@sphereon/ssi-sdk-ext.key-manager 0.24.1-unstable.112 → 0.24.1-unstable.114
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/SphereonKeyManager.d.ts +6 -3
- package/dist/agent/SphereonKeyManager.d.ts.map +1 -1
- package/dist/agent/SphereonKeyManager.js +20 -10
- package/dist/agent/SphereonKeyManager.js.map +1 -1
- package/dist/ssi-sdk-ext.key-manager.d.ts +10 -3
- package/dist/types/ISphereonKeyManager.d.ts +5 -2
- package/dist/types/ISphereonKeyManager.d.ts.map +1 -1
- package/dist/types/ISphereonKeyManager.js.map +1 -1
- package/package.json +4 -4
- package/plugin.schema.json +9 -0
- package/src/agent/SphereonKeyManager.ts +26 -15
- package/src/types/ISphereonKeyManager.ts +7 -2
|
@@ -3,13 +3,16 @@ import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyM
|
|
|
3
3
|
import { IKeyManagerGetArgs, ISphereonKeyManager, ISphereonKeyManagerCreateArgs, ISphereonKeyManagerHandleExpirationsArgs, ISphereonKeyManagerSignArgs, ISphereonKeyManagerVerifyArgs } from '../types/ISphereonKeyManager';
|
|
4
4
|
export declare const sphereonKeyManagerMethods: Array<string>;
|
|
5
5
|
export declare class SphereonKeyManager extends VeramoKeyManager {
|
|
6
|
-
private
|
|
7
|
-
private readonly
|
|
8
|
-
readonly
|
|
6
|
+
private kmsStore;
|
|
7
|
+
private readonly availableKmses;
|
|
8
|
+
readonly defaultKms: string;
|
|
9
|
+
readonly kmsMethods: ISphereonKeyManager;
|
|
9
10
|
constructor(options: {
|
|
10
11
|
store: AbstractKeyStore;
|
|
11
12
|
kms: Record<string, AbstractKeyManagementSystem>;
|
|
13
|
+
defaultKms?: string;
|
|
12
14
|
});
|
|
15
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
13
16
|
keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
|
|
14
17
|
keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
|
|
15
18
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAe,cAAc,EAAE,MAAM,cAAc,CAAA;AAChE,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAe,cAAc,EAAE,MAAM,cAAc,CAAA;AAChE,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAGnH,OAAO,EAEL,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,EAC7B,wCAAwC,EACxC,2BAA2B,EAC3B,6BAA6B,EAC9B,MAAM,8BAA8B,CAAA;AAErC,eAAO,MAAM,yBAAyB,EAAE,KAAK,CAAC,MAAM,CASnD,CAAA;AAED,qBAAa,kBAAmB,SAAQ,gBAAgB;IAEtD,OAAO,CAAC,QAAQ,CAAkB;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6C;IAC5E,SAAgB,UAAU,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,UAAU,EAAE,mBAAmB,CAAA;gBAE5B,OAAO,EAAE;QAAE,KAAK,EAAE,gBAAgB,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAevH,uCAAuC,IAAI,OAAO,CAAC,MAAM,CAAC;IAI3C,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,cAAc,CAAC;IAyBvF,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC;IAUlE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC;IAevE,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/C,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAiBjH,OAAO,CAAC,YAAY;IASd,aAAa,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;CAmBhE"}
|
|
@@ -35,8 +35,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
35
35
|
exports.SphereonKeyManager = exports.sphereonKeyManagerMethods = void 0;
|
|
36
36
|
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
37
37
|
const key_manager_1 = require("@veramo/key-manager");
|
|
38
|
-
const ISphereonKeyManager_1 = require("../types/ISphereonKeyManager");
|
|
39
38
|
const u8a = __importStar(require("uint8arrays"));
|
|
39
|
+
const ISphereonKeyManager_1 = require("../types/ISphereonKeyManager");
|
|
40
40
|
exports.sphereonKeyManagerMethods = [
|
|
41
41
|
'keyManagerCreate',
|
|
42
42
|
'keyManagerGet',
|
|
@@ -44,17 +44,27 @@ exports.sphereonKeyManagerMethods = [
|
|
|
44
44
|
'keyManagerSign',
|
|
45
45
|
'keyManagerVerify',
|
|
46
46
|
'keyManagerListKeys',
|
|
47
|
+
'keyManagerGetDefaultKeyManagementSystem',
|
|
47
48
|
'keyManagerHandleExpirations',
|
|
48
49
|
];
|
|
49
50
|
class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
50
51
|
constructor(options) {
|
|
52
|
+
var _a;
|
|
51
53
|
super({ store: options.store, kms: options.kms });
|
|
52
|
-
this.
|
|
53
|
-
this.
|
|
54
|
+
this.kmsStore = options.store;
|
|
55
|
+
this.availableKmses = options.kms;
|
|
56
|
+
this.defaultKms = (_a = options.defaultKms) !== null && _a !== void 0 ? _a : Object.keys(this.availableKmses)[0];
|
|
57
|
+
if (!Object.keys(this.availableKmses).includes(this.defaultKms)) {
|
|
58
|
+
throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`);
|
|
59
|
+
}
|
|
54
60
|
const methods = this.methods;
|
|
55
61
|
methods.keyManagerVerify = this.keyManagerVerify.bind(this);
|
|
56
62
|
methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
|
|
57
|
-
|
|
63
|
+
methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
|
|
64
|
+
this.kmsMethods = methods;
|
|
65
|
+
}
|
|
66
|
+
keyManagerGetDefaultKeyManagementSystem() {
|
|
67
|
+
return Promise.resolve(this.defaultKms);
|
|
58
68
|
}
|
|
59
69
|
keyManagerCreate(args) {
|
|
60
70
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -69,7 +79,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
69
79
|
const key = Object.assign(Object.assign({}, partialKey), { kms: args.kms });
|
|
70
80
|
key.meta = Object.assign(Object.assign({}, meta), key.meta);
|
|
71
81
|
key.meta.jwkThumbprint = (_d = key.meta.jwkThumbprint) !== null && _d !== void 0 ? _d : (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key });
|
|
72
|
-
yield this.
|
|
82
|
+
yield this.kmsStore.import(key);
|
|
73
83
|
if (key.privateKeyHex) {
|
|
74
84
|
// Make sure to not export the private key
|
|
75
85
|
delete key.privateKeyHex;
|
|
@@ -83,10 +93,10 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
83
93
|
keyManagerSign: { get: () => super.keyManagerSign }
|
|
84
94
|
});
|
|
85
95
|
return __awaiter(this, void 0, void 0, function* () {
|
|
86
|
-
const keyInfo = (yield this.
|
|
96
|
+
const keyInfo = (yield this.kmsStore.get({ kid: args.keyRef }));
|
|
87
97
|
const kms = this.getKmsByName(keyInfo.kms);
|
|
88
98
|
if (keyInfo.type === 'Bls12381G2') {
|
|
89
|
-
return yield kms.sign({ keyRef: keyInfo, data:
|
|
99
|
+
return yield kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? u8a.fromString(args.data) : args.data });
|
|
90
100
|
}
|
|
91
101
|
// @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
|
|
92
102
|
return yield _super.keyManagerSign.call(this, args);
|
|
@@ -110,7 +120,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
110
120
|
}
|
|
111
121
|
keyManagerListKeys() {
|
|
112
122
|
return __awaiter(this, void 0, void 0, function* () {
|
|
113
|
-
return this.
|
|
123
|
+
return this.kmsStore.list({});
|
|
114
124
|
});
|
|
115
125
|
}
|
|
116
126
|
keyManagerHandleExpirations(args) {
|
|
@@ -133,7 +143,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
133
143
|
});
|
|
134
144
|
}
|
|
135
145
|
getKmsByName(name) {
|
|
136
|
-
const kms = this.
|
|
146
|
+
const kms = this.availableKmses[name];
|
|
137
147
|
if (!kms) {
|
|
138
148
|
throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
|
|
139
149
|
}
|
|
@@ -143,7 +153,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
143
153
|
keyManagerGet(_a) {
|
|
144
154
|
return __awaiter(this, arguments, void 0, function* ({ kid }) {
|
|
145
155
|
try {
|
|
146
|
-
const key = yield this.
|
|
156
|
+
const key = yield this.kmsStore.get({ kid });
|
|
147
157
|
return key;
|
|
148
158
|
}
|
|
149
159
|
catch (e) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2EAAgH;AAEhH,qDAAmH;
|
|
1
|
+
{"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2EAAgH;AAEhH,qDAAmH;AAEnH,iDAAkC;AAClC,sEAQqC;AAExB,QAAA,yBAAyB,GAAkB;IACtD,kBAAkB;IAClB,eAAe;IACf,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,oBAAoB;IACpB,yCAAyC;IACzC,6BAA6B;CAC9B,CAAA;AAED,MAAa,kBAAmB,SAAQ,wBAAgB;IAOtD,YAAY,OAA2G;;QACrH,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAA;QAC7B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAA;QACjC,IAAI,CAAC,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAChE,MAAM,KAAK,CAAC,2EAA2E,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACtI,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAC5B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3D,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,OAAO,CAAC,uCAAuC,GAAG,IAAI,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzG,IAAI,CAAC,UAAU,GAAkC,OAAQ,CAAA;IAC3D,CAAC;IAED,uCAAuC;QACrC,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACzC,CAAC;IAEc,gBAAgB,CAAC,IAAmC;;;YACjE,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,IAAI,mCAAqB,IAAI,CAAC,IAAI,GAAK,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAE,CAAA;YACjF,IAAI,IAAA,mCAAa,EAAC,IAAI,CAAC,KAAI,MAAA,IAAI,CAAC,IAAI,0CAAE,SAAS,CAAA,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,UAAU,0CAAE,WAAW,CAAA,EAAE,CAAC;gBACtF,qDAAqD;gBACrD,IAAI,CAAC,IAAI,mCACJ,IAAI,CAAC,IAAI,KACZ,UAAU,kCAAO,MAAA,IAAI,CAAC,IAAI,0CAAE,UAAU,KAAE,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAC1F,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;YACjE,MAAM,GAAG,mCAAc,UAAU,KAAE,GAAG,EAAE,IAAI,CAAC,GAAG,GAAE,CAAA;YAClD,GAAG,CAAC,IAAI,mCAAQ,IAAI,GAAK,GAAG,CAAC,IAAI,CAAE,CAAA;YACnC,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,MAAA,GAAG,CAAC,IAAI,CAAC,aAAa,mCAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;YAExF,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,0CAA0C;gBAC1C,OAAO,GAAG,CAAC,aAAa,CAAA;YAC1B,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED,8EAA8E;IAExE,cAAc,CAAC,IAAiC;;;;;YACpD,MAAM,OAAO,GAAS,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAS,CAAA;YAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAC1C,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClC,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;YACzH,CAAC;YACD,qHAAqH;YACrH,OAAO,MAAM,OAAM,cAAc,YAAC,IAAI,CAAC,CAAA;QACzC,CAAC;KAAA;IAEK,gBAAgB,CAAC,IAAmC;;YACxD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvC,IAAI,GAAG,IAAI,QAAQ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC/D,aAAa;oBACb,OAAO,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBAC/B,CAAC;YACH,CAAC;YACD,OAAO,MAAM,IAAA,iDAAyB,EAAC;gBACrC,GAAG,EAAE,IAAA,6BAAK,EAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC;gBACxC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;aACnD,CAAC,CAAA;QACJ,CAAC;KAAA;IAEK,kBAAkB;;YACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC/B,CAAC;KAAA;IAEK,2BAA2B,CAAC,IAA8C;;YAC9E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;YAC5C,MAAM,WAAW,GAAG,IAAI;iBACrB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;iBACxC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;;gBACd,IAAI,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,KAAI,MAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,IAAI,0CAAE,UAAU,CAAA,EAAE,CAAC;oBAC1D,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAA;oBAC3C,OAAO,CAAC,CAAC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;gBACzF,CAAC;gBACD,OAAO,KAAK,CAAA;YACd,CAAC,CAAC,CAAA;YACJ,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YACtF,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;KAAA;IAEO,YAAY,CAAC,IAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,KAAK,CAAC,iFAAiF,IAAI,GAAG,CAAC,CAAA;QACvG,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,+GAA+G;IACzG,aAAa;6DAAC,EAAE,GAAG,EAAsB;YAC7C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBAC5C,OAAO,GAAG,CAAA;YACZ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,GAAqB,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;gBAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,CAAC,GAAG,EAAE,EAAE;;oBACN,OAAA,GAAG,CAAC,YAAY,KAAK,GAAG;wBACxB,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,MAAK,GAAG;wBAC/B,CAAC,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,KAAI,IAAI,IAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,CAAA;iBAAA,CACrF,CAAA;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,QAAgB,CAAA;gBACzB,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,YAAY,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;KAAA;CACF;AA7HD,gDA6HC"}
|
|
@@ -64,6 +64,10 @@ export declare interface ISphereonKeyManager extends IKeyManager, IPluginMethodM
|
|
|
64
64
|
*/
|
|
65
65
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
66
66
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
|
|
67
|
+
/**
|
|
68
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
69
|
+
*/
|
|
70
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
67
71
|
/**
|
|
68
72
|
* Set keys to expired and remove keys eligible for deletion.
|
|
69
73
|
* @param args
|
|
@@ -125,13 +129,16 @@ export declare type PartialKey = ManagedKeyInfo & {
|
|
|
125
129
|
export declare const schema: any;
|
|
126
130
|
|
|
127
131
|
export declare class SphereonKeyManager extends KeyManager {
|
|
128
|
-
private
|
|
129
|
-
private readonly
|
|
130
|
-
readonly
|
|
132
|
+
private kmsStore;
|
|
133
|
+
private readonly availableKmses;
|
|
134
|
+
readonly defaultKms: string;
|
|
135
|
+
readonly kmsMethods: ISphereonKeyManager;
|
|
131
136
|
constructor(options: {
|
|
132
137
|
store: AbstractKeyStore;
|
|
133
138
|
kms: Record<string, AbstractKeyManagementSystem>;
|
|
139
|
+
defaultKms?: string;
|
|
134
140
|
});
|
|
141
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
135
142
|
keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
|
|
136
143
|
keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
|
|
137
144
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import { IPluginMethodMap, KeyMetadata, MinimalImportableKey, TKeyType
|
|
2
|
-
import { ManagedKeyInfo } from '@veramo/core';
|
|
1
|
+
import { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
|
|
3
2
|
export type PartialKey = ManagedKeyInfo & {
|
|
4
3
|
privateKeyHex: string;
|
|
5
4
|
};
|
|
@@ -15,6 +14,10 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
|
|
|
15
14
|
*/
|
|
16
15
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
17
16
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
|
|
17
|
+
/**
|
|
18
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
19
|
+
*/
|
|
20
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
18
21
|
/**
|
|
19
22
|
* Set keys to expired and remove keys eligible for deletion.
|
|
20
23
|
* @param args
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,WAAW,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAE9I,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnE,MAAM,WAAW,mBAAoB,SAAQ,WAAW,EAAE,gBAAgB;IACxE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAE1E,gBAAgB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAEhE,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAElE;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvE,kBAAkB,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;IAEpD;;OAEG;IAEH,uCAAuC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IAE1D;;;OAGG;IACH,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;CAC5G;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAEnB;;OAEG;IACH,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,IAAI,CAAA;QACjB,WAAW,CAAC,EAAE,IAAI,CAAA;KACnB,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,WAAW,6BAA6B;IAC5C;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAA;IAEd;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;IAElB;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;CACnB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI;IAAE,IAAI,CAAC,EAAE,WAAW,CAAA;CAAE,CAE3E;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AAEH,MAAM,WAAW,2BAA4B,SAAQ,mBAAmB;IACtE;;OAEG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,CAAA;CAC1B;AAED,MAAM,WAAW,wCAAwC;IACvD,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,6BAA6B;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,UAAU,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,SAAS,8BAA+B,CAAC,GAAG,SAAS,gBAAsC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":";;;AA2EA,SAAgB,aAAa,CAAC,MAAW;IACvC,OAAO,MAAQ,IAAI,MAAM,IAAI,MAAM,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,IAAI,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AACpG,CAAC;AAFD,sCAEC;AAiDM,MAAM,SAAS,GAAG,CAAoB,MAAqB,EAAe,EAAE,CAAC,MAAM,KAAK,SAAS,CAAA;AAA3F,QAAA,SAAS,aAAkF"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.key-manager",
|
|
3
3
|
"description": "Sphereon Key Manager plugin with BLS support",
|
|
4
|
-
"version": "0.24.1-unstable.
|
|
4
|
+
"version": "0.24.1-unstable.114+708742c",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
},
|
|
22
22
|
"devDependencies": {
|
|
23
23
|
"@mattrglobal/bbs-signatures": "^1.3.1",
|
|
24
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.
|
|
25
|
-
"@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.
|
|
24
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.114+708742c",
|
|
25
|
+
"@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.114+708742c",
|
|
26
26
|
"@sphereon/ssi-sdk.dev": "0.29.1-unstable.161"
|
|
27
27
|
},
|
|
28
28
|
"resolutions": {
|
|
@@ -47,5 +47,5 @@
|
|
|
47
47
|
"kms",
|
|
48
48
|
"Veramo"
|
|
49
49
|
],
|
|
50
|
-
"gitHead": "
|
|
50
|
+
"gitHead": "708742c013bc9e8cff9217e1eaff746ae0f8af00"
|
|
51
51
|
}
|
package/plugin.schema.json
CHANGED
|
@@ -365,6 +365,15 @@
|
|
|
365
365
|
"$ref": "#/components/schemas/PartialKey"
|
|
366
366
|
}
|
|
367
367
|
},
|
|
368
|
+
"keyManagerGetDefaultKeyManagementSystem": {
|
|
369
|
+
"description": "Get the KMS registered as default. Handy when no explicit KMS is provided for a function",
|
|
370
|
+
"arguments": {
|
|
371
|
+
"type": "object"
|
|
372
|
+
},
|
|
373
|
+
"returnType": {
|
|
374
|
+
"type": "string"
|
|
375
|
+
}
|
|
376
|
+
},
|
|
368
377
|
"keyManagerHandleExpirations": {
|
|
369
378
|
"description": "Set keys to expired and remove keys eligible for deletion.",
|
|
370
379
|
"arguments": {
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { calculateJwkThumbprintForKey, toJwk, verifySignatureWithSubtle } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
2
2
|
import { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'
|
|
3
3
|
import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'
|
|
4
|
+
|
|
5
|
+
import * as u8a from 'uint8arrays'
|
|
4
6
|
import {
|
|
5
7
|
hasKeyOptions,
|
|
6
8
|
IKeyManagerGetArgs,
|
|
@@ -11,8 +13,6 @@ import {
|
|
|
11
13
|
ISphereonKeyManagerVerifyArgs,
|
|
12
14
|
} from '../types/ISphereonKeyManager'
|
|
13
15
|
|
|
14
|
-
import * as u8a from 'uint8arrays'
|
|
15
|
-
|
|
16
16
|
export const sphereonKeyManagerMethods: Array<string> = [
|
|
17
17
|
'keyManagerCreate',
|
|
18
18
|
'keyManagerGet',
|
|
@@ -20,23 +20,34 @@ export const sphereonKeyManagerMethods: Array<string> = [
|
|
|
20
20
|
'keyManagerSign',
|
|
21
21
|
'keyManagerVerify',
|
|
22
22
|
'keyManagerListKeys',
|
|
23
|
+
'keyManagerGetDefaultKeyManagementSystem',
|
|
23
24
|
'keyManagerHandleExpirations',
|
|
24
25
|
]
|
|
25
26
|
|
|
26
27
|
export class SphereonKeyManager extends VeramoKeyManager {
|
|
27
28
|
// local store reference, given the superclass store is private, and we need additional functions/calls
|
|
28
|
-
private
|
|
29
|
-
private readonly
|
|
30
|
-
readonly
|
|
29
|
+
private kmsStore: AbstractKeyStore
|
|
30
|
+
private readonly availableKmses: Record<string, AbstractKeyManagementSystem>
|
|
31
|
+
public readonly defaultKms: string
|
|
32
|
+
readonly kmsMethods: ISphereonKeyManager
|
|
31
33
|
|
|
32
|
-
constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem
|
|
34
|
+
constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {
|
|
33
35
|
super({ store: options.store, kms: options.kms })
|
|
34
|
-
this.
|
|
35
|
-
this.
|
|
36
|
+
this.kmsStore = options.store
|
|
37
|
+
this.availableKmses = options.kms
|
|
38
|
+
this.defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]
|
|
39
|
+
if (!Object.keys(this.availableKmses).includes(this.defaultKms)) {
|
|
40
|
+
throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)
|
|
41
|
+
}
|
|
36
42
|
const methods = this.methods
|
|
37
43
|
methods.keyManagerVerify = this.keyManagerVerify.bind(this)
|
|
38
44
|
methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)
|
|
39
|
-
|
|
45
|
+
methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)
|
|
46
|
+
this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string> {
|
|
50
|
+
return Promise.resolve(this.defaultKms)
|
|
40
51
|
}
|
|
41
52
|
|
|
42
53
|
override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {
|
|
@@ -54,7 +65,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
54
65
|
key.meta = { ...meta, ...key.meta }
|
|
55
66
|
key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })
|
|
56
67
|
|
|
57
|
-
await this.
|
|
68
|
+
await this.kmsStore.import(key)
|
|
58
69
|
if (key.privateKeyHex) {
|
|
59
70
|
// Make sure to not export the private key
|
|
60
71
|
delete key.privateKeyHex
|
|
@@ -65,10 +76,10 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
65
76
|
//FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
|
|
66
77
|
|
|
67
78
|
async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {
|
|
68
|
-
const keyInfo: IKey = (await this.
|
|
79
|
+
const keyInfo: IKey = (await this.kmsStore.get({ kid: args.keyRef })) as IKey
|
|
69
80
|
const kms = this.getKmsByName(keyInfo.kms)
|
|
70
81
|
if (keyInfo.type === 'Bls12381G2') {
|
|
71
|
-
return await kms.sign({ keyRef: keyInfo, data:
|
|
82
|
+
return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? u8a.fromString(args.data) : args.data })
|
|
72
83
|
}
|
|
73
84
|
// @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
|
|
74
85
|
return await super.keyManagerSign(args)
|
|
@@ -90,7 +101,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
90
101
|
}
|
|
91
102
|
|
|
92
103
|
async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {
|
|
93
|
-
return this.
|
|
104
|
+
return this.kmsStore.list({})
|
|
94
105
|
}
|
|
95
106
|
|
|
96
107
|
async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {
|
|
@@ -111,7 +122,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
111
122
|
}
|
|
112
123
|
|
|
113
124
|
private getKmsByName(name: string): AbstractKeyManagementSystem {
|
|
114
|
-
const kms = this.
|
|
125
|
+
const kms = this.availableKmses[name]
|
|
115
126
|
if (!kms) {
|
|
116
127
|
throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)
|
|
117
128
|
}
|
|
@@ -121,7 +132,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
121
132
|
//todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
|
|
122
133
|
async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {
|
|
123
134
|
try {
|
|
124
|
-
const key = await this.
|
|
135
|
+
const key = await this.kmsStore.get({ kid })
|
|
125
136
|
return key
|
|
126
137
|
} catch (e) {
|
|
127
138
|
const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import { IPluginMethodMap, KeyMetadata, MinimalImportableKey, TKeyType
|
|
2
|
-
import { ManagedKeyInfo } from '@veramo/core'
|
|
1
|
+
import { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
|
|
3
2
|
|
|
4
3
|
export type PartialKey = ManagedKeyInfo & { privateKeyHex: string }
|
|
5
4
|
|
|
@@ -20,6 +19,12 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
|
|
|
20
19
|
|
|
21
20
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>
|
|
22
21
|
|
|
22
|
+
/**
|
|
23
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
24
|
+
*/
|
|
25
|
+
|
|
26
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>
|
|
27
|
+
|
|
23
28
|
/**
|
|
24
29
|
* Set keys to expired and remove keys eligible for deletion.
|
|
25
30
|
* @param args
|