@opentdf/sdk 0.9.0-rc.82 → 0.10.0-beta.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/enums.js +1 -1
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +24 -20
- package/dist/cjs/src/errors.js +14 -2
- package/dist/cjs/src/index.js +8 -2
- package/dist/cjs/src/opentdf.js +50 -13
- package/dist/cjs/src/policy/discovery.js +188 -0
- package/dist/cjs/src/version.js +2 -2
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/enums.d.ts +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/errors.d.ts +8 -0
- package/dist/types/src/errors.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +2 -1
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +26 -7
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +74 -0
- package/dist/types/src/policy/discovery.d.ts.map +1 -0
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/src/version.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/enums.js +1 -1
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +18 -18
- package/dist/web/src/errors.js +12 -1
- package/dist/web/src/index.js +3 -2
- package/dist/web/src/opentdf.js +17 -13
- package/dist/web/src/policy/discovery.js +182 -0
- package/dist/web/src/version.js +2 -2
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/enums.ts +1 -1
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +18 -20
- package/src/errors.ts +9 -0
- package/src/index.ts +7 -0
- package/src/opentdf.ts +36 -17
- package/src/policy/discovery.ts +222 -0
- package/src/version.ts +1 -1
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
package/dist/web/src/opentdf.js
CHANGED
|
@@ -2,6 +2,7 @@ import { ConfigurationError, InvalidFileError } from './errors.js';
|
|
|
2
2
|
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
3
3
|
import { fromSource, sourceToStream } from './seekable.js';
|
|
4
4
|
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
5
|
+
import * as DefaultCryptoService from '../tdf3/src/crypto/index.js';
|
|
5
6
|
import { OriginAllowList, fetchKeyAccessServers, isPublicKeyAlgorithm, } from './access.js';
|
|
6
7
|
import { decryptStreamFrom, loadTDFStream, } from '../tdf3/src/tdf.js';
|
|
7
8
|
import { base64 } from './encodings/index.js';
|
|
@@ -29,7 +30,7 @@ export { isPublicKeyAlgorithm, };
|
|
|
29
30
|
* platformUrl: 'https://platform.example.com',
|
|
30
31
|
* });
|
|
31
32
|
*
|
|
32
|
-
* const cipherText = await client.
|
|
33
|
+
* const cipherText = await client.createTDF({
|
|
33
34
|
* source: { type: 'stream', location: source },
|
|
34
35
|
* autoconfigure: false,
|
|
35
36
|
* });
|
|
@@ -38,7 +39,7 @@ export { isPublicKeyAlgorithm, };
|
|
|
38
39
|
* ```
|
|
39
40
|
*/
|
|
40
41
|
export class OpenTDF {
|
|
41
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, }) {
|
|
42
|
+
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
42
43
|
this.authProvider = authProvider;
|
|
43
44
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
44
45
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
@@ -50,23 +51,26 @@ export class OpenTDF {
|
|
|
50
51
|
console.warn("Warning: 'platformUrl' is required for security to ensure the SDK uses the platform-configured Key Access Server list");
|
|
51
52
|
}
|
|
52
53
|
this.policyEndpoint = policyEndpoint || '';
|
|
54
|
+
this.cryptoService = cryptoService ?? DefaultCryptoService;
|
|
53
55
|
this.tdf3Client = new TDF3Client({
|
|
54
56
|
authProvider,
|
|
55
57
|
dpopKeys,
|
|
56
58
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
57
59
|
platformUrl,
|
|
58
60
|
policyEndpoint,
|
|
61
|
+
cryptoService: this.cryptoService,
|
|
59
62
|
});
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
63
|
+
// Use CryptoService for key generation (returns opaque KeyPair)
|
|
64
|
+
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
65
|
+
}
|
|
66
|
+
/** Creates a new TDF stream. */
|
|
67
|
+
async createTDF(opts) {
|
|
68
|
+
return this.createZTDF(opts);
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Creates a new TDF stream.
|
|
72
|
+
* @deprecated Use {@link createTDF} instead.
|
|
73
|
+
*/
|
|
70
74
|
async createZTDF(opts) {
|
|
71
75
|
opts = { ...this.defaultCreateOptions, ...opts };
|
|
72
76
|
const oldStream = await this.tdf3Client.encrypt({
|
|
@@ -247,4 +251,4 @@ class ZTDFReader {
|
|
|
247
251
|
return this.requiredObligations ?? { fqns: [] };
|
|
248
252
|
}
|
|
249
253
|
}
|
|
250
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
254
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNuRSxPQUFPLEVBQUUsTUFBTSxJQUFJLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ25FLE9BQU8sRUFBVyxVQUFVLEVBQUUsY0FBYyxFQUFlLE1BQU0sZUFBZSxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLDZCQUE2QixDQUFDO0FBTXBFLE9BQU8sRUFFTCxlQUFlLEVBQ2YscUJBQXFCLEVBQ3JCLG9CQUFvQixHQUNyQixNQUFNLGFBQWEsQ0FBQztBQVNyQixPQUFPLEVBQ0wsaUJBQWlCLEVBRWpCLGFBQWEsR0FFZCxNQUFNLG9CQUFvQixDQUFDO0FBQzVCLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUc5QyxPQUFPLEVBV0wsb0JBQW9CLEdBQ3JCLENBQUM7QUF1TEY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQU0sT0FBTyxPQUFPO0lBb0JsQixZQUFZLEVBQ1YsWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsQ0FBQyxXQUFXLENBQUM7UUFDakMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUNqQyxDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUhBQXVILENBQ3hILENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQzNDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxJQUFJLG9CQUFvQixDQUFDO1FBQzNELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUM7WUFDL0IsWUFBWTtZQUNaLFFBQVE7WUFDUixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsSUFBSSw4QkFBOEI7WUFDL0QsV0FBVztZQUNYLGNBQWM7WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBQ0gsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztJQUMxRSxDQUFDO0lBRUQsZ0NBQWdDO0lBQ2hDLEtBQUssQ0FBQyxTQUFTLENBQUMsSUFBc0I7UUFDcEMsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsVUFBVSxDQUFDLElBQXVCO1FBQ3RDLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDakQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQztZQUM5QyxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQztZQUV6QyxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCO1lBQ3ZDLGFBQWEsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLGFBQWE7WUFDbkMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtZQUMzQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLEtBQUssRUFBRTtnQkFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7YUFDNUI7WUFDRCxTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO1lBQzNCLG9CQUFvQixFQUFFLElBQUksQ0FBQyxvQkFBb0I7WUFDL0MsY0FBYyxFQUFFLElBQUksQ0FBQyxjQUFjO1NBQ3BDLENBQUMsQ0FBQztRQUNILE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsc0RBQXNEO0lBQ3RELElBQUksQ0FBQyxJQUFpQjtRQUNwQixJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQy9DLE9BQU8sSUFBSSxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDM0MsQ0FBQztJQUVELDJCQUEyQjtJQUMzQixLQUFLLENBQUMsSUFBSSxDQUFDLElBQWlCO1FBQzFCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDL0IsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDhEQUE4RDtJQUM5RCxLQUFLO1FBQ0gsZ0RBQWdEO0lBQ2xELENBQUM7Q0FDRjtBQUVELG9EQUFvRDtBQUNwRCxNQUFNLGlCQUFpQjtJQUdyQixZQUNXLEtBQWMsRUFDZCxJQUFpQjtRQURqQixVQUFLLEdBQUwsS0FBSyxDQUFTO1FBQ2QsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUg1QixVQUFLLEdBQWtGLE1BQU0sQ0FBQztRQUs1RixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsc0RBQXNEO0lBQ3RELEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ25ELENBQUM7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLFdBQVcsQ0FBQztRQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNyRCxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztRQUNqRCxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsS0FBSyxHQUFHLFFBQVEsQ0FBQztZQUN0QixPQUFPLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3BCLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyw2Q0FBNkMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw2Q0FBNkM7SUFDN0MsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDN0IsQ0FBQztJQUVELDJDQUEyQztJQUMzQyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxLQUFLO1FBQ1QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLGlDQUFpQztZQUNqQyxJQUFJLENBQUMsS0FBSyxHQUFHLE1BQU0sQ0FBQztZQUNwQixPQUFPO1FBQ1QsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsU0FBUyxDQUFDO1FBQ3ZCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQzlCLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3RCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXO1FBQ2YsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQzlCLENBQUM7Q0FDRjtBQUVELCtCQUErQjtBQUMvQixNQUFNLFVBQVU7SUFJZCxZQUNXLE1BQWtCLEVBQ2xCLElBQWlCLEVBQ2pCLE1BQWU7UUFGZixXQUFNLEdBQU4sTUFBTSxDQUFZO1FBQ2xCLFNBQUksR0FBSixJQUFJLENBQWE7UUFDakIsV0FBTSxHQUFOLE1BQU0sQ0FBUztRQUV4QixJQUFJLENBQUMsUUFBUSxHQUFHLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxFQUNKLHlCQUF5QixFQUN6QixRQUFRLEVBQUUsa0JBQWtCLEVBQzVCLG9CQUFvQixHQUNyQixHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFZCxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUMzRixNQUFNLElBQUksa0JBQWtCLENBQUMsMkRBQTJELENBQUMsQ0FBQztRQUM1RixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQztRQUU1QyxNQUFNLEVBQUUsWUFBWSxFQUFFLGFBQWEsRUFBRSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDcEQsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzNELENBQUM7UUFFRCxJQUFJLFNBQXNDLENBQUM7UUFFM0MsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLE1BQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3ZFLFNBQVMsR0FBRyxJQUFJLGVBQWUsQ0FDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUMxQixDQUFDO1FBQ0osQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQyxTQUFTLEdBQUcsTUFBTSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLE1BQU0saUJBQWlCLENBQ3ZDO1lBQ0UsU0FBUztZQUNULFlBQVk7WUFDWixPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQixhQUFhO1lBQ2IsUUFBUTtZQUNSLHVCQUF1QixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLHVCQUF1QjtZQUN6RSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM3QixlQUFlLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsZUFBZTtZQUN6RCx5QkFBeUI7WUFDekIsa0JBQWtCO1lBQ2xCLG9CQUFvQjtZQUNwQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixJQUFJLEVBQUU7U0FDbEUsRUFDRCxRQUFRLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLEVBQUUsU0FBUyxDQUFDLFdBQVcsRUFBRTtTQUM5QixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNyRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSztRQUNULHlEQUF5RDtJQUMzRCxDQUFDO0lBRUQsNENBQTRDO0lBQzVDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE9BQU8sUUFBUSxDQUFDLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQsOENBQThDO0lBQzlDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEUsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQVcsQ0FBQztRQUNoRCxPQUFPLE1BQU0sRUFBRSxJQUFJLEVBQUUsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNwRSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQzdCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDO1FBQ2xDLENBQUM7UUFDRCxNQUFNLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0NBQ0YifQ==
|
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
import { ConnectError, Code } from '@connectrpc/connect';
|
|
2
|
+
import { AttributeNotFoundError, ConfigurationError, NetworkError } from '../errors.js';
|
|
3
|
+
import { extractRpcErrorMessage, validateSecureUrl } from '../utils.js';
|
|
4
|
+
import { PlatformClient } from '../platform.js';
|
|
5
|
+
// Caps the pagination loop in listAttributes. 10 pages × 1000 records = 10,000
|
|
6
|
+
// attributes maximum, which is generous for browser use while preventing runaway
|
|
7
|
+
// memory growth if a server repeatedly returns a non-zero next_offset.
|
|
8
|
+
const MAX_LIST_ATTRIBUTES_PAGES = 10;
|
|
9
|
+
// Number of attributes to request per page. Matches the platform's default
|
|
10
|
+
// (ListRequestLimitDefault = 1000) so behavior is stable regardless of server config.
|
|
11
|
+
const LIST_ATTRIBUTES_PAGE_SIZE = 1000;
|
|
12
|
+
// Matches the server-side proto constraint: GetAttributeValuesByFqnsRequest has
|
|
13
|
+
// max_items: 250 on the fqns field, so the client rejects oversized requests
|
|
14
|
+
// locally instead of receiving a cryptic server validation error.
|
|
15
|
+
const MAX_VALIDATE_FQNS = 250;
|
|
16
|
+
// Attribute value FQN format: https://<namespace>/attr/<name>/value/<value>
|
|
17
|
+
// Restricts to safe URL characters to prevent XSS via FQNs in error messages
|
|
18
|
+
const ATTRIBUTE_VALUE_FQN_RE = /^https?:\/\/[a-zA-Z0-9._~%-]+\/attr\/[a-zA-Z0-9._~%-]+\/value\/[a-zA-Z0-9._~%-]+$/i;
|
|
19
|
+
// Attribute-level FQN format: https://<namespace>/attr/<name> (no /value/ segment)
|
|
20
|
+
// Restricts to safe URL characters to prevent XSS via FQNs in error messages
|
|
21
|
+
const ATTRIBUTE_FQN_RE = /^https?:\/\/[a-zA-Z0-9._~%-]+\/attr\/[a-zA-Z0-9._~%-]+$/i;
|
|
22
|
+
/**
|
|
23
|
+
* Returns all active attributes available on the platform, auto-paginating through all results.
|
|
24
|
+
* An optional namespace name or ID may be provided to filter results.
|
|
25
|
+
*
|
|
26
|
+
* Use this before calling `createTDF()` to see what attributes are available for data tagging.
|
|
27
|
+
*
|
|
28
|
+
* @param platformUrl The platform base URL.
|
|
29
|
+
* @param authProvider An auth provider for the request.
|
|
30
|
+
* @param namespace Optional namespace name or ID to filter results.
|
|
31
|
+
* @returns All active {@link Attribute} objects on the platform.
|
|
32
|
+
*
|
|
33
|
+
* @example
|
|
34
|
+
* ```ts
|
|
35
|
+
* const attrs = await listAttributes(platformUrl, authProvider);
|
|
36
|
+
* for (const a of attrs) {
|
|
37
|
+
* console.log(a.fqn);
|
|
38
|
+
* }
|
|
39
|
+
* ```
|
|
40
|
+
*/
|
|
41
|
+
export async function listAttributes(platformUrl, authProvider, namespace) {
|
|
42
|
+
if (!validateSecureUrl(platformUrl)) {
|
|
43
|
+
throw new ConfigurationError('platformUrl must use HTTPS protocol');
|
|
44
|
+
}
|
|
45
|
+
const platform = new PlatformClient({ authProvider, platformUrl });
|
|
46
|
+
const result = [];
|
|
47
|
+
let nextOffset = 0;
|
|
48
|
+
for (let pages = 0; pages < MAX_LIST_ATTRIBUTES_PAGES; pages++) {
|
|
49
|
+
let resp;
|
|
50
|
+
try {
|
|
51
|
+
resp = await platform.v1.attributes.listAttributes({
|
|
52
|
+
namespace: namespace ?? '',
|
|
53
|
+
pagination: { offset: nextOffset, limit: LIST_ATTRIBUTES_PAGE_SIZE },
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
catch (e) {
|
|
57
|
+
throw new NetworkError(`[ListAttributes] ${extractRpcErrorMessage(e)}`);
|
|
58
|
+
}
|
|
59
|
+
result.push(...resp.attributes);
|
|
60
|
+
nextOffset = resp.pagination?.nextOffset ?? 0;
|
|
61
|
+
if (nextOffset === 0) {
|
|
62
|
+
return result;
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
throw new ConfigurationError(`listAttributes returned more than ${MAX_LIST_ATTRIBUTES_PAGES * LIST_ATTRIBUTES_PAGE_SIZE} attributes. Use the namespace parameter to narrow results.`);
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Checks that all provided attribute value FQNs exist on the platform.
|
|
69
|
+
* Validates FQN format first, then verifies existence via the platform API.
|
|
70
|
+
*
|
|
71
|
+
* Use this before `createTDF()` to catch missing or misspelled attributes early
|
|
72
|
+
* instead of discovering the problem at decryption time.
|
|
73
|
+
*
|
|
74
|
+
* @param platformUrl The platform base URL.
|
|
75
|
+
* @param authProvider An auth provider for the request.
|
|
76
|
+
* @param fqns Attribute value FQNs to validate, in the form
|
|
77
|
+
* `https://<namespace>/attr/<name>/value/<value>`.
|
|
78
|
+
* @throws {@link AttributeNotFoundError} if any FQNs are not found on the platform.
|
|
79
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or there are too many FQNs.
|
|
80
|
+
*
|
|
81
|
+
* @example
|
|
82
|
+
* ```ts
|
|
83
|
+
* await validateAttributes(platformUrl, authProvider, [
|
|
84
|
+
* 'https://opentdf.io/attr/department/value/marketing',
|
|
85
|
+
* ]);
|
|
86
|
+
* // Safe to encrypt — all attributes confirmed present
|
|
87
|
+
* ```
|
|
88
|
+
*/
|
|
89
|
+
export async function validateAttributes(platformUrl, authProvider, fqns) {
|
|
90
|
+
if (!fqns || fqns.length === 0) {
|
|
91
|
+
return;
|
|
92
|
+
}
|
|
93
|
+
if (!validateSecureUrl(platformUrl)) {
|
|
94
|
+
throw new ConfigurationError('platformUrl must use HTTPS protocol');
|
|
95
|
+
}
|
|
96
|
+
if (fqns.length > MAX_VALIDATE_FQNS) {
|
|
97
|
+
throw new ConfigurationError(`too many attribute FQNs: ${fqns.length} exceeds maximum of ${MAX_VALIDATE_FQNS}`);
|
|
98
|
+
}
|
|
99
|
+
for (const fqn of fqns) {
|
|
100
|
+
if (!ATTRIBUTE_VALUE_FQN_RE.test(fqn)) {
|
|
101
|
+
throw new ConfigurationError('invalid attribute value FQN format');
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
const platform = new PlatformClient({ authProvider, platformUrl });
|
|
105
|
+
let resp;
|
|
106
|
+
try {
|
|
107
|
+
resp = await platform.v1.attributes.getAttributeValuesByFqns({ fqns });
|
|
108
|
+
}
|
|
109
|
+
catch (e) {
|
|
110
|
+
throw new NetworkError(`[GetAttributeValuesByFqns] ${extractRpcErrorMessage(e)}`);
|
|
111
|
+
}
|
|
112
|
+
const found = resp.fqnAttributeValues;
|
|
113
|
+
const missing = fqns.filter((fqn) => !(fqn in found));
|
|
114
|
+
if (missing.length > 0) {
|
|
115
|
+
throw new AttributeNotFoundError(`attribute not found: ${missing.length} FQN(s) missing`);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Reports whether the attribute definition identified by `attributeFqn` exists on the platform.
|
|
120
|
+
*
|
|
121
|
+
* `attributeFqn` should be an attribute-level FQN (no `/value/` segment):
|
|
122
|
+
* `https://<namespace>/attr/<attribute_name>`
|
|
123
|
+
*
|
|
124
|
+
* @param platformUrl The platform base URL.
|
|
125
|
+
* @param authProvider An auth provider for the request.
|
|
126
|
+
* @param attributeFqn The attribute-level FQN to check.
|
|
127
|
+
* @returns `true` if the attribute exists, `false` if it does not.
|
|
128
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
129
|
+
* @throws {@link NetworkError} if a non-not-found service error occurs.
|
|
130
|
+
*/
|
|
131
|
+
export async function attributeExists(platformUrl, authProvider, attributeFqn) {
|
|
132
|
+
if (!validateSecureUrl(platformUrl)) {
|
|
133
|
+
throw new ConfigurationError('platformUrl must use HTTPS protocol');
|
|
134
|
+
}
|
|
135
|
+
if (!ATTRIBUTE_FQN_RE.test(attributeFqn)) {
|
|
136
|
+
throw new ConfigurationError('invalid attribute FQN format');
|
|
137
|
+
}
|
|
138
|
+
const platform = new PlatformClient({ authProvider, platformUrl });
|
|
139
|
+
try {
|
|
140
|
+
await platform.v1.attributes.getAttribute({
|
|
141
|
+
identifier: { case: 'fqn', value: attributeFqn },
|
|
142
|
+
});
|
|
143
|
+
return true;
|
|
144
|
+
}
|
|
145
|
+
catch (e) {
|
|
146
|
+
if (e instanceof ConnectError && e.code === Code.NotFound) {
|
|
147
|
+
return false;
|
|
148
|
+
}
|
|
149
|
+
throw new NetworkError(`[GetAttribute] ${extractRpcErrorMessage(e)}`);
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Reports whether the attribute value FQN exists on the platform.
|
|
154
|
+
*
|
|
155
|
+
* `valueFqn` should be a full attribute value FQN (with `/value/` segment):
|
|
156
|
+
* `https://<namespace>/attr/<attribute_name>/value/<value>`
|
|
157
|
+
*
|
|
158
|
+
* @param platformUrl The platform base URL.
|
|
159
|
+
* @param authProvider An auth provider for the request.
|
|
160
|
+
* @param valueFqn The attribute value FQN to check.
|
|
161
|
+
* @returns `true` if the value exists, `false` if it does not.
|
|
162
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
163
|
+
* @throws {@link NetworkError} if a service error occurs.
|
|
164
|
+
*/
|
|
165
|
+
export async function attributeValueExists(platformUrl, authProvider, valueFqn) {
|
|
166
|
+
if (!validateSecureUrl(platformUrl)) {
|
|
167
|
+
throw new ConfigurationError('platformUrl must use HTTPS protocol');
|
|
168
|
+
}
|
|
169
|
+
if (!ATTRIBUTE_VALUE_FQN_RE.test(valueFqn)) {
|
|
170
|
+
throw new ConfigurationError('invalid attribute value FQN format');
|
|
171
|
+
}
|
|
172
|
+
const platform = new PlatformClient({ authProvider, platformUrl });
|
|
173
|
+
let resp;
|
|
174
|
+
try {
|
|
175
|
+
resp = await platform.v1.attributes.getAttributeValuesByFqns({ fqns: [valueFqn] });
|
|
176
|
+
}
|
|
177
|
+
catch (e) {
|
|
178
|
+
throw new NetworkError(`[GetAttributeValuesByFqns] ${extractRpcErrorMessage(e)}`);
|
|
179
|
+
}
|
|
180
|
+
return valueFqn in resp.fqnAttributeValues;
|
|
181
|
+
}
|
|
182
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlzY292ZXJ5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3BvbGljeS9kaXNjb3ZlcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsc0JBQXNCLEVBQUUsa0JBQWtCLEVBQUUsWUFBWSxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRXhGLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUN4RSxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFHaEQsK0VBQStFO0FBQy9FLGlGQUFpRjtBQUNqRix1RUFBdUU7QUFDdkUsTUFBTSx5QkFBeUIsR0FBRyxFQUFFLENBQUM7QUFFckMsMkVBQTJFO0FBQzNFLHNGQUFzRjtBQUN0RixNQUFNLHlCQUF5QixHQUFHLElBQUksQ0FBQztBQUV2QyxnRkFBZ0Y7QUFDaEYsNkVBQTZFO0FBQzdFLGtFQUFrRTtBQUNsRSxNQUFNLGlCQUFpQixHQUFHLEdBQUcsQ0FBQztBQUU5Qiw0RUFBNEU7QUFDNUUsNkVBQTZFO0FBQzdFLE1BQU0sc0JBQXNCLEdBQzFCLG9GQUFvRixDQUFDO0FBRXZGLG9GQUFvRjtBQUNwRiw2RUFBNkU7QUFDN0UsTUFBTSxnQkFBZ0IsR0FBRywwREFBMEQsQ0FBQztBQUVwRjs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFlBQTBCLEVBQzFCLFNBQWtCO0lBRWxCLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQ3BDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFDRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLE1BQU0sTUFBTSxHQUFnQixFQUFFLENBQUM7SUFDL0IsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBRW5CLEtBQUssSUFBSSxLQUFLLEdBQUcsQ0FBQyxFQUFFLEtBQUssR0FBRyx5QkFBeUIsRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDO1FBQy9ELElBQUksSUFBSSxDQUFDO1FBQ1QsSUFBSSxDQUFDO1lBQ0gsSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO2dCQUNqRCxTQUFTLEVBQUUsU0FBUyxJQUFJLEVBQUU7Z0JBQzFCLFVBQVUsRUFBRSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLHlCQUF5QixFQUFFO2FBQ3JFLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyxvQkFBb0Isc0JBQXNCLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQzFFLENBQUM7UUFFRCxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQ2hDLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLFVBQVUsSUFBSSxDQUFDLENBQUM7UUFDOUMsSUFBSSxVQUFVLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDckIsT0FBTyxNQUFNLENBQUM7UUFDaEIsQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLElBQUksa0JBQWtCLENBQzFCLHFDQUFxQyx5QkFBeUIsR0FBRyx5QkFBeUIsNkRBQTZELENBQ3hKLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXFCRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsa0JBQWtCLENBQ3RDLFdBQW1CLEVBQ25CLFlBQTBCLEVBQzFCLElBQWM7SUFFZCxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDL0IsT0FBTztJQUNULENBQUM7SUFFRCxJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksa0JBQWtCLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsSUFBSSxJQUFJLENBQUMsTUFBTSxHQUFHLGlCQUFpQixFQUFFLENBQUM7UUFDcEMsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiw0QkFBNEIsSUFBSSxDQUFDLE1BQU0sdUJBQXVCLGlCQUFpQixFQUFFLENBQ2xGLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN2QixJQUFJLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdEMsTUFBTSxJQUFJLGtCQUFrQixDQUFDLG9DQUFvQyxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLElBQUksSUFBSSxDQUFDO0lBQ1QsSUFBSSxDQUFDO1FBQ0gsSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsd0JBQXdCLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLFlBQVksQ0FBQyw4QkFBOEIsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUM7SUFDdEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxLQUFLLENBQUMsQ0FBQyxDQUFDO0lBQ3RELElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUN2QixNQUFNLElBQUksc0JBQXNCLENBQUMsd0JBQXdCLE9BQU8sQ0FBQyxNQUFNLGlCQUFpQixDQUFDLENBQUM7SUFDNUYsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7Ozs7Ozs7O0dBWUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsV0FBbUIsRUFDbkIsWUFBMEIsRUFDMUIsWUFBb0I7SUFFcEIsSUFBSSxDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7UUFDcEMsTUFBTSxJQUFJLGtCQUFrQixDQUFDLHFDQUFxQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVELElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztRQUN6QyxNQUFNLElBQUksa0JBQWtCLENBQUMsOEJBQThCLENBQUMsQ0FBQztJQUMvRCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUNuRSxJQUFJLENBQUM7UUFDSCxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztZQUN4QyxVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUU7U0FDakQsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLElBQUksQ0FBQyxZQUFZLFlBQVksSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUMxRCxPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFDRCxNQUFNLElBQUksWUFBWSxDQUFDLGtCQUFrQixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDeEUsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7Ozs7Ozs7O0dBWUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLG9CQUFvQixDQUN4QyxXQUFtQixFQUNuQixZQUEwQixFQUMxQixRQUFnQjtJQUVoQixJQUFJLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksa0JBQWtCLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsSUFBSSxDQUFDLHNCQUFzQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQzNDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFDO0lBQ3JFLENBQUM7SUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLElBQUksSUFBSSxDQUFDO0lBQ1QsSUFBSSxDQUFDO1FBQ0gsSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsd0JBQXdCLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDckYsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksWUFBWSxDQUFDLDhCQUE4QixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVELE9BQU8sUUFBUSxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztBQUM3QyxDQUFDIn0=
|
package/dist/web/src/version.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Exposes the released version number of the `@opentdf/sdk` package
|
|
3
3
|
*/
|
|
4
|
-
export const version = '0.
|
|
4
|
+
export const version = '0.10.0'; // x-release-please-version
|
|
5
5
|
/**
|
|
6
6
|
* A string name used to label requests as coming from this library client.
|
|
7
7
|
*/
|
|
@@ -10,4 +10,4 @@ export const clientType = 'web-sdk';
|
|
|
10
10
|
* Version of the opentdf/spec this library is targeting
|
|
11
11
|
*/
|
|
12
12
|
export const tdfSpecVersion = '4.3.0';
|
|
13
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
13
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy92ZXJzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxDQUFDLDJCQUEyQjtBQUU1RDs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRyxTQUFTLENBQUM7QUFFcEM7O0dBRUc7QUFDSCxNQUFNLENBQUMsTUFBTSxjQUFjLEdBQUcsT0FBTyxDQUFDIn0=
|
package/dist/web/tdf3/index.js
CHANGED
|
@@ -10,6 +10,7 @@ import * as AuthProviders from '../src/auth/providers.js';
|
|
|
10
10
|
import { version, clientType } from '../src/version.js';
|
|
11
11
|
import { Algorithms } from './src/ciphers/algorithms.js';
|
|
12
12
|
export { AesGcmCipher, Algorithms, AuthProviders, Binary, Client, DecoratedReadableStream, DecryptParamsBuilder, EncryptParamsBuilder, Errors, HttpRequest, SplitKey, TDF3Client, clientType, createSessionKeys, withHeaders, version, };
|
|
13
|
-
export
|
|
13
|
+
export { DefaultCryptoService as WebCryptoService } from './src/crypto/index.js';
|
|
14
|
+
// export the other methods from crypto/index.js that aren't part of CryptoService but are needed for JWT handling
|
|
14
15
|
export { OpenTDF, } from '../src/opentdf.js';
|
|
15
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
16
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QyxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx5Q0FBeUMsQ0FBQztBQUNsRixPQUFPLEVBRUwsb0JBQW9CLEVBT3BCLG9CQUFvQixHQUVyQixNQUFNLDBCQUEwQixDQUFDO0FBQ2xDLE9BQU8sRUFBcUIsaUJBQWlCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQW9CN0UsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDNUQsT0FBTyxFQUVMLFFBQVEsR0FFVCxNQUFNLHdDQUF3QyxDQUFDO0FBQ2hELE9BQU8sRUFBaUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzlGLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUMvRCxPQUFPLEtBQUssYUFBYSxNQUFNLDBCQUEwQixDQUFDO0FBQzFELE9BQU8sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFDeEQsT0FBTyxFQUFFLFVBQVUsRUFBeUMsTUFBTSw2QkFBNkIsQ0FBQztBQWlDaEcsT0FBTyxFQUNMLFlBQVksRUFDWixVQUFVLEVBQ1YsYUFBYSxFQUNiLE1BQU0sRUFDTixNQUFNLEVBRU4sdUJBQXVCLEVBRXZCLG9CQUFvQixFQUlwQixvQkFBb0IsRUFDcEIsTUFBTSxFQUNOLFdBQVcsRUFFWCxRQUFRLEVBQ1IsVUFBVSxFQUNWLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsV0FBVyxFQUNYLE9BQU8sR0FDUixDQUFDO0FBRUYsT0FBTyxFQUFFLG9CQUFvQixJQUFJLGdCQUFnQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDakYsa0hBQWtIO0FBQ2xILE9BQU8sRUFRTCxPQUFPLEdBQ1IsTUFBTSxtQkFBbUIsQ0FBQyJ9
|
|
@@ -1,36 +1,60 @@
|
|
|
1
1
|
import { canonicalizeEx } from 'json-canonicalize';
|
|
2
|
-
import { SignJWT, jwtVerify, importJWK, importX509 } from 'jose';
|
|
3
2
|
import { base64, hex } from '../../src/encodings/index.js';
|
|
4
3
|
import { ConfigurationError, IntegrityError, InvalidFileError } from '../../src/errors.js';
|
|
5
4
|
import { tdfSpecVersion, version as sdkVersion } from '../../src/version.js';
|
|
5
|
+
import { decodeProtectedHeader, signJwt, verifyJwt } from './crypto/jwt.js';
|
|
6
6
|
/**
|
|
7
7
|
* Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
|
|
8
8
|
*
|
|
9
|
+
* @param a - The assertion to hash
|
|
10
|
+
* @param cryptoService - The crypto service to use for hashing
|
|
9
11
|
* @returns the hexadecimal string representation of the hash
|
|
10
12
|
*/
|
|
11
|
-
export async function hash(a) {
|
|
13
|
+
export async function hash(a, cryptoService) {
|
|
12
14
|
const result = canonicalizeEx(a, {
|
|
13
15
|
exclude: ['binding', 'hash', 'sign', 'verify', 'signingKey'],
|
|
14
16
|
});
|
|
15
|
-
const
|
|
16
|
-
return hex.encodeArrayBuffer(
|
|
17
|
+
const hashBytes = await cryptoService.digest('SHA-256', new TextEncoder().encode(result));
|
|
18
|
+
return hex.encodeArrayBuffer(hashBytes.buffer);
|
|
17
19
|
}
|
|
18
20
|
/**
|
|
19
21
|
* Signs the given hash and signature using the provided key and sets the binding method and signature.
|
|
20
22
|
*
|
|
21
|
-
* @param
|
|
23
|
+
* @param thiz - The assertion to sign.
|
|
24
|
+
* @param assertionHash - The hash to be signed.
|
|
22
25
|
* @param sig - The signature to be signed.
|
|
23
|
-
* @param
|
|
24
|
-
* @
|
|
26
|
+
* @param key - The key used for signing.
|
|
27
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
28
|
+
* @returns A promise that resolves to the signed assertion.
|
|
25
29
|
*/
|
|
26
|
-
async function sign(thiz, assertionHash, sig, key) {
|
|
30
|
+
async function sign(thiz, assertionHash, sig, key, cryptoService) {
|
|
27
31
|
const payload = {
|
|
28
32
|
assertionHash,
|
|
29
33
|
assertionSig: sig,
|
|
30
34
|
};
|
|
35
|
+
const header = { alg: key.alg };
|
|
36
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PublicKey') {
|
|
37
|
+
throw new ConfigurationError('Cannot sign assertion with PublicKey. Use PrivateKey or SymmetricKey for signing.');
|
|
38
|
+
}
|
|
39
|
+
let signingMaterial;
|
|
40
|
+
if (typeof key.key === 'string') {
|
|
41
|
+
if (!cryptoService.importPrivateKey) {
|
|
42
|
+
throw new ConfigurationError('CryptoService does not support importing private keys. Cannot sign assertion with a PEM string. Use PrivateKey or SymmetricKey for signing.');
|
|
43
|
+
}
|
|
44
|
+
signingMaterial = await cryptoService.importPrivateKey(key.key, {
|
|
45
|
+
usage: 'sign',
|
|
46
|
+
extractable: false,
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
else if (key.key instanceof Uint8Array) {
|
|
50
|
+
signingMaterial = await cryptoService.importSymmetricKey(key.key);
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
signingMaterial = key.key;
|
|
54
|
+
}
|
|
31
55
|
let token;
|
|
32
56
|
try {
|
|
33
|
-
token = await
|
|
57
|
+
token = await signJwt(cryptoService, payload, signingMaterial, header);
|
|
34
58
|
}
|
|
35
59
|
catch (error) {
|
|
36
60
|
throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error);
|
|
@@ -61,31 +85,44 @@ export function isAssertionConfig(obj) {
|
|
|
61
85
|
/**
|
|
62
86
|
* Verifies the signature of the assertion using the provided key.
|
|
63
87
|
*
|
|
64
|
-
* @param
|
|
65
|
-
* @
|
|
66
|
-
* @
|
|
88
|
+
* @param thiz - The assertion to verify.
|
|
89
|
+
* @param aggregateHash - The aggregate hash for integrity checking.
|
|
90
|
+
* @param key - The key used for verification.
|
|
91
|
+
* @param isLegacyTDF - Whether this is a legacy TDF format.
|
|
92
|
+
* @param cryptoService - The crypto service to use for verification.
|
|
93
|
+
* @throws {InvalidFileError} If the verification fails.
|
|
94
|
+
* @throws {IntegrityError} If the integrity check fails.
|
|
67
95
|
*/
|
|
68
|
-
export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
96
|
+
export async function verify(thiz, aggregateHash, key, isLegacyTDF, cryptoService) {
|
|
69
97
|
let payload;
|
|
70
98
|
try {
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
99
|
+
// Parse JWT header to check for embedded keys (jwk or x5c)
|
|
100
|
+
const header = decodeProtectedHeader(thiz.binding.signature);
|
|
101
|
+
// Runtime check: ensure we have a verification key, not a signing key
|
|
102
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PrivateKey') {
|
|
103
|
+
throw new ConfigurationError('Cannot verify assertion with PrivateKey. Use PublicKey or SymmetricKey for verification.');
|
|
104
|
+
}
|
|
105
|
+
let verificationKey = key.key;
|
|
106
|
+
if (header.jwk) {
|
|
107
|
+
// Convert embedded JWK to PEM
|
|
108
|
+
verificationKey = await cryptoService.jwkToPublicKeyPem(header.jwk);
|
|
109
|
+
}
|
|
110
|
+
else if (header.x5c && Array.isArray(header.x5c) && header.x5c.length > 0) {
|
|
111
|
+
// Extract public key from X.509 certificate
|
|
112
|
+
const cert = `-----BEGIN CERTIFICATE-----\n${header.x5c[0]}\n-----END CERTIFICATE-----`;
|
|
113
|
+
verificationKey = await cryptoService.extractPublicKeyPem(cert);
|
|
114
|
+
}
|
|
115
|
+
const result = await verifyJwt(cryptoService, thiz.binding.signature, verificationKey, {
|
|
116
|
+
algorithms: [key.alg],
|
|
80
117
|
});
|
|
81
|
-
payload =
|
|
118
|
+
payload = result.payload;
|
|
82
119
|
}
|
|
83
120
|
catch (error) {
|
|
84
121
|
throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
|
|
85
122
|
}
|
|
86
123
|
const { assertionHash, assertionSig } = payload;
|
|
87
124
|
// Get the hash of the assertion
|
|
88
|
-
const hashOfAssertion = await hash(thiz);
|
|
125
|
+
const hashOfAssertion = await hash(thiz, cryptoService);
|
|
89
126
|
// check if assertionHash is same as hashOfAssertion
|
|
90
127
|
if (hashOfAssertion !== assertionHash) {
|
|
91
128
|
throw new IntegrityError('Assertion hash mismatch');
|
|
@@ -107,11 +144,14 @@ export async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
|
107
144
|
}
|
|
108
145
|
/**
|
|
109
146
|
* Creates an Assertion object with the specified properties.
|
|
147
|
+
*
|
|
148
|
+
* @param aggregateHash - The aggregate hash for the assertion.
|
|
149
|
+
* @param assertionConfig - The configuration for the assertion.
|
|
150
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
151
|
+
* @param targetVersion - The target TDF spec version.
|
|
152
|
+
* @returns The created assertion.
|
|
110
153
|
*/
|
|
111
|
-
|
|
112
|
-
* Creates an Assertion object with the specified properties.
|
|
113
|
-
*/
|
|
114
|
-
export async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
154
|
+
export async function CreateAssertion(aggregateHash, assertionConfig, cryptoService, targetVersion) {
|
|
115
155
|
if (!assertionConfig.signingKey) {
|
|
116
156
|
throw new ConfigurationError('Assertion signing key is required');
|
|
117
157
|
}
|
|
@@ -124,7 +164,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
124
164
|
// empty binding
|
|
125
165
|
binding: { method: '', signature: '' },
|
|
126
166
|
};
|
|
127
|
-
const assertionHash = await hash(a);
|
|
167
|
+
const assertionHash = await hash(a, cryptoService);
|
|
128
168
|
let encodedHash;
|
|
129
169
|
switch (targetVersion || '4.3.0') {
|
|
130
170
|
case '4.2.2':
|
|
@@ -143,7 +183,7 @@ export async function CreateAssertion(aggregateHash, assertionConfig, targetVers
|
|
|
143
183
|
default:
|
|
144
184
|
throw new ConfigurationError(`Unsupported TDF spec version: [${targetVersion}]`);
|
|
145
185
|
}
|
|
146
|
-
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
|
|
186
|
+
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey, cryptoService);
|
|
147
187
|
}
|
|
148
188
|
/**
|
|
149
189
|
* Returns a default assertion configuration populated with system metadata.
|
|
@@ -185,4 +225,4 @@ function concatenateUint8Arrays(array1, array2) {
|
|
|
185
225
|
combinedArray.set(array2, array1.length);
|
|
186
226
|
return combinedArray;
|
|
187
227
|
}
|
|
188
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
228
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ25ELE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLE1BQU0sOEJBQThCLENBQUM7QUFDM0QsT0FBTyxFQUFFLGtCQUFrQixFQUFFLGNBQWMsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQzNGLE9BQU8sRUFBRSxjQUFjLEVBQUUsT0FBTyxJQUFJLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBTzdFLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFrQixNQUFNLGlCQUFpQixDQUFDO0FBb0M1Rjs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLElBQUksQ0FBQyxDQUFZLEVBQUUsYUFBNEI7SUFDbkUsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLENBQUMsRUFBRTtRQUMvQixPQUFPLEVBQUUsQ0FBQyxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsWUFBWSxDQUFDO0tBQzdELENBQUMsQ0FBQztJQUVILE1BQU0sU0FBUyxHQUFHLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUMxRixPQUFPLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDakQsQ0FBQztBQUVEOzs7Ozs7Ozs7R0FTRztBQUNILEtBQUssVUFBVSxJQUFJLENBQ2pCLElBQWUsRUFDZixhQUFxQixFQUNyQixHQUFXLEVBQ1gsR0FBaUIsRUFDakIsYUFBNEI7SUFFNUIsTUFBTSxPQUFPLEdBQXFCO1FBQ2hDLGFBQWE7UUFDYixZQUFZLEVBQUUsR0FBRztLQUNsQixDQUFDO0lBRUYsTUFBTSxNQUFNLEdBQWMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDO0lBRTNDLElBQUksT0FBTyxHQUFHLENBQUMsR0FBRyxLQUFLLFFBQVEsSUFBSSxRQUFRLElBQUksR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUN6RixNQUFNLElBQUksa0JBQWtCLENBQzFCLG1GQUFtRixDQUNwRixDQUFDO0lBQ0osQ0FBQztJQUVELElBQUksZUFBMEMsQ0FBQztJQUMvQyxJQUFJLE9BQU8sR0FBRyxDQUFDLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztRQUNoQyxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLGtCQUFrQixDQUMxQiw2SUFBNkksQ0FDOUksQ0FBQztRQUNKLENBQUM7UUFDRCxlQUFlLEdBQUcsTUFBTSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5RCxLQUFLLEVBQUUsTUFBTTtZQUNiLFdBQVcsRUFBRSxLQUFLO1NBQ25CLENBQUMsQ0FBQztJQUNMLENBQUM7U0FBTSxJQUFJLEdBQUcsQ0FBQyxHQUFHLFlBQVksVUFBVSxFQUFFLENBQUM7UUFDekMsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNwRSxDQUFDO1NBQU0sQ0FBQztRQUNOLGVBQWUsR0FBRyxHQUFHLENBQUMsR0FBZ0MsQ0FBQztJQUN6RCxDQUFDO0lBRUQsSUFBSSxLQUFhLENBQUM7SUFDbEIsSUFBSSxDQUFDO1FBQ0gsS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUFDLGFBQWEsRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQztJQUM1QixJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsR0FBRyxLQUFLLENBQUM7SUFDL0IsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDO0FBRUQsNEdBQTRHO0FBQzVHLE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxHQUFZO0lBQzVDLE9BQU8sQ0FDTCxDQUFDLENBQUMsR0FBRztRQUNMLE9BQU8sR0FBRyxLQUFLLFFBQVE7UUFDdkIsSUFBSSxJQUFJLEdBQUc7UUFDWCxPQUFPLEdBQUcsQ0FBQyxFQUFFLEtBQUssUUFBUTtRQUMxQixNQUFNLElBQUksR0FBRztRQUNiLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksR0FBRyxDQUFDLElBQUksS0FBSyxPQUFPLENBQUM7UUFDakQsT0FBTyxJQUFJLEdBQUc7UUFDZCxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssS0FBSyxJQUFJLEdBQUcsQ0FBQyxLQUFLLEtBQUssU0FBUyxDQUFDO1FBQ2hELGdCQUFnQixJQUFJLEdBQUc7UUFDdkIsQ0FBQyxHQUFHLENBQUMsY0FBYyxLQUFLLFdBQVcsSUFBSSxHQUFHLENBQUMsY0FBYyxLQUFLLGFBQWEsQ0FBQztRQUM1RSxXQUFXLElBQUksR0FBRztRQUNsQixDQUFDLENBQUMsR0FBRyxDQUFDLFNBQVM7UUFDZixPQUFPLEdBQUcsQ0FBQyxTQUFTLEtBQUssUUFBUTtRQUNqQyxRQUFRLElBQUksR0FBRyxDQUFDLFNBQVM7UUFDekIsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLE9BQU8sSUFBSSxHQUFHLENBQUMsU0FBUyxDQUN6QixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE1BQU0sQ0FDMUIsSUFBZSxFQUNmLGFBQXlCLEVBQ3pCLEdBQWlCLEVBQ2pCLFdBQW9CLEVBQ3BCLGFBQTRCO0lBRTVCLElBQUksT0FBeUIsQ0FBQztJQUM5QixJQUFJLENBQUM7UUFDSCwyREFBMkQ7UUFDM0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUU3RCxzRUFBc0U7UUFDdEUsSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxJQUFJLFFBQVEsSUFBSSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLFlBQVksRUFBRSxDQUFDO1lBQzFGLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsMEZBQTBGLENBQzNGLENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxlQUFlLEdBQW1ELEdBQUcsQ0FBQyxHQUFHLENBQUM7UUFFOUUsSUFBSSxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDZiw4QkFBOEI7WUFDOUIsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxHQUFpQixDQUFDLENBQUM7UUFDcEYsQ0FBQzthQUFNLElBQUksTUFBTSxDQUFDLEdBQUcsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1RSw0Q0FBNEM7WUFDNUMsTUFBTSxJQUFJLEdBQUcsZ0NBQWdDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLDZCQUE2QixDQUFDO1lBQ3hGLGVBQWUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNsRSxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxTQUFTLENBQUMsYUFBYSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLGVBQWUsRUFBRTtZQUNyRixVQUFVLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDO1NBQ3RCLENBQUMsQ0FBQztRQUNILE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBMkIsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQywrQkFBK0IsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUVoRCxnQ0FBZ0M7SUFDaEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBRXhELG9EQUFvRDtJQUNwRCxJQUFJLGVBQWUsS0FBSyxhQUFhLEVBQUUsQ0FBQztRQUN0QyxNQUFNLElBQUksY0FBYyxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELElBQUksV0FBbUIsQ0FBQztJQUN4QixJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sWUFBWSxHQUFHLGtCQUFrQixHQUFHLGVBQWUsQ0FBQztRQUMxRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUM1QyxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sWUFBWSxHQUFHLHNCQUFzQixDQUN6QyxhQUFhLEVBQ2IsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQ3JELENBQUM7UUFDRixXQUFXLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRCwrQ0FBK0M7SUFDL0MsSUFBSSxZQUFZLEtBQUssV0FBVyxFQUFFLENBQUM7UUFDakMsTUFBTSxJQUFJLGNBQWMsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO0lBQzVFLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsYUFBa0MsRUFDbEMsZUFBZ0MsRUFDaEMsYUFBNEIsRUFDNUIsYUFBc0I7SUFFdEIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksa0JBQWtCLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxDQUFDLEdBQWM7UUFDbkIsRUFBRSxFQUFFLGVBQWUsQ0FBQyxFQUFFO1FBQ3RCLElBQUksRUFBRSxlQUFlLENBQUMsSUFBSTtRQUMxQixLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUs7UUFDNUIsY0FBYyxFQUFFLGVBQWUsQ0FBQyxjQUFjO1FBQzlDLFNBQVMsRUFBRSxlQUFlLENBQUMsU0FBUztRQUNwQyxnQkFBZ0I7UUFDaEIsT0FBTyxFQUFFLEVBQUUsTUFBTSxFQUFFLEVBQUUsRUFBRSxTQUFTLEVBQUUsRUFBRSxFQUFFO0tBQ3ZDLENBQUM7SUFFRixNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDbkQsSUFBSSxXQUFtQixDQUFDO0lBQ3hCLFFBQVEsYUFBYSxJQUFJLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1lBQzdGLENBQUM7WUFDRCxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLENBQUM7WUFDM0QsTUFBTTtRQUNSLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSxrQkFBa0IsQ0FDMUIsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxZQUFZLEdBQUcsc0JBQXNCLENBQ3pDLGFBQWEsRUFDYixJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FDckQsQ0FBQztZQUNGLFdBQVcsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDckQsTUFBTTtRQUNSO1lBQ0UsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtDQUFrQyxhQUFhLEdBQUcsQ0FBQyxDQUFDO0lBQ3JGLENBQUM7SUFFRCxPQUFPLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxVQUFVLEVBQUUsYUFBYSxDQUFDLENBQUM7QUFDOUYsQ0FBQztBQStDRDs7R0FFRztBQUNILE1BQU0sVUFBVSxnQ0FBZ0M7SUFDOUMsSUFBSSxrQkFBa0IsR0FBRyxTQUFTLENBQUM7SUFDbkMsSUFBSSxPQUFPLFNBQVMsS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUNyQyxJQUFJLE9BQU8sU0FBUyxDQUFDLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM1QyxrQkFBa0IsR0FBRyxTQUFTLENBQUMsU0FBUyxDQUFDO1FBQzNDLENBQUM7YUFBTSxJQUFJLE9BQU8sU0FBUyxDQUFDLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsRCxrQkFBa0IsR0FBRyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMscUNBQXFDO1FBQ2hGLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQW1CO1FBQy9CLGdCQUFnQixFQUFFLGNBQWM7UUFDaEMsYUFBYSxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO1FBQ3ZDLFdBQVcsRUFBRSxNQUFNLFVBQVUsRUFBRSxFQUFFLDhDQUE4QztRQUMvRSxrQkFBa0IsRUFBRSxPQUFPLFNBQVMsS0FBSyxXQUFXLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLFNBQVM7UUFDdEYsUUFBUSxFQUFFLGtCQUFrQjtLQUM3QixDQUFDO0lBRUYsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUU5QyxPQUFPO1FBQ0wsRUFBRSxFQUFFLGlCQUFpQixFQUFFLDJDQUEyQztRQUNsRSxJQUFJLEVBQUUsT0FBTyxFQUFFLHVDQUF1QztRQUN0RCxLQUFLLEVBQUUsS0FBSyxFQUFFLCtEQUErRDtRQUM3RSxjQUFjLEVBQUUsYUFBYSxFQUFFLDZEQUE2RDtRQUM1RixTQUFTLEVBQUU7WUFDVCxNQUFNLEVBQUUsTUFBTTtZQUNkLE1BQU0sRUFBRSxvQkFBb0IsRUFBRSxrQ0FBa0M7WUFDaEUsS0FBSyxFQUFFLFlBQVk7U0FDcEI7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVELFNBQVMsc0JBQXNCLENBQUMsTUFBa0IsRUFBRSxNQUFrQjtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDckQsTUFBTSxhQUFhLEdBQUcsSUFBSSxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFckQsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDN0IsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXpDLE9BQU8sYUFBYSxDQUFDO0FBQ3ZCLENBQUMifQ==
|
|
@@ -49,4 +49,4 @@ export class AesGcmCipher extends SymmetricCipher {
|
|
|
49
49
|
return this.cryptoService.decrypt(payload, key, payloadIv, Algorithms.AES_256_GCM, payloadAuthTag);
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
52
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWVzLWdjbS1jaXBoZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2Flcy1nY20tY2lwaGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBQzdDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM3RCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFTaEQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0FBQ3RCLE1BQU0sU0FBUyxHQUFHLEVBQUUsQ0FBQztBQU9yQiwrQ0FBK0M7QUFDL0MsU0FBUyxpQkFBaUIsQ0FBQyxNQUFtQjtJQUM1Qyx1REFBdUQ7SUFDdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRTlELG9FQUFvRTtJQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRWpFLE9BQU87UUFDTCxPQUFPLEVBQUUsTUFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RELFNBQVM7UUFDVCxjQUFjO0tBQ2YsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLE9BQU8sWUFBYSxTQUFRLGVBQWU7SUFDL0MsWUFBWSxhQUE0QjtRQUN0QyxLQUFLLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDckIsSUFBSSxDQUFDLElBQUksR0FBRyxhQUFhLENBQUM7UUFDMUIsSUFBSSxDQUFDLFFBQVEsR0FBRyxTQUFTLENBQUM7UUFDMUIsSUFBSSxDQUFDLFNBQVMsR0FBRyxVQUFVLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDTSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQWUsRUFBRSxHQUFpQixFQUFFLEVBQVU7UUFDbkUsTUFBTSxRQUFRLEdBQWlCLEVBQUUsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLEVBQUUsQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbEQsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLFVBQVUsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUM5RCxJQUFJLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNuQixRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFDRCxNQUFNLENBQUMsT0FBTyxHQUFHLE1BQU0sQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3RFLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRDs7O09BR0c7SUFDSCw2REFBNkQ7SUFDcEQsS0FBSyxDQUFDLE9BQU8sQ0FDcEIsTUFBbUIsRUFDbkIsR0FBaUIsRUFDakIsRUFBVztRQUVYLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXpFLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQy9CLE9BQU8sRUFDUCxHQUFHLEVBQ0gsU0FBUyxFQUNULFVBQVUsQ0FBQyxXQUFXLEVBQ3RCLGNBQWMsQ0FDZixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { encodeArrayBuffer as hexEncode } from '../../../src/encodings/hex.js';
|
|
1
2
|
export class SymmetricCipher {
|
|
2
3
|
constructor(cryptoService) {
|
|
3
4
|
this.cryptoService = cryptoService;
|
|
@@ -6,7 +7,8 @@ export class SymmetricCipher {
|
|
|
6
7
|
if (!this.ivLength) {
|
|
7
8
|
throw Error('No iv length');
|
|
8
9
|
}
|
|
9
|
-
|
|
10
|
+
const bytes = await this.cryptoService.randomBytes(this.ivLength);
|
|
11
|
+
return hexEncode(bytes.buffer);
|
|
10
12
|
}
|
|
11
13
|
async generateKey() {
|
|
12
14
|
if (!this.keyLength) {
|
|
@@ -15,4 +17,4 @@ export class SymmetricCipher {
|
|
|
15
17
|
return this.cryptoService.generateKey(this.keyLength);
|
|
16
18
|
}
|
|
17
19
|
}
|
|
18
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
20
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3ltbWV0cmljLWNpcGhlci1iYXNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY2lwaGVycy9zeW1tZXRyaWMtY2lwaGVyLWJhc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBT0EsT0FBTyxFQUFFLGlCQUFpQixJQUFJLFNBQVMsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBRS9FLE1BQU0sT0FBZ0IsZUFBZTtJQVNuQyxZQUFZLGFBQTRCO1FBQ3RDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxLQUFLLENBQUMsNEJBQTRCO1FBQ2hDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbkIsTUFBTSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sU0FBUyxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3BCLE1BQU0sS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQy9CLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUN4RCxDQUFDO0NBS0YifQ==
|