@sphereon/ssi-sdk-ext.key-manager 0.24.1-unstable.92 → 0.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/SphereonKeyManager.d.ts +6 -3
- package/dist/agent/SphereonKeyManager.d.ts.map +1 -1
- package/dist/agent/SphereonKeyManager.js +60 -20
- package/dist/agent/SphereonKeyManager.js.map +1 -1
- package/dist/ssi-sdk-ext.key-manager.d.ts +12 -5
- package/dist/tsdoc-metadata.json +1 -1
- package/dist/types/ISphereonKeyManager.d.ts +7 -4
- package/dist/types/ISphereonKeyManager.d.ts.map +1 -1
- package/dist/types/ISphereonKeyManager.js +2 -2
- package/dist/types/ISphereonKeyManager.js.map +1 -1
- package/package.json +7 -6
- package/plugin.schema.json +10 -3
- package/src/agent/SphereonKeyManager.ts +40 -21
- package/src/types/ISphereonKeyManager.ts +9 -4
|
@@ -3,13 +3,16 @@ import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyM
|
|
|
3
3
|
import { IKeyManagerGetArgs, ISphereonKeyManager, ISphereonKeyManagerCreateArgs, ISphereonKeyManagerHandleExpirationsArgs, ISphereonKeyManagerSignArgs, ISphereonKeyManagerVerifyArgs } from '../types/ISphereonKeyManager';
|
|
4
4
|
export declare const sphereonKeyManagerMethods: Array<string>;
|
|
5
5
|
export declare class SphereonKeyManager extends VeramoKeyManager {
|
|
6
|
-
private
|
|
7
|
-
private readonly
|
|
8
|
-
readonly
|
|
6
|
+
private kmsStore;
|
|
7
|
+
private readonly availableKmses;
|
|
8
|
+
readonly defaultKms: string;
|
|
9
|
+
readonly kmsMethods: ISphereonKeyManager;
|
|
9
10
|
constructor(options: {
|
|
10
11
|
store: AbstractKeyStore;
|
|
11
12
|
kms: Record<string, AbstractKeyManagementSystem>;
|
|
13
|
+
defaultKms?: string;
|
|
12
14
|
});
|
|
15
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
13
16
|
keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
|
|
14
17
|
keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
|
|
15
18
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAe,cAAc,EAAE,MAAM,cAAc,CAAA;AAChE,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"SphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAe,cAAc,EAAE,MAAM,cAAc,CAAA;AAChE,OAAO,EAAE,2BAA2B,EAAE,gBAAgB,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAGnH,OAAO,EAEL,kBAAkB,EAClB,mBAAmB,EACnB,6BAA6B,EAC7B,wCAAwC,EACxC,2BAA2B,EAC3B,6BAA6B,EAC9B,MAAM,8BAA8B,CAAA;AAErC,eAAO,MAAM,yBAAyB,EAAE,KAAK,CAAC,MAAM,CASnD,CAAA;AAED,qBAAa,kBAAmB,SAAQ,gBAAgB;IAEtD,OAAO,CAAC,QAAQ,CAAkB;IAClC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6C;IAC5E,SAAgB,UAAU,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,UAAU,EAAE,mBAAmB,CAAA;gBAE5B,OAAO,EAAE;QAAE,KAAK,EAAE,gBAAgB,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAevH,uCAAuC,IAAI,OAAO,CAAC,MAAM,CAAC;IAI3C,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,cAAc,CAAC;IAyBvF,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC;IAUlE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC;IAevE,kBAAkB,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/C,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAiBjH,OAAO,CAAC,YAAY;IASd,aAAa,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;CAmBhE"}
|
|
@@ -1,4 +1,27 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
2
25
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
26
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
27
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -12,6 +35,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
12
35
|
exports.SphereonKeyManager = exports.sphereonKeyManagerMethods = void 0;
|
|
13
36
|
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
14
37
|
const key_manager_1 = require("@veramo/key-manager");
|
|
38
|
+
const u8a = __importStar(require("uint8arrays"));
|
|
15
39
|
const ISphereonKeyManager_1 = require("../types/ISphereonKeyManager");
|
|
16
40
|
exports.sphereonKeyManagerMethods = [
|
|
17
41
|
'keyManagerCreate',
|
|
@@ -20,32 +44,42 @@ exports.sphereonKeyManagerMethods = [
|
|
|
20
44
|
'keyManagerSign',
|
|
21
45
|
'keyManagerVerify',
|
|
22
46
|
'keyManagerListKeys',
|
|
47
|
+
'keyManagerGetDefaultKeyManagementSystem',
|
|
23
48
|
'keyManagerHandleExpirations',
|
|
24
49
|
];
|
|
25
50
|
class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
26
51
|
constructor(options) {
|
|
52
|
+
var _a;
|
|
27
53
|
super({ store: options.store, kms: options.kms });
|
|
28
|
-
this.
|
|
29
|
-
this.
|
|
54
|
+
this.kmsStore = options.store;
|
|
55
|
+
this.availableKmses = options.kms;
|
|
56
|
+
this.defaultKms = (_a = options.defaultKms) !== null && _a !== void 0 ? _a : Object.keys(this.availableKmses)[0];
|
|
57
|
+
if (!Object.keys(this.availableKmses).includes(this.defaultKms)) {
|
|
58
|
+
throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`);
|
|
59
|
+
}
|
|
30
60
|
const methods = this.methods;
|
|
31
61
|
methods.keyManagerVerify = this.keyManagerVerify.bind(this);
|
|
32
62
|
methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
|
|
33
|
-
|
|
63
|
+
methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
|
|
64
|
+
this.kmsMethods = methods;
|
|
65
|
+
}
|
|
66
|
+
keyManagerGetDefaultKeyManagementSystem() {
|
|
67
|
+
return Promise.resolve(this.defaultKms);
|
|
34
68
|
}
|
|
35
69
|
keyManagerCreate(args) {
|
|
36
70
|
return __awaiter(this, void 0, void 0, function* () {
|
|
37
|
-
var _a, _b, _c, _d;
|
|
38
|
-
const kms = this.getKmsByName(args.kms);
|
|
71
|
+
var _a, _b, _c, _d, _e, _f;
|
|
72
|
+
const kms = this.getKmsByName((_a = args.kms) !== null && _a !== void 0 ? _a : this.defaultKms);
|
|
39
73
|
const meta = Object.assign(Object.assign({}, args.meta), (args.opts && { opts: args.opts }));
|
|
40
|
-
if ((0, ISphereonKeyManager_1.hasKeyOptions)(meta) && ((
|
|
74
|
+
if ((0, ISphereonKeyManager_1.hasKeyOptions)(meta) && ((_b = meta.opts) === null || _b === void 0 ? void 0 : _b.ephemeral) && !((_c = meta.opts.expiration) === null || _c === void 0 ? void 0 : _c.removalDate)) {
|
|
41
75
|
// Make sure we set a delete date on an ephemeral key
|
|
42
|
-
meta.opts = Object.assign(Object.assign({}, meta.opts), { expiration: Object.assign(Object.assign({}, (
|
|
76
|
+
meta.opts = Object.assign(Object.assign({}, meta.opts), { expiration: Object.assign(Object.assign({}, (_d = meta.opts) === null || _d === void 0 ? void 0 : _d.expiration), { removalDate: new Date(Date.now() + 5 * 60 * 1000) }) });
|
|
43
77
|
}
|
|
44
78
|
const partialKey = yield kms.createKey({ type: args.type, meta });
|
|
45
|
-
const key = Object.assign(Object.assign({}, partialKey), { kms: args.kms });
|
|
79
|
+
const key = Object.assign(Object.assign({}, partialKey), { kms: (_e = args.kms) !== null && _e !== void 0 ? _e : this.defaultKms });
|
|
46
80
|
key.meta = Object.assign(Object.assign({}, meta), key.meta);
|
|
47
|
-
key.meta.jwkThumbprint = (
|
|
48
|
-
yield this.
|
|
81
|
+
key.meta.jwkThumbprint = (_f = key.meta.jwkThumbprint) !== null && _f !== void 0 ? _f : (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprintForKey)({ key });
|
|
82
|
+
yield this.kmsStore.import(key);
|
|
49
83
|
if (key.privateKeyHex) {
|
|
50
84
|
// Make sure to not export the private key
|
|
51
85
|
delete key.privateKeyHex;
|
|
@@ -59,10 +93,10 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
59
93
|
keyManagerSign: { get: () => super.keyManagerSign }
|
|
60
94
|
});
|
|
61
95
|
return __awaiter(this, void 0, void 0, function* () {
|
|
62
|
-
const keyInfo = (yield this.
|
|
96
|
+
const keyInfo = (yield this.kmsStore.get({ kid: args.keyRef }));
|
|
63
97
|
const kms = this.getKmsByName(keyInfo.kms);
|
|
64
98
|
if (keyInfo.type === 'Bls12381G2') {
|
|
65
|
-
return yield kms.sign({ keyRef: keyInfo, data:
|
|
99
|
+
return yield kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? u8a.fromString(args.data) : args.data });
|
|
66
100
|
}
|
|
67
101
|
// @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
|
|
68
102
|
return yield _super.keyManagerSign.call(this, args);
|
|
@@ -70,17 +104,23 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
70
104
|
}
|
|
71
105
|
keyManagerVerify(args) {
|
|
72
106
|
return __awaiter(this, void 0, void 0, function* () {
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
107
|
+
if (args.kms) {
|
|
108
|
+
const kms = this.getKmsByName(args.kms);
|
|
109
|
+
if (kms && 'verify' in kms && typeof kms.verify === 'function') {
|
|
110
|
+
// @ts-ignore
|
|
111
|
+
return yield kms.verify(args);
|
|
112
|
+
}
|
|
77
113
|
}
|
|
78
|
-
|
|
114
|
+
return yield (0, ssi_sdk_ext_key_utils_1.verifySignatureWithSubtle)({
|
|
115
|
+
key: (0, ssi_sdk_ext_key_utils_1.toJwk)(args.publicKeyHex, args.type),
|
|
116
|
+
data: args.data,
|
|
117
|
+
signature: u8a.fromString(args.signature, 'utf-8'),
|
|
118
|
+
});
|
|
79
119
|
});
|
|
80
120
|
}
|
|
81
121
|
keyManagerListKeys() {
|
|
82
122
|
return __awaiter(this, void 0, void 0, function* () {
|
|
83
|
-
return this.
|
|
123
|
+
return this.kmsStore.list({});
|
|
84
124
|
});
|
|
85
125
|
}
|
|
86
126
|
keyManagerHandleExpirations(args) {
|
|
@@ -103,7 +143,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
103
143
|
});
|
|
104
144
|
}
|
|
105
145
|
getKmsByName(name) {
|
|
106
|
-
const kms = this.
|
|
146
|
+
const kms = this.availableKmses[name];
|
|
107
147
|
if (!kms) {
|
|
108
148
|
throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
|
|
109
149
|
}
|
|
@@ -113,7 +153,7 @@ class SphereonKeyManager extends key_manager_1.KeyManager {
|
|
|
113
153
|
keyManagerGet(_a) {
|
|
114
154
|
return __awaiter(this, arguments, void 0, function* ({ kid }) {
|
|
115
155
|
try {
|
|
116
|
-
const key = yield this.
|
|
156
|
+
const key = yield this.kmsStore.get({ kid });
|
|
117
157
|
return key;
|
|
118
158
|
}
|
|
119
159
|
catch (e) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"SphereonKeyManager.js","sourceRoot":"","sources":["../../src/agent/SphereonKeyManager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2EAAgH;AAEhH,qDAAmH;AAEnH,iDAAkC;AAClC,sEAQqC;AAExB,QAAA,yBAAyB,GAAkB;IACtD,kBAAkB;IAClB,eAAe;IACf,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,oBAAoB;IACpB,yCAAyC;IACzC,6BAA6B;CAC9B,CAAA;AAED,MAAa,kBAAmB,SAAQ,wBAAgB;IAOtD,YAAY,OAA2G;;QACrH,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACjD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAA;QAC7B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAA;QACjC,IAAI,CAAC,UAAU,GAAG,MAAA,OAAO,CAAC,UAAU,mCAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3E,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAChE,MAAM,KAAK,CAAC,2EAA2E,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACtI,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAC5B,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3D,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,OAAO,CAAC,uCAAuC,GAAG,IAAI,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzG,IAAI,CAAC,UAAU,GAAkC,OAAQ,CAAA;IAC3D,CAAC;IAED,uCAAuC;QACrC,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACzC,CAAC;IAEc,gBAAgB,CAAC,IAAmC;;;YACjE,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,MAAA,IAAI,CAAC,GAAG,mCAAI,IAAI,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,IAAI,mCAAqB,IAAI,CAAC,IAAI,GAAK,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAE,CAAA;YACjF,IAAI,IAAA,mCAAa,EAAC,IAAI,CAAC,KAAI,MAAA,IAAI,CAAC,IAAI,0CAAE,SAAS,CAAA,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,IAAI,CAAC,UAAU,0CAAE,WAAW,CAAA,EAAE,CAAC;gBACtF,qDAAqD;gBACrD,IAAI,CAAC,IAAI,mCACJ,IAAI,CAAC,IAAI,KACZ,UAAU,kCAAO,MAAA,IAAI,CAAC,IAAI,0CAAE,UAAU,KAAE,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAC1F,CAAA;YACH,CAAC;YACD,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;YACjE,MAAM,GAAG,mCAAc,UAAU,KAAE,GAAG,EAAE,MAAA,IAAI,CAAC,GAAG,mCAAI,IAAI,CAAC,UAAU,GAAE,CAAA;YACrE,GAAG,CAAC,IAAI,mCAAQ,IAAI,GAAK,GAAG,CAAC,IAAI,CAAE,CAAA;YACnC,GAAG,CAAC,IAAI,CAAC,aAAa,GAAG,MAAA,GAAG,CAAC,IAAI,CAAC,aAAa,mCAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,CAAA;YAExF,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,0CAA0C;gBAC1C,OAAO,GAAG,CAAC,aAAa,CAAA;YAC1B,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC;KAAA;IAED,8EAA8E;IAExE,cAAc,CAAC,IAAiC;;;;;YACpD,MAAM,OAAO,GAAS,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAS,CAAA;YAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAC1C,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClC,OAAO,MAAM,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;YACzH,CAAC;YACD,qHAAqH;YACrH,OAAO,MAAM,OAAM,cAAc,YAAC,IAAI,CAAC,CAAA;QACzC,CAAC;KAAA;IAEK,gBAAgB,CAAC,IAAmC;;YACxD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACvC,IAAI,GAAG,IAAI,QAAQ,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;oBAC/D,aAAa;oBACb,OAAO,MAAM,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBAC/B,CAAC;YACH,CAAC;YACD,OAAO,MAAM,IAAA,iDAAyB,EAAC;gBACrC,GAAG,EAAE,IAAA,6BAAK,EAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC;gBACxC,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;aACnD,CAAC,CAAA;QACJ,CAAC;KAAA;IAEK,kBAAkB;;YACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC/B,CAAC;KAAA;IAEK,2BAA2B,CAAC,IAA8C;;YAC9E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;YAC5C,MAAM,WAAW,GAAG,IAAI;iBACrB,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;iBACxC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;;gBACd,IAAI,IAAA,mCAAa,EAAC,GAAG,CAAC,IAAI,CAAC,KAAI,MAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,IAAI,0CAAE,UAAU,CAAA,EAAE,CAAC;oBAC1D,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAA;oBAC3C,OAAO,CAAC,CAAC,UAAU,CAAC,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,eAAe,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;gBACzF,CAAC;gBACD,OAAO,KAAK,CAAA;YACd,CAAC,CAAC,CAAA;YACJ,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;gBAC/B,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YACtF,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;KAAA;IAEO,YAAY,CAAC,IAAY;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACrC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,KAAK,CAAC,iFAAiF,IAAI,GAAG,CAAC,CAAA;QACvG,CAAC;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,+GAA+G;IACzG,aAAa;6DAAC,EAAE,GAAG,EAAsB;YAC7C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gBAC5C,OAAO,GAAG,CAAA;YACZ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,GAAqB,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAA;gBAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,CAAC,GAAG,EAAE,EAAE;;oBACN,OAAA,GAAG,CAAC,YAAY,KAAK,GAAG;wBACxB,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,MAAK,GAAG;wBAC/B,CAAC,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,aAAa,KAAI,IAAI,IAAI,IAAA,oDAA4B,EAAC,EAAE,GAAG,EAAE,CAAC,KAAK,GAAG,CAAC,CAAA;iBAAA,CACrF,CAAA;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,QAAgB,CAAA;gBACzB,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,YAAY,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;KAAA;CACF;AA7HD,gDA6HC"}
|
|
@@ -64,6 +64,10 @@ export declare interface ISphereonKeyManager extends IKeyManager, IPluginMethodM
|
|
|
64
64
|
*/
|
|
65
65
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
66
66
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
|
|
67
|
+
/**
|
|
68
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
69
|
+
*/
|
|
70
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
67
71
|
/**
|
|
68
72
|
* Set keys to expired and remove keys eligible for deletion.
|
|
69
73
|
* @param args
|
|
@@ -83,7 +87,7 @@ export declare interface ISphereonKeyManagerCreateArgs {
|
|
|
83
87
|
/**
|
|
84
88
|
* Key Management System
|
|
85
89
|
*/
|
|
86
|
-
kms
|
|
90
|
+
kms?: string;
|
|
87
91
|
/**
|
|
88
92
|
* Key options
|
|
89
93
|
*/
|
|
@@ -110,7 +114,7 @@ export declare interface ISphereonKeyManagerSignArgs extends IKeyManagerSignArgs
|
|
|
110
114
|
}
|
|
111
115
|
|
|
112
116
|
export declare interface ISphereonKeyManagerVerifyArgs {
|
|
113
|
-
kms
|
|
117
|
+
kms?: string;
|
|
114
118
|
publicKeyHex: string;
|
|
115
119
|
type: TKeyType;
|
|
116
120
|
algorithm?: string;
|
|
@@ -125,13 +129,16 @@ export declare type PartialKey = ManagedKeyInfo & {
|
|
|
125
129
|
export declare const schema: any;
|
|
126
130
|
|
|
127
131
|
export declare class SphereonKeyManager extends KeyManager {
|
|
128
|
-
private
|
|
129
|
-
private readonly
|
|
130
|
-
readonly
|
|
132
|
+
private kmsStore;
|
|
133
|
+
private readonly availableKmses;
|
|
134
|
+
readonly defaultKms: string;
|
|
135
|
+
readonly kmsMethods: ISphereonKeyManager;
|
|
131
136
|
constructor(options: {
|
|
132
137
|
store: AbstractKeyStore;
|
|
133
138
|
kms: Record<string, AbstractKeyManagementSystem>;
|
|
139
|
+
defaultKms?: string;
|
|
134
140
|
});
|
|
141
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
135
142
|
keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo>;
|
|
136
143
|
keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string>;
|
|
137
144
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
package/dist/tsdoc-metadata.json
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import { IPluginMethodMap, KeyMetadata, MinimalImportableKey, TKeyType
|
|
2
|
-
import { ManagedKeyInfo } from '@veramo/core';
|
|
1
|
+
import { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core';
|
|
3
2
|
export type PartialKey = ManagedKeyInfo & {
|
|
4
3
|
privateKeyHex: string;
|
|
5
4
|
};
|
|
@@ -15,6 +14,10 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
|
|
|
15
14
|
*/
|
|
16
15
|
keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean>;
|
|
17
16
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>;
|
|
17
|
+
/**
|
|
18
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
19
|
+
*/
|
|
20
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>;
|
|
18
21
|
/**
|
|
19
22
|
* Set keys to expired and remove keys eligible for deletion.
|
|
20
23
|
* @param args
|
|
@@ -46,7 +49,7 @@ export interface ISphereonKeyManagerCreateArgs {
|
|
|
46
49
|
/**
|
|
47
50
|
* Key Management System
|
|
48
51
|
*/
|
|
49
|
-
kms
|
|
52
|
+
kms?: string;
|
|
50
53
|
/**
|
|
51
54
|
* Key options
|
|
52
55
|
*/
|
|
@@ -93,7 +96,7 @@ export interface ISphereonKeyManagerHandleExpirationsArgs {
|
|
|
93
96
|
skipRemovals?: boolean;
|
|
94
97
|
}
|
|
95
98
|
export interface ISphereonKeyManagerVerifyArgs {
|
|
96
|
-
kms
|
|
99
|
+
kms?: string;
|
|
97
100
|
publicKeyHex: string;
|
|
98
101
|
type: TKeyType;
|
|
99
102
|
algorithm?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"ISphereonKeyManager.d.ts","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,WAAW,EAAE,cAAc,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAE9I,MAAM,MAAM,UAAU,GAAG,cAAc,GAAG;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,CAAA;AAEnE,MAAM,WAAW,mBAAoB,SAAQ,WAAW,EAAE,gBAAgB;IACxE,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAE1E,gBAAgB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAEhE,cAAc,CAAC,IAAI,EAAE,2BAA2B,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAElE;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,6BAA6B,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEvE,kBAAkB,IAAI,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;IAEpD;;OAEG;IAEH,uCAAuC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IAE1D;;;OAGG;IACH,2BAA2B,CAAC,IAAI,EAAE,wCAAwC,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;CAC5G;AAED,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;IAEnB;;OAEG;IACH,UAAU,CAAC,EAAE;QACX,UAAU,CAAC,EAAE,IAAI,CAAA;QACjB,WAAW,CAAC,EAAE,IAAI,CAAA;KACnB,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,WAAW,6BAA6B;IAC5C;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAA;IAEd;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;IAElB;;OAEG;IACH,IAAI,CAAC,EAAE,WAAW,CAAA;CACnB;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI;IAAE,IAAI,CAAC,EAAE,WAAW,CAAA;CAAE,CAE3E;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAA;CACZ;AAED;;;GAGG;AAEH,MAAM,WAAW,2BAA4B,SAAQ,mBAAmB;IACtE;;OAEG;IACH,IAAI,EAAE,MAAM,GAAG,UAAU,CAAA;CAC1B;AAED,MAAM,WAAW,wCAAwC;IACvD,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,6BAA6B;IAC5C,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,UAAU,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,SAAS,GAAI,CAAC,SAAS,OAAO,UAAU,CAAC,GAAG,SAAS,KAAG,MAAM,IAAI,CAAyB,CAAA"}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.isDefined =
|
|
3
|
+
exports.isDefined = void 0;
|
|
4
|
+
exports.hasKeyOptions = hasKeyOptions;
|
|
4
5
|
function hasKeyOptions(object) {
|
|
5
6
|
return object && 'opts' in object && ('ephemeral' in object.opts || 'expiration' in object.opts);
|
|
6
7
|
}
|
|
7
|
-
exports.hasKeyOptions = hasKeyOptions;
|
|
8
8
|
const isDefined = (object) => object !== undefined;
|
|
9
9
|
exports.isDefined = isDefined;
|
|
10
10
|
//# sourceMappingURL=ISphereonKeyManager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"ISphereonKeyManager.js","sourceRoot":"","sources":["../../src/types/ISphereonKeyManager.ts"],"names":[],"mappings":";;;AA2EA,sCAEC;AAFD,SAAgB,aAAa,CAAC,MAAW;IACvC,OAAO,MAAQ,IAAI,MAAM,IAAI,MAAM,IAAI,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,IAAI,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,CAAA;AACpG,CAAC;AAiDM,MAAM,SAAS,GAAG,CAAoB,MAAqB,EAAe,EAAE,CAAC,MAAM,KAAK,SAAS,CAAA;AAA3F,QAAA,SAAS,aAAkF"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.key-manager",
|
|
3
3
|
"description": "Sphereon Key Manager plugin with BLS support",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.25.0",
|
|
5
5
|
"source": "src/index.ts",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -16,13 +16,14 @@
|
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
18
|
"@veramo/core": "4.2.0",
|
|
19
|
-
"@veramo/key-manager": "4.2.0"
|
|
19
|
+
"@veramo/key-manager": "4.2.0",
|
|
20
|
+
"uint8arrays": "^3.1.1"
|
|
20
21
|
},
|
|
21
22
|
"devDependencies": {
|
|
22
23
|
"@mattrglobal/bbs-signatures": "^1.3.1",
|
|
23
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.
|
|
24
|
-
"@sphereon/ssi-sdk-ext.kms-local": "0.
|
|
25
|
-
"@sphereon/ssi-sdk.dev": "0.
|
|
24
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.25.0",
|
|
25
|
+
"@sphereon/ssi-sdk-ext.kms-local": "0.25.0",
|
|
26
|
+
"@sphereon/ssi-sdk.dev": "0.30.1"
|
|
26
27
|
},
|
|
27
28
|
"resolutions": {
|
|
28
29
|
"jsonld": "npm:@digitalcredentials/jsonld@^5.2.1",
|
|
@@ -46,5 +47,5 @@
|
|
|
46
47
|
"kms",
|
|
47
48
|
"Veramo"
|
|
48
49
|
],
|
|
49
|
-
"gitHead": "
|
|
50
|
+
"gitHead": "ca2cc4d0d45bc7e0b25dccc0068420b33bbc4c47"
|
|
50
51
|
}
|
package/plugin.schema.json
CHANGED
|
@@ -23,8 +23,7 @@
|
|
|
23
23
|
}
|
|
24
24
|
},
|
|
25
25
|
"required": [
|
|
26
|
-
"type"
|
|
27
|
-
"kms"
|
|
26
|
+
"type"
|
|
28
27
|
],
|
|
29
28
|
"description": "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
|
|
30
29
|
},
|
|
@@ -348,7 +347,6 @@
|
|
|
348
347
|
}
|
|
349
348
|
},
|
|
350
349
|
"required": [
|
|
351
|
-
"kms",
|
|
352
350
|
"publicKeyHex",
|
|
353
351
|
"type",
|
|
354
352
|
"data",
|
|
@@ -366,6 +364,15 @@
|
|
|
366
364
|
"$ref": "#/components/schemas/PartialKey"
|
|
367
365
|
}
|
|
368
366
|
},
|
|
367
|
+
"keyManagerGetDefaultKeyManagementSystem": {
|
|
368
|
+
"description": "Get the KMS registered as default. Handy when no explicit KMS is provided for a function",
|
|
369
|
+
"arguments": {
|
|
370
|
+
"type": "object"
|
|
371
|
+
},
|
|
372
|
+
"returnType": {
|
|
373
|
+
"type": "string"
|
|
374
|
+
}
|
|
375
|
+
},
|
|
369
376
|
"keyManagerHandleExpirations": {
|
|
370
377
|
"description": "Set keys to expired and remove keys eligible for deletion.",
|
|
371
378
|
"arguments": {
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
import { calculateJwkThumbprintForKey } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
1
|
+
import { calculateJwkThumbprintForKey, toJwk, verifySignatureWithSubtle } from '@sphereon/ssi-sdk-ext.key-utils'
|
|
2
2
|
import { IKey, KeyMetadata, ManagedKeyInfo } from '@veramo/core'
|
|
3
3
|
import { AbstractKeyManagementSystem, AbstractKeyStore, KeyManager as VeramoKeyManager } from '@veramo/key-manager'
|
|
4
|
+
|
|
5
|
+
import * as u8a from 'uint8arrays'
|
|
4
6
|
import {
|
|
5
7
|
hasKeyOptions,
|
|
6
8
|
IKeyManagerGetArgs,
|
|
@@ -18,27 +20,38 @@ export const sphereonKeyManagerMethods: Array<string> = [
|
|
|
18
20
|
'keyManagerSign',
|
|
19
21
|
'keyManagerVerify',
|
|
20
22
|
'keyManagerListKeys',
|
|
23
|
+
'keyManagerGetDefaultKeyManagementSystem',
|
|
21
24
|
'keyManagerHandleExpirations',
|
|
22
25
|
]
|
|
23
26
|
|
|
24
27
|
export class SphereonKeyManager extends VeramoKeyManager {
|
|
25
28
|
// local store reference, given the superclass store is private, and we need additional functions/calls
|
|
26
|
-
private
|
|
27
|
-
private readonly
|
|
28
|
-
readonly
|
|
29
|
+
private kmsStore: AbstractKeyStore
|
|
30
|
+
private readonly availableKmses: Record<string, AbstractKeyManagementSystem>
|
|
31
|
+
public readonly defaultKms: string
|
|
32
|
+
readonly kmsMethods: ISphereonKeyManager
|
|
29
33
|
|
|
30
|
-
constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem
|
|
34
|
+
constructor(options: { store: AbstractKeyStore; kms: Record<string, AbstractKeyManagementSystem>; defaultKms?: string }) {
|
|
31
35
|
super({ store: options.store, kms: options.kms })
|
|
32
|
-
this.
|
|
33
|
-
this.
|
|
36
|
+
this.kmsStore = options.store
|
|
37
|
+
this.availableKmses = options.kms
|
|
38
|
+
this.defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0]
|
|
39
|
+
if (!Object.keys(this.availableKmses).includes(this.defaultKms)) {
|
|
40
|
+
throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(',')}`)
|
|
41
|
+
}
|
|
34
42
|
const methods = this.methods
|
|
35
43
|
methods.keyManagerVerify = this.keyManagerVerify.bind(this)
|
|
36
44
|
methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)
|
|
37
|
-
|
|
45
|
+
methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)
|
|
46
|
+
this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string> {
|
|
50
|
+
return Promise.resolve(this.defaultKms)
|
|
38
51
|
}
|
|
39
52
|
|
|
40
53
|
override async keyManagerCreate(args: ISphereonKeyManagerCreateArgs): Promise<ManagedKeyInfo> {
|
|
41
|
-
const kms = this.getKmsByName(args.kms)
|
|
54
|
+
const kms = this.getKmsByName(args.kms ?? this.defaultKms)
|
|
42
55
|
const meta: KeyMetadata = { ...args.meta, ...(args.opts && { opts: args.opts }) }
|
|
43
56
|
if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {
|
|
44
57
|
// Make sure we set a delete date on an ephemeral key
|
|
@@ -48,11 +61,11 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
48
61
|
}
|
|
49
62
|
}
|
|
50
63
|
const partialKey = await kms.createKey({ type: args.type, meta })
|
|
51
|
-
const key: IKey = { ...partialKey, kms: args.kms }
|
|
64
|
+
const key: IKey = { ...partialKey, kms: args.kms ?? this.defaultKms }
|
|
52
65
|
key.meta = { ...meta, ...key.meta }
|
|
53
66
|
key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({ key })
|
|
54
67
|
|
|
55
|
-
await this.
|
|
68
|
+
await this.kmsStore.import(key)
|
|
56
69
|
if (key.privateKeyHex) {
|
|
57
70
|
// Make sure to not export the private key
|
|
58
71
|
delete key.privateKeyHex
|
|
@@ -63,26 +76,32 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
63
76
|
//FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
|
|
64
77
|
|
|
65
78
|
async keyManagerSign(args: ISphereonKeyManagerSignArgs): Promise<string> {
|
|
66
|
-
const keyInfo: IKey = (await this.
|
|
79
|
+
const keyInfo: IKey = (await this.kmsStore.get({ kid: args.keyRef })) as IKey
|
|
67
80
|
const kms = this.getKmsByName(keyInfo.kms)
|
|
68
81
|
if (keyInfo.type === 'Bls12381G2') {
|
|
69
|
-
return await kms.sign({ keyRef: keyInfo, data:
|
|
82
|
+
return await kms.sign({ keyRef: keyInfo, data: typeof args.data === 'string' ? u8a.fromString(args.data) : args.data })
|
|
70
83
|
}
|
|
71
84
|
// @ts-ignore // we can pass in uint8arrays as well, which the super also can handle but does not expose in its types
|
|
72
85
|
return await super.keyManagerSign(args)
|
|
73
86
|
}
|
|
74
87
|
|
|
75
88
|
async keyManagerVerify(args: ISphereonKeyManagerVerifyArgs): Promise<boolean> {
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
89
|
+
if (args.kms) {
|
|
90
|
+
const kms = this.getKmsByName(args.kms)
|
|
91
|
+
if (kms && 'verify' in kms && typeof kms.verify === 'function') {
|
|
92
|
+
// @ts-ignore
|
|
93
|
+
return await kms.verify(args)
|
|
94
|
+
}
|
|
80
95
|
}
|
|
81
|
-
|
|
96
|
+
return await verifySignatureWithSubtle({
|
|
97
|
+
key: toJwk(args.publicKeyHex, args.type),
|
|
98
|
+
data: args.data,
|
|
99
|
+
signature: u8a.fromString(args.signature, 'utf-8'),
|
|
100
|
+
})
|
|
82
101
|
}
|
|
83
102
|
|
|
84
103
|
async keyManagerListKeys(): Promise<ManagedKeyInfo[]> {
|
|
85
|
-
return this.
|
|
104
|
+
return this.kmsStore.list({})
|
|
86
105
|
}
|
|
87
106
|
|
|
88
107
|
async keyManagerHandleExpirations(args: ISphereonKeyManagerHandleExpirationsArgs): Promise<Array<ManagedKeyInfo>> {
|
|
@@ -103,7 +122,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
103
122
|
}
|
|
104
123
|
|
|
105
124
|
private getKmsByName(name: string): AbstractKeyManagementSystem {
|
|
106
|
-
const kms = this.
|
|
125
|
+
const kms = this.availableKmses[name]
|
|
107
126
|
if (!kms) {
|
|
108
127
|
throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`)
|
|
109
128
|
}
|
|
@@ -113,7 +132,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
113
132
|
//todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
|
|
114
133
|
async keyManagerGet({ kid }: IKeyManagerGetArgs): Promise<IKey> {
|
|
115
134
|
try {
|
|
116
|
-
const key = await this.
|
|
135
|
+
const key = await this.kmsStore.get({ kid })
|
|
117
136
|
return key
|
|
118
137
|
} catch (e) {
|
|
119
138
|
const keys: ManagedKeyInfo[] = await this.keyManagerListKeys()
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import { IPluginMethodMap, KeyMetadata, MinimalImportableKey, TKeyType
|
|
2
|
-
import { ManagedKeyInfo } from '@veramo/core'
|
|
1
|
+
import { IKeyManager, IKeyManagerSignArgs, IPluginMethodMap, KeyMetadata, ManagedKeyInfo, MinimalImportableKey, TKeyType } from '@veramo/core'
|
|
3
2
|
|
|
4
3
|
export type PartialKey = ManagedKeyInfo & { privateKeyHex: string }
|
|
5
4
|
|
|
@@ -20,6 +19,12 @@ export interface ISphereonKeyManager extends IKeyManager, IPluginMethodMap {
|
|
|
20
19
|
|
|
21
20
|
keyManagerListKeys(): Promise<Array<ManagedKeyInfo>>
|
|
22
21
|
|
|
22
|
+
/**
|
|
23
|
+
* Get the KMS registered as default. Handy when no explicit KMS is provided for a function
|
|
24
|
+
*/
|
|
25
|
+
|
|
26
|
+
keyManagerGetDefaultKeyManagementSystem(): Promise<string>
|
|
27
|
+
|
|
23
28
|
/**
|
|
24
29
|
* Set keys to expired and remove keys eligible for deletion.
|
|
25
30
|
* @param args
|
|
@@ -55,7 +60,7 @@ export interface ISphereonKeyManagerCreateArgs {
|
|
|
55
60
|
/**
|
|
56
61
|
* Key Management System
|
|
57
62
|
*/
|
|
58
|
-
kms
|
|
63
|
+
kms?: string
|
|
59
64
|
|
|
60
65
|
/**
|
|
61
66
|
* Key options
|
|
@@ -111,7 +116,7 @@ export interface ISphereonKeyManagerHandleExpirationsArgs {
|
|
|
111
116
|
}
|
|
112
117
|
|
|
113
118
|
export interface ISphereonKeyManagerVerifyArgs {
|
|
114
|
-
kms
|
|
119
|
+
kms?: string
|
|
115
120
|
publicKeyHex: string
|
|
116
121
|
type: TKeyType
|
|
117
122
|
algorithm?: string
|