@opentdf/sdk 0.9.0-beta.91 → 0.9.0-beta.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +17 -11
- package/dist/cjs/src/opentdf.js +40 -10
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +13 -4
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +11 -9
- package/dist/web/src/opentdf.js +7 -10
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +11 -9
- package/src/opentdf.ts +19 -14
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
|
@@ -3,6 +3,7 @@ import { OIDCExternalJwtProvider } from './oidc-externaljwt-provider.js';
|
|
|
3
3
|
import { OIDCRefreshTokenProvider } from './oidc-refreshtoken-provider.js';
|
|
4
4
|
import { isBrowser } from '../utils.js';
|
|
5
5
|
import { ConfigurationError } from '../errors.js';
|
|
6
|
+
import * as defaultCryptoService from '../../tdf3/src/crypto/index.js';
|
|
6
7
|
/**
|
|
7
8
|
* Creates an OIDC Client Credentials Provider for non-browser contexts.
|
|
8
9
|
*
|
|
@@ -21,14 +22,14 @@ import { ConfigurationError } from '../errors.js';
|
|
|
21
22
|
* {@link updateClientPublicKey} which will force an explicit token refresh
|
|
22
23
|
*
|
|
23
24
|
*/
|
|
24
|
-
export const clientSecretAuthProvider = async (clientConfig) => {
|
|
25
|
+
export const clientSecretAuthProvider = async (clientConfig, cryptoService = defaultCryptoService) => {
|
|
25
26
|
return new OIDCClientCredentialsProvider({
|
|
26
27
|
clientId: clientConfig.clientId,
|
|
27
28
|
clientSecret: clientConfig.clientSecret,
|
|
28
29
|
oidcOrigin: clientConfig.oidcOrigin,
|
|
29
30
|
oidcTokenEndpoint: clientConfig.oidcTokenEndpoint,
|
|
30
31
|
oidcUserInfoEndpoint: clientConfig.oidcUserInfoEndpoint,
|
|
31
|
-
});
|
|
32
|
+
}, cryptoService);
|
|
32
33
|
};
|
|
33
34
|
/**
|
|
34
35
|
* Create an OIDC External JWT Provider for browser contexts.
|
|
@@ -46,14 +47,14 @@ export const clientSecretAuthProvider = async (clientConfig) => {
|
|
|
46
47
|
* Virtru claims. The public key may be passed to this provider's constructor, or supplied post-construction by calling
|
|
47
48
|
* {@link updateClientPublicKey}, which will force an explicit token refresh.
|
|
48
49
|
*/
|
|
49
|
-
export const externalAuthProvider = async (clientConfig) => {
|
|
50
|
+
export const externalAuthProvider = async (clientConfig, cryptoService = defaultCryptoService) => {
|
|
50
51
|
return new OIDCExternalJwtProvider({
|
|
51
52
|
clientId: clientConfig.clientId,
|
|
52
53
|
externalJwt: clientConfig.externalJwt,
|
|
53
54
|
oidcOrigin: clientConfig.oidcOrigin,
|
|
54
55
|
oidcTokenEndpoint: clientConfig.oidcTokenEndpoint,
|
|
55
56
|
oidcUserInfoEndpoint: clientConfig.oidcUserInfoEndpoint,
|
|
56
|
-
});
|
|
57
|
+
}, cryptoService);
|
|
57
58
|
};
|
|
58
59
|
/**
|
|
59
60
|
* Creates an OIDC Refresh Token Provider for browser and non-browser contexts.
|
|
@@ -69,21 +70,21 @@ export const externalAuthProvider = async (clientConfig) => {
|
|
|
69
70
|
* Virtru claims. The public key may be passed to this provider's constructor, or supplied post-construction by calling
|
|
70
71
|
* {@link updateClientPublicKey} which will force an explicit token refresh
|
|
71
72
|
*/
|
|
72
|
-
export const refreshAuthProvider = async (clientConfig) => {
|
|
73
|
+
export const refreshAuthProvider = async (clientConfig, cryptoService = defaultCryptoService) => {
|
|
73
74
|
return new OIDCRefreshTokenProvider({
|
|
74
75
|
clientId: clientConfig.clientId,
|
|
75
76
|
refreshToken: clientConfig.refreshToken,
|
|
76
77
|
oidcOrigin: clientConfig.oidcOrigin,
|
|
77
78
|
oidcTokenEndpoint: clientConfig.oidcTokenEndpoint,
|
|
78
79
|
oidcUserInfoEndpoint: clientConfig.oidcUserInfoEndpoint,
|
|
79
|
-
});
|
|
80
|
+
}, cryptoService);
|
|
80
81
|
};
|
|
81
82
|
/**
|
|
82
83
|
* Generate an auth provder.
|
|
83
84
|
* @param clientConfig OIDC client credentials
|
|
84
85
|
* @returns a promise for a new auth provider with the requested excahnge type
|
|
85
86
|
*/
|
|
86
|
-
export const clientAuthProvider = async (clientConfig) => {
|
|
87
|
+
export const clientAuthProvider = async (clientConfig, cryptoService = defaultCryptoService) => {
|
|
87
88
|
if (!clientConfig.clientId) {
|
|
88
89
|
throw new ConfigurationError('Client ID must be provided to constructor');
|
|
89
90
|
}
|
|
@@ -98,13 +99,13 @@ export const clientAuthProvider = async (clientConfig) => {
|
|
|
98
99
|
//and provide us with a valid refresh token/clientId obtained from that process.
|
|
99
100
|
switch (clientConfig.exchange) {
|
|
100
101
|
case 'refresh': {
|
|
101
|
-
return refreshAuthProvider(clientConfig);
|
|
102
|
+
return refreshAuthProvider(clientConfig, cryptoService);
|
|
102
103
|
}
|
|
103
104
|
case 'external': {
|
|
104
|
-
return externalAuthProvider(clientConfig);
|
|
105
|
+
return externalAuthProvider(clientConfig, cryptoService);
|
|
105
106
|
}
|
|
106
107
|
case 'client': {
|
|
107
|
-
return clientSecretAuthProvider(clientConfig);
|
|
108
|
+
return clientSecretAuthProvider(clientConfig, cryptoService);
|
|
108
109
|
}
|
|
109
110
|
default:
|
|
110
111
|
throw new ConfigurationError(`Unsupported client type`);
|
|
@@ -116,10 +117,10 @@ export const clientAuthProvider = async (clientConfig) => {
|
|
|
116
117
|
if (clientConfig.exchange !== 'client') {
|
|
117
118
|
throw new ConfigurationError('When using client credentials, must supply both client ID and client secret to constructor');
|
|
118
119
|
}
|
|
119
|
-
return clientSecretAuthProvider(clientConfig);
|
|
120
|
+
return clientSecretAuthProvider(clientConfig, cryptoService);
|
|
120
121
|
};
|
|
121
122
|
export * from './auth.js';
|
|
122
123
|
export { OIDCClientCredentialsProvider } from './oidc-clientcredentials-provider.js';
|
|
123
124
|
export { OIDCExternalJwtProvider } from './oidc-externaljwt-provider.js';
|
|
124
125
|
export { OIDCRefreshTokenProvider } from './oidc-refreshtoken-provider.js';
|
|
125
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
126
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F1dGgvcHJvdmlkZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQU1BLE9BQU8sRUFBRSw2QkFBNkIsRUFBRSxNQUFNLHNDQUFzQyxDQUFDO0FBQ3JGLE9BQU8sRUFBRSx1QkFBdUIsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBRXpFLE9BQU8sRUFBRSx3QkFBd0IsRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQzNFLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDeEMsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRWxELE9BQU8sS0FBSyxvQkFBb0IsTUFBTSxnQ0FBZ0MsQ0FBQztBQUV2RTs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FpQkc7QUFDSCxNQUFNLENBQUMsTUFBTSx3QkFBd0IsR0FBRyxLQUFLLEVBQzNDLFlBQXFDLEVBQ3JDLGdCQUErQixvQkFBb0IsRUFDWCxFQUFFO0lBQzFDLE9BQU8sSUFBSSw2QkFBNkIsQ0FDdEM7UUFDRSxRQUFRLEVBQUUsWUFBWSxDQUFDLFFBQVE7UUFDL0IsWUFBWSxFQUFFLFlBQVksQ0FBQyxZQUFZO1FBQ3ZDLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVTtRQUNuQyxpQkFBaUIsRUFBRSxZQUFZLENBQUMsaUJBQWlCO1FBQ2pELG9CQUFvQixFQUFFLFlBQVksQ0FBQyxvQkFBb0I7S0FDeEQsRUFDRCxhQUFhLENBQ2QsQ0FBQztBQUNKLENBQUMsQ0FBQztBQUVGOzs7Ozs7Ozs7Ozs7Ozs7R0FlRztBQUNILE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLEtBQUssRUFDdkMsWUFBb0MsRUFDcEMsZ0JBQStCLG9CQUFvQixFQUNqQixFQUFFO0lBQ3BDLE9BQU8sSUFBSSx1QkFBdUIsQ0FDaEM7UUFDRSxRQUFRLEVBQUUsWUFBWSxDQUFDLFFBQVE7UUFDL0IsV0FBVyxFQUFFLFlBQVksQ0FBQyxXQUFXO1FBQ3JDLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVTtRQUNuQyxpQkFBaUIsRUFBRSxZQUFZLENBQUMsaUJBQWlCO1FBQ2pELG9CQUFvQixFQUFFLFlBQVksQ0FBQyxvQkFBb0I7S0FDeEQsRUFDRCxhQUFhLENBQ2QsQ0FBQztBQUNKLENBQUMsQ0FBQztBQUVGOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFDSCxNQUFNLENBQUMsTUFBTSxtQkFBbUIsR0FBRyxLQUFLLEVBQ3RDLFlBQXFDLEVBQ3JDLGdCQUErQixvQkFBb0IsRUFDaEIsRUFBRTtJQUNyQyxPQUFPLElBQUksd0JBQXdCLENBQ2pDO1FBQ0UsUUFBUSxFQUFFLFlBQVksQ0FBQyxRQUFRO1FBQy9CLFlBQVksRUFBRSxZQUFZLENBQUMsWUFBWTtRQUN2QyxVQUFVLEVBQUUsWUFBWSxDQUFDLFVBQVU7UUFDbkMsaUJBQWlCLEVBQUUsWUFBWSxDQUFDLGlCQUFpQjtRQUNqRCxvQkFBb0IsRUFBRSxZQUFZLENBQUMsb0JBQW9CO0tBQ3hELEVBQ0QsYUFBYSxDQUNkLENBQUM7QUFDSixDQUFDLENBQUM7QUFFRjs7OztHQUlHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sa0JBQWtCLEdBQUcsS0FBSyxFQUNyQyxZQUE2QixFQUM3QixnQkFBK0Isb0JBQW9CLEVBQzVCLEVBQUU7SUFDekIsSUFBSSxDQUFDLFlBQVksQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUMzQixNQUFNLElBQUksa0JBQWtCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBRUQsSUFBSSxTQUFTLEVBQUUsRUFBRSxDQUFDO1FBQ2hCLDJFQUEyRTtRQUMzRSxtQ0FBbUM7UUFDbkMsMkZBQTJGO1FBQzNGLElBQUk7UUFDSiwwRkFBMEY7UUFDMUYsMEVBQTBFO1FBQzFFLDBHQUEwRztRQUMxRyxnRkFBZ0Y7UUFDaEYsUUFBUSxZQUFZLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDOUIsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDO2dCQUNmLE9BQU8sbUJBQW1CLENBQUMsWUFBWSxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBQzFELENBQUM7WUFDRCxLQUFLLFVBQVUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hCLE9BQU8sb0JBQW9CLENBQUMsWUFBWSxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFDRCxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUM7Z0JBQ2QsT0FBTyx3QkFBd0IsQ0FBQyxZQUFZLEVBQUUsYUFBYSxDQUFDLENBQUM7WUFDL0QsQ0FBQztZQUNEO2dCQUNFLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBQzVELENBQUM7SUFDSCxDQUFDO0lBQ0QsdUZBQXVGO0lBQ3ZGLDZHQUE2RztJQUM3Ryw0REFBNEQ7SUFDNUQsSUFBSSxZQUFZLENBQUMsUUFBUSxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsNEZBQTRGLENBQzdGLENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTyx3QkFBd0IsQ0FBQyxZQUFZLEVBQUUsYUFBYSxDQUFDLENBQUM7QUFDL0QsQ0FBQyxDQUFDO0FBRUYsY0FBYyxXQUFXLENBQUM7QUFDMUIsT0FBTyxFQUFFLDZCQUE2QixFQUFFLE1BQU0sc0NBQXNDLENBQUM7QUFDckYsT0FBTyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDekUsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0saUNBQWlDLENBQUMifQ==
|
|
@@ -6,6 +6,8 @@ export { generateKeyPair } from './generateKeyPair.js';
|
|
|
6
6
|
export { keyAgreement } from './keyAgreement.js';
|
|
7
7
|
export { default as exportCryptoKey } from './exportCryptoKey.js';
|
|
8
8
|
export { generateRandomNumber } from './generateRandomNumber.js';
|
|
9
|
-
export { pemPublicToCrypto, pemCertToCrypto } from './pemPublicToCrypto.js';
|
|
9
|
+
export { pemPublicToCrypto, pemCertToCrypto, guessAlgorithmName, guessCurveName, toJwsAlg, RSA_OID, EC_OID, P256_OID, P384_OID, P521_OID, } from './pemPublicToCrypto.js';
|
|
10
10
|
export * as enums from './enums.js';
|
|
11
|
-
|
|
11
|
+
// PEM Formatting Utilities from tdf3
|
|
12
|
+
export { formatAsPem, removePemFormatting, isPemKeyPair, isCryptoKeyPair, } from '../../tdf3/src/crypto/crypto-utils.js';
|
|
13
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvY3J5cHRvL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdkMsT0FBTyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbEQsT0FBTyxFQUFFLE9BQU8sSUFBSSxNQUFNLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDaEQsT0FBTyxFQUFFLE9BQU8sSUFBSSxPQUFPLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDbEQsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ3ZELE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUNqRCxPQUFPLEVBQUUsT0FBTyxJQUFJLGVBQWUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQ2pFLE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsZUFBZSxFQUNmLGtCQUFrQixFQUNsQixjQUFjLEVBQ2QsUUFBUSxFQUNSLE9BQU8sRUFDUCxNQUFNLEVBQ04sUUFBUSxFQUNSLFFBQVEsRUFDUixRQUFRLEdBRVQsTUFBTSx3QkFBd0IsQ0FBQztBQUNoQyxPQUFPLEtBQUssS0FBSyxNQUFNLFlBQVksQ0FBQztBQUVwQyxxQ0FBcUM7QUFDckMsT0FBTyxFQUNMLFdBQVcsRUFDWCxtQkFBbUIsRUFDbkIsWUFBWSxFQUNaLGVBQWUsR0FDaEIsTUFBTSx1Q0FBdUMsQ0FBQyJ9
|
|
@@ -30,11 +30,12 @@ import { importX509 } from 'jose';
|
|
|
30
30
|
import { encodeArrayBuffer as hexEncodeArrayBuffer } from '../encodings/hex.js';
|
|
31
31
|
import { ConfigurationError, TdfError } from '../errors.js';
|
|
32
32
|
import { NamedCurve } from './enums.js';
|
|
33
|
-
|
|
34
|
-
const
|
|
35
|
-
const
|
|
36
|
-
const
|
|
37
|
-
const
|
|
33
|
+
// OID constants for algorithm detection (hex-encoded ASN.1 OIDs)
|
|
34
|
+
export const RSA_OID = '06092a864886f70d010101';
|
|
35
|
+
export const EC_OID = '06072a8648ce3d0201';
|
|
36
|
+
export const P256_OID = '06082a8648ce3d030107';
|
|
37
|
+
export const P384_OID = '06052b81040022';
|
|
38
|
+
export const P521_OID = '06052b81040023';
|
|
38
39
|
const SHA_512 = 'SHA-512';
|
|
39
40
|
const SPKI = 'spki';
|
|
40
41
|
const CERT_BEGIN = '-----BEGIN CERTIFICATE-----';
|
|
@@ -58,7 +59,7 @@ function guessKeyUsages(algorithmName, usages) {
|
|
|
58
59
|
return [];
|
|
59
60
|
}
|
|
60
61
|
}
|
|
61
|
-
function guessAlgorithmName(hex, algorithmName) {
|
|
62
|
+
export function guessAlgorithmName(hex, algorithmName) {
|
|
62
63
|
if (hex.includes(EC_OID)) {
|
|
63
64
|
if (!algorithmName || algorithmName === ECDH) {
|
|
64
65
|
return ECDH;
|
|
@@ -77,7 +78,7 @@ function guessAlgorithmName(hex, algorithmName) {
|
|
|
77
78
|
}
|
|
78
79
|
throw new TypeError(`Invalid public key, ${algorithmName}`);
|
|
79
80
|
}
|
|
80
|
-
function guessCurveName(hex) {
|
|
81
|
+
export function guessCurveName(hex) {
|
|
81
82
|
if (hex.includes(P256_OID)) {
|
|
82
83
|
return NamedCurve.P256;
|
|
83
84
|
}
|
|
@@ -129,9 +130,10 @@ export async function pemPublicToCrypto(pem, options = {
|
|
|
129
130
|
}
|
|
130
131
|
}
|
|
131
132
|
/**
|
|
133
|
+
* Detect JWS algorithm from hex-encoded key/certificate data.
|
|
132
134
|
* Look up JWK algorithm at https://github.com/panva/jose/issues/210
|
|
133
135
|
*/
|
|
134
|
-
function toJwsAlg(hex) {
|
|
136
|
+
export function toJwsAlg(hex) {
|
|
135
137
|
const a = guessAlgorithmName(hex);
|
|
136
138
|
if (a === ECDH) {
|
|
137
139
|
return 'ECDH-ES';
|
|
@@ -169,4 +171,4 @@ export async function pemCertToCrypto(pem, options = {
|
|
|
169
171
|
}
|
|
170
172
|
return key;
|
|
171
173
|
}
|
|
172
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
174
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVtUHVibGljVG9DcnlwdG8uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvY3J5cHRvL3BlbVB1YmxpY1RvQ3J5cHRvLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7O0dBT0c7QUFFSDs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBRUgsT0FBTyxLQUFLLE1BQU0sTUFBTSx3QkFBd0IsQ0FBQztBQUNqRCxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sTUFBTSxDQUFDO0FBQ2xDLE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxvQkFBb0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQ2hGLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxRQUFRLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDNUQsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUV4QyxpRUFBaUU7QUFDakUsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLHdCQUF3QixDQUFDO0FBQ2hELE1BQU0sQ0FBQyxNQUFNLE1BQU0sR0FBRyxvQkFBb0IsQ0FBQztBQUMzQyxNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsc0JBQXNCLENBQUM7QUFDL0MsTUFBTSxDQUFDLE1BQU0sUUFBUSxHQUFHLGdCQUFnQixDQUFDO0FBQ3pDLE1BQU0sQ0FBQyxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQztBQUN6QyxNQUFNLE9BQU8sR0FBRyxTQUFTLENBQUM7QUFDMUIsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDO0FBQ3BCLE1BQU0sVUFBVSxHQUFHLDZCQUE2QixDQUFDO0FBQ2pELE1BQU0sUUFBUSxHQUFHLDJCQUEyQixDQUFDO0FBRTdDLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQztBQUNwQixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUM7QUFDdEIsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDO0FBQzVCLE1BQU0sT0FBTyxHQUFHLFNBQVMsQ0FBQztBQVUxQixTQUFTLGNBQWMsQ0FBQyxhQUE0QixFQUFFLE1BQW1CO0lBQ3ZFLElBQUksTUFBTTtRQUFFLE9BQU8sTUFBTSxDQUFDO0lBQzFCLFFBQVEsYUFBYSxFQUFFLENBQUM7UUFDdEIsS0FBSyxLQUFLO1lBQ1IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BCLEtBQUssUUFBUTtZQUNYLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFDaEMsS0FBSyxPQUFPO1lBQ1YsT0FBTyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BCLEtBQUssSUFBSSxDQUFDO1FBQ1Y7WUFDRSxPQUFPLEVBQUUsQ0FBQztJQUNkLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLGtCQUFrQixDQUFDLEdBQVcsRUFBRSxhQUFzQjtJQUNwRSxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUN6QixJQUFJLENBQUMsYUFBYSxJQUFJLGFBQWEsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7YUFBTSxJQUFJLGFBQWEsS0FBSyxLQUFLLEVBQUUsQ0FBQztZQUNuQyxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7SUFDSCxDQUFDO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDakMsSUFBSSxDQUFDLGFBQWEsSUFBSSxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDakQsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQzthQUFNLElBQUksYUFBYSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3JDLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLENBQUM7SUFDSCxDQUFDO0lBQ0QsTUFBTSxJQUFJLFNBQVMsQ0FBQyx1QkFBdUIsYUFBYSxFQUFFLENBQUMsQ0FBQztBQUM5RCxDQUFDO0FBRUQsTUFBTSxVQUFVLGNBQWMsQ0FBQyxHQUFXO0lBQ3hDLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQzNCLE9BQU8sVUFBVSxDQUFDLElBQUksQ0FBQztJQUN6QixDQUFDO1NBQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDbEMsT0FBTyxVQUFVLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7U0FBTSxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNsQyxPQUFPLFVBQVUsQ0FBQyxJQUFJLENBQUM7SUFDekIsQ0FBQztJQUNELE1BQU0sSUFBSSxRQUFRLENBQUMsdUNBQXVDLENBQUMsQ0FBQztBQUM5RCxDQUFDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxpQkFBaUIsQ0FDckMsR0FBVyxFQUNYLFVBQW9DO0lBQ2xDLGFBQWEsRUFBRSxJQUFJO0NBQ3BCO0lBRUQsR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsNEJBQTRCLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDcEQsR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsMEJBQTBCLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbEQsTUFBTSxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbkMsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xELE1BQU0sR0FBRyxHQUFHLG9CQUFvQixDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRTlDLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDNUQsTUFBTSxTQUFTLEdBQUcsY0FBYyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFaEUsSUFBSSxhQUFhLEtBQUssSUFBSSxJQUFJLGFBQWEsS0FBSyxLQUFLLEVBQUUsQ0FBQztRQUN0RCxNQUFNLFVBQVUsR0FBRyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdkMsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDNUIsSUFBSSxFQUNKLFdBQVcsRUFDWDtZQUNFLElBQUksRUFBRSxhQUFhO1lBQ25CLFVBQVU7U0FDWCxFQUNELE9BQU8sQ0FBQyxhQUFhLEVBQ3JCLFNBQVMsQ0FDVixDQUFDO0lBQ0osQ0FBQztTQUFNLElBQUksYUFBYSxLQUFLLFFBQVEsSUFBSSxhQUFhLEtBQUssT0FBTyxFQUFFLENBQUM7UUFDbkUsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDNUIsSUFBSSxFQUNKLFdBQVcsRUFDWDtZQUNFLElBQUksRUFBRSxhQUFhO1lBQ25CLElBQUksRUFBRTtnQkFDSixJQUFJLEVBQUUsT0FBTyxDQUFDLElBQUksSUFBSSxPQUFPO2FBQzlCO1NBQ0YsRUFDRCxPQUFPLENBQUMsYUFBYSxFQUNyQixTQUFTLENBQ1YsQ0FBQztJQUNKLENBQUM7U0FBTSxDQUFDO1FBQ04sTUFBTSxJQUFJLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQzVDLENBQUM7QUFDSCxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxVQUFVLFFBQVEsQ0FBQyxHQUFXO0lBQ2xDLE1BQU0sQ0FBQyxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xDLElBQUksQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1FBQ2YsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztTQUFNLElBQUksQ0FBQyxLQUFLLEtBQUssRUFBRSxDQUFDO1FBQ3ZCLFFBQVEsY0FBYyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDNUIsS0FBSyxVQUFVLENBQUMsSUFBSTtnQkFDbEIsT0FBTyxPQUFPLENBQUM7WUFDakIsS0FBSyxVQUFVLENBQUMsSUFBSTtnQkFDbEIsT0FBTyxPQUFPLENBQUM7WUFDakIsS0FBSyxVQUFVLENBQUMsSUFBSTtnQkFDbEIsT0FBTyxPQUFPLENBQUM7UUFDbkIsQ0FBQztJQUNILENBQUM7U0FBTSxJQUFJLENBQUMsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUMxQixPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO1NBQU0sQ0FBQztRQUNOLE9BQU8sY0FBYyxDQUFDO0lBQ3hCLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxVQUFvQztJQUNsQyxhQUFhLEVBQUUsSUFBSTtDQUNwQjtJQUVELElBQUksR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3RDLEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNoQyxNQUFNLEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNuQyxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDbEQsTUFBTSxHQUFHLEdBQUcsb0JBQW9CLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDOUMsTUFBTSxNQUFNLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzdCLE1BQU0sR0FBRyxHQUFHLE1BQU0sVUFBVSxDQUFDLEdBQUcsRUFBRSxNQUFNLEVBQUUsRUFBRSxXQUFXLEVBQUUsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7SUFDbEYsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLEdBQUcsQ0FBQztJQUNyQixJQUFJLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUN0QixNQUFNLElBQUksa0JBQWtCLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUNELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyJ9
|
package/dist/web/src/opentdf.js
CHANGED
|
@@ -2,6 +2,7 @@ import { ConfigurationError, InvalidFileError } from './errors.js';
|
|
|
2
2
|
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
3
3
|
import { fromSource, sourceToStream } from './seekable.js';
|
|
4
4
|
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
5
|
+
import * as DefaultCryptoService from '../tdf3/src/crypto/index.js';
|
|
5
6
|
import { OriginAllowList, fetchKeyAccessServers, isPublicKeyAlgorithm, } from './access.js';
|
|
6
7
|
import { decryptStreamFrom, loadTDFStream, } from '../tdf3/src/tdf.js';
|
|
7
8
|
import { base64 } from './encodings/index.js';
|
|
@@ -38,7 +39,7 @@ export { isPublicKeyAlgorithm, };
|
|
|
38
39
|
* ```
|
|
39
40
|
*/
|
|
40
41
|
export class OpenTDF {
|
|
41
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, }) {
|
|
42
|
+
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
42
43
|
this.authProvider = authProvider;
|
|
43
44
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
44
45
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
@@ -50,21 +51,17 @@ export class OpenTDF {
|
|
|
50
51
|
console.warn("Warning: 'platformUrl' is required for security to ensure the SDK uses the platform-configured Key Access Server list");
|
|
51
52
|
}
|
|
52
53
|
this.policyEndpoint = policyEndpoint || '';
|
|
54
|
+
this.cryptoService = cryptoService ?? DefaultCryptoService;
|
|
53
55
|
this.tdf3Client = new TDF3Client({
|
|
54
56
|
authProvider,
|
|
55
57
|
dpopKeys,
|
|
56
58
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
57
59
|
platformUrl,
|
|
58
60
|
policyEndpoint,
|
|
61
|
+
cryptoService: this.cryptoService,
|
|
59
62
|
});
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
crypto.subtle.generateKey({
|
|
63
|
-
name: 'RSASSA-PKCS1-v1_5',
|
|
64
|
-
hash: 'SHA-256',
|
|
65
|
-
modulusLength: 2048,
|
|
66
|
-
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
|
|
67
|
-
}, true, ['sign', 'verify']);
|
|
63
|
+
// Use CryptoService for key generation (returns opaque KeyPair)
|
|
64
|
+
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
68
65
|
}
|
|
69
66
|
/** Creates a new ZTDF stream. */
|
|
70
67
|
async createZTDF(opts) {
|
|
@@ -247,4 +244,4 @@ class ZTDFReader {
|
|
|
247
244
|
return this.requiredObligations ?? { fqns: [] };
|
|
248
245
|
}
|
|
249
246
|
}
|
|
250
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
247
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNuRSxPQUFPLEVBQUUsTUFBTSxJQUFJLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ25FLE9BQU8sRUFBVyxVQUFVLEVBQUUsY0FBYyxFQUFlLE1BQU0sZUFBZSxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLDZCQUE2QixDQUFDO0FBTXBFLE9BQU8sRUFFTCxlQUFlLEVBQ2YscUJBQXFCLEVBQ3JCLG9CQUFvQixHQUNyQixNQUFNLGFBQWEsQ0FBQztBQVNyQixPQUFPLEVBQ0wsaUJBQWlCLEVBRWpCLGFBQWEsR0FFZCxNQUFNLG9CQUFvQixDQUFDO0FBQzVCLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUc5QyxPQUFPLEVBV0wsb0JBQW9CLEdBQ3JCLENBQUM7QUFpTEY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQU0sT0FBTyxPQUFPO0lBb0JsQixZQUFZLEVBQ1YsWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsQ0FBQyxXQUFXLENBQUM7UUFDakMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUNqQyxDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUhBQXVILENBQ3hILENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQzNDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxJQUFJLG9CQUFvQixDQUFDO1FBQzNELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUM7WUFDL0IsWUFBWTtZQUNaLFFBQVE7WUFDUixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsSUFBSSw4QkFBOEI7WUFDL0QsV0FBVztZQUNYLGNBQWM7WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBQ0gsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztJQUMxRSxDQUFDO0lBRUQsaUNBQWlDO0lBQ2pDLEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBdUI7UUFDdEMsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDO1lBRXpDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7WUFDdkMsYUFBYSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsYUFBYTtZQUNuQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsa0JBQWtCO1lBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsS0FBSyxFQUFFO2dCQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTthQUM1QjtZQUNELFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0Isb0JBQW9CLEVBQUUsSUFBSSxDQUFDLG9CQUFvQjtZQUMvQyxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7U0FDcEMsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsSUFBSSxDQUFDLElBQWlCO1FBQ3BCLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDL0MsT0FBTyxJQUFJLGlCQUFpQixDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBaUI7UUFDMUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvQixPQUFPLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRUQsOERBQThEO0lBQzlELEtBQUs7UUFDSCxnREFBZ0Q7SUFDbEQsQ0FBQztDQUNGO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELElBQUksU0FBc0MsQ0FBQztRQUUzQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdkUsU0FBUyxHQUFHLElBQUksZUFBZSxDQUM3QixJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsRUFDbkMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQzFCLENBQUM7UUFDSixDQUFDO2FBQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pDLFNBQVMsR0FBRyxNQUFNLHFCQUFxQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxpQkFBaUIsQ0FDdkM7WUFDRSxTQUFTO1lBQ1QsWUFBWTtZQUNaLE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNwQixnQkFBZ0IsRUFBRSxDQUFDO1lBQ25CLGFBQWE7WUFDYixRQUFRO1lBQ1IsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsdUJBQXVCO1lBQ3pFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzdCLGVBQWUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxlQUFlO1lBQ3pELHlCQUF5QjtZQUN6QixrQkFBa0I7WUFDbEIsb0JBQW9CO1lBQ3BCLHNCQUFzQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMseUJBQXlCLElBQUksRUFBRTtTQUNsRSxFQUNELFFBQVEsQ0FDVCxDQUFDO1FBQ0YsSUFBSSxDQUFDLG1CQUFtQixHQUFHO1lBQ3pCLElBQUksRUFBRSxTQUFTLENBQUMsV0FBVyxFQUFFO1NBQzlCLENBQUM7UUFDRixNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3JELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLO1FBQ1QseURBQXlEO0lBQzNELENBQUM7SUFFRCw0Q0FBNEM7SUFDNUMsS0FBSyxDQUFDLFFBQVE7UUFDWixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsT0FBTyxRQUFRLENBQUMsUUFBUSxDQUFDO0lBQzNCLENBQUM7SUFFRCw4Q0FBOEM7SUFDOUMsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN2QyxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBVyxDQUFDO1FBQ2hELE9BQU8sTUFBTSxFQUFFLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVztRQUNmLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2xELENBQUM7Q0FDRiJ9
|
package/dist/web/tdf3/index.js
CHANGED
|
@@ -10,6 +10,7 @@ import * as AuthProviders from '../src/auth/providers.js';
|
|
|
10
10
|
import { version, clientType } from '../src/version.js';
|
|
11
11
|
import { Algorithms } from './src/ciphers/algorithms.js';
|
|
12
12
|
export { AesGcmCipher, Algorithms, AuthProviders, Binary, Client, DecoratedReadableStream, DecryptParamsBuilder, EncryptParamsBuilder, Errors, HttpRequest, SplitKey, TDF3Client, clientType, createSessionKeys, withHeaders, version, };
|
|
13
|
-
export
|
|
13
|
+
export { DefaultCryptoService as WebCryptoService } from './src/crypto/index.js';
|
|
14
|
+
// export the other methods from crypto/index.js that aren't part of CryptoService but are needed for JWT handling
|
|
14
15
|
export { OpenTDF, } from '../src/opentdf.js';
|
|
15
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
16
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QyxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx5Q0FBeUMsQ0FBQztBQUNsRixPQUFPLEVBRUwsb0JBQW9CLEVBT3BCLG9CQUFvQixHQUVyQixNQUFNLDBCQUEwQixDQUFDO0FBQ2xDLE9BQU8sRUFBcUIsaUJBQWlCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQW9CN0UsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDNUQsT0FBTyxFQUVMLFFBQVEsR0FFVCxNQUFNLHdDQUF3QyxDQUFDO0FBQ2hELE9BQU8sRUFBaUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzlGLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUMvRCxPQUFPLEtBQUssYUFBYSxNQUFNLDBCQUEwQixDQUFDO0FBQzFELE9BQU8sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDeEQsT0FBTyxFQUFFLFVBQVUsRUFBeUMsTUFBTSw2QkFBNkIsQ0FBQztBQWlDaEcsT0FBTyxFQUNMLFlBQVksRUFDWixVQUFVLEVBQ1YsYUFBYSxFQUNiLE1BQU0sRUFDTixNQUFNLEVBRU4sdUJBQXVCLEVBRXZCLG9CQUFvQixFQUlwQixvQkFBb0IsRUFDcEIsTUFBTSxFQUNOLFdBQVcsRUFFWCxRQUFRLEVBQ1IsVUFBVSxFQUNWLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsV0FBVyxFQUNYLE9BQU8sR0FDUixDQUFDO0FBRUYsT0FBTyxFQUFFLG9CQUFvQixJQUFJLGdCQUFnQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDakYsa0hBQWtIO0FBQ2xILE9BQU8sRUFRTCxPQUFPLEdBQ1IsTUFBTSxtQkFBbUIsQ0FBQyJ9
|
|
@@ -1,36 +1,60 @@
|
|
|
1
1
|
import { canonicalizeEx } from 'json-canonicalize';
|
|
2
|
-
import { SignJWT, jwtVerify, importJWK, importX509 } from 'jose';
|
|
3
2
|
import { base64, hex } from '../../src/encodings/index.js';
|
|
4
3
|
import { ConfigurationError, IntegrityError, InvalidFileError } from '../../src/errors.js';
|
|
5
4
|
import { tdfSpecVersion, version as sdkVersion } from '../../src/version.js';
|
|
5
|
+
import { decodeProtectedHeader, signJwt, verifyJwt } from './crypto/jwt.js';
|
|
6
6
|
/**
|
|
7
7
|
* Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
|
|
8
8
|
*
|
|
9
|
+
* @param a - The assertion to hash
|
|
10
|
+
* @param cryptoService - The crypto service to use for hashing
|
|
9
11
|
* @returns the hexadecimal string representation of the hash
|
|
10
12
|
*/
|
|
11
|
-
export async function hash(a) {
|
|
13
|
+
export async function hash(a, cryptoService) {
|
|
12
14
|
const result = canonicalizeEx(a, {
|
|
13
15
|
exclude: ['binding', 'hash', 'sign', 'verify', 'signingKey'],
|
|
14
16
|
});
|
|
15
|
-
const
|
|
16
|
-
return hex.encodeArrayBuffer(
|
|
17
|
+
const hashBytes = await cryptoService.digest('SHA-256', new TextEncoder().encode(result));
|
|
18
|
+
return hex.encodeArrayBuffer(hashBytes.buffer);
|
|
17
19
|
}
|
|
18
20
|
/**
|
|
19
21
|
* Signs the given hash and signature using the provided key and sets the binding method and signature.
|
|
20
22
|
*
|
|
21
|
-
* @param
|
|
23
|
+
* @param thiz - The assertion to sign.
|
|
24
|
+
* @param assertionHash - The hash to be signed.
|
|
22
25
|
* @param sig - The signature to be signed.
|
|
23
|
-
* @param
|
|
24
|
-
* @
|
|
26
|
+
* @param key - The key used for signing.
|
|
27
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
28
|
+
* @returns A promise that resolves to the signed assertion.
|
|
25
29
|
*/
|
|
26
|
-
async function sign(thiz, assertionHash, sig, key) {
|
|
30
|
+
async function sign(thiz, assertionHash, sig, key, cryptoService) {
|
|
27
31
|
const payload = {
|
|
28
32
|
assertionHash,
|
|
29
33
|
assertionSig: sig,
|
|
30
34
|
};
|
|
35
|
+
const header = { alg: key.alg };
|
|
36
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PublicKey') {
|
|
37
|
+
throw new ConfigurationError('Cannot sign assertion with PublicKey. Use PrivateKey or SymmetricKey for signing.');
|
|
38
|
+
}
|
|
39
|
+
let signingMaterial;
|
|
40
|
+
if (typeof key.key === 'string') {
|
|
41
|
+
if (!cryptoService.importPrivateKey) {
|
|
42
|
+
throw new ConfigurationError('CryptoService does not support importing private keys. Cannot sign assertion with a PEM string. Use PrivateKey or SymmetricKey for signing.');
|
|
43
|
+
}
|
|
44
|
+
signingMaterial = await cryptoService.importPrivateKey(key.key, {
|
|
45
|
+
usage: 'sign',
|
|
46
|
+
extractable: false,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
else if (key.key instanceof Uint8Array) {
|
|
50
|
+
signingMaterial = await cryptoService.importSymmetricKey(key.key);
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
signingMaterial = key.key;
|
|
54
|
+
}
|
|
31
55
|
let token;
|
|
32
56
|
try {
|
|
33
|
-
token = await
|
|
57
|
+
token = await signJwt(cryptoService, payload, signingMaterial, header);
|
|
34
58
|
}
|
|
35
59
|
catch (error) {
|
|
36
60
|
throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error);
|
|
@@ -61,31 +85,44 @@ export function isAssertionConfig(obj) {
|
|
|
61
85
|
/**
|
|
62
86
|
* Verifies the signature of the assertion using the provided key.
|
|
63
87
|
*
|
|
64
|
-
* @param
|
|
65
|
-
* @
|
|
66
|
-
* @
|
|
88
|
+
* @param thiz - The assertion to verify.
|
|
89
|
+
* @param aggregateHash - The aggregate hash for integrity checking.
|
|
90
|
+
* @param key - The key used for verification.
|
|
91
|
+
* @param isLegacyTDF - Whether this is a legacy TDF format.
|
|
92
|
+
* @param cryptoService - The crypto service to use for verification.
|
|
93
|
+
* @throws {InvalidFileError} If the verification fails.
|
|
94
|
+
* @throws {IntegrityError} If the integrity check fails.
|
|
67
95
|
*/
|
|
68
|
-
export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
96
|
+
export async function verify(thiz, aggregateHash, key, isLegacyTDF, cryptoService) {
|
|
69
97
|
let payload;
|
|
70
98
|
try {
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
99
|
+
// Parse JWT header to check for embedded keys (jwk or x5c)
|
|
100
|
+
const header = decodeProtectedHeader(thiz.binding.signature);
|
|
101
|
+
// Runtime check: ensure we have a verification key, not a signing key
|
|
102
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PrivateKey') {
|
|
103
|
+
throw new ConfigurationError('Cannot verify assertion with PrivateKey. Use PublicKey or SymmetricKey for verification.');
|
|
104
|
+
}
|
|
105
|
+
let verificationKey = key.key;
|
|
106
|
+
if (header.jwk) {
|
|
107
|
+
// Convert embedded JWK to PEM
|
|
108
|
+
verificationKey = await cryptoService.jwkToPublicKeyPem(header.jwk);
|
|
109
|
+
}
|
|
110
|
+
else if (header.x5c && Array.isArray(header.x5c) && header.x5c.length > 0) {
|
|
111
|
+
// Extract public key from X.509 certificate
|
|
112
|
+
const cert = `-----BEGIN CERTIFICATE-----\n${header.x5c[0]}\n-----END CERTIFICATE-----`;
|
|
113
|
+
verificationKey = await cryptoService.extractPublicKeyPem(cert);
|
|
114
|
+
}
|
|
115
|
+
const result = await verifyJwt(cryptoService, thiz.binding.signature, verificationKey, {
|
|
116
|
+
algorithms: [key.alg],
|
|
80
117
|
});
|
|
81
|
-
payload =
|
|
118
|
+
payload = result.payload;
|
|
82
119
|
}
|
|
83
120
|
catch (error) {
|
|
84
121
|
throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
|
|
85
122
|
}
|
|
86
123
|
const { assertionHash, assertionSig } = payload;
|
|
87
124
|
// Get the hash of the assertion
|
|
88
|
-
const hashOfAssertion = await hash(thiz);
|
|
125
|
+
const hashOfAssertion = await hash(thiz, cryptoService);
|
|
89
126
|
// check if assertionHash is same as hashOfAssertion
|
|
90
127
|
if (hashOfAssertion !== assertionHash) {
|
|
91
128
|
throw new IntegrityError('Assertion hash mismatch');
|
|
@@ -107,11 +144,14 @@ export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
|
107
144
|
}
|
|
108
145
|
/**
|
|
109
146
|
* Creates an Assertion object with the specified properties.
|
|
147
|
+
*
|
|
148
|
+
* @param aggregateHash - The aggregate hash for the assertion.
|
|
149
|
+
* @param assertionConfig - The configuration for the assertion.
|
|
150
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
151
|
+
* @param targetVersion - The target TDF spec version.
|
|
152
|
+
* @returns The created assertion.
|
|
110
153
|
*/
|
|
111
|
-
|
|
112
|
-
* Creates an Assertion object with the specified properties.
|
|
113
|
-
*/
|
|
114
|
-
export async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
154
|
+
export async function CreateAssertion(aggregateHash, assertionConfig, cryptoService, targetVersion) {
|
|
115
155
|
if (!assertionConfig.signingKey) {
|
|
116
156
|
throw new ConfigurationError('Assertion signing key is required');
|
|
117
157
|
}
|
|
@@ -124,7 +164,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
124
164
|
// empty binding
|
|
125
165
|
binding: { method: '', signature: '' },
|
|
126
166
|
};
|
|
127
|
-
const assertionHash = await hash(a);
|
|
167
|
+
const assertionHash = await hash(a, cryptoService);
|
|
128
168
|
let encodedHash;
|
|
129
169
|
switch (targetVersion || '4.3.0') {
|
|
130
170
|
case '4.2.2':
|
|
@@ -143,7 +183,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
143
183
|
default:
|
|
144
184
|
throw new ConfigurationError(`Unsupported TDF spec version: [${targetVersion}]`);
|
|
145
185
|
}
|
|
146
|
-
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
|
|
186
|
+
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey, cryptoService);
|
|
147
187
|
}
|
|
148
188
|
/**
|
|
149
189
|
* Returns a default assertion configuration populated with system metadata.
|
|
@@ -185,4 +225,4 @@ function concatenateUint8Arrays(array1, array2) {
|
|
|
185
225
|
combinedArray.set(array2, array1.length);
|
|
186
226
|
return combinedArray;
|
|
187
227
|
}
|
|
188
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
228
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ25ELE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE1BQU0sOEJBQThCLENBQUM7QUFDM0QsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGNBQWMsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzNGLE9BQU8sRUFBRSxjQUFjLEVBQUUsT0FBTyxJQUFJLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBTzdFLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFrQixNQUFNLGlCQUFpQixDQUFDO0FBb0M1Rjs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLElBQUksQ0FBQyxDQUFZLEVBQUUsYUFBNEI7SUFDbkUsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLENBQUMsRUFBRTtRQUMvQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsWUFBWSxDQUFDO0tBQzdELENBQUMsQ0FBQztJQUVILE1BQU0sU0FBUyxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUMxRixPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDakQsQ0FBQztBQUVEOzs7Ozs7Ozs7R0FTRztBQUNILEtBQUssVUFBVSxJQUFJLENBQ2pCLElBQWUsRUFDZixhQUFxQixFQUNyQixHQUFXLEVBQ1gsR0FBaUIsRUFDakIsYUFBNEI7SUFFNUIsTUFBTSxPQUFPLEdBQXFCO1FBQ2hDLGFBQWE7UUFDYixZQUFZLEVBQUUsR0FBRztLQUNsQixDQUFDO0lBRUYsTUFBTSxNQUFNLEdBQWMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDO0lBRTNDLElBQUksT0FBTyxHQUFHLENBQUMsR0FBRyxLQUFLLFFBQVEsSUFBSSxRQUFRLElBQUksR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUN6RixNQUFNLElBQUksa0JBQWtCLENBQzFCLG1GQUFtRixDQUNwRixDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksZUFBMEMsQ0FBQztJQUMvQyxJQUFJLE9BQU8sR0FBRyxDQUFDLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNoQyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiw2SUFBNkksQ0FDOUksQ0FBQztRQUNKLENBQUM7UUFDRCxlQUFlLEdBQUcsTUFBTSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5RCxLQUFLLEVBQUUsTUFBTTtZQUNiLFdBQVcsRUFBRSxLQUFLO1NBQ25CLENBQUMsQ0FBQztJQUNMLENBQUM7U0FBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLFlBQVksVUFBVSxFQUFFLENBQUM7UUFDekMsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNwRSxDQUFDO1NBQU0sQ0FBQztRQUNOLGVBQWUsR0FBRyxHQUFHLENBQUMsR0FBZ0MsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxLQUFhLENBQUM7SUFDbEIsSUFBSSxDQUFDO1FBQ0gsS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQztJQUM1QixJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsR0FBRyxLQUFLLENBQUM7SUFDL0IsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDO0FBRUQsNEdBQTRHO0FBQzVHLE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxHQUFZO0lBQzVDLE9BQU8sQ0FDTCxDQUFDLENBQUMsR0FBRztRQUNMLE9BQU8sR0FBRyxLQUFLLFFBQVE7UUFDdkIsSUFBSSxJQUFJLEdBQUc7UUFDWCxPQUFPLEdBQUcsQ0FBQyxFQUFFLEtBQUssUUFBUTtRQUMxQixNQUFNLElBQUksR0FBRztRQUNiLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUM7UUFDakQsT0FBTyxJQUFJLEdBQUc7UUFDZCxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEtBQUssU0FBUyxDQUFDO1FBQ2hELGdCQUFnQixJQUFJLEdBQUc7UUFDdkIsQ0FBQyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVcsSUFBSSxHQUFHLENBQUMsY0FBYyxLQUFLLGFBQWEsQ0FBQztRQUM1RSxXQUFXLElBQUksR0FBRztRQUNsQixDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVM7UUFDZixPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUTtRQUNqQyxRQUFRLElBQUksR0FBRyxDQUFDLFNBQVM7UUFDekIsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLE9BQU8sSUFBSSxHQUFHLENBQUMsU0FBUyxDQUN6QixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE1BQU0sQ0FDMUIsSUFBZSxFQUNmLGFBQXlCLEVBQ3pCLEdBQWlCLEVBQ2pCLFdBQW9CLEVBQ3BCLGFBQTRCO0lBRTVCLElBQUksT0FBeUIsQ0FBQztJQUM5QixJQUFJLENBQUM7UUFDSCwyREFBMkQ7UUFDM0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUU3RCxzRUFBc0U7UUFDdEUsSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxJQUFJLFFBQVEsSUFBSSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLFlBQVksRUFBRSxDQUFDO1lBQzFGLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsMEZBQTBGLENBQzNGLENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxlQUFlLEdBQW1ELEdBQUcsQ0FBQyxHQUFHLENBQUM7UUFFOUUsSUFBSSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDZiw4QkFBOEI7WUFDOUIsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxHQUFpQixDQUFDLENBQUM7UUFDcEYsQ0FBQzthQUFNLElBQUksTUFBTSxDQUFDLEdBQUcsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1RSw0Q0FBNEM7WUFDNUMsTUFBTSxJQUFJLEdBQUcsZ0NBQWdDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLDZCQUE2QixDQUFDO1lBQ3hGLGVBQWUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxTQUFTLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLGVBQWUsRUFBRTtZQUNyRixVQUFVLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDO1NBQ3RCLENBQUMsQ0FBQztRQUNILE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBMkIsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywrQkFBK0IsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUVoRCxnQ0FBZ0M7SUFDaEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBRXhELG9EQUFvRDtJQUNwRCxJQUFJLGVBQWUsS0FBSyxhQUFhLEVBQUUsQ0FBQztRQUN0QyxNQUFNLElBQUksY0FBYyxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELElBQUksV0FBbUIsQ0FBQztJQUN4QixJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sWUFBWSxHQUFHLGtCQUFrQixHQUFHLGVBQWUsQ0FBQztRQUMxRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUM1QyxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sWUFBWSxHQUFHLHNCQUFzQixDQUN6QyxhQUFhLEVBQ2IsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQ3JELENBQUM7UUFDRixXQUFXLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCwrQ0FBK0M7SUFDL0MsSUFBSSxZQUFZLEtBQUssV0FBVyxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLGNBQWMsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO0lBQzVFLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsYUFBa0MsRUFDbEMsZUFBZ0MsRUFDaEMsYUFBNEIsRUFDNUIsYUFBc0I7SUFFdEIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksa0JBQWtCLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLEdBQWM7UUFDbkIsRUFBRSxFQUFFLGVBQWUsQ0FBQyxFQUFFO1FBQ3RCLElBQUksRUFBRSxlQUFlLENBQUMsSUFBSTtRQUMxQixLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUs7UUFDNUIsY0FBYyxFQUFFLGVBQWUsQ0FBQyxjQUFjO1FBQzlDLFNBQVMsRUFBRSxlQUFlLENBQUMsU0FBUztRQUNwQyxnQkFBZ0I7UUFDaEIsT0FBTyxFQUFFLEVBQUUsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFO0tBQ3ZDLENBQUM7SUFFRixNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDbkQsSUFBSSxXQUFtQixDQUFDO0lBQ3hCLFFBQVEsYUFBYSxJQUFJLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1lBQzdGLENBQUM7WUFDRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLENBQUM7WUFDM0QsTUFBTTtRQUNSLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxZQUFZLEdBQUcsc0JBQXNCLENBQ3pDLGFBQWEsRUFDYixJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FDckQsQ0FBQztZQUNGLFdBQVcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDckQsTUFBTTtRQUNSO1lBQ0UsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtDQUFrQyxhQUFhLEdBQUcsQ0FBQyxDQUFDO0lBQ3JGLENBQUM7SUFFRCxPQUFPLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxVQUFVLEVBQUUsYUFBYSxDQUFDLENBQUM7QUFDOUYsQ0FBQztBQStDRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQ0FBZ0M7SUFDOUMsSUFBSSxrQkFBa0IsR0FBRyxTQUFTLENBQUM7SUFDbkMsSUFBSSxPQUFPLFNBQVMsS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUNyQyxJQUFJLE9BQU8sU0FBUyxDQUFDLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM1QyxrQkFBa0IsR0FBRyxTQUFTLENBQUMsU0FBUyxDQUFDO1FBQzNDLENBQUM7YUFBTSxJQUFJLE9BQU8sU0FBUyxDQUFDLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsRCxrQkFBa0IsR0FBRyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMscUNBQXFDO1FBQ2hGLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQW1CO1FBQy9CLGdCQUFnQixFQUFFLGNBQWM7UUFDaEMsYUFBYSxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO1FBQ3ZDLFdBQVcsRUFBRSxNQUFNLFVBQVUsRUFBRSxFQUFFLDhDQUE4QztRQUMvRSxrQkFBa0IsRUFBRSxPQUFPLFNBQVMsS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEYsUUFBUSxFQUFFLGtCQUFrQjtLQUM3QixDQUFDO0lBRUYsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUU5QyxPQUFPO1FBQ0wsRUFBRSxFQUFFLGlCQUFpQixFQUFFLDJDQUEyQztRQUNsRSxJQUFJLEVBQUUsT0FBTyxFQUFFLHVDQUF1QztRQUN0RCxLQUFLLEVBQUUsS0FBSyxFQUFFLCtEQUErRDtRQUM3RSxjQUFjLEVBQUUsYUFBYSxFQUFFLDZEQUE2RDtRQUM1RixTQUFTLEVBQUU7WUFDVCxNQUFNLEVBQUUsTUFBTTtZQUNkLE1BQU0sRUFBRSxvQkFBb0IsRUFBRSxrQ0FBa0M7WUFDaEUsS0FBSyxFQUFFLFlBQVk7U0FDcEI7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVELFNBQVMsc0JBQXNCLENBQUMsTUFBa0IsRUFBRSxNQUFrQjtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDckQsTUFBTSxhQUFhLEdBQUcsSUFBSSxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFckQsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDN0IsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXpDLE9BQU8sYUFBYSxDQUFDO0FBQ3ZCLENBQUMifQ==
|
|
@@ -49,4 +49,4 @@ export class AesGcmCipher extends SymmetricCipher {
|
|
|
49
49
|
return this.cryptoService.decrypt(payload, key, payloadIv, Algorithms.AES_256_GCM, payloadAuthTag);
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
52
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWVzLWdjbS1jaXBoZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2Flcy1nY20tY2lwaGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzdDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM3RCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFTaEQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0FBQ3RCLE1BQU0sU0FBUyxHQUFHLEVBQUUsQ0FBQztBQU9yQiwrQ0FBK0M7QUFDL0MsU0FBUyxpQkFBaUIsQ0FBQyxNQUFtQjtJQUM1Qyx1REFBdUQ7SUFDdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRTlELG9FQUFvRTtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRWpFLE9BQU87UUFDTCxPQUFPLEVBQUUsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RELFNBQVM7UUFDVCxjQUFjO0tBQ2YsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLE9BQU8sWUFBYSxTQUFRLGVBQWU7SUFDL0MsWUFBWSxhQUE0QjtRQUN0QyxLQUFLLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDckIsSUFBSSxDQUFDLElBQUksR0FBRyxhQUFhLENBQUM7UUFDMUIsSUFBSSxDQUFDLFFBQVEsR0FBRyxTQUFTLENBQUM7UUFDMUIsSUFBSSxDQUFDLFNBQVMsR0FBRyxVQUFVLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDTSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQWUsRUFBRSxHQUFpQixFQUFFLEVBQVU7UUFDbkUsTUFBTSxRQUFRLEdBQWlCLEVBQUUsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLEVBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbEQsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUM5RCxJQUFJLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFDRCxNQUFNLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3RFLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRDs7O09BR0c7SUFDSCw2REFBNkQ7SUFDcEQsS0FBSyxDQUFDLE9BQU8sQ0FDcEIsTUFBbUIsRUFDbkIsR0FBaUIsRUFDakIsRUFBVztRQUVYLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXpFLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQy9CLE9BQU8sRUFDUCxHQUFHLEVBQ0gsU0FBUyxFQUNULFVBQVUsQ0FBQyxXQUFXLEVBQ3RCLGNBQWMsQ0FDZixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { encodeArrayBuffer as hexEncode } from '../../../src/encodings/hex.js';
|
|
1
2
|
export class SymmetricCipher {
|
|
2
3
|
constructor(cryptoService) {
|
|
3
4
|
this.cryptoService = cryptoService;
|
|
@@ -6,7 +7,8 @@ export class SymmetricCipher {
|
|
|
6
7
|
if (!this.ivLength) {
|
|
7
8
|
throw Error('No iv length');
|
|
8
9
|
}
|
|
9
|
-
|
|
10
|
+
const bytes = await this.cryptoService.randomBytes(this.ivLength);
|
|
11
|
+
return hexEncode(bytes.buffer);
|
|
10
12
|
}
|
|
11
13
|
async generateKey() {
|
|
12
14
|
if (!this.keyLength) {
|
|
@@ -15,4 +17,4 @@ export class SymmetricCipher {
|
|
|
15
17
|
return this.cryptoService.generateKey(this.keyLength);
|
|
16
18
|
}
|
|
17
19
|
}
|
|
18
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3ltbWV0cmljLWNpcGhlci1iYXNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY2lwaGVycy9zeW1tZXRyaWMtY2lwaGVyLWJhc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBT0EsT0FBTyxFQUFFLGlCQUFpQixJQUFJLFNBQVMsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBRS9FLE1BQU0sT0FBZ0IsZUFBZTtJQVNuQyxZQUFZLGFBQTRCO1FBQ3RDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCO1FBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbkIsTUFBTSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3BCLE1BQU0sS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQy9CLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUN4RCxDQUFDO0NBS0YifQ==
|