@shapeshiftoss/hdwallet-native-vault 1.55.2 → 1.55.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +14 -28
- package/dist/index.js.map +1 -1
- package/dist/mapVault.js +42 -105
- package/dist/mapVault.js.map +1 -1
- package/dist/rawVault.js +168 -228
- package/dist/rawVault.js.map +1 -1
- package/dist/test/mockVault.skip.js +73 -129
- package/dist/test/mockVault.skip.js.map +1 -1
- package/dist/types.js +1 -2
- package/dist/util.d.ts +8 -6
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +24 -68
- package/dist/util.js.map +1 -1
- package/dist/vault.js +121 -183
- package/dist/vault.js.map +1 -1
- package/package.json +3 -3
package/dist/rawVault.js
CHANGED
|
@@ -1,241 +1,81 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
-
});
|
|
33
|
-
};
|
|
34
|
-
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
35
|
-
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
36
|
-
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
37
|
-
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
38
|
-
};
|
|
39
|
-
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
40
|
-
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
41
|
-
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
42
|
-
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
43
|
-
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
44
|
-
};
|
|
45
|
-
var _a, _RawVault_machineSeed, _RawVault_keyStore, _RawVault_vaultStore, _RawVault_deriveVaultKey, _RawVault_argonParams, _RawVault_key;
|
|
46
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
47
|
-
exports.RawVault = void 0;
|
|
48
|
-
const core = __importStar(require("@shapeshiftoss/hdwallet-core"));
|
|
49
|
-
const hash_wasm_1 = require("hash-wasm");
|
|
50
|
-
const idb = __importStar(require("idb-keyval"));
|
|
51
|
-
const jose = __importStar(require("jose"));
|
|
52
|
-
const ta = __importStar(require("type-assertions"));
|
|
53
|
-
const uuid = __importStar(require("uuid"));
|
|
54
|
-
const util_1 = require("./util");
|
|
1
|
+
import * as core from "@shapeshiftoss/hdwallet-core";
|
|
2
|
+
import { argon2id } from "hash-wasm";
|
|
3
|
+
import * as idb from "idb-keyval";
|
|
4
|
+
import * as jose from "jose";
|
|
5
|
+
import * as ta from "type-assertions";
|
|
6
|
+
import * as uuid from "uuid";
|
|
7
|
+
import { crypto, encoder, keyStoreUUID, Revocable, revocable, setCrypto, setPerformance, vaultStoreUUID } from "./util";
|
|
55
8
|
// This has to be outside the class so the static initializers for defaultArgonParams and #machineSeed can reference it.
|
|
56
9
|
let resolvers = {};
|
|
57
10
|
ta.assert();
|
|
58
|
-
class RawVault extends
|
|
11
|
+
export class RawVault extends Revocable(Object.freeze(class {
|
|
59
12
|
})) {
|
|
60
|
-
static prepare(
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
13
|
+
//#region static: prepare()
|
|
14
|
+
static defaultArgonParams = new Promise((resolve) => resolvers && (resolvers.defaultArgonParams = resolve));
|
|
15
|
+
// Caching the machine seed also conveniently hides the inability of the fake-indexeddb package to store CryptoKey objects.
|
|
16
|
+
static #machineSeed = new Promise((resolve) => resolvers && (resolvers.machineSeed = resolve));
|
|
17
|
+
static #keyStore = new Promise((resolve) => resolvers && (resolvers.keyStore = resolve));
|
|
18
|
+
static #vaultStore = new Promise((resolve) => resolvers && (resolvers.vaultStore = resolve));
|
|
19
|
+
static async prepare(params) {
|
|
20
|
+
const currentResolvers = resolvers;
|
|
21
|
+
resolvers = undefined;
|
|
22
|
+
if (!currentResolvers) {
|
|
23
|
+
if (params)
|
|
24
|
+
throw new Error("can't call prepare with a parameters object after vault is already prepared");
|
|
25
|
+
return;
|
|
26
|
+
}
|
|
27
|
+
setCrypto(params?.crypto ?? globalThis.crypto);
|
|
28
|
+
setPerformance(params?.performance ?? globalThis.performance);
|
|
29
|
+
currentResolvers.keyStore?.(params?.keyStore ?? idb.createStore(keyStoreUUID, "keyval"));
|
|
30
|
+
currentResolvers.vaultStore?.(params?.vaultStore ?? idb.createStore(vaultStoreUUID, "keyval"));
|
|
31
|
+
currentResolvers.machineSeed?.((await idb.get("machineSeed", await RawVault.#keyStore)) ??
|
|
32
|
+
(await (async () => {
|
|
33
|
+
const machineSeed = await (await crypto).subtle.importKey("raw", await (await crypto).getRandomValues(new Uint8Array(32)), "HKDF", false, [
|
|
76
34
|
"deriveBits",
|
|
77
35
|
"deriveKey",
|
|
78
36
|
]);
|
|
79
|
-
|
|
37
|
+
await idb.set("machineSeed", machineSeed, await RawVault.#keyStore);
|
|
80
38
|
return machineSeed;
|
|
81
|
-
})
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
});
|
|
97
|
-
});
|
|
98
|
-
}
|
|
99
|
-
//#region static: VaultFactory<RawVault>
|
|
100
|
-
static create(password) {
|
|
101
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
102
|
-
return yield _a.open(undefined, password);
|
|
103
|
-
});
|
|
104
|
-
}
|
|
105
|
-
static open(id, password) {
|
|
106
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
107
|
-
yield _a.prepare();
|
|
108
|
-
// eslint-disable-next-line @typescript-eslint/no-shadow
|
|
109
|
-
const factory = (id, argonParams) => __awaiter(this, void 0, void 0, function* () {
|
|
110
|
-
const vaultRevoker = new ((0, util_1.Revocable)(class {
|
|
111
|
-
}))();
|
|
112
|
-
const vault = (0, util_1.revocable)(new _a(id, argonParams), (x) => vaultRevoker.addRevoker(x));
|
|
113
|
-
vault.addRevoker(() => vaultRevoker.revoke());
|
|
114
|
-
return vault;
|
|
115
|
-
});
|
|
116
|
-
const out = yield (() => __awaiter(this, void 0, void 0, function* () {
|
|
117
|
-
if (id !== undefined) {
|
|
118
|
-
const jwe = yield idb.get(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
119
|
-
if (!jwe)
|
|
120
|
-
throw new Error("can't find specified vault");
|
|
121
|
-
const protectedHeader = jose.decodeProtectedHeader(jwe);
|
|
122
|
-
const argonParams = protectedHeader.argon;
|
|
123
|
-
if (!argonParams)
|
|
124
|
-
throw new Error("can't decode vault with missing argon parameters");
|
|
125
|
-
return yield factory(id, Promise.resolve(argonParams));
|
|
126
|
-
}
|
|
127
|
-
else {
|
|
128
|
-
return yield factory(uuid.v4({
|
|
129
|
-
random: yield (yield util_1.crypto).getRandomValues(new Uint8Array(16)),
|
|
130
|
-
}), _a.defaultArgonParams);
|
|
131
|
-
}
|
|
132
|
-
}))();
|
|
133
|
-
if (password !== undefined)
|
|
134
|
-
yield out.setPassword(password);
|
|
135
|
-
return out;
|
|
136
|
-
});
|
|
137
|
-
}
|
|
138
|
-
static list() {
|
|
139
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
140
|
-
yield _a.prepare();
|
|
141
|
-
const out = (yield idb.keys(yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore)))
|
|
142
|
-
.filter((k) => typeof k === "string")
|
|
143
|
-
.map((k) => k);
|
|
144
|
-
return out;
|
|
145
|
-
});
|
|
146
|
-
}
|
|
147
|
-
static meta(id) {
|
|
148
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
149
|
-
yield _a.prepare();
|
|
150
|
-
const jwe = yield idb.get(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
151
|
-
if (!jwe)
|
|
152
|
-
return undefined;
|
|
153
|
-
const meta = jose.decodeProtectedHeader(jwe).meta;
|
|
154
|
-
if (!meta || !core.isIndexable(meta))
|
|
155
|
-
return undefined;
|
|
156
|
-
const out = new Map();
|
|
157
|
-
Object.entries(meta).forEach(([k, v]) => out.set(k, v));
|
|
158
|
-
return out;
|
|
159
|
-
});
|
|
160
|
-
}
|
|
161
|
-
static delete(id) {
|
|
162
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
163
|
-
yield _a.prepare();
|
|
164
|
-
yield idb.del(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
165
|
-
});
|
|
166
|
-
}
|
|
167
|
-
constructor(id, argonParams) {
|
|
168
|
-
super();
|
|
169
|
-
_RawVault_argonParams.set(this, void 0);
|
|
170
|
-
this.meta = new Map();
|
|
171
|
-
_RawVault_key.set(this, void 0);
|
|
172
|
-
this.id = id;
|
|
173
|
-
__classPrivateFieldSet(this, _RawVault_argonParams, argonParams.then((x) => Object.freeze(JSON.parse(JSON.stringify(x)))), "f");
|
|
174
|
-
}
|
|
175
|
-
setPassword(password) {
|
|
176
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
177
|
-
__classPrivateFieldSet(this, _RawVault_key, yield __classPrivateFieldGet(_a, _a, "m", _RawVault_deriveVaultKey).call(_a, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_machineSeed), this.id, yield __classPrivateFieldGet(this, _RawVault_argonParams, "f"), password, (x) => this.addRevoker(x)), "f");
|
|
178
|
-
return this;
|
|
179
|
-
});
|
|
180
|
-
}
|
|
181
|
-
load(deserialize) {
|
|
182
|
-
var _b;
|
|
183
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
184
|
-
if (!__classPrivateFieldGet(this, _RawVault_key, "f"))
|
|
185
|
-
throw new Error("can't load vault until key is set");
|
|
186
|
-
const jwe = yield idb.get(this.id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
187
|
-
if (!jwe)
|
|
188
|
-
throw new Error("can't load missing vault");
|
|
189
|
-
const decryptResult = yield jose.flattenedDecrypt(jwe, __classPrivateFieldGet(this, _RawVault_key, "f"), {
|
|
190
|
-
keyManagementAlgorithms: ["A256KW"],
|
|
191
|
-
contentEncryptionAlgorithms: ["A256GCM"],
|
|
192
|
-
});
|
|
193
|
-
this.meta.clear();
|
|
194
|
-
const meta = (_b = decryptResult.protectedHeader) === null || _b === void 0 ? void 0 : _b.meta;
|
|
195
|
-
if (core.isIndexable(meta)) {
|
|
196
|
-
Object.entries(meta).forEach(([k, v]) => this.meta.set(k, v));
|
|
197
|
-
}
|
|
198
|
-
yield deserialize(decryptResult.plaintext);
|
|
199
|
-
return this;
|
|
39
|
+
})()));
|
|
40
|
+
currentResolvers.defaultArgonParams?.((await idb.get("defaultArgonParams", await RawVault.#keyStore)) ?? {
|
|
41
|
+
then: (onfulfilled, onrejected) => {
|
|
42
|
+
return (async () => {
|
|
43
|
+
// For more details on parameter selection, see:
|
|
44
|
+
// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#section-4
|
|
45
|
+
const out = {
|
|
46
|
+
parallelism: 1,
|
|
47
|
+
memorySize: 32 * 1024,
|
|
48
|
+
iterations: 16,
|
|
49
|
+
};
|
|
50
|
+
await idb.set("defaultArgonParams", out, await RawVault.#keyStore);
|
|
51
|
+
return out;
|
|
52
|
+
})().then(onfulfilled, onrejected);
|
|
53
|
+
},
|
|
200
54
|
});
|
|
201
55
|
}
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
const jwe = yield new jose.FlattenedEncrypt(payload)
|
|
209
|
-
.setProtectedHeader({
|
|
210
|
-
alg: "A256KW",
|
|
211
|
-
enc: "A256GCM",
|
|
212
|
-
argon: yield __classPrivateFieldGet(this, _RawVault_argonParams, "f"),
|
|
213
|
-
meta: Array.from(this.meta.entries()).reduce((a, [k, v]) => ((a[k] = v), a), {}),
|
|
214
|
-
})
|
|
215
|
-
.encrypt(__classPrivateFieldGet(this, _RawVault_key, "f"));
|
|
216
|
-
yield idb.set(this.id, jwe, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
217
|
-
return this;
|
|
218
|
-
});
|
|
219
|
-
}
|
|
220
|
-
}
|
|
221
|
-
exports.RawVault = RawVault;
|
|
222
|
-
_a = RawVault, _RawVault_argonParams = new WeakMap(), _RawVault_key = new WeakMap(), _RawVault_deriveVaultKey = function _RawVault_deriveVaultKey(machineSeed, id, argonParams, password,
|
|
223
|
-
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
224
|
-
addRevoker) {
|
|
225
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
226
|
-
const idBuf = util_1.encoder.encode(id);
|
|
227
|
-
const argonSalt = new Uint8Array(yield (yield util_1.crypto).subtle.deriveBits({
|
|
56
|
+
//#endregion
|
|
57
|
+
static async #deriveVaultKey(machineSeed, id, argonParams, password,
|
|
58
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
59
|
+
addRevoker) {
|
|
60
|
+
const idBuf = encoder.encode(id);
|
|
61
|
+
const argonSalt = new Uint8Array(await (await crypto).subtle.deriveBits({
|
|
228
62
|
name: "HKDF",
|
|
229
63
|
hash: "SHA-256",
|
|
230
64
|
salt: idBuf,
|
|
231
|
-
info:
|
|
65
|
+
info: encoder.encode("argonSalt"),
|
|
232
66
|
}, machineSeed, 128));
|
|
233
|
-
const argonKey =
|
|
67
|
+
const argonKey = await argon2id({
|
|
68
|
+
...argonParams,
|
|
69
|
+
password,
|
|
70
|
+
salt: argonSalt,
|
|
71
|
+
hashLength: 32,
|
|
72
|
+
outputType: "binary",
|
|
73
|
+
});
|
|
234
74
|
// It might make more logical sense to use the argon-derived key in the salt field, but both fields provide
|
|
235
75
|
// equivalent security, and using idBuf as the seed in both places permits some optimization by sharing
|
|
236
76
|
// the result of HDKF-Extract between both calculations. (This isn't done right now, and can't be done with
|
|
237
77
|
// the WebCrypto API as it is, but maybe we'll use something else some day.)
|
|
238
|
-
const vaultKey =
|
|
78
|
+
const vaultKey = await (await crypto).subtle.deriveKey({
|
|
239
79
|
name: "HKDF",
|
|
240
80
|
hash: "SHA-256",
|
|
241
81
|
salt: idBuf,
|
|
@@ -247,14 +87,114 @@ addRevoker) {
|
|
|
247
87
|
//TODO: Returning a revocable doesn't work here; WebCrypto in the browser complains about the proxy. Fix this.
|
|
248
88
|
return vaultKey;
|
|
249
89
|
// return revocable(vaultKey, addRevoker);
|
|
250
|
-
}
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
RawVault.
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
90
|
+
}
|
|
91
|
+
//#region static: VaultFactory<RawVault>
|
|
92
|
+
static async create(password) {
|
|
93
|
+
return await RawVault.open(undefined, password);
|
|
94
|
+
}
|
|
95
|
+
static async open(id, password) {
|
|
96
|
+
await RawVault.prepare();
|
|
97
|
+
// eslint-disable-next-line @typescript-eslint/no-shadow
|
|
98
|
+
const factory = async (id, argonParams) => {
|
|
99
|
+
const vaultRevoker = new (Revocable(class {
|
|
100
|
+
}))();
|
|
101
|
+
const vault = revocable(new RawVault(id, argonParams), (x) => vaultRevoker.addRevoker(x));
|
|
102
|
+
vault.addRevoker(() => vaultRevoker.revoke());
|
|
103
|
+
return vault;
|
|
104
|
+
};
|
|
105
|
+
const out = await (async () => {
|
|
106
|
+
if (id !== undefined) {
|
|
107
|
+
const jwe = await idb.get(id, await RawVault.#vaultStore);
|
|
108
|
+
if (!jwe)
|
|
109
|
+
throw new Error("can't find specified vault");
|
|
110
|
+
const protectedHeader = jose.decodeProtectedHeader(jwe);
|
|
111
|
+
const argonParams = protectedHeader.argon;
|
|
112
|
+
if (!argonParams)
|
|
113
|
+
throw new Error("can't decode vault with missing argon parameters");
|
|
114
|
+
return await factory(id, Promise.resolve(argonParams));
|
|
115
|
+
}
|
|
116
|
+
else {
|
|
117
|
+
return await factory(uuid.v4({
|
|
118
|
+
random: await (await crypto).getRandomValues(new Uint8Array(16)),
|
|
119
|
+
}), RawVault.defaultArgonParams);
|
|
120
|
+
}
|
|
121
|
+
})();
|
|
122
|
+
if (password !== undefined)
|
|
123
|
+
await out.setPassword(password);
|
|
124
|
+
return out;
|
|
125
|
+
}
|
|
126
|
+
static async list() {
|
|
127
|
+
await RawVault.prepare();
|
|
128
|
+
const out = (await idb.keys(await RawVault.#vaultStore))
|
|
129
|
+
.filter((k) => typeof k === "string")
|
|
130
|
+
.map((k) => k);
|
|
131
|
+
return out;
|
|
132
|
+
}
|
|
133
|
+
static async meta(id) {
|
|
134
|
+
await RawVault.prepare();
|
|
135
|
+
const jwe = await idb.get(id, await RawVault.#vaultStore);
|
|
136
|
+
if (!jwe)
|
|
137
|
+
return undefined;
|
|
138
|
+
const meta = jose.decodeProtectedHeader(jwe).meta;
|
|
139
|
+
if (!meta || !core.isIndexable(meta))
|
|
140
|
+
return undefined;
|
|
141
|
+
const out = new Map();
|
|
142
|
+
Object.entries(meta).forEach(([k, v]) => out.set(k, v));
|
|
143
|
+
return out;
|
|
144
|
+
}
|
|
145
|
+
static async delete(id) {
|
|
146
|
+
await RawVault.prepare();
|
|
147
|
+
await idb.del(id, await RawVault.#vaultStore);
|
|
148
|
+
}
|
|
149
|
+
//#endregion
|
|
150
|
+
id;
|
|
151
|
+
#argonParams;
|
|
152
|
+
meta = new Map();
|
|
153
|
+
#key;
|
|
154
|
+
constructor(id, argonParams) {
|
|
155
|
+
super();
|
|
156
|
+
this.id = id;
|
|
157
|
+
this.#argonParams = argonParams.then((x) => Object.freeze(JSON.parse(JSON.stringify(x))));
|
|
158
|
+
}
|
|
159
|
+
async setPassword(password) {
|
|
160
|
+
this.#key = await RawVault.#deriveVaultKey(await RawVault.#machineSeed, this.id, await this.#argonParams, password, (x) => this.addRevoker(x));
|
|
161
|
+
return this;
|
|
162
|
+
}
|
|
163
|
+
async load(deserialize) {
|
|
164
|
+
if (!this.#key)
|
|
165
|
+
throw new Error("can't load vault until key is set");
|
|
166
|
+
const jwe = await idb.get(this.id, await RawVault.#vaultStore);
|
|
167
|
+
if (!jwe)
|
|
168
|
+
throw new Error("can't load missing vault");
|
|
169
|
+
const decryptResult = await jose.flattenedDecrypt(jwe, this.#key, {
|
|
170
|
+
keyManagementAlgorithms: ["A256KW"],
|
|
171
|
+
contentEncryptionAlgorithms: ["A256GCM"],
|
|
172
|
+
});
|
|
173
|
+
this.meta.clear();
|
|
174
|
+
const meta = decryptResult.protectedHeader?.meta;
|
|
175
|
+
if (core.isIndexable(meta)) {
|
|
176
|
+
Object.entries(meta).forEach(([k, v]) => this.meta.set(k, v));
|
|
177
|
+
}
|
|
178
|
+
await deserialize(decryptResult.plaintext);
|
|
179
|
+
return this;
|
|
180
|
+
}
|
|
181
|
+
async save(serialize) {
|
|
182
|
+
if (!this.#key)
|
|
183
|
+
throw new Error("can't save vault until key is set");
|
|
184
|
+
const payload = await serialize();
|
|
185
|
+
//TODO: override the rng used by jose to calculate the CEK and IV with the dependency-injected one.
|
|
186
|
+
const jwe = await new jose.FlattenedEncrypt(payload)
|
|
187
|
+
.setProtectedHeader({
|
|
188
|
+
alg: "A256KW",
|
|
189
|
+
enc: "A256GCM",
|
|
190
|
+
argon: await this.#argonParams,
|
|
191
|
+
meta: Array.from(this.meta.entries()).reduce((a, [k, v]) => ((a[k] = v), a), {}),
|
|
192
|
+
})
|
|
193
|
+
.encrypt(this.#key);
|
|
194
|
+
await idb.set(this.id, jwe, await RawVault.#vaultStore);
|
|
195
|
+
return this;
|
|
196
|
+
}
|
|
197
|
+
}
|
|
258
198
|
Object.freeze(RawVault);
|
|
259
199
|
Object.freeze(RawVault.prototype);
|
|
260
200
|
Object.freeze(Object.getPrototypeOf(RawVault));
|
package/dist/rawVault.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rawVault.js","sourceRoot":"","sources":["../src/rawVault.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"rawVault.js","sourceRoot":"","sources":["../src/rawVault.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,8BAA8B,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,GAAG,MAAM,YAAY,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACtC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAG7B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAExH,wHAAwH;AACxH,IAAI,SAAS,GAOG,EAAE,CAAC;AAEnB,EAAE,CAAC,MAAM,EAAwD,CAAC;AAElE,MAAM,OAAO,QAAS,SAAQ,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC;CAAQ,CAAC,CAAC;IAC9D,2BAA2B;IAC3B,MAAM,CAAU,kBAAkB,GAAyB,IAAI,OAAO,CACpE,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,kBAAkB,GAAG,OAAO,CAAC,CACnE,CAAC;IAEF,2HAA2H;IAC3H,MAAM,CAAU,YAAY,GAAuB,IAAI,OAAO,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG,OAAO,CAAC,CAC5D,CAAC;IACF,MAAM,CAAU,SAAS,GAA0B,IAAI,OAAO,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,GAAG,OAAO,CAAC,CACzD,CAAC;IACF,MAAM,CAAU,WAAW,GAA0B,IAAI,OAAO,CAC9D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,GAAG,OAAO,CAAC,CAC3D,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAA2B;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QACnC,SAAS,GAAG,SAAS,CAAC;QACtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,IAAI,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;YAC3G,OAAO;QACT,CAAC;QAED,SAAS,CAAC,MAAM,EAAE,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAC/C,cAAc,CAAC,MAAM,EAAE,WAAW,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC;QAE9D,gBAAgB,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,QAAQ,IAAI,GAAG,CAAC,WAAW,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzF,gBAAgB,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,UAAU,IAAI,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC/F,gBAAgB,CAAC,WAAW,EAAE,CAC5B,CAAC,MAAM,GAAG,CAAC,GAAG,CAAY,aAAa,EAAE,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;YACjE,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,CACxB,MAAM,MAAM,CACb,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,MAAM,CAAC,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE;oBACjG,YAAY;oBACZ,WAAW;iBACZ,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACpE,OAAO,WAAW,CAAC;YACrB,CAAC,CAAC,EAAE,CAAC,CACR,CAAC;QAEF,gBAAgB,CAAC,kBAAkB,EAAE,CACnC,CAAC,MAAM,GAAG,CAAC,GAAG,CAAc,oBAAoB,EAAE,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI;YAC9E,IAAI,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE;gBAChC,OAAO,CAAC,KAAK,IAAI,EAAE;oBACjB,gDAAgD;oBAChD,4EAA4E;oBAC5E,MAAM,GAAG,GAAgB;wBACvB,WAAW,EAAE,CAAC;wBACd,UAAU,EAAE,EAAE,GAAG,IAAI;wBACrB,UAAU,EAAE,EAAE;qBACf,CAAC;oBAEF,MAAM,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,GAAG,EAAE,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;oBAEnE,OAAO,GAAG,CAAC;gBACb,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACrC,CAAC;SACF,CACF,CAAC;IACJ,CAAC;IACD,YAAY;IAEZ,MAAM,CAAC,KAAK,CAAC,eAAe,CAC1B,WAAsB,EACtB,EAAU,EACV,WAAwB,EACxB,QAAgB;IAChB,6DAA6D;IAC7D,UAAwC;QAExC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEjC,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,MAAM,CACJ,MAAM,MAAM,CACb,CAAC,MAAM,CAAC,UAAU,CACjB;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;SAClC,EACD,WAAW,EACX,GAAG,CACJ,CACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC;YAC9B,GAAG,WAAW;YACd,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,UAAU,EAAE,EAAE;YACd,UAAU,EAAE,QAAQ;SACrB,CAAC,CAAC;QAEH,2GAA2G;QAC3G,uGAAuG;QACvG,2GAA2G;QAC3G,4EAA4E;QAC5E,MAAM,QAAQ,GAAG,MAAM,CACrB,MAAM,MAAM,CACb,CAAC,MAAM,CAAC,SAAS,CAChB;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,QAAQ;SACf,EACD,WAAW,EACX;YACE,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,GAAG;SACZ,EACD,KAAK,EACL,CAAC,SAAS,EAAE,WAAW,CAAC,CACzB,CAAC;QAEF,8GAA8G;QAC9G,OAAO,QAAQ,CAAC;QAChB,0CAA0C;IAC5C,CAAC;IAED,wCAAwC;IACxC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAiB;QACnC,OAAO,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAW,EAAE,QAAiB;QAC9C,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QAEzB,wDAAwD;QACxD,MAAM,OAAO,GAAG,KAAK,EAAE,EAAU,EAAE,WAAiC,EAAE,EAAE;YACtE,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC;aAAQ,CAAC,CAAC,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,QAAQ,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1F,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;YAC5B,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;gBACrB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAoB,EAAE,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC7E,IAAI,CAAC,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBACxD,MAAM,eAAe,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;gBACxD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAgC,CAAC;gBACrE,IAAI,CAAC,WAAW;oBAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;gBAEtF,OAAO,MAAM,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;YACzD,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,OAAO,CAClB,IAAI,CAAC,EAAE,CAAC;oBACN,MAAM,EAAE,MAAM,CAAC,MAAM,MAAM,CAAC,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;iBACjE,CAAC,EACF,QAAQ,CAAC,kBAAkB,CAC5B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;QACL,IAAI,QAAQ,KAAK,SAAS;YAAE,MAAM,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC5D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI;QACf,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;aACrD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;aACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAW,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAU;QAC1B,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC1D,IAAI,CAAC,GAAG;YAAE,OAAO,SAAS,CAAC;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QAClD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC;QACvD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAU;QAC5B,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;IACD,YAAY;IAEH,EAAE,CAAS;IACX,YAAY,CAAiC;IAC7C,IAAI,GAAyB,IAAI,GAAG,EAAE,CAAC;IAEhD,IAAI,CAAwB;IAE5B,YAAsB,EAAU,EAAE,WAAiC;QACjE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,IAAI,CAAC,IAAI,GAAG,MAAM,QAAQ,CAAC,eAAe,CACxC,MAAM,QAAQ,CAAC,YAAY,EAC3B,IAAI,CAAC,EAAE,EACP,MAAM,IAAI,CAAC,YAAY,EACvB,QAAQ,EACR,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,WAA6C;QACtD,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/D,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE;YAChE,uBAAuB,EAAE,CAAC,QAAQ,CAAC;YACnC,2BAA2B,EAAE,CAAC,SAAS,CAAC;SACzC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,GAAG,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC;QACjD,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAE3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,SAAoC;QAC7C,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACrE,MAAM,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC;QAClC,mGAAmG;QACnG,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;aACjD,kBAAkB,CAAC;YAClB,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,SAAS;YACd,KAAK,EAAE,MAAM,IAAI,CAAC,YAAY;YAC9B,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAA6B,CAAC;SAC5G,CAAC;aACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;;AAGH,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC"}
|