@opentdf/sdk 0.9.0-beta.92 → 0.9.0-beta.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +17 -11
- package/dist/cjs/src/opentdf.js +40 -10
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +13 -4
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +11 -9
- package/dist/web/src/opentdf.js +7 -10
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +11 -9
- package/src/opentdf.ts +19 -14
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;AAazE,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAgB,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAI3F,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAEL,aAAa,EACb,OAAO,EACP,QAAQ,EACR,MAAM,EACN,QAAQ,EAER,SAAS,EACT,eAAe,EACf,SAAS,EACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAwC,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAczD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;AAEpD,MAAM,MAAM,QAAQ,GAAG,OAAO,CAAC;AAE/B,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,GAAG,CAAC,EAAE,qBAAqB,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAeF,KAAK,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG;IAC7B,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAChC,CAAC;AAiBF,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,OAAO,CAAC;AAElD,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,qBAAqB,EAAE,QAAQ,CAAC;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,aAAa,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAE7B,QAAQ,EAAE,OAAO,CAAC;IAElB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAE3B,UAAU,EAAE,SAAS,CAAC;IAEtB,eAAe,EAAE,QAAQ,CAAC;IAE1B,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,CAAC;AAElD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,qBAAqB,EACjC,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,gBAAgB,CAAC,CAQ3B;AAED,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,qBAAqB,EAC1B,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,MAAM,CAAC,CAKjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAAC,EACnC,IAAI,EACJ,GAAG,EACH,SAAS,EACT,GAAG,EACH,QAAQ,EACR,GAAQ,EACR,GAAgB,EAChB,aAAa,GACd,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CA2BrC;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAYzD;AA+ED,wBAAsB,WAAW,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAoT7F;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;CACtC,CAAC;AAGF,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAKnF;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,eAAe,EAAE,EAC5B,YAAY,EAAE,eAAe,GAC5B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CA6BjD;AA4UD,wBAAsB,eAAe,CAAC,EACpC,MAAM,EACN,gBAAgB,EAChB,KAAK,EACL,MAAM,EACN,aAAa,EACb,yBAAyB,EACzB,WAAW,GACZ,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,gBAAgB,EAAE,YAAY,CAAC;IAC/B,KAAK,EAAE,KAAK,EAAE,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;CACrB,iBAkCA;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,oBAAoB,oCAGzD;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,oBAAoB,EACzB,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,oBAAoB,oCA8JhE"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { KeyInfo } from '../models/index.js';
|
|
2
|
+
import { type CryptoService } from '../crypto/declarations.js';
|
|
2
3
|
export { ZipReader, readUInt64LE } from './zip-reader.js';
|
|
3
4
|
export { ZipWriter } from './zip-writer.js';
|
|
4
5
|
export { keySplit, keyMerge } from './keysplit.js';
|
|
@@ -21,11 +22,11 @@ export declare function base64ToBytes(str: string): Uint8Array;
|
|
|
21
22
|
*
|
|
22
23
|
* @returns {Object}:
|
|
23
24
|
* {
|
|
24
|
-
* keyForEncryption:
|
|
25
|
-
* keyForManifest:
|
|
25
|
+
* keyForEncryption: KeyInfo;
|
|
26
|
+
* keyForManifest: KeyInfo;
|
|
26
27
|
* }
|
|
27
28
|
*/
|
|
28
|
-
export declare function keyMiddleware(): Promise<{
|
|
29
|
+
export declare function keyMiddleware(cryptoService: CryptoService): Promise<{
|
|
29
30
|
keyForEncryption: KeyInfo;
|
|
30
31
|
keyForManifest: KeyInfo;
|
|
31
32
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/utils/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,oBAAoB,CAAC;AAGvD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAG/D,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAEtE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAc1F,wBAAgB,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,UAAU,CAcjE;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAQ3E;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAE3E;AAED,wBAAgB,YAAY,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAG7E;AAED,wBAAgB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAGzF;AAED,wBAAgB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAKzF;AAED,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,UAAU,EAClB,WAAW,GAAE,MAAU,EACvB,WAAW,GAAE,MAAU,EACvB,SAAS,GAAE,MAAsB,GAChC,MAAM,CAIR;AAqCD,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,QAAQ,GAAE,iBAA0B,EACpC,KAAK,SAAI,EACT,GAAG,SAAgB,UA+BpB;AAGD,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CA6E7E;AAgDD,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAErD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,aAAa,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC;IACzE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC,CAQD"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OriginAllowList } from '../access.js';
|
|
2
2
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
|
-
import {
|
|
3
|
+
import { validateSecureUrl } from '../utils.js';
|
|
4
4
|
/**
|
|
5
5
|
* Get a rewrapped access key to the document, if possible
|
|
6
6
|
* @param url Key access server rewrap endpoint
|
|
@@ -141,11 +141,10 @@ export async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
141
141
|
throw new NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
|
|
142
142
|
}
|
|
143
143
|
return {
|
|
144
|
-
key: noteInvalidPublicKey(pkUrlV2, pemToCryptoPublicKey(publicKey)),
|
|
145
144
|
publicKey,
|
|
146
145
|
url: kasEndpoint,
|
|
147
146
|
algorithm: algorithm || 'rsa:2048',
|
|
148
147
|
...(kid && { kid }),
|
|
149
148
|
};
|
|
150
149
|
}
|
|
151
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
150
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUEyQyxlQUFlLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFeEYsT0FBTyxFQUNMLGtCQUFrQixFQUNsQixnQkFBZ0IsRUFDaEIsWUFBWSxFQUNaLHFCQUFxQixFQUNyQixZQUFZLEVBQ1osb0JBQW9CLEdBQ3JCLE1BQU0sY0FBYyxDQUFDO0FBQ3RCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQWFoRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFdBQTBCLEVBQzFCLFlBQTBCO0lBRTFCLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsa0JBQWtCO1NBQ25DO1FBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO0tBQ2xDLENBQUMsQ0FBQztJQUVILElBQUksUUFBa0IsQ0FBQztJQUV2QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsSUFBSSxFQUFFLE1BQU0sRUFBRSw4QkFBOEI7WUFDNUMsS0FBSyxFQUFFLFVBQVUsRUFBRSwwREFBMEQ7WUFDN0UsV0FBVyxFQUFFLGFBQWEsRUFBRSw4QkFBOEI7WUFDMUQsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRLEVBQUUseUJBQXlCO1lBQzdDLGNBQWMsRUFBRSxhQUFhLEVBQUUsc0pBQXNKO1lBQ3JMLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7U0FDM0IsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLHFDQUFxQyxHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBRUQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUNqQixRQUFRLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUN4QixLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdCQUFnQixDQUN4QixZQUFZLEdBQUcsQ0FBQyxHQUFHLDBCQUEwQixNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUN0RSxDQUFDO1lBQ0osS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLEdBQUcsQ0FBQyxHQUFHLHdCQUF3QixDQUFDLENBQUM7WUFDOUUsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLEdBQUcsQ0FBQyxHQUFHLDZCQUE2QixDQUFDLENBQUM7WUFDcEY7Z0JBQ0UsSUFBSSxRQUFRLENBQUMsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDO29CQUMzQixNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLFFBQVEsQ0FBQyxNQUFNLFNBQVMsR0FBRyxDQUFDLEdBQUcsMkNBQTJDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxHQUFHLENBQ3RHLENBQUM7Z0JBQ0osQ0FBQztnQkFDRCxNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsT0FBTyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDeEUsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7QUFDekIsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsR0FBRyxDQUFDO1FBQ0YsTUFBTSxHQUFHLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO1lBQ3ZDLEdBQUcsRUFBRSxHQUFHLFdBQVcseUNBQXlDLFVBQVUsRUFBRTtZQUN4RSxNQUFNLEVBQUUsS0FBSztZQUNiLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsa0JBQWtCO2FBQ25DO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxRQUFrQixDQUFDO1FBQ3ZCLElBQUksQ0FBQztZQUNILFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07Z0JBQ2xCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztnQkFDcEIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFnQjtnQkFDMUIsSUFBSSxFQUFFLE1BQU07Z0JBQ1osS0FBSyxFQUFFLFVBQVU7Z0JBQ2pCLFdBQVcsRUFBRSxhQUFhO2dCQUMxQixRQUFRLEVBQUUsUUFBUTtnQkFDbEIsY0FBYyxFQUFFLGFBQWE7YUFDOUIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUNELDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSxZQUFZLENBQ3BCLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxjQUFjLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FDekUsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLEVBQUUsZ0JBQWdCLEdBQUcsRUFBRSxFQUFFLFVBQVUsR0FBRyxFQUFFLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN6RSxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQztRQUNyQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDMUMsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixvRkFBb0Y7SUFDcEYsSUFBSSxPQUFZLENBQUM7SUFDakIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxHQUFHLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDRCQUE0QixXQUFXLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztRQUNqRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsUUFBUSxJQUFJLEdBQUcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxDQUFDLFFBQVEsSUFBSSxtQkFBbUIsQ0FBQztJQUMxQyxDQUFDO0lBQ0QsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLFNBQVMsSUFBSSxVQUFVLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNuQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVELElBQUksbUJBQTZCLENBQUM7SUFDbEMsSUFBSSxDQUFDO1FBQ0gsbUJBQW1CLEdBQUcsTUFBTSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLG9DQUFvQyxPQUFPLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzVCLFFBQVEsbUJBQW1CLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbkMsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDdkQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDekQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDMUQ7Z0JBQ0UsTUFBTSxJQUFJLFlBQVksQ0FDcEIsR0FBRyxPQUFPLE9BQU8sbUJBQW1CLENBQUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLFVBQVUsRUFBRSxDQUNoRixDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLFdBQVcsR0FBRyxNQUFNLG1CQUFtQixDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQXFCLFdBQVcsQ0FBQztJQUN6RCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksWUFBWSxDQUNwQiw4Q0FBOEMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUM3RSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU87UUFDTCxTQUFTO1FBQ1QsR0FBRyxFQUFFLFdBQVc7UUFDaEIsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1FBQ2xDLEdBQUcsQ0FBQyxHQUFHLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztLQUNwQixDQUFDO0FBQ0osQ0FBQyJ9
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { isPublicKeyAlgorithm,
|
|
1
|
+
import { isPublicKeyAlgorithm, OriginAllowList, } from '../access.js';
|
|
2
2
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
3
|
import { PlatformClient } from '../platform.js';
|
|
4
|
-
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint,
|
|
4
|
+
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint, validateSecureUrl, } from '../utils.js';
|
|
5
5
|
import { X_REWRAP_ADDITIONAL_CONTEXT } from './constants.js';
|
|
6
6
|
import { ConnectError, Code } from '@connectrpc/connect';
|
|
7
7
|
/**
|
|
@@ -133,7 +133,6 @@ export async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
133
133
|
v: '2',
|
|
134
134
|
});
|
|
135
135
|
const result = {
|
|
136
|
-
key: noteInvalidPublicKey(new URL(platformUrl), pemToCryptoPublicKey(publicKey)),
|
|
137
136
|
publicKey,
|
|
138
137
|
url: kasEndpoint,
|
|
139
138
|
algorithm: algorithm || 'rsa:2048',
|
|
@@ -168,7 +167,6 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
168
167
|
throw new NetworkError(`Invalid Platform Configuration: [${kasEndpoint}] is missing BaseKey in WellKnownConfiguration`);
|
|
169
168
|
}
|
|
170
169
|
const result = {
|
|
171
|
-
key: noteInvalidPublicKey(new URL(baseKey.kas_uri), pemToCryptoPublicKey(baseKey.public_key.pem)),
|
|
172
170
|
publicKey: baseKey.public_key.pem,
|
|
173
171
|
url: baseKey.kas_uri,
|
|
174
172
|
algorithm: baseKey.public_key.algorithm,
|
|
@@ -180,4 +178,4 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
180
178
|
throw new NetworkError(`[${platformUrl}] [PublicKey] ${extractRpcErrorMessage(e)}`);
|
|
181
179
|
}
|
|
182
180
|
}
|
|
183
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
181
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQ0wsb0JBQW9CLEVBR3BCLGVBQWUsR0FDaEIsTUFBTSxjQUFjLENBQUM7QUFHdEIsT0FBTyxFQUNMLGtCQUFrQixFQUNsQixnQkFBZ0IsRUFDaEIsWUFBWSxFQUNaLHFCQUFxQixFQUNyQixZQUFZLEVBQ1osb0JBQW9CLEdBQ3JCLE1BQU0sY0FBYyxDQUFDO0FBQ3RCLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUdoRCxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLDZCQUE2QixFQUM3QixpQkFBaUIsR0FDbEIsTUFBTSxhQUFhLENBQUM7QUFDckIsT0FBTyxFQUFFLDJCQUEyQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDN0QsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUV6RDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxrQkFBMEIsRUFDMUIsWUFBMEIsRUFDMUIsNkJBQXNDO0lBRXRDLE1BQU0sV0FBVyxHQUFHLDZCQUE2QixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sUUFBUSxHQUFHLElBQUksY0FBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFDbkUsTUFBTSxPQUFPLEdBQWdCLEVBQUUsQ0FBQztJQUNoQyxJQUFJLDZCQUE2QixFQUFFLENBQUM7UUFDbEMsT0FBTyxDQUFDLE9BQU8sR0FBRztZQUNoQixDQUFDLDJCQUEyQixDQUFDLEVBQUUsNkJBQTZCO1NBQzdELENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBSSxRQUF3QixDQUFDO0lBQzdCLElBQUksQ0FBQztRQUNILFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLGtCQUFrQixFQUFFLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxvQkFBb0IsQ0FBQyxDQUFDLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUNELE9BQU8sUUFBUSxDQUFDO0FBQ2xCLENBQUM7QUFFRCxNQUFNLFVBQVUsb0JBQW9CLENBQUMsQ0FBVSxFQUFFLFdBQW1CO0lBQ2xFLElBQUksQ0FBQyxZQUFZLFlBQVksRUFBRSxDQUFDO1FBQzlCLE9BQU8sQ0FBQyxHQUFHLENBQUMsb0NBQW9DLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFELFFBQVEsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2YsS0FBSyxJQUFJLENBQUMsZUFBZSxFQUFFLGtCQUFrQjtnQkFDM0MsTUFBTSxJQUFJLGdCQUFnQixDQUFDLFlBQVksV0FBVywwQkFBMEIsQ0FBQyxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDNUYsS0FBSyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsZ0JBQWdCO2dCQUMxQyxNQUFNLElBQUkscUJBQXFCLENBQUMsWUFBWSxXQUFXLDZCQUE2QixDQUFDLENBQUM7WUFDeEYsS0FBSyxJQUFJLENBQUMsZUFBZSxFQUFFLG1CQUFtQjtnQkFDNUMsTUFBTSxJQUFJLG9CQUFvQixDQUFDLFlBQVksV0FBVyx3QkFBd0IsQ0FBQyxDQUFDO1lBQ2xGLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLElBQUksQ0FBQyxhQUFhLENBQUM7WUFDeEIsS0FBSyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQ25CLEtBQUssSUFBSSxDQUFDLE9BQU8sQ0FBQztZQUNsQixLQUFLLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztZQUMzQixLQUFLLElBQUksQ0FBQyxXQUFXLEVBQUUscUJBQXFCO2dCQUMxQyxNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLENBQUMsQ0FBQyxJQUFJLFNBQVMsV0FBVywyQ0FBMkMsQ0FBQyxDQUFDLE9BQU8sR0FBRyxDQUNyRixDQUFDO1lBQ0o7Z0JBQ0UsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsY0FBYyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ25GLENBQUM7QUFFRCxNQUFNLFVBQVUsMEJBQTBCLENBQ3hDLENBQVMsRUFDVCxXQUFtQixFQUNuQixtQkFBOEI7SUFFOUIsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLGtCQUFrQjtRQUNsQixNQUFNLElBQUksZ0JBQWdCLENBQUMsWUFBWSxXQUFXLDBCQUEwQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUM1QyxJQUFJLG1CQUFtQixJQUFJLG1CQUFtQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMxRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLFlBQVksV0FBVyw2QkFBNkIsRUFDcEQsbUJBQW1CLENBQ3BCLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxJQUFJLHFCQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDM0MsbUJBQW1CO1FBQ25CLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztJQUNsRixDQUFDO0lBQ0QsSUFDRSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BDLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQixDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDOUIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDdkMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLEVBQ2xDLENBQUM7UUFDRCxRQUFRO1FBQ1IsTUFBTSxJQUFJLFlBQVksQ0FBQyxTQUFTLFdBQVcsMkNBQTJDLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUYsQ0FBQztJQUNELE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUMzRCxDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsWUFBMEI7SUFFMUIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRW5FLEdBQUcsQ0FBQztRQUNGLElBQUksUUFBc0MsQ0FBQztRQUMzQyxJQUFJLENBQUM7WUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO2dCQUN4RSxVQUFVLEVBQUU7b0JBQ1YsTUFBTSxFQUFFLFVBQVU7aUJBQ25CO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksWUFBWSxDQUNwQixJQUFJLFdBQVcsNEJBQTRCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQ3ZFLENBQUM7UUFDSixDQUFDO1FBRUQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQzlDLFVBQVUsR0FBRyxRQUFRLEVBQUUsVUFBVSxFQUFFLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDckQsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQVlELFNBQVMsU0FBUyxDQUFDLE9BQWlCO0lBQ2xDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUNELE1BQU0sRUFBRSxHQUFHLE9BQTBCLENBQUM7SUFDdEMsT0FBTyxDQUNMLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTztRQUNaLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVTtRQUNmLE9BQU8sRUFBRSxDQUFDLFVBQVUsS0FBSyxRQUFRO1FBQ2pDLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLEdBQUc7UUFDbkIsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUztRQUN6QixvQkFBb0IsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUM5QyxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUM1RCxTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsQ0FBQyxFQUFFLEdBQUc7U0FDUCxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUztZQUNULEdBQUcsRUFBRSxXQUFXO1lBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsa0JBQWtCLENBQUMsV0FBbUI7SUFDMUQsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLGFBQWEsRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMseUJBQXlCLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEYsTUFBTSxPQUFPLEdBQUcsYUFBYSxFQUFFLFFBQXNDLENBQUM7UUFDdEUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sSUFBSSxZQUFZLENBQ3BCLG9DQUFvQyxXQUFXLGdEQUFnRCxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFxQjtZQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1lBQ2pDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxTQUFTO1lBQ3ZDLEdBQUcsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUc7U0FDNUIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQyJ9
|
package/dist/web/src/access.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { ServiceError } from './errors.js';
|
|
2
1
|
import { getPlatformUrlFromKasEndpoint, validateSecureUrl } from './utils.js';
|
|
3
2
|
import { base64 } from './encodings/index.js';
|
|
4
3
|
import { fetchKasBasePubKey, fetchKeyAccessServers as fetchKeyAccessServersRpc, } from './access/access-rpc.js';
|
|
@@ -86,17 +85,6 @@ export const publicKeyAlgorithmToJwa = (a) => {
|
|
|
86
85
|
throw new Error(`unsupported public key algorithm: ${a}`);
|
|
87
86
|
}
|
|
88
87
|
};
|
|
89
|
-
export async function noteInvalidPublicKey(url, r) {
|
|
90
|
-
try {
|
|
91
|
-
return await r;
|
|
92
|
-
}
|
|
93
|
-
catch (e) {
|
|
94
|
-
if (e instanceof TypeError) {
|
|
95
|
-
throw new ServiceError(`invalid public key from [${url}]`, e);
|
|
96
|
-
}
|
|
97
|
-
throw e;
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
88
|
/**
|
|
101
89
|
* Fetches the key access servers for a given platform URL.
|
|
102
90
|
* @param platformUrl The platform URL to fetch key access servers for.
|
|
@@ -184,4 +172,4 @@ async function tryPromisesUntilFirstSuccess(first, second) {
|
|
|
184
172
|
}
|
|
185
173
|
}
|
|
186
174
|
}
|
|
187
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
175
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxPQUFPLEVBQUUsNkJBQTZCLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDOUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBRTlDLE9BQU8sRUFDTCxrQkFBa0IsRUFDbEIscUJBQXFCLElBQUksd0JBQXdCLEdBQ2xELE1BQU0sd0JBQXdCLENBQUM7QUFDaEMsT0FBTyxFQUFFLHFCQUFxQixJQUFJLDJCQUEyQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDaEcsT0FBTyxFQUFFLGVBQWUsSUFBSSxtQkFBbUIsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ2hGLE9BQU8sRUFBRSxlQUFlLElBQUksc0JBQXNCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUNyRixPQUFPLEVBQUUsY0FBYyxJQUFJLGlCQUFpQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDN0UsT0FBTyxFQUFFLGNBQWMsSUFBSSxvQkFBb0IsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBZWxGOzs7Ozs7O0dBT0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixZQUEwQixFQUMxQix5QkFBbUM7SUFFbkMsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFFdkQsT0FBTyxNQUFNLDRCQUE0QixDQUN2QyxHQUFHLEVBQUUsQ0FDSCxtQkFBbUIsQ0FDakIsV0FBVyxFQUNYLGtCQUFrQixFQUNsQixZQUFZLEVBQ1osNkJBQTZCLENBQUMseUJBQXlCLENBQUMsQ0FDekQ7SUFDSCxpSEFBaUg7SUFDakgsb0dBQW9HO0lBQ3BHLEdBQUcsRUFBRSxDQUNILHNCQUFzQixDQUNwQixHQUFHLEVBQ0gsRUFBRSxrQkFBa0IsRUFBRSxFQUN0QixZQUFZLENBQ3lCLENBQzFDLENBQUM7QUFDSixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sNkJBQTZCLEdBQUcsQ0FDM0MsOEJBQXdDLEVBQ3BCLEVBQUU7SUFDdEIsSUFBSSxDQUFDLDhCQUE4QixDQUFDLE1BQU07UUFBRSxPQUFPO0lBRW5ELE1BQU0sT0FBTyxHQUE0QjtRQUN2QyxXQUFXLEVBQUU7WUFDWCxlQUFlLEVBQUUsOEJBQThCLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7U0FDaEY7S0FDRixDQUFDO0lBQ0YsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztBQUNoRCxDQUFDLENBQUM7QUFTRixNQUFNLENBQUMsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQVMsRUFBOEIsRUFBRTtJQUM1RSxPQUFPLENBQUMsS0FBSyxjQUFjLElBQUksQ0FBQyxLQUFLLFVBQVUsQ0FBQztBQUNsRCxDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxnQ0FBZ0MsR0FBRyxDQUFDLENBQVksRUFBeUIsRUFBRTtJQUN0RixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ3RCLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztRQUM1QyxNQUFNLEdBQUcsR0FBRyxDQUFtQixDQUFDO1FBQ2hDLFFBQVEsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3ZCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLG1CQUFtQixFQUFFLENBQUM7UUFDNUQsTUFBTSxJQUFJLEdBQUcsQ0FBMEIsQ0FBQztRQUN4QyxJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssT0FBTyxFQUFFLENBQUM7WUFDL0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUNELFFBQVEsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzNCLEtBQUssSUFBSTtnQkFDUCxPQUFPLFVBQVUsQ0FBQztZQUNwQixLQUFLLElBQUk7Z0JBQ1AsT0FBTyxVQUFVLENBQUM7WUFDcEI7Z0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztBQUMxRCxDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLENBQXdCLEVBQVUsRUFBRTtJQUMxRSxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ1YsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakI7WUFDRSxNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzlELENBQUM7QUFDSCxDQUFDLENBQUM7QUFvQkY7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixZQUEwQjtJQUUxQixPQUFPLE1BQU0sNEJBQTRCLENBQ3ZDLEdBQUcsRUFBRSxDQUFDLHdCQUF3QixDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsRUFDekQsR0FBRyxFQUFFLENBQUMsMkJBQTJCLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUM3RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGdCQUFnQixDQUFDLFdBQW1CO0lBQ3hELE9BQU8sY0FBYyxDQUFDLFdBQVcsRUFBRSxjQUFjLENBQUMsQ0FBQztBQUNyRCxDQUFDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxrQkFBa0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsaUJBQWlCLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxFQUMvQyxHQUFHLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLENBQ25ELENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxNQUFNLEdBQUcsQ0FBQyxDQUFTLEVBQVUsRUFBRTtJQUNuQyxJQUFJLENBQUM7UUFDSCxPQUFPLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUMzQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdkMsTUFBTSxDQUFDLENBQUM7SUFDVixDQUFDO0FBQ0gsQ0FBQyxDQUFDO0FBRUY7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLE9BQU8sZUFBZTtJQUcxQixZQUFZLElBQWMsRUFBRSxRQUFrQjtRQUM1QyxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ2hDLElBQUksQ0FBQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQztJQUM3QixDQUFDO0lBQ0QsTUFBTSxDQUFDLEdBQVc7UUFDaEIsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUM1QyxDQUFDO0NBQ0Y7QUFFRDs7Ozs7R0FLRztBQUNILEtBQUssVUFBVSw0QkFBNEIsQ0FDekMsS0FBdUIsRUFDdkIsTUFBd0I7SUFFeEIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxNQUFNLEtBQUssRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQ1osT0FBTyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNyQyxJQUFJLENBQUM7WUFDSCxPQUFPLE1BQU0sTUFBTSxFQUFFLENBQUM7UUFDeEIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLEdBQUcsQ0FBQztRQUNaLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyJ9
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { signJwt } from '../../tdf3/src/crypto/jwt.js';
|
|
2
2
|
/**
|
|
3
3
|
* Generic HTTP request interface used by AuthProvider implementers.
|
|
4
4
|
*/
|
|
@@ -29,18 +29,21 @@ function getTimestampInSeconds() {
|
|
|
29
29
|
}
|
|
30
30
|
/**
|
|
31
31
|
* Generate a JWT (or JWS-ed object)
|
|
32
|
-
* @param toSign the data to sign. Interpreted as
|
|
33
|
-
* @param privateKey an RSA key
|
|
32
|
+
* @param toSign the data to sign. Interpreted as JwtPayload but AFAIK this isn't required
|
|
33
|
+
* @param privateKey an opaque RSA private key
|
|
34
|
+
* @param cryptoService the crypto service to use for signing
|
|
35
|
+
* @param jwtProtectedHeader optional JWT header, defaults to RS256
|
|
34
36
|
* @returns the signed object, with a JWS header. This may be a JWT.
|
|
35
37
|
*/
|
|
36
|
-
export async function reqSignature(toSign, privateKey, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
38
|
+
export async function reqSignature(toSign, privateKey, cryptoService, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
37
39
|
const now = getTimestampInSeconds();
|
|
38
40
|
const anHour = 3600;
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
41
|
+
const payload = {
|
|
42
|
+
...toSign,
|
|
43
|
+
iat: now - anHour,
|
|
44
|
+
exp: now + anHour,
|
|
45
|
+
};
|
|
46
|
+
return signJwt(cryptoService, payload, privateKey, jwtProtectedHeader);
|
|
44
47
|
}
|
|
45
48
|
export function isAuthProvider(a) {
|
|
46
49
|
if (!a || typeof a != 'object') {
|
|
@@ -48,4 +51,4 @@ export function isAuthProvider(a) {
|
|
|
48
51
|
}
|
|
49
52
|
return 'withCreds' in a;
|
|
50
53
|
}
|
|
51
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
54
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL2F1dGgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxFQUFFLE9BQU8sRUFBbUMsTUFBTSw4QkFBOEIsQ0FBQztBQWF4Rjs7R0FFRztBQUNILE1BQU0sT0FBTyxXQUFXO0lBV3RCO1FBQ0UsSUFBSSxDQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDbEIsSUFBSSxDQUFDLE1BQU0sR0FBRyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsSUFBSSxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUM7SUFDaEIsQ0FBQztDQUNGO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLFdBQVcsQ0FBQyxPQUFvQixFQUFFLFVBQWtDO0lBQ2xGLE1BQU0sT0FBTyxHQUFHO1FBQ2QsR0FBRyxPQUFPLENBQUMsT0FBTztRQUNsQixHQUFHLFVBQVU7S0FDZCxDQUFDO0lBQ0YsT0FBTyxFQUFFLEdBQUcsT0FBTyxFQUFFLE9BQU8sRUFBRSxDQUFDO0FBQ2pDLENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxZQUFZLENBQ2hDLE1BQWUsRUFDZixVQUFzQixFQUN0QixhQUE0QixFQUM1QixxQkFBZ0MsRUFBRSxHQUFHLEVBQUUsT0FBTyxFQUFFO0lBRWhELE1BQU0sR0FBRyxHQUFHLHFCQUFxQixFQUFFLENBQUM7SUFDcEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sT0FBTyxHQUFlO1FBQzFCLEdBQUksTUFBcUI7UUFDekIsR0FBRyxFQUFFLEdBQUcsR0FBRyxNQUFNO1FBQ2pCLEdBQUcsRUFBRSxHQUFHLEdBQUcsTUFBTTtLQUNsQixDQUFDO0lBQ0YsT0FBTyxPQUFPLENBQUMsYUFBYSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztBQUN6RSxDQUFDO0FBaUNELE1BQU0sVUFBVSxjQUFjLENBQUMsQ0FBVztJQUN4QyxJQUFJLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxJQUFJLFFBQVEsRUFBRSxDQUFDO1FBQy9CLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUNELE9BQU8sV0FBVyxJQUFJLENBQUMsQ0FBQztBQUMxQixDQUFDIn0=
|
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
// pulled from https://github.com/panva/dpop/tree/v1.4.1
|
|
2
|
+
// Modified to use CryptoService instead of crypto.subtle
|
|
3
|
+
const encoder = new TextEncoder();
|
|
4
|
+
function buf(input) {
|
|
5
|
+
return encoder.encode(input);
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Minimal JWT sign() implementation using CryptoService.
|
|
9
|
+
*/
|
|
10
|
+
async function jwt(header, claimsSet, privateKey, cryptoService) {
|
|
11
|
+
const input = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(claimsSet)))}`;
|
|
12
|
+
const signature = await cryptoService.sign(buf(input), privateKey, header.alg);
|
|
13
|
+
return `${input}.${b64u(signature)}`;
|
|
14
|
+
}
|
|
15
|
+
const CHUNK_SIZE = 0x8000;
|
|
16
|
+
function encodeBase64Url(input) {
|
|
17
|
+
const bytes = input instanceof ArrayBuffer ? new Uint8Array(input) : input;
|
|
18
|
+
const arr = [];
|
|
19
|
+
for (let i = 0; i < bytes.byteLength; i += CHUNK_SIZE) {
|
|
20
|
+
arr.push(String.fromCharCode.apply(null, bytes.subarray(i, i + CHUNK_SIZE)));
|
|
21
|
+
}
|
|
22
|
+
return btoa(arr.join('')).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
|
|
23
|
+
}
|
|
24
|
+
function b64u(input) {
|
|
25
|
+
return encodeBase64Url(input);
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Generates 32 random bytes and encodes them using base64url.
|
|
29
|
+
*/
|
|
30
|
+
async function randomBytes(cryptoService) {
|
|
31
|
+
return b64u(await cryptoService.randomBytes(32));
|
|
32
|
+
}
|
|
33
|
+
class UnsupportedOperationError extends Error {
|
|
34
|
+
constructor(message) {
|
|
35
|
+
super(message ?? 'operation not supported');
|
|
36
|
+
this.name = this.constructor.name;
|
|
37
|
+
Error.captureStackTrace?.(this, this.constructor);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Determines a supported JWS `alg` identifier from PublicKeyInfo algorithm string.
|
|
42
|
+
*/
|
|
43
|
+
function determineJWSAlgorithmFromKeyInfo(algorithm) {
|
|
44
|
+
if (algorithm.startsWith('rsa:')) {
|
|
45
|
+
return 'RS256';
|
|
46
|
+
}
|
|
47
|
+
switch (algorithm) {
|
|
48
|
+
case 'ec:secp256r1':
|
|
49
|
+
return 'ES256';
|
|
50
|
+
case 'ec:secp384r1':
|
|
51
|
+
return 'ES384';
|
|
52
|
+
case 'ec:secp521r1':
|
|
53
|
+
return 'ES512';
|
|
54
|
+
default:
|
|
55
|
+
throw new UnsupportedOperationError(`unsupported key algorithm: ${algorithm}`);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Returns the current unix timestamp in seconds.
|
|
60
|
+
*/
|
|
61
|
+
function epochTime() {
|
|
62
|
+
return Math.floor(Date.now() / 1000);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Generates a unique DPoP Proof JWT.
|
|
66
|
+
*
|
|
67
|
+
* @param keypair Opaque key pair
|
|
68
|
+
* @param cryptoService CryptoService for cryptographic operations
|
|
69
|
+
* @param htu The HTTP URI (without query and fragment parts) of the request
|
|
70
|
+
* @param htm The HTTP method of the request
|
|
71
|
+
* @param nonce Server-provided nonce.
|
|
72
|
+
* @param accessToken Associated access token's value.
|
|
73
|
+
* @param additional Any additional claims.
|
|
74
|
+
*/
|
|
75
|
+
export default async function DPoP(keypair, cryptoService, htu, htm, nonce, accessToken, additional) {
|
|
76
|
+
const privateKey = keypair?.privateKey;
|
|
77
|
+
const publicKey = keypair?.publicKey;
|
|
78
|
+
if (typeof htu !== 'string') {
|
|
79
|
+
throw new TypeError('"htu" must be a string');
|
|
80
|
+
}
|
|
81
|
+
if (typeof htm !== 'string') {
|
|
82
|
+
throw new TypeError('"htm" must be a string');
|
|
83
|
+
}
|
|
84
|
+
if (nonce !== undefined && typeof nonce !== 'string') {
|
|
85
|
+
throw new TypeError('"nonce" must be a string or undefined');
|
|
86
|
+
}
|
|
87
|
+
if (accessToken !== undefined && typeof accessToken !== 'string') {
|
|
88
|
+
throw new TypeError('"accessToken" must be a string or undefined');
|
|
89
|
+
}
|
|
90
|
+
if (additional !== undefined &&
|
|
91
|
+
(typeof additional !== 'object' || additional === null || Array.isArray(additional))) {
|
|
92
|
+
throw new TypeError('"additional" must be an object');
|
|
93
|
+
}
|
|
94
|
+
// Detect algorithm from opaque key metadata
|
|
95
|
+
const alg = determineJWSAlgorithmFromKeyInfo(publicKey.algorithm);
|
|
96
|
+
// Export public key as JWK for the header
|
|
97
|
+
const jwk = await cryptoService.exportPublicKeyJwk(publicKey);
|
|
98
|
+
// Compute access token hash if provided
|
|
99
|
+
let ath;
|
|
100
|
+
if (accessToken) {
|
|
101
|
+
const athBytes = await cryptoService.digest('SHA-256', buf(accessToken));
|
|
102
|
+
ath = b64u(athBytes);
|
|
103
|
+
}
|
|
104
|
+
return jwt({
|
|
105
|
+
alg,
|
|
106
|
+
typ: 'dpop+jwt',
|
|
107
|
+
jwk,
|
|
108
|
+
}, {
|
|
109
|
+
...additional,
|
|
110
|
+
iat: epochTime(),
|
|
111
|
+
jti: await randomBytes(cryptoService),
|
|
112
|
+
htm,
|
|
113
|
+
nonce,
|
|
114
|
+
htu,
|
|
115
|
+
ath,
|
|
116
|
+
}, privateKey, cryptoService);
|
|
117
|
+
}
|
|
118
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZHBvcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL2Rwb3AudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsd0RBQXdEO0FBQ3hELHlEQUF5RDtBQWN6RCxNQUFNLE9BQU8sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO0FBRWxDLFNBQVMsR0FBRyxDQUFDLEtBQWE7SUFDeEIsT0FBTyxPQUFPLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFRRDs7R0FFRztBQUNILEtBQUssVUFBVSxHQUFHLENBQ2hCLE1BQStCLEVBQy9CLFNBQWtDLEVBQ2xDLFVBQXNCLEVBQ3RCLGFBQTRCO0lBRTVCLE1BQU0sS0FBSyxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7SUFDN0YsTUFBTSxTQUFTLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUN4QyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQ1YsVUFBVSxFQUNWLE1BQU0sQ0FBQyxHQUFpQyxDQUN6QyxDQUFDO0lBQ0YsT0FBTyxHQUFHLEtBQUssSUFBSSxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztBQUN2QyxDQUFDO0FBRUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDO0FBQzFCLFNBQVMsZUFBZSxDQUFDLEtBQStCO0lBQ3RELE1BQU0sS0FBSyxHQUFHLEtBQUssWUFBWSxXQUFXLENBQUMsQ0FBQyxDQUFDLElBQUksVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUM7SUFFM0UsTUFBTSxHQUFHLEdBQUcsRUFBRSxDQUFDO0lBQ2YsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLEtBQUssQ0FBQyxVQUFVLEVBQUUsQ0FBQyxJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ3RELEdBQUcsQ0FBQyxJQUFJLENBQ04sTUFBTSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLENBQUMsR0FBRyxVQUFVLENBQXdCLENBQUMsQ0FDMUYsQ0FBQztJQUNKLENBQUM7SUFDRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUM7QUFDdEYsQ0FBQztBQUVELFNBQVMsSUFBSSxDQUFDLEtBQStCO0lBQzNDLE9BQU8sZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO0FBQ2hDLENBQUM7QUFFRDs7R0FFRztBQUNILEtBQUssVUFBVSxXQUFXLENBQUMsYUFBNEI7SUFDckQsT0FBTyxJQUFJLENBQUMsTUFBTSxhQUFhLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDbkQsQ0FBQztBQTJDRCxNQUFNLHlCQUEwQixTQUFRLEtBQUs7SUFDM0MsWUFBWSxPQUFnQjtRQUMxQixLQUFLLENBQUMsT0FBTyxJQUFJLHlCQUF5QixDQUFDLENBQUM7UUFDNUMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQztRQUNsQyxLQUFLLENBQUMsaUJBQWlCLEVBQUUsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ3BELENBQUM7Q0FDRjtBQUVEOztHQUVHO0FBQ0gsU0FBUyxnQ0FBZ0MsQ0FBQyxTQUFpQjtJQUN6RCxJQUFJLFNBQVMsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUNqQyxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBQ0QsUUFBUSxTQUFTLEVBQUUsQ0FBQztRQUNsQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQjtZQUNFLE1BQU0sSUFBSSx5QkFBeUIsQ0FBQyw4QkFBOEIsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUNuRixDQUFDO0FBQ0gsQ0FBQztBQUVEOztHQUVHO0FBQ0gsU0FBUyxTQUFTO0lBQ2hCLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLENBQUM7QUFDdkMsQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssVUFBVSxJQUFJLENBQ2hDLE9BQWdCLEVBQ2hCLGFBQTRCLEVBQzVCLEdBQVcsRUFDWCxHQUFXLEVBQ1gsS0FBYyxFQUNkLFdBQW9CLEVBQ3BCLFVBQXNDO0lBRXRDLE1BQU0sVUFBVSxHQUFHLE9BQU8sRUFBRSxVQUFVLENBQUM7SUFDdkMsTUFBTSxTQUFTLEdBQUcsT0FBTyxFQUFFLFNBQVMsQ0FBQztJQUVyQyxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQzVCLE1BQU0sSUFBSSxTQUFTLENBQUMsd0JBQXdCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUM1QixNQUFNLElBQUksU0FBUyxDQUFDLHdCQUF3QixDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVELElBQUksS0FBSyxLQUFLLFNBQVMsSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNyRCxNQUFNLElBQUksU0FBUyxDQUFDLHVDQUF1QyxDQUFDLENBQUM7SUFDL0QsQ0FBQztJQUVELElBQUksV0FBVyxLQUFLLFNBQVMsSUFBSSxPQUFPLFdBQVcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNqRSxNQUFNLElBQUksU0FBUyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVELElBQ0UsVUFBVSxLQUFLLFNBQVM7UUFDeEIsQ0FBQyxPQUFPLFVBQVUsS0FBSyxRQUFRLElBQUksVUFBVSxLQUFLLElBQUksSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFDLEVBQ3BGLENBQUM7UUFDRCxNQUFNLElBQUksU0FBUyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7SUFDeEQsQ0FBQztJQUVELDRDQUE0QztJQUM1QyxNQUFNLEdBQUcsR0FBRyxnQ0FBZ0MsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLENBQUM7SUFFbEUsMENBQTBDO0lBQzFDLE1BQU0sR0FBRyxHQUFHLE1BQU0sYUFBYSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBRTlELHdDQUF3QztJQUN4QyxJQUFJLEdBQXVCLENBQUM7SUFDNUIsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUNoQixNQUFNLFFBQVEsR0FBRyxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDO1FBQ3pFLEdBQUcsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDdkIsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUNSO1FBQ0UsR0FBRztRQUNILEdBQUcsRUFBRSxVQUFVO1FBQ2YsR0FBRztLQUNKLEVBQ0Q7UUFDRSxHQUFHLFVBQVU7UUFDYixHQUFHLEVBQUUsU0FBUyxFQUFFO1FBQ2hCLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQyxhQUFhLENBQUM7UUFDckMsR0FBRztRQUNILEtBQUs7UUFDTCxHQUFHO1FBQ0gsR0FBRztLQUNKLEVBQ0QsVUFBVSxFQUNWLGFBQWEsQ0FDZCxDQUFDO0FBQ0osQ0FBQyJ9
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { ConfigurationError } from '../errors.js';
|
|
2
2
|
import { AccessToken } from './oidc.js';
|
|
3
|
+
import * as defaultCryptoService from '../../tdf3/src/crypto/index.js';
|
|
3
4
|
export class OIDCClientCredentialsProvider {
|
|
4
|
-
constructor({ clientId, clientSecret, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
5
|
+
constructor({ clientId, clientSecret, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
5
6
|
if (!clientId || !clientSecret) {
|
|
6
7
|
throw new ConfigurationError('clientId & clientSecret required for client credentials flow');
|
|
7
8
|
}
|
|
@@ -12,7 +13,7 @@ export class OIDCClientCredentialsProvider {
|
|
|
12
13
|
oidcOrigin,
|
|
13
14
|
oidcTokenEndpoint,
|
|
14
15
|
oidcUserInfoEndpoint,
|
|
15
|
-
});
|
|
16
|
+
}, cryptoService);
|
|
16
17
|
}
|
|
17
18
|
async updateClientPublicKey(signingKey) {
|
|
18
19
|
await this.oidcAuth.refreshTokenClaimsWithClientPubkeyIfNeeded(signingKey);
|
|
@@ -21,4 +22,4 @@ export class OIDCClientCredentialsProvider {
|
|
|
21
22
|
return this.oidcAuth.withCreds(httpReq);
|
|
22
23
|
}
|
|
23
24
|
}
|
|
24
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
25
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1jbGllbnRjcmVkZW50aWFscy1wcm92aWRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMtY2xpZW50Y3JlZGVudGlhbHMtcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRWxELE9BQU8sRUFBRSxXQUFXLEVBQWdDLE1BQU0sV0FBVyxDQUFDO0FBQ3RFLE9BQU8sS0FBSyxvQkFBb0IsTUFBTSxnQ0FBZ0MsQ0FBQztBQUd2RSxNQUFNLE9BQU8sNkJBQTZCO0lBR3hDLFlBQ0UsRUFDRSxRQUFRLEVBQ1IsWUFBWSxFQUNaLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsb0JBQW9CLEdBQ3lELEVBQy9FLGdCQUErQixvQkFBb0I7UUFFbkQsSUFBSSxDQUFDLFFBQVEsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyw4REFBOEQsQ0FBQyxDQUFDO1FBQy9GLENBQUM7UUFFRCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksV0FBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVE7WUFDUixZQUFZO1lBQ1osVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLDBDQUEwQyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDMUMsQ0FBQztDQUNGIn0=
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { ConfigurationError } from '../errors.js';
|
|
2
2
|
import { AccessToken } from './oidc.js';
|
|
3
|
+
import * as defaultCryptoService from '../../tdf3/src/crypto/index.js';
|
|
3
4
|
export class OIDCExternalJwtProvider {
|
|
4
|
-
constructor({ clientId, externalJwt, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
5
|
+
constructor({ clientId, externalJwt, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
5
6
|
if (!clientId || !externalJwt) {
|
|
6
7
|
throw new ConfigurationError('external JWT exchange reequires client id and jwt');
|
|
7
8
|
}
|
|
@@ -12,7 +13,7 @@ export class OIDCExternalJwtProvider {
|
|
|
12
13
|
oidcOrigin,
|
|
13
14
|
oidcTokenEndpoint,
|
|
14
15
|
oidcUserInfoEndpoint,
|
|
15
|
-
});
|
|
16
|
+
}, cryptoService);
|
|
16
17
|
this.externalJwt = externalJwt;
|
|
17
18
|
}
|
|
18
19
|
async updateClientPublicKey(signingKey) {
|
|
@@ -28,4 +29,4 @@ export class OIDCExternalJwtProvider {
|
|
|
28
29
|
return this.oidcAuth.withCreds(httpReq);
|
|
29
30
|
}
|
|
30
31
|
}
|
|
31
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
32
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1leHRlcm5hbGp3dC1wcm92aWRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMtZXh0ZXJuYWxqd3QtcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRWxELE9BQU8sRUFBRSxXQUFXLEVBQStCLE1BQU0sV0FBVyxDQUFDO0FBQ3JFLE9BQU8sS0FBSyxvQkFBb0IsTUFBTSxnQ0FBZ0MsQ0FBQztBQUd2RSxNQUFNLE9BQU8sdUJBQXVCO0lBSWxDLFlBQ0UsRUFDRSxRQUFRLEVBQ1IsV0FBVyxFQUNYLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsb0JBQW9CLEdBQ3VELEVBQzdFLGdCQUErQixvQkFBb0I7UUFFbkQsSUFBSSxDQUFDLFFBQVEsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzlCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFFRCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksV0FBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxVQUFVO1lBQ3BCLFFBQVE7WUFDUixXQUFXO1lBQ1gsVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO0lBQ2pDLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsSUFBSSxDQUFDLFFBQVEsQ0FBQywwQ0FBMEMsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBRUQsS0FBSyxDQUFDLFNBQVMsQ0FBQyxPQUFvQjtRQUNsQyxnRUFBZ0U7UUFDaEUsNENBQTRDO1FBQzVDLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1lBQzlDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMxQyxDQUFDO0NBQ0YifQ==
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { ConfigurationError } from '../errors.js';
|
|
2
2
|
import { AccessToken } from './oidc.js';
|
|
3
|
+
import * as defaultCryptoService from '../../tdf3/src/crypto/index.js';
|
|
3
4
|
/**
|
|
4
5
|
* An AuthProvider that uses an OIDC refresh token to obtain an access token.
|
|
5
6
|
* It exchanges the refresh token for an access token and uses that to augment HTTP requests with credentials.
|
|
@@ -15,7 +16,7 @@ import { AccessToken } from './oidc.js';
|
|
|
15
16
|
```
|
|
16
17
|
*/
|
|
17
18
|
export class OIDCRefreshTokenProvider {
|
|
18
|
-
constructor({ clientId, refreshToken, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }) {
|
|
19
|
+
constructor({ clientId, refreshToken, oidcOrigin, oidcTokenEndpoint, oidcUserInfoEndpoint, }, cryptoService = defaultCryptoService) {
|
|
19
20
|
if (!clientId || !refreshToken) {
|
|
20
21
|
throw new ConfigurationError('refresh token or client id missing');
|
|
21
22
|
}
|
|
@@ -26,7 +27,7 @@ export class OIDCRefreshTokenProvider {
|
|
|
26
27
|
oidcOrigin,
|
|
27
28
|
oidcTokenEndpoint,
|
|
28
29
|
oidcUserInfoEndpoint,
|
|
29
|
-
});
|
|
30
|
+
}, cryptoService);
|
|
30
31
|
this.refreshToken = refreshToken;
|
|
31
32
|
}
|
|
32
33
|
async updateClientPublicKey(signingKey) {
|
|
@@ -43,4 +44,4 @@ export class OIDCRefreshTokenProvider {
|
|
|
43
44
|
return this.oidcAuth.withCreds(httpReq);
|
|
44
45
|
}
|
|
45
46
|
}
|
|
46
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
47
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy1yZWZyZXNodG9rZW4tcHJvdmlkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvYXV0aC9vaWRjLXJlZnJlc2h0b2tlbi1wcm92aWRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFbEQsT0FBTyxFQUFFLFdBQVcsRUFBZ0MsTUFBTSxXQUFXLENBQUM7QUFDdEUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLGdDQUFnQyxDQUFDO0FBR3ZFOzs7Ozs7Ozs7Ozs7O0dBYUc7QUFDSCxNQUFNLE9BQU8sd0JBQXdCO0lBSW5DLFlBQ0UsRUFDRSxRQUFRLEVBQ1IsWUFBWSxFQUNaLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsb0JBQW9CLEdBQ3lELEVBQy9FLGdCQUErQixvQkFBb0I7UUFFbkQsSUFBSSxDQUFDLFFBQVEsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksV0FBVyxDQUM3QjtZQUNFLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFFBQVE7WUFDUixZQUFZO1lBQ1osVUFBVTtZQUNWLGlCQUFpQjtZQUNqQixvQkFBb0I7U0FDckIsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUNGLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO0lBQ25DLENBQUM7SUFFRCxLQUFLLENBQUMscUJBQXFCLENBQUMsVUFBbUI7UUFDN0MsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLDBDQUEwQyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzdFLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLDBFQUEwRTtRQUMxRSw0RUFBNEU7UUFDNUUsZ0JBQWdCO1FBQ2hCLElBQUksSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1lBQzlDLE9BQU8sSUFBSSxDQUFDLFlBQVksQ0FBQztRQUMzQixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUMxQyxDQUFDO0NBQ0YifQ==
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { default as dpopFn } from 'dpop';
|
|
1
|
+
import { default as dpopFn } from './dpop.js';
|
|
2
2
|
import { withHeaders } from './auth.js';
|
|
3
3
|
import { base64 } from '../encodings/index.js';
|
|
4
4
|
import { ConfigurationError, TdfError } from '../errors.js';
|
|
5
|
-
import {
|
|
5
|
+
import { rstrip } from '../utils.js';
|
|
6
6
|
const qstringify = (obj) => new URLSearchParams(obj).toString();
|
|
7
7
|
/**
|
|
8
8
|
* Class that provides OIDC functionality to auth providers, assuming 'enhanced'
|
|
@@ -27,7 +27,7 @@ const qstringify = (obj) => new URLSearchParams(obj).toString();
|
|
|
27
27
|
* explicit token refresh
|
|
28
28
|
*/
|
|
29
29
|
export class AccessToken {
|
|
30
|
-
constructor(cfg, request) {
|
|
30
|
+
constructor(cfg, cryptoService, request) {
|
|
31
31
|
this.extraHeaders = {};
|
|
32
32
|
if (!cfg.clientId) {
|
|
33
33
|
throw new ConfigurationError('A Keycloak client identifier is currently required for all auth mechanisms');
|
|
@@ -45,6 +45,7 @@ export class AccessToken {
|
|
|
45
45
|
throw new ConfigurationError('Invalid oidc configuration');
|
|
46
46
|
}
|
|
47
47
|
this.config = cfg;
|
|
48
|
+
this.cryptoService = cryptoService;
|
|
48
49
|
this.request = request;
|
|
49
50
|
this.baseUrl = rstrip(cfg.oidcOrigin, '/');
|
|
50
51
|
this.tokenEndpoint = cfg.oidcTokenEndpoint || `${this.baseUrl}/protocol/openid-connect/token`;
|
|
@@ -63,7 +64,7 @@ export class AccessToken {
|
|
|
63
64
|
Authorization: `Bearer ${accessToken}`,
|
|
64
65
|
};
|
|
65
66
|
if (this.config.dpopEnabled && this.signingKey) {
|
|
66
|
-
headers.DPoP = await dpopFn(this.signingKey, this.userInfoEndpoint, 'POST');
|
|
67
|
+
headers.DPoP = await dpopFn(this.signingKey, this.cryptoService, this.userInfoEndpoint, 'POST');
|
|
67
68
|
}
|
|
68
69
|
const response = await (this.request || fetch)(this.userInfoEndpoint, {
|
|
69
70
|
headers,
|
|
@@ -84,9 +85,10 @@ export class AccessToken {
|
|
|
84
85
|
if (!this.signingKey) {
|
|
85
86
|
throw new ConfigurationError('No signature configured');
|
|
86
87
|
}
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
headers
|
|
88
|
+
// Export opaque public key to PEM format for header
|
|
89
|
+
const publicKeyPem = await this.cryptoService.exportPublicKeyPem(this.signingKey.publicKey);
|
|
90
|
+
headers['X-VirtruPubKey'] = base64.encode(publicKeyPem);
|
|
91
|
+
headers.DPoP = await dpopFn(this.signingKey, this.cryptoService, url, 'POST');
|
|
90
92
|
}
|
|
91
93
|
return (this.request || fetch)(url, {
|
|
92
94
|
method: 'POST',
|
|
@@ -205,7 +207,7 @@ export class AccessToken {
|
|
|
205
207
|
}
|
|
206
208
|
const accessToken = (this.currentAccessToken ??= await this.get());
|
|
207
209
|
if (this.config.dpopEnabled && this.signingKey) {
|
|
208
|
-
const dpopToken = await dpopFn(this.signingKey, httpReq.url, httpReq.method,
|
|
210
|
+
const dpopToken = await dpopFn(this.signingKey, this.cryptoService, httpReq.url, httpReq.method,
|
|
209
211
|
/* nonce */ undefined, accessToken);
|
|
210
212
|
// TODO: Consider: only set DPoP if cnf.jkt is present in access token?
|
|
211
213
|
return withHeaders(httpReq, { Authorization: `Bearer ${accessToken}`, DPoP: dpopToken });
|
|
@@ -213,4 +215,4 @@ export class AccessToken {
|
|
|
213
215
|
return withHeaders(httpReq, { Authorization: `Bearer ${accessToken}` });
|
|
214
216
|
}
|
|
215
217
|
}
|
|
216
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
218
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE9BQU8sSUFBSSxNQUFNLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDOUMsT0FBTyxFQUFlLFdBQVcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNyRCxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDL0MsT0FBTyxFQUFFLGtCQUFrQixFQUFFLFFBQVEsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUM1RCxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBcURyQyxNQUFNLFVBQVUsR0FBRyxDQUFDLEdBQTJCLEVBQUUsRUFBRSxDQUFDLElBQUksZUFBZSxDQUFDLEdBQUcsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO0FBT3hGOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FxQkc7QUFDSCxNQUFNLE9BQU8sV0FBVztJQW1CdEIsWUFBWSxHQUFvQixFQUFFLGFBQTRCLEVBQUUsT0FBc0I7UUFOdEYsaUJBQVksR0FBMkIsRUFBRSxDQUFDO1FBT3hDLElBQUksQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiw0RUFBNEUsQ0FDN0UsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssUUFBUSxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ25ELE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsNEVBQTRFLENBQzdFLENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxHQUFHLENBQUMsUUFBUSxLQUFLLFNBQVMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNwRCxNQUFNLElBQUksa0JBQWtCLENBQUMsNERBQTRELENBQUMsQ0FBQztRQUM3RixDQUFDO1FBQ0QsSUFBSSxHQUFHLENBQUMsUUFBUSxLQUFLLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNwRCxNQUFNLElBQUksa0JBQWtCLENBQUMsbURBQW1ELENBQUMsQ0FBQztRQUNwRixDQUFDO1FBQ0QsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsSUFBSSxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUM7UUFDbEIsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLENBQUM7UUFDbkMsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7UUFDdkIsSUFBSSxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLEdBQUcsQ0FBQyxpQkFBaUIsSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLGdDQUFnQyxDQUFDO1FBQzlGLElBQUksQ0FBQyxnQkFBZ0I7WUFDbkIsR0FBRyxDQUFDLG9CQUFvQixJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sbUNBQW1DLENBQUM7UUFDakYsSUFBSSxDQUFDLFVBQVUsR0FBRyxHQUFHLENBQUMsVUFBVSxDQUFDO0lBQ25DLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFtQjtRQUM1QixNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLFlBQVk7WUFDcEIsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO1NBQ2IsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQyxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sTUFBTSxDQUN6QixJQUFJLENBQUMsVUFBVSxFQUNmLElBQUksQ0FBQyxhQUFhLEVBQ2xCLElBQUksQ0FBQyxnQkFBZ0IsRUFDckIsTUFBTSxDQUNQLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFO1lBQ3BFLE9BQU87U0FDUixDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE9BQU8sQ0FBQyxLQUFLLENBQUMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNyQyxNQUFNLElBQUksUUFBUSxDQUNoQix3QkFBd0IsSUFBSSxDQUFDLGdCQUFnQixRQUFRLFFBQVEsQ0FBQyxNQUFNLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUM5RixDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBWSxDQUFDO0lBQzVDLENBQUM7SUFFRCxLQUFLLENBQUMsTUFBTSxDQUFDLEdBQVcsRUFBRSxDQUF5QjtRQUNqRCxNQUFNLE9BQU8sR0FBMkI7WUFDdEMsY0FBYyxFQUFFLG1DQUFtQztZQUNuRCxNQUFNLEVBQUUsa0JBQWtCO1NBQzNCLENBQUM7UUFDRixpQ0FBaUM7UUFDakMsSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzVCLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7Z0JBQ3JCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1lBQzFELENBQUM7WUFDRCxvREFBb0Q7WUFDcEQsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDNUYsT0FBTyxDQUFDLGdCQUFnQixDQUFDLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUN4RCxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLGFBQWEsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDaEYsQ0FBQztRQUNELE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRTtZQUNsQyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU87WUFDUCxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQztTQUNwQixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEdBQW9CO1FBQzFDLElBQUksSUFBSSxDQUFDO1FBQ1QsUUFBUSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDckIsS0FBSyxRQUFRO2dCQUNYLElBQUksR0FBRztvQkFDTCxVQUFVLEVBQUUsb0JBQW9CO29CQUNoQyxTQUFTLEVBQUUsR0FBRyxDQUFDLFFBQVE7b0JBQ3ZCLGFBQWEsRUFBRSxHQUFHLENBQUMsWUFBWTtpQkFDaEMsQ0FBQztnQkFDRixNQUFNO1lBQ1IsS0FBSyxVQUFVO2dCQUNiLElBQUksR0FBRztvQkFDTCxVQUFVLEVBQUUsaURBQWlEO29CQUM3RCxhQUFhLEVBQUUsR0FBRyxDQUFDLFdBQVc7b0JBQzlCLGtCQUFrQixFQUFFLHNDQUFzQztvQkFDMUQsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO29CQUN0QixTQUFTLEVBQUUsR0FBRyxDQUFDLFFBQVE7aUJBQ3hCLENBQUM7Z0JBQ0YsTUFBTTtZQUNSLEtBQUssU0FBUztnQkFDWixJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLGVBQWU7b0JBQzNCLGFBQWEsRUFBRSxHQUFHLENBQUMsWUFBWTtvQkFDL0IsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN4QixDQUFDO2dCQUNGLE1BQU07UUFDVixDQUFDO1FBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDN0QsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLFFBQVEsQ0FDaEIsbUNBQW1DLElBQUksQ0FBQyxhQUFhLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQ3RHLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJO1FBQ3ZCLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUM7Z0JBQ0gsSUFBSSxRQUFRLEVBQUUsQ0FBQztvQkFDYixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDMUMsQ0FBQztnQkFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1lBQ2hDLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsK0RBQStELEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hGLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztvQkFDN0Isa0VBQWtFO29CQUNsRSxpQkFBaUI7b0JBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7d0JBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTt3QkFDZCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYTtxQkFDdEMsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUM5RSxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxVQUFtQjtRQUNsRSxzREFBc0Q7UUFDdEQsNkNBQTZDO1FBQzdDLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLEtBQUssSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzlELE9BQU87UUFDVCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDL0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLHVCQUF1QjtRQUMzQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQ3hCLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUM1RCxNQUFNLElBQUksa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sQ0FDTCxDQUFDLEdBQUcsQ0FBQyxRQUFRLElBQUksU0FBUyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUM7Z0JBQy9DLENBQUMsR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQztnQkFDL0MsRUFBRSxDQUNILENBQUM7UUFDSixDQUFDO1FBQ0Qsa0VBQWtFO1FBQ2xFLGlCQUFpQjtRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHO1lBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTtZQUNkLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFlBQVksRUFBRSxhQUFhLENBQUMsYUFBYTtTQUMxQyxDQUFDO1FBQ0YsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDO0lBQ3BDLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiwwSUFBMEksQ0FDM0ksQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsS0FBSyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLE1BQU0sTUFBTSxDQUM1QixJQUFJLENBQUMsVUFBVSxFQUNmLElBQUksQ0FBQyxhQUFhLEVBQ2xCLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsT0FBTyxDQUFDLE1BQU07WUFDZCxXQUFXLENBQUMsU0FBUyxFQUNyQixXQUFXLENBQ1osQ0FBQztZQUNGLHVFQUF1RTtZQUN2RSxPQUFPLFdBQVcsQ0FBQyxPQUFPLEVBQUUsRUFBRSxhQUFhLEVBQUUsVUFBVSxXQUFXLEVBQUUsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztRQUMzRixDQUFDO1FBQ0QsT0FBTyxXQUFXLENBQUMsT0FBTyxFQUFFLEVBQUUsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7Q0FDRiJ9
|