@opentdf/sdk 0.9.0-beta.92 → 0.9.0-beta.94
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +17 -11
- package/dist/cjs/src/opentdf.js +50 -13
- package/dist/cjs/src/policy/discovery.js +2 -2
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +26 -7
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +2 -2
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +11 -9
- package/dist/web/src/opentdf.js +17 -13
- package/dist/web/src/policy/discovery.js +2 -2
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +11 -9
- package/src/opentdf.ts +36 -17
- package/src/policy/discovery.ts +2 -2
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
package/dist/web/src/opentdf.js
CHANGED
|
@@ -2,6 +2,7 @@ import { ConfigurationError, InvalidFileError } from './errors.js';
|
|
|
2
2
|
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
3
3
|
import { fromSource, sourceToStream } from './seekable.js';
|
|
4
4
|
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
5
|
+
import * as DefaultCryptoService from '../tdf3/src/crypto/index.js';
|
|
5
6
|
import { OriginAllowList, fetchKeyAccessServers, isPublicKeyAlgorithm, } from './access.js';
|
|
6
7
|
import { decryptStreamFrom, loadTDFStream, } from '../tdf3/src/tdf.js';
|
|
7
8
|
import { base64 } from './encodings/index.js';
|
|
@@ -29,7 +30,7 @@ export { isPublicKeyAlgorithm, };
|
|
|
29
30
|
* platformUrl: 'https://platform.example.com',
|
|
30
31
|
* });
|
|
31
32
|
*
|
|
32
|
-
* const cipherText = await client.
|
|
33
|
+
* const cipherText = await client.createTDF({
|
|
33
34
|
* source: { type: 'stream', location: source },
|
|
34
35
|
* autoconfigure: false,
|
|
35
36
|
* });
|
|
@@ -38,7 +39,7 @@ export { isPublicKeyAlgorithm, };
|
|
|
38
39
|
* ```
|
|
39
40
|
*/
|
|
40
41
|
export class OpenTDF {
|
|
41
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, }) {
|
|
42
|
+
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
42
43
|
this.authProvider = authProvider;
|
|
43
44
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
44
45
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
@@ -50,23 +51,26 @@ export class OpenTDF {
|
|
|
50
51
|
console.warn("Warning: 'platformUrl' is required for security to ensure the SDK uses the platform-configured Key Access Server list");
|
|
51
52
|
}
|
|
52
53
|
this.policyEndpoint = policyEndpoint || '';
|
|
54
|
+
this.cryptoService = cryptoService ?? DefaultCryptoService;
|
|
53
55
|
this.tdf3Client = new TDF3Client({
|
|
54
56
|
authProvider,
|
|
55
57
|
dpopKeys,
|
|
56
58
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
57
59
|
platformUrl,
|
|
58
60
|
policyEndpoint,
|
|
61
|
+
cryptoService: this.cryptoService,
|
|
59
62
|
});
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
63
|
+
// Use CryptoService for key generation (returns opaque KeyPair)
|
|
64
|
+
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
65
|
+
}
|
|
66
|
+
/** Creates a new TDF stream. */
|
|
67
|
+
async createTDF(opts) {
|
|
68
|
+
return this.createZTDF(opts);
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Creates a new TDF stream.
|
|
72
|
+
* @deprecated Use {@link createTDF} instead.
|
|
73
|
+
*/
|
|
70
74
|
async createZTDF(opts) {
|
|
71
75
|
opts = { ...this.defaultCreateOptions, ...opts };
|
|
72
76
|
const oldStream = await this.tdf3Client.encrypt({
|
|
@@ -247,4 +251,4 @@ class ZTDFReader {
|
|
|
247
251
|
return this.requiredObligations ?? { fqns: [] };
|
|
248
252
|
}
|
|
249
253
|
}
|
|
250
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
254
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNuRSxPQUFPLEVBQUUsTUFBTSxJQUFJLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ25FLE9BQU8sRUFBVyxVQUFVLEVBQUUsY0FBYyxFQUFlLE1BQU0sZUFBZSxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLDZCQUE2QixDQUFDO0FBTXBFLE9BQU8sRUFFTCxlQUFlLEVBQ2YscUJBQXFCLEVBQ3JCLG9CQUFvQixHQUNyQixNQUFNLGFBQWEsQ0FBQztBQVNyQixPQUFPLEVBQ0wsaUJBQWlCLEVBRWpCLGFBQWEsR0FFZCxNQUFNLG9CQUFvQixDQUFDO0FBQzVCLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUc5QyxPQUFPLEVBV0wsb0JBQW9CLEdBQ3JCLENBQUM7QUF1TEY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQU0sT0FBTyxPQUFPO0lBb0JsQixZQUFZLEVBQ1YsWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsQ0FBQyxXQUFXLENBQUM7UUFDakMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUNqQyxDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUhBQXVILENBQ3hILENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQzNDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxJQUFJLG9CQUFvQixDQUFDO1FBQzNELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUM7WUFDL0IsWUFBWTtZQUNaLFFBQVE7WUFDUixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsSUFBSSw4QkFBOEI7WUFDL0QsV0FBVztZQUNYLGNBQWM7WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBQ0gsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztJQUMxRSxDQUFDO0lBRUQsZ0NBQWdDO0lBQ2hDLEtBQUssQ0FBQyxTQUFTLENBQUMsSUFBc0I7UUFDcEMsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsVUFBVSxDQUFDLElBQXVCO1FBQ3RDLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDakQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQztZQUM5QyxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQztZQUV6QyxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO1lBQ3ZDLGFBQWEsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLGFBQWE7WUFDbkMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtZQUMzQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLEtBQUssRUFBRTtnQkFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDNUI7WUFDRCxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzNCLG9CQUFvQixFQUFFLElBQUksQ0FBQyxvQkFBb0I7WUFDL0MsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO1NBQ3BDLENBQUMsQ0FBQztRQUNILE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsc0RBQXNEO0lBQ3RELElBQUksQ0FBQyxJQUFpQjtRQUNwQixJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQy9DLE9BQU8sSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVELDJCQUEyQjtJQUMzQixLQUFLLENBQUMsSUFBSSxDQUFDLElBQWlCO1FBQzFCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDL0IsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDhEQUE4RDtJQUM5RCxLQUFLO1FBQ0gsZ0RBQWdEO0lBQ2xELENBQUM7Q0FDRjtBQUVELG9EQUFvRDtBQUNwRCxNQUFNLGlCQUFpQjtJQUdyQixZQUNXLEtBQWMsRUFDZCxJQUFpQjtRQURqQixVQUFLLEdBQUwsS0FBSyxDQUFTO1FBQ2QsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUg1QixVQUFLLEdBQWtGLE1BQU0sQ0FBQztRQUs1RixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsc0RBQXNEO0lBQ3RELEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ25ELENBQUM7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLFdBQVcsQ0FBQztRQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNyRCxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztRQUNqRCxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsS0FBSyxHQUFHLFFBQVEsQ0FBQztZQUN0QixPQUFPLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3BCLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyw2Q0FBNkMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw2Q0FBNkM7SUFDN0MsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDN0IsQ0FBQztJQUVELDJDQUEyQztJQUMzQyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxLQUFLO1FBQ1QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLGlDQUFpQztZQUNqQyxJQUFJLENBQUMsS0FBSyxHQUFHLE1BQU0sQ0FBQztZQUNwQixPQUFPO1FBQ1QsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsU0FBUyxDQUFDO1FBQ3ZCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQzlCLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3RCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXO1FBQ2YsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQzlCLENBQUM7Q0FDRjtBQUVELCtCQUErQjtBQUMvQixNQUFNLFVBQVU7SUFJZCxZQUNXLE1BQWtCLEVBQ2xCLElBQWlCLEVBQ2pCLE1BQWU7UUFGZixXQUFNLEdBQU4sTUFBTSxDQUFZO1FBQ2xCLFNBQUksR0FBSixJQUFJLENBQWE7UUFDakIsV0FBTSxHQUFOLE1BQU0sQ0FBUztRQUV4QixJQUFJLENBQUMsUUFBUSxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxFQUNKLHlCQUF5QixFQUN6QixRQUFRLEVBQUUsa0JBQWtCLEVBQzVCLG9CQUFvQixHQUNyQixHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFZCxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUMzRixNQUFNLElBQUksa0JBQWtCLENBQUMsMkRBQTJELENBQUMsQ0FBQztRQUM1RixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQztRQUU1QyxNQUFNLEVBQUUsWUFBWSxFQUFFLGFBQWEsRUFBRSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDcEQsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzNELENBQUM7UUFFRCxJQUFJLFNBQXNDLENBQUM7UUFFM0MsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLE1BQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3ZFLFNBQVMsR0FBRyxJQUFJLGVBQWUsQ0FDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUMxQixDQUFDO1FBQ0osQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQyxTQUFTLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLE1BQU0saUJBQWlCLENBQ3ZDO1lBQ0UsU0FBUztZQUNULFlBQVk7WUFDWixPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQixhQUFhO1lBQ2IsUUFBUTtZQUNSLHVCQUF1QixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLHVCQUF1QjtZQUN6RSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM3QixlQUFlLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsZUFBZTtZQUN6RCx5QkFBeUI7WUFDekIsa0JBQWtCO1lBQ2xCLG9CQUFvQjtZQUNwQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixJQUFJLEVBQUU7U0FDbEUsRUFDRCxRQUFRLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLEVBQUUsU0FBUyxDQUFDLFdBQVcsRUFBRTtTQUM5QixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNyRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSztRQUNULHlEQUF5RDtJQUMzRCxDQUFDO0lBRUQsNENBQTRDO0lBQzVDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE9BQU8sUUFBUSxDQUFDLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQsOENBQThDO0lBQzlDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEUsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQVcsQ0FBQztRQUNoRCxPQUFPLE1BQU0sRUFBRSxJQUFJLEVBQUUsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNwRSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQzdCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDO1FBQ2xDLENBQUM7UUFDRCxNQUFNLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0NBQ0YifQ==
|
|
@@ -23,7 +23,7 @@ const ATTRIBUTE_FQN_RE = /^https?:\/\/[a-zA-Z0-9._~%-]+\/attr\/[a-zA-Z0-9._~%-]+
|
|
|
23
23
|
* Returns all active attributes available on the platform, auto-paginating through all results.
|
|
24
24
|
* An optional namespace name or ID may be provided to filter results.
|
|
25
25
|
*
|
|
26
|
-
* Use this before calling `
|
|
26
|
+
* Use this before calling `createTDF()` to see what attributes are available for data tagging.
|
|
27
27
|
*
|
|
28
28
|
* @param platformUrl The platform base URL.
|
|
29
29
|
* @param authProvider An auth provider for the request.
|
|
@@ -68,7 +68,7 @@ export async function listAttributes(platformUrl, authProvider, namespace) {
|
|
|
68
68
|
* Checks that all provided attribute value FQNs exist on the platform.
|
|
69
69
|
* Validates FQN format first, then verifies existence via the platform API.
|
|
70
70
|
*
|
|
71
|
-
* Use this before `
|
|
71
|
+
* Use this before `createTDF()` to catch missing or misspelled attributes early
|
|
72
72
|
* instead of discovering the problem at decryption time.
|
|
73
73
|
*
|
|
74
74
|
* @param platformUrl The platform base URL.
|
package/dist/web/tdf3/index.js
CHANGED
|
@@ -10,6 +10,7 @@ import * as AuthProviders from '../src/auth/providers.js';
|
|
|
10
10
|
import { version, clientType } from '../src/version.js';
|
|
11
11
|
import { Algorithms } from './src/ciphers/algorithms.js';
|
|
12
12
|
export { AesGcmCipher, Algorithms, AuthProviders, Binary, Client, DecoratedReadableStream, DecryptParamsBuilder, EncryptParamsBuilder, Errors, HttpRequest, SplitKey, TDF3Client, clientType, createSessionKeys, withHeaders, version, };
|
|
13
|
-
export
|
|
13
|
+
export { DefaultCryptoService as WebCryptoService } from './src/crypto/index.js';
|
|
14
|
+
// export the other methods from crypto/index.js that aren't part of CryptoService but are needed for JWT handling
|
|
14
15
|
export { OpenTDF, } from '../src/opentdf.js';
|
|
15
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
16
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QyxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx5Q0FBeUMsQ0FBQztBQUNsRixPQUFPLEVBRUwsb0JBQW9CLEVBT3BCLG9CQUFvQixHQUVyQixNQUFNLDBCQUEwQixDQUFDO0FBQ2xDLE9BQU8sRUFBcUIsaUJBQWlCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQW9CN0UsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDNUQsT0FBTyxFQUVMLFFBQVEsR0FFVCxNQUFNLHdDQUF3QyxDQUFDO0FBQ2hELE9BQU8sRUFBaUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzlGLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUMvRCxPQUFPLEtBQUssYUFBYSxNQUFNLDBCQUEwQixDQUFDO0FBQzFELE9BQU8sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDeEQsT0FBTyxFQUFFLFVBQVUsRUFBeUMsTUFBTSw2QkFBNkIsQ0FBQztBQWlDaEcsT0FBTyxFQUNMLFlBQVksRUFDWixVQUFVLEVBQ1YsYUFBYSxFQUNiLE1BQU0sRUFDTixNQUFNLEVBRU4sdUJBQXVCLEVBRXZCLG9CQUFvQixFQUlwQixvQkFBb0IsRUFDcEIsTUFBTSxFQUNOLFdBQVcsRUFFWCxRQUFRLEVBQ1IsVUFBVSxFQUNWLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsV0FBVyxFQUNYLE9BQU8sR0FDUixDQUFDO0FBRUYsT0FBTyxFQUFFLG9CQUFvQixJQUFJLGdCQUFnQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDakYsa0hBQWtIO0FBQ2xILE9BQU8sRUFRTCxPQUFPLEdBQ1IsTUFBTSxtQkFBbUIsQ0FBQyJ9
|
|
@@ -1,36 +1,60 @@
|
|
|
1
1
|
import { canonicalizeEx } from 'json-canonicalize';
|
|
2
|
-
import { SignJWT, jwtVerify, importJWK, importX509 } from 'jose';
|
|
3
2
|
import { base64, hex } from '../../src/encodings/index.js';
|
|
4
3
|
import { ConfigurationError, IntegrityError, InvalidFileError } from '../../src/errors.js';
|
|
5
4
|
import { tdfSpecVersion, version as sdkVersion } from '../../src/version.js';
|
|
5
|
+
import { decodeProtectedHeader, signJwt, verifyJwt } from './crypto/jwt.js';
|
|
6
6
|
/**
|
|
7
7
|
* Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
|
|
8
8
|
*
|
|
9
|
+
* @param a - The assertion to hash
|
|
10
|
+
* @param cryptoService - The crypto service to use for hashing
|
|
9
11
|
* @returns the hexadecimal string representation of the hash
|
|
10
12
|
*/
|
|
11
|
-
export async function hash(a) {
|
|
13
|
+
export async function hash(a, cryptoService) {
|
|
12
14
|
const result = canonicalizeEx(a, {
|
|
13
15
|
exclude: ['binding', 'hash', 'sign', 'verify', 'signingKey'],
|
|
14
16
|
});
|
|
15
|
-
const
|
|
16
|
-
return hex.encodeArrayBuffer(
|
|
17
|
+
const hashBytes = await cryptoService.digest('SHA-256', new TextEncoder().encode(result));
|
|
18
|
+
return hex.encodeArrayBuffer(hashBytes.buffer);
|
|
17
19
|
}
|
|
18
20
|
/**
|
|
19
21
|
* Signs the given hash and signature using the provided key and sets the binding method and signature.
|
|
20
22
|
*
|
|
21
|
-
* @param
|
|
23
|
+
* @param thiz - The assertion to sign.
|
|
24
|
+
* @param assertionHash - The hash to be signed.
|
|
22
25
|
* @param sig - The signature to be signed.
|
|
23
|
-
* @param
|
|
24
|
-
* @
|
|
26
|
+
* @param key - The key used for signing.
|
|
27
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
28
|
+
* @returns A promise that resolves to the signed assertion.
|
|
25
29
|
*/
|
|
26
|
-
async function sign(thiz, assertionHash, sig, key) {
|
|
30
|
+
async function sign(thiz, assertionHash, sig, key, cryptoService) {
|
|
27
31
|
const payload = {
|
|
28
32
|
assertionHash,
|
|
29
33
|
assertionSig: sig,
|
|
30
34
|
};
|
|
35
|
+
const header = { alg: key.alg };
|
|
36
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PublicKey') {
|
|
37
|
+
throw new ConfigurationError('Cannot sign assertion with PublicKey. Use PrivateKey or SymmetricKey for signing.');
|
|
38
|
+
}
|
|
39
|
+
let signingMaterial;
|
|
40
|
+
if (typeof key.key === 'string') {
|
|
41
|
+
if (!cryptoService.importPrivateKey) {
|
|
42
|
+
throw new ConfigurationError('CryptoService does not support importing private keys. Cannot sign assertion with a PEM string. Use PrivateKey or SymmetricKey for signing.');
|
|
43
|
+
}
|
|
44
|
+
signingMaterial = await cryptoService.importPrivateKey(key.key, {
|
|
45
|
+
usage: 'sign',
|
|
46
|
+
extractable: false,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
else if (key.key instanceof Uint8Array) {
|
|
50
|
+
signingMaterial = await cryptoService.importSymmetricKey(key.key);
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
signingMaterial = key.key;
|
|
54
|
+
}
|
|
31
55
|
let token;
|
|
32
56
|
try {
|
|
33
|
-
token = await
|
|
57
|
+
token = await signJwt(cryptoService, payload, signingMaterial, header);
|
|
34
58
|
}
|
|
35
59
|
catch (error) {
|
|
36
60
|
throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error);
|
|
@@ -61,31 +85,44 @@ export function isAssertionConfig(obj) {
|
|
|
61
85
|
/**
|
|
62
86
|
* Verifies the signature of the assertion using the provided key.
|
|
63
87
|
*
|
|
64
|
-
* @param
|
|
65
|
-
* @
|
|
66
|
-
* @
|
|
88
|
+
* @param thiz - The assertion to verify.
|
|
89
|
+
* @param aggregateHash - The aggregate hash for integrity checking.
|
|
90
|
+
* @param key - The key used for verification.
|
|
91
|
+
* @param isLegacyTDF - Whether this is a legacy TDF format.
|
|
92
|
+
* @param cryptoService - The crypto service to use for verification.
|
|
93
|
+
* @throws {InvalidFileError} If the verification fails.
|
|
94
|
+
* @throws {IntegrityError} If the integrity check fails.
|
|
67
95
|
*/
|
|
68
|
-
export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
96
|
+
export async function verify(thiz, aggregateHash, key, isLegacyTDF, cryptoService) {
|
|
69
97
|
let payload;
|
|
70
98
|
try {
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
99
|
+
// Parse JWT header to check for embedded keys (jwk or x5c)
|
|
100
|
+
const header = decodeProtectedHeader(thiz.binding.signature);
|
|
101
|
+
// Runtime check: ensure we have a verification key, not a signing key
|
|
102
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PrivateKey') {
|
|
103
|
+
throw new ConfigurationError('Cannot verify assertion with PrivateKey. Use PublicKey or SymmetricKey for verification.');
|
|
104
|
+
}
|
|
105
|
+
let verificationKey = key.key;
|
|
106
|
+
if (header.jwk) {
|
|
107
|
+
// Convert embedded JWK to PEM
|
|
108
|
+
verificationKey = await cryptoService.jwkToPublicKeyPem(header.jwk);
|
|
109
|
+
}
|
|
110
|
+
else if (header.x5c && Array.isArray(header.x5c) && header.x5c.length > 0) {
|
|
111
|
+
// Extract public key from X.509 certificate
|
|
112
|
+
const cert = `-----BEGIN CERTIFICATE-----\n${header.x5c[0]}\n-----END CERTIFICATE-----`;
|
|
113
|
+
verificationKey = await cryptoService.extractPublicKeyPem(cert);
|
|
114
|
+
}
|
|
115
|
+
const result = await verifyJwt(cryptoService, thiz.binding.signature, verificationKey, {
|
|
116
|
+
algorithms: [key.alg],
|
|
80
117
|
});
|
|
81
|
-
payload =
|
|
118
|
+
payload = result.payload;
|
|
82
119
|
}
|
|
83
120
|
catch (error) {
|
|
84
121
|
throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
|
|
85
122
|
}
|
|
86
123
|
const { assertionHash, assertionSig } = payload;
|
|
87
124
|
// Get the hash of the assertion
|
|
88
|
-
const hashOfAssertion = await hash(thiz);
|
|
125
|
+
const hashOfAssertion = await hash(thiz, cryptoService);
|
|
89
126
|
// check if assertionHash is same as hashOfAssertion
|
|
90
127
|
if (hashOfAssertion !== assertionHash) {
|
|
91
128
|
throw new IntegrityError('Assertion hash mismatch');
|
|
@@ -107,11 +144,14 @@ export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
|
107
144
|
}
|
|
108
145
|
/**
|
|
109
146
|
* Creates an Assertion object with the specified properties.
|
|
147
|
+
*
|
|
148
|
+
* @param aggregateHash - The aggregate hash for the assertion.
|
|
149
|
+
* @param assertionConfig - The configuration for the assertion.
|
|
150
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
151
|
+
* @param targetVersion - The target TDF spec version.
|
|
152
|
+
* @returns The created assertion.
|
|
110
153
|
*/
|
|
111
|
-
|
|
112
|
-
* Creates an Assertion object with the specified properties.
|
|
113
|
-
*/
|
|
114
|
-
export async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
154
|
+
export async function CreateAssertion(aggregateHash, assertionConfig, cryptoService, targetVersion) {
|
|
115
155
|
if (!assertionConfig.signingKey) {
|
|
116
156
|
throw new ConfigurationError('Assertion signing key is required');
|
|
117
157
|
}
|
|
@@ -124,7 +164,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
124
164
|
// empty binding
|
|
125
165
|
binding: { method: '', signature: '' },
|
|
126
166
|
};
|
|
127
|
-
const assertionHash = await hash(a);
|
|
167
|
+
const assertionHash = await hash(a, cryptoService);
|
|
128
168
|
let encodedHash;
|
|
129
169
|
switch (targetVersion || '4.3.0') {
|
|
130
170
|
case '4.2.2':
|
|
@@ -143,7 +183,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
143
183
|
default:
|
|
144
184
|
throw new ConfigurationError(`Unsupported TDF spec version: [${targetVersion}]`);
|
|
145
185
|
}
|
|
146
|
-
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
|
|
186
|
+
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey, cryptoService);
|
|
147
187
|
}
|
|
148
188
|
/**
|
|
149
189
|
* Returns a default assertion configuration populated with system metadata.
|
|
@@ -185,4 +225,4 @@ function concatenateUint8Arrays(array1, array2) {
|
|
|
185
225
|
combinedArray.set(array2, array1.length);
|
|
186
226
|
return combinedArray;
|
|
187
227
|
}
|
|
188
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
228
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ25ELE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE1BQU0sOEJBQThCLENBQUM7QUFDM0QsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGNBQWMsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzNGLE9BQU8sRUFBRSxjQUFjLEVBQUUsT0FBTyxJQUFJLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBTzdFLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFrQixNQUFNLGlCQUFpQixDQUFDO0FBb0M1Rjs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLElBQUksQ0FBQyxDQUFZLEVBQUUsYUFBNEI7SUFDbkUsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLENBQUMsRUFBRTtRQUMvQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsWUFBWSxDQUFDO0tBQzdELENBQUMsQ0FBQztJQUVILE1BQU0sU0FBUyxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUMxRixPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDakQsQ0FBQztBQUVEOzs7Ozs7Ozs7R0FTRztBQUNILEtBQUssVUFBVSxJQUFJLENBQ2pCLElBQWUsRUFDZixhQUFxQixFQUNyQixHQUFXLEVBQ1gsR0FBaUIsRUFDakIsYUFBNEI7SUFFNUIsTUFBTSxPQUFPLEdBQXFCO1FBQ2hDLGFBQWE7UUFDYixZQUFZLEVBQUUsR0FBRztLQUNsQixDQUFDO0lBRUYsTUFBTSxNQUFNLEdBQWMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDO0lBRTNDLElBQUksT0FBTyxHQUFHLENBQUMsR0FBRyxLQUFLLFFBQVEsSUFBSSxRQUFRLElBQUksR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUN6RixNQUFNLElBQUksa0JBQWtCLENBQzFCLG1GQUFtRixDQUNwRixDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksZUFBMEMsQ0FBQztJQUMvQyxJQUFJLE9BQU8sR0FBRyxDQUFDLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNoQyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiw2SUFBNkksQ0FDOUksQ0FBQztRQUNKLENBQUM7UUFDRCxlQUFlLEdBQUcsTUFBTSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5RCxLQUFLLEVBQUUsTUFBTTtZQUNiLFdBQVcsRUFBRSxLQUFLO1NBQ25CLENBQUMsQ0FBQztJQUNMLENBQUM7U0FBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLFlBQVksVUFBVSxFQUFFLENBQUM7UUFDekMsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNwRSxDQUFDO1NBQU0sQ0FBQztRQUNOLGVBQWUsR0FBRyxHQUFHLENBQUMsR0FBZ0MsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxLQUFhLENBQUM7SUFDbEIsSUFBSSxDQUFDO1FBQ0gsS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQztJQUM1QixJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsR0FBRyxLQUFLLENBQUM7SUFDL0IsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDO0FBRUQsNEdBQTRHO0FBQzVHLE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxHQUFZO0lBQzVDLE9BQU8sQ0FDTCxDQUFDLENBQUMsR0FBRztRQUNMLE9BQU8sR0FBRyxLQUFLLFFBQVE7UUFDdkIsSUFBSSxJQUFJLEdBQUc7UUFDWCxPQUFPLEdBQUcsQ0FBQyxFQUFFLEtBQUssUUFBUTtRQUMxQixNQUFNLElBQUksR0FBRztRQUNiLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUM7UUFDakQsT0FBTyxJQUFJLEdBQUc7UUFDZCxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEtBQUssU0FBUyxDQUFDO1FBQ2hELGdCQUFnQixJQUFJLEdBQUc7UUFDdkIsQ0FBQyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVcsSUFBSSxHQUFHLENBQUMsY0FBYyxLQUFLLGFBQWEsQ0FBQztRQUM1RSxXQUFXLElBQUksR0FBRztRQUNsQixDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVM7UUFDZixPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUTtRQUNqQyxRQUFRLElBQUksR0FBRyxDQUFDLFNBQVM7UUFDekIsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLE9BQU8sSUFBSSxHQUFHLENBQUMsU0FBUyxDQUN6QixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE1BQU0sQ0FDMUIsSUFBZSxFQUNmLGFBQXlCLEVBQ3pCLEdBQWlCLEVBQ2pCLFdBQW9CLEVBQ3BCLGFBQTRCO0lBRTVCLElBQUksT0FBeUIsQ0FBQztJQUM5QixJQUFJLENBQUM7UUFDSCwyREFBMkQ7UUFDM0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUU3RCxzRUFBc0U7UUFDdEUsSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxJQUFJLFFBQVEsSUFBSSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLFlBQVksRUFBRSxDQUFDO1lBQzFGLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsMEZBQTBGLENBQzNGLENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxlQUFlLEdBQW1ELEdBQUcsQ0FBQyxHQUFHLENBQUM7UUFFOUUsSUFBSSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDZiw4QkFBOEI7WUFDOUIsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxHQUFpQixDQUFDLENBQUM7UUFDcEYsQ0FBQzthQUFNLElBQUksTUFBTSxDQUFDLEdBQUcsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1RSw0Q0FBNEM7WUFDNUMsTUFBTSxJQUFJLEdBQUcsZ0NBQWdDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLDZCQUE2QixDQUFDO1lBQ3hGLGVBQWUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxTQUFTLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLGVBQWUsRUFBRTtZQUNyRixVQUFVLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDO1NBQ3RCLENBQUMsQ0FBQztRQUNILE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBMkIsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywrQkFBK0IsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUVoRCxnQ0FBZ0M7SUFDaEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBRXhELG9EQUFvRDtJQUNwRCxJQUFJLGVBQWUsS0FBSyxhQUFhLEVBQUUsQ0FBQztRQUN0QyxNQUFNLElBQUksY0FBYyxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELElBQUksV0FBbUIsQ0FBQztJQUN4QixJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sWUFBWSxHQUFHLGtCQUFrQixHQUFHLGVBQWUsQ0FBQztRQUMxRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUM1QyxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sWUFBWSxHQUFHLHNCQUFzQixDQUN6QyxhQUFhLEVBQ2IsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQ3JELENBQUM7UUFDRixXQUFXLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCwrQ0FBK0M7SUFDL0MsSUFBSSxZQUFZLEtBQUssV0FBVyxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLGNBQWMsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO0lBQzVFLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsYUFBa0MsRUFDbEMsZUFBZ0MsRUFDaEMsYUFBNEIsRUFDNUIsYUFBc0I7SUFFdEIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksa0JBQWtCLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLEdBQWM7UUFDbkIsRUFBRSxFQUFFLGVBQWUsQ0FBQyxFQUFFO1FBQ3RCLElBQUksRUFBRSxlQUFlLENBQUMsSUFBSTtRQUMxQixLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUs7UUFDNUIsY0FBYyxFQUFFLGVBQWUsQ0FBQyxjQUFjO1FBQzlDLFNBQVMsRUFBRSxlQUFlLENBQUMsU0FBUztRQUNwQyxnQkFBZ0I7UUFDaEIsT0FBTyxFQUFFLEVBQUUsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFO0tBQ3ZDLENBQUM7SUFFRixNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDbkQsSUFBSSxXQUFtQixDQUFDO0lBQ3hCLFFBQVEsYUFBYSxJQUFJLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1lBQzdGLENBQUM7WUFDRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLENBQUM7WUFDM0QsTUFBTTtRQUNSLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxZQUFZLEdBQUcsc0JBQXNCLENBQ3pDLGFBQWEsRUFDYixJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FDckQsQ0FBQztZQUNGLFdBQVcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDckQsTUFBTTtRQUNSO1lBQ0UsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtDQUFrQyxhQUFhLEdBQUcsQ0FBQyxDQUFDO0lBQ3JGLENBQUM7SUFFRCxPQUFPLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxVQUFVLEVBQUUsYUFBYSxDQUFDLENBQUM7QUFDOUYsQ0FBQztBQStDRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQ0FBZ0M7SUFDOUMsSUFBSSxrQkFBa0IsR0FBRyxTQUFTLENBQUM7SUFDbkMsSUFBSSxPQUFPLFNBQVMsS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUNyQyxJQUFJLE9BQU8sU0FBUyxDQUFDLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM1QyxrQkFBa0IsR0FBRyxTQUFTLENBQUMsU0FBUyxDQUFDO1FBQzNDLENBQUM7YUFBTSxJQUFJLE9BQU8sU0FBUyxDQUFDLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsRCxrQkFBa0IsR0FBRyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMscUNBQXFDO1FBQ2hGLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQW1CO1FBQy9CLGdCQUFnQixFQUFFLGNBQWM7UUFDaEMsYUFBYSxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO1FBQ3ZDLFdBQVcsRUFBRSxNQUFNLFVBQVUsRUFBRSxFQUFFLDhDQUE4QztRQUMvRSxrQkFBa0IsRUFBRSxPQUFPLFNBQVMsS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEYsUUFBUSxFQUFFLGtCQUFrQjtLQUM3QixDQUFDO0lBRUYsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUU5QyxPQUFPO1FBQ0wsRUFBRSxFQUFFLGlCQUFpQixFQUFFLDJDQUEyQztRQUNsRSxJQUFJLEVBQUUsT0FBTyxFQUFFLHVDQUF1QztRQUN0RCxLQUFLLEVBQUUsS0FBSyxFQUFFLCtEQUErRDtRQUM3RSxjQUFjLEVBQUUsYUFBYSxFQUFFLDZEQUE2RDtRQUM1RixTQUFTLEVBQUU7WUFDVCxNQUFNLEVBQUUsTUFBTTtZQUNkLE1BQU0sRUFBRSxvQkFBb0IsRUFBRSxrQ0FBa0M7WUFDaEUsS0FBSyxFQUFFLFlBQVk7U0FDcEI7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVELFNBQVMsc0JBQXNCLENBQUMsTUFBa0IsRUFBRSxNQUFrQjtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDckQsTUFBTSxhQUFhLEdBQUcsSUFBSSxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFckQsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDN0IsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXpDLE9BQU8sYUFBYSxDQUFDO0FBQ3ZCLENBQUMifQ==
|
|
@@ -49,4 +49,4 @@ export class AesGcmCipher extends SymmetricCipher {
|
|
|
49
49
|
return this.cryptoService.decrypt(payload, key, payloadIv, Algorithms.AES_256_GCM, payloadAuthTag);
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
52
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWVzLWdjbS1jaXBoZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2Flcy1nY20tY2lwaGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzdDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM3RCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFTaEQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0FBQ3RCLE1BQU0sU0FBUyxHQUFHLEVBQUUsQ0FBQztBQU9yQiwrQ0FBK0M7QUFDL0MsU0FBUyxpQkFBaUIsQ0FBQyxNQUFtQjtJQUM1Qyx1REFBdUQ7SUFDdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRTlELG9FQUFvRTtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRWpFLE9BQU87UUFDTCxPQUFPLEVBQUUsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RELFNBQVM7UUFDVCxjQUFjO0tBQ2YsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLE9BQU8sWUFBYSxTQUFRLGVBQWU7SUFDL0MsWUFBWSxhQUE0QjtRQUN0QyxLQUFLLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDckIsSUFBSSxDQUFDLElBQUksR0FBRyxhQUFhLENBQUM7UUFDMUIsSUFBSSxDQUFDLFFBQVEsR0FBRyxTQUFTLENBQUM7UUFDMUIsSUFBSSxDQUFDLFNBQVMsR0FBRyxVQUFVLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDTSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQWUsRUFBRSxHQUFpQixFQUFFLEVBQVU7UUFDbkUsTUFBTSxRQUFRLEdBQWlCLEVBQUUsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLEVBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbEQsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUM5RCxJQUFJLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFDRCxNQUFNLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3RFLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRDs7O09BR0c7SUFDSCw2REFBNkQ7SUFDcEQsS0FBSyxDQUFDLE9BQU8sQ0FDcEIsTUFBbUIsRUFDbkIsR0FBaUIsRUFDakIsRUFBVztRQUVYLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXpFLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQy9CLE9BQU8sRUFDUCxHQUFHLEVBQ0gsU0FBUyxFQUNULFVBQVUsQ0FBQyxXQUFXLEVBQ3RCLGNBQWMsQ0FDZixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { encodeArrayBuffer as hexEncode } from '../../../src/encodings/hex.js';
|
|
1
2
|
export class SymmetricCipher {
|
|
2
3
|
constructor(cryptoService) {
|
|
3
4
|
this.cryptoService = cryptoService;
|
|
@@ -6,7 +7,8 @@ export class SymmetricCipher {
|
|
|
6
7
|
if (!this.ivLength) {
|
|
7
8
|
throw Error('No iv length');
|
|
8
9
|
}
|
|
9
|
-
|
|
10
|
+
const bytes = await this.cryptoService.randomBytes(this.ivLength);
|
|
11
|
+
return hexEncode(bytes.buffer);
|
|
10
12
|
}
|
|
11
13
|
async generateKey() {
|
|
12
14
|
if (!this.keyLength) {
|
|
@@ -15,4 +17,4 @@ export class SymmetricCipher {
|
|
|
15
17
|
return this.cryptoService.generateKey(this.keyLength);
|
|
16
18
|
}
|
|
17
19
|
}
|
|
18
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3ltbWV0cmljLWNpcGhlci1iYXNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY2lwaGVycy9zeW1tZXRyaWMtY2lwaGVyLWJhc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBT0EsT0FBTyxFQUFFLGlCQUFpQixJQUFJLFNBQVMsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBRS9FLE1BQU0sT0FBZ0IsZUFBZTtJQVNuQyxZQUFZLGFBQTRCO1FBQ3RDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCO1FBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbkIsTUFBTSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3BCLE1BQU0sS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQy9CLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUN4RCxDQUFDO0NBS0YifQ==
|