@opentdf/sdk 0.9.0-rc.82 → 0.10.0-beta.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/cjs/src/access/access-fetch.js +1 -2
- package/dist/cjs/src/access/access-rpc.js +1 -3
- package/dist/cjs/src/access.js +1 -14
- package/dist/cjs/src/auth/auth.js +13 -10
- package/dist/cjs/src/auth/dpop.js +121 -0
- package/dist/cjs/src/auth/oidc-clientcredentials-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-externaljwt-provider.js +37 -3
- package/dist/cjs/src/auth/oidc-refreshtoken-provider.js +37 -3
- package/dist/cjs/src/auth/oidc.js +10 -8
- package/dist/cjs/src/auth/providers.js +35 -12
- package/dist/cjs/src/crypto/enums.js +1 -1
- package/dist/cjs/src/crypto/index.js +16 -2
- package/dist/cjs/src/crypto/pemPublicToCrypto.js +24 -20
- package/dist/cjs/src/errors.js +14 -2
- package/dist/cjs/src/index.js +8 -2
- package/dist/cjs/src/opentdf.js +50 -13
- package/dist/cjs/src/policy/discovery.js +188 -0
- package/dist/cjs/src/version.js +2 -2
- package/dist/cjs/tdf3/index.js +4 -2
- package/dist/cjs/tdf3/src/assertions.js +71 -31
- package/dist/cjs/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/cjs/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/cjs/tdf3/src/client/index.js +23 -33
- package/dist/cjs/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/cjs/tdf3/src/crypto/declarations.js +1 -1
- package/dist/cjs/tdf3/src/crypto/index.js +849 -88
- package/dist/cjs/tdf3/src/crypto/jose/jwt-claims-set.js +11 -0
- package/dist/cjs/tdf3/src/crypto/jose/validate-crit.js +8 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +41 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/epoch.js +6 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/is_object.js +21 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +112 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/secs.js +60 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +38 -0
- package/dist/cjs/tdf3/src/crypto/jose/vendor/util/errors.js +135 -0
- package/dist/cjs/tdf3/src/crypto/jwt.js +183 -0
- package/dist/cjs/tdf3/src/crypto/salt.js +14 -8
- package/dist/cjs/tdf3/src/models/encryption-information.js +17 -20
- package/dist/cjs/tdf3/src/models/key-access.js +43 -63
- package/dist/cjs/tdf3/src/tdf.js +75 -75
- package/dist/cjs/tdf3/src/utils/index.js +5 -39
- package/dist/types/src/access/access-fetch.d.ts.map +1 -1
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +0 -5
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/auth.d.ts +9 -6
- package/dist/types/src/auth/auth.d.ts.map +1 -1
- package/dist/types/src/auth/dpop.d.ts +60 -0
- package/dist/types/src/auth/dpop.d.ts.map +1 -0
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-clientcredentials-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-externaljwt-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts +3 -2
- package/dist/types/src/auth/oidc-refreshtoken-provider.d.ts.map +1 -1
- package/dist/types/src/auth/oidc.d.ts +6 -4
- package/dist/types/src/auth/oidc.d.ts.map +1 -1
- package/dist/types/src/auth/providers.d.ts +5 -4
- package/dist/types/src/auth/providers.d.ts.map +1 -1
- package/dist/types/src/crypto/enums.d.ts +1 -1
- package/dist/types/src/crypto/index.d.ts +2 -1
- package/dist/types/src/crypto/index.d.ts.map +1 -1
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts +18 -0
- package/dist/types/src/crypto/pemPublicToCrypto.d.ts.map +1 -1
- package/dist/types/src/errors.d.ts +8 -0
- package/dist/types/src/errors.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +2 -1
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +26 -7
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +74 -0
- package/dist/types/src/policy/discovery.d.ts.map +1 -0
- package/dist/types/src/version.d.ts +1 -1
- package/dist/types/src/version.d.ts.map +1 -1
- package/dist/types/tdf3/index.d.ts +3 -3
- package/dist/types/tdf3/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/assertions.d.ts +23 -8
- package/dist/types/tdf3/src/assertions.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts +3 -3
- package/dist/types/tdf3/src/ciphers/aes-gcm-cipher.d.ts.map +1 -1
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts +4 -4
- package/dist/types/tdf3/src/ciphers/symmetric-cipher-base.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/builders.d.ts +2 -2
- package/dist/types/tdf3/src/client/builders.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +6 -5
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts +14 -4
- package/dist/types/tdf3/src/crypto/crypto-utils.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/declarations.d.ts +283 -18
- package/dist/types/tdf3/src/crypto/declarations.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/index.d.ts +105 -28
- package/dist/types/tdf3/src/crypto/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/jwt-claims-set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts +5 -0
- package/dist/types/tdf3/src/crypto/jose/validate-crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts +6 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/buffer_utils.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/epoch.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/is_object.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/secs.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts +3 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/lib/validate_crit.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jose/vendor/util/errors.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts +76 -0
- package/dist/types/tdf3/src/crypto/jwt.d.ts.map +1 -0
- package/dist/types/tdf3/src/crypto/salt.d.ts +6 -1
- package/dist/types/tdf3/src/crypto/salt.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/encryption-information.d.ts +4 -4
- package/dist/types/tdf3/src/models/encryption-information.d.ts.map +1 -1
- package/dist/types/tdf3/src/models/key-access.d.ts +8 -5
- package/dist/types/tdf3/src/models/key-access.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +8 -8
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/types/tdf3/src/utils/index.d.ts +4 -3
- package/dist/types/tdf3/src/utils/index.d.ts.map +1 -1
- package/dist/web/src/access/access-fetch.js +3 -4
- package/dist/web/src/access/access-rpc.js +3 -5
- package/dist/web/src/access.js +1 -13
- package/dist/web/src/auth/auth.js +13 -10
- package/dist/web/src/auth/dpop.js +118 -0
- package/dist/web/src/auth/oidc-clientcredentials-provider.js +4 -3
- package/dist/web/src/auth/oidc-externaljwt-provider.js +4 -3
- package/dist/web/src/auth/oidc-refreshtoken-provider.js +4 -3
- package/dist/web/src/auth/oidc.js +11 -9
- package/dist/web/src/auth/providers.js +13 -12
- package/dist/web/src/crypto/enums.js +1 -1
- package/dist/web/src/crypto/index.js +4 -2
- package/dist/web/src/crypto/pemPublicToCrypto.js +18 -18
- package/dist/web/src/errors.js +12 -1
- package/dist/web/src/index.js +3 -2
- package/dist/web/src/opentdf.js +17 -13
- package/dist/web/src/policy/discovery.js +182 -0
- package/dist/web/src/version.js +2 -2
- package/dist/web/tdf3/index.js +3 -2
- package/dist/web/tdf3/src/assertions.js +71 -31
- package/dist/web/tdf3/src/ciphers/aes-gcm-cipher.js +1 -1
- package/dist/web/tdf3/src/ciphers/symmetric-cipher-base.js +4 -2
- package/dist/web/tdf3/src/client/index.js +25 -35
- package/dist/web/tdf3/src/crypto/crypto-utils.js +12 -5
- package/dist/web/tdf3/src/crypto/declarations.js +1 -1
- package/dist/web/tdf3/src/crypto/index.js +830 -84
- package/dist/web/tdf3/src/crypto/jose/jwt-claims-set.js +5 -0
- package/dist/web/tdf3/src/crypto/jose/validate-crit.js +3 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/buffer_utils.js +35 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/epoch.js +4 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/is_object.js +19 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.js +107 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/secs.js +58 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/lib/validate_crit.js +36 -0
- package/dist/web/tdf3/src/crypto/jose/vendor/util/errors.js +117 -0
- package/dist/web/tdf3/src/crypto/jwt.js +174 -0
- package/dist/web/tdf3/src/crypto/salt.js +13 -7
- package/dist/web/tdf3/src/models/encryption-information.js +11 -14
- package/dist/web/tdf3/src/models/key-access.js +44 -31
- package/dist/web/tdf3/src/tdf.js +71 -71
- package/dist/web/tdf3/src/utils/index.js +5 -6
- package/package.json +11 -4
- package/src/access/access-fetch.ts +2 -8
- package/src/access/access-rpc.ts +0 -7
- package/src/access.ts +0 -17
- package/src/auth/auth.ts +21 -12
- package/src/auth/dpop.ts +222 -0
- package/src/auth/oidc-clientcredentials-provider.ts +23 -15
- package/src/auth/oidc-externaljwt-provider.ts +23 -15
- package/src/auth/oidc-refreshtoken-provider.ts +23 -15
- package/src/auth/oidc.ts +21 -10
- package/src/auth/providers.ts +46 -29
- package/src/crypto/enums.ts +1 -1
- package/src/crypto/index.ts +21 -1
- package/src/crypto/pemPublicToCrypto.ts +18 -20
- package/src/errors.ts +9 -0
- package/src/index.ts +7 -0
- package/src/opentdf.ts +36 -17
- package/src/policy/discovery.ts +222 -0
- package/src/version.ts +1 -1
- package/tdf3/index.ts +32 -5
- package/tdf3/src/assertions.ts +99 -30
- package/tdf3/src/ciphers/aes-gcm-cipher.ts +7 -2
- package/tdf3/src/ciphers/symmetric-cipher-base.ts +7 -4
- package/tdf3/src/client/builders.ts +2 -2
- package/tdf3/src/client/index.ts +60 -59
- package/tdf3/src/crypto/crypto-utils.ts +15 -8
- package/tdf3/src/crypto/declarations.ts +338 -22
- package/tdf3/src/crypto/index.ts +1021 -118
- package/tdf3/src/crypto/jose/jwt-claims-set.ts +10 -0
- package/tdf3/src/crypto/jose/validate-crit.ts +9 -0
- package/tdf3/src/crypto/jose/vendor/lib/buffer_utils.ts +34 -0
- package/tdf3/src/crypto/jose/vendor/lib/epoch.ts +3 -0
- package/tdf3/src/crypto/jose/vendor/lib/is_object.ts +18 -0
- package/tdf3/src/crypto/jose/vendor/lib/jwt_claims_set.ts +106 -0
- package/tdf3/src/crypto/jose/vendor/lib/secs.ts +57 -0
- package/tdf3/src/crypto/jose/vendor/lib/validate_crit.ts +35 -0
- package/tdf3/src/crypto/jose/vendor/util/errors.ts +101 -0
- package/tdf3/src/crypto/jwt.ts +256 -0
- package/tdf3/src/crypto/salt.ts +16 -8
- package/tdf3/src/models/encryption-information.ts +14 -21
- package/tdf3/src/models/key-access.ts +57 -41
- package/tdf3/src/tdf.ts +110 -93
- package/tdf3/src/utils/index.ts +5 -6
package/dist/cjs/src/opentdf.js
CHANGED
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
36
|
exports.OpenTDF = exports.isPublicKeyAlgorithm = exports.TDF3Client = void 0;
|
|
4
37
|
const errors_js_1 = require("./errors.js");
|
|
@@ -6,6 +39,7 @@ var index_js_1 = require("../tdf3/src/client/index.js");
|
|
|
6
39
|
Object.defineProperty(exports, "TDF3Client", { enumerable: true, get: function () { return index_js_1.Client; } });
|
|
7
40
|
const seekable_js_1 = require("./seekable.js");
|
|
8
41
|
const index_js_2 = require("../tdf3/src/client/index.js");
|
|
42
|
+
const DefaultCryptoService = __importStar(require("../tdf3/src/crypto/index.js"));
|
|
9
43
|
const access_js_1 = require("./access.js");
|
|
10
44
|
Object.defineProperty(exports, "isPublicKeyAlgorithm", { enumerable: true, get: function () { return access_js_1.isPublicKeyAlgorithm; } });
|
|
11
45
|
const tdf_js_1 = require("../tdf3/src/tdf.js");
|
|
@@ -33,7 +67,7 @@ const index_js_3 = require("./encodings/index.js");
|
|
|
33
67
|
* platformUrl: 'https://platform.example.com',
|
|
34
68
|
* });
|
|
35
69
|
*
|
|
36
|
-
* const cipherText = await client.
|
|
70
|
+
* const cipherText = await client.createTDF({
|
|
37
71
|
* source: { type: 'stream', location: source },
|
|
38
72
|
* autoconfigure: false,
|
|
39
73
|
* });
|
|
@@ -42,7 +76,7 @@ const index_js_3 = require("./encodings/index.js");
|
|
|
42
76
|
* ```
|
|
43
77
|
*/
|
|
44
78
|
class OpenTDF {
|
|
45
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, }) {
|
|
79
|
+
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
46
80
|
this.authProvider = authProvider;
|
|
47
81
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
48
82
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
@@ -54,23 +88,26 @@ class OpenTDF {
|
|
|
54
88
|
console.warn("Warning: 'platformUrl' is required for security to ensure the SDK uses the platform-configured Key Access Server list");
|
|
55
89
|
}
|
|
56
90
|
this.policyEndpoint = policyEndpoint || '';
|
|
91
|
+
this.cryptoService = cryptoService ?? DefaultCryptoService;
|
|
57
92
|
this.tdf3Client = new index_js_2.Client({
|
|
58
93
|
authProvider,
|
|
59
94
|
dpopKeys,
|
|
60
95
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
61
96
|
platformUrl,
|
|
62
97
|
policyEndpoint,
|
|
98
|
+
cryptoService: this.cryptoService,
|
|
63
99
|
});
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
100
|
+
// Use CryptoService for key generation (returns opaque KeyPair)
|
|
101
|
+
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
102
|
+
}
|
|
103
|
+
/** Creates a new TDF stream. */
|
|
104
|
+
async createTDF(opts) {
|
|
105
|
+
return this.createZTDF(opts);
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Creates a new TDF stream.
|
|
109
|
+
* @deprecated Use {@link createTDF} instead.
|
|
110
|
+
*/
|
|
74
111
|
async createZTDF(opts) {
|
|
75
112
|
opts = { ...this.defaultCreateOptions, ...opts };
|
|
76
113
|
const oldStream = await this.tdf3Client.encrypt({
|
|
@@ -252,4 +289,4 @@ class ZTDFReader {
|
|
|
252
289
|
return this.requiredObligations ?? { fqns: [] };
|
|
253
290
|
}
|
|
254
291
|
}
|
|
255
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
292
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQXNNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQWEsT0FBTztJQW9CbEIsWUFBWSxFQUNWLFlBQVksRUFDWixRQUFRLEVBQ1Isb0JBQW9CLEVBQ3BCLGtCQUFrQixFQUNsQixXQUFXLEVBQ1gsY0FBYyxFQUNkLFdBQVcsRUFDWCxhQUFhLEdBQ0U7UUFDZixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsb0JBQW9CLElBQUksRUFBRSxDQUFDO1FBQ3ZELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsSUFBSSxFQUFFLENBQUM7UUFDbkQsSUFBSSxDQUFDLFdBQVcsR0FBRyxDQUFDLENBQUMsV0FBVyxDQUFDO1FBQ2pDLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDakMsQ0FBQzthQUFNLENBQUM7WUFDTixPQUFPLENBQUMsSUFBSSxDQUNWLHVIQUF1SCxDQUN4SCxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxJQUFJLEVBQUUsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLGFBQWEsSUFBSSxvQkFBb0IsQ0FBQztRQUMzRCxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksaUJBQVUsQ0FBQztZQUMvQixZQUFZO1lBQ1osUUFBUTtZQUNSLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFDSCxnRUFBZ0U7UUFDaEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO0lBQzFFLENBQUM7SUFFRCxnQ0FBZ0M7SUFDaEMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxJQUFzQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBdUI7UUFDdEMsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxNQUFNLElBQUEsNEJBQWMsRUFBQyxJQUFJLENBQUMsTUFBTSxDQUFDO1lBRXpDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7WUFDdkMsYUFBYSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsYUFBYTtZQUNuQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsa0JBQWtCO1lBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsS0FBSyxFQUFFO2dCQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTthQUM1QjtZQUNELFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0Isb0JBQW9CLEVBQUUsSUFBSSxDQUFDLG9CQUFvQjtZQUMvQyxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7U0FDcEMsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsSUFBSSxDQUFDLElBQWlCO1FBQ3BCLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDL0MsT0FBTyxJQUFJLGlCQUFpQixDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBaUI7UUFDMUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvQixPQUFPLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRUQsOERBQThEO0lBQzlELEtBQUs7UUFDSCxnREFBZ0Q7SUFDbEQsQ0FBQztDQUNGO0FBeEdELDBCQXdHQztBQUVELG9EQUFvRDtBQUNwRCxNQUFNLGlCQUFpQjtJQUdyQixZQUNXLEtBQWMsRUFDZCxJQUFpQjtRQURqQixVQUFLLEdBQUwsS0FBSyxDQUFTO1FBQ2QsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUg1QixVQUFLLEdBQWtGLE1BQU0sQ0FBQztRQUs1RixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNyQyxDQUFDO0lBRUQsc0RBQXNEO0lBQ3RELEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ25ELENBQUM7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLFdBQVcsQ0FBQztRQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUEsd0JBQVUsRUFBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sTUFBTSxHQUFHLE1BQU0sT0FBTyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNyRCxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztRQUNqRCxDQUFDO1FBQ0QsSUFBSSxNQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssSUFBSSxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUM3QyxJQUFJLENBQUMsS0FBSyxHQUFHLFFBQVEsQ0FBQztZQUN0QixPQUFPLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3BCLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyw2Q0FBNkMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw2Q0FBNkM7SUFDN0MsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsVUFBVSxFQUFFLENBQUM7SUFDN0IsQ0FBQztJQUVELDJDQUEyQztJQUMzQyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLEtBQUssQ0FBQyxLQUFLO1FBQ1QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxJQUFJLENBQUMsS0FBSyxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQzFCLGlDQUFpQztZQUNqQyxJQUFJLENBQUMsS0FBSyxHQUFHLE1BQU0sQ0FBQztZQUNwQixPQUFPO1FBQ1QsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsU0FBUyxDQUFDO1FBQ3ZCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQzlCLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1FBQ3RCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXO1FBQ2YsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQzlCLENBQUM7Q0FDRjtBQUVELCtCQUErQjtBQUMvQixNQUFNLFVBQVU7SUFJZCxZQUNXLE1BQWtCLEVBQ2xCLElBQWlCLEVBQ2pCLE1BQWU7UUFGZixXQUFNLEdBQU4sTUFBTSxDQUFZO1FBQ2xCLFNBQUksR0FBSixJQUFJLENBQWE7UUFDakIsV0FBTSxHQUFOLE1BQU0sQ0FBUztRQUV4QixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUEsc0JBQWEsRUFBQyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxFQUNKLHlCQUF5QixFQUN6QixRQUFRLEVBQUUsa0JBQWtCLEVBQzVCLG9CQUFvQixHQUNyQixHQUFHLElBQUksQ0FBQyxJQUFJLENBQUM7UUFFZCxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUMzRixNQUFNLElBQUksOEJBQWtCLENBQUMsMkRBQTJELENBQUMsQ0FBQztRQUM1RixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQztRQUU1QyxNQUFNLEVBQUUsWUFBWSxFQUFFLGFBQWEsRUFBRSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUM7UUFDcEQsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzNELENBQUM7UUFFRCxJQUFJLFNBQXNDLENBQUM7UUFFM0MsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixFQUFFLE1BQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ3ZFLFNBQVMsR0FBRyxJQUFJLDJCQUFlLENBQzdCLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksRUFBRSxFQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FDMUIsQ0FBQztRQUNKLENBQUM7YUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakMsU0FBUyxHQUFHLE1BQU0sSUFBQSxpQ0FBcUIsRUFBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSwwQkFBaUIsRUFDdkM7WUFDRSxTQUFTO1lBQ1QsWUFBWTtZQUNaLE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNwQixnQkFBZ0IsRUFBRSxDQUFDO1lBQ25CLGFBQWE7WUFDYixRQUFRO1lBQ1IsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsdUJBQXVCO1lBQ3pFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzdCLGVBQWUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxlQUFlO1lBQ3pELHlCQUF5QjtZQUN6QixrQkFBa0I7WUFDbEIsb0JBQW9CO1lBQ3BCLHNCQUFzQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMseUJBQXlCLElBQUksRUFBRTtTQUNsRSxFQUNELFFBQVEsQ0FDVCxDQUFDO1FBQ0YsSUFBSSxDQUFDLG1CQUFtQixHQUFHO1lBQ3pCLElBQUksRUFBRSxTQUFTLENBQUMsV0FBVyxFQUFFO1NBQzlCLENBQUM7UUFDRixNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3JELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLO1FBQ1QseURBQXlEO0lBQzNELENBQUM7SUFFRCw0Q0FBNEM7SUFDNUMsS0FBSyxDQUFDLFFBQVE7UUFDWixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsT0FBTyxRQUFRLENBQUMsUUFBUSxDQUFDO0lBQzNCLENBQUM7SUFFRCw4Q0FBOEM7SUFDOUMsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN2QyxNQUFNLFVBQVUsR0FBRyxpQkFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEUsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQVcsQ0FBQztRQUNoRCxPQUFPLE1BQU0sRUFBRSxJQUFJLEVBQUUsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNwRSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQzdCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDO1FBQ2xDLENBQUM7UUFDRCxNQUFNLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNyQixPQUFPLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLElBQUksRUFBRSxFQUFFLEVBQUUsQ0FBQztJQUNsRCxDQUFDO0NBQ0YifQ==
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.listAttributes = listAttributes;
|
|
4
|
+
exports.validateAttributes = validateAttributes;
|
|
5
|
+
exports.attributeExists = attributeExists;
|
|
6
|
+
exports.attributeValueExists = attributeValueExists;
|
|
7
|
+
const connect_1 = require("@connectrpc/connect");
|
|
8
|
+
const errors_js_1 = require("../errors.js");
|
|
9
|
+
const utils_js_1 = require("../utils.js");
|
|
10
|
+
const platform_js_1 = require("../platform.js");
|
|
11
|
+
// Caps the pagination loop in listAttributes. 10 pages × 1000 records = 10,000
|
|
12
|
+
// attributes maximum, which is generous for browser use while preventing runaway
|
|
13
|
+
// memory growth if a server repeatedly returns a non-zero next_offset.
|
|
14
|
+
const MAX_LIST_ATTRIBUTES_PAGES = 10;
|
|
15
|
+
// Number of attributes to request per page. Matches the platform's default
|
|
16
|
+
// (ListRequestLimitDefault = 1000) so behavior is stable regardless of server config.
|
|
17
|
+
const LIST_ATTRIBUTES_PAGE_SIZE = 1000;
|
|
18
|
+
// Matches the server-side proto constraint: GetAttributeValuesByFqnsRequest has
|
|
19
|
+
// max_items: 250 on the fqns field, so the client rejects oversized requests
|
|
20
|
+
// locally instead of receiving a cryptic server validation error.
|
|
21
|
+
const MAX_VALIDATE_FQNS = 250;
|
|
22
|
+
// Attribute value FQN format: https://<namespace>/attr/<name>/value/<value>
|
|
23
|
+
// Restricts to safe URL characters to prevent XSS via FQNs in error messages
|
|
24
|
+
const ATTRIBUTE_VALUE_FQN_RE = /^https?:\/\/[a-zA-Z0-9._~%-]+\/attr\/[a-zA-Z0-9._~%-]+\/value\/[a-zA-Z0-9._~%-]+$/i;
|
|
25
|
+
// Attribute-level FQN format: https://<namespace>/attr/<name> (no /value/ segment)
|
|
26
|
+
// Restricts to safe URL characters to prevent XSS via FQNs in error messages
|
|
27
|
+
const ATTRIBUTE_FQN_RE = /^https?:\/\/[a-zA-Z0-9._~%-]+\/attr\/[a-zA-Z0-9._~%-]+$/i;
|
|
28
|
+
/**
|
|
29
|
+
* Returns all active attributes available on the platform, auto-paginating through all results.
|
|
30
|
+
* An optional namespace name or ID may be provided to filter results.
|
|
31
|
+
*
|
|
32
|
+
* Use this before calling `createTDF()` to see what attributes are available for data tagging.
|
|
33
|
+
*
|
|
34
|
+
* @param platformUrl The platform base URL.
|
|
35
|
+
* @param authProvider An auth provider for the request.
|
|
36
|
+
* @param namespace Optional namespace name or ID to filter results.
|
|
37
|
+
* @returns All active {@link Attribute} objects on the platform.
|
|
38
|
+
*
|
|
39
|
+
* @example
|
|
40
|
+
* ```ts
|
|
41
|
+
* const attrs = await listAttributes(platformUrl, authProvider);
|
|
42
|
+
* for (const a of attrs) {
|
|
43
|
+
* console.log(a.fqn);
|
|
44
|
+
* }
|
|
45
|
+
* ```
|
|
46
|
+
*/
|
|
47
|
+
async function listAttributes(platformUrl, authProvider, namespace) {
|
|
48
|
+
if (!(0, utils_js_1.validateSecureUrl)(platformUrl)) {
|
|
49
|
+
throw new errors_js_1.ConfigurationError('platformUrl must use HTTPS protocol');
|
|
50
|
+
}
|
|
51
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
52
|
+
const result = [];
|
|
53
|
+
let nextOffset = 0;
|
|
54
|
+
for (let pages = 0; pages < MAX_LIST_ATTRIBUTES_PAGES; pages++) {
|
|
55
|
+
let resp;
|
|
56
|
+
try {
|
|
57
|
+
resp = await platform.v1.attributes.listAttributes({
|
|
58
|
+
namespace: namespace ?? '',
|
|
59
|
+
pagination: { offset: nextOffset, limit: LIST_ATTRIBUTES_PAGE_SIZE },
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
catch (e) {
|
|
63
|
+
throw new errors_js_1.NetworkError(`[ListAttributes] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
64
|
+
}
|
|
65
|
+
result.push(...resp.attributes);
|
|
66
|
+
nextOffset = resp.pagination?.nextOffset ?? 0;
|
|
67
|
+
if (nextOffset === 0) {
|
|
68
|
+
return result;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
throw new errors_js_1.ConfigurationError(`listAttributes returned more than ${MAX_LIST_ATTRIBUTES_PAGES * LIST_ATTRIBUTES_PAGE_SIZE} attributes. Use the namespace parameter to narrow results.`);
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Checks that all provided attribute value FQNs exist on the platform.
|
|
75
|
+
* Validates FQN format first, then verifies existence via the platform API.
|
|
76
|
+
*
|
|
77
|
+
* Use this before `createTDF()` to catch missing or misspelled attributes early
|
|
78
|
+
* instead of discovering the problem at decryption time.
|
|
79
|
+
*
|
|
80
|
+
* @param platformUrl The platform base URL.
|
|
81
|
+
* @param authProvider An auth provider for the request.
|
|
82
|
+
* @param fqns Attribute value FQNs to validate, in the form
|
|
83
|
+
* `https://<namespace>/attr/<name>/value/<value>`.
|
|
84
|
+
* @throws {@link AttributeNotFoundError} if any FQNs are not found on the platform.
|
|
85
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or there are too many FQNs.
|
|
86
|
+
*
|
|
87
|
+
* @example
|
|
88
|
+
* ```ts
|
|
89
|
+
* await validateAttributes(platformUrl, authProvider, [
|
|
90
|
+
* 'https://opentdf.io/attr/department/value/marketing',
|
|
91
|
+
* ]);
|
|
92
|
+
* // Safe to encrypt — all attributes confirmed present
|
|
93
|
+
* ```
|
|
94
|
+
*/
|
|
95
|
+
async function validateAttributes(platformUrl, authProvider, fqns) {
|
|
96
|
+
if (!fqns || fqns.length === 0) {
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
if (!(0, utils_js_1.validateSecureUrl)(platformUrl)) {
|
|
100
|
+
throw new errors_js_1.ConfigurationError('platformUrl must use HTTPS protocol');
|
|
101
|
+
}
|
|
102
|
+
if (fqns.length > MAX_VALIDATE_FQNS) {
|
|
103
|
+
throw new errors_js_1.ConfigurationError(`too many attribute FQNs: ${fqns.length} exceeds maximum of ${MAX_VALIDATE_FQNS}`);
|
|
104
|
+
}
|
|
105
|
+
for (const fqn of fqns) {
|
|
106
|
+
if (!ATTRIBUTE_VALUE_FQN_RE.test(fqn)) {
|
|
107
|
+
throw new errors_js_1.ConfigurationError('invalid attribute value FQN format');
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
111
|
+
let resp;
|
|
112
|
+
try {
|
|
113
|
+
resp = await platform.v1.attributes.getAttributeValuesByFqns({ fqns });
|
|
114
|
+
}
|
|
115
|
+
catch (e) {
|
|
116
|
+
throw new errors_js_1.NetworkError(`[GetAttributeValuesByFqns] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
117
|
+
}
|
|
118
|
+
const found = resp.fqnAttributeValues;
|
|
119
|
+
const missing = fqns.filter((fqn) => !(fqn in found));
|
|
120
|
+
if (missing.length > 0) {
|
|
121
|
+
throw new errors_js_1.AttributeNotFoundError(`attribute not found: ${missing.length} FQN(s) missing`);
|
|
122
|
+
}
|
|
123
|
+
}
|
|
124
|
+
/**
|
|
125
|
+
* Reports whether the attribute definition identified by `attributeFqn` exists on the platform.
|
|
126
|
+
*
|
|
127
|
+
* `attributeFqn` should be an attribute-level FQN (no `/value/` segment):
|
|
128
|
+
* `https://<namespace>/attr/<attribute_name>`
|
|
129
|
+
*
|
|
130
|
+
* @param platformUrl The platform base URL.
|
|
131
|
+
* @param authProvider An auth provider for the request.
|
|
132
|
+
* @param attributeFqn The attribute-level FQN to check.
|
|
133
|
+
* @returns `true` if the attribute exists, `false` if it does not.
|
|
134
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
135
|
+
* @throws {@link NetworkError} if a non-not-found service error occurs.
|
|
136
|
+
*/
|
|
137
|
+
async function attributeExists(platformUrl, authProvider, attributeFqn) {
|
|
138
|
+
if (!(0, utils_js_1.validateSecureUrl)(platformUrl)) {
|
|
139
|
+
throw new errors_js_1.ConfigurationError('platformUrl must use HTTPS protocol');
|
|
140
|
+
}
|
|
141
|
+
if (!ATTRIBUTE_FQN_RE.test(attributeFqn)) {
|
|
142
|
+
throw new errors_js_1.ConfigurationError('invalid attribute FQN format');
|
|
143
|
+
}
|
|
144
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
145
|
+
try {
|
|
146
|
+
await platform.v1.attributes.getAttribute({
|
|
147
|
+
identifier: { case: 'fqn', value: attributeFqn },
|
|
148
|
+
});
|
|
149
|
+
return true;
|
|
150
|
+
}
|
|
151
|
+
catch (e) {
|
|
152
|
+
if (e instanceof connect_1.ConnectError && e.code === connect_1.Code.NotFound) {
|
|
153
|
+
return false;
|
|
154
|
+
}
|
|
155
|
+
throw new errors_js_1.NetworkError(`[GetAttribute] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
/**
|
|
159
|
+
* Reports whether the attribute value FQN exists on the platform.
|
|
160
|
+
*
|
|
161
|
+
* `valueFqn` should be a full attribute value FQN (with `/value/` segment):
|
|
162
|
+
* `https://<namespace>/attr/<attribute_name>/value/<value>`
|
|
163
|
+
*
|
|
164
|
+
* @param platformUrl The platform base URL.
|
|
165
|
+
* @param authProvider An auth provider for the request.
|
|
166
|
+
* @param valueFqn The attribute value FQN to check.
|
|
167
|
+
* @returns `true` if the value exists, `false` if it does not.
|
|
168
|
+
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
169
|
+
* @throws {@link NetworkError} if a service error occurs.
|
|
170
|
+
*/
|
|
171
|
+
async function attributeValueExists(platformUrl, authProvider, valueFqn) {
|
|
172
|
+
if (!(0, utils_js_1.validateSecureUrl)(platformUrl)) {
|
|
173
|
+
throw new errors_js_1.ConfigurationError('platformUrl must use HTTPS protocol');
|
|
174
|
+
}
|
|
175
|
+
if (!ATTRIBUTE_VALUE_FQN_RE.test(valueFqn)) {
|
|
176
|
+
throw new errors_js_1.ConfigurationError('invalid attribute value FQN format');
|
|
177
|
+
}
|
|
178
|
+
const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
|
|
179
|
+
let resp;
|
|
180
|
+
try {
|
|
181
|
+
resp = await platform.v1.attributes.getAttributeValuesByFqns({ fqns: [valueFqn] });
|
|
182
|
+
}
|
|
183
|
+
catch (e) {
|
|
184
|
+
throw new errors_js_1.NetworkError(`[GetAttributeValuesByFqns] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
185
|
+
}
|
|
186
|
+
return valueFqn in resp.fqnAttributeValues;
|
|
187
|
+
}
|
|
188
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGlzY292ZXJ5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3BvbGljeS9kaXNjb3ZlcnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFpREEsd0NBaUNDO0FBd0JELGdEQXNDQztBQWVELDBDQXlCQztBQWVELG9EQXNCQztBQTdORCxpREFBeUQ7QUFDekQsNENBQXdGO0FBRXhGLDBDQUF3RTtBQUN4RSxnREFBZ0Q7QUFHaEQsK0VBQStFO0FBQy9FLGlGQUFpRjtBQUNqRix1RUFBdUU7QUFDdkUsTUFBTSx5QkFBeUIsR0FBRyxFQUFFLENBQUM7QUFFckMsMkVBQTJFO0FBQzNFLHNGQUFzRjtBQUN0RixNQUFNLHlCQUF5QixHQUFHLElBQUksQ0FBQztBQUV2QyxnRkFBZ0Y7QUFDaEYsNkVBQTZFO0FBQzdFLGtFQUFrRTtBQUNsRSxNQUFNLGlCQUFpQixHQUFHLEdBQUcsQ0FBQztBQUU5Qiw0RUFBNEU7QUFDNUUsNkVBQTZFO0FBQzdFLE1BQU0sc0JBQXNCLEdBQzFCLG9GQUFvRixDQUFDO0FBRXZGLG9GQUFvRjtBQUNwRiw2RUFBNkU7QUFDN0UsTUFBTSxnQkFBZ0IsR0FBRywwREFBMEQsQ0FBQztBQUVwRjs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0ksS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsWUFBMEIsRUFDMUIsU0FBa0I7SUFFbEIsSUFBSSxDQUFDLElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksOEJBQWtCLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBQ0QsTUFBTSxRQUFRLEdBQUcsSUFBSSw0QkFBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7SUFDbkUsTUFBTSxNQUFNLEdBQWdCLEVBQUUsQ0FBQztJQUMvQixJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFFbkIsS0FBSyxJQUFJLEtBQUssR0FBRyxDQUFDLEVBQUUsS0FBSyxHQUFHLHlCQUF5QixFQUFFLEtBQUssRUFBRSxFQUFFLENBQUM7UUFDL0QsSUFBSSxJQUFJLENBQUM7UUFDVCxJQUFJLENBQUM7WUFDSCxJQUFJLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUM7Z0JBQ2pELFNBQVMsRUFBRSxTQUFTLElBQUksRUFBRTtnQkFDMUIsVUFBVSxFQUFFLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUseUJBQXlCLEVBQUU7YUFDckUsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxvQkFBb0IsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDaEMsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsVUFBVSxJQUFJLENBQUMsQ0FBQztRQUM5QyxJQUFJLFVBQVUsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNyQixPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIscUNBQXFDLHlCQUF5QixHQUFHLHlCQUF5Qiw2REFBNkQsQ0FDeEosQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBcUJHO0FBQ0ksS0FBSyxVQUFVLGtCQUFrQixDQUN0QyxXQUFtQixFQUNuQixZQUEwQixFQUMxQixJQUFjO0lBRWQsSUFBSSxDQUFDLElBQUksSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQy9CLE9BQU87SUFDVCxDQUFDO0lBRUQsSUFBSSxDQUFDLElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksOEJBQWtCLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsSUFBSSxJQUFJLENBQUMsTUFBTSxHQUFHLGlCQUFpQixFQUFFLENBQUM7UUFDcEMsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiw0QkFBNEIsSUFBSSxDQUFDLE1BQU0sdUJBQXVCLGlCQUFpQixFQUFFLENBQ2xGLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztRQUN2QixJQUFJLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdEMsTUFBTSxJQUFJLDhCQUFrQixDQUFDLG9DQUFvQyxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUNuRSxJQUFJLElBQUksQ0FBQztJQUNULElBQUksQ0FBQztRQUNILElBQUksR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLHdCQUF3QixDQUFDLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLDhCQUE4QixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDO0lBQ3RDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxHQUFHLElBQUksS0FBSyxDQUFDLENBQUMsQ0FBQztJQUN0RCxJQUFJLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDdkIsTUFBTSxJQUFJLGtDQUFzQixDQUFDLHdCQUF3QixPQUFPLENBQUMsTUFBTSxpQkFBaUIsQ0FBQyxDQUFDO0lBQzVGLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsV0FBbUIsRUFDbkIsWUFBMEIsRUFDMUIsWUFBb0I7SUFFcEIsSUFBSSxDQUFDLElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNwQyxNQUFNLElBQUksOEJBQWtCLENBQUMscUNBQXFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1FBQ3pDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO0lBQy9ELENBQUM7SUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUNuRSxJQUFJLENBQUM7UUFDSCxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztZQUN4QyxVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUU7U0FDakQsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLElBQUksQ0FBQyxZQUFZLHNCQUFZLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxjQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDMUQsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBQ0QsTUFBTSxJQUFJLHdCQUFZLENBQUMsa0JBQWtCLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3hFLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0ksS0FBSyxVQUFVLG9CQUFvQixDQUN4QyxXQUFtQixFQUNuQixZQUEwQixFQUMxQixRQUFnQjtJQUVoQixJQUFJLENBQUMsSUFBQSw0QkFBaUIsRUFBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQ3BDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFFRCxJQUFJLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDM0MsTUFBTSxJQUFJLDhCQUFrQixDQUFDLG9DQUFvQyxDQUFDLENBQUM7SUFDckUsQ0FBQztJQUVELE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQ25FLElBQUksSUFBSSxDQUFDO0lBQ1QsSUFBSSxDQUFDO1FBQ0gsSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsd0JBQXdCLENBQUMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDckYsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyw4QkFBOEIsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVELE9BQU8sUUFBUSxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztBQUM3QyxDQUFDIn0=
|
package/dist/cjs/src/version.js
CHANGED
|
@@ -4,7 +4,7 @@ exports.tdfSpecVersion = exports.clientType = exports.version = void 0;
|
|
|
4
4
|
/**
|
|
5
5
|
* Exposes the released version number of the `@opentdf/sdk` package
|
|
6
6
|
*/
|
|
7
|
-
exports.version = '0.
|
|
7
|
+
exports.version = '0.10.0'; // x-release-please-version
|
|
8
8
|
/**
|
|
9
9
|
* A string name used to label requests as coming from this library client.
|
|
10
10
|
*/
|
|
@@ -13,4 +13,4 @@ exports.clientType = 'web-sdk';
|
|
|
13
13
|
* Version of the opentdf/spec this library is targeting
|
|
14
14
|
*/
|
|
15
15
|
exports.tdfSpecVersion = '4.3.0';
|
|
16
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
16
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy92ZXJzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBOztHQUVHO0FBQ1UsUUFBQSxPQUFPLEdBQUcsUUFBUSxDQUFDLENBQUMsMkJBQTJCO0FBRTVEOztHQUVHO0FBQ1UsUUFBQSxVQUFVLEdBQUcsU0FBUyxDQUFDO0FBRXBDOztHQUVHO0FBQ1UsUUFBQSxjQUFjLEdBQUcsT0FBTyxDQUFDIn0=
|
package/dist/cjs/tdf3/index.js
CHANGED
|
@@ -61,7 +61,9 @@ Object.defineProperty(exports, "version", { enumerable: true, get: function () {
|
|
|
61
61
|
Object.defineProperty(exports, "clientType", { enumerable: true, get: function () { return version_js_1.clientType; } });
|
|
62
62
|
const algorithms_js_1 = require("./src/ciphers/algorithms.js");
|
|
63
63
|
Object.defineProperty(exports, "Algorithms", { enumerable: true, get: function () { return algorithms_js_1.Algorithms; } });
|
|
64
|
-
|
|
64
|
+
var index_js_3 = require("./src/crypto/index.js");
|
|
65
|
+
Object.defineProperty(exports, "WebCryptoService", { enumerable: true, get: function () { return index_js_3.DefaultCryptoService; } });
|
|
66
|
+
// export the other methods from crypto/index.js that aren't part of CryptoService but are needed for JWT handling
|
|
65
67
|
var opentdf_js_1 = require("../src/opentdf.js");
|
|
66
68
|
Object.defineProperty(exports, "OpenTDF", { enumerable: true, get: function () { return opentdf_js_1.OpenTDF; } });
|
|
67
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
69
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLCtDQUF5QztBQWlGdkMsdUZBakZPLGtCQUFNLE9BaUZQO0FBaEZSLHdGQUFrRjtBQW1GaEYsd0dBbkZPLG9EQUF1QixPQW1GUDtBQWxGekIsMERBV2tDO0FBeUVoQyxxR0FsRkEsa0NBQW9CLE9Ba0ZBO0FBSXBCLHFHQS9FQSxrQ0FBb0IsT0ErRUE7QUE1RXRCLG9EQUE2RTtBQW1GM0Usa0dBbkYwQiw0QkFBaUIsT0FtRjFCO0FBL0RuQiw2Q0FBNEQ7QUFnRDFELHVGQWhETyxpQkFBTSxPQWdEUDtBQVNOLHVGQXpEZSxpQkFBTSxPQXlEZjtBQUlOLDJGQTdEdUIscUJBQVUsT0E2RHZCO0FBNURaLHNGQUlnRDtBQXVEOUMseUZBekRBLG9DQUFRLE9BeURBO0FBdERWLGlEQUE4RjtBQW9ENUYsNEZBcERzQyxxQkFBVyxPQW9EdEM7QUFNWCw0RkExRG1ELHFCQUFXLE9BMERuRDtBQXpEYix1RUFBK0Q7QUFxQzdELDZGQXJDTyxnQ0FBWSxPQXFDUDtBQXBDZCx3RUFBMEQ7QUFzQ3hELHNDQUFhO0FBckNmLGtEQUF3RDtBQXdEdEQsd0ZBeERPLG9CQUFPLE9Bd0RQO0FBSFAsMkZBckRnQix1QkFBVSxPQXFEaEI7QUFwRFosK0RBQWdHO0FBbUM5RiwyRkFuQ08sMEJBQVUsT0FtQ1A7QUF1Qlosa0RBQWlGO0FBQXhFLDRHQUFBLG9CQUFvQixPQUFvQjtBQUNqRCxrSEFBa0g7QUFDbEgsZ0RBUzJCO0FBRHpCLHFHQUFBLE9BQU8sT0FBQSJ9
|
|
@@ -6,38 +6,62 @@ exports.verify = verify;
|
|
|
6
6
|
exports.CreateAssertion = CreateAssertion;
|
|
7
7
|
exports.getSystemMetadataAssertionConfig = getSystemMetadataAssertionConfig;
|
|
8
8
|
const json_canonicalize_1 = require("json-canonicalize");
|
|
9
|
-
const jose_1 = require("jose");
|
|
10
9
|
const index_js_1 = require("../../src/encodings/index.js");
|
|
11
10
|
const errors_js_1 = require("../../src/errors.js");
|
|
12
11
|
const version_js_1 = require("../../src/version.js");
|
|
12
|
+
const jwt_js_1 = require("./crypto/jwt.js");
|
|
13
13
|
/**
|
|
14
14
|
* Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
|
|
15
15
|
*
|
|
16
|
+
* @param a - The assertion to hash
|
|
17
|
+
* @param cryptoService - The crypto service to use for hashing
|
|
16
18
|
* @returns the hexadecimal string representation of the hash
|
|
17
19
|
*/
|
|
18
|
-
async function hash(a) {
|
|
20
|
+
async function hash(a, cryptoService) {
|
|
19
21
|
const result = (0, json_canonicalize_1.canonicalizeEx)(a, {
|
|
20
22
|
exclude: ['binding', 'hash', 'sign', 'verify', 'signingKey'],
|
|
21
23
|
});
|
|
22
|
-
const
|
|
23
|
-
return index_js_1.hex.encodeArrayBuffer(
|
|
24
|
+
const hashBytes = await cryptoService.digest('SHA-256', new TextEncoder().encode(result));
|
|
25
|
+
return index_js_1.hex.encodeArrayBuffer(hashBytes.buffer);
|
|
24
26
|
}
|
|
25
27
|
/**
|
|
26
28
|
* Signs the given hash and signature using the provided key and sets the binding method and signature.
|
|
27
29
|
*
|
|
28
|
-
* @param
|
|
30
|
+
* @param thiz - The assertion to sign.
|
|
31
|
+
* @param assertionHash - The hash to be signed.
|
|
29
32
|
* @param sig - The signature to be signed.
|
|
30
|
-
* @param
|
|
31
|
-
* @
|
|
33
|
+
* @param key - The key used for signing.
|
|
34
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
35
|
+
* @returns A promise that resolves to the signed assertion.
|
|
32
36
|
*/
|
|
33
|
-
async function sign(thiz, assertionHash, sig, key) {
|
|
37
|
+
async function sign(thiz, assertionHash, sig, key, cryptoService) {
|
|
34
38
|
const payload = {
|
|
35
39
|
assertionHash,
|
|
36
40
|
assertionSig: sig,
|
|
37
41
|
};
|
|
42
|
+
const header = { alg: key.alg };
|
|
43
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PublicKey') {
|
|
44
|
+
throw new errors_js_1.ConfigurationError('Cannot sign assertion with PublicKey. Use PrivateKey or SymmetricKey for signing.');
|
|
45
|
+
}
|
|
46
|
+
let signingMaterial;
|
|
47
|
+
if (typeof key.key === 'string') {
|
|
48
|
+
if (!cryptoService.importPrivateKey) {
|
|
49
|
+
throw new errors_js_1.ConfigurationError('CryptoService does not support importing private keys. Cannot sign assertion with a PEM string. Use PrivateKey or SymmetricKey for signing.');
|
|
50
|
+
}
|
|
51
|
+
signingMaterial = await cryptoService.importPrivateKey(key.key, {
|
|
52
|
+
usage: 'sign',
|
|
53
|
+
extractable: false,
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
else if (key.key instanceof Uint8Array) {
|
|
57
|
+
signingMaterial = await cryptoService.importSymmetricKey(key.key);
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
signingMaterial = key.key;
|
|
61
|
+
}
|
|
38
62
|
let token;
|
|
39
63
|
try {
|
|
40
|
-
token = await
|
|
64
|
+
token = await (0, jwt_js_1.signJwt)(cryptoService, payload, signingMaterial, header);
|
|
41
65
|
}
|
|
42
66
|
catch (error) {
|
|
43
67
|
throw new errors_js_1.ConfigurationError(`Signing assertion failed: ${error.message}`, error);
|
|
@@ -68,31 +92,44 @@ function isAssertionConfig(obj) {
|
|
|
68
92
|
/**
|
|
69
93
|
* Verifies the signature of the assertion using the provided key.
|
|
70
94
|
*
|
|
71
|
-
* @param
|
|
72
|
-
* @
|
|
73
|
-
* @
|
|
95
|
+
* @param thiz - The assertion to verify.
|
|
96
|
+
* @param aggregateHash - The aggregate hash for integrity checking.
|
|
97
|
+
* @param key - The key used for verification.
|
|
98
|
+
* @param isLegacyTDF - Whether this is a legacy TDF format.
|
|
99
|
+
* @param cryptoService - The crypto service to use for verification.
|
|
100
|
+
* @throws {InvalidFileError} If the verification fails.
|
|
101
|
+
* @throws {IntegrityError} If the integrity check fails.
|
|
74
102
|
*/
|
|
75
|
-
async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
103
|
+
async function verify(thiz, aggregateHash, key, isLegacyTDF, cryptoService) {
|
|
76
104
|
let payload;
|
|
77
105
|
try {
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
106
|
+
// Parse JWT header to check for embedded keys (jwk or x5c)
|
|
107
|
+
const header = (0, jwt_js_1.decodeProtectedHeader)(thiz.binding.signature);
|
|
108
|
+
// Runtime check: ensure we have a verification key, not a signing key
|
|
109
|
+
if (typeof key.key === 'object' && '_brand' in key.key && key.key._brand === 'PrivateKey') {
|
|
110
|
+
throw new errors_js_1.ConfigurationError('Cannot verify assertion with PrivateKey. Use PublicKey or SymmetricKey for verification.');
|
|
111
|
+
}
|
|
112
|
+
let verificationKey = key.key;
|
|
113
|
+
if (header.jwk) {
|
|
114
|
+
// Convert embedded JWK to PEM
|
|
115
|
+
verificationKey = await cryptoService.jwkToPublicKeyPem(header.jwk);
|
|
116
|
+
}
|
|
117
|
+
else if (header.x5c && Array.isArray(header.x5c) && header.x5c.length > 0) {
|
|
118
|
+
// Extract public key from X.509 certificate
|
|
119
|
+
const cert = `-----BEGIN CERTIFICATE-----\n${header.x5c[0]}\n-----END CERTIFICATE-----`;
|
|
120
|
+
verificationKey = await cryptoService.extractPublicKeyPem(cert);
|
|
121
|
+
}
|
|
122
|
+
const result = await (0, jwt_js_1.verifyJwt)(cryptoService, thiz.binding.signature, verificationKey, {
|
|
123
|
+
algorithms: [key.alg],
|
|
87
124
|
});
|
|
88
|
-
payload =
|
|
125
|
+
payload = result.payload;
|
|
89
126
|
}
|
|
90
127
|
catch (error) {
|
|
91
128
|
throw new errors_js_1.InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
|
|
92
129
|
}
|
|
93
130
|
const { assertionHash, assertionSig } = payload;
|
|
94
131
|
// Get the hash of the assertion
|
|
95
|
-
const hashOfAssertion = await hash(thiz);
|
|
132
|
+
const hashOfAssertion = await hash(thiz, cryptoService);
|
|
96
133
|
// check if assertionHash is same as hashOfAssertion
|
|
97
134
|
if (hashOfAssertion !== assertionHash) {
|
|
98
135
|
throw new errors_js_1.IntegrityError('Assertion hash mismatch');
|
|
@@ -114,11 +151,14 @@ async function verify(thiz, aggregateHash, key, isLegacyTDF) {
|
|
|
114
151
|
}
|
|
115
152
|
/**
|
|
116
153
|
* Creates an Assertion object with the specified properties.
|
|
154
|
+
*
|
|
155
|
+
* @param aggregateHash - The aggregate hash for the assertion.
|
|
156
|
+
* @param assertionConfig - The configuration for the assertion.
|
|
157
|
+
* @param cryptoService - The crypto service to use for signing.
|
|
158
|
+
* @param targetVersion - The target TDF spec version.
|
|
159
|
+
* @returns The created assertion.
|
|
117
160
|
*/
|
|
118
|
-
|
|
119
|
-
* Creates an Assertion object with the specified properties.
|
|
120
|
-
*/
|
|
121
|
-
async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
161
|
+
async function CreateAssertion(aggregateHash, assertionConfig, cryptoService, targetVersion) {
|
|
122
162
|
if (!assertionConfig.signingKey) {
|
|
123
163
|
throw new errors_js_1.ConfigurationError('Assertion signing key is required');
|
|
124
164
|
}
|
|
@@ -131,7 +171,7 @@ async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
|
131
171
|
// empty binding
|
|
132
172
|
binding: { method: '', signature: '' },
|
|
133
173
|
};
|
|
134
|
-
const assertionHash = await hash(a);
|
|
174
|
+
const assertionHash = await hash(a, cryptoService);
|
|
135
175
|
let encodedHash;
|
|
136
176
|
switch (targetVersion || '4.3.0') {
|
|
137
177
|
case '4.2.2':
|
|
@@ -150,7 +190,7 @@ async function CreateAssertion(aggregateHash, assertionConfig, targetVersion) {
|
|
|
150
190
|
default:
|
|
151
191
|
throw new errors_js_1.ConfigurationError(`Unsupported TDF spec version: [${targetVersion}]`);
|
|
152
192
|
}
|
|
153
|
-
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
|
|
193
|
+
return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey, cryptoService);
|
|
154
194
|
}
|
|
155
195
|
/**
|
|
156
196
|
* Returns a default assertion configuration populated with system metadata.
|
|
@@ -192,4 +232,4 @@ function concatenateUint8Arrays(array1, array2) {
|
|
|
192
232
|
combinedArray.set(array2, array1.length);
|
|
193
233
|
return combinedArray;
|
|
194
234
|
}
|
|
195
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
235
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFxREEsb0JBT0M7QUE2REQsOENBbUJDO0FBYUQsd0JBK0RDO0FBV0QsMENBOENDO0FBa0RELDRFQStCQztBQWxXRCx5REFBbUQ7QUFDbkQsMkRBQTJEO0FBQzNELG1EQUEyRjtBQUMzRixxREFBNkU7QUFPN0UsNENBQTRGO0FBb0M1Rjs7Ozs7O0dBTUc7QUFDSSxLQUFLLFVBQVUsSUFBSSxDQUFDLENBQVksRUFBRSxhQUE0QjtJQUNuRSxNQUFNLE1BQU0sR0FBRyxJQUFBLGtDQUFjLEVBQUMsQ0FBQyxFQUFFO1FBQy9CLE9BQU8sRUFBRSxDQUFDLFNBQVMsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxZQUFZLENBQUM7S0FDN0QsQ0FBQyxDQUFDO0lBRUgsTUFBTSxTQUFTLEdBQUcsTUFBTSxhQUFhLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0lBQzFGLE9BQU8sY0FBRyxDQUFDLGlCQUFpQixDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNqRCxDQUFDO0FBRUQ7Ozs7Ozs7OztHQVNHO0FBQ0gsS0FBSyxVQUFVLElBQUksQ0FDakIsSUFBZSxFQUNmLGFBQXFCLEVBQ3JCLEdBQVcsRUFDWCxHQUFpQixFQUNqQixhQUE0QjtJQUU1QixNQUFNLE9BQU8sR0FBcUI7UUFDaEMsYUFBYTtRQUNiLFlBQVksRUFBRSxHQUFHO0tBQ2xCLENBQUM7SUFFRixNQUFNLE1BQU0sR0FBYyxFQUFFLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7SUFFM0MsSUFBSSxPQUFPLEdBQUcsQ0FBQyxHQUFHLEtBQUssUUFBUSxJQUFJLFFBQVEsSUFBSSxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLFdBQVcsRUFBRSxDQUFDO1FBQ3pGLE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIsbUZBQW1GLENBQ3BGLENBQUM7SUFDSixDQUFDO0lBRUQsSUFBSSxlQUEwQyxDQUFDO0lBQy9DLElBQUksT0FBTyxHQUFHLENBQUMsR0FBRyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ2hDLElBQUksQ0FBQyxhQUFhLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksOEJBQWtCLENBQzFCLDZJQUE2SSxDQUM5SSxDQUFDO1FBQ0osQ0FBQztRQUNELGVBQWUsR0FBRyxNQUFNLGFBQWEsQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFO1lBQzlELEtBQUssRUFBRSxNQUFNO1lBQ2IsV0FBVyxFQUFFLEtBQUs7U0FDbkIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztTQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsWUFBWSxVQUFVLEVBQUUsQ0FBQztRQUN6QyxlQUFlLEdBQUcsTUFBTSxhQUFhLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7U0FBTSxDQUFDO1FBQ04sZUFBZSxHQUFHLEdBQUcsQ0FBQyxHQUFnQyxDQUFDO0lBQ3pELENBQUM7SUFFRCxJQUFJLEtBQWEsQ0FBQztJQUNsQixJQUFJLENBQUM7UUFDSCxLQUFLLEdBQUcsTUFBTSxJQUFBLGdCQUFPLEVBQUMsYUFBYSxFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksOEJBQWtCLENBQUMsNkJBQTZCLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBQ0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEdBQUcsS0FBSyxDQUFDO0lBQzVCLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQztJQUMvQixPQUFPLElBQUksQ0FBQztBQUNkLENBQUM7QUFFRCw0R0FBNEc7QUFDNUcsU0FBZ0IsaUJBQWlCLENBQUMsR0FBWTtJQUM1QyxPQUFPLENBQ0wsQ0FBQyxDQUFDLEdBQUc7UUFDTCxPQUFPLEdBQUcsS0FBSyxRQUFRO1FBQ3ZCLElBQUksSUFBSSxHQUFHO1FBQ1gsT0FBTyxHQUFHLENBQUMsRUFBRSxLQUFLLFFBQVE7UUFDMUIsTUFBTSxJQUFJLEdBQUc7UUFDYixDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssT0FBTyxDQUFDO1FBQ2pELE9BQU8sSUFBSSxHQUFHO1FBQ2QsQ0FBQyxHQUFHLENBQUMsS0FBSyxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsS0FBSyxLQUFLLFNBQVMsQ0FBQztRQUNoRCxnQkFBZ0IsSUFBSSxHQUFHO1FBQ3ZCLENBQUMsR0FBRyxDQUFDLGNBQWMsS0FBSyxXQUFXLElBQUksR0FBRyxDQUFDLGNBQWMsS0FBSyxhQUFhLENBQUM7UUFDNUUsV0FBVyxJQUFJLEdBQUc7UUFDbEIsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxTQUFTO1FBQ2YsT0FBTyxHQUFHLENBQUMsU0FBUyxLQUFLLFFBQVE7UUFDakMsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLFFBQVEsSUFBSSxHQUFHLENBQUMsU0FBUztRQUN6QixPQUFPLElBQUksR0FBRyxDQUFDLFNBQVMsQ0FDekIsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ0ksS0FBSyxVQUFVLE1BQU0sQ0FDMUIsSUFBZSxFQUNmLGFBQXlCLEVBQ3pCLEdBQWlCLEVBQ2pCLFdBQW9CLEVBQ3BCLGFBQTRCO0lBRTVCLElBQUksT0FBeUIsQ0FBQztJQUM5QixJQUFJLENBQUM7UUFDSCwyREFBMkQ7UUFDM0QsTUFBTSxNQUFNLEdBQUcsSUFBQSw4QkFBcUIsRUFBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRTdELHNFQUFzRTtRQUN0RSxJQUFJLE9BQU8sR0FBRyxDQUFDLEdBQUcsS0FBSyxRQUFRLElBQUksUUFBUSxJQUFJLEdBQUcsQ0FBQyxHQUFHLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssWUFBWSxFQUFFLENBQUM7WUFDMUYsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiwwRkFBMEYsQ0FDM0YsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLGVBQWUsR0FBbUQsR0FBRyxDQUFDLEdBQUcsQ0FBQztRQUU5RSxJQUFJLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNmLDhCQUE4QjtZQUM5QixlQUFlLEdBQUcsTUFBTSxhQUFhLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLEdBQWlCLENBQUMsQ0FBQztRQUNwRixDQUFDO2FBQU0sSUFBSSxNQUFNLENBQUMsR0FBRyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzVFLDRDQUE0QztZQUM1QyxNQUFNLElBQUksR0FBRyxnQ0FBZ0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsNkJBQTZCLENBQUM7WUFDeEYsZUFBZSxHQUFHLE1BQU0sYUFBYSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2xFLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUEsa0JBQVMsRUFBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsZUFBZSxFQUFFO1lBQ3JGLFVBQVUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUM7U0FDdEIsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUEyQixDQUFDO0lBQy9DLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLDRCQUFnQixDQUFDLCtCQUErQixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELE1BQU0sRUFBRSxhQUFhLEVBQUUsWUFBWSxFQUFFLEdBQUcsT0FBTyxDQUFDO0lBRWhELGdDQUFnQztJQUNoQyxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFFeEQsb0RBQW9EO0lBQ3BELElBQUksZUFBZSxLQUFLLGFBQWEsRUFBRSxDQUFDO1FBQ3RDLE1BQU0sSUFBSSwwQkFBYyxDQUFDLHlCQUF5QixDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELElBQUksV0FBbUIsQ0FBQztJQUN4QixJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQ2hCLE1BQU0sa0JBQWtCLEdBQUcsSUFBSSxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQzFFLE1BQU0sWUFBWSxHQUFHLGtCQUFrQixHQUFHLGVBQWUsQ0FBQztRQUMxRCxXQUFXLEdBQUcsaUJBQU0sQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDNUMsQ0FBQztTQUFNLENBQUM7UUFDTixNQUFNLFlBQVksR0FBRyxzQkFBc0IsQ0FDekMsYUFBYSxFQUNiLElBQUksVUFBVSxDQUFDLGNBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUNyRCxDQUFDO1FBQ0YsV0FBVyxHQUFHLGlCQUFNLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDdkQsQ0FBQztJQUVELCtDQUErQztJQUMvQyxJQUFJLFlBQVksS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUNqQyxNQUFNLElBQUksMEJBQWMsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO0lBQzVFLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSSxLQUFLLFVBQVUsZUFBZSxDQUNuQyxhQUFrQyxFQUNsQyxlQUFnQyxFQUNoQyxhQUE0QixFQUM1QixhQUFzQjtJQUV0QixJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2hDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRCxNQUFNLENBQUMsR0FBYztRQUNuQixFQUFFLEVBQUUsZUFBZSxDQUFDLEVBQUU7UUFDdEIsSUFBSSxFQUFFLGVBQWUsQ0FBQyxJQUFJO1FBQzFCLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSztRQUM1QixjQUFjLEVBQUUsZUFBZSxDQUFDLGNBQWM7UUFDOUMsU0FBUyxFQUFFLGVBQWUsQ0FBQyxTQUFTO1FBQ3BDLGdCQUFnQjtRQUNoQixPQUFPLEVBQUUsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxFQUFFLEVBQUU7S0FDdkMsQ0FBQztJQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUNuRCxJQUFJLFdBQW1CLENBQUM7SUFDeEIsUUFBUSxhQUFhLElBQUksT0FBTyxFQUFFLENBQUM7UUFDakMsS0FBSyxPQUFPO1lBQ1YsSUFBSSxPQUFPLGFBQWEsS0FBSyxRQUFRLEVBQUUsQ0FBQztnQkFDdEMsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDREQUE0RCxDQUFDLENBQUM7WUFDN0YsQ0FBQztZQUNELFdBQVcsR0FBRyxpQkFBTSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEdBQUcsYUFBYSxDQUFDLENBQUM7WUFDM0QsTUFBTTtRQUNSLEtBQUssT0FBTztZQUNWLElBQUksT0FBTyxhQUFhLEtBQUssUUFBUSxFQUFFLENBQUM7Z0JBQ3RDLE1BQU0sSUFBSSw4QkFBa0IsQ0FDMUIsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxZQUFZLEdBQUcsc0JBQXNCLENBQ3pDLGFBQWEsRUFDYixJQUFJLFVBQVUsQ0FBQyxjQUFHLENBQUMsaUJBQWlCLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FDckQsQ0FBQztZQUNGLFdBQVcsR0FBRyxpQkFBTSxDQUFDLGlCQUFpQixDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ3JELE1BQU07UUFDUjtZQUNFLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxrQ0FBa0MsYUFBYSxHQUFHLENBQUMsQ0FBQztJQUNyRixDQUFDO0lBRUQsT0FBTyxNQUFNLElBQUksQ0FBQyxDQUFDLEVBQUUsYUFBYSxFQUFFLFdBQVcsRUFBRSxlQUFlLENBQUMsVUFBVSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0FBQzlGLENBQUM7QUErQ0Q7O0dBRUc7QUFDSCxTQUFnQixnQ0FBZ0M7SUFDOUMsSUFBSSxrQkFBa0IsR0FBRyxTQUFTLENBQUM7SUFDbkMsSUFBSSxPQUFPLFNBQVMsS0FBSyxXQUFXLEVBQUUsQ0FBQztRQUNyQyxJQUFJLE9BQU8sU0FBUyxDQUFDLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM1QyxrQkFBa0IsR0FBRyxTQUFTLENBQUMsU0FBUyxDQUFDO1FBQzNDLENBQUM7YUFBTSxJQUFJLE9BQU8sU0FBUyxDQUFDLFFBQVEsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsRCxrQkFBa0IsR0FBRyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMscUNBQXFDO1FBQ2hGLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQW1CO1FBQy9CLGdCQUFnQixFQUFFLDJCQUFjO1FBQ2hDLGFBQWEsRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRTtRQUN2QyxXQUFXLEVBQUUsTUFBTSxvQkFBVSxFQUFFLEVBQUUsOENBQThDO1FBQy9FLGtCQUFrQixFQUFFLE9BQU8sU0FBUyxLQUFLLFdBQVcsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsU0FBUztRQUN0RixRQUFRLEVBQUUsa0JBQWtCO0tBQzdCLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBRTlDLE9BQU87UUFDTCxFQUFFLEVBQUUsaUJBQWlCLEVBQUUsMkNBQTJDO1FBQ2xFLElBQUksRUFBRSxPQUFPLEVBQUUsdUNBQXVDO1FBQ3RELEtBQUssRUFBRSxLQUFLLEVBQUUsK0RBQStEO1FBQzdFLGNBQWMsRUFBRSxhQUFhLEVBQUUsNkRBQTZEO1FBQzVGLFNBQVMsRUFBRTtZQUNULE1BQU0sRUFBRSxNQUFNO1lBQ2QsTUFBTSxFQUFFLG9CQUFvQixFQUFFLGtDQUFrQztZQUNoRSxLQUFLLEVBQUUsWUFBWTtTQUNwQjtLQUNGLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyxzQkFBc0IsQ0FBQyxNQUFrQixFQUFFLE1BQWtCO0lBQ3BFLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUNyRCxNQUFNLGFBQWEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUVyRCxhQUFhLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM3QixhQUFhLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFekMsT0FBTyxhQUFhLENBQUM7QUFDdkIsQ0FBQyJ9
|
|
@@ -53,4 +53,4 @@ class AesGcmCipher extends symmetric_cipher_base_js_1.SymmetricCipher {
|
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
55
|
exports.AesGcmCipher = AesGcmCipher;
|
|
56
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
56
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWVzLWdjbS1jaXBoZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi90ZGYzL3NyYy9jaXBoZXJzL2Flcy1nY20tY2lwaGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDRDQUFzQztBQUN0QyxtREFBNkM7QUFDN0MseUVBQTZEO0FBQzdELGdEQUFnRDtBQVNoRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxTQUFTLEdBQUcsRUFBRSxDQUFDO0FBT3JCLCtDQUErQztBQUMvQyxTQUFTLGlCQUFpQixDQUFDLE1BQW1CO0lBQzVDLHVEQUF1RDtJQUN2RCxNQUFNLFNBQVMsR0FBRyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRTlELG9FQUFvRTtJQUNwRSxNQUFNLGNBQWMsR0FBRyxrQkFBTSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUVqRSxPQUFPO1FBQ0wsT0FBTyxFQUFFLGtCQUFNLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDdEQsU0FBUztRQUNULGNBQWM7S0FDZixDQUFDO0FBQ0osQ0FBQztBQUVELE1BQWEsWUFBYSxTQUFRLDBDQUFlO0lBQy9DLFlBQVksYUFBNEI7UUFDdEMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3JCLElBQUksQ0FBQyxJQUFJLEdBQUcsYUFBYSxDQUFDO1FBQzFCLElBQUksQ0FBQyxRQUFRLEdBQUcsU0FBUyxDQUFDO1FBQzFCLElBQUksQ0FBQyxTQUFTLEdBQUcsVUFBVSxDQUFDO0lBQzlCLENBQUM7SUFFRDs7OztPQUlHO0lBQ00sS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFlLEVBQUUsR0FBaUIsRUFBRSxFQUFVO1FBQ25FLE1BQU0sUUFBUSxHQUFpQixFQUFFLENBQUM7UUFDbEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSwwQkFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzFGLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNsRCxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzlELElBQUksTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ25CLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELE1BQU0sQ0FBQyxPQUFPLEdBQUcsa0JBQU0sQ0FBQyxlQUFlLENBQUMsSUFBQSxzQkFBVyxFQUFDLFFBQVEsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3RFLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRDs7O09BR0c7SUFDSCw2REFBNkQ7SUFDcEQsS0FBSyxDQUFDLE9BQU8sQ0FDcEIsTUFBbUIsRUFDbkIsR0FBaUIsRUFDakIsRUFBVztRQUVYLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXpFLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQy9CLE9BQU8sRUFDUCxHQUFHLEVBQ0gsU0FBUyxFQUNULDBCQUFVLENBQUMsV0FBVyxFQUN0QixjQUFjLENBQ2YsQ0FBQztJQUNKLENBQUM7Q0FDRjtBQTdDRCxvQ0E2Q0MifQ==
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.SymmetricCipher = void 0;
|
|
4
|
+
const hex_js_1 = require("../../../src/encodings/hex.js");
|
|
4
5
|
class SymmetricCipher {
|
|
5
6
|
constructor(cryptoService) {
|
|
6
7
|
this.cryptoService = cryptoService;
|
|
@@ -9,7 +10,8 @@ class SymmetricCipher {
|
|
|
9
10
|
if (!this.ivLength) {
|
|
10
11
|
throw Error('No iv length');
|
|
11
12
|
}
|
|
12
|
-
|
|
13
|
+
const bytes = await this.cryptoService.randomBytes(this.ivLength);
|
|
14
|
+
return (0, hex_js_1.encodeArrayBuffer)(bytes.buffer);
|
|
13
15
|
}
|
|
14
16
|
async generateKey() {
|
|
15
17
|
if (!this.keyLength) {
|
|
@@ -19,4 +21,4 @@ class SymmetricCipher {
|
|
|
19
21
|
}
|
|
20
22
|
}
|
|
21
23
|
exports.SymmetricCipher = SymmetricCipher;
|
|
22
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3ltbWV0cmljLWNpcGhlci1iYXNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vdGRmMy9zcmMvY2lwaGVycy9zeW1tZXRyaWMtY2lwaGVyLWJhc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBT0EsMERBQStFO0FBRS9FLE1BQXNCLGVBQWU7SUFTbkMsWUFBWSxhQUE0QjtRQUN0QyxJQUFJLENBQUMsYUFBYSxHQUFHLGFBQWEsQ0FBQztJQUNyQyxDQUFDO0lBRUQsS0FBSyxDQUFDLDRCQUE0QjtRQUNoQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ25CLE1BQU0sS0FBSyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQzlCLENBQUM7UUFDRCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNsRSxPQUFPLElBQUEsMEJBQVMsRUFBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDakMsQ0FBQztJQUVELEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwQixNQUFNLEtBQUssQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUMvQixDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDeEQsQ0FBQztDQUtGO0FBL0JELDBDQStCQyJ9
|