@sphereon/ssi-sdk-ext.key-manager 0.28.1-feature.oyd.cmsm.improv.21 → 0.28.1-next.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/index.cjs +615 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/{ssi-sdk-ext.key-manager.d.ts → index.d.cts} +137 -159
  4. package/dist/index.d.ts +136 -5
  5. package/dist/index.js +582 -23
  6. package/dist/index.js.map +1 -1
  7. package/package.json +25 -12
  8. package/plugin.schema.json +12 -62
  9. package/src/__tests__/SphereonKeyManager.test.ts +3 -2
  10. package/src/__tests__/encrypt-decrypt.test.ts +3 -2
  11. package/src/agent/SphereonKeyManager.ts +12 -11
  12. package/src/types/ISphereonKeyManager.ts +1 -1
  13. package/dist/agent/SphereonKeyManager.d.ts +0 -27
  14. package/dist/agent/SphereonKeyManager.d.ts.map +0 -1
  15. package/dist/agent/SphereonKeyManager.js +0 -190
  16. package/dist/agent/SphereonKeyManager.js.map +0 -1
  17. package/dist/index.d.ts.map +0 -1
  18. package/dist/tsdoc-metadata.json +0 -11
  19. package/dist/types/ISphereonKeyManager.d.ts +0 -107
  20. package/dist/types/ISphereonKeyManager.d.ts.map +0 -1
  21. package/dist/types/ISphereonKeyManager.js +0 -10
  22. package/dist/types/ISphereonKeyManager.js.map +0 -1
package/dist/index.cjs ADDED
@@ -0,0 +1,615 @@
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
+ var __commonJS = (cb, mod) => function __require() {
10
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
11
+ };
12
+ var __export = (target, all) => {
13
+ for (var name in all)
14
+ __defProp(target, name, { get: all[name], enumerable: true });
15
+ };
16
+ var __copyProps = (to, from, except, desc) => {
17
+ if (from && typeof from === "object" || typeof from === "function") {
18
+ for (let key of __getOwnPropNames(from))
19
+ if (!__hasOwnProp.call(to, key) && key !== except)
20
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
21
+ }
22
+ return to;
23
+ };
24
+ var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
25
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
26
+ // If the importer is in node compatibility mode or this is not an ESM
27
+ // file that has been converted to a CommonJS file using a Babel-
28
+ // compatible transform (i.e. "__esModule" has not been set), then set
29
+ // "default" to the CommonJS "module.exports" for node compatibility.
30
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
31
+ mod
32
+ ));
33
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
34
+
35
+ // plugin.schema.json
36
+ var require_plugin_schema = __commonJS({
37
+ "plugin.schema.json"(exports, module2) {
38
+ module2.exports = {
39
+ ISphereonKeyManager: {
40
+ components: {
41
+ schemas: {
42
+ ISphereonKeyManagerCreateArgs: {
43
+ type: "object",
44
+ properties: {
45
+ type: {
46
+ $ref: "#/components/schemas/TKeyType",
47
+ description: "Key type"
48
+ },
49
+ kms: {
50
+ type: "string",
51
+ description: "Key Management System"
52
+ },
53
+ opts: {
54
+ $ref: "#/components/schemas/IkeyOptions",
55
+ description: "Key options"
56
+ },
57
+ meta: {
58
+ $ref: "#/components/schemas/KeyMetadata",
59
+ description: "Optional. Key meta data"
60
+ }
61
+ },
62
+ required: ["type"],
63
+ description: "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
64
+ },
65
+ TKeyType: {
66
+ type: "string",
67
+ enum: ["Ed25519", "Secp256k1", "Secp256r1", "X25519", "Bls12381G1", "Bls12381G2", "RSA"],
68
+ description: "Cryptographic key type."
69
+ },
70
+ IkeyOptions: {
71
+ type: "object",
72
+ properties: {
73
+ ephemeral: {
74
+ type: "boolean",
75
+ description: "Is this a temporary key?"
76
+ },
77
+ expiration: {
78
+ type: "object",
79
+ properties: {
80
+ expiryDate: {
81
+ type: "string",
82
+ format: "date-time"
83
+ },
84
+ removalDate: {
85
+ type: "string",
86
+ format: "date-time"
87
+ }
88
+ },
89
+ description: "Expiration and remove the key"
90
+ }
91
+ }
92
+ },
93
+ KeyMetadata: {
94
+ type: "object",
95
+ properties: {
96
+ algorithms: {
97
+ type: "array",
98
+ items: {
99
+ type: "string"
100
+ }
101
+ }
102
+ },
103
+ description: "This encapsulates data about a key.\n\nImplementations of {@link @veramo/key-manager#AbstractKeyManagementSystem | AbstractKeyManagementSystem } should populate this object, for each key, with the algorithms that can be performed using it.\n\nThis can also be used to add various tags to the keys under management."
104
+ },
105
+ PartialKey: {
106
+ type: "object",
107
+ properties: {
108
+ privateKeyHex: {
109
+ type: "string"
110
+ },
111
+ kid: {
112
+ type: "string",
113
+ description: "Key ID"
114
+ },
115
+ kms: {
116
+ type: "string",
117
+ description: "Key Management System"
118
+ },
119
+ type: {
120
+ $ref: "#/components/schemas/TKeyType",
121
+ description: "Key type"
122
+ },
123
+ publicKeyHex: {
124
+ type: "string",
125
+ description: "Public key"
126
+ },
127
+ meta: {
128
+ anyOf: [
129
+ {
130
+ $ref: "#/components/schemas/KeyMetadata"
131
+ },
132
+ {
133
+ type: "null"
134
+ }
135
+ ],
136
+ description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
137
+ }
138
+ },
139
+ required: ["kid", "kms", "privateKeyHex", "publicKeyHex", "type"]
140
+ },
141
+ ISphereonKeyManagerHandleExpirationsArgs: {
142
+ type: "object",
143
+ properties: {
144
+ skipRemovals: {
145
+ type: "boolean"
146
+ }
147
+ }
148
+ },
149
+ ManagedKeyInfo: {
150
+ type: "object",
151
+ properties: {
152
+ kid: {
153
+ type: "string",
154
+ description: "Key ID"
155
+ },
156
+ kms: {
157
+ type: "string",
158
+ description: "Key Management System"
159
+ },
160
+ type: {
161
+ $ref: "#/components/schemas/TKeyType",
162
+ description: "Key type"
163
+ },
164
+ publicKeyHex: {
165
+ type: "string",
166
+ description: "Public key"
167
+ },
168
+ meta: {
169
+ anyOf: [
170
+ {
171
+ $ref: "#/components/schemas/KeyMetadata"
172
+ },
173
+ {
174
+ type: "null"
175
+ }
176
+ ],
177
+ description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
178
+ }
179
+ },
180
+ required: ["kid", "kms", "type", "publicKeyHex"],
181
+ description: "Represents information about a managed key. Private or secret key material is NOT present."
182
+ },
183
+ MinimalImportableKey: {
184
+ $ref: '#/components/schemas/RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>',
185
+ description: "Represents the properties required to import a key."
186
+ },
187
+ 'RequireOnly<IKey,("privateKeyHex"|"type"|"kms")>': {
188
+ type: "object",
189
+ properties: {
190
+ kid: {
191
+ type: "string",
192
+ description: "Key ID"
193
+ },
194
+ kms: {
195
+ type: "string",
196
+ description: "Key Management System"
197
+ },
198
+ type: {
199
+ $ref: "#/components/schemas/TKeyType",
200
+ description: "Key type"
201
+ },
202
+ publicKeyHex: {
203
+ type: "string",
204
+ description: "Public key"
205
+ },
206
+ privateKeyHex: {
207
+ type: "string",
208
+ description: "Optional. Private key"
209
+ },
210
+ meta: {
211
+ anyOf: [
212
+ {
213
+ $ref: "#/components/schemas/KeyMetadata"
214
+ },
215
+ {
216
+ type: "null"
217
+ }
218
+ ],
219
+ description: "Optional. Key metadata. This should be used to determine which algorithms are supported."
220
+ }
221
+ },
222
+ description: "Represents an object type where a subset of keys are required and everything else is optional."
223
+ },
224
+ ISphereonKeyManagerSignArgs: {
225
+ type: "object",
226
+ properties: {
227
+ keyRef: {
228
+ type: "string",
229
+ description: "The key handle, as returned during `keyManagerCreateKey`"
230
+ },
231
+ algorithm: {
232
+ type: "string",
233
+ description: "The algorithm to use for signing. This must be one of the algorithms supported by the KMS for this key type.\n\nThe algorithm used here should match one of the names listed in `IKey.meta.algorithms`"
234
+ },
235
+ data: {
236
+ anyOf: [
237
+ {
238
+ type: "string"
239
+ },
240
+ {
241
+ type: "object",
242
+ properties: {
243
+ BYTES_PER_ELEMENT: {
244
+ type: "number"
245
+ },
246
+ buffer: {
247
+ anyOf: [
248
+ {
249
+ type: "object",
250
+ properties: {
251
+ byteLength: {
252
+ type: "number"
253
+ }
254
+ },
255
+ required: ["byteLength"]
256
+ },
257
+ {}
258
+ ]
259
+ },
260
+ byteLength: {
261
+ type: "number"
262
+ },
263
+ byteOffset: {
264
+ type: "number"
265
+ },
266
+ length: {
267
+ type: "number"
268
+ }
269
+ },
270
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
271
+ additionalProperties: {
272
+ type: "number"
273
+ }
274
+ }
275
+ ],
276
+ description: "Data to sign"
277
+ },
278
+ encoding: {
279
+ type: "string",
280
+ enum: ["utf-8", "base16", "base64", "hex"],
281
+ description: 'If the data is a "string" then you can specify which encoding is used. Default is "utf-8"'
282
+ }
283
+ },
284
+ required: ["data", "keyRef"],
285
+ description: "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
286
+ },
287
+ ISphereonKeyManagerVerifyArgs: {
288
+ type: "object",
289
+ properties: {
290
+ kms: {
291
+ type: "string"
292
+ },
293
+ publicKeyHex: {
294
+ type: "string"
295
+ },
296
+ type: {
297
+ $ref: "#/components/schemas/TKeyType"
298
+ },
299
+ algorithm: {
300
+ type: "string"
301
+ },
302
+ data: {
303
+ type: "object",
304
+ properties: {
305
+ BYTES_PER_ELEMENT: {
306
+ type: "number"
307
+ },
308
+ buffer: {
309
+ anyOf: [
310
+ {
311
+ type: "object",
312
+ properties: {
313
+ byteLength: {
314
+ type: "number"
315
+ }
316
+ },
317
+ required: ["byteLength"]
318
+ },
319
+ {}
320
+ ]
321
+ },
322
+ byteLength: {
323
+ type: "number"
324
+ },
325
+ byteOffset: {
326
+ type: "number"
327
+ },
328
+ length: {
329
+ type: "number"
330
+ }
331
+ },
332
+ required: ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
333
+ additionalProperties: {
334
+ type: "number"
335
+ }
336
+ },
337
+ signature: {
338
+ type: "string"
339
+ }
340
+ },
341
+ required: ["publicKeyHex", "type", "data", "signature"]
342
+ }
343
+ },
344
+ methods: {
345
+ keyManagerCreate: {
346
+ description: "",
347
+ arguments: {
348
+ $ref: "#/components/schemas/ISphereonKeyManagerCreateArgs"
349
+ },
350
+ returnType: {
351
+ $ref: "#/components/schemas/PartialKey"
352
+ }
353
+ },
354
+ keyManagerGetDefaultKeyManagementSystem: {
355
+ description: "Get the KMS registered as default. Handy when no explicit KMS is provided for a function",
356
+ arguments: {
357
+ type: "object"
358
+ },
359
+ returnType: {
360
+ type: "string"
361
+ }
362
+ },
363
+ keyManagerHandleExpirations: {
364
+ description: "Set keys to expired and remove keys eligible for deletion.",
365
+ arguments: {
366
+ $ref: "#/components/schemas/ISphereonKeyManagerHandleExpirationsArgs"
367
+ },
368
+ returnType: {
369
+ type: "array",
370
+ items: {
371
+ $ref: "#/components/schemas/ManagedKeyInfo"
372
+ }
373
+ }
374
+ },
375
+ keyManagerImport: {
376
+ description: "",
377
+ arguments: {
378
+ $ref: "#/components/schemas/MinimalImportableKey"
379
+ },
380
+ returnType: {
381
+ $ref: "#/components/schemas/PartialKey"
382
+ }
383
+ },
384
+ keyManagerListKeys: {
385
+ description: "",
386
+ arguments: {
387
+ type: "object"
388
+ },
389
+ returnType: {
390
+ type: "array",
391
+ items: {
392
+ $ref: "#/components/schemas/ManagedKeyInfo"
393
+ }
394
+ }
395
+ },
396
+ keyManagerSign: {
397
+ description: "",
398
+ arguments: {
399
+ $ref: "#/components/schemas/ISphereonKeyManagerSignArgs"
400
+ },
401
+ returnType: {
402
+ type: "string"
403
+ }
404
+ },
405
+ keyManagerVerify: {
406
+ description: "Verifies a signature using the key",
407
+ arguments: {
408
+ $ref: "#/components/schemas/ISphereonKeyManagerVerifyArgs"
409
+ },
410
+ returnType: {
411
+ type: "boolean"
412
+ }
413
+ }
414
+ }
415
+ }
416
+ }
417
+ };
418
+ }
419
+ });
420
+
421
+ // src/index.ts
422
+ var index_exports = {};
423
+ __export(index_exports, {
424
+ SphereonKeyManager: () => SphereonKeyManager,
425
+ hasKeyOptions: () => hasKeyOptions,
426
+ isDefined: () => isDefined,
427
+ schema: () => schema,
428
+ sphereonKeyManagerMethods: () => sphereonKeyManagerMethods
429
+ });
430
+ module.exports = __toCommonJS(index_exports);
431
+
432
+ // src/agent/SphereonKeyManager.ts
433
+ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.key-utils");
434
+ var import_key_manager = require("@veramo/key-manager");
435
+ var u8a = __toESM(require("uint8arrays"), 1);
436
+
437
+ // src/types/ISphereonKeyManager.ts
438
+ function hasKeyOptions(object) {
439
+ return object && "opts" in object && ("ephemeral" in object.opts || "expiration" in object.opts);
440
+ }
441
+ __name(hasKeyOptions, "hasKeyOptions");
442
+ var isDefined = /* @__PURE__ */ __name((object) => object !== void 0, "isDefined");
443
+
444
+ // src/agent/SphereonKeyManager.ts
445
+ var { fromString } = u8a;
446
+ var sphereonKeyManagerMethods = [
447
+ "keyManagerCreate",
448
+ "keyManagerGet",
449
+ "keyManagerImport",
450
+ "keyManagerSign",
451
+ "keyManagerVerify",
452
+ "keyManagerListKeys",
453
+ "keyManagerGetDefaultKeyManagementSystem",
454
+ "keyManagerHandleExpirations"
455
+ ];
456
+ var SphereonKeyManager = class extends import_key_manager.KeyManager {
457
+ static {
458
+ __name(this, "SphereonKeyManager");
459
+ }
460
+ // local store reference, given the superclass store is private, and we need additional functions/calls
461
+ kmsStore;
462
+ availableKmses;
463
+ _defaultKms;
464
+ kmsMethods;
465
+ constructor(options) {
466
+ super({
467
+ store: options.store,
468
+ kms: options.kms
469
+ });
470
+ this.kmsStore = options.store;
471
+ this.availableKmses = options.kms;
472
+ this._defaultKms = options.defaultKms ?? Object.keys(this.availableKmses)[0];
473
+ if (!Object.keys(this.availableKmses).includes(this._defaultKms)) {
474
+ throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(",")}`);
475
+ }
476
+ const methods = this.methods;
477
+ methods.keyManagerVerify = this.keyManagerVerify.bind(this);
478
+ methods.keyManagerListKeys = this.keyManagerListKeys.bind(this);
479
+ methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this);
480
+ this.kmsMethods = methods;
481
+ }
482
+ keyManagerGetDefaultKeyManagementSystem() {
483
+ return Promise.resolve(this._defaultKms);
484
+ }
485
+ async keyManagerCreate(args) {
486
+ const kms = this.getKmsByName(args.kms ?? this._defaultKms);
487
+ const meta = {
488
+ ...args.meta,
489
+ ...args.opts && {
490
+ opts: args.opts
491
+ }
492
+ };
493
+ if (hasKeyOptions(meta) && meta.opts?.ephemeral && !meta.opts.expiration?.removalDate) {
494
+ meta.opts = {
495
+ ...meta.opts,
496
+ expiration: {
497
+ ...meta.opts?.expiration,
498
+ removalDate: new Date(Date.now() + 5 * 60 * 1e3)
499
+ }
500
+ };
501
+ }
502
+ const partialKey = await kms.createKey({
503
+ type: args.type,
504
+ meta
505
+ });
506
+ const key = {
507
+ ...partialKey,
508
+ kms: args.kms ?? this._defaultKms
509
+ };
510
+ key.meta = {
511
+ ...meta,
512
+ ...key.meta
513
+ };
514
+ key.meta.jwkThumbprint = key.meta.jwkThumbprint ?? (0, import_ssi_sdk_ext.calculateJwkThumbprintForKey)({
515
+ key
516
+ });
517
+ await this.kmsStore.import(key);
518
+ if (key.privateKeyHex) {
519
+ delete key.privateKeyHex;
520
+ }
521
+ return key;
522
+ }
523
+ //FIXME extend the IKeyManagerSignArgs.data to be a string or array of strings
524
+ async keyManagerSign(args) {
525
+ const keyInfo = await this.keyManagerGet({
526
+ kid: args.keyRef
527
+ });
528
+ const kms = this.getKmsByName(keyInfo.kms);
529
+ if (keyInfo.type === "Bls12381G2") {
530
+ return await kms.sign({
531
+ keyRef: keyInfo,
532
+ data: typeof args.data === "string" ? fromString(args.data) : args.data
533
+ });
534
+ }
535
+ return await super.keyManagerSign({
536
+ ...args,
537
+ keyRef: keyInfo.kid
538
+ });
539
+ }
540
+ async keyManagerVerify(args) {
541
+ if (args.kms) {
542
+ const kms = this.getKmsByName(args.kms);
543
+ if (kms && "verify" in kms && typeof kms.verify === "function") {
544
+ return await kms.verify(args);
545
+ }
546
+ }
547
+ return await (0, import_ssi_sdk_ext.verifyRawSignature)({
548
+ key: (0, import_ssi_sdk_ext.toJwk)(args.publicKeyHex, args.type),
549
+ data: args.data,
550
+ signature: fromString(args.signature, "utf-8")
551
+ });
552
+ }
553
+ async keyManagerListKeys() {
554
+ return this.kmsStore.list({});
555
+ }
556
+ async keyManagerHandleExpirations(args) {
557
+ const keys = await this.keyManagerListKeys();
558
+ const expiredKeys = keys.filter((key) => hasKeyOptions(key.meta)).filter((key) => {
559
+ if (hasKeyOptions(key.meta) && key.meta?.opts?.expiration) {
560
+ const expiration = key.meta.opts.expiration;
561
+ return !(expiration.expiryDate && expiration.expiryDate.getMilliseconds() > Date.now());
562
+ }
563
+ return false;
564
+ });
565
+ if (args.skipRemovals !== true) {
566
+ await Promise.all(expiredKeys.map((key) => this.keyManagerDelete({
567
+ kid: key.kid
568
+ })));
569
+ }
570
+ return keys;
571
+ }
572
+ getKmsByName(name) {
573
+ const kms = this.availableKmses[name];
574
+ if (!kms) {
575
+ throw Error(`invalid_argument: This agent has no registered KeyManagementSystem with name='${name}'`);
576
+ }
577
+ return kms;
578
+ }
579
+ //todo https://sphereon.atlassian.net/browse/SDK-28 improve the logic for keyManagerGet in sphereon-key-manager
580
+ async keyManagerGet({ kid }) {
581
+ try {
582
+ const key = await this.kmsStore.get({
583
+ kid
584
+ });
585
+ return key;
586
+ } catch (e) {
587
+ const keys = await this.keyManagerListKeys();
588
+ const foundKey = keys.find((key) => key.publicKeyHex === kid || key.meta?.jwkThumbprint === kid || key.meta?.jwkThumbprint == null && (0, import_ssi_sdk_ext.calculateJwkThumbprintForKey)({
589
+ key
590
+ }) === kid);
591
+ if (foundKey) {
592
+ return foundKey;
593
+ } else {
594
+ throw new Error(`Key with kid ${kid} not found`);
595
+ }
596
+ }
597
+ }
598
+ get defaultKms() {
599
+ return this._defaultKms;
600
+ }
601
+ set defaultKms(kms) {
602
+ if (!Object.keys(this.availableKmses).includes(kms)) {
603
+ throw Error(`Default KMS needs to be listed in the kms object as well. Found kms-es: ${Object.keys(this.availableKmses).join(",")}`);
604
+ }
605
+ this._defaultKms = kms;
606
+ }
607
+ setKms(name, kms) {
608
+ this.availableKmses[name] = kms;
609
+ }
610
+ };
611
+
612
+ // src/index.ts
613
+ __reExport(index_exports, require("@veramo/key-manager"), module.exports);
614
+ var schema = require_plugin_schema();
615
+ //# sourceMappingURL=index.cjs.map