@opentdf/sdk 0.9.0-beta.92 → 0.9.0-beta.94
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +17 -11
- package/dist/cjs/src/opentdf.js +50 -13
- package/dist/cjs/src/policy/discovery.js +2 -2
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +26 -7
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +2 -2
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +11 -9
- package/dist/web/src/opentdf.js +17 -13
- package/dist/web/src/policy/discovery.js +2 -2
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +11 -9
- package/src/opentdf.ts +36 -17
- package/src/policy/discovery.ts +2 -2
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
export declare class JOSEError extends Error {
|
|
2
|
+
static code: string;
|
|
3
|
+
code: string;
|
|
4
|
+
constructor(message: any, options: any);
|
|
5
|
+
}
|
|
6
|
+
export declare class JWTClaimValidationFailed extends JOSEError {
|
|
7
|
+
static code: string;
|
|
8
|
+
code: string;
|
|
9
|
+
claim: string;
|
|
10
|
+
reason: string;
|
|
11
|
+
payload: any;
|
|
12
|
+
constructor(message: any, payload: any, claim?: string, reason?: string);
|
|
13
|
+
}
|
|
14
|
+
export declare class JWTExpired extends JOSEError {
|
|
15
|
+
static code: string;
|
|
16
|
+
code: string;
|
|
17
|
+
claim: string;
|
|
18
|
+
reason: string;
|
|
19
|
+
payload: any;
|
|
20
|
+
constructor(message: any, payload: any, claim?: string, reason?: string);
|
|
21
|
+
}
|
|
22
|
+
export declare class JOSEAlgNotAllowed extends JOSEError {
|
|
23
|
+
static code: string;
|
|
24
|
+
code: string;
|
|
25
|
+
}
|
|
26
|
+
export declare class JOSENotSupported extends JOSEError {
|
|
27
|
+
static code: string;
|
|
28
|
+
code: string;
|
|
29
|
+
}
|
|
30
|
+
export declare class JWEDecryptionFailed extends JOSEError {
|
|
31
|
+
static code: string;
|
|
32
|
+
code: string;
|
|
33
|
+
constructor(message: string | undefined, options: any);
|
|
34
|
+
}
|
|
35
|
+
export declare class JWEInvalid extends JOSEError {
|
|
36
|
+
static code: string;
|
|
37
|
+
code: string;
|
|
38
|
+
}
|
|
39
|
+
export declare class JWSInvalid extends JOSEError {
|
|
40
|
+
static code: string;
|
|
41
|
+
code: string;
|
|
42
|
+
}
|
|
43
|
+
export declare class JWTInvalid extends JOSEError {
|
|
44
|
+
static code: string;
|
|
45
|
+
code: string;
|
|
46
|
+
}
|
|
47
|
+
export declare class JWKInvalid extends JOSEError {
|
|
48
|
+
static code: string;
|
|
49
|
+
code: string;
|
|
50
|
+
}
|
|
51
|
+
export declare class JWKSInvalid extends JOSEError {
|
|
52
|
+
static code: string;
|
|
53
|
+
code: string;
|
|
54
|
+
}
|
|
55
|
+
export declare class JWKSNoMatchingKey extends JOSEError {
|
|
56
|
+
static code: string;
|
|
57
|
+
code: string;
|
|
58
|
+
constructor(message: string | undefined, options: any);
|
|
59
|
+
}
|
|
60
|
+
export declare class JWKSMultipleMatchingKeys extends JOSEError {
|
|
61
|
+
[Symbol.asyncIterator]: any;
|
|
62
|
+
static code: string;
|
|
63
|
+
code: string;
|
|
64
|
+
constructor(message: string | undefined, options: any);
|
|
65
|
+
}
|
|
66
|
+
export declare class JWKSTimeout extends JOSEError {
|
|
67
|
+
static code: string;
|
|
68
|
+
code: string;
|
|
69
|
+
constructor(message: string | undefined, options: any);
|
|
70
|
+
}
|
|
71
|
+
export declare class JWSSignatureVerificationFailed extends JOSEError {
|
|
72
|
+
static code: string;
|
|
73
|
+
code: string;
|
|
74
|
+
constructor(message: string | undefined, options: any);
|
|
75
|
+
}
|
|
76
|
+
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../../../../../tdf3/src/crypto/jose/vendor/util/errors.ts"],"names":[],"mappings":"AAEA,qBAAa,SAAU,SAAQ,KAAK;IAChC,MAAM,CAAC,IAAI,SAAsB;IACjC,IAAI,SAAsB;gBACd,OAAO,KAAA,EAAE,OAAO,KAAA;CAK/B;AACD,qBAAa,wBAAyB,SAAQ,SAAS;IACnD,MAAM,CAAC,IAAI,SAAqC;IAChD,IAAI,SAAqC;IACzC,KAAK,SAAC;IACN,MAAM,SAAC;IACP,OAAO,MAAC;gBACI,OAAO,KAAA,EAAE,OAAO,KAAA,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAM9E;AACD,qBAAa,UAAW,SAAQ,SAAS;IACrC,MAAM,CAAC,IAAI,SAAqB;IAChC,IAAI,SAAqB;IACzB,KAAK,SAAC;IACN,MAAM,SAAC;IACP,OAAO,MAAC;gBACI,OAAO,KAAA,EAAE,OAAO,KAAA,EAAE,KAAK,SAAgB,EAAE,MAAM,SAAgB;CAM9E;AACD,qBAAa,iBAAkB,SAAQ,SAAS;IAC5C,MAAM,CAAC,IAAI,SAA8B;IACzC,IAAI,SAA8B;CACrC;AACD,qBAAa,gBAAiB,SAAQ,SAAS;IAC3C,MAAM,CAAC,IAAI,SAA4B;IACvC,IAAI,SAA4B;CACnC;AACD,qBAAa,mBAAoB,SAAQ,SAAS;IAC9C,MAAM,CAAC,IAAI,SAA+B;IAC1C,IAAI,SAA+B;gBACvB,OAAO,oBAAgC,EAAE,OAAO,KAAA;CAG/D;AACD,qBAAa,UAAW,SAAQ,SAAS;IACrC,MAAM,CAAC,IAAI,SAAqB;IAChC,IAAI,SAAqB;CAC5B;AACD,qBAAa,UAAW,SAAQ,SAAS;IACrC,MAAM,CAAC,IAAI,SAAqB;IAChC,IAAI,SAAqB;CAC5B;AACD,qBAAa,UAAW,SAAQ,SAAS;IACrC,MAAM,CAAC,IAAI,SAAqB;IAChC,IAAI,SAAqB;CAC5B;AACD,qBAAa,UAAW,SAAQ,SAAS;IACrC,MAAM,CAAC,IAAI,SAAqB;IAChC,IAAI,SAAqB;CAC5B;AACD,qBAAa,WAAY,SAAQ,SAAS;IACtC,MAAM,CAAC,IAAI,SAAsB;IACjC,IAAI,SAAsB;CAC7B;AACD,qBAAa,iBAAkB,SAAQ,SAAS;IAC5C,MAAM,CAAC,IAAI,SAA8B;IACzC,IAAI,SAA8B;gBACtB,OAAO,oBAAoD,EAAE,OAAO,KAAA;CAGnF;AACD,qBAAa,wBAAyB,SAAQ,SAAS;IACnD,CAAC,MAAM,CAAC,aAAa,CAAC,MAAC;IACvB,MAAM,CAAC,IAAI,SAAqC;IAChD,IAAI,SAAqC;gBAC7B,OAAO,oBAAyD,EAAE,OAAO,KAAA;CAGxF;AACD,qBAAa,WAAY,SAAQ,SAAS;IACtC,MAAM,CAAC,IAAI,SAAsB;IACjC,IAAI,SAAsB;gBACd,OAAO,oBAAsB,EAAE,OAAO,KAAA;CAGrD;AACD,qBAAa,8BAA+B,SAAQ,SAAS;IACzD,MAAM,CAAC,IAAI,SAA2C;IACtD,IAAI,SAA2C;gBACnC,OAAO,oBAAkC,EAAE,OAAO,KAAA;CAGjE"}
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
import { type CryptoService, type PrivateKey, type PublicKey, type SigningAlgorithm, type SymmetricKey } from './declarations.js';
|
|
2
|
+
import { type JWTHeaderParameters, type JWTPayload, type JWTVerifyOptions, type SignOptions } from 'jose';
|
|
3
|
+
export type JwtHeader = JWTHeaderParameters & {
|
|
4
|
+
alg: SigningAlgorithm;
|
|
5
|
+
};
|
|
6
|
+
export type JwtPayload = JWTPayload;
|
|
7
|
+
/**
|
|
8
|
+
* Options for JWT signing. Matches jose SignOptions interface.
|
|
9
|
+
*/
|
|
10
|
+
export type SignJwtOptions = SignOptions;
|
|
11
|
+
/**
|
|
12
|
+
* Options for JWT verification. Matches jose JWTVerifyOptions interface.
|
|
13
|
+
* Combines signature verification options and JWT claim verification options.
|
|
14
|
+
*/
|
|
15
|
+
export type VerifyJwtOptions = Omit<JWTVerifyOptions, 'algorithms'> & {
|
|
16
|
+
/**
|
|
17
|
+
* A list of accepted JWS "alg" (Algorithm) Header Parameter values.
|
|
18
|
+
* By default all algorithms supported by the CryptoService are allowed.
|
|
19
|
+
* Unsecured JWTs ({ "alg": "none" }) are never accepted.
|
|
20
|
+
*/
|
|
21
|
+
algorithms?: SigningAlgorithm[];
|
|
22
|
+
};
|
|
23
|
+
/**
|
|
24
|
+
* Base64url encode data per RFC 4648 Section 5.
|
|
25
|
+
* Uses URL-safe alphabet (- and _ instead of + and /) with no padding.
|
|
26
|
+
* Exported for testing purposes.
|
|
27
|
+
*/
|
|
28
|
+
export declare function base64urlEncode(data: string | Uint8Array): string;
|
|
29
|
+
/**
|
|
30
|
+
* Decode the protected header from a JWT without verifying the signature.
|
|
31
|
+
* Useful for inspecting the header to determine key type before verification.
|
|
32
|
+
*
|
|
33
|
+
* @param token - The JWT string
|
|
34
|
+
* @returns The decoded header
|
|
35
|
+
* @throws Error if the token is malformed or uses alg "none"
|
|
36
|
+
*/
|
|
37
|
+
export declare function decodeProtectedHeader(token: string): JwtHeader;
|
|
38
|
+
/**
|
|
39
|
+
* Sign a JWT using CryptoService. Replaces jose SignJWT.
|
|
40
|
+
*
|
|
41
|
+
* Implementation:
|
|
42
|
+
* 1. Base64url encode header and payload as JSON
|
|
43
|
+
* 2. Create signing input: `${headerB64}.${payloadB64}`
|
|
44
|
+
* 3. Sign via cryptoService.sign() (asymmetric) or hmac() (HS256)
|
|
45
|
+
* 4. Return compact JWT: `${headerB64}.${payloadB64}.${signatureB64}`
|
|
46
|
+
*
|
|
47
|
+
* @param cryptoService - Crypto implementation to use
|
|
48
|
+
* @param payload - JWT payload (claims)
|
|
49
|
+
* @param key - PEM-encoded private key for asymmetric algorithms, or raw key bytes for HS256
|
|
50
|
+
* @param header - JWT header (must include alg)
|
|
51
|
+
* @param options - Optional signing options (e.g., crit header handling)
|
|
52
|
+
* @returns Compact JWT string
|
|
53
|
+
*/
|
|
54
|
+
export declare function signJwt(cryptoService: CryptoService, payload: JwtPayload, key: PrivateKey | SymmetricKey, header: JwtHeader, options?: SignJwtOptions): Promise<string>;
|
|
55
|
+
/**
|
|
56
|
+
* Verify a JWT and return its contents. Replaces jose jwtVerify.
|
|
57
|
+
*
|
|
58
|
+
* Implementation:
|
|
59
|
+
* 1. Split token into header.payload.signature
|
|
60
|
+
* 2. Decode header, validate algorithm against allowlist
|
|
61
|
+
* 3. Verify signature via cryptoService.verify() (asymmetric) or verifyHmac() (HS256)
|
|
62
|
+
* 4. Validate JWT claims (aud, iss, exp, nbf, etc.)
|
|
63
|
+
* 5. Return decoded header and payload
|
|
64
|
+
*
|
|
65
|
+
* @param cryptoService - Crypto implementation to use
|
|
66
|
+
* @param token - The JWT string to verify
|
|
67
|
+
* @param key - For asymmetric: PEM string or PublicKey (opaque). For HS256: Uint8Array or SymmetricKey (opaque).
|
|
68
|
+
* @param options - Verification options including algorithm allowlist and claim validations
|
|
69
|
+
* @throws Error if signature invalid, algorithm not in allowlist, claims invalid, or token malformed
|
|
70
|
+
* @returns Decoded header and payload
|
|
71
|
+
*/
|
|
72
|
+
export declare function verifyJwt(cryptoService: CryptoService, token: string, key: string | Uint8Array | PublicKey | SymmetricKey, options?: VerifyJwtOptions): Promise<{
|
|
73
|
+
header: JwtHeader;
|
|
74
|
+
payload: JwtPayload;
|
|
75
|
+
}>;
|
|
76
|
+
//# sourceMappingURL=jwt.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/crypto/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,gBAAgB,EACrB,KAAK,YAAY,EAClB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAGL,KAAK,mBAAmB,EACxB,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,WAAW,EACjB,MAAM,MAAM,CAAC;AAId,MAAM,MAAM,SAAS,GAAG,mBAAmB,GAAG;IAAE,GAAG,EAAE,gBAAgB,CAAA;CAAE,CAAC;AACxE,MAAM,MAAM,UAAU,GAAG,UAAU,CAAC;AAEpC;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,WAAW,CAAC;AAEzC;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,EAAE,YAAY,CAAC,GAAG;IACpE;;;;OAIG;IACH,UAAU,CAAC,EAAE,gBAAgB,EAAE,CAAC;CACjC,CAAC;AAEF;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,MAAM,CAUjE;AAwBD;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAE9D;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,OAAO,CAC3B,aAAa,EAAE,aAAa,EAC5B,OAAO,EAAE,UAAU,EACnB,GAAG,EAAE,UAAU,GAAG,YAAY,EAC9B,MAAM,EAAE,SAAS,EACjB,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC,CA+BjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,SAAS,CAC7B,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,GAAG,YAAY,EACnD,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,CAAC,CAsFrD"}
|
|
@@ -1,2 +1,7 @@
|
|
|
1
|
-
|
|
1
|
+
import type { CryptoService } from './declarations.js';
|
|
2
|
+
/**
|
|
3
|
+
* Get the ZTDF salt (SHA-256 of "TDF").
|
|
4
|
+
* Lazily computed on first call and cached thereafter.
|
|
5
|
+
*/
|
|
6
|
+
export declare function getZtdfSalt(cryptoService: CryptoService): Promise<Uint8Array>;
|
|
2
7
|
//# sourceMappingURL=salt.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"salt.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/crypto/salt.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"salt.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/crypto/salt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIvD;;;GAGG;AACH,wBAAsB,WAAW,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAUnF"}
|
|
@@ -2,10 +2,10 @@ import { Binary } from '../binary.js';
|
|
|
2
2
|
import { type SymmetricCipher } from '../ciphers/symmetric-cipher-base.js';
|
|
3
3
|
import { type KeyAccess, type KeyAccessObject } from './key-access.js';
|
|
4
4
|
import { type Policy } from './policy.js';
|
|
5
|
-
import { type CryptoService, type DecryptResult, type EncryptResult } from '../crypto/declarations.js';
|
|
5
|
+
import { type CryptoService, type DecryptResult, type EncryptResult, type SymmetricKey } from '../crypto/declarations.js';
|
|
6
6
|
import { IntegrityAlgorithm } from '../tdf.js';
|
|
7
7
|
export type KeyInfo = {
|
|
8
|
-
readonly
|
|
8
|
+
readonly unwrappedKey: SymmetricKey;
|
|
9
9
|
readonly unwrappedKeyIvBinary: Binary;
|
|
10
10
|
};
|
|
11
11
|
export type Segment = {
|
|
@@ -40,8 +40,8 @@ export declare class SplitKey {
|
|
|
40
40
|
keyAccess: KeyAccess[];
|
|
41
41
|
constructor(cipher: SymmetricCipher);
|
|
42
42
|
generateKey(): Promise<KeyInfo>;
|
|
43
|
-
encrypt(contentBinary: Binary,
|
|
44
|
-
decrypt(content: Uint8Array,
|
|
43
|
+
encrypt(contentBinary: Binary, key: SymmetricKey, ivBinaryOptional?: Binary): Promise<EncryptResult>;
|
|
44
|
+
decrypt(content: Uint8Array, key: SymmetricKey): Promise<DecryptResult>;
|
|
45
45
|
getKeyAccessObjects(policy: Policy, keyInfo: KeyInfo): Promise<KeyAccessObject[]>;
|
|
46
46
|
generateIvBinary(): Promise<Binary>;
|
|
47
47
|
write(policy: Policy, keyInfo: KeyInfo): Promise<EncryptionInformation>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption-information.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/models/encryption-information.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"encryption-information.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/models/encryption-information.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAC3E,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,eAAe,EAAE,MAAM,iBAAiB,CAAC;AACvE,OAAO,EAAE,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,YAAY,EAClB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAG/C,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;CACvC,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,OAAO,CAAC;AAEhC,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,eAAe,EAAE,CAAC;IACtC,QAAQ,CAAC,oBAAoB,EAAE;QAC7B,QAAQ,CAAC,aAAa,EAAE;YACtB,GAAG,EAAE,kBAAkB,CAAC;YACxB,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;QACF,cAAc,CAAC,EAAE,kBAAkB,CAAC;QACpC,QAAQ,EAAE,OAAO,EAAE,CAAC;QACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,2BAA2B,CAAC,EAAE,MAAM,CAAC;KACtC,CAAC;IACF,QAAQ,CAAC,MAAM,EAAE;QACf,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,YAAY,EAAE,OAAO,CAAC;QACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,QAAQ;aAIS,MAAM,EAAE,eAAe;IAHnD,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,SAAS,EAAE,SAAS,EAAE,CAAC;gBAEK,MAAM,EAAE,eAAe;IAK7C,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAM/B,OAAO,CACX,aAAa,EAAE,MAAM,EACrB,GAAG,EAAE,YAAY,EACjB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC,aAAa,CAAC;IAKnB,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAIvE,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAmDjF,gBAAgB,IAAI,OAAO,CAAC,MAAM,CAAC;IAKnC,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,qBAAqB,CAAC;CA8B9E"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { CryptoService, KeyPair, SymmetricKey } from '../crypto/declarations.js';
|
|
1
2
|
import { Policy } from './policy.js';
|
|
2
3
|
export type KeyAccessType = 'remote' | 'wrapped' | 'ec-wrapped';
|
|
3
4
|
export declare const schemaVersion = "1.0";
|
|
@@ -6,23 +7,25 @@ export declare class ECWrapped {
|
|
|
6
7
|
readonly kid: string | undefined;
|
|
7
8
|
readonly publicKey: string;
|
|
8
9
|
readonly metadata: unknown;
|
|
10
|
+
readonly cryptoService: CryptoService;
|
|
9
11
|
readonly sid?: string | undefined;
|
|
10
12
|
readonly type = "ec-wrapped";
|
|
11
|
-
readonly ephemeralKeyPair: Promise<
|
|
13
|
+
readonly ephemeralKeyPair: Promise<KeyPair>;
|
|
12
14
|
keyAccessObject?: KeyAccessObject;
|
|
13
|
-
constructor(url: string, kid: string | undefined, publicKey: string, metadata: unknown, sid?: string | undefined);
|
|
14
|
-
write(policy: Policy, dek:
|
|
15
|
+
constructor(url: string, kid: string | undefined, publicKey: string, metadata: unknown, cryptoService: CryptoService, sid?: string | undefined);
|
|
16
|
+
write(policy: Policy, dek: SymmetricKey, encryptedMetadataStr: string): Promise<KeyAccessObject>;
|
|
15
17
|
}
|
|
16
18
|
export declare class Wrapped {
|
|
17
19
|
readonly url: string;
|
|
18
20
|
readonly kid: string | undefined;
|
|
19
21
|
readonly publicKey: string;
|
|
20
22
|
readonly metadata: unknown;
|
|
23
|
+
readonly cryptoService: CryptoService;
|
|
21
24
|
readonly sid?: string | undefined;
|
|
22
25
|
readonly type = "wrapped";
|
|
23
26
|
keyAccessObject?: KeyAccessObject;
|
|
24
|
-
constructor(url: string, kid: string | undefined, publicKey: string, metadata: unknown, sid?: string | undefined);
|
|
25
|
-
write(policy: Policy,
|
|
27
|
+
constructor(url: string, kid: string | undefined, publicKey: string, metadata: unknown, cryptoService: CryptoService, sid?: string | undefined);
|
|
28
|
+
write(policy: Policy, key: SymmetricKey, encryptedMetadataStr: string): Promise<KeyAccessObject>;
|
|
26
29
|
}
|
|
27
30
|
export type KeyAccess = ECWrapped | Wrapped;
|
|
28
31
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"key-access.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/models/key-access.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"key-access.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/models/key-access.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGtF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,SAAS,GAAG,YAAY,CAAC;AAEhE,eAAO,MAAM,aAAa,QAAQ,CAAC;AAEnC,qBAAa,SAAS;aAMF,GAAG,EAAE,MAAM;aACX,GAAG,EAAE,MAAM,GAAG,SAAS;aACvB,SAAS,EAAE,MAAM;aACjB,QAAQ,EAAE,OAAO;aACjB,aAAa,EAAE,aAAa;aAC5B,GAAG,CAAC,EAAE,MAAM;IAV9B,QAAQ,CAAC,IAAI,gBAAgB;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,eAAe,CAAC,EAAE,eAAe,CAAC;gBAGhB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,OAAO,EACjB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,YAAA;IAMxB,KAAK,CACT,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,YAAY,EACjB,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,eAAe,CAAC;CAmE5B;AAED,qBAAa,OAAO;aAKA,GAAG,EAAE,MAAM;aACX,GAAG,EAAE,MAAM,GAAG,SAAS;aACvB,SAAS,EAAE,MAAM;aACjB,QAAQ,EAAE,OAAO;aACjB,aAAa,EAAE,aAAa;aAC5B,GAAG,CAAC,EAAE,MAAM;IAT9B,QAAQ,CAAC,IAAI,aAAa;IAC1B,eAAe,CAAC,EAAE,eAAe,CAAC;gBAGhB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,GAAG,SAAS,EACvB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,OAAO,EACjB,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,MAAM,YAAA;IAGxB,KAAK,CACT,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,YAAY,EACjB,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,eAAe,CAAC;CAkC5B;AAED,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,OAAO,CAAC;AAE5C;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B;;;;OAIG;IACH,IAAI,EAAE,aAAa,CAAC;IAEpB;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,QAAQ,EAAE,KAAK,CAAC;IAEhB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;OAKG;IACH,aAAa,CAAC,EAAE;QACd,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAEF;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC"}
|
|
@@ -2,11 +2,10 @@ import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../../
|
|
|
2
2
|
import { type AuthProvider } from '../../src/auth/auth.js';
|
|
3
3
|
import { type Chunker } from '../../src/seekable.js';
|
|
4
4
|
import { AssertionConfig, AssertionVerificationKeys } from './assertions.js';
|
|
5
|
-
import { Binary } from './binary.js';
|
|
6
5
|
import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
|
|
7
6
|
import { DecryptParams } from './client/builders.js';
|
|
8
7
|
import { DecoratedReadableStream } from './client/DecoratedReadableStream.js';
|
|
9
|
-
import { type CryptoService, type DecryptResult } from './crypto/declarations.js';
|
|
8
|
+
import { type CryptoService, type DecryptResult, type KeyPair, type SymmetricKey } from './crypto/declarations.js';
|
|
10
9
|
import { KeyAccessType, KeyInfo, Manifest, Policy, SplitKey, KeyAccess, KeyAccessObject, SplitType } from './models/index.js';
|
|
11
10
|
import { ZipReader } from './utils/index.js';
|
|
12
11
|
import { CentralDirectory } from './utils/zip-reader.js';
|
|
@@ -30,6 +29,7 @@ export type BuildKeyAccess = {
|
|
|
30
29
|
publicKey: string;
|
|
31
30
|
metadata?: Metadata;
|
|
32
31
|
sid?: string;
|
|
32
|
+
cryptoService: CryptoService;
|
|
33
33
|
};
|
|
34
34
|
type Mailbox<T> = Promise<T> & {
|
|
35
35
|
set: (value: T) => void;
|
|
@@ -46,7 +46,7 @@ export type IntegrityAlgorithm = 'GMAC' | 'HS256';
|
|
|
46
46
|
export type EncryptConfiguration = {
|
|
47
47
|
allowList?: OriginAllowList;
|
|
48
48
|
cryptoService: CryptoService;
|
|
49
|
-
dpopKeys:
|
|
49
|
+
dpopKeys: KeyPair;
|
|
50
50
|
encryptionInformation: SplitKey;
|
|
51
51
|
segmentSizeDefault: number;
|
|
52
52
|
integrityAlgorithm: IntegrityAlgorithm;
|
|
@@ -69,7 +69,7 @@ export type DecryptConfiguration = {
|
|
|
69
69
|
allowList?: OriginAllowList;
|
|
70
70
|
authProvider: AuthProvider;
|
|
71
71
|
cryptoService: CryptoService;
|
|
72
|
-
dpopKeys:
|
|
72
|
+
dpopKeys: KeyPair;
|
|
73
73
|
chunker: Chunker;
|
|
74
74
|
keyMiddleware: KeyMiddleware;
|
|
75
75
|
progressHandler?: (bytesProcessed: number) => void;
|
|
@@ -96,7 +96,7 @@ export type KasPublicKeyFormat = 'pkcs8' | 'jwks';
|
|
|
96
96
|
* the value from `${kas}/kas_public_key`.
|
|
97
97
|
*/
|
|
98
98
|
export declare function fetchKasPublicKey(kas: string, algorithm?: KasPublicKeyAlgorithm, kid?: string): Promise<KasPublicKeyInfo>;
|
|
99
|
-
export declare function extractPemFromKeyString(keyString: string, alg: KasPublicKeyAlgorithm): Promise<string>;
|
|
99
|
+
export declare function extractPemFromKeyString(keyString: string, alg: KasPublicKeyAlgorithm, cryptoService: CryptoService): Promise<string>;
|
|
100
100
|
/**
|
|
101
101
|
* Build a key access object and add it to the list. Can specify either
|
|
102
102
|
* a (url, publicKey) pair (legacy, deprecated) or an attribute URL (future).
|
|
@@ -110,7 +110,7 @@ export declare function extractPemFromKeyString(keyString: string, alg: KasPubli
|
|
|
110
110
|
* @param {String? Object?} options.metadata - Metadata. Appears to be dead code.
|
|
111
111
|
* @return {KeyAccess}- the key access object loaded
|
|
112
112
|
*/
|
|
113
|
-
export declare function buildKeyAccess({ type, url, publicKey, kid, metadata, sid, alg, }: BuildKeyAccess): Promise<KeyAccess>;
|
|
113
|
+
export declare function buildKeyAccess({ type, url, publicKey, kid, metadata, sid, alg, cryptoService, }: BuildKeyAccess): Promise<KeyAccess>;
|
|
114
114
|
export declare function validatePolicyObject(policy: Policy): void;
|
|
115
115
|
export declare function writeStream(cfg: EncryptConfiguration): Promise<DecoratedReadableStream>;
|
|
116
116
|
export type InspectedTDFOverview = {
|
|
@@ -120,9 +120,9 @@ export type InspectedTDFOverview = {
|
|
|
120
120
|
};
|
|
121
121
|
export declare function loadTDFStream(chunker: Chunker): Promise<InspectedTDFOverview>;
|
|
122
122
|
export declare function splitLookupTableFactory(keyAccess: KeyAccessObject[], allowedKases: OriginAllowList): Record<string, Record<string, KeyAccessObject>>;
|
|
123
|
-
export declare function sliceAndDecrypt({ buffer,
|
|
123
|
+
export declare function sliceAndDecrypt({ buffer, reconstructedKey, slice, cipher, cryptoService, segmentIntegrityAlgorithm, specVersion, }: {
|
|
124
124
|
buffer: Uint8Array;
|
|
125
|
-
|
|
125
|
+
reconstructedKey: SymmetricKey;
|
|
126
126
|
slice: Chunk[];
|
|
127
127
|
cipher: SymmetricCipher;
|
|
128
128
|
cryptoService: CryptoService;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;AAazE,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAgB,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAI3F,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAEL,aAAa,EACb,OAAO,EACP,QAAQ,EACR,MAAM,EACN,QAAQ,EAER,SAAS,EACT,eAAe,EACf,SAAS,EACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAwC,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAczD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;AAEpD,MAAM,MAAM,QAAQ,GAAG,OAAO,CAAC;AAE/B,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,GAAG,CAAC,EAAE,qBAAqB,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAeF,KAAK,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG;IAC7B,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAChC,CAAC;AAiBF,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,OAAO,CAAC;AAElD,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,qBAAqB,EAAE,QAAQ,CAAC;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,aAAa,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAE7B,QAAQ,EAAE,OAAO,CAAC;IAElB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAE3B,UAAU,EAAE,SAAS,CAAC;IAEtB,eAAe,EAAE,QAAQ,CAAC;IAE1B,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,CAAC;AAElD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,qBAAqB,EACjC,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,gBAAgB,CAAC,CAQ3B;AAED,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,qBAAqB,EAC1B,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,MAAM,CAAC,CAKjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAAC,EACnC,IAAI,EACJ,GAAG,EACH,SAAS,EACT,GAAG,EACH,QAAQ,EACR,GAAQ,EACR,GAAgB,EAChB,aAAa,GACd,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CA2BrC;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAYzD;AA+ED,wBAAsB,WAAW,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAoT7F;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;CACtC,CAAC;AAGF,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAKnF;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,eAAe,EAAE,EAC5B,YAAY,EAAE,eAAe,GAC5B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CA6BjD;AA4UD,wBAAsB,eAAe,CAAC,EACpC,MAAM,EACN,gBAAgB,EAChB,KAAK,EACL,MAAM,EACN,aAAa,EACb,yBAAyB,EACzB,WAAW,GACZ,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,gBAAgB,EAAE,YAAY,CAAC;IAC/B,KAAK,EAAE,KAAK,EAAE,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;CACrB,iBAkCA;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,oBAAoB,oCAGzD;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,oBAAoB,EACzB,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,oBAAoB,oCA8JhE"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { KeyInfo } from '../models/index.js';
|
|
2
|
+
import { type CryptoService } from '../crypto/declarations.js';
|
|
2
3
|
export { ZipReader, readUInt64LE } from './zip-reader.js';
|
|
3
4
|
export { ZipWriter } from './zip-writer.js';
|
|
4
5
|
export { keySplit, keyMerge } from './keysplit.js';
|
|
@@ -21,11 +22,11 @@ export declare function base64ToBytes(str: string): Uint8Array;
|
|
|
21
22
|
*
|
|
22
23
|
* @returns {Object}:
|
|
23
24
|
* {
|
|
24
|
-
* keyForEncryption:
|
|
25
|
-
* keyForManifest:
|
|
25
|
+
* keyForEncryption: KeyInfo;
|
|
26
|
+
* keyForManifest: KeyInfo;
|
|
26
27
|
* }
|
|
27
28
|
*/
|
|
28
|
-
export declare function keyMiddleware(): Promise<{
|
|
29
|
+
export declare function keyMiddleware(cryptoService: CryptoService): Promise<{
|
|
29
30
|
keyForEncryption: KeyInfo;
|
|
30
31
|
keyForManifest: KeyInfo;
|
|
31
32
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/utils/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,MAAM,oBAAoB,CAAC;AAGvD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAG/D,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAEtE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAc1F,wBAAgB,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,UAAU,CAcjE;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAQ3E;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAE3E;AAED,wBAAgB,YAAY,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAG7E;AAED,wBAAgB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAGzF;AAED,wBAAgB,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAKzF;AAED,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,UAAU,EAClB,WAAW,GAAE,MAAU,EACvB,WAAW,GAAE,MAAU,EACvB,SAAS,GAAE,MAAsB,GAChC,MAAM,CAIR;AAqCD,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,QAAQ,GAAE,iBAA0B,EACpC,KAAK,SAAI,EACT,GAAG,SAAgB,UA+BpB;AAGD,wBAAgB,SAAS,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CA6E7E;AAgDD,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAErD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,aAAa,CAAC,aAAa,EAAE,aAAa,GAAG,OAAO,CAAC;IACzE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;CACzB,CAAC,CAQD"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { OriginAllowList } from '../access.js';
|
|
2
2
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
|
-
import {
|
|
3
|
+
import { validateSecureUrl } from '../utils.js';
|
|
4
4
|
/**
|
|
5
5
|
* Get a rewrapped access key to the document, if possible
|
|
6
6
|
* @param url Key access server rewrap endpoint
|
|
@@ -141,11 +141,10 @@ export async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
141
141
|
throw new NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
|
|
142
142
|
}
|
|
143
143
|
return {
|
|
144
|
-
key: noteInvalidPublicKey(pkUrlV2, pemToCryptoPublicKey(publicKey)),
|
|
145
144
|
publicKey,
|
|
146
145
|
url: kasEndpoint,
|
|
147
146
|
algorithm: algorithm || 'rsa:2048',
|
|
148
147
|
...(kid && { kid }),
|
|
149
148
|
};
|
|
150
149
|
}
|
|
151
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
150
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUEyQyxlQUFlLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFeEYsT0FBTyxFQUNMLGtCQUFrQixFQUNsQixnQkFBZ0IsRUFDaEIsWUFBWSxFQUNaLHFCQUFxQixFQUNyQixZQUFZLEVBQ1osb0JBQW9CLEdBQ3JCLE1BQU0sY0FBYyxDQUFDO0FBQ3RCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQWFoRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFdBQTBCLEVBQzFCLFlBQTBCO0lBRTFCLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsa0JBQWtCO1NBQ25DO1FBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO0tBQ2xDLENBQUMsQ0FBQztJQUVILElBQUksUUFBa0IsQ0FBQztJQUV2QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsSUFBSSxFQUFFLE1BQU0sRUFBRSw4QkFBOEI7WUFDNUMsS0FBSyxFQUFFLFVBQVUsRUFBRSwwREFBMEQ7WUFDN0UsV0FBVyxFQUFFLGFBQWEsRUFBRSw4QkFBOEI7WUFDMUQsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRLEVBQUUseUJBQXlCO1lBQzdDLGNBQWMsRUFBRSxhQUFhLEVBQUUsc0pBQXNKO1lBQ3JMLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7U0FDM0IsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLHFDQUFxQyxHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBRUQsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUNqQixRQUFRLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUN4QixLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdCQUFnQixDQUN4QixZQUFZLEdBQUcsQ0FBQyxHQUFHLDBCQUEwQixNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUN0RSxDQUFDO1lBQ0osS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLEdBQUcsQ0FBQyxHQUFHLHdCQUF3QixDQUFDLENBQUM7WUFDOUUsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLEdBQUcsQ0FBQyxHQUFHLDZCQUE2QixDQUFDLENBQUM7WUFDcEY7Z0JBQ0UsSUFBSSxRQUFRLENBQUMsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDO29CQUMzQixNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLFFBQVEsQ0FBQyxNQUFNLFNBQVMsR0FBRyxDQUFDLEdBQUcsMkNBQTJDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxHQUFHLENBQ3RHLENBQUM7Z0JBQ0osQ0FBQztnQkFDRCxNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsT0FBTyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDeEUsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7QUFDekIsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsR0FBRyxDQUFDO1FBQ0YsTUFBTSxHQUFHLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO1lBQ3ZDLEdBQUcsRUFBRSxHQUFHLFdBQVcseUNBQXlDLFVBQVUsRUFBRTtZQUN4RSxNQUFNLEVBQUUsS0FBSztZQUNiLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsa0JBQWtCO2FBQ25DO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxRQUFrQixDQUFDO1FBQ3ZCLElBQUksQ0FBQztZQUNILFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFO2dCQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07Z0JBQ2xCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztnQkFDcEIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFnQjtnQkFDMUIsSUFBSSxFQUFFLE1BQU07Z0JBQ1osS0FBSyxFQUFFLFVBQVU7Z0JBQ2pCLFdBQVcsRUFBRSxhQUFhO2dCQUMxQixRQUFRLEVBQUUsUUFBUTtnQkFDbEIsY0FBYyxFQUFFLGFBQWE7YUFDOUIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUNELDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSxZQUFZLENBQ3BCLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxjQUFjLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FDekUsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLEVBQUUsZ0JBQWdCLEdBQUcsRUFBRSxFQUFFLFVBQVUsR0FBRyxFQUFFLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN6RSxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQztRQUNyQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDMUMsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixvRkFBb0Y7SUFDcEYsSUFBSSxPQUFZLENBQUM7SUFDakIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxHQUFHLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDRCQUE0QixXQUFXLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztRQUNqRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsUUFBUSxJQUFJLEdBQUcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxDQUFDLFFBQVEsSUFBSSxtQkFBbUIsQ0FBQztJQUMxQyxDQUFDO0lBQ0QsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLFNBQVMsSUFBSSxVQUFVLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNuQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVELElBQUksbUJBQTZCLENBQUM7SUFDbEMsSUFBSSxDQUFDO1FBQ0gsbUJBQW1CLEdBQUcsTUFBTSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLG9DQUFvQyxPQUFPLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM1RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzVCLFFBQVEsbUJBQW1CLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbkMsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDdkQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDekQsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDMUQ7Z0JBQ0UsTUFBTSxJQUFJLFlBQVksQ0FDcEIsR0FBRyxPQUFPLE9BQU8sbUJBQW1CLENBQUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLFVBQVUsRUFBRSxDQUNoRixDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLFdBQVcsR0FBRyxNQUFNLG1CQUFtQixDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQXFCLFdBQVcsQ0FBQztJQUN6RCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksWUFBWSxDQUNwQiw4Q0FBOEMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUM3RSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU87UUFDTCxTQUFTO1FBQ1QsR0FBRyxFQUFFLFdBQVc7UUFDaEIsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1FBQ2xDLEdBQUcsQ0FBQyxHQUFHLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztLQUNwQixDQUFDO0FBQ0osQ0FBQyJ9
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { isPublicKeyAlgorithm,
|
|
1
|
+
import { isPublicKeyAlgorithm, OriginAllowList, } from '../access.js';
|
|
2
2
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
3
|
import { PlatformClient } from '../platform.js';
|
|
4
|
-
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint,
|
|
4
|
+
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint, validateSecureUrl, } from '../utils.js';
|
|
5
5
|
import { X_REWRAP_ADDITIONAL_CONTEXT } from './constants.js';
|
|
6
6
|
import { ConnectError, Code } from '@connectrpc/connect';
|
|
7
7
|
/**
|
|
@@ -133,7 +133,6 @@ export async function fetchKasPubKey(kasEndpoint, algorithm) {
|
|
|
133
133
|
v: '2',
|
|
134
134
|
});
|
|
135
135
|
const result = {
|
|
136
|
-
key: noteInvalidPublicKey(new URL(platformUrl), pemToCryptoPublicKey(publicKey)),
|
|
137
136
|
publicKey,
|
|
138
137
|
url: kasEndpoint,
|
|
139
138
|
algorithm: algorithm || 'rsa:2048',
|
|
@@ -168,7 +167,6 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
168
167
|
throw new NetworkError(`Invalid Platform Configuration: [${kasEndpoint}] is missing BaseKey in WellKnownConfiguration`);
|
|
169
168
|
}
|
|
170
169
|
const result = {
|
|
171
|
-
key: noteInvalidPublicKey(new URL(baseKey.kas_uri), pemToCryptoPublicKey(baseKey.public_key.pem)),
|
|
172
170
|
publicKey: baseKey.public_key.pem,
|
|
173
171
|
url: baseKey.kas_uri,
|
|
174
172
|
algorithm: baseKey.public_key.algorithm,
|
|
@@ -180,4 +178,4 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
180
178
|
throw new NetworkError(`[${platformUrl}] [PublicKey] ${extractRpcErrorMessage(e)}`);
|
|
181
179
|
}
|
|
182
180
|
}
|
|
183
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
181
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQ0wsb0JBQW9CLEVBR3BCLGVBQWUsR0FDaEIsTUFBTSxjQUFjLENBQUM7QUFHdEIsT0FBTyxFQUNMLGtCQUFrQixFQUNsQixnQkFBZ0IsRUFDaEIsWUFBWSxFQUNaLHFCQUFxQixFQUNyQixZQUFZLEVBQ1osb0JBQW9CLEdBQ3JCLE1BQU0sY0FBYyxDQUFDO0FBQ3RCLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUdoRCxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLDZCQUE2QixFQUM3QixpQkFBaUIsR0FDbEIsTUFBTSxhQUFhLENBQUM7QUFDckIsT0FBTyxFQUFFLDJCQUEyQixFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDN0QsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUV6RDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxrQkFBMEIsRUFDMUIsWUFBMEIsRUFDMUIsNkJBQXNDO0lBRXRDLE1BQU0sV0FBVyxHQUFHLDZCQUE2QixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sUUFBUSxHQUFHLElBQUksY0FBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFDbkUsTUFBTSxPQUFPLEdBQWdCLEVBQUUsQ0FBQztJQUNoQyxJQUFJLDZCQUE2QixFQUFFLENBQUM7UUFDbEMsT0FBTyxDQUFDLE9BQU8sR0FBRztZQUNoQixDQUFDLDJCQUEyQixDQUFDLEVBQUUsNkJBQTZCO1NBQzdELENBQUM7SUFDSixDQUFDO0lBQ0QsSUFBSSxRQUF3QixDQUFDO0lBQzdCLElBQUksQ0FBQztRQUNILFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxFQUFFLGtCQUFrQixFQUFFLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxvQkFBb0IsQ0FBQyxDQUFDLEVBQUUsV0FBVyxDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUNELE9BQU8sUUFBUSxDQUFDO0FBQ2xCLENBQUM7QUFFRCxNQUFNLFVBQVUsb0JBQW9CLENBQUMsQ0FBVSxFQUFFLFdBQW1CO0lBQ2xFLElBQUksQ0FBQyxZQUFZLFlBQVksRUFBRSxDQUFDO1FBQzlCLE9BQU8sQ0FBQyxHQUFHLENBQUMsb0NBQW9DLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFELFFBQVEsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2YsS0FBSyxJQUFJLENBQUMsZUFBZSxFQUFFLGtCQUFrQjtnQkFDM0MsTUFBTSxJQUFJLGdCQUFnQixDQUFDLFlBQVksV0FBVywwQkFBMEIsQ0FBQyxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7WUFDNUYsS0FBSyxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsZ0JBQWdCO2dCQUMxQyxNQUFNLElBQUkscUJBQXFCLENBQUMsWUFBWSxXQUFXLDZCQUE2QixDQUFDLENBQUM7WUFDeEYsS0FBSyxJQUFJLENBQUMsZUFBZSxFQUFFLG1CQUFtQjtnQkFDNUMsTUFBTSxJQUFJLG9CQUFvQixDQUFDLFlBQVksV0FBVyx3QkFBd0IsQ0FBQyxDQUFDO1lBQ2xGLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLElBQUksQ0FBQyxhQUFhLENBQUM7WUFDeEIsS0FBSyxJQUFJLENBQUMsUUFBUSxDQUFDO1lBQ25CLEtBQUssSUFBSSxDQUFDLE9BQU8sQ0FBQztZQUNsQixLQUFLLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztZQUMzQixLQUFLLElBQUksQ0FBQyxXQUFXLEVBQUUscUJBQXFCO2dCQUMxQyxNQUFNLElBQUksWUFBWSxDQUNwQixHQUFHLENBQUMsQ0FBQyxJQUFJLFNBQVMsV0FBVywyQ0FBMkMsQ0FBQyxDQUFDLE9BQU8sR0FBRyxDQUNyRixDQUFDO1lBQ0o7Z0JBQ0UsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsY0FBYyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ25GLENBQUM7QUFFRCxNQUFNLFVBQVUsMEJBQTBCLENBQ3hDLENBQVMsRUFDVCxXQUFtQixFQUNuQixtQkFBOEI7SUFFOUIsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLGtCQUFrQjtRQUNsQixNQUFNLElBQUksZ0JBQWdCLENBQUMsWUFBWSxXQUFXLDBCQUEwQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUM1QyxJQUFJLG1CQUFtQixJQUFJLG1CQUFtQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUMxRCxNQUFNLElBQUkscUJBQXFCLENBQzdCLFlBQVksV0FBVyw2QkFBNkIsRUFDcEQsbUJBQW1CLENBQ3BCLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxJQUFJLHFCQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDM0MsbUJBQW1CO1FBQ25CLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztJQUNsRixDQUFDO0lBQ0QsSUFDRSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BDLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQixDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDOUIsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDdkMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLEVBQ2xDLENBQUM7UUFDRCxRQUFRO1FBQ1IsTUFBTSxJQUFJLFlBQVksQ0FBQyxTQUFTLFdBQVcsMkNBQTJDLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUYsQ0FBQztJQUNELE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUMzRCxDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsWUFBMEI7SUFFMUIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRW5FLEdBQUcsQ0FBQztRQUNGLElBQUksUUFBc0MsQ0FBQztRQUMzQyxJQUFJLENBQUM7WUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO2dCQUN4RSxVQUFVLEVBQUU7b0JBQ1YsTUFBTSxFQUFFLFVBQVU7aUJBQ25CO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksWUFBWSxDQUNwQixJQUFJLFdBQVcsNEJBQTRCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQ3ZFLENBQUM7UUFDSixDQUFDO1FBRUQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQzlDLFVBQVUsR0FBRyxRQUFRLEVBQUUsVUFBVSxFQUFFLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDckQsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQVlELFNBQVMsU0FBUyxDQUFDLE9BQWlCO0lBQ2xDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUNELE1BQU0sRUFBRSxHQUFHLE9BQTBCLENBQUM7SUFDdEMsT0FBTyxDQUNMLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTztRQUNaLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVTtRQUNmLE9BQU8sRUFBRSxDQUFDLFVBQVUsS0FBSyxRQUFRO1FBQ2pDLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLEdBQUc7UUFDbkIsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsU0FBUztRQUN6QixvQkFBb0IsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUM5QyxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELHVEQUF1RDtJQUN2RCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUM1RCxTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsQ0FBQyxFQUFFLEdBQUc7U0FDUCxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUztZQUNULEdBQUcsRUFBRSxXQUFXO1lBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsa0JBQWtCLENBQUMsV0FBbUI7SUFDMUQsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQztRQUNsQyxXQUFXO0tBQ1osQ0FBQyxDQUFDO0lBQ0gsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLGFBQWEsRUFBRSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMseUJBQXlCLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEYsTUFBTSxPQUFPLEdBQUcsYUFBYSxFQUFFLFFBQXNDLENBQUM7UUFDdEUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sSUFBSSxZQUFZLENBQ3BCLG9DQUFvQyxXQUFXLGdEQUFnRCxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFxQjtZQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1lBQ2pDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxTQUFTO1lBQ3ZDLEdBQUcsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUc7U0FDNUIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyxJQUFJLFdBQVcsaUJBQWlCLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQyJ9
|
package/dist/web/src/access.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { ServiceError } from './errors.js';
|
|
2
1
|
import { getPlatformUrlFromKasEndpoint, validateSecureUrl } from './utils.js';
|
|
3
2
|
import { base64 } from './encodings/index.js';
|
|
4
3
|
import { fetchKasBasePubKey, fetchKeyAccessServers as fetchKeyAccessServersRpc, } from './access/access-rpc.js';
|
|
@@ -86,17 +85,6 @@ export const publicKeyAlgorithmToJwa = (a) => {
|
|
|
86
85
|
throw new Error(`unsupported public key algorithm: ${a}`);
|
|
87
86
|
}
|
|
88
87
|
};
|
|
89
|
-
export async function noteInvalidPublicKey(url, r) {
|
|
90
|
-
try {
|
|
91
|
-
return await r;
|
|
92
|
-
}
|
|
93
|
-
catch (e) {
|
|
94
|
-
if (e instanceof TypeError) {
|
|
95
|
-
throw new ServiceError(`invalid public key from [${url}]`, e);
|
|
96
|
-
}
|
|
97
|
-
throw e;
|
|
98
|
-
}
|
|
99
|
-
}
|
|
100
88
|
/**
|
|
101
89
|
* Fetches the key access servers for a given platform URL.
|
|
102
90
|
* @param platformUrl The platform URL to fetch key access servers for.
|
|
@@ -184,4 +172,4 @@ async function tryPromisesUntilFirstSuccess(first, second) {
|
|
|
184
172
|
}
|
|
185
173
|
}
|
|
186
174
|
}
|
|
187
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
175
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxPQUFPLEVBQUUsNkJBQTZCLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDOUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBRTlDLE9BQU8sRUFDTCxrQkFBa0IsRUFDbEIscUJBQXFCLElBQUksd0JBQXdCLEdBQ2xELE1BQU0sd0JBQXdCLENBQUM7QUFDaEMsT0FBTyxFQUFFLHFCQUFxQixJQUFJLDJCQUEyQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDaEcsT0FBTyxFQUFFLGVBQWUsSUFBSSxtQkFBbUIsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ2hGLE9BQU8sRUFBRSxlQUFlLElBQUksc0JBQXNCLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUNyRixPQUFPLEVBQUUsY0FBYyxJQUFJLGlCQUFpQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDN0UsT0FBTyxFQUFFLGNBQWMsSUFBSSxvQkFBb0IsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBZWxGOzs7Ozs7O0dBT0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixZQUEwQixFQUMxQix5QkFBbUM7SUFFbkMsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFFdkQsT0FBTyxNQUFNLDRCQUE0QixDQUN2QyxHQUFHLEVBQUUsQ0FDSCxtQkFBbUIsQ0FDakIsV0FBVyxFQUNYLGtCQUFrQixFQUNsQixZQUFZLEVBQ1osNkJBQTZCLENBQUMseUJBQXlCLENBQUMsQ0FDekQ7SUFDSCxpSEFBaUg7SUFDakgsb0dBQW9HO0lBQ3BHLEdBQUcsRUFBRSxDQUNILHNCQUFzQixDQUNwQixHQUFHLEVBQ0gsRUFBRSxrQkFBa0IsRUFBRSxFQUN0QixZQUFZLENBQ3lCLENBQzFDLENBQUM7QUFDSixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sNkJBQTZCLEdBQUcsQ0FDM0MsOEJBQXdDLEVBQ3BCLEVBQUU7SUFDdEIsSUFBSSxDQUFDLDhCQUE4QixDQUFDLE1BQU07UUFBRSxPQUFPO0lBRW5ELE1BQU0sT0FBTyxHQUE0QjtRQUN2QyxXQUFXLEVBQUU7WUFDWCxlQUFlLEVBQUUsOEJBQThCLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7U0FDaEY7S0FDRixDQUFDO0lBQ0YsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztBQUNoRCxDQUFDLENBQUM7QUFTRixNQUFNLENBQUMsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQVMsRUFBOEIsRUFBRTtJQUM1RSxPQUFPLENBQUMsS0FBSyxjQUFjLElBQUksQ0FBQyxLQUFLLFVBQVUsQ0FBQztBQUNsRCxDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxnQ0FBZ0MsR0FBRyxDQUFDLENBQVksRUFBeUIsRUFBRTtJQUN0RixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ3RCLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztRQUM1QyxNQUFNLEdBQUcsR0FBRyxDQUFtQixDQUFDO1FBQ2hDLFFBQVEsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3ZCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLG1CQUFtQixFQUFFLENBQUM7UUFDNUQsTUFBTSxJQUFJLEdBQUcsQ0FBMEIsQ0FBQztRQUN4QyxJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssT0FBTyxFQUFFLENBQUM7WUFDL0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUNELFFBQVEsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzNCLEtBQUssSUFBSTtnQkFDUCxPQUFPLFVBQVUsQ0FBQztZQUNwQixLQUFLLElBQUk7Z0JBQ1AsT0FBTyxVQUFVLENBQUM7WUFDcEI7Z0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztBQUMxRCxDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLENBQXdCLEVBQVUsRUFBRTtJQUMxRSxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ1YsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssVUFBVTtZQUNiLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakI7WUFDRSxNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzlELENBQUM7QUFDSCxDQUFDLENBQUM7QUFvQkY7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixZQUEwQjtJQUUxQixPQUFPLE1BQU0sNEJBQTRCLENBQ3ZDLEdBQUcsRUFBRSxDQUFDLHdCQUF3QixDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsRUFDekQsR0FBRyxFQUFFLENBQUMsMkJBQTJCLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUM3RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGdCQUFnQixDQUFDLFdBQW1CO0lBQ3hELE9BQU8sY0FBYyxDQUFDLFdBQVcsRUFBRSxjQUFjLENBQUMsQ0FBQztBQUNyRCxDQUFDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxrQkFBa0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsaUJBQWlCLENBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxFQUMvQyxHQUFHLEVBQUUsQ0FBQyxvQkFBb0IsQ0FBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLENBQ25ELENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxNQUFNLEdBQUcsQ0FBQyxDQUFTLEVBQVUsRUFBRTtJQUNuQyxJQUFJLENBQUM7UUFDSCxPQUFPLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUMzQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdkMsTUFBTSxDQUFDLENBQUM7SUFDVixDQUFDO0FBQ0gsQ0FBQyxDQUFDO0FBRUY7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLE9BQU8sZUFBZTtJQUcxQixZQUFZLElBQWMsRUFBRSxRQUFrQjtRQUM1QyxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ2hDLElBQUksQ0FBQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQztJQUM3QixDQUFDO0lBQ0QsTUFBTSxDQUFDLEdBQVc7UUFDaEIsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUM1QyxDQUFDO0NBQ0Y7QUFFRDs7Ozs7R0FLRztBQUNILEtBQUssVUFBVSw0QkFBNEIsQ0FDekMsS0FBdUIsRUFDdkIsTUFBd0I7SUFFeEIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxNQUFNLEtBQUssRUFBRSxDQUFDO0lBQ3ZCLENBQUM7SUFBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQ1osT0FBTyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNyQyxJQUFJLENBQUM7WUFDSCxPQUFPLE1BQU0sTUFBTSxFQUFFLENBQUM7UUFDeEIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixNQUFNLEdBQUcsQ0FBQztRQUNaLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyJ9
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { signJwt } from '../../tdf3/src/crypto/jwt.js';
|
|
2
2
|
/**
|
|
3
3
|
* Generic HTTP request interface used by AuthProvider implementers.
|
|
4
4
|
*/
|
|
@@ -29,18 +29,21 @@ function getTimestampInSeconds() {
|
|
|
29
29
|
}
|
|
30
30
|
/**
|
|
31
31
|
* Generate a JWT (or JWS-ed object)
|
|
32
|
-
* @param toSign the data to sign. Interpreted as
|
|
33
|
-
* @param privateKey an RSA key
|
|
32
|
+
* @param toSign the data to sign. Interpreted as JwtPayload but AFAIK this isn't required
|
|
33
|
+
* @param privateKey an opaque RSA private key
|
|
34
|
+
* @param cryptoService the crypto service to use for signing
|
|
35
|
+
* @param jwtProtectedHeader optional JWT header, defaults to RS256
|
|
34
36
|
* @returns the signed object, with a JWS header. This may be a JWT.
|
|
35
37
|
*/
|
|
36
|
-
export async function reqSignature(toSign, privateKey, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
38
|
+
export async function reqSignature(toSign, privateKey, cryptoService, jwtProtectedHeader = { alg: 'RS256' }) {
|
|
37
39
|
const now = getTimestampInSeconds();
|
|
38
40
|
const anHour = 3600;
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
41
|
+
const payload = {
|
|
42
|
+
...toSign,
|
|
43
|
+
iat: now - anHour,
|
|
44
|
+
exp: now + anHour,
|
|
45
|
+
};
|
|
46
|
+
return signJwt(cryptoService, payload, privateKey, jwtProtectedHeader);
|
|
44
47
|
}
|
|
45
48
|
export function isAuthProvider(a) {
|
|
46
49
|
if (!a || typeof a != 'object') {
|
|
@@ -48,4 +51,4 @@ export function isAuthProvider(a) {
|
|
|
48
51
|
}
|
|
49
52
|
return 'withCreds' in a;
|
|
50
53
|
}
|
|
51
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
54
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL2F1dGgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxFQUFFLE9BQU8sRUFBbUMsTUFBTSw4QkFBOEIsQ0FBQztBQWF4Rjs7R0FFRztBQUNILE1BQU0sT0FBTyxXQUFXO0lBV3RCO1FBQ0UsSUFBSSxDQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDbEIsSUFBSSxDQUFDLE1BQU0sR0FBRyxFQUFFLENBQUM7UUFDakIsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDckIsSUFBSSxDQUFDLEdBQUcsR0FBRyxFQUFFLENBQUM7SUFDaEIsQ0FBQztDQUNGO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLFdBQVcsQ0FBQyxPQUFvQixFQUFFLFVBQWtDO0lBQ2xGLE1BQU0sT0FBTyxHQUFHO1FBQ2QsR0FBRyxPQUFPLENBQUMsT0FBTztRQUNsQixHQUFHLFVBQVU7S0FDZCxDQUFDO0lBQ0YsT0FBTyxFQUFFLEdBQUcsT0FBTyxFQUFFLE9BQU8sRUFBRSxDQUFDO0FBQ2pDLENBQUM7QUFFRCxTQUFTLHFCQUFxQjtJQUM1QixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0FBQ3ZDLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxZQUFZLENBQ2hDLE1BQWUsRUFDZixVQUFzQixFQUN0QixhQUE0QixFQUM1QixxQkFBZ0MsRUFBRSxHQUFHLEVBQUUsT0FBTyxFQUFFO0lBRWhELE1BQU0sR0FBRyxHQUFHLHFCQUFxQixFQUFFLENBQUM7SUFDcEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLE1BQU0sT0FBTyxHQUFlO1FBQzFCLEdBQUksTUFBcUI7UUFDekIsR0FBRyxFQUFFLEdBQUcsR0FBRyxNQUFNO1FBQ2pCLEdBQUcsRUFBRSxHQUFHLEdBQUcsTUFBTTtLQUNsQixDQUFDO0lBQ0YsT0FBTyxPQUFPLENBQUMsYUFBYSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztBQUN6RSxDQUFDO0FBaUNELE1BQU0sVUFBVSxjQUFjLENBQUMsQ0FBVztJQUN4QyxJQUFJLENBQUMsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxJQUFJLFFBQVEsRUFBRSxDQUFDO1FBQy9CLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUNELE9BQU8sV0FBVyxJQUFJLENBQUMsQ0FBQztBQUMxQixDQUFDIn0=
|