@sphereon/ssi-sdk-ext.key-manager 0.28.1-feature.esm.cjs.8 → 0.28.1-feature.esm.cjs.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +127 -125
- package/dist/index.cjs.map +1 -1
- package/package.json +4 -4
package/dist/index.cjs
CHANGED
|
@@ -1,15 +1,20 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
1
|
+
"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _createStarExport(obj) { Object.keys(obj) .filter((key) => key !== "default" && key !== "__esModule") .forEach((key) => { if (exports.hasOwnProperty(key)) { return; } Object.defineProperty(exports, key, {enumerable: true, configurable: true, get: () => obj[key]}); }); } function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
5
|
var __getProtoOf = Object.getPrototypeOf;
|
|
7
6
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
7
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
8
|
+
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
9
|
+
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
10
|
+
}) : x)(function(x) {
|
|
11
|
+
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
12
|
+
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
13
|
+
});
|
|
9
14
|
var __esm = (fn, res) => function __init() {
|
|
10
15
|
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
11
16
|
};
|
|
12
|
-
var __commonJS = (cb, mod2) => function
|
|
17
|
+
var __commonJS = (cb, mod2) => function __require3() {
|
|
13
18
|
return mod2 || (0, cb[__getOwnPropNames(cb)[0]])((mod2 = { exports: {} }).exports, mod2), mod2.exports;
|
|
14
19
|
};
|
|
15
20
|
var __export = (target, all) => {
|
|
@@ -24,7 +29,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
24
29
|
}
|
|
25
30
|
return to;
|
|
26
31
|
};
|
|
27
|
-
var __reExport = (target, mod2, secondTarget) => (__copyProps(target, mod2, "default"), secondTarget && __copyProps(secondTarget, mod2, "default"));
|
|
28
32
|
var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__getProtoOf(mod2)) : {}, __copyProps(
|
|
29
33
|
// If the importer is in node compatibility mode or this is not an ESM
|
|
30
34
|
// file that has been converted to a CommonJS file using a Babel-
|
|
@@ -7546,7 +7550,7 @@ var require_brorand = __commonJS({
|
|
|
7546
7550
|
}
|
|
7547
7551
|
} else {
|
|
7548
7552
|
try {
|
|
7549
|
-
crypto4 =
|
|
7553
|
+
crypto4 = __require("crypto");
|
|
7550
7554
|
if (typeof crypto4.randomBytes !== "function") throw new Error("Not supported");
|
|
7551
7555
|
Rand.prototype._rand = /* @__PURE__ */ __name(function _rand(n) {
|
|
7552
7556
|
return crypto4.randomBytes(n);
|
|
@@ -14762,7 +14766,7 @@ var require_dist = __commonJS({
|
|
|
14762
14766
|
return void 0;
|
|
14763
14767
|
} else if (typeof window === "undefined" && typeof crypto !== "undefined") {
|
|
14764
14768
|
return void 0;
|
|
14765
|
-
} else return
|
|
14769
|
+
} else return __require("crypto");
|
|
14766
14770
|
}, "getNodeCrypto");
|
|
14767
14771
|
exports2.getNodeCrypto = getNodeCrypto;
|
|
14768
14772
|
var getWebCrypto = /* @__PURE__ */ __name(function() {
|
|
@@ -135893,7 +135897,7 @@ var require_hasher = __commonJS({
|
|
|
135893
135897
|
});
|
|
135894
135898
|
exports2.defaultHasher = exports2.shaHasher = void 0;
|
|
135895
135899
|
var sha2_1 = require_sha2();
|
|
135896
|
-
var u8a = __importStar2(
|
|
135900
|
+
var u8a = __importStar2(__require("uint8arrays"));
|
|
135897
135901
|
var supportedAlgorithms = [
|
|
135898
135902
|
"sha256",
|
|
135899
135903
|
"sha384",
|
|
@@ -136951,8 +136955,8 @@ var require_node2 = __commonJS({
|
|
|
136951
136955
|
constructor() {
|
|
136952
136956
|
this.isAvailable = false;
|
|
136953
136957
|
this.isInstantiated = false;
|
|
136954
|
-
if (typeof
|
|
136955
|
-
const nodeCrypto =
|
|
136958
|
+
if (typeof __require !== "undefined") {
|
|
136959
|
+
const nodeCrypto = __require("crypto");
|
|
136956
136960
|
if (nodeCrypto && nodeCrypto.randomBytes) {
|
|
136957
136961
|
this._crypto = nodeCrypto;
|
|
136958
136962
|
this.isAvailable = true;
|
|
@@ -139510,15 +139514,6 @@ var require_plugin_schema = __commonJS({
|
|
|
139510
139514
|
});
|
|
139511
139515
|
|
|
139512
139516
|
// src/index.ts
|
|
139513
|
-
var index_exports = {};
|
|
139514
|
-
__export(index_exports, {
|
|
139515
|
-
SphereonKeyManager: () => SphereonKeyManager,
|
|
139516
|
-
hasKeyOptions: () => hasKeyOptions,
|
|
139517
|
-
isDefined: () => isDefined,
|
|
139518
|
-
schema: () => schema,
|
|
139519
|
-
sphereonKeyManagerMethods: () => sphereonKeyManagerMethods
|
|
139520
|
-
});
|
|
139521
|
-
module.exports = __toCommonJS(index_exports);
|
|
139522
139517
|
init_cjs_shims();
|
|
139523
139518
|
|
|
139524
139519
|
// src/agent/SphereonKeyManager.ts
|
|
@@ -141711,7 +141706,7 @@ function weierstrass(curveDef) {
|
|
|
141711
141706
|
const is = invN(s);
|
|
141712
141707
|
const u1 = modN(h * is);
|
|
141713
141708
|
const u2 = modN(r * is);
|
|
141714
|
-
const R = Point2.BASE.multiplyAndAddUnsafe(P3, u1, u2)
|
|
141709
|
+
const R = _optionalChain([Point2, 'access', _5 => _5.BASE, 'access', _6 => _6.multiplyAndAddUnsafe, 'call', _7 => _7(P3, u1, u2), 'optionalAccess', _8 => _8.toAffine, 'call', _10 => _10()]);
|
|
141715
141710
|
if (!R) return false;
|
|
141716
141711
|
const v = modN(R.x);
|
|
141717
141712
|
return v === r;
|
|
@@ -142144,7 +142139,7 @@ function bls(CURVE2) {
|
|
|
142144
142139
|
g2: sig
|
|
142145
142140
|
});
|
|
142146
142141
|
return Fp122.eql(pairingBatch(paired), Fp122.ONE);
|
|
142147
|
-
} catch {
|
|
142142
|
+
} catch (e15) {
|
|
142148
142143
|
return false;
|
|
142149
142144
|
}
|
|
142150
142145
|
}
|
|
@@ -145110,7 +145105,7 @@ var sha3842 = /* @__PURE__ */ wrapConstructor2(() => new SHA3842());
|
|
|
145110
145105
|
|
|
145111
145106
|
// ../x509-utils/dist/index.js
|
|
145112
145107
|
init_cjs_shims();
|
|
145113
|
-
var
|
|
145108
|
+
var _tostring = require('uint8arrays/to-string');
|
|
145114
145109
|
|
|
145115
145110
|
// ../../node_modules/.pnpm/pkijs@3.2.5/node_modules/pkijs/build/index.es.js
|
|
145116
145111
|
init_cjs_shims();
|
|
@@ -146642,7 +146637,7 @@ var OctetString = class OctetString2 extends BaseBlock {
|
|
|
146642
146637
|
];
|
|
146643
146638
|
}
|
|
146644
146639
|
}
|
|
146645
|
-
} catch {
|
|
146640
|
+
} catch (e19) {
|
|
146646
146641
|
}
|
|
146647
146642
|
}
|
|
146648
146643
|
return super.fromBER(inputBuffer, inputOffset, inputLength);
|
|
@@ -146734,7 +146729,7 @@ var LocalBitStringValueBlock = class LocalBitStringValueBlock2 extends HexBlock(
|
|
|
146734
146729
|
];
|
|
146735
146730
|
}
|
|
146736
146731
|
}
|
|
146737
|
-
} catch {
|
|
146732
|
+
} catch (e20) {
|
|
146738
146733
|
}
|
|
146739
146734
|
}
|
|
146740
146735
|
this.valueHexView = intBuffer.subarray(1);
|
|
@@ -149905,7 +149900,7 @@ var PkiObject = class PkiObject2 {
|
|
|
149905
149900
|
let schema2;
|
|
149906
149901
|
try {
|
|
149907
149902
|
schema2 = this.toSchema();
|
|
149908
|
-
} catch {
|
|
149903
|
+
} catch (e21) {
|
|
149909
149904
|
schema2 = this.toSchema(true);
|
|
149910
149905
|
}
|
|
149911
149906
|
return pvtsutils2.Convert.ToString(schema2.toBER(), encoding);
|
|
@@ -155340,7 +155335,7 @@ var CryptoEngine = class CryptoEngine2 extends AbstractCryptoEngine {
|
|
|
155340
155335
|
const publicKeyInfo = new PublicKeyInfo();
|
|
155341
155336
|
try {
|
|
155342
155337
|
publicKeyInfo.fromSchema(asn1.result);
|
|
155343
|
-
} catch {
|
|
155338
|
+
} catch (e22) {
|
|
155344
155339
|
throw new ArgumentError("Incorrect keyData");
|
|
155345
155340
|
}
|
|
155346
155341
|
switch (alg.name.toUpperCase()) {
|
|
@@ -155595,7 +155590,7 @@ var CryptoEngine = class CryptoEngine2 extends AbstractCryptoEngine {
|
|
|
155595
155590
|
if (this.name.toLowerCase() === "safari") {
|
|
155596
155591
|
try {
|
|
155597
155592
|
return this.subtle.importKey("jwk", stringToArrayBuffer(JSON.stringify(jwk)), algorithm, extractable, keyUsages);
|
|
155598
|
-
} catch {
|
|
155593
|
+
} catch (e23) {
|
|
155599
155594
|
return this.subtle.importKey("jwk", jwk, algorithm, extractable, keyUsages);
|
|
155600
155595
|
}
|
|
155601
155596
|
}
|
|
@@ -156575,7 +156570,7 @@ var CryptoEngine = class CryptoEngine2 extends AbstractCryptoEngine {
|
|
|
156575
156570
|
return EMPTY_STRING2;
|
|
156576
156571
|
}
|
|
156577
156572
|
} else result = "SHA-1";
|
|
156578
|
-
} catch {
|
|
156573
|
+
} catch (e28) {
|
|
156579
156574
|
}
|
|
156580
156575
|
}
|
|
156581
156576
|
break;
|
|
@@ -164031,7 +164026,7 @@ var EnvelopedData = class EnvelopedData2 extends PkiObject {
|
|
|
164031
164026
|
recipientInfo.encryptedKey = new OctetString({
|
|
164032
164027
|
valueHex: encryptedKey
|
|
164033
164028
|
});
|
|
164034
|
-
} catch {
|
|
164029
|
+
} catch (e31) {
|
|
164035
164030
|
}
|
|
164036
164031
|
}, "SubKeyTransRecipientInfo");
|
|
164037
164032
|
const SubKEKRecipientInfo = /* @__PURE__ */ __name(async (index) => {
|
|
@@ -164229,7 +164224,7 @@ var EnvelopedData = class EnvelopedData2 extends PkiObject {
|
|
|
164229
164224
|
}, "unwrapSessionKey");
|
|
164230
164225
|
try {
|
|
164231
164226
|
return await unwrapSessionKey(aesKwKey);
|
|
164232
|
-
} catch {
|
|
164227
|
+
} catch (e32) {
|
|
164233
164228
|
const kdfResult2 = await applyKDF(true);
|
|
164234
164229
|
const aesKwKey2 = await importAesKwKey(kdfResult2);
|
|
164235
164230
|
return unwrapSessionKey(aesKwKey2);
|
|
@@ -169969,11 +169964,11 @@ __name(initCryptoEngine, "initCryptoEngine");
|
|
|
169969
169964
|
initCryptoEngine();
|
|
169970
169965
|
|
|
169971
169966
|
// ../x509-utils/dist/index.js
|
|
169972
|
-
var import_from_string = require("uint8arrays/from-string");
|
|
169973
|
-
var import_to_string2 = require("uint8arrays/to-string");
|
|
169974
169967
|
var import_keyto = __toESM(require_src(), 1);
|
|
169975
|
-
var
|
|
169976
|
-
|
|
169968
|
+
var _fromstring = require('uint8arrays/from-string');
|
|
169969
|
+
|
|
169970
|
+
|
|
169971
|
+
|
|
169977
169972
|
|
|
169978
169973
|
// ../../node_modules/.pnpm/@peculiar+asn1-schema@2.3.15/node_modules/@peculiar/asn1-schema/build/es2015/index.js
|
|
169979
169974
|
init_cjs_shims();
|
|
@@ -177967,7 +177962,7 @@ var GeneralNames5 = class GeneralNames6 extends AsnData {
|
|
|
177967
177962
|
let name = null;
|
|
177968
177963
|
try {
|
|
177969
177964
|
name = new GeneralName5(asnName);
|
|
177970
|
-
} catch {
|
|
177965
|
+
} catch (e33) {
|
|
177971
177966
|
continue;
|
|
177972
177967
|
}
|
|
177973
177968
|
items.push(name);
|
|
@@ -179499,17 +179494,17 @@ AsnEcSignatureFormatter.namedCurveSize.set("P-521", 66);
|
|
|
179499
179494
|
|
|
179500
179495
|
// ../x509-utils/dist/index.js
|
|
179501
179496
|
var import_js_x509_utils = __toESM(require_dist10(), 1);
|
|
179502
|
-
|
|
179503
|
-
|
|
179497
|
+
|
|
179498
|
+
|
|
179504
179499
|
var __defProp2 = Object.defineProperty;
|
|
179505
179500
|
var __name2 = /* @__PURE__ */ __name((target, value) => __defProp2(target, "name", {
|
|
179506
179501
|
value,
|
|
179507
179502
|
configurable: true
|
|
179508
179503
|
}), "__name");
|
|
179509
|
-
var
|
|
179510
|
-
get: /* @__PURE__ */ __name((a, b) => (typeof
|
|
179504
|
+
var __require2 = /* @__PURE__ */ ((x) => typeof __require !== "undefined" ? __require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
179505
|
+
get: /* @__PURE__ */ __name((a, b) => (typeof __require !== "undefined" ? __require : a)[b], "get")
|
|
179511
179506
|
}) : x)(function(x) {
|
|
179512
|
-
if (typeof
|
|
179507
|
+
if (typeof __require !== "undefined") return __require.apply(this, arguments);
|
|
179513
179508
|
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
179514
179509
|
});
|
|
179515
179510
|
var globalCrypto = /* @__PURE__ */ __name2((setGlobal, suppliedCrypto) => {
|
|
@@ -179521,10 +179516,10 @@ var globalCrypto = /* @__PURE__ */ __name2((setGlobal, suppliedCrypto) => {
|
|
|
179521
179516
|
} else if (typeof global.crypto !== "undefined") {
|
|
179522
179517
|
webcrypto = global.crypto;
|
|
179523
179518
|
} else {
|
|
179524
|
-
if (typeof global.window
|
|
179519
|
+
if (typeof _optionalChain([global, 'access', _11 => _11.window, 'optionalAccess', _12 => _12.crypto, 'optionalAccess', _13 => _13.subtle]) !== "undefined") {
|
|
179525
179520
|
webcrypto = global.window.crypto;
|
|
179526
179521
|
} else {
|
|
179527
|
-
webcrypto =
|
|
179522
|
+
webcrypto = __require2("crypto");
|
|
179528
179523
|
}
|
|
179529
179524
|
}
|
|
179530
179525
|
if (setGlobal) {
|
|
@@ -179582,20 +179577,20 @@ var PEMToHex = /* @__PURE__ */ __name2((PEM, headerKey) => {
|
|
|
179582
179577
|
}, "PEMToHex");
|
|
179583
179578
|
function PEMToBinary(pem) {
|
|
179584
179579
|
const pemContents = pem.replace(/^[^]*-----BEGIN [^-]+-----/, "").replace(/-----END [^-]+-----[^]*$/, "").replace(/\s/g, "");
|
|
179585
|
-
return (0,
|
|
179580
|
+
return _fromstring.fromString.call(void 0, pemContents, "base64pad");
|
|
179586
179581
|
}
|
|
179587
179582
|
__name(PEMToBinary, "PEMToBinary");
|
|
179588
179583
|
__name2(PEMToBinary, "PEMToBinary");
|
|
179589
179584
|
var base64ToHex = /* @__PURE__ */ __name2((input, inputEncoding) => {
|
|
179590
179585
|
const base64NoNewlines = input.replace(/[^0-9A-Za-z_\-~\/+=]*/g, "");
|
|
179591
|
-
return (0,
|
|
179586
|
+
return _tostring.toString.call(void 0, _fromstring.fromString.call(void 0, base64NoNewlines, inputEncoding ? inputEncoding : "base64pad"), "base16");
|
|
179592
179587
|
}, "base64ToHex");
|
|
179593
179588
|
var hexToBase64 = /* @__PURE__ */ __name2((input, targetEncoding) => {
|
|
179594
179589
|
let hex = typeof input === "string" ? input : input.toString(16);
|
|
179595
179590
|
if (hex.length % 2 === 1) {
|
|
179596
179591
|
hex = `0${hex}`;
|
|
179597
179592
|
}
|
|
179598
|
-
return (0,
|
|
179593
|
+
return _tostring.toString.call(void 0, _fromstring.fromString.call(void 0, hex, "base16"), targetEncoding ? targetEncoding : "base64pad");
|
|
179599
179594
|
}, "hexToBase64");
|
|
179600
179595
|
var hexToPEM = /* @__PURE__ */ __name2((hex, type) => {
|
|
179601
179596
|
const base64 = hexToBase64(hex, "base64pad");
|
|
@@ -179617,7 +179612,7 @@ function PEMToDer(pem) {
|
|
|
179617
179612
|
__name(PEMToDer, "PEMToDer");
|
|
179618
179613
|
__name2(PEMToDer, "PEMToDer");
|
|
179619
179614
|
function derToPEM(cert, headerKey) {
|
|
179620
|
-
const key = headerKey
|
|
179615
|
+
const key = _nullishCoalesce(headerKey, () => ( "CERTIFICATE"));
|
|
179621
179616
|
if (cert.includes(key)) {
|
|
179622
179617
|
return cert;
|
|
179623
179618
|
}
|
|
@@ -179649,13 +179644,13 @@ var usage = /* @__PURE__ */ __name2((jwk) => {
|
|
|
179649
179644
|
}
|
|
179650
179645
|
if (jwk.kty === "RSA") {
|
|
179651
179646
|
if (jwk.d) {
|
|
179652
|
-
return jwk.alg
|
|
179647
|
+
return _optionalChain([jwk, 'access', _14 => _14.alg, 'optionalAccess', _15 => _15.toUpperCase, 'call', _16 => _16(), 'optionalAccess', _17 => _17.includes, 'call', _18 => _18("QAEP")]) ? [
|
|
179653
179648
|
"encrypt"
|
|
179654
179649
|
] : [
|
|
179655
179650
|
"sign"
|
|
179656
179651
|
];
|
|
179657
179652
|
}
|
|
179658
|
-
return jwk.alg
|
|
179653
|
+
return _optionalChain([jwk, 'access', _19 => _19.alg, 'optionalAccess', _20 => _20.toUpperCase, 'call', _21 => _21(), 'optionalAccess', _22 => _22.includes, 'call', _23 => _23("QAEP")]) ? [
|
|
179659
179654
|
"decrypt"
|
|
179660
179655
|
] : [
|
|
179661
179656
|
"verify"
|
|
@@ -179685,10 +179680,10 @@ var RSASigner = class {
|
|
|
179685
179680
|
static {
|
|
179686
179681
|
__name2(this, "RSASigner");
|
|
179687
179682
|
}
|
|
179688
|
-
|
|
179689
|
-
|
|
179690
|
-
|
|
179691
|
-
|
|
179683
|
+
|
|
179684
|
+
|
|
179685
|
+
|
|
179686
|
+
|
|
179692
179687
|
/**
|
|
179693
179688
|
*
|
|
179694
179689
|
* @param key Either in PEM or JWK format (no raw hex keys here!)
|
|
@@ -179696,12 +179691,12 @@ var RSASigner = class {
|
|
|
179696
179691
|
*/
|
|
179697
179692
|
constructor(key, opts) {
|
|
179698
179693
|
if (typeof key === "string") {
|
|
179699
|
-
this.jwk = PEMToJwk(key, opts
|
|
179694
|
+
this.jwk = PEMToJwk(key, _optionalChain([opts, 'optionalAccess', _24 => _24.visibility]));
|
|
179700
179695
|
} else {
|
|
179701
179696
|
this.jwk = key;
|
|
179702
179697
|
}
|
|
179703
|
-
this.hashAlgorithm = opts
|
|
179704
|
-
this.scheme = opts
|
|
179698
|
+
this.hashAlgorithm = _nullishCoalesce(_optionalChain([opts, 'optionalAccess', _25 => _25.hashAlgorithm]), () => ( "SHA-256"));
|
|
179699
|
+
this.scheme = _nullishCoalesce(_optionalChain([opts, 'optionalAccess', _26 => _26.scheme]), () => ( "RSA-PSS"));
|
|
179705
179700
|
}
|
|
179706
179701
|
getImportParams() {
|
|
179707
179702
|
if (this.scheme === "RSA-PSS") {
|
|
@@ -179722,7 +179717,7 @@ var RSASigner = class {
|
|
|
179722
179717
|
}
|
|
179723
179718
|
bufferToString(buf) {
|
|
179724
179719
|
const uint8Array = new Uint8Array(buf);
|
|
179725
|
-
return (0,
|
|
179720
|
+
return _tostring.toString.call(void 0, uint8Array, "base64url");
|
|
179726
179721
|
}
|
|
179727
179722
|
async sign(data) {
|
|
179728
179723
|
const input = data;
|
|
@@ -179735,7 +179730,7 @@ var RSASigner = class {
|
|
|
179735
179730
|
}
|
|
179736
179731
|
async verify(data, signature) {
|
|
179737
179732
|
const jws = signature.includes(".") ? signature.split(".")[2] : signature;
|
|
179738
|
-
const input = typeof data == "string" ? (0,
|
|
179733
|
+
const input = typeof data == "string" ? _fromstring.fromString.call(void 0, data, "utf-8") : data;
|
|
179739
179734
|
let key = await this.getKey();
|
|
179740
179735
|
if (!key.usages.includes("verify")) {
|
|
179741
179736
|
const verifyJwk = {
|
|
@@ -179746,7 +179741,7 @@ var RSASigner = class {
|
|
|
179746
179741
|
delete verifyJwk.key_ops;
|
|
179747
179742
|
key = await cryptoSubtleImportRSAKey(verifyJwk, this.scheme, this.hashAlgorithm);
|
|
179748
179743
|
}
|
|
179749
|
-
const verificationResult = await globalCrypto(false).subtle.verify(this.getImportParams(), key, (0,
|
|
179744
|
+
const verificationResult = await globalCrypto(false).subtle.verify(this.getImportParams(), key, _fromstring.fromString.call(void 0, jws, "base64url"), input);
|
|
179750
179745
|
return verificationResult;
|
|
179751
179746
|
}
|
|
179752
179747
|
};
|
|
@@ -180940,10 +180935,10 @@ var PKCS1_SHA384 = /* @__PURE__ */ PKCS1(sha3844, "3041300d060960864801650304020
|
|
|
180940
180935
|
var PKCS1_SHA512 = /* @__PURE__ */ PKCS1(sha5124, "3051300d060960864801650304020305000440");
|
|
180941
180936
|
|
|
180942
180937
|
// ../key-utils/dist/index.js
|
|
180943
|
-
|
|
180944
|
-
|
|
180945
|
-
|
|
180946
|
-
|
|
180938
|
+
|
|
180939
|
+
|
|
180940
|
+
|
|
180941
|
+
|
|
180947
180942
|
|
|
180948
180943
|
// ../../node_modules/.pnpm/web-encoding@1.1.5/node_modules/web-encoding/src/lib.mjs
|
|
180949
180944
|
init_cjs_shims();
|
|
@@ -180979,13 +180974,13 @@ var digestMethodParams = /* @__PURE__ */ __name3((hashAlgorithm) => {
|
|
|
180979
180974
|
}
|
|
180980
180975
|
}, "digestMethodParams");
|
|
180981
180976
|
var sha256DigestMethod = /* @__PURE__ */ __name3((input, encoding = "base16") => {
|
|
180982
|
-
return (0,
|
|
180977
|
+
return _tostring.toString.call(void 0, sha2562(_fromstring.fromString.call(void 0, input, "utf-8")), encoding);
|
|
180983
180978
|
}, "sha256DigestMethod");
|
|
180984
180979
|
var sha384DigestMethod = /* @__PURE__ */ __name3((input, encoding = "base16") => {
|
|
180985
|
-
return (0,
|
|
180980
|
+
return _tostring.toString.call(void 0, sha3842(_fromstring.fromString.call(void 0, input, "utf-8")), encoding);
|
|
180986
180981
|
}, "sha384DigestMethod");
|
|
180987
180982
|
var sha512DigestMethod = /* @__PURE__ */ __name3((input, encoding = "base16") => {
|
|
180988
|
-
return (0,
|
|
180983
|
+
return _tostring.toString.call(void 0, sha5122(_fromstring.fromString.call(void 0, input, "utf-8")), encoding);
|
|
180989
180984
|
}, "sha512DigestMethod");
|
|
180990
180985
|
var textEncoder = new Encoder();
|
|
180991
180986
|
var textDecoder = new Decoder();
|
|
@@ -181008,7 +181003,7 @@ __name(assertObject, "assertObject");
|
|
|
181008
181003
|
__name3(assertObject, "assertObject");
|
|
181009
181004
|
function validateJwk(jwk, opts) {
|
|
181010
181005
|
assertObject(jwk);
|
|
181011
|
-
const { crvOptional = false } = opts
|
|
181006
|
+
const { crvOptional = false } = _nullishCoalesce(opts, () => ( {}));
|
|
181012
181007
|
check(jwk.kty, '"kty" (Key Type) Parameter', false);
|
|
181013
181008
|
switch (jwk.kty) {
|
|
181014
181009
|
/**
|
|
@@ -181175,24 +181170,24 @@ var keyMetaAlgorithmsFromKeyType = /* @__PURE__ */ __name3((type) => {
|
|
|
181175
181170
|
];
|
|
181176
181171
|
}, "keyMetaAlgorithmsFromKeyType");
|
|
181177
181172
|
async function importProvidedOrGeneratedKey(args, context) {
|
|
181178
|
-
const type = args.options
|
|
181179
|
-
const key = args
|
|
181180
|
-
if (args.options
|
|
181173
|
+
const type = _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([args, 'access', _27 => _27.options, 'optionalAccess', _28 => _28.type]), () => ( _optionalChain([args, 'access', _29 => _29.options, 'optionalAccess', _30 => _30.key, 'optionalAccess', _31 => _31.type]))), () => ( _optionalChain([args, 'access', _32 => _32.options, 'optionalAccess', _33 => _33.keyType]))), () => ( "Secp256r1"));
|
|
181174
|
+
const key = _optionalChain([args, 'optionalAccess', _34 => _34.options, 'optionalAccess', _35 => _35.key]);
|
|
181175
|
+
if (_optionalChain([args, 'access', _36 => _36.options, 'optionalAccess', _37 => _37.x509]) && key) {
|
|
181181
181176
|
key.meta = {
|
|
181182
181177
|
...key.meta,
|
|
181183
181178
|
x509: {
|
|
181184
181179
|
...args.options.x509,
|
|
181185
|
-
...key.meta
|
|
181180
|
+
..._optionalChain([key, 'access', _38 => _38.meta, 'optionalAccess', _39 => _39.x509])
|
|
181186
181181
|
}
|
|
181187
181182
|
};
|
|
181188
181183
|
}
|
|
181189
|
-
if (args.options && args.options
|
|
181184
|
+
if (args.options && _optionalChain([args, 'access', _40 => _40.options, 'optionalAccess', _41 => _41.use]) === JwkKeyUse.Encryption && !ENC_KEY_ALGS.includes(type)) {
|
|
181190
181185
|
throw new Error(`${type} keys are not valid for encryption`);
|
|
181191
181186
|
}
|
|
181192
181187
|
let privateKeyHex = void 0;
|
|
181193
181188
|
if (key) {
|
|
181194
|
-
privateKeyHex = key.privateKeyHex
|
|
181195
|
-
if ((!privateKeyHex || privateKeyHex.trim() === "") && key
|
|
181189
|
+
privateKeyHex = _nullishCoalesce(key.privateKeyHex, () => ( _optionalChain([key, 'access', _42 => _42.meta, 'optionalAccess', _43 => _43.x509, 'optionalAccess', _44 => _44.privateKeyHex])));
|
|
181190
|
+
if ((!privateKeyHex || privateKeyHex.trim() === "") && _optionalChain([key, 'optionalAccess', _45 => _45.meta, 'optionalAccess', _46 => _46.x509, 'optionalAccess', _47 => _47.privateKeyPEM])) {
|
|
181196
181191
|
privateKeyHex = privateKeyHexFromPEM(key.meta.x509.privateKeyPEM);
|
|
181197
181192
|
}
|
|
181198
181193
|
}
|
|
@@ -181208,7 +181203,7 @@ async function importProvidedOrGeneratedKey(args, context) {
|
|
|
181208
181203
|
type,
|
|
181209
181204
|
kms: args.kms,
|
|
181210
181205
|
meta: {
|
|
181211
|
-
...key
|
|
181206
|
+
..._optionalChain([key, 'optionalAccess', _48 => _48.meta]),
|
|
181212
181207
|
algorithms: keyMetaAlgorithmsFromKeyType(type),
|
|
181213
181208
|
keyAlias: args.alias
|
|
181214
181209
|
}
|
|
@@ -181285,8 +181280,8 @@ var calculateJwkThumbprint = /* @__PURE__ */ __name3((args) => {
|
|
|
181285
181280
|
return digestAlgorithm === "sha512" ? digestMethodParams("SHA-512").digestMethod(data, "base64url") : digestMethodParams("SHA-256").digestMethod(data, "base64url");
|
|
181286
181281
|
}, "calculateJwkThumbprint");
|
|
181287
181282
|
var toJwk = /* @__PURE__ */ __name3((publicKeyHex, type, opts) => {
|
|
181288
|
-
const { key, noKidThumbprint = false } = opts
|
|
181289
|
-
if (key && key.publicKeyHex !== publicKeyHex && opts
|
|
181283
|
+
const { key, noKidThumbprint = false } = _nullishCoalesce(opts, () => ( {}));
|
|
181284
|
+
if (key && key.publicKeyHex !== publicKeyHex && _optionalChain([opts, 'optionalAccess', _49 => _49.isPrivateKey]) !== true) {
|
|
181290
181285
|
throw Error(`Provided key with id ${key.kid}, has a different public key hex ${key.publicKeyHex} than supplied public key ${publicKeyHex}`);
|
|
181291
181286
|
}
|
|
181292
181287
|
let jwk;
|
|
@@ -181341,9 +181336,9 @@ function rsaJwkToRawHexKey(jwk) {
|
|
|
181341
181336
|
if (!jwk.n || !jwk.e) {
|
|
181342
181337
|
throw new Error("RSA JWK must contain 'n' and 'e' properties.");
|
|
181343
181338
|
}
|
|
181344
|
-
const modulus = (0,
|
|
181345
|
-
const exponent = (0,
|
|
181346
|
-
return (0,
|
|
181339
|
+
const modulus = _fromstring.fromString.call(void 0, jwk.n.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181340
|
+
const exponent = _fromstring.fromString.call(void 0, jwk.e.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181341
|
+
return _tostring.toString.call(void 0, modulus, "hex") + _tostring.toString.call(void 0, exponent, "hex");
|
|
181347
181342
|
}
|
|
181348
181343
|
__name(rsaJwkToRawHexKey, "rsaJwkToRawHexKey");
|
|
181349
181344
|
__name3(rsaJwkToRawHexKey, "rsaJwkToRawHexKey");
|
|
@@ -181352,9 +181347,9 @@ function ecJwkToRawHexKey(jwk) {
|
|
|
181352
181347
|
if (!jwk.x || !jwk.y) {
|
|
181353
181348
|
throw new Error("EC JWK must contain 'x' and 'y' properties.");
|
|
181354
181349
|
}
|
|
181355
|
-
const x = (0,
|
|
181356
|
-
const y = (0,
|
|
181357
|
-
return "04" + (0,
|
|
181350
|
+
const x = _fromstring.fromString.call(void 0, jwk.x.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181351
|
+
const y = _fromstring.fromString.call(void 0, jwk.y.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181352
|
+
return "04" + _tostring.toString.call(void 0, x, "hex") + _tostring.toString.call(void 0, y, "hex");
|
|
181358
181353
|
}
|
|
181359
181354
|
__name(ecJwkToRawHexKey, "ecJwkToRawHexKey");
|
|
181360
181355
|
__name3(ecJwkToRawHexKey, "ecJwkToRawHexKey");
|
|
@@ -181363,8 +181358,8 @@ function okpJwkToRawHexKey(jwk) {
|
|
|
181363
181358
|
if (!jwk.x) {
|
|
181364
181359
|
throw new Error("OKP JWK must contain 'x' property.");
|
|
181365
181360
|
}
|
|
181366
|
-
const x = (0,
|
|
181367
|
-
return (0,
|
|
181361
|
+
const x = _fromstring.fromString.call(void 0, jwk.x.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181362
|
+
return _tostring.toString.call(void 0, x, "hex");
|
|
181368
181363
|
}
|
|
181369
181364
|
__name(okpJwkToRawHexKey, "okpJwkToRawHexKey");
|
|
181370
181365
|
__name3(okpJwkToRawHexKey, "okpJwkToRawHexKey");
|
|
@@ -181373,8 +181368,8 @@ function octJwkToRawHexKey(jwk) {
|
|
|
181373
181368
|
if (!jwk.k) {
|
|
181374
181369
|
throw new Error("Octet JWK must contain 'k' property.");
|
|
181375
181370
|
}
|
|
181376
|
-
const key = (0,
|
|
181377
|
-
return (0,
|
|
181371
|
+
const key = _fromstring.fromString.call(void 0, jwk.k.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, ""), "base64url");
|
|
181372
|
+
return _tostring.toString.call(void 0, key, "hex");
|
|
181378
181373
|
}
|
|
181379
181374
|
__name(octJwkToRawHexKey, "octJwkToRawHexKey");
|
|
181380
181375
|
__name3(octJwkToRawHexKey, "octJwkToRawHexKey");
|
|
@@ -181388,9 +181383,9 @@ var assertProperKeyLength = /* @__PURE__ */ __name3((keyHex, expectedKeyLength)
|
|
|
181388
181383
|
}
|
|
181389
181384
|
}, "assertProperKeyLength");
|
|
181390
181385
|
var toSecp256k1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
181391
|
-
const { use: use2 } = opts
|
|
181386
|
+
const { use: use2 } = _nullishCoalesce(opts, () => ( {}));
|
|
181392
181387
|
logger.debug(`toSecp256k1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`);
|
|
181393
|
-
if (opts
|
|
181388
|
+
if (_optionalChain([opts, 'optionalAccess', _50 => _50.isPrivateKey])) {
|
|
181394
181389
|
assertProperKeyLength(keyHex, [
|
|
181395
181390
|
64
|
|
181396
181391
|
]);
|
|
@@ -181401,8 +181396,8 @@ var toSecp256k1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
|
181401
181396
|
]);
|
|
181402
181397
|
}
|
|
181403
181398
|
const secp256k12 = new import_elliptic.default.ec("secp256k1");
|
|
181404
|
-
const keyBytes = (0,
|
|
181405
|
-
const keyPair = opts
|
|
181399
|
+
const keyBytes = _fromstring.fromString.call(void 0, keyHex, "base16");
|
|
181400
|
+
const keyPair = _optionalChain([opts, 'optionalAccess', _51 => _51.isPrivateKey]) ? secp256k12.keyFromPrivate(keyBytes) : secp256k12.keyFromPublic(keyBytes);
|
|
181406
181401
|
const pubPoint = keyPair.getPublic();
|
|
181407
181402
|
return sanitizedJwk({
|
|
181408
181403
|
alg: import_ssi_types.JoseSignatureAlgorithm.ES256K,
|
|
@@ -181413,15 +181408,15 @@ var toSecp256k1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
|
181413
181408
|
crv: import_ssi_types.JoseCurve.secp256k1,
|
|
181414
181409
|
x: hexToBase64(pubPoint.getX().toString("hex"), "base64url"),
|
|
181415
181410
|
y: hexToBase64(pubPoint.getY().toString("hex"), "base64url"),
|
|
181416
|
-
...opts
|
|
181411
|
+
..._optionalChain([opts, 'optionalAccess', _52 => _52.isPrivateKey]) && {
|
|
181417
181412
|
d: hexToBase64(keyPair.getPrivate("hex"), "base64url")
|
|
181418
181413
|
}
|
|
181419
181414
|
});
|
|
181420
181415
|
}, "toSecp256k1Jwk");
|
|
181421
181416
|
var toSecp256r1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
181422
|
-
const { use: use2 } = opts
|
|
181417
|
+
const { use: use2 } = _nullishCoalesce(opts, () => ( {}));
|
|
181423
181418
|
logger.debug(`toSecp256r1Jwk keyHex: ${keyHex}, length: ${keyHex.length}`);
|
|
181424
|
-
if (opts
|
|
181419
|
+
if (_optionalChain([opts, 'optionalAccess', _53 => _53.isPrivateKey])) {
|
|
181425
181420
|
assertProperKeyLength(keyHex, [
|
|
181426
181421
|
64
|
|
181427
181422
|
]);
|
|
@@ -181432,9 +181427,9 @@ var toSecp256r1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
|
181432
181427
|
]);
|
|
181433
181428
|
}
|
|
181434
181429
|
const secp256r1 = new import_elliptic.default.ec("p256");
|
|
181435
|
-
const keyBytes = (0,
|
|
181430
|
+
const keyBytes = _fromstring.fromString.call(void 0, keyHex, "base16");
|
|
181436
181431
|
logger.debug(`keyBytes length: ${keyBytes}`);
|
|
181437
|
-
const keyPair = opts
|
|
181432
|
+
const keyPair = _optionalChain([opts, 'optionalAccess', _54 => _54.isPrivateKey]) ? secp256r1.keyFromPrivate(keyBytes) : secp256r1.keyFromPublic(keyBytes);
|
|
181438
181433
|
const pubPoint = keyPair.getPublic();
|
|
181439
181434
|
return sanitizedJwk({
|
|
181440
181435
|
alg: import_ssi_types.JoseSignatureAlgorithm.ES256,
|
|
@@ -181445,31 +181440,31 @@ var toSecp256r1Jwk = /* @__PURE__ */ __name3((keyHex, opts) => {
|
|
|
181445
181440
|
crv: import_ssi_types.JoseCurve.P_256,
|
|
181446
181441
|
x: hexToBase64(pubPoint.getX().toString("hex"), "base64url"),
|
|
181447
181442
|
y: hexToBase64(pubPoint.getY().toString("hex"), "base64url"),
|
|
181448
|
-
...opts
|
|
181443
|
+
..._optionalChain([opts, 'optionalAccess', _55 => _55.isPrivateKey]) && {
|
|
181449
181444
|
d: hexToBase64(keyPair.getPrivate("hex"), "base64url")
|
|
181450
181445
|
}
|
|
181451
181446
|
});
|
|
181452
181447
|
}, "toSecp256r1Jwk");
|
|
181453
181448
|
var toEd25519OrX25519Jwk = /* @__PURE__ */ __name3((publicKeyHex, opts) => {
|
|
181454
181449
|
assertProperKeyLength(publicKeyHex, 64);
|
|
181455
|
-
const { use: use2 } = opts
|
|
181450
|
+
const { use: use2 } = _nullishCoalesce(opts, () => ( {}));
|
|
181456
181451
|
return sanitizedJwk({
|
|
181457
181452
|
alg: import_ssi_types.JoseSignatureAlgorithm.EdDSA,
|
|
181458
181453
|
...use2 !== void 0 && {
|
|
181459
181454
|
use: use2
|
|
181460
181455
|
},
|
|
181461
181456
|
kty: import_ssi_types.JwkKeyType.OKP,
|
|
181462
|
-
crv: opts
|
|
181457
|
+
crv: _nullishCoalesce(_optionalChain([opts, 'optionalAccess', _56 => _56.crv]), () => ( import_ssi_types.JoseCurve.Ed25519)),
|
|
181463
181458
|
x: hexToBase64(publicKeyHex, "base64url")
|
|
181464
181459
|
});
|
|
181465
181460
|
}, "toEd25519OrX25519Jwk");
|
|
181466
181461
|
var toRSAJwk = /* @__PURE__ */ __name3((publicKeyHex, opts) => {
|
|
181467
|
-
const meta = opts
|
|
181468
|
-
if (meta
|
|
181469
|
-
if (meta
|
|
181462
|
+
const meta = _optionalChain([opts, 'optionalAccess', _57 => _57.key, 'optionalAccess', _58 => _58.meta]);
|
|
181463
|
+
if (_optionalChain([meta, 'optionalAccess', _59 => _59.publicKeyJwk]) || _optionalChain([meta, 'optionalAccess', _60 => _60.publicKeyPEM])) {
|
|
181464
|
+
if (_optionalChain([meta, 'optionalAccess', _61 => _61.publicKeyJwk])) {
|
|
181470
181465
|
return meta.publicKeyJwk;
|
|
181471
181466
|
}
|
|
181472
|
-
const publicKeyPEM = meta
|
|
181467
|
+
const publicKeyPEM = _nullishCoalesce(_optionalChain([meta, 'optionalAccess', _62 => _62.publicKeyPEM]), () => ( hexToPEM(publicKeyHex, "public")));
|
|
181473
181468
|
return PEMToJwk(publicKeyPEM, "public");
|
|
181474
181469
|
}
|
|
181475
181470
|
const exponent = publicKeyHex.slice(-5);
|
|
@@ -181593,8 +181588,8 @@ var base64ToBase64Url = /* @__PURE__ */ __name3((input) => {
|
|
|
181593
181588
|
}, "base64ToBase64Url");
|
|
181594
181589
|
async function verifyRawSignature({ data, signature, key: inputKey, opts }) {
|
|
181595
181590
|
function jwkPropertyToBigInt(jwkProp) {
|
|
181596
|
-
const byteArray = (0,
|
|
181597
|
-
const hex = (0,
|
|
181591
|
+
const byteArray = _fromstring.fromString.call(void 0, jwkProp, "base64url");
|
|
181592
|
+
const hex = _tostring.toString.call(void 0, byteArray, "hex");
|
|
181598
181593
|
return BigInt(`0x${hex}`);
|
|
181599
181594
|
}
|
|
181600
181595
|
__name(jwkPropertyToBigInt, "jwkPropertyToBigInt");
|
|
@@ -181633,12 +181628,12 @@ async function verifyRawSignature({ data, signature, key: inputKey, opts }) {
|
|
|
181633
181628
|
prehash: true
|
|
181634
181629
|
});
|
|
181635
181630
|
case "Ed25519":
|
|
181636
|
-
return ed25519.verify(signature, data, (0,
|
|
181631
|
+
return ed25519.verify(signature, data, _fromstring.fromString.call(void 0, publicKeyHex, "hex"));
|
|
181637
181632
|
case "Bls12381G1":
|
|
181638
181633
|
case "Bls12381G2":
|
|
181639
|
-
return bls12_381.verify(signature, data, (0,
|
|
181634
|
+
return bls12_381.verify(signature, data, _fromstring.fromString.call(void 0, publicKeyHex, "hex"));
|
|
181640
181635
|
case "RSA": {
|
|
181641
|
-
const signatureAlgorithm = opts
|
|
181636
|
+
const signatureAlgorithm = _nullishCoalesce(_nullishCoalesce(_optionalChain([opts, 'optionalAccess', _63 => _63.signatureAlg]), () => ( jwk.alg)), () => ( import_ssi_types.JoseSignatureAlgorithm.PS256));
|
|
181642
181637
|
const hashAlg = signatureAlgorithm === (import_ssi_types.JoseSignatureAlgorithm.RS512 || import_ssi_types.JoseSignatureAlgorithm.PS512) ? sha5122 : signatureAlgorithm === (import_ssi_types.JoseSignatureAlgorithm.RS384 || import_ssi_types.JoseSignatureAlgorithm.PS384) ? sha3842 : sha2562;
|
|
181643
181638
|
switch (signatureAlgorithm) {
|
|
181644
181639
|
case import_ssi_types.JoseSignatureAlgorithm.RS256:
|
|
@@ -181912,8 +181907,8 @@ __name(coseToJoseCurve, "coseToJoseCurve");
|
|
|
181912
181907
|
__name3(coseToJoseCurve, "coseToJoseCurve");
|
|
181913
181908
|
|
|
181914
181909
|
// src/agent/SphereonKeyManager.ts
|
|
181915
|
-
var
|
|
181916
|
-
|
|
181910
|
+
var _keymanager = require('@veramo/key-manager'); _createStarExport(_keymanager);
|
|
181911
|
+
|
|
181917
181912
|
|
|
181918
181913
|
// src/types/ISphereonKeyManager.ts
|
|
181919
181914
|
init_cjs_shims();
|
|
@@ -181934,15 +181929,15 @@ var sphereonKeyManagerMethods = [
|
|
|
181934
181929
|
"keyManagerGetDefaultKeyManagementSystem",
|
|
181935
181930
|
"keyManagerHandleExpirations"
|
|
181936
181931
|
];
|
|
181937
|
-
var SphereonKeyManager = class extends
|
|
181932
|
+
var SphereonKeyManager = class extends _keymanager.KeyManager {
|
|
181938
181933
|
static {
|
|
181939
181934
|
__name(this, "SphereonKeyManager");
|
|
181940
181935
|
}
|
|
181941
181936
|
// local store reference, given the superclass store is private, and we need additional functions/calls
|
|
181942
|
-
|
|
181943
|
-
|
|
181944
|
-
|
|
181945
|
-
|
|
181937
|
+
|
|
181938
|
+
|
|
181939
|
+
|
|
181940
|
+
|
|
181946
181941
|
constructor(options) {
|
|
181947
181942
|
super({
|
|
181948
181943
|
store: options.store,
|
|
@@ -181950,7 +181945,7 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
181950
181945
|
});
|
|
181951
181946
|
this.kmsStore = options.store;
|
|
181952
181947
|
this.availableKmses = options.kms;
|
|
181953
|
-
this._defaultKms = options.defaultKms
|
|
181948
|
+
this._defaultKms = _nullishCoalesce(options.defaultKms, () => ( Object.keys(this.availableKmses)[0]));
|
|
181954
181949
|
if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {
|
|
181955
181950
|
throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(",")}`);
|
|
181956
181951
|
}
|
|
@@ -181964,18 +181959,18 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
181964
181959
|
return Promise.resolve(this._defaultKms);
|
|
181965
181960
|
}
|
|
181966
181961
|
async keyManagerCreate(args) {
|
|
181967
|
-
const kms = this.getKmsByName(args.kms
|
|
181962
|
+
const kms = this.getKmsByName(_nullishCoalesce(args.kms, () => ( this._defaultKms)));
|
|
181968
181963
|
const meta = {
|
|
181969
181964
|
...args.meta,
|
|
181970
181965
|
...args.opts && {
|
|
181971
181966
|
opts: args.opts
|
|
181972
181967
|
}
|
|
181973
181968
|
};
|
|
181974
|
-
if (hasKeyOptions(meta) && meta.opts
|
|
181969
|
+
if (hasKeyOptions(meta) && _optionalChain([meta, 'access', _64 => _64.opts, 'optionalAccess', _65 => _65.ephemeral]) && !_optionalChain([meta, 'access', _66 => _66.opts, 'access', _67 => _67.expiration, 'optionalAccess', _68 => _68.removalDate])) {
|
|
181975
181970
|
meta.opts = {
|
|
181976
181971
|
...meta.opts,
|
|
181977
181972
|
expiration: {
|
|
181978
|
-
...meta.opts
|
|
181973
|
+
..._optionalChain([meta, 'access', _69 => _69.opts, 'optionalAccess', _70 => _70.expiration]),
|
|
181979
181974
|
removalDate: new Date(Date.now() + 5 * 60 * 1e3)
|
|
181980
181975
|
}
|
|
181981
181976
|
};
|
|
@@ -181986,15 +181981,15 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
181986
181981
|
});
|
|
181987
181982
|
const key = {
|
|
181988
181983
|
...partialKey,
|
|
181989
|
-
kms: args.kms
|
|
181984
|
+
kms: _nullishCoalesce(args.kms, () => ( this._defaultKms))
|
|
181990
181985
|
};
|
|
181991
181986
|
key.meta = {
|
|
181992
181987
|
...meta,
|
|
181993
181988
|
...key.meta
|
|
181994
181989
|
};
|
|
181995
|
-
key.meta.jwkThumbprint = key.meta.jwkThumbprint
|
|
181990
|
+
key.meta.jwkThumbprint = _nullishCoalesce(key.meta.jwkThumbprint, () => ( calculateJwkThumbprintForKey({
|
|
181996
181991
|
key
|
|
181997
|
-
});
|
|
181992
|
+
})));
|
|
181998
181993
|
await this.kmsStore.import(key);
|
|
181999
181994
|
if (key.privateKeyHex) {
|
|
182000
181995
|
delete key.privateKeyHex;
|
|
@@ -182010,7 +182005,7 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
182010
182005
|
if (keyInfo.type === "Bls12381G2") {
|
|
182011
182006
|
return await kms.sign({
|
|
182012
182007
|
keyRef: keyInfo,
|
|
182013
|
-
data: typeof args.data === "string" ? (0,
|
|
182008
|
+
data: typeof args.data === "string" ? _fromstring.fromString.call(void 0, args.data) : args.data
|
|
182014
182009
|
});
|
|
182015
182010
|
}
|
|
182016
182011
|
return await super.keyManagerSign({
|
|
@@ -182028,7 +182023,7 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
182028
182023
|
return await verifyRawSignature({
|
|
182029
182024
|
key: toJwk(args.publicKeyHex, args.type),
|
|
182030
182025
|
data: args.data,
|
|
182031
|
-
signature: (0,
|
|
182026
|
+
signature: _fromstring.fromString.call(void 0, args.signature, "utf-8")
|
|
182032
182027
|
});
|
|
182033
182028
|
}
|
|
182034
182029
|
async keyManagerListKeys() {
|
|
@@ -182037,7 +182032,7 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
182037
182032
|
async keyManagerHandleExpirations(args) {
|
|
182038
182033
|
const keys = await this.keyManagerListKeys();
|
|
182039
182034
|
const expiredKeys = keys.filter((key) => hasKeyOptions(key.meta)).filter((key) => {
|
|
182040
|
-
if (hasKeyOptions(key.meta) && key.meta
|
|
182035
|
+
if (hasKeyOptions(key.meta) && _optionalChain([key, 'access', _71 => _71.meta, 'optionalAccess', _72 => _72.opts, 'optionalAccess', _73 => _73.expiration])) {
|
|
182041
182036
|
const expiration = key.meta.opts.expiration;
|
|
182042
182037
|
return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now());
|
|
182043
182038
|
}
|
|
@@ -182066,7 +182061,7 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
182066
182061
|
return key;
|
|
182067
182062
|
} catch (e) {
|
|
182068
182063
|
const keys = await this.keyManagerListKeys();
|
|
182069
|
-
const foundKey = keys.find((key) => key.publicKeyHex === kid || key.meta
|
|
182064
|
+
const foundKey = keys.find((key) => key.publicKeyHex === kid || _optionalChain([key, 'access', _74 => _74.meta, 'optionalAccess', _75 => _75.jwkThumbprint]) === kid || _optionalChain([key, 'access', _76 => _76.meta, 'optionalAccess', _77 => _77.jwkThumbprint]) == null && calculateJwkThumbprintForKey({
|
|
182070
182065
|
key
|
|
182071
182066
|
}) === kid);
|
|
182072
182067
|
if (foundKey) {
|
|
@@ -182091,8 +182086,15 @@ var SphereonKeyManager = class extends import_key_manager.KeyManager {
|
|
|
182091
182086
|
};
|
|
182092
182087
|
|
|
182093
182088
|
// src/index.ts
|
|
182094
|
-
|
|
182089
|
+
|
|
182095
182090
|
var schema = require_plugin_schema();
|
|
182091
|
+
|
|
182092
|
+
|
|
182093
|
+
|
|
182094
|
+
|
|
182095
|
+
|
|
182096
|
+
|
|
182097
|
+
exports.SphereonKeyManager = SphereonKeyManager; exports.hasKeyOptions = hasKeyOptions; exports.isDefined = isDefined; exports.schema = schema; exports.sphereonKeyManagerMethods = sphereonKeyManagerMethods;
|
|
182096
182098
|
/*! Bundled license information:
|
|
182097
182099
|
|
|
182098
182100
|
pvtsutils/build/index.js:
|