@schemavaults/jwt 0.6.13

package/dist/jwt/jwt-factory.d.ts

@@ -0,0 +1,34 @@
+import { type AccessToken, type RefreshToken, type UserData, type RequestTokensResult, type OrganizationID } from "@schemavaults/auth-common";
+import { type SchemaVaultsAppEnvironment } from "@schemavaults/app-definitions";
+import type { I_JWT_Keys } from "./jwt_keys";
+export interface IJWT_Factory_Init_Options {
+    user: UserData;
+    client_app_id: string;
+    jwt_keys: I_JWT_Keys;
+    environment: SchemaVaultsAppEnvironment;
+    user_organizations: readonly OrganizationID[];
+}
+export declare class JWT_Factory {
+    /**
+     * ID of api server
+     * validated to be either auth server url or uuid_v4 in constructor
+     */
+    private readonly client_app_id;
+    private readonly user;
+    private static readonly REFRESH_TOKEN_AUDIENCE;
+    private readonly jwt_keys;
+    private readonly environment;
+    private readonly user_organizations;
+    constructor(opts: IJWT_Factory_Init_Options);
+    private get uid();
+    private static get iat();
+    private generate;
+    refresh(): Promise<RefreshToken>;
+    access(audience: string): Promise<AccessToken>;
+    private multipleAccessTokens;
+    /**
+     *
+     * @returns Promise to result of generating access and/or refresh tokens
+     */
+    generateTokens(audiences?: string[] | string, replaceRefresh?: boolean): Promise<RequestTokensResult>;
+}

package/dist/jwt/jwt-factory.js

@@ -0,0 +1,147 @@
+import { audienceRefSchema, } from "@schemavaults/auth-common";
+import { appIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, schemaVaultsAppEnvironmentSchema, schemaVaultsAppEnvironments, } from "@schemavaults/app-definitions";
+import { generateJWT } from "./generate";
+import { REFRESH_TOKEN_AUDIENCE } from "./aud";
+// This class is used to generate JWTs for a single user
+// Initialize the factory with a user ID, then call loadUserData() to load the user's data
+// Once the user's data is loaded, you can call refresh() or access() to generate a token
+export class JWT_Factory {
+    /**
+     * ID of api server
+     * validated to be either auth server url or uuid_v4 in constructor
+     */
+    client_app_id;
+    user;
+    static REFRESH_TOKEN_AUDIENCE = REFRESH_TOKEN_AUDIENCE;
+    jwt_keys;
+    environment;
+    user_organizations;
+    constructor(opts) {
+        // Save user data
+        this.user = opts.user;
+        // Get client app id
+        const parsed_client_app_id = appIdSchema.safeParse(opts.client_app_id);
+        if (!parsed_client_app_id.success) {
+            throw new Error("Invalid client app ID");
+        }
+        this.client_app_id = parsed_client_app_id.data;
+        // JWT Keys
+        this.jwt_keys = opts.jwt_keys;
+        // App environment (sets 'env' field of generated tokens)
+        const parsed_app_environment = schemaVaultsAppEnvironmentSchema.safeParse(opts.environment);
+        if (!parsed_app_environment.success) {
+            throw new Error(`Invalid app environment to generate tokens for! Should be one of: ${schemaVaultsAppEnvironments.map((s) => `"${s}"`).join(", ")}`);
+        }
+        this.environment = parsed_app_environment.data;
+        this.user_organizations = opts.user_organizations;
+    }
+    get uid() {
+        const user = this.user;
+        if (typeof user.uid !== "string") {
+            throw new Error(`Invalid user ID, not a string! Received typeof ${typeof user.uid}`);
+        }
+        return this.user.uid;
+    }
+    static get iat() {
+        return Date.now();
+    }
+    async generate(type, aud) {
+        // Make sure the token type is valid
+        if (type !== "refresh" && type !== "access") {
+            throw new Error("Invalid token type");
+        }
+        if (!aud || typeof aud !== "string") {
+            throw new Error("Missing audience argument");
+        }
+        const uid = this.uid;
+        if (this.user.uid !== uid) {
+            throw new Error("User data does not match user ID");
+        }
+        const iat = JWT_Factory.iat;
+        if (type === "refresh") {
+            // refresh tokens are always addressed to the auth server
+            if (aud !== SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id ||
+                aud !== REFRESH_TOKEN_AUDIENCE) {
+                throw new Error("Refresh tokens must have an audience directed at the SchemaVaults Auth platform");
+            }
+        }
+        else if (aud === SCHEMAVAULTS_AUTH_APP_DEFINITION.app_id) {
+            // Always allow audience to be the
+        }
+        else {
+            const parsed_as_uuid_aud = await audienceRefSchema.safeParseAsync(aud);
+            if (!parsed_as_uuid_aud.success) {
+                throw new Error("Expected audience to reference a valid app, API, or FS server!");
+            }
+        }
+        const generateTokenOptions = {
+            user: this.user,
+            type,
+            iat,
+            audience: aud,
+            client_app_id: this.client_app_id,
+            jwt_keys: this.jwt_keys,
+            env: this.environment,
+            orgs: this.user_organizations,
+        };
+        const jwt = await generateJWT(generateTokenOptions);
+        return jwt;
+    }
+    async refresh() {
+        const REFRESH_TOKEN_AUDIENCE = JWT_Factory.REFRESH_TOKEN_AUDIENCE;
+        return await this.generate("refresh", REFRESH_TOKEN_AUDIENCE);
+    }
+    async access(audience) {
+        return await this.generate("access", audience);
+    }
+    async multipleAccessTokens(audiences) {
+        const accessTokens = {};
+        const accessTokenPromises = audiences.map((audience) => {
+            return this.access(audience);
+        });
+        const accessTokensList = await Promise.all(accessTokenPromises);
+        accessTokensList.forEach((access_token) => {
+            accessTokens[access_token.aud] = access_token;
+        });
+        return accessTokens;
+    }
+    /**
+     *
+     * @returns Promise to result of generating access and/or refresh tokens
+     */
+    async generateTokens(audiences, replaceRefresh) {
+        const client_app_id = this.client_app_id;
+        let access_token_audiences;
+        if (typeof audiences === "string")
+            access_token_audiences = [audiences];
+        else if (Array.isArray(audiences)) {
+            access_token_audiences = audiences;
+        }
+        else
+            throw new Error("Invalid audiences argument to JWT_Factory.generateTokens()");
+        if (access_token_audiences.length === 0)
+            console.warn("Did not receive any audiences to create access tokens for");
+        else if (access_token_audiences.length > 16)
+            throw new Error("Cannot request more than 16 access tokens at one time");
+        try {
+            const refreshTokenPromise = replaceRefresh ? this.refresh() : (async () => undefined)();
+            const tokenGenerationResult = {
+                success: true,
+                error: false,
+                message: "Generated token(s) successfully",
+                client_app_id,
+                tokens: {
+                    refresh: await refreshTokenPromise,
+                    access: await this.multipleAccessTokens(access_token_audiences),
+                },
+                userData: this.user,
+            };
+            return tokenGenerationResult;
+        }
+        catch (e) {
+            console.error(e);
+            throw new Error(`Failed to generate initial tokens for uid ${this.uid}`);
+        }
+    }
+}
+//# sourceMappingURL=jwt-factory.js.map

package/dist/jwt/jwt-factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-factory.js","sourceRoot":"","sources":["../../src/jwt/jwt-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAOL,iBAAiB,GAElB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,WAAW,EAEX,gCAAgC,EAEhC,gCAAgC,EAChC,2BAA2B,GAC5B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAA2B,WAAW,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,EAAE,sBAAsB,EAAE,MAAM,OAAO,CAAC;AAW/C,wDAAwD;AACxD,0FAA0F;AAC1F,yFAAyF;AACzF,MAAM,OAAO,WAAW;IACtB;;;OAGG;IACc,aAAa,CAAQ;IACrB,IAAI,CAAW;IACxB,MAAM,CAAU,sBAAsB,GAAG,sBAAsB,CAAC;IACvD,QAAQ,CAAa;IACrB,WAAW,CAA6B;IACxC,kBAAkB,CAA4B;IAE/D,YAAY,IAA+B;QACzC,iBAAiB;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEtB,oBAAoB;QACpB,MAAM,oBAAoB,GAAG,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACvE,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC;QAE/C,WAAW;QACX,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE9B,yDAAyD;QACzD,MAAM,sBAAsB,GAAG,gCAAgC,CAAC,SAAS,CACvE,IAAI,CAAC,WAAgD,CACtD,CAAC;QACF,IAAI,CAAC,sBAAsB,CAAC,OAAO,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,qEAAqE,2BAA2B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnI,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,sBAAsB,CAAC,IAAI,CAAC;QAE/C,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC;IACpD,CAAC;IAED,IAAY,GAAG;QACb,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,kDAAkD,OAAO,IAAI,CAAC,GAAG,EAAE,CACpE,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACvB,CAAC;IAEO,MAAM,KAAK,GAAG;QACpB,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,QAAQ,CACpB,IAAO,EACP,GAAW;QAEX,oCAAoC;QACpC,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACrB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,GAAG,GAAW,WAAW,CAAC,GAAG,CAAC;QAEpC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,yDAAyD;YACzD,IACE,GAAG,KAAK,gCAAgC,CAAC,MAAM;gBAC/C,GAAG,KAAK,sBAAsB,EAC9B,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,iFAAiF,CAClF,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC3D,kCAAkC;QACpC,CAAC;aAAM,CAAC;YACN,MAAM,kBAAkB,GAAG,MAAM,iBAAiB,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACvE,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,GAAoC;YAC5D,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI;YACJ,GAAG;YACH,QAAQ,EAAE,GAAG;YACb,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,QAAQ,EAAE,IAAI,CAAC,QAA6B;YAC5C,GAAG,EAAE,IAAI,CAAC,WAAgD;YAC1D,IAAI,EAAE,IAAI,CAAC,kBAAsD;SAClE,CAAC;QAEF,MAAM,GAAG,GAAc,MAAM,WAAW,CAAC,oBAAoB,CAAC,CAAC;QAE/D,OAAO,GAAsD,CAAC;IAChE,CAAC;IAEM,KAAK,CAAC,OAAO;QAClB,MAAM,sBAAsB,GAAG,WAAW,CAAC,sBAAsB,CAAC;QAClE,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC;IAChE,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,QAAgB;QAClC,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjD,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAChC,SAAmB;QAEnB,MAAM,YAAY,GAAgC,EAAE,CAAC;QAErD,MAAM,mBAAmB,GAAG,SAAS,CAAC,GAAG,CACvC,CAAC,QAAgB,EAAwB,EAAE;YACzC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC,CACF,CAAC;QACF,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAChE,gBAAgB,CAAC,OAAO,CAAC,CAAC,YAAY,EAAQ,EAAE;YAC9C,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,cAAc,CACzB,SAA6B,EAC7B,cAAwB;QAExB,MAAM,aAAa,GAAU,IAAI,CAAC,aAAa,CAAC;QAChD,IAAI,sBAAgC,CAAC;QAErC,IAAI,OAAO,SAAS,KAAK,QAAQ;YAC/B,sBAAsB,GAAG,CAAC,SAAS,CAAoB,CAAC;aACrD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAClC,sBAAsB,GAAG,SAAS,CAAC;QACrC,CAAC;;YACC,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QAEJ,IAAI,sBAAsB,CAAC,MAAM,KAAK,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;aACvE,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAE3E,IAAI,CAAC;YACH,MAAM,mBAAmB,GACvB,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;YAE9D,MAAM,qBAAqB,GAAwB;gBACjD,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,iCAAiC;gBAC1C,aAAa;gBACb,MAAM,EAAE;oBACN,OAAO,EAAE,MAAM,mBAAmB;oBAClC,MAAM,EAAE,MAAM,IAAI,CAAC,oBAAoB,CAAC,sBAAsB,CAAC;iBAChE;gBACD,QAAQ,EAAE,IAAI,CAAC,IAAI;aACpB,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,6CAA6C,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC"}

package/dist/jwt/jwt_keys/AbstractBaseKeyPairFactory.d.ts

@@ -0,0 +1,11 @@
+export interface BaseKeyPairFactoryOptions {
+    debug?: boolean;
+}
+export declare abstract class AbstractBaseKeyPairFactory {
+    protected readonly debug: boolean;
+    constructor(options?: BaseKeyPairFactoryOptions);
+    protected static toPemFormat(key: ArrayBuffer, key_type: "PUBLIC" | "PRIVATE"): string;
+    protected static exportKeyPair([privateKey, publicKey]: readonly [privateKey: string, publicKey: string], export_method: "pem" | "base64url"): readonly [string, string];
+    abstract generate(export_method: "pem" | "base64url"): Promise<readonly [privateKey: string, publicKey: string]>;
+}
+export default AbstractBaseKeyPairFactory;

package/dist/jwt/jwt_keys/AbstractBaseKeyPairFactory.js

@@ -0,0 +1,26 @@
+import { base64url } from "jose";
+import { PEMFormat } from "./pem-format";
+export class AbstractBaseKeyPairFactory {
+    debug;
+    constructor(options = {}) {
+        this.debug = options.debug || false;
+    }
+    static toPemFormat(key, key_type) {
+        return PEMFormat.toPemFormat(key, key_type);
+    }
+    static exportKeyPair([privateKey, publicKey], export_method) {
+        switch (export_method) {
+            case "pem":
+                return [privateKey, publicKey];
+            case "base64url":
+                return [
+                    base64url.encode(privateKey),
+                    base64url.encode(publicKey),
+                ];
+            default:
+                throw new Error("Received invalid 'export_method' to generate key pair with!");
+        }
+    }
+}
+export default AbstractBaseKeyPairFactory;
+//# sourceMappingURL=AbstractBaseKeyPairFactory.js.map

package/dist/jwt/jwt_keys/AbstractBaseKeyPairFactory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AbstractBaseKeyPairFactory.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/AbstractBaseKeyPairFactory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAOzC,MAAM,OAAgB,0BAA0B;IAC3B,KAAK,CAAU;IAElC,YAAmB,UAAqC,EAAE;QACxD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IACtC,CAAC;IAES,MAAM,CAAC,WAAW,CAAC,GAAgB,EAAE,QAA8B;QAC3E,OAAO,SAAS,CAAC,WAAW,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAES,MAAM,CAAC,aAAa,CAAC,CAAC,UAAU,EAAE,SAAS,CAAmD,EAAE,aAAkC;QAC1I,QAAQ,aAAa,EAAE,CAAC;YACtB,KAAK,KAAK;gBACR,OAAO,CAAC,UAAU,EAAE,SAAS,CAG5B,CAAC;YACJ,KAAK,WAAW;gBACd,OAAO;oBACL,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC;oBAC5B,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC;iBACiB,CAAC;YACjD;gBACE,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;QACN,CAAC;IACH,CAAC;CAGF;AAED,eAAe,0BAA0B,CAAC"}

package/dist/jwt/jwt_keys/ContentEncryptionKeyPairFactory.d.ts

@@ -0,0 +1,14 @@
+import AbstractBaseKeyPairFactory from "./AbstractBaseKeyPairFactory";
+export interface ContentEncryptionKeyPairFactoryOptions {
+    debug?: boolean;
+}
+/**
+ * @name ContentEncryptionKeyPairFactory
+ * @see ContentEncyptionKeyPairFactory.generate()
+ * @description Generates an encryption/decryption key pair
+ */
+export declare class ContentEncryptionKeyPairFactory extends AbstractBaseKeyPairFactory {
+    private static generateRsaPemEncryptionAndDecryptionKeyPair;
+    generate(export_method: "base64url" | "pem"): Promise<readonly [privateKey: string, publicKey: string]>;
+}
+export default ContentEncryptionKeyPairFactory;

package/dist/jwt/jwt_keys/ContentEncryptionKeyPairFactory.js

@@ -0,0 +1,45 @@
+import AbstractBaseKeyPairFactory from "./AbstractBaseKeyPairFactory";
+/**
+ * @name ContentEncryptionKeyPairFactory
+ * @see ContentEncyptionKeyPairFactory.generate()
+ * @description Generates an encryption/decryption key pair
+ */
+export class ContentEncryptionKeyPairFactory extends AbstractBaseKeyPairFactory {
+    static async generateRsaPemEncryptionAndDecryptionKeyPair(debug = false) {
+        const keyPair = await crypto.subtle.generateKey({
+            name: "RSA-OAEP",
+            modulusLength: 2048,
+            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+            hash: "SHA-256",
+        }, true, ["encrypt", "decrypt"]);
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemEncryptionAndDecryptionKeyPair() -> ", {
+                publicKey: keyPair.publicKey,
+                privateKey: keyPair.privateKey,
+            });
+        }
+        const exportedPrivateKey = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+        const exportedPublicKey = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemEncryptionAndDecryptionKeyPair() exported: -> ", {
+                exportedPublicKey,
+                exportedPrivateKey,
+            });
+        }
+        const pemPrivateKey = ContentEncryptionKeyPairFactory.toPemFormat(exportedPrivateKey, "PRIVATE");
+        const pemPublicKey = ContentEncryptionKeyPairFactory.toPemFormat(exportedPublicKey, "PUBLIC");
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemEncryptionAndDecryptionKeyPair() pem format: -> ", {
+                pemPublicKey,
+                pemPrivateKey,
+            });
+        }
+        return [pemPrivateKey, pemPublicKey];
+    }
+    async generate(export_method) {
+        const [privateKey, publicKey] = await ContentEncryptionKeyPairFactory.generateRsaPemEncryptionAndDecryptionKeyPair(this.debug);
+        return ContentEncryptionKeyPairFactory.exportKeyPair([privateKey, publicKey], export_method);
+    }
+}
+export default ContentEncryptionKeyPairFactory;
+//# sourceMappingURL=ContentEncryptionKeyPairFactory.js.map

package/dist/jwt/jwt_keys/ContentEncryptionKeyPairFactory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ContentEncryptionKeyPairFactory.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/ContentEncryptionKeyPairFactory.ts"],"names":[],"mappings":"AAAA,OAAO,0BAA0B,MAAM,8BAA8B,CAAC;AAMtE;;;;GAIG;AACH,MAAM,OAAO,+BAAgC,SAAQ,0BAA0B;IACrE,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,QAAiB,KAAK;QAGtF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C;YACE,IAAI,EAAE,UAAU;YAChB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,SAAS;SAChB,EACD,IAAI,EACJ,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,+DAA+D,EAAE;gBAC3E,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,kBAAkB,GAAgB,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACnE,OAAO,EACP,OAAO,CAAC,UAAU,CACnB,CAAC;QACF,MAAM,iBAAiB,GAAgB,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAClE,MAAM,EACN,OAAO,CAAC,SAAS,CAClB,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,yEAAyE,EAAE;gBACrF,iBAAiB;gBACjB,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAAW,+BAA+B,CAAC,WAAW,CACvE,kBAAkB,EAClB,SAAS,CACV,CAAC;QACF,MAAM,YAAY,GAAW,+BAA+B,CAAC,WAAW,CACtE,iBAAiB,EACjB,QAAQ,CACT,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2EAA2E,EAAE;gBACvF,YAAY;gBACZ,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,aAAa,EAAE,YAAY,CAGlC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,aAAkC;QACtD,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,MAAM,+BAA+B,CAAC,4CAA4C,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE/H,OAAO,+BAA+B,CAAC,aAAa,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,aAAa,CAAC,CAAA;IAC9F,CAAC;CACF;AAED,eAAe,+BAA+B,CAAC"}

package/dist/jwt/jwt_keys/I_JWT_Keys.d.ts

@@ -0,0 +1,15 @@
+import type { JsonSerializedJwtKey } from "./JsonSerializedJwtKey";
+export interface I_JWT_Keys {
+    audience_id: string;
+    keyset_id: string;
+    keyset_expiry: number;
+    signing_key: Promise<CryptoKey> | null;
+    signing_key_json: JsonSerializedJwtKey | null;
+    verification_key: Promise<CryptoKey>;
+    verification_key_json: JsonSerializedJwtKey;
+    encryption_key: Promise<CryptoKey> | null;
+    encryption_key_json: JsonSerializedJwtKey | null;
+    decryption_key: Promise<CryptoKey>;
+    decryption_key_json: JsonSerializedJwtKey;
+    listSerializedKeys(): readonly JsonSerializedJwtKey[];
+}

package/dist/jwt/jwt_keys/I_JWT_Keys.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=I_JWT_Keys.js.map

package/dist/jwt/jwt_keys/I_JWT_Keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"I_JWT_Keys.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/I_JWT_Keys.ts"],"names":[],"mappings":""}

package/dist/jwt/jwt_keys/JWK.d.ts

@@ -0,0 +1,2 @@
+import type { JWK } from "jose";
+export type { JWK };

package/dist/jwt/jwt_keys/JWK.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=JWK.js.map

package/dist/jwt/jwt_keys/JWK.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JWK.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/JWK.ts"],"names":[],"mappings":""}

package/dist/jwt/jwt_keys/JWKS.d.ts

@@ -0,0 +1,4 @@
+import type { JWK } from "./JWK";
+export type JWKS = {
+    keys: readonly JWK[];
+};

package/dist/jwt/jwt_keys/JWKS.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=JWKS.js.map

package/dist/jwt/jwt_keys/JWKS.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JWKS.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/JWKS.ts"],"names":[],"mappings":""}

package/dist/jwt/jwt_keys/JsonSerializedJwtKey.d.ts

@@ -0,0 +1,43 @@
+import { z } from "zod";
+export declare const jsonSerializedJwtKeySchema: z.ZodEffects<z.ZodObject<{
+    audience_id: z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>;
+    keyset_id: z.ZodString;
+    keyset_expiry: z.ZodOptional<z.ZodNumber>;
+    value: z.ZodString;
+    format: z.ZodEnum<["pem", "base64url"]>;
+    privacy_level: z.ZodEnum<["private", "public"]>;
+    key_type: z.ZodEnum<["encryption", "decryption", "signing", "verification"]>;
+}, "strict", z.ZodTypeAny, {
+    audience_id: string;
+    keyset_id: string;
+    value: string;
+    format: "base64url" | "pem";
+    privacy_level: "private" | "public";
+    key_type: "encryption" | "decryption" | "signing" | "verification";
+    keyset_expiry?: number | undefined;
+}, {
+    audience_id: string;
+    keyset_id: string;
+    value: string;
+    format: "base64url" | "pem";
+    privacy_level: "private" | "public";
+    key_type: "encryption" | "decryption" | "signing" | "verification";
+    keyset_expiry?: number | undefined;
+}>, {
+    audience_id: string;
+    keyset_id: string;
+    value: string;
+    format: "base64url" | "pem";
+    privacy_level: "private" | "public";
+    key_type: "encryption" | "decryption" | "signing" | "verification";
+    keyset_expiry?: number | undefined;
+}, {
+    audience_id: string;
+    keyset_id: string;
+    value: string;
+    format: "base64url" | "pem";
+    privacy_level: "private" | "public";
+    key_type: "encryption" | "decryption" | "signing" | "verification";
+    keyset_expiry?: number | undefined;
+}>;
+export type JsonSerializedJwtKey = z.infer<typeof jsonSerializedJwtKeySchema>;

package/dist/jwt/jwt_keys/JsonSerializedJwtKey.js

@@ -0,0 +1,38 @@
+// JsonSerializedJwtKey.ts
+import { z } from "zod";
+import { validJwtKeyTypesList } from "./ValidJwtKeyTypes";
+import { apiServerIdSchema } from "@schemavaults/app-definitions";
+import PEMFormat from "./pem-format";
+export const jsonSerializedJwtKeySchema = z
+    .object({
+    audience_id: apiServerIdSchema,
+    keyset_id: z.string().uuid(),
+    keyset_expiry: z.number().nonnegative().optional(),
+    value: z.string().min(1),
+    format: z.enum(["pem", "base64url"]),
+    privacy_level: z.enum(["private", "public"]),
+    key_type: z.enum(validJwtKeyTypesList),
+})
+    .required({
+    audience_id: true,
+    keyset_id: true,
+    value: true,
+    format: true,
+    privacy_level: true,
+    key_type: true,
+})
+    .strict()
+    .refine((key) => {
+    if (key.format === "pem" &&
+        key.privacy_level === "public" &&
+        !PEMFormat.isPemFormat(key.value, "PUBLIC")) {
+        return false;
+    }
+    if (key.format === "pem" &&
+        key.privacy_level === "private" &&
+        !PEMFormat.isPemFormat(key.value, "PRIVATE")) {
+        return false;
+    }
+    return true;
+}, "Mismatch between 'privacy_level' and header of PEM-formatted key");
+//# sourceMappingURL=JsonSerializedJwtKey.js.map

package/dist/jwt/jwt_keys/JsonSerializedJwtKey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JsonSerializedJwtKey.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/JsonSerializedJwtKey.ts"],"names":[],"mappings":"AAAA,0BAA0B;AAE1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,SAAS,MAAM,cAAc,CAAC;AAErC,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC;KACxC,MAAM,CAAC;IACN,WAAW,EAAE,iBAAiB;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IAC5B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAClD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACpC,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC;CACvC,CAAC;KACD,QAAQ,CAAC;IACR,WAAW,EAAE,IAAI;IACjB,SAAS,EAAE,IAAI;IACf,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,aAAa,EAAE,IAAI;IACnB,QAAQ,EAAE,IAAI;CACf,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CAAC,CAAC,GAAG,EAAW,EAAE;IACvB,IACE,GAAG,CAAC,MAAM,KAAK,KAAK;QACpB,GAAG,CAAC,aAAa,KAAK,QAAQ;QAC9B,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,CAAC,EAC3C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IACE,GAAG,CAAC,MAAM,KAAK,KAAK;QACpB,GAAG,CAAC,aAAa,KAAK,SAAS;QAC/B,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,EAC5C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,EAAE,kEAAkE,CAAC,CAAC"}

package/dist/jwt/jwt_keys/SigningKeyPairFactory.d.ts

@@ -0,0 +1,14 @@
+import AbstractBaseKeyPairFactory from "./AbstractBaseKeyPairFactory";
+export interface SigningKeyPairFactoryOptions {
+    debug?: boolean;
+}
+/**
+ * @name SigningKeyPairFactory
+ * @see SigningKeyPairFactory.generate()
+ * @description Generates a signing/verifier RSA256 key pair
+ */
+export declare class SigningKeyPairFactory extends AbstractBaseKeyPairFactory {
+    private static generateRsaPemSigningAndVerificationKeyPair;
+    generate(export_method: "base64url" | "pem"): Promise<readonly [privateKey: string, publicKey: string]>;
+}
+export default SigningKeyPairFactory;

package/dist/jwt/jwt_keys/SigningKeyPairFactory.js

@@ -0,0 +1,46 @@
+import AbstractBaseKeyPairFactory from "./AbstractBaseKeyPairFactory";
+/**
+ * @name SigningKeyPairFactory
+ * @see SigningKeyPairFactory.generate()
+ * @description Generates a signing/verifier RSA256 key pair
+ */
+export class SigningKeyPairFactory extends AbstractBaseKeyPairFactory {
+    static async generateRsaPemSigningAndVerificationKeyPair(debug = false) {
+        const keyPair = await crypto.subtle.generateKey({
+            name: "RSASSA-PKCS1-v1_5",
+            modulusLength: 2048,
+            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+            hash: "SHA-256",
+        }, true, ["sign", "verify"]);
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemSigningAndVerificationKeyPair() -> ", {
+                publicKey: keyPair.publicKey,
+                privateKey: keyPair.privateKey,
+            });
+        }
+        const exportedPrivateKey = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+        const exportedPublicKey = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemSigningAndVerificationKeyPair() exported: -> ", {
+                exportedPublicKey,
+                exportedPrivateKey,
+            });
+        }
+        const pemPrivateKey = SigningKeyPairFactory.toPemFormat(exportedPrivateKey, "PRIVATE");
+        const pemPublicKey = SigningKeyPairFactory.toPemFormat(exportedPublicKey, "PUBLIC");
+        if (debug) {
+            console.log("[JWT_Keys] generateRsaPemSigningAndVerificationKeyPair() pem format: -> ", {
+                pemPublicKey,
+                pemPrivateKey,
+            });
+        }
+        return [pemPrivateKey, pemPublicKey];
+    }
+    // Generate base64url-encoded [private, public] RSA key pair
+    async generate(export_method) {
+        const [privateKey, publicKey] = await SigningKeyPairFactory.generateRsaPemSigningAndVerificationKeyPair(this.debug);
+        return SigningKeyPairFactory.exportKeyPair([privateKey, publicKey], export_method);
+    }
+}
+export default SigningKeyPairFactory;
+//# sourceMappingURL=SigningKeyPairFactory.js.map

package/dist/jwt/jwt_keys/SigningKeyPairFactory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SigningKeyPairFactory.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/SigningKeyPairFactory.ts"],"names":[],"mappings":"AAAA,OAAO,0BAA0B,MAAM,8BAA8B,CAAC;AAMtE;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,0BAA0B;IAE3D,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,QAAiB,KAAK;QAGrF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C;YACE,IAAI,EAAE,mBAAmB;YACzB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,IAAI,EAAE,SAAS;SAChB,EACD,IAAI,EACJ,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,8DAA8D,EAAE;gBAC1E,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,kBAAkB,GAAgB,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACnE,OAAO,EACP,OAAO,CAAC,UAAU,CACnB,CAAC;QACF,MAAM,iBAAiB,GAAgB,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAClE,MAAM,EACN,OAAO,CAAC,SAAS,CAClB,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,wEAAwE,EAAE;gBACpF,iBAAiB;gBACjB,kBAAkB;aACnB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,aAAa,GAAW,qBAAqB,CAAC,WAAW,CAC7D,kBAAkB,EAClB,SAAS,CACV,CAAC;QACF,MAAM,YAAY,GAAW,qBAAqB,CAAC,WAAW,CAC5D,iBAAiB,EACjB,QAAQ,CACT,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,0EAA0E,EAAE;gBACtF,YAAY;gBACZ,aAAa;aACd,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,aAAa,EAAE,YAAY,CAGlC,CAAC;IACJ,CAAC;IAED,4DAA4D;IACrD,KAAK,CAAC,QAAQ,CACnB,aAAkC;QAElC,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,MAAM,qBAAqB,CAAC,2CAA2C,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEpH,OAAO,qBAAqB,CAAC,aAAa,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;IACrF,CAAC;CACF;AAED,eAAe,qBAAqB,CAAC"}

package/dist/jwt/jwt_keys/ValidJwtKeyTypes.d.ts

@@ -0,0 +1,4 @@
+export declare const validJwtKeyTypesList: readonly ["encryption", "decryption", "signing", "verification"];
+export type JwtKeyType = typeof validJwtKeyTypesList[number];
+export declare const validJwtKeyTypesSet: Set<JwtKeyType>;
+export declare function isValidJwtKeyType(value: string): value is JwtKeyType;

package/dist/jwt/jwt_keys/ValidJwtKeyTypes.js

@@ -0,0 +1,7 @@
+// ValidJwtKeyTypes.ts
+export const validJwtKeyTypesList = ['encryption', 'decryption', 'signing', 'verification'];
+export const validJwtKeyTypesSet = new Set(validJwtKeyTypesList);
+export function isValidJwtKeyType(value) {
+    return validJwtKeyTypesSet.has(value);
+}
+//# sourceMappingURL=ValidJwtKeyTypes.js.map

package/dist/jwt/jwt_keys/ValidJwtKeyTypes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ValidJwtKeyTypes.js","sourceRoot":"","sources":["../../../src/jwt/jwt_keys/ValidJwtKeyTypes.ts"],"names":[],"mappings":"AAAA,sBAAsB;AAEtB,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,cAAc,CAAsC,CAAC;AAIjI,MAAM,CAAC,MAAM,mBAAmB,GAAoB,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAElF,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAQ,mBAAyD,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC/E,CAAC"}

package/dist/jwt/jwt_keys/generate_new_jwt_keyset.d.ts

@@ -0,0 +1,21 @@
+import JWT_Keys from "./jwt_keys";
+/**
+ * @name generateJwtSigningKeyPair
+ * @param debug Enable additional debug logging
+ * @returns A PKCS8 and SPKI formatted RS256 key pair
+ */
+export declare function generateJwtSigningKeyPair(debug?: boolean): Promise<[private_key: string, public_key: string]>;
+/**
+ * @name generateJwtContentEncryptionKeyPair()
+ * @param debug Enable additional debug logging
+ * @returns 256-bit base64url-encoded content encryption key (string)
+ */
+export declare function generateJwtContentEncryptionKeyPair(debug?: boolean): Promise<[private_key: string, public_key: string]>;
+export interface IGenerateNewJwtKeySetOpts {
+    audience_id: string;
+    keyset_id?: string;
+    keyset_expiry?: number;
+    debug?: boolean;
+}
+export declare function generateNewJwtKeySet(opts: IGenerateNewJwtKeySetOpts): Promise<JWT_Keys>;
+export default generateNewJwtKeySet;