@sphereon/ssi-sdk-ext.key-manager 0.24.1-unstable.9 → 0.24.1-unstable.90

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/agent/SphereonKeyManager.d.ts +7 -4
  2. package/dist/agent/SphereonKeyManager.d.ts.map +1 -1
  3. package/dist/agent/SphereonKeyManager.js +80 -13
  4. package/dist/agent/SphereonKeyManager.js.map +1 -1
  5. package/dist/ssi-sdk-ext.key-manager.d.ts +57 -20
  6. package/dist/tsdoc-metadata.json +1 -1
  7. package/dist/types/ISphereonKeyManager.d.ts +31 -2
  8. package/dist/types/ISphereonKeyManager.d.ts.map +1 -1
  9. package/dist/types/ISphereonKeyManager.js +7 -0
  10. package/dist/types/ISphereonKeyManager.js.map +1 -1
  11. package/package.json +6 -6
  12. package/plugin.schema.json +66 -19
  13. package/src/__tests__/SphereonKeyManager.test.ts +72 -0
  14. package/src/agent/SphereonKeyManager.ts +88 -16
  15. package/src/types/ISphereonKeyManager.ts +38 -2
package/dist/agent/SphereonKeyManager.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import { KeyManager as VeramoKeyManager, AbstractKeyManagementSystem, AbstractKeyStore } from '@veramo/key-manager';
2
- import { ManagedKeyInfo } from '@veramo/core';
3
- import { ISphereonKeyManager, ISphereonKeyManagerSignArgs, ISphereonKeyManagerVerifyArgs } from '../types/ISphereonKeyManager';
1
+ import { IKey, ManagedKeyInfo } from '@veramo/core';
2
+ import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager';
3
+ import { IKeyManagerGetArgs, ISphereonKeyManager, ISphereonKeyManagerCreateArgs, ISphereonKeyManagerHandleExpirationsArgs, ISphereonKeyManagerSignArgs, ISphereonKeyManagerVerifyArgs } from '../types/ISphereonKeyManager';
4
4
  export declare const sphereonKeyManagerMethods: Array<string>;
5
5
  export declare class SphereonKeyManager extends VeramoKeyManager {
6
6
  private localStore;
@@ -10,9 +10,12 @@ export declare class SphereonKeyManager extends VeramoKeyManager {
10
10
  store: AbstractKeyStore;
11
11
  kms: Record<string, AbstractKeyManagementSystem>;
12
12
  });
13
- private getAvailableKms;
13
+ keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
14
14
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
15
15
  keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
16
16
  keyManagerListKeys(): Promise<ManagedKeyInfo[]>;
17
+ keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>;
18
+ private getKmsByName;
19
+ keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey>;
17
20
  }
18
21
  //# sourceMappingURL=SphereonKeyManager.d.ts.map
package/dist/agent/SphereonKeyManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,gBAAgB,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAEnH,OAAO,EAAQ,cAAc,EAAY,MAAM,cAAc,CAAA;AAE7D,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,6BAA6B,EAAE,MAAM,8BAA8B,CAAA;AAE9H,eAAO,MAAM,yBAAyB,EAAE,KAAK,CAAC,MAAM,CAMnD,CAAA;AAED,qBAAa,kBAAmB,SAAQ,gBAAgB;IACtD,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6C;IAC5E,QAAQ,CAAC,YAAY,EAAE,mBAAmB,CAAA;gBAE9B,OAAO,EAAE;QAAE,KAAK,EAAE,gBAAgB,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;KAAE;IAUlG,OAAO,CAAC,eAAe;IASjB,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC;IAUlE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC;IASvE,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;CAGtD"}
1
+ {"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAe,cAAc,EAAE,MAAM,cAAc,CAAA;AAChE,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACnH,OAAO,EAEL,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,EAC7B,wCAAwC,EACxC,2BAA2B,EAC3B,6BAA6B,EAC9B,MAAM,8BAA8B,CAAA;AAErC,eAAO,MAAM,yBAAyB,EAAE,KAAK,CAAC,MAAM,CAQnD,CAAA;AAED,qBAAa,kBAAmB,SAAQ,gBAAgB;IAEtD,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6C;IAC5E,QAAQ,CAAC,YAAY,EAAE,mBAAmB,CAAA;gBAE9B,OAAO,EAAE;QAAE,KAAK,EAAE,gBAAgB,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAA;KAAE;IAUnF,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,cAAc,CAAC;IAyBvF,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC;IAUlE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC;IASvE,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/C,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAiBjH,OAAO,CAAC,YAAY;IASd,aAAa,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;CAmBhE"}
package/dist/agent/SphereonKeyManager.js CHANGED
@@ -10,14 +10,17 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.SphereonKeyManager = exports.sphereonKeyManagerMethods = void 0;
13
+ const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
13
14
  const key_manager_1 = require("@veramo/key-manager");
14
- const ssi_sdk_ext_kms_local_1 = require("@sphereon/ssi-sdk-ext.kms-local");
15
+ const ISphereonKeyManager_1 = require("../types/ISphereonKeyManager");
15
16
  exports.sphereonKeyManagerMethods = [
16
17
  'keyManagerCreate',
18
+ 'keyManagerGet',
17
19
  'keyManagerImport',
18
20
  'keyManagerSign',
19
21
  'keyManagerVerify',
20
22
  'keyManagerListKeys',
23
+ 'keyManagerHandleExpirations',
21
24
  ];
22
25
  class SphereonKeyManager extends key_manager_1.KeyManager {
23
26
  constructor(options) {
@@ -29,12 +32,26 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
29
32
  methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
30
33
  this.localMethods = methods;
31
34
  }
32
- getAvailableKms(name) {
33
- const kms = this.availableKMSes[name];
34
- if (!kms) {
35
- throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
36
- }
37
- return kms;
35
+ keyManagerCreate(args) {
36
+ return __awaiter(this, void 0, void 0, function* () {
37
+ var _a, _b, _c, _d;
38
+ const kms = this.getKmsByName(args.kms);
39
+ const meta = Object.assign(Object.assign({}, args.meta), (args.opts && { opts: args.opts }));
40
+ if ((0, ISphereonKeyManager_1.hasKeyOptions)(meta) && ((_a = meta.opts) === null || _a === void 0 ? void 0 : _a.ephemeral) && !((_b = meta.opts.expiration) === null || _b === void 0 ? void 0 : _b.removalDate)) {
41
+ // Make sure we set a delete date on an ephemeral key
42
+ meta.opts = Object.assign(Object.assign({}, meta.opts), { expiration: Object.assign(Object.assign({}, (_c = meta.opts) === null || _c === void 0 ? void 0 : _c.expiration), { removalDate: new Date(Date.now() + 5 * 60 * 1000) }) });
43
+ }
44
+ const partialKey = yield kms.createKey({ type: args.type, meta });
45
+ const key = Object.assign(Object.assign({}, partialKey), { kms: args.kms });
46
+ key.meta = Object.assign(Object.assign({}, meta), key.meta);
47
+ key.meta.jwkThumbprint = (_d = key.meta.jwkThumbprint) !== null && _d !== void 0 ? _d : (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key });
48
+ yield this.localStore.import(key);
49
+ if (key.privateKeyHex) {
50
+ // Make sure to not export the private key
51
+ delete key.privateKeyHex;
52
+ }
53
+ return key;
54
+ });
38
55
  }
39
56
  //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
40
57
  keyManagerSign(args) {
@@ -43,18 +60,18 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
43
60
  });
44
61
  return __awaiter(this, void 0, void 0, function* () {
45
62
  const keyInfo = (yield this.localStore.get({ kid: args.keyRef }));
46
- const kms = this.getAvailableKms(keyInfo.kms);
47
- if (keyInfo.type === ssi_sdk_ext_kms_local_1.KeyType.Bls12381G2) {
63
+ const kms = this.getKmsByName(keyInfo.kms);
64
+ if (keyInfo.type === 'Bls12381G2') {
48
65
  return yield kms.sign({ keyRef: keyInfo, data: Uint8Array.from(Buffer.from(args.data)) });
49
66
  }
50
- // @ts-ignore
67
+ // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
51
68
  return yield _super.keyManagerSign.call(this, args);
52
69
  });
53
70
  }
54
71
  keyManagerVerify(args) {
55
72
  return __awaiter(this, void 0, void 0, function* () {
56
- const kms = this.getAvailableKms(args.kms);
57
- if (('verify' in kms && typeof kms.verify === 'function') || kms instanceof ssi_sdk_ext_kms_local_1.SphereonKeyManagementSystem) {
73
+ const kms = this.getKmsByName(args.kms);
74
+ if ('verify' in kms && typeof kms.verify === 'function') {
58
75
  // @ts-ignore
59
76
  return yield kms.verify(args);
60
77
  }
@@ -63,7 +80,57 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
63
80
  }
64
81
  keyManagerListKeys() {
65
82
  return __awaiter(this, void 0, void 0, function* () {
66
- return this.localStore.list({}); // FIXME there are no args it seems
83
+ return this.localStore.list({});
84
+ });
85
+ }
86
+ keyManagerHandleExpirations(args) {
87
+ return __awaiter(this, void 0, void 0, function* () {
88
+ const keys = yield this.keyManagerListKeys();
89
+ const expiredKeys = keys
90
+ .filter((key) => (0, ISphereonKeyManager_1.hasKeyOptions)(key.meta))
91
+ .filter((key) => {
92
+ var _a, _b;
93
+ if ((0, ISphereonKeyManager_1.hasKeyOptions)(key.meta) && ((_b = (_a = key.meta) === null || _a === void 0 ? void 0 : _a.opts) === null || _b === void 0 ? void 0 : _b.expiration)) {
94
+ const expiration = key.meta.opts.expiration;
95
+ return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now());
96
+ }
97
+ return false;
98
+ });
99
+ if (args.skipRemovals !== true) {
100
+ yield Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })));
101
+ }
102
+ return keys;
103
+ });
104
+ }
105
+ getKmsByName(name) {
106
+ const kms = this.availableKMSes[name];
107
+ if (!kms) {
108
+ throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
109
+ }
110
+ return kms;
111
+ }
112
+ //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
113
+ keyManagerGet(_a) {
114
+ return __awaiter(this, arguments, void 0, function* ({ kid }) {
115
+ try {
116
+ const key = yield this.localStore.get({ kid });
117
+ return key;
118
+ }
119
+ catch (e) {
120
+ const keys = yield this.keyManagerListKeys();
121
+ const foundKey = keys.find((key) => {
122
+ var _a, _b;
123
+ return key.publicKeyHex === kid ||
124
+ ((_a = key.meta) === null || _a === void 0 ? void 0 : _a.jwkThumbprint) === kid ||
125
+ (((_b = key.meta) === null || _b === void 0 ? void 0 : _b.jwkThumbprint) == null && (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key }) === kid);
126
+ });
127
+ if (foundKey) {
128
+ return foundKey;
129
+ }
130
+ else {
131
+ throw new Error(`Key with kid ${kid} not found`);
132
+ }
133
+ }
67
134
  });
68
135
  }
69
136
  }
package/dist/agent/SphereonKeyManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAmH;AAGnH,2EAAsF;AAGzE,QAAA,yBAAyB,GAAkB;IACtD,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,oBAAoB;CACrB,CAAA;AAED,MAAa,kBAAmB,SAAQ,wBAAgB;IAKtD,YAAY,OAAsF;QAChG,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,KAAK,CAAA;QAC/B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAA;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAC5B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3D,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,IAAI,CAAC,YAAY,GAAkC,OAAQ,CAAA;IAC7D,CAAC;IAEO,eAAe,CAAC,IAAY;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,KAAK,CAAC,iFAAiF,IAAI,GAAG,CAAC,CAAA;QACvG,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,8EAA8E;IACxE,cAAc,CAAC,IAAiC;;;;;YACpD,MAAM,OAAO,GAAS,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAS,CAAA;YAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAC7C,IAAI,OAAO,CAAC,IAAI,KAAe,+BAAO,CAAC,UAAU,EAAE,CAAC;gBAClD,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAA;YAC3F,CAAC;YACD,aAAa;YACb,OAAO,MAAM,OAAM,cAAc,YAAC,IAAI,CAAC,CAAA;QACzC,CAAC;KAAA;IAEK,gBAAgB,CAAC,IAAmC;;YACxD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAC1C,IAAI,CAAC,QAAQ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,CAAC,IAAI,GAAG,YAAY,mDAA2B,EAAE,CAAC;gBACxG,aAAa;gBACb,OAAO,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YAC/B,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,GAAG,gCAAgC,CAAC,CAAA;QACzD,CAAC;KAAA;IAEK,kBAAkB;;YACtB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA,CAAC,mCAAmC;QACrE,CAAC;KAAA;CACF;AA9CD,gDA8CC"}
1
+ {"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2EAA8E;AAE9E,qDAAmH;AACnH,sEAQqC;AAExB,QAAA,yBAAyB,GAAkB;IACtD,kBAAkB;IAClB,eAAe;IACf,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,oBAAoB;IACpB,6BAA6B;CAC9B,CAAA;AAED,MAAa,kBAAmB,SAAQ,wBAAgB;IAMtD,YAAY,OAAsF;QAChG,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACjD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,KAAK,CAAA;QAC/B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAA;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAC5B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3D,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,IAAI,CAAC,YAAY,GAAkC,OAAQ,CAAA;IAC7D,CAAC;IAEc,gBAAgB,CAAC,IAAmC;;;YACjE,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,IAAI,mCAAqB,IAAI,CAAC,IAAI,GAAK,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAE,CAAA;YACjF,IAAI,IAAA,mCAAa,EAAC,IAAI,CAAC,KAAI,MAAA,IAAI,CAAC,IAAI,0CAAE,SAAS,CAAA,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,UAAU,0CAAE,WAAW,CAAA,EAAE,CAAC;gBACtF,qDAAqD;gBACrD,IAAI,CAAC,IAAI,mCACJ,IAAI,CAAC,IAAI,KACZ,UAAU,kCAAO,MAAA,IAAI,CAAC,IAAI,0CAAE,UAAU,KAAE,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAC1F,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;YACjE,MAAM,GAAG,mCAAc,UAAU,KAAE,GAAG,EAAE,IAAI,CAAC,GAAG,GAAE,CAAA;YAClD,GAAG,CAAC,IAAI,mCAAQ,IAAI,GAAK,GAAG,CAAC,IAAI,CAAE,CAAA;YACnC,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,MAAA,GAAG,CAAC,IAAI,CAAC,aAAa,mCAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;YAExF,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YACjC,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,0CAA0C;gBAC1C,OAAO,GAAG,CAAC,aAAa,CAAA;YAC1B,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED,8EAA8E;IAExE,cAAc,CAAC,IAAiC;;;;;YACpD,MAAM,OAAO,GAAS,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAS,CAAA;YAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAC1C,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClC,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAA;YAC3F,CAAC;YACD,qHAAqH;YACrH,OAAO,MAAM,OAAM,cAAc,YAAC,IAAI,CAAC,CAAA;QACzC,CAAC;KAAA;IAEK,gBAAgB,CAAC,IAAmC;;YACxD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,QAAQ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBACxD,aAAa;gBACb,OAAO,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YAC/B,CAAC;YACD,MAAM,KAAK,CAAC,OAAO,GAAG,gCAAgC,CAAC,CAAA;QACzD,CAAC;KAAA;IAEK,kBAAkB;;YACtB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,CAAC;KAAA;IAEK,2BAA2B,CAAC,IAA8C;;YAC9E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;YAC5C,MAAM,WAAW,GAAG,IAAI;iBACrB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;iBACxC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;;gBACd,IAAI,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,KAAI,MAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,IAAI,0CAAE,UAAU,CAAA,EAAE,CAAC;oBAC1D,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAA;oBAC3C,OAAO,CAAC,CAAC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;gBACzF,CAAC;gBACD,OAAO,KAAK,CAAA;YACd,CAAC,CAAC,CAAA;YACJ,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YACtF,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;KAAA;IAEO,YAAY,CAAC,IAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,KAAK,CAAC,iFAAiF,IAAI,GAAG,CAAC,CAAA;QACvG,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,+GAA+G;IACzG,aAAa;6DAAC,EAAE,GAAG,EAAsB;YAC7C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBAC9C,OAAO,GAAG,CAAA;YACZ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,GAAqB,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;gBAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,CAAC,GAAG,EAAE,EAAE;;oBACN,OAAA,GAAG,CAAC,YAAY,KAAK,GAAG;wBACxB,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,MAAK,GAAG;wBAC/B,CAAC,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,KAAI,IAAI,IAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,CAAA;iBAAA,CACrF,CAAA;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,QAAgB,CAAA;gBACzB,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,YAAY,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;KAAA;CACF;AA7GD,gDA6GC"}
package/dist/ssi-sdk-ext.key-manager.d.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { AbstractKeyManagementSystem } from '@veramo/key-manager';
2
2
  import { AbstractKeyStore } from '@veramo/key-manager';
3
+ import { IKey } from '@veramo/core';
3
4
  import { IKeyManager } from '@veramo/core';
4
5
  import { IKeyManagerSignArgs } from '@veramo/core';
5
6
  import { IPluginMethodMap } from '@veramo/core';
@@ -9,24 +10,9 @@ import { ManagedKeyInfo } from '@veramo/core';
9
10
  import { MinimalImportableKey } from '@veramo/core';
10
11
  import { TKeyType } from '@veramo/core';
11
12
 
12
- /**
13
- * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}
14
- * @public
15
- */
16
- export declare interface IKeyManagerCreateArgs {
17
- /**
18
- * Key type
19
- */
20
- type: TKeyType;
21
- /**
22
- * Key Management System
23
- */
24
- kms: string;
25
- /**
26
- * Optional. Key meta data
27
- */
28
- meta?: KeyMetadata;
29
- }
13
+ export declare function hasKeyOptions(object: any): object is {
14
+ opts?: IkeyOptions;
15
+ };
30
16
 
31
17
  /**
32
18
  * Input arguments for {@link ISphereonKeyManager.keyManagerDelete | keyManagerDelete}
@@ -50,8 +36,24 @@ export declare interface IKeyManagerGetArgs {
50
36
  kid: string;
51
37
  }
52
38
 
39
+ export declare interface IkeyOptions {
40
+ /**
41
+ * Is this a temporary key?
42
+ */
43
+ ephemeral?: boolean;
44
+ /**
45
+ * Expiration and remove the key
46
+ */
47
+ expiration?: {
48
+ expiryDate?: Date;
49
+ removalDate?: Date;
50
+ };
51
+ }
52
+
53
+ export declare const isDefined: <T extends unknown>(object: T | undefined) => object is T;
54
+
53
55
  export declare interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
54
- keyManagerCreate(args: IKeyManagerCreateArgs): Promise<PartialKey>;
56
+ keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>;
55
57
  keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>;
56
58
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
57
59
  /**
@@ -62,6 +64,38 @@ export declare interface ISphereonKeyManager extends IKeyManager, IPluginMethodM
62
64
  */
63
65
  keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
64
66
  keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
67
+ /**
68
+ * Set keys to expired and remove keys eligible for deletion.
69
+ * @param args
70
+ */
71
+ keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>;
72
+ }
73
+
74
+ /**
75
+ * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}
76
+ * @public
77
+ */
78
+ export declare interface ISphereonKeyManagerCreateArgs {
79
+ /**
80
+ * Key type
81
+ */
82
+ type: TKeyType;
83
+ /**
84
+ * Key Management System
85
+ */
86
+ kms: string;
87
+ /**
88
+ * Key options
89
+ */
90
+ opts?: IkeyOptions;
91
+ /**
92
+ * Optional. Key meta data
93
+ */
94
+ meta?: KeyMetadata;
95
+ }
96
+
97
+ export declare interface ISphereonKeyManagerHandleExpirationsArgs {
98
+ skipRemovals?: boolean;
65
99
  }
66
100
 
67
101
  /**
@@ -98,10 +132,13 @@ export declare class SphereonKeyManager extends KeyManager {
98
132
  store: AbstractKeyStore;
99
133
  kms: Record<string, AbstractKeyManagementSystem>;
100
134
  });
101
- private getAvailableKms;
135
+ keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
102
136
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
103
137
  keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
104
138
  keyManagerListKeys(): Promise<ManagedKeyInfo[]>;
139
+ keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>;
140
+ private getKmsByName;
141
+ keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey>;
105
142
  }
106
143
 
107
144
  export declare const sphereonKeyManagerMethods: Array<string>;
package/dist/tsdoc-metadata.json CHANGED
@@ -5,7 +5,7 @@
5
5
  "toolPackages": [
6
6
  {
7
7
  "packageName": "@microsoft/api-extractor",
8
- "packageVersion": "7.47.3"
8
+ "packageVersion": "7.47.5"
9
9
  }
10
10
  ]
11
11
  }
package/dist/types/ISphereonKeyManager.d.ts CHANGED
@@ -4,7 +4,7 @@ export type PartialKey = ManagedKeyInfo & {
4
4
  privateKeyHex: string;
5
5
  };
6
6
  export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
7
- keyManagerCreate(args: IKeyManagerCreateArgs): Promise<PartialKey>;
7
+ keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>;
8
8
  keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>;
9
9
  keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
10
10
  /**
@@ -15,12 +15,30 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
15
15
  */
16
16
  keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
17
17
  keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
18
+ /**
19
+ * Set keys to expired and remove keys eligible for deletion.
20
+ * @param args
21
+ */
22
+ keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>;
23
+ }
24
+ export interface IkeyOptions {
25
+ /**
26
+ * Is this a temporary key?
27
+ */
28
+ ephemeral?: boolean;
29
+ /**
30
+ * Expiration and remove the key
31
+ */
32
+ expiration?: {
33
+ expiryDate?: Date;
34
+ removalDate?: Date;
35
+ };
18
36
  }
19
37
  /**
20
38
  * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}
21
39
  * @public
22
40
  */
23
- export interface IKeyManagerCreateArgs {
41
+ export interface ISphereonKeyManagerCreateArgs {
24
42
  /**
25
43
  * Key type
26
44
  */
@@ -29,11 +47,18 @@ export interface IKeyManagerCreateArgs {
29
47
  * Key Management System
30
48
  */
31
49
  kms: string;
50
+ /**
51
+ * Key options
52
+ */
53
+ opts?: IkeyOptions;
32
54
  /**
33
55
  * Optional. Key meta data
34
56
  */
35
57
  meta?: KeyMetadata;
36
58
  }
59
+ export declare function hasKeyOptions(object: any): object is {
60
+ opts?: IkeyOptions;
61
+ };
37
62
  /**
38
63
  * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}
39
64
  * @public
@@ -64,6 +89,9 @@ export interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {
64
89
  */
65
90
  data: string | Uint8Array;
66
91
  }
92
+ export interface ISphereonKeyManagerHandleExpirationsArgs {
93
+ skipRemovals?: boolean;
94
+ }
67
95
  export interface ISphereonKeyManagerVerifyArgs {
68
96
  kms: string;
69
97
  publicKeyHex: string;
@@ -72,4 +100,5 @@ export interface ISphereonKeyManagerVerifyArgs {
72
100
  data: Uint8Array;
73
101
  signature: string;
74
102
  }
103
+ export declare const isDefined: <T extends unknown>(object: T | undefined) => object is T;
75
104
  //# sourceMappingURL=ISphereonKeyManager.d.ts.map
package/dist/types/ISphereonKeyManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,oBAAoB,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC9H,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnE,MAAM,WAAW,mBAAoB,SAAQ,WAAW,EAAE,gBAAgB;IACxE,gBAAgB,CAAC,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAElE,gBAAgB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAEhE,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAElE;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvE,kBAAkB,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;CACrD;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAA;IAEd;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AAEH,MAAM,WAAW,2BAA4B,SAAQ,mBAAmB;IACtE;;OAEG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,CAAA;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,GAAG,EAAE,MAAM,CAAA;IACX,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,UAAU,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB"}
1
+ {"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,oBAAoB,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC9H,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAE7C,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnE,MAAM,WAAW,mBAAoB,SAAQ,WAAW,EAAE,gBAAgB;IACxE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAE1E,gBAAgB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAEhE,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAElE;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvE,kBAAkB,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;IAEpD;;;OAGG;IACH,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;CAC5G;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAEnB;;OAEG;IACH,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,IAAI,CAAA;QACjB,WAAW,CAAC,EAAE,IAAI,CAAA;KACnB,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,WAAW,6BAA6B;IAC5C;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAA;IAEd;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;IAEX;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;IAElB;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;CACnB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI;IAAE,IAAI,CAAC,EAAE,WAAW,CAAA;CAAE,CAE3E;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AAEH,MAAM,WAAW,2BAA4B,SAAQ,mBAAmB;IACtE;;OAEG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,CAAA;CAC1B;AAED,MAAM,WAAW,wCAAwC;IACvD,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,6BAA6B;IAC5C,GAAG,EAAE,MAAM,CAAA;IACX,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,UAAU,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,SAAS,8BAA+B,CAAC,GAAG,SAAS,gBAAsC,CAAA"}
package/dist/types/ISphereonKeyManager.js CHANGED
@@ -1,3 +1,10 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.isDefined = exports.hasKeyOptions = void 0;
4
+ function hasKeyOptions(object) {
5
+ return object && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts);
6
+ }
7
+ exports.hasKeyOptions = hasKeyOptions;
8
+ const isDefined = (object) => object !== undefined;
9
+ exports.isDefined = isDefined;
3
10
  //# sourceMappingURL=ISphereonKeyManager.js.map
package/dist/types/ISphereonKeyManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":";;;AAsEA,SAAgB,aAAa,CAAC,MAAW;IACvC,OAAO,MAAQ,IAAI,MAAM,IAAI,MAAM,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,IAAI,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AACpG,CAAC;AAFD,sCAEC;AAiDM,MAAM,SAAS,GAAG,CAAoB,MAAqB,EAAe,EAAE,CAAC,MAAM,KAAK,SAAS,CAAA;AAA3F,QAAA,SAAS,aAAkF"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.key-manager",
3
3
  "description": "Sphereon Key Manager plugin with BLS support",
4
- "version": "0.24.1-unstable.9+9d7f5c6",
4
+ "version": "0.24.1-unstable.90+75fd054",
5
5
  "source": "src/index.ts",
6
6
  "main": "dist/index.js",
7
7
  "types": "dist/index.d.ts",
@@ -15,14 +15,14 @@
15
15
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
16
16
  },
17
17
  "dependencies": {
18
- "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.9+9d7f5c6",
19
18
  "@veramo/core": "4.2.0",
20
19
  "@veramo/key-manager": "4.2.0"
21
20
  },
22
21
  "devDependencies": {
23
22
  "@mattrglobal/bbs-signatures": "^1.3.1",
24
- "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.9+9d7f5c6",
25
- "@sphereon/ssi-sdk.dev": "0.28.0"
23
+ "@sphereon/ssi-sdk-ext.key-utils": "0.24.1-unstable.90+75fd054",
24
+ "@sphereon/ssi-sdk-ext.kms-local": "0.24.1-unstable.90+75fd054",
25
+ "@sphereon/ssi-sdk.dev": "0.29.1-unstable.75"
26
26
  },
27
27
  "resolutions": {
28
28
  "jsonld": "npm:@digitalcredentials/jsonld@^5.2.1",
@@ -38,7 +38,7 @@
38
38
  "publishConfig": {
39
39
  "access": "public"
40
40
  },
41
- "repository": "git@github.com:Sphereon-Opensource/SSI-SDK.git",
41
+ "repository": "git@github.com:Sphereon-OpenSource/SSI-SDK-crypto-extensions.git",
42
42
  "author": "Sphereon <dev@sphereon.com>",
43
43
  "license": "Apache-2.0",
44
44
  "keywords": [
@@ -46,5 +46,5 @@
46
46
  "kms",
47
47
  "Veramo"
48
48
  ],
49
- "gitHead": "9d7f5c6eb96a1b39e7b98649a31139da604730bf"
49
+ "gitHead": "75fd0548fa2f4542b7f06c4571ff82ed04d024ad"
50
50
  }
package/plugin.schema.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "ISphereonKeyManager": {
3
3
  "components": {
4
4
  "schemas": {
5
- "IKeyManagerCreateArgs": {
5
+ "ISphereonKeyManagerCreateArgs": {
6
6
  "type": "object",
7
7
  "properties": {
8
8
  "type": {
@@ -13,6 +13,10 @@
13
13
  "type": "string",
14
14
  "description": "Key Management System"
15
15
  },
16
+ "opts": {
17
+ "$ref": "#/components/schemas/IkeyOptions",
18
+ "description": "Key options"
19
+ },
16
20
  "meta": {
17
21
  "$ref": "#/components/schemas/KeyMetadata",
18
22
  "description": "Optional. Key meta data"
@@ -37,6 +41,29 @@
37
41
  ],
38
42
  "description": "Cryptographic key type."
39
43
  },
44
+ "IkeyOptions": {
45
+ "type": "object",
46
+ "properties": {
47
+ "ephemeral": {
48
+ "type": "boolean",
49
+ "description": "Is this a temporary key?"
50
+ },
51
+ "expiration": {
52
+ "type": "object",
53
+ "properties": {
54
+ "expiryDate": {
55
+ "type": "string",
56
+ "format": "date-time"
57
+ },
58
+ "removalDate": {
59
+ "type": "string",
60
+ "format": "date-time"
61
+ }
62
+ },
63
+ "description": "Expiration and remove the key"
64
+ }
65
+ }
66
+ },
40
67
  "KeyMetadata": {
41
68
  "type": "object",
42
69
  "properties": {
@@ -91,11 +118,15 @@
91
118
  "type"
92
119
  ]
93
120
  },
94
- "MinimalImportableKey": {
95
- "$ref": "#/components/schemas/RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>",
96
- "description": "Represents the properties required to import a key."
121
+ "ISphereonKeyManagerHandleExpirationsArgs": {
122
+ "type": "object",
123
+ "properties": {
124
+ "skipRemovals": {
125
+ "type": "boolean"
126
+ }
127
+ }
97
128
  },
98
- "RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>": {
129
+ "ManagedKeyInfo": {
99
130
  "type": "object",
100
131
  "properties": {
101
132
  "kid": {
@@ -114,10 +145,6 @@
114
145
  "type": "string",
115
146
  "description": "Public key"
116
147
  },
117
- "privateKeyHex": {
118
- "type": "string",
119
- "description": "Optional. Private key"
120
- },
121
148
  "meta": {
122
149
  "anyOf": [
123
150
  {
@@ -130,9 +157,19 @@
130
157
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
131
158
  }
132
159
  },
133
- "description": "Represents an object type where a subset of keys are required and everything else is optional."
160
+ "required": [
161
+ "kid",
162
+ "kms",
163
+ "type",
164
+ "publicKeyHex"
165
+ ],
166
+ "description": "Represents information about a managed key. Private or secret key material is NOT present."
134
167
  },
135
- "ManagedKeyInfo": {
168
+ "MinimalImportableKey": {
169
+ "$ref": "#/components/schemas/RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>",
170
+ "description": "Represents the properties required to import a key."
171
+ },
172
+ "RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>": {
136
173
  "type": "object",
137
174
  "properties": {
138
175
  "kid": {
@@ -151,6 +188,10 @@
151
188
  "type": "string",
152
189
  "description": "Public key"
153
190
  },
191
+ "privateKeyHex": {
192
+ "type": "string",
193
+ "description": "Optional. Private key"
194
+ },
154
195
  "meta": {
155
196
  "anyOf": [
156
197
  {
@@ -163,13 +204,7 @@
163
204
  "description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
164
205
  }
165
206
  },
166
- "required": [
167
- "kid",
168
- "kms",
169
- "type",
170
- "publicKeyHex"
171
- ],
172
- "description": "Represents information about a managed key. Private or secret key material is NOT present."
207
+ "description": "Represents an object type where a subset of keys are required and everything else is optional."
173
208
  },
174
209
  "ISphereonKeyManagerSignArgs": {
175
210
  "type": "object",
@@ -325,12 +360,24 @@
325
360
  "keyManagerCreate": {
326
361
  "description": "",
327
362
  "arguments": {
328
- "$ref": "#/components/schemas/IKeyManagerCreateArgs"
363
+ "$ref": "#/components/schemas/ISphereonKeyManagerCreateArgs"
329
364
  },
330
365
  "returnType": {
331
366
  "$ref": "#/components/schemas/PartialKey"
332
367
  }
333
368
  },
369
+ "keyManagerHandleExpirations": {
370
+ "description": "Set keys to expired and remove keys eligible for deletion.",
371
+ "arguments": {
372
+ "$ref": "#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs"
373
+ },
374
+ "returnType": {
375
+ "type": "array",
376
+ "items": {
377
+ "$ref": "#/components/schemas/ManagedKeyInfo"
378
+ }
379
+ }
380
+ },
334
381
  "keyManagerImport": {
335
382
  "description": "",
336
383
  "arguments": {
package/src/__tests__/SphereonKeyManager.test.ts ADDED
@@ -0,0 +1,72 @@
1
+ import { SphereonKeyManager } from '../agent/SphereonKeyManager'
2
+ import { MemoryKeyStore, MemoryPrivateKeyStore } from '@veramo/key-manager'
3
+ import { SphereonKeyManagementSystem } from '@sphereon/ssi-sdk-ext.kms-local'
4
+
5
+ describe('@sphereon/ssi-sdk-ext.key-manager key functionalities', () => {
6
+ const kms = new SphereonKeyManager({
7
+ store: new MemoryKeyStore(),
8
+ kms: {
9
+ local: new SphereonKeyManagementSystem(new MemoryPrivateKeyStore()),
10
+ },
11
+ })
12
+
13
+ it('should create and fetch a RSA key', async () => {
14
+ const key = await kms.keyManagerCreate({ type: 'RSA', kms: 'local' })
15
+ const fetchByKid = await kms.keyManagerGet({ kid: key.kid })
16
+ expect(fetchByKid.kid).toEqual(key.kid)
17
+ expect(fetchByKid.publicKeyHex).toEqual(key.publicKeyHex)
18
+ expect(fetchByKid?.meta?.publicKeyJwk).toBeDefined()
19
+ expect(fetchByKid?.meta?.publicKeyPEM).toBeDefined()
20
+ expect(fetchByKid.type).toEqual('RSA')
21
+ const fetchByPublicKeyHex = await kms.keyManagerGet({ kid: key.publicKeyHex })
22
+ expect(fetchByPublicKeyHex.kid).toEqual(key.kid)
23
+ expect(fetchByPublicKeyHex?.meta?.publicKeyJwk).toBeDefined()
24
+ expect(fetchByPublicKeyHex?.meta?.publicKeyPEM).toBeDefined()
25
+ const deleteByPublicKeyHex = await kms.keyManagerDelete({ kid: key.publicKeyHex })
26
+ expect(deleteByPublicKeyHex).toBeTruthy()
27
+ })
28
+
29
+ it('should create and fetch a X25519 key', async () => {
30
+ const key = await kms.keyManagerCreate({ type: 'X25519', kms: 'local' })
31
+ const fetchByKid = await kms.keyManagerGet({ kid: key.kid })
32
+ expect(fetchByKid.type).toEqual('X25519')
33
+ expect(fetchByKid.kid).toEqual(key.kid)
34
+ expect(fetchByKid.publicKeyHex).toEqual(key.publicKeyHex)
35
+ })
36
+
37
+ it('should create and fetch a Ed25519 key', async () => {
38
+ const key = await kms.keyManagerCreate({ type: 'Ed25519', kms: 'local' })
39
+ const fetchByKid = await kms.keyManagerGet({ kid: key.kid })
40
+ expect(fetchByKid.type).toEqual('Ed25519')
41
+ expect(fetchByKid.kid).toEqual(key.kid)
42
+ expect(fetchByKid.publicKeyHex).toEqual(key.publicKeyHex)
43
+ const fetchByPublicKeyHex = await kms.keyManagerGet({ kid: key.publicKeyHex })
44
+ expect(fetchByPublicKeyHex.kid).toEqual(key.kid)
45
+ })
46
+
47
+ it('should create and fetch a Secp256k1 key', async () => {
48
+ const key = await kms.keyManagerCreate({ type: 'Secp256k1', kms: 'local' })
49
+ const fetchByKid = await kms.keyManagerGet({ kid: key.kid })
50
+ expect(fetchByKid.type).toEqual('Secp256k1')
51
+ expect(fetchByKid.kid).toEqual(key.kid)
52
+ expect(fetchByKid.publicKeyHex).toEqual(key.publicKeyHex)
53
+ expect(fetchByKid?.meta?.algorithms).toEqual(['ES256K', 'ES256K-R', 'eth_signTransaction', 'eth_signTypedData', 'eth_signMessage', 'eth_rawSign'])
54
+ const fetchByPublicKeyHex = await kms.keyManagerGet({ kid: key.publicKeyHex })
55
+ expect(fetchByPublicKeyHex.kid).toEqual(key.kid)
56
+ const fetchByThumbprint = await kms.keyManagerGet({ kid: key?.meta?.jwkThumbprint })
57
+ expect(fetchByThumbprint.kid).toEqual(fetchByThumbprint.kid)
58
+ })
59
+
60
+ it('should create and fetch a Secp256r1 key', async () => {
61
+ const key = await kms.keyManagerCreate({ type: 'Secp256r1', kms: 'local' })
62
+ const fetchByKid = await kms.keyManagerGet({ kid: key.kid })
63
+ expect(fetchByKid.kid).toEqual(key.kid)
64
+ expect(fetchByKid.type).toEqual('Secp256r1')
65
+ expect(fetchByKid.publicKeyHex).toEqual(key.publicKeyHex)
66
+ expect(fetchByKid?.meta?.algorithms).toEqual(['ES256'])
67
+ const fetchByPublicKeyHex = await kms.keyManagerGet({ kid: key.publicKeyHex })
68
+ expect(fetchByPublicKeyHex.kid).toEqual(key.kid)
69
+ const fetchByThumbprint = await kms.keyManagerGet({ kid: key?.meta?.jwkThumbprint })
70
+ expect(fetchByThumbprint.kid).toEqual(fetchByThumbprint.kid)
71
+ })
72
+ })
package/src/agent/SphereonKeyManager.ts CHANGED
@@ -1,18 +1,28 @@
1
- import { KeyManager as VeramoKeyManager, AbstractKeyManagementSystem, AbstractKeyStore } from '@veramo/key-manager'
2
-
3
- import { IKey, ManagedKeyInfo, TKeyType } from '@veramo/core'
4
- import { KeyType, SphereonKeyManagementSystem } from '@sphereon/ssi-sdk-ext.kms-local'
5
- import { ISphereonKeyManager, ISphereonKeyManagerSignArgs, ISphereonKeyManagerVerifyArgs } from '../types/ISphereonKeyManager'
1
+ import { calculateJwkThumbprintForKey } from '@sphereon/ssi-sdk-ext.key-utils'
2
+ import { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'
3
+ import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'
4
+ import {
5
+ hasKeyOptions,
6
+ IKeyManagerGetArgs,
7
+ ISphereonKeyManager,
8
+ ISphereonKeyManagerCreateArgs,
9
+ ISphereonKeyManagerHandleExpirationsArgs,
10
+ ISphereonKeyManagerSignArgs,
11
+ ISphereonKeyManagerVerifyArgs,
12
+ } from '../types/ISphereonKeyManager'
6
13
 
7
14
  export const sphereonKeyManagerMethods: Array<string> = [
8
15
  'keyManagerCreate',
16
+ 'keyManagerGet',
9
17
  'keyManagerImport',
10
18
  'keyManagerSign',
11
19
  'keyManagerVerify',
12
20
  'keyManagerListKeys',
21
+ 'keyManagerHandleExpirations',
13
22
  ]
14
23
 
15
24
  export class SphereonKeyManager extends VeramoKeyManager {
25
+ // local store reference, given the superclass store is private, and we need additional functions/calls
16
26
  private localStore: AbstractKeyStore
17
27
  private readonly availableKMSes: Record<string, AbstractKeyManagementSystem>
18
28
  readonly localMethods: ISphereonKeyManager
@@ -27,28 +37,44 @@ export class SphereonKeyManager extends VeramoKeyManager {
27
37
  this.localMethods = <ISphereonKeyManager>(<unknown>methods)
28
38
  }
29
39
 
30
- private getAvailableKms(name: string): AbstractKeyManagementSystem {
31
- const kms = this.availableKMSes[name]
32
- if (!kms) {
33
- throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)
40
+ override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {
41
+ const kms = this.getKmsByName(args.kms)
42
+ const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }
43
+ if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {
44
+ // Make sure we set a delete date on an ephemeral key
45
+ meta.opts = {
46
+ ...meta.opts,
47
+ expiration: { ...meta.opts?.expiration, removalDate: new Date(Date.now() + 5 * 60 * 1000) },
48
+ }
34
49
  }
35
- return kms
50
+ const partialKey = await kms.createKey({ type: args.type, meta })
51
+ const key: IKey = { ...partialKey, kms: args.kms }
52
+ key.meta = { ...meta, ...key.meta }
53
+ key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })
54
+
55
+ await this.localStore.import(key)
56
+ if (key.privateKeyHex) {
57
+ // Make sure to not export the private key
58
+ delete key.privateKeyHex
59
+ }
60
+ return key
36
61
  }
37
62
 
38
63
  //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
64
+
39
65
  async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {
40
66
  const keyInfo: IKey = (await this.localStore.get({ kid: args.keyRef })) as IKey
41
- const kms = this.getAvailableKms(keyInfo.kms)
42
- if (keyInfo.type === <TKeyType>KeyType.Bls12381G2) {
67
+ const kms = this.getKmsByName(keyInfo.kms)
68
+ if (keyInfo.type === 'Bls12381G2') {
43
69
  return await kms.sign({ keyRef: keyInfo, data: Uint8Array.from(Buffer.from(args.data)) })
44
70
  }
45
- // @ts-ignore
71
+ // @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
46
72
  return await super.keyManagerSign(args)
47
73
  }
48
74
 
49
75
  async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {
50
- const kms = this.getAvailableKms(args.kms)
51
- if (('verify' in kms && typeof kms.verify === 'function') || kms instanceof SphereonKeyManagementSystem) {
76
+ const kms = this.getKmsByName(args.kms)
77
+ if ('verify' in kms && typeof kms.verify === 'function') {
52
78
  // @ts-ignore
53
79
  return await kms.verify(args)
54
80
  }
@@ -56,6 +82,52 @@ export class SphereonKeyManager extends VeramoKeyManager {
56
82
  }
57
83
 
58
84
  async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {
59
- return this.localStore.list({}) // FIXME there are no args it seems
85
+ return this.localStore.list({})
86
+ }
87
+
88
+ async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {
89
+ const keys = await this.keyManagerListKeys()
90
+ const expiredKeys = keys
91
+ .filter((key) => hasKeyOptions(key.meta))
92
+ .filter((key) => {
93
+ if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {
94
+ const expiration = key.meta.opts.expiration
95
+ return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now())
96
+ }
97
+ return false
98
+ })
99
+ if (args.skipRemovals !== true) {
100
+ await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({ kid: key.kid })))
101
+ }
102
+ return keys
103
+ }
104
+
105
+ private getKmsByName(name: string): AbstractKeyManagementSystem {
106
+ const kms = this.availableKMSes[name]
107
+ if (!kms) {
108
+ throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)
109
+ }
110
+ return kms
111
+ }
112
+
113
+ //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
114
+ async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {
115
+ try {
116
+ const key = await this.localStore.get({ kid })
117
+ return key
118
+ } catch (e) {
119
+ const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()
120
+ const foundKey = keys.find(
121
+ (key) =>
122
+ key.publicKeyHex === kid ||
123
+ key.meta?.jwkThumbprint === kid ||
124
+ (key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid)
125
+ )
126
+ if (foundKey) {
127
+ return foundKey as IKey
128
+ } else {
129
+ throw new Error(`Key with kid ${kid} not found`)
130
+ }
131
+ }
60
132
  }
61
133
  }
package/src/types/ISphereonKeyManager.ts CHANGED
@@ -4,7 +4,7 @@ import { ManagedKeyInfo } from '@veramo/core'
4
4
  export type PartialKey = ManagedKeyInfo & { privateKeyHex: string }
5
5
 
6
6
  export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
7
- keyManagerCreate(args: IKeyManagerCreateArgs): Promise<PartialKey>
7
+ keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<PartialKey>
8
8
 
9
9
  keyManagerImport(key: MinimalImportableKey): Promise<PartialKey>
10
10
 
@@ -19,13 +19,34 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
19
19
  keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>
20
20
 
21
21
  keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>
22
+
23
+ /**
24
+ * Set keys to expired and remove keys eligible for deletion.
25
+ * @param args
26
+ */
27
+ keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>>
28
+ }
29
+
30
+ export interface IkeyOptions {
31
+ /**
32
+ * Is this a temporary key?
33
+ */
34
+ ephemeral?: boolean
35
+
36
+ /**
37
+ * Expiration and remove the key
38
+ */
39
+ expiration?: {
40
+ expiryDate?: Date
41
+ removalDate?: Date
42
+ }
22
43
  }
23
44
 
24
45
  /**
25
46
  * Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate}
26
47
  * @public
27
48
  */
28
- export interface IKeyManagerCreateArgs {
49
+ export interface ISphereonKeyManagerCreateArgs {
29
50
  /**
30
51
  * Key type
31
52
  */
@@ -36,12 +57,21 @@ export interface IKeyManagerCreateArgs {
36
57
  */
37
58
  kms: string
38
59
 
60
+ /**
61
+ * Key options
62
+ */
63
+ opts?: IkeyOptions
64
+
39
65
  /**
40
66
  * Optional. Key meta data
41
67
  */
42
68
  meta?: KeyMetadata
43
69
  }
44
70
 
71
+ export function hasKeyOptions(object: any): object is { opts?: IkeyOptions } {
72
+ return object!! && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts)
73
+ }
74
+
45
75
  /**
46
76
  * Input arguments for {@link ISphereonKeyManager.keyManagerGet | keyManagerGet}
47
77
  * @public
@@ -76,6 +106,10 @@ export interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs {
76
106
  data: string | Uint8Array
77
107
  }
78
108
 
109
+ export interface ISphereonKeyManagerHandleExpirationsArgs {
110
+ skipRemovals?: boolean
111
+ }
112
+
79
113
  export interface ISphereonKeyManagerVerifyArgs {
80
114
  kms: string
81
115
  publicKeyHex: string
@@ -84,3 +118,5 @@ export interface ISphereonKeyManagerVerifyArgs {
84
118
  data: Uint8Array
85
119
  signature: string
86
120
  }
121
+
122
+ export const isDefined = <T extends unknown>(object: T | undefined): object is T => object !== undefined