVksSUFBYyxFQUFFLFFBQWtCO1FBQzVDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxJQUFJLENBQUMsT0FBTyxDQUFDLDRCQUFpQixDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDO0lBQzdCLENBQUM7SUFDRCxNQUFNLENBQUMsR0FBVztRQUNoQixJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQzVDLENBQUM7Q0FDRjtBQWRELDBDQWNDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxLQUFLLFVBQVUsNEJBQTRCLENBQ3pDLEtBQXVCLEVBQ3ZCLE1BQXdCO0lBRXhCLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxLQUFLLEVBQUUsQ0FBQztJQUN2QixDQUFDO0lBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUNaLE9BQU8sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDckMsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLE1BQU0sRUFBRSxDQUFDO1FBQ3hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxHQUFHLENBQUM7UUFDWixDQUFDO0lBQ0gsQ0FBQztBQUNILENBQUMifQ==
|
|
@@ -4,7 +4,7 @@ exports.HttpRequest = void 0;
|
|
|
4
4
|
exports.withHeaders = withHeaders;
|
|
5
5
|
exports.reqSignature = reqSignature;
|
|
6
6
|
exports.isAuthProvider = isAuthProvider;
|
|
7
|
-
const
|
|
7
|
+
const jwt_js_1 = require("../../tdf3/src/crypto/jwt.js");
|
|
8
8
|
/**
|
|
9
9
|
* Generic HTTP request interface used by AuthProvider implementers.
|
|
10
10
|
*/
|
|
@@ -36,18 +36,21 @@ function getTimestampInSeconds() {
|
|
|
36
36
|
}
|
|
37
37
|
/**
|
|
38
38
|
* Generate a JWT (or JWS-ed object)
|
|
39
|
-
* @param toSign the data to sign. Interpreted as
|
|
40
|
-
* @param privateKey an RSA key
|
|
39
|
+
* @param toSign the data to sign. Interpreted as JwtPayload but AFAIK this isn't required
|
|
40
|
+
* @param privateKey an opaque RSA private key
|
|
41
|
+
* @param cryptoService the crypto service to use for signing
|
|
42
|
+
* @param jwtProtectedHeader optional JWT header, defaults to RS256
|
|
41
43
|
* @returns the signed object, with a JWS header. This may be a JWT.
|
|
42
44
|
*/
|
|
43
|
-
async function reqSignature(toSign, privateKey, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
45
|
+
async function reqSignature(toSign, privateKey, cryptoService, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
44
46
|
const now = getTimestampInSeconds();
|
|
45
47
|
const anHour = 3600;
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
48
|
+
const payload = {
|
|
49
|
+
...toSign,
|
|
50
|
+
iat: now - anHour,
|
|
51
|
+
exp: now + anHour,
|
|
52
|
+
};
|
|
53
|
+
return (0, jwt_js_1.signJwt)(cryptoService, payload, privateKey, jwtProtectedHeader);
|
|
51
54
|
}
|
|
52
55
|
function isAuthProvider(a) {
|
|
53
56
|
if (!a || typeof a != 'object') {
|
|
@@ -55,4 +58,4 @@ function isAuthProvider(a) {
|
|
|
55
58
|
}
|
|
56
59
|
return 'withCreds' in a;
|
|
57
60
|
}
|
|
58
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
61
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL2F1dGgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBK0NBLGtDQU1DO0FBY0Qsb0NBY0M7QUFpQ0Qsd0NBS0M7QUFsSEQseURBQXdGO0FBYXhGOztHQUVHO0FBQ0gsTUFBYSxXQUFXO0lBV3RCO1FBQ0UsSUFBSSxDQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDbEIsSUFBSSxDQUFDLE1BQU0sR0FBRyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsSUFBSSxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUM7SUFDaEIsQ0FBQztDQUNGO0FBakJELGtDQWlCQztBQUVEOzs7Ozs7R0FNRztBQUNILFNBQWdCLFdBQVcsQ0FBQyxPQUFvQixFQUFFLFVBQWtDO0lBQ2xGLE1BQU0sT0FBTyxHQUFHO1FBQ2QsR0FBRyxPQUFPLENBQUMsT0FBTztRQUNsQixHQUFHLFVBQVU7S0FDZCxDQUFDO0lBQ0YsT0FBTyxFQUFFLEdBQUcsT0FBTyxFQUFFLE9BQU8sRUFBRSxDQUFDO0FBQ2pDLENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0ksS0FBSyxVQUFVLFlBQVksQ0FDaEMsTUFBZSxFQUNmLFVBQXNCLEVBQ3RCLGFBQTRCLEVBQzVCLHFCQUFnQyxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUU7SUFFaEQsTUFBTSxHQUFHLEdBQUcscUJBQXFCLEVBQUUsQ0FBQztJQUNwQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUM7SUFDcEIsTUFBTSxPQUFPLEdBQWU7UUFDMUIsR0FBSSxNQUFxQjtRQUN6QixHQUFHLEVBQUUsR0FBRyxHQUFHLE1BQU07UUFDakIsR0FBRyxFQUFFLEdBQUcsR0FBRyxNQUFNO0tBQ2xCLENBQUM7SUFDRixPQUFPLElBQUEsZ0JBQU8sRUFBQyxhQUFhLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxrQkFBa0IsQ0FBQyxDQUFDO0FBQ3pFLENBQUM7QUFpQ0QsU0FBZ0IsY0FBYyxDQUFDLENBQVc7SUFDeEMsSUFBSSxDQUFDLENBQUMsSUFBSSxPQUFPLENBQUMsSUFBSSxRQUFRLEVBQUUsQ0FBQztRQUMvQixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxPQUFPLFdBQVcsSUFBSSxDQUFDLENBQUM7QUFDMUIsQ0FBQyJ9
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// pulled from https://github.com/panva/dpop/tree/v1.4.1
|
|
3
|
+
// Modified to use CryptoService instead of crypto.subtle
|
|
4
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
5
|
+
exports.default = DPoP;
|
|
6
|
+
const encoder = new TextEncoder();
|
|
7
|
+
function buf(input) {
|
|
8
|
+
return encoder.encode(input);
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Minimal JWT sign() implementation using CryptoService.
|
|
12
|
+
*/
|
|
13
|
+
async function jwt(header, claimsSet, privateKey, cryptoService) {
|
|
14
|
+
const input = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(claimsSet)))}`;
|
|
15
|
+
const signature = await cryptoService.sign(buf(input), privateKey, header.alg);
|
|
16
|
+
return `${input}.${b64u(signature)}`;
|
|
17
|
+
}
|
|
18
|
+
const CHUNK_SIZE = 0x8000;
|
|
19
|
+
function encodeBase64Url(input) {
|
|
20
|
+
const bytes = input instanceof ArrayBuffer ? new Uint8Array(input) : input;
|
|
21
|
+
const arr = [];
|
|
22
|
+
for (let i = 0; i < bytes.byteLength; i += CHUNK_SIZE) {
|
|
23
|
+
arr.push(String.fromCharCode.apply(null, bytes.subarray(i, i + CHUNK_SIZE)));
|
|
24
|
+
}
|
|
25
|
+
return btoa(arr.join('')).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
|
|
26
|
+
}
|
|
27
|
+
function b64u(input) {
|
|
28
|
+
return encodeBase64Url(input);
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Generates 32 random bytes and encodes them using base64url.
|
|
32
|
+
*/
|
|
33
|
+
async function randomBytes(cryptoService) {
|
|
34
|
+
return b64u(await cryptoService.randomBytes(32));
|
|
35
|
+
}
|
|
36
|
+
class UnsupportedOperationError extends Error {
|
|
37
|
+
constructor(message) {
|
|
38
|
+
super(message ?? 'operation not supported');
|
|
39
|
+
this.name = this.constructor.name;
|
|
40
|
+
Error.captureStackTrace?.(this, this.constructor);
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Determines a supported JWS `alg` identifier from PublicKeyInfo algorithm string.
|
|
45
|
+
*/
|
|
46
|
+
function determineJWSAlgorithmFromKeyInfo(algorithm) {
|
|
47
|
+
if (algorithm.startsWith('rsa:')) {
|
|
48
|
+
return 'RS256';
|
|
49
|
+
}
|
|
50
|
+
switch (algorithm) {
|
|
51
|
+
case 'ec:secp256r1':
|
|
52
|
+
return 'ES256';
|
|
53
|
+
case 'ec:secp384r1':
|
|
54
|
+
return 'ES384';
|
|
55
|
+
case 'ec:secp521r1':
|
|
56
|
+
return 'ES512';
|
|
57
|
+
default:
|
|
58
|
+
throw new UnsupportedOperationError(`unsupported key algorithm: ${algorithm}`);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
/**
|
|
62
|
+
* Returns the current unix timestamp in seconds.
|
|
63
|
+
*/
|
|
64
|
+
function epochTime() {
|
|
65
|
+
return Math.floor(Date.now() / 1000);
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Generates a unique DPoP Proof JWT.
|
|
69
|
+
*
|
|
70
|
+
* @param keypair Opaque key pair
|
|
71
|
+
* @param cryptoService CryptoService for cryptographic operations
|
|
72
|
+
* @param htu The HTTP URI (without query and fragment parts) of the request
|
|
73
|
+
* @param htm The HTTP method of the request
|
|
74
|
+
* @param nonce Server-provided nonce.
|
|
75
|
+
* @param accessToken Associated access token's value.
|
|
76
|
+
* @param additional Any additional claims.
|
|
77
|
+
*/
|
|
78
|
+
async function DPoP(keypair, cryptoService, htu, htm, nonce, accessToken, additional) {
|
|
79
|
+
const privateKey = keypair?.privateKey;
|
|
80
|
+
const publicKey = keypair?.publicKey;
|
|
81
|
+
if (typeof htu !== 'string') {
|
|
82
|
+
throw new TypeError('"htu" must be a string');
|
|
83
|
+
}
|
|
84
|
+
if (typeof htm !== 'string') {
|
|
85
|
+
throw new TypeError('"htm" must be a string');
|
|
86
|
+
}
|
|
87
|
+
if (nonce !== undefined && typeof nonce !== 'string') {
|
|
88
|
+
throw new TypeError('"nonce" must be a string or undefined');
|
|
89
|
+
}
|
|
90
|
+
if (accessToken !== undefined && typeof accessToken !== 'string') {
|
|
91
|
+
throw new TypeError('"accessToken" must be a string or undefined');
|
|
92
|
+
}
|
|
93
|
+
if (additional !== undefined &&
|
|
94
|
+
(typeof additional !== 'object' || additional === null || Array.isArray(additional))) {
|
|
95
|
+
throw new TypeError('"additional" must be an object');
|
|
96
|
+
}
|
|
97
|
+
// Detect algorithm from opaque key metadata
|
|
98
|
+
const alg = determineJWSAlgorithmFromKeyInfo(publicKey.algorithm);
|
|
99
|
+
// Export public key as JWK for the header
|
|
100
|
+
const jwk = await cryptoService.exportPublicKeyJwk(publicKey);
|
|
101
|
+
// Compute access token hash if provided
|
|
102
|
+
let ath;
|
|
103
|
+
if (accessToken) {
|
|
104
|
+
const athBytes = await cryptoService.digest('SHA-256', buf(accessToken));
|
|
105
|
+
ath = b64u(athBytes);
|
|
106
|
+
}
|
|
107
|
+
return jwt({
|
|
108
|
+
alg,
|
|
109
|
+
typ: 'dpop+jwt',
|
|
110
|
+
jwk,
|
|
111
|
+
}, {
|
|
112
|
+
...additional,
|
|
113
|
+
iat: epochTime(),
|
|
114
|
+
jti: await randomBytes(cryptoService),
|
|
115
|
+
htm,
|
|
116
|
+
nonce,
|
|
117
|
+
htu,
|
|
118
|
+
ath,
|
|
119
|
+
}, privateKey, cryptoService);
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHBvcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL2Rwb3AudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdEQUF3RDtBQUN4RCx5REFBeUQ7O0FBMEp6RCx1QkFrRUM7QUE5TUQsTUFBTSxPQUFPLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztBQUVsQyxTQUFTLEdBQUcsQ0FBQyxLQUFhO0lBQ3hCLE9BQU8sT0FBTyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUMvQixDQUFDO0FBUUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsR0FBRyxDQUNoQixNQUErQixFQUMvQixTQUFrQyxFQUNsQyxVQUFzQixFQUN0QixhQUE0QjtJQUU1QixNQUFNLEtBQUssR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO0lBQzdGLE1BQU0sU0FBUyxHQUFHLE1BQU0sYUFBYSxDQUFDLElBQUksQ0FDeEMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUNWLFVBQVUsRUFDVixNQUFNLENBQUMsR0FBaUMsQ0FDekMsQ0FBQztJQUNGLE9BQU8sR0FBRyxLQUFLLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7QUFDdkMsQ0FBQztBQUVELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQztBQUMxQixTQUFTLGVBQWUsQ0FBQyxLQUErQjtJQUN0RCxNQUFNLEtBQUssR0FBRyxLQUFLLFlBQVksV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDO0lBRTNFLE1BQU0sR0FBRyxHQUFHLEVBQUUsQ0FBQztJQUNmLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxLQUFLLENBQUMsVUFBVSxFQUFFLENBQUMsSUFBSSxVQUFVLEVBQUUsQ0FBQztRQUN0RCxHQUFHLENBQUMsSUFBSSxDQUNOLE1BQU0sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxDQUFDLEdBQUcsVUFBVSxDQUF3QixDQUFDLENBQzFGLENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0FBQ3RGLENBQUM7QUFFRCxTQUFTLElBQUksQ0FBQyxLQUErQjtJQUMzQyxPQUFPLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUNoQyxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxLQUFLLFVBQVUsV0FBVyxDQUFDLGFBQTRCO0lBQ3JELE9BQU8sSUFBSSxDQUFDLE1BQU0sYUFBYSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ25ELENBQUM7QUEyQ0QsTUFBTSx5QkFBMEIsU0FBUSxLQUFLO0lBQzNDLFlBQVksT0FBZ0I7UUFDMUIsS0FBSyxDQUFDLE9BQU8sSUFBSSx5QkFBeUIsQ0FBQyxDQUFDO1FBQzVDLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUM7UUFDbEMsS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNwRCxDQUFDO0NBQ0Y7QUFFRDs7R0FFRztBQUNILFNBQVMsZ0NBQWdDLENBQUMsU0FBaUI7SUFDekQsSUFBSSxTQUFTLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDakMsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUNELFFBQVEsU0FBUyxFQUFFLENBQUM7UUFDbEIsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakI7WUFDRSxNQUFNLElBQUkseUJBQXlCLENBQUMsOEJBQThCLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDbkYsQ0FBQztBQUNILENBQUM7QUFFRDs7R0FFRztBQUNILFNBQVMsU0FBUztJQUNoQixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ1ksS0FBSyxVQUFVLElBQUksQ0FDaEMsT0FBZ0IsRUFDaEIsYUFBNEIsRUFDNUIsR0FBVyxFQUNYLEdBQVcsRUFDWCxLQUFjLEVBQ2QsV0FBb0IsRUFDcEIsVUFBc0M7SUFFdEMsTUFBTSxVQUFVLEdBQUcsT0FBTyxFQUFFLFVBQVUsQ0FBQztJQUN2QyxNQUFNLFNBQVMsR0FBRyxPQUFPLEVBQUUsU0FBUyxDQUFDO0lBRXJDLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxFQUFFLENBQUM7UUFDNUIsTUFBTSxJQUFJLFNBQVMsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzVCLE1BQU0sSUFBSSxTQUFTLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQsSUFBSSxLQUFLLEtBQUssU0FBUyxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3JELE1BQU0sSUFBSSxTQUFTLENBQUMsdUNBQXVDLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQsSUFBSSxXQUFXLEtBQUssU0FBUyxJQUFJLE9BQU8sV0FBVyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ2pFLE1BQU0sSUFBSSxTQUFTLENBQUMsNkNBQTZDLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQsSUFDRSxVQUFVLEtBQUssU0FBUztRQUN4QixDQUFDLE9BQU8sVUFBVSxLQUFLLFFBQVEsSUFBSSxVQUFVLEtBQUssSUFBSSxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUMsRUFDcEYsQ0FBQztRQUNELE1BQU0sSUFBSSxTQUFTLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBRUQsNENBQTRDO0lBQzVDLE1BQU0sR0FBRyxHQUFHLGdDQUFnQyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUVsRSwwQ0FBMEM7SUFDMUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxhQUFhLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLENBQUM7SUFFOUQsd0NBQXdDO0lBQ3hDLElBQUksR0FBdUIsQ0FBQztJQUM1QixJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLE1BQU0sUUFBUSxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUM7UUFDekUsR0FBRyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN2QixDQUFDO0lBRUQsT0FBTyxHQUFHLENBQ1I7UUFDRSxHQUFHO1FBQ0gsR0FBRyxFQUFFLFVBQVU7UUFDZixHQUFHO0tBQ0osRUFDRDtRQUNFLEdBQUcsVUFBVTtRQUNiLEdBQUcsRUFBRSxTQUFTLEVBQUU7UUFDaEIsR0FBRyxFQUFFLE1BQU0sV0FBVyxDQUFDLGFBQWEsQ0FBQztRQUNyQyxHQUFHO1FBQ0gsS0FBSztRQUNMLEdBQUc7UUFDSCxHQUFHO0tBQ0osRUFDRCxVQUFVLEVBQ1YsYUFBYSxDQUNkLENBQUM7QUFDSixDQUFDIn0=
|
|
@@ -1,10 +1,44 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.OIDCClientCredentialsProvider = void 0;
|
|
4
37
|
const errors_js_1 = require("../errors.js");
|
|
5
38
|
const oidc_js_1 = require("./oidc.js");
|
|
39
|
+
const defaultCryptoService = __importStar(require("../../tdf3/src/crypto/index.js"));
|
|
6
40
|
class OIDCClientCredentialsProvider {
|
|
7
|
-
constructor({ clientId, clientSecret, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
41
|
+
constructor({ clientId, clientSecret, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
8
42
|
if (!clientId || !clientSecret) {
|
|
9
43
|
throw new errors_js_1.ConfigurationError('clientId & clientSecret required for client credentials flow');
|
|
10
44
|
}
|
|
@@ -15,7 +49,7 @@ class OIDCClientCredentialsProvider {
|
|
|
15
49
|
oidcOrigin,
|
|
16
50
|
oidcTokenEndpoint,
|
|
17
51
|
oidcUserInfoEndpoint,
|
|
18
|
-
});
|
|
52
|
+
}, cryptoService);
|
|
19
53
|
}
|
|
20
54
|
async updateClientPublicKey(signingKey) {
|
|
21
55
|
await this.oidcAuth.refreshTokenClaimsWithClientPubkeyIfNeeded(signingKey);
|
|
@@ -25,4 +59,4 @@ class OIDCClientCredentialsProvider {
|
|
|
25
59
|
}
|
|
26
60
|
}
|
|
27
61
|
exports.OIDCClientCredentialsProvider = OIDCClientCredentialsProvider;
|
|
28
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
62
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1jbGllbnRjcmVkZW50aWFscy1wcm92aWRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMtY2xpZW50Y3JlZGVudGlhbHMtcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsNENBQWtEO0FBRWxELHVDQUFzRTtBQUN0RSxxRkFBdUU7QUFHdkUsTUFBYSw2QkFBNkI7SUFHeEMsWUFDRSxFQUNFLFFBQVEsRUFDUixZQUFZLEVBQ1osVUFBVSxFQUNWLGlCQUFpQixFQUNqQixvQkFBb0IsR0FDeUQsRUFDL0UsZ0JBQStCLG9CQUFvQjtRQUVuRCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDhEQUE4RCxDQUFDLENBQUM7UUFDL0YsQ0FBQztRQUVELElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxxQkFBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVE7WUFDUixZQUFZO1lBQ1osVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLDBDQUEwQyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDMUMsQ0FBQztDQUNGO0FBckNELHNFQXFDQyJ9
|
|
@@ -1,10 +1,44 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.OIDCExternalJwtProvider = void 0;
|
|
4
37
|
const errors_js_1 = require("../errors.js");
|
|
5
38
|
const oidc_js_1 = require("./oidc.js");
|
|
39
|
+
const defaultCryptoService = __importStar(require("../../tdf3/src/crypto/index.js"));
|
|
6
40
|
class OIDCExternalJwtProvider {
|
|
7
|
-
constructor({ clientId, externalJwt, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
41
|
+
constructor({ clientId, externalJwt, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
8
42
|
if (!clientId || !externalJwt) {
|
|
9
43
|
throw new errors_js_1.ConfigurationError('external JWT exchange reequires client id and jwt');
|
|
10
44
|
}
|
|
@@ -15,7 +49,7 @@ class OIDCExternalJwtProvider {
|
|
|
15
49
|
oidcOrigin,
|
|
16
50
|
oidcTokenEndpoint,
|
|
17
51
|
oidcUserInfoEndpoint,
|
|
18
|
-
});
|
|
52
|
+
}, cryptoService);
|
|
19
53
|
this.externalJwt = externalJwt;
|
|
20
54
|
}
|
|
21
55
|
async updateClientPublicKey(signingKey) {
|
|
@@ -32,4 +66,4 @@ class OIDCExternalJwtProvider {
|
|
|
32
66
|
}
|
|
33
67
|
}
|
|
34
68
|
exports.OIDCExternalJwtProvider = OIDCExternalJwtProvider;
|
|
35
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1leHRlcm5hbGp3dC1wcm92aWRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMtZXh0ZXJuYWxqd3QtcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsNENBQWtEO0FBRWxELHVDQUFxRTtBQUNyRSxxRkFBdUU7QUFHdkUsTUFBYSx1QkFBdUI7SUFJbEMsWUFDRSxFQUNFLFFBQVEsRUFDUixXQUFXLEVBQ1gsVUFBVSxFQUNWLGlCQUFpQixFQUNqQixvQkFBb0IsR0FDdUQsRUFDN0UsZ0JBQStCLG9CQUFvQjtRQUVuRCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDOUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLG1EQUFtRCxDQUFDLENBQUM7UUFDcEYsQ0FBQztRQUVELElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxxQkFBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxVQUFVO1lBQ3BCLFFBQVE7WUFDUixXQUFXO1lBQ1gsVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO0lBQ2pDLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsSUFBSSxDQUFDLFFBQVEsQ0FBQywwQ0FBMEMsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBRUQsS0FBSyxDQUFDLFNBQVMsQ0FBQyxPQUFvQjtRQUNsQyxnRUFBZ0U7UUFDaEUsNENBQTRDO1FBQzVDLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1lBQzlDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMxQyxDQUFDO0NBQ0Y7QUE5Q0QsMERBOENDIn0=
|
|
@@ -1,8 +1,42 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.OIDCRefreshTokenProvider = void 0;
|
|
4
37
|
const errors_js_1 = require("../errors.js");
|
|
5
38
|
const oidc_js_1 = require("./oidc.js");
|
|
39
|
+
const defaultCryptoService = __importStar(require("../../tdf3/src/crypto/index.js"));
|
|
6
40
|
/**
|
|
7
41
|
* An AuthProvider that uses an OIDC refresh token to obtain an access token.
|
|
8
42
|
* It exchanges the refresh token for an access token and uses that to augment HTTP requests with credentials.
|
|
@@ -18,7 +52,7 @@ const oidc_js_1 = require("./oidc.js");
|
|
|
18
52
|
```
|
|
19
53
|
*/
|
|
20
54
|
class OIDCRefreshTokenProvider {
|
|
21
|
-
constructor({ clientId, refreshToken, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
55
|
+
constructor({ clientId, refreshToken, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
22
56
|
if (!clientId || !refreshToken) {
|
|
23
57
|
throw new errors_js_1.ConfigurationError('refresh token or client id missing');
|
|
24
58
|
}
|
|
@@ -29,7 +63,7 @@ class OIDCRefreshTokenProvider {
|
|
|
29
63
|
oidcOrigin,
|
|
30
64
|
oidcTokenEndpoint,
|
|
31
65
|
oidcUserInfoEndpoint,
|
|
32
|
-
});
|
|
66
|
+
}, cryptoService);
|
|
33
67
|
this.refreshToken = refreshToken;
|
|
34
68
|
}
|
|
35
69
|
async updateClientPublicKey(signingKey) {
|
|
@@ -47,4 +81,4 @@ class OIDCRefreshTokenProvider {
|
|
|
47
81
|
}
|
|
48
82
|
}
|
|
49
83
|
exports.OIDCRefreshTokenProvider = OIDCRefreshTokenProvider;
|
|
50
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
84
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1yZWZyZXNodG9rZW4tcHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXV0aC9vaWRjLXJlZnJlc2h0b2tlbi1wcm92aWRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSw0Q0FBa0Q7QUFFbEQsdUNBQXNFO0FBQ3RFLHFGQUF1RTtBQUd2RTs7Ozs7Ozs7Ozs7OztHQWFHO0FBQ0gsTUFBYSx3QkFBd0I7SUFJbkMsWUFDRSxFQUNFLFFBQVEsRUFDUixZQUFZLEVBQ1osVUFBVSxFQUNWLGlCQUFpQixFQUNqQixvQkFBb0IsR0FDeUQsRUFDL0UsZ0JBQStCLG9CQUFvQjtRQUVuRCxJQUFJLENBQUMsUUFBUSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLDhCQUFrQixDQUFDLG9DQUFvQyxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxxQkFBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFFBQVE7WUFDUixZQUFZO1lBQ1osVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUNGLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO0lBQ25DLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLDBDQUEwQyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLDBFQUEwRTtRQUMxRSw0RUFBNEU7UUFDNUUsZ0JBQWdCO1FBQ2hCLElBQUksSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1lBQzlDLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMxQyxDQUFDO0NBQ0Y7QUE5Q0QsNERBOENDIn0=
|