@sphereon/ssi-sdk-ext.key-manager 0.28.1-feature.jose.vcdm.52 → 0.28.1-feature.oyd.cmsm.improv.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/agent/SphereonKeyManager.d.ts +27 -0
  2. package/dist/agent/SphereonKeyManager.d.ts.map +1 -0
  3. package/dist/agent/SphereonKeyManager.js +190 -0
  4. package/dist/agent/SphereonKeyManager.js.map +1 -0
  5. package/dist/index.d.ts +5 -136
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +23 -582
  8. package/dist/index.js.map +1 -1
  9. package/dist/{index.d.cts → ssi-sdk-ext.key-manager.d.ts} +159 -137
  10. package/dist/tsdoc-metadata.json +11 -0
  11. package/dist/types/ISphereonKeyManager.d.ts +107 -0
  12. package/dist/types/ISphereonKeyManager.d.ts.map +1 -0
  13. package/dist/types/ISphereonKeyManager.js +10 -0
  14. package/dist/types/ISphereonKeyManager.js.map +1 -0
  15. package/package.json +12 -25
  16. package/plugin.schema.json +62 -12
  17. package/src/__tests__/SphereonKeyManager.test.ts +2 -3
  18. package/src/__tests__/encrypt-decrypt.test.ts +2 -3
  19. package/src/agent/SphereonKeyManager.ts +11 -12
  20. package/src/types/ISphereonKeyManager.ts +1 -1
  21. package/dist/index.cjs +0 -615
  22. package/dist/index.cjs.map +0 -1
package/dist/index.js CHANGED
@@ -1,584 +1,25 @@
1
- var __defProp = Object.defineProperty;
2
- var __getOwnPropNames = Object.getOwnPropertyNames;
3
- var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
4
- var __commonJS = (cb, mod) => function __require() {
5
- return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
6
- };
7
-
8
- // plugin.schema.json
9
- var require_plugin_schema = __commonJS({
10
- "plugin.schema.json"(exports, module) {
11
- module.exports = {
12
- ISphereonKeyManager: {
13
- components: {
14
- schemas: {
15
- ISphereonKeyManagerCreateArgs: {
16
- type: "object",
17
- properties: {
18
- type: {
19
- $ref: "#/components/schemas/TKeyType",
20
- description: "Key type"
21
- },
22
- kms: {
23
- type: "string",
24
- description: "Key Management System"
25
- },
26
- opts: {
27
- $ref: "#/components/schemas/IkeyOptions",
28
- description: "Key options"
29
- },
30
- meta: {
31
- $ref: "#/components/schemas/KeyMetadata",
32
- description: "Optional. Key meta data"
33
- }
34
- },
35
- required: ["type"],
36
- description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
37
- },
38
- TKeyType: {
39
- type: "string",
40
- enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
41
- description: "Cryptographic key type."
42
- },
43
- IkeyOptions: {
44
- type: "object",
45
- properties: {
46
- ephemeral: {
47
- type: "boolean",
48
- description: "Is this a temporary key?"
49
- },
50
- expiration: {
51
- type: "object",
52
- properties: {
53
- expiryDate: {
54
- type: "string",
55
- format: "date-time"
56
- },
57
- removalDate: {
58
- type: "string",
59
- format: "date-time"
60
- }
61
- },
62
- description: "Expiration and remove the key"
63
- }
64
- }
65
- },
66
- KeyMetadata: {
67
- type: "object",
68
- properties: {
69
- algorithms: {
70
- type: "array",
71
- items: {
72
- type: "string"
73
- }
74
- }
75
- },
76
- description: "This encapsulates data about a key.\n\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\n\nThis can also be used to add various tags to the keys under management."
77
- },
78
- PartialKey: {
79
- type: "object",
80
- properties: {
81
- privateKeyHex: {
82
- type: "string"
83
- },
84
- kid: {
85
- type: "string",
86
- description: "Key ID"
87
- },
88
- kms: {
89
- type: "string",
90
- description: "Key Management System"
91
- },
92
- type: {
93
- $ref: "#/components/schemas/TKeyType",
94
- description: "Key type"
95
- },
96
- publicKeyHex: {
97
- type: "string",
98
- description: "Public key"
99
- },
100
- meta: {
101
- anyOf: [
102
- {
103
- $ref: "#/components/schemas/KeyMetadata"
104
- },
105
- {
106
- type: "null"
107
- }
108
- ],
109
- description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
110
- }
111
- },
112
- required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
113
- },
114
- ISphereonKeyManagerHandleExpirationsArgs: {
115
- type: "object",
116
- properties: {
117
- skipRemovals: {
118
- type: "boolean"
119
- }
120
- }
121
- },
122
- ManagedKeyInfo: {
123
- type: "object",
124
- properties: {
125
- kid: {
126
- type: "string",
127
- description: "Key ID"
128
- },
129
- kms: {
130
- type: "string",
131
- description: "Key Management System"
132
- },
133
- type: {
134
- $ref: "#/components/schemas/TKeyType",
135
- description: "Key type"
136
- },
137
- publicKeyHex: {
138
- type: "string",
139
- description: "Public key"
140
- },
141
- meta: {
142
- anyOf: [
143
- {
144
- $ref: "#/components/schemas/KeyMetadata"
145
- },
146
- {
147
- type: "null"
148
- }
149
- ],
150
- description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
151
- }
152
- },
153
- required: ["kid", "kms", "type", "publicKeyHex"],
154
- description: "Represents information about a managed key. Private or secret key material is NOT present."
155
- },
156
- MinimalImportableKey: {
157
- $ref: '#/components/schemas/RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>',
158
- description: "Represents the properties required to import a key."
159
- },
160
- 'RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>': {
161
- type: "object",
162
- properties: {
163
- kid: {
164
- type: "string",
165
- description: "Key ID"
166
- },
167
- kms: {
168
- type: "string",
169
- description: "Key Management System"
170
- },
171
- type: {
172
- $ref: "#/components/schemas/TKeyType",
173
- description: "Key type"
174
- },
175
- publicKeyHex: {
176
- type: "string",
177
- description: "Public key"
178
- },
179
- privateKeyHex: {
180
- type: "string",
181
- description: "Optional. Private key"
182
- },
183
- meta: {
184
- anyOf: [
185
- {
186
- $ref: "#/components/schemas/KeyMetadata"
187
- },
188
- {
189
- type: "null"
190
- }
191
- ],
192
- description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
193
- }
194
- },
195
- description: "Represents an object type where a subset of keys are required and everything else is optional."
196
- },
197
- ISphereonKeyManagerSignArgs: {
198
- type: "object",
199
- properties: {
200
- keyRef: {
201
- type: "string",
202
- description: "The key handle, as returned during `keyManagerCreateKey`"
203
- },
204
- algorithm: {
205
- type: "string",
206
- description: "The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\n\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`"
207
- },
208
- data: {
209
- anyOf: [
210
- {
211
- type: "string"
212
- },
213
- {
214
- type: "object",
215
- properties: {
216
- BYTES_PER_ELEMENT: {
217
- type: "number"
218
- },
219
- buffer: {
220
- anyOf: [
221
- {
222
- type: "object",
223
- properties: {
224
- byteLength: {
225
- type: "number"
226
- }
227
- },
228
- required: ["byteLength"]
229
- },
230
- {}
231
- ]
232
- },
233
- byteLength: {
234
- type: "number"
235
- },
236
- byteOffset: {
237
- type: "number"
238
- },
239
- length: {
240
- type: "number"
241
- }
242
- },
243
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
244
- additionalProperties: {
245
- type: "number"
246
- }
247
- }
248
- ],
249
- description: "Data to sign"
250
- },
251
- encoding: {
252
- type: "string",
253
- enum: ["utf-8", "base16", "base64", "hex"],
254
- description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
255
- }
256
- },
257
- required: ["data", "keyRef"],
258
- description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
259
- },
260
- ISphereonKeyManagerVerifyArgs: {
261
- type: "object",
262
- properties: {
263
- kms: {
264
- type: "string"
265
- },
266
- publicKeyHex: {
267
- type: "string"
268
- },
269
- type: {
270
- $ref: "#/components/schemas/TKeyType"
271
- },
272
- algorithm: {
273
- type: "string"
274
- },
275
- data: {
276
- type: "object",
277
- properties: {
278
- BYTES_PER_ELEMENT: {
279
- type: "number"
280
- },
281
- buffer: {
282
- anyOf: [
283
- {
284
- type: "object",
285
- properties: {
286
- byteLength: {
287
- type: "number"
288
- }
289
- },
290
- required: ["byteLength"]
291
- },
292
- {}
293
- ]
294
- },
295
- byteLength: {
296
- type: "number"
297
- },
298
- byteOffset: {
299
- type: "number"
300
- },
301
- length: {
302
- type: "number"
303
- }
304
- },
305
- required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
306
- additionalProperties: {
307
- type: "number"
308
- }
309
- },
310
- signature: {
311
- type: "string"
312
- }
313
- },
314
- required: ["publicKeyHex", "type", "data", "signature"]
315
- }
316
- },
317
- methods: {
318
- keyManagerCreate: {
319
- description: "",
320
- arguments: {
321
- $ref: "#/components/schemas/ISphereonKeyManagerCreateArgs"
322
- },
323
- returnType: {
324
- $ref: "#/components/schemas/PartialKey"
325
- }
326
- },
327
- keyManagerGetDefaultKeyManagementSystem: {
328
- description: "Get the KMS registered as default. Handy when no explicit KMS is provided for a function",
329
- arguments: {
330
- type: "object"
331
- },
332
- returnType: {
333
- type: "string"
334
- }
335
- },
336
- keyManagerHandleExpirations: {
337
- description: "Set keys to expired and remove keys eligible for deletion.",
338
- arguments: {
339
- $ref: "#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs"
340
- },
341
- returnType: {
342
- type: "array",
343
- items: {
344
- $ref: "#/components/schemas/ManagedKeyInfo"
345
- }
346
- }
347
- },
348
- keyManagerImport: {
349
- description: "",
350
- arguments: {
351
- $ref: "#/components/schemas/MinimalImportableKey"
352
- },
353
- returnType: {
354
- $ref: "#/components/schemas/PartialKey"
355
- }
356
- },
357
- keyManagerListKeys: {
358
- description: "",
359
- arguments: {
360
- type: "object"
361
- },
362
- returnType: {
363
- type: "array",
364
- items: {
365
- $ref: "#/components/schemas/ManagedKeyInfo"
366
- }
367
- }
368
- },
369
- keyManagerSign: {
370
- description: "",
371
- arguments: {
372
- $ref: "#/components/schemas/ISphereonKeyManagerSignArgs"
373
- },
374
- returnType: {
375
- type: "string"
376
- }
377
- },
378
- keyManagerVerify: {
379
- description: "Verifies a signature using the key",
380
- arguments: {
381
- $ref: "#/components/schemas/ISphereonKeyManagerVerifyArgs"
382
- },
383
- returnType: {
384
- type: "boolean"
385
- }
386
- }
387
- }
388
- }
389
- }
390
- };
391
- }
392
- });
393
-
394
- // src/agent/SphereonKeyManager.ts
395
- import { calculateJwkThumbprintForKey, toJwk, verifyRawSignature } from "@sphereon/ssi-sdk-ext.key-utils";
396
- import { KeyManager as VeramoKeyManager } from "@veramo/key-manager";
397
- import * as u8a from "uint8arrays";
398
-
399
- // src/types/ISphereonKeyManager.ts
400
- function hasKeyOptions(object) {
401
- return object && "opts" in object && ("ephemeral" in object.opts || "expiration" in object.opts);
402
- }
403
- __name(hasKeyOptions, "hasKeyOptions");
404
- var isDefined = /* @__PURE__ */ __name((object) => object !== void 0, "isDefined");
405
-
406
- // src/agent/SphereonKeyManager.ts
407
- var { fromString } = u8a;
408
- var sphereonKeyManagerMethods = [
409
- "keyManagerCreate",
410
- "keyManagerGet",
411
- "keyManagerImport",
412
- "keyManagerSign",
413
- "keyManagerVerify",
414
- "keyManagerListKeys",
415
- "keyManagerGetDefaultKeyManagementSystem",
416
- "keyManagerHandleExpirations"
417
- ];
418
- var SphereonKeyManager = class extends VeramoKeyManager {
419
- static {
420
- __name(this, "SphereonKeyManager");
421
- }
422
- // local store reference, given the superclass store is private, and we need additional functions/calls
423
- kmsStore;
424
- availableKmses;
425
- _defaultKms;
426
- kmsMethods;
427
- constructor(options) {
428
- super({
429
- store: options.store,
430
- kms: options.kms
431
- });
432
- this.kmsStore = options.store;
433
- this.availableKmses = options.kms;
434
- this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0];
435
- if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {
436
- throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(",")}`);
437
- }
438
- const methods = this.methods;
439
- methods.keyManagerVerify = this.keyManagerVerify.bind(this);
440
- methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
441
- methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
442
- this.kmsMethods = methods;
443
- }
444
- keyManagerGetDefaultKeyManagementSystem() {
445
- return Promise.resolve(this._defaultKms);
446
- }
447
- async keyManagerCreate(args) {
448
- const kms = this.getKmsByName(args.kms ?? this._defaultKms);
449
- const meta = {
450
- ...args.meta,
451
- ...args.opts && {
452
- opts: args.opts
453
- }
454
- };
455
- if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {
456
- meta.opts = {
457
- ...meta.opts,
458
- expiration: {
459
- ...meta.opts?.expiration,
460
- removalDate: new Date(Date.now() + 5 * 60 * 1e3)
461
- }
462
- };
463
- }
464
- const partialKey = await kms.createKey({
465
- type: args.type,
466
- meta
467
- });
468
- const key = {
469
- ...partialKey,
470
- kms: args.kms ?? this._defaultKms
471
- };
472
- key.meta = {
473
- ...meta,
474
- ...key.meta
475
- };
476
- key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? calculateJwkThumbprintForKey({
477
- key
478
- });
479
- await this.kmsStore.import(key);
480
- if (key.privateKeyHex) {
481
- delete key.privateKeyHex;
482
- }
483
- return key;
484
- }
485
- //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
486
- async keyManagerSign(args) {
487
- const keyInfo = await this.keyManagerGet({
488
- kid: args.keyRef
489
- });
490
- const kms = this.getKmsByName(keyInfo.kms);
491
- if (keyInfo.type === "Bls12381G2") {
492
- return await kms.sign({
493
- keyRef: keyInfo,
494
- data: typeof args.data === "string" ? fromString(args.data) : args.data
495
- });
496
- }
497
- return await super.keyManagerSign({
498
- ...args,
499
- keyRef: keyInfo.kid
500
- });
501
- }
502
- async keyManagerVerify(args) {
503
- if (args.kms) {
504
- const kms = this.getKmsByName(args.kms);
505
- if (kms && "verify" in kms && typeof kms.verify === "function") {
506
- return await kms.verify(args);
507
- }
508
- }
509
- return await verifyRawSignature({
510
- key: toJwk(args.publicKeyHex, args.type),
511
- data: args.data,
512
- signature: fromString(args.signature, "utf-8")
513
- });
514
- }
515
- async keyManagerListKeys() {
516
- return this.kmsStore.list({});
517
- }
518
- async keyManagerHandleExpirations(args) {
519
- const keys = await this.keyManagerListKeys();
520
- const expiredKeys = keys.filter((key) => hasKeyOptions(key.meta)).filter((key) => {
521
- if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {
522
- const expiration = key.meta.opts.expiration;
523
- return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now());
524
- }
525
- return false;
526
- });
527
- if (args.skipRemovals !== true) {
528
- await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({
529
- kid: key.kid
530
- })));
531
- }
532
- return keys;
533
- }
534
- getKmsByName(name) {
535
- const kms = this.availableKmses[name];
536
- if (!kms) {
537
- throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
538
- }
539
- return kms;
540
- }
541
- //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
542
- async keyManagerGet({ kid }) {
543
- try {
544
- const key = await this.kmsStore.get({
545
- kid
546
- });
547
- return key;
548
- } catch (e) {
549
- const keys = await this.keyManagerListKeys();
550
- const foundKey = keys.find((key) => key.publicKeyHex === kid || key.meta?.jwkThumbprint === kid || key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({
551
- key
552
- }) === kid);
553
- if (foundKey) {
554
- return foundKey;
555
- } else {
556
- throw new Error(`Key with kid ${kid} not found`);
557
- }
558
- }
559
- }
560
- get defaultKms() {
561
- return this._defaultKms;
562
- }
563
- set defaultKms(kms) {
564
- if (!Object.keys(this.availableKmses).includes(kms)) {
565
- throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(",")}`);
566
- }
567
- this._defaultKms = kms;
568
- }
569
- setKms(name, kms) {
570
- this.availableKmses[name] = kms;
571
- }
572
- };
573
-
574
- // src/index.ts
575
- export * from "@veramo/key-manager";
576
- var schema = require_plugin_schema();
577
- export {
578
- SphereonKeyManager,
579
- hasKeyOptions,
580
- isDefined,
581
- schema,
582
- sphereonKeyManagerMethods
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
583
15
  };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ exports.sphereonKeyManagerMethods = exports.SphereonKeyManager = exports.schema = void 0;
18
+ const schema = require('../plugin.schema.json');
19
+ exports.schema = schema;
20
+ var SphereonKeyManager_1 = require("./agent/SphereonKeyManager");
21
+ Object.defineProperty(exports, "SphereonKeyManager", { enumerable: true, get: function () { return SphereonKeyManager_1.SphereonKeyManager; } });
22
+ Object.defineProperty(exports, "sphereonKeyManagerMethods", { enumerable: true, get: function () { return SphereonKeyManager_1.sphereonKeyManagerMethods; } });
23
+ __exportStar(require("./types/ISphereonKeyManager"), exports);
24
+ __exportStar(require("@veramo/key-manager"), exports);
584
25
  //# sourceMappingURL=index.js.map