@sphereon/ssi-sdk-ext.key-manager 0.34.1-feature.SSISDK.78.280 → 0.34.1-feature.SSISDK.82.linkedVP.325
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +154 -76
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +154 -76
- package/dist/index.js.map +1 -1
- package/package.json +5 -5
- package/plugin.schema.json +106 -77
- package/src/agent/SphereonKeyManager.ts +63 -1
package/plugin.schema.json
CHANGED
|
@@ -22,12 +22,23 @@
|
|
|
22
22
|
"description": "Optional. Key meta data"
|
|
23
23
|
}
|
|
24
24
|
},
|
|
25
|
-
"required": [
|
|
25
|
+
"required": [
|
|
26
|
+
"type"
|
|
27
|
+
],
|
|
28
|
+
"additionalProperties": false,
|
|
26
29
|
"description": "Input arguments for {@link ISphereonKeyManager.keyManagerCreate | keyManagerCreate }"
|
|
27
30
|
},
|
|
28
31
|
"TKeyType": {
|
|
29
32
|
"type": "string",
|
|
30
|
-
"enum": [
|
|
33
|
+
"enum": [
|
|
34
|
+
"Ed25519",
|
|
35
|
+
"Secp256k1",
|
|
36
|
+
"Secp256r1",
|
|
37
|
+
"X25519",
|
|
38
|
+
"Bls12381G1",
|
|
39
|
+
"Bls12381G2",
|
|
40
|
+
"RSA"
|
|
41
|
+
],
|
|
31
42
|
"description": "Cryptographic key type."
|
|
32
43
|
},
|
|
33
44
|
"IkeyOptions": {
|
|
@@ -49,9 +60,11 @@
|
|
|
49
60
|
"format": "date-time"
|
|
50
61
|
}
|
|
51
62
|
},
|
|
63
|
+
"additionalProperties": false,
|
|
52
64
|
"description": "Expiration and remove the key"
|
|
53
65
|
}
|
|
54
|
-
}
|
|
66
|
+
},
|
|
67
|
+
"additionalProperties": false
|
|
55
68
|
},
|
|
56
69
|
"KeyMetadata": {
|
|
57
70
|
"type": "object",
|
|
@@ -67,6 +80,7 @@
|
|
|
67
80
|
},
|
|
68
81
|
"PartialKey": {
|
|
69
82
|
"type": "object",
|
|
83
|
+
"additionalProperties": false,
|
|
70
84
|
"properties": {
|
|
71
85
|
"privateKeyHex": {
|
|
72
86
|
"type": "string"
|
|
@@ -99,7 +113,13 @@
|
|
|
99
113
|
"description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
|
|
100
114
|
}
|
|
101
115
|
},
|
|
102
|
-
"required": [
|
|
116
|
+
"required": [
|
|
117
|
+
"kid",
|
|
118
|
+
"kms",
|
|
119
|
+
"privateKeyHex",
|
|
120
|
+
"publicKeyHex",
|
|
121
|
+
"type"
|
|
122
|
+
]
|
|
103
123
|
},
|
|
104
124
|
"ISphereonKeyManagerHandleExpirationsArgs": {
|
|
105
125
|
"type": "object",
|
|
@@ -107,9 +127,17 @@
|
|
|
107
127
|
"skipRemovals": {
|
|
108
128
|
"type": "boolean"
|
|
109
129
|
}
|
|
110
|
-
}
|
|
130
|
+
},
|
|
131
|
+
"additionalProperties": false
|
|
111
132
|
},
|
|
112
133
|
"ManagedKeyInfo": {
|
|
134
|
+
"$ref": "#/components/schemas/Omit<IKey,\"privateKeyHex\">",
|
|
135
|
+
"description": "Represents information about a managed key. Private or secret key material is NOT present."
|
|
136
|
+
},
|
|
137
|
+
"Omit<IKey,\"privateKeyHex\">": {
|
|
138
|
+
"$ref": "#/components/schemas/Pick<IKey,Exclude<(\"kid\"|\"kms\"|\"type\"|\"publicKeyHex\"|\"privateKeyHex\"|\"meta\"),\"privateKeyHex\">>"
|
|
139
|
+
},
|
|
140
|
+
"Pick<IKey,Exclude<(\"kid\"|\"kms\"|\"type\"|\"publicKeyHex\"|\"privateKeyHex\"|\"meta\"),\"privateKeyHex\">>": {
|
|
113
141
|
"type": "object",
|
|
114
142
|
"properties": {
|
|
115
143
|
"kid": {
|
|
@@ -140,8 +168,13 @@
|
|
|
140
168
|
"description": "Optional. Key metadata. This should be used to determine which algorithms are supported."
|
|
141
169
|
}
|
|
142
170
|
},
|
|
143
|
-
"required": [
|
|
144
|
-
|
|
171
|
+
"required": [
|
|
172
|
+
"kid",
|
|
173
|
+
"kms",
|
|
174
|
+
"type",
|
|
175
|
+
"publicKeyHex"
|
|
176
|
+
],
|
|
177
|
+
"additionalProperties": false
|
|
145
178
|
},
|
|
146
179
|
"MinimalImportableKey": {
|
|
147
180
|
"$ref": "#/components/schemas/RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>",
|
|
@@ -149,6 +182,7 @@
|
|
|
149
182
|
},
|
|
150
183
|
"RequireOnly<IKey,(\"privateKeyHex\"|\"type\"|\"kms\")>": {
|
|
151
184
|
"type": "object",
|
|
185
|
+
"additionalProperties": false,
|
|
152
186
|
"properties": {
|
|
153
187
|
"kid": {
|
|
154
188
|
"type": "string",
|
|
@@ -201,52 +235,73 @@
|
|
|
201
235
|
"type": "string"
|
|
202
236
|
},
|
|
203
237
|
{
|
|
204
|
-
"
|
|
205
|
-
"properties": {
|
|
206
|
-
"BYTES_PER_ELEMENT": {
|
|
207
|
-
"type": "number"
|
|
208
|
-
},
|
|
209
|
-
"buffer": {
|
|
210
|
-
"anyOf": [
|
|
211
|
-
{
|
|
212
|
-
"type": "object",
|
|
213
|
-
"properties": {
|
|
214
|
-
"byteLength": {
|
|
215
|
-
"type": "number"
|
|
216
|
-
}
|
|
217
|
-
},
|
|
218
|
-
"required": ["byteLength"]
|
|
219
|
-
},
|
|
220
|
-
{}
|
|
221
|
-
]
|
|
222
|
-
},
|
|
223
|
-
"byteLength": {
|
|
224
|
-
"type": "number"
|
|
225
|
-
},
|
|
226
|
-
"byteOffset": {
|
|
227
|
-
"type": "number"
|
|
228
|
-
},
|
|
229
|
-
"length": {
|
|
230
|
-
"type": "number"
|
|
231
|
-
}
|
|
232
|
-
},
|
|
233
|
-
"required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
|
|
234
|
-
"additionalProperties": {
|
|
235
|
-
"type": "number"
|
|
236
|
-
}
|
|
238
|
+
"$ref": "#/components/schemas/Uint8Array"
|
|
237
239
|
}
|
|
238
240
|
],
|
|
239
241
|
"description": "Data to sign"
|
|
240
242
|
},
|
|
241
243
|
"encoding": {
|
|
242
244
|
"type": "string",
|
|
243
|
-
"enum": [
|
|
245
|
+
"enum": [
|
|
246
|
+
"utf-8",
|
|
247
|
+
"base16",
|
|
248
|
+
"base64",
|
|
249
|
+
"hex"
|
|
250
|
+
],
|
|
244
251
|
"description": "If the data is a \"string\" then you can specify which encoding is used. Default is \"utf-8\""
|
|
245
252
|
}
|
|
246
253
|
},
|
|
247
|
-
"required": [
|
|
254
|
+
"required": [
|
|
255
|
+
"data",
|
|
256
|
+
"keyRef"
|
|
257
|
+
],
|
|
248
258
|
"description": "Input arguments for {@link ISphereonKeyManagerSignArgs.keyManagerSign | keyManagerSign }"
|
|
249
259
|
},
|
|
260
|
+
"Uint8Array": {
|
|
261
|
+
"type": "object",
|
|
262
|
+
"properties": {
|
|
263
|
+
"BYTES_PER_ELEMENT": {
|
|
264
|
+
"type": "number"
|
|
265
|
+
},
|
|
266
|
+
"buffer": {
|
|
267
|
+
"$ref": "#/components/schemas/ArrayBufferLike"
|
|
268
|
+
},
|
|
269
|
+
"byteLength": {
|
|
270
|
+
"type": "number"
|
|
271
|
+
},
|
|
272
|
+
"byteOffset": {
|
|
273
|
+
"type": "number"
|
|
274
|
+
},
|
|
275
|
+
"length": {
|
|
276
|
+
"type": "number"
|
|
277
|
+
}
|
|
278
|
+
},
|
|
279
|
+
"required": [
|
|
280
|
+
"BYTES_PER_ELEMENT",
|
|
281
|
+
"buffer",
|
|
282
|
+
"byteLength",
|
|
283
|
+
"byteOffset",
|
|
284
|
+
"length"
|
|
285
|
+
],
|
|
286
|
+
"additionalProperties": {
|
|
287
|
+
"type": "number"
|
|
288
|
+
}
|
|
289
|
+
},
|
|
290
|
+
"ArrayBufferLike": {
|
|
291
|
+
"$ref": "#/components/schemas/ArrayBuffer"
|
|
292
|
+
},
|
|
293
|
+
"ArrayBuffer": {
|
|
294
|
+
"type": "object",
|
|
295
|
+
"properties": {
|
|
296
|
+
"byteLength": {
|
|
297
|
+
"type": "number"
|
|
298
|
+
}
|
|
299
|
+
},
|
|
300
|
+
"required": [
|
|
301
|
+
"byteLength"
|
|
302
|
+
],
|
|
303
|
+
"additionalProperties": false
|
|
304
|
+
},
|
|
250
305
|
"ISphereonKeyManagerVerifyArgs": {
|
|
251
306
|
"type": "object",
|
|
252
307
|
"properties": {
|
|
@@ -263,45 +318,19 @@
|
|
|
263
318
|
"type": "string"
|
|
264
319
|
},
|
|
265
320
|
"data": {
|
|
266
|
-
"
|
|
267
|
-
"properties": {
|
|
268
|
-
"BYTES_PER_ELEMENT": {
|
|
269
|
-
"type": "number"
|
|
270
|
-
},
|
|
271
|
-
"buffer": {
|
|
272
|
-
"anyOf": [
|
|
273
|
-
{
|
|
274
|
-
"type": "object",
|
|
275
|
-
"properties": {
|
|
276
|
-
"byteLength": {
|
|
277
|
-
"type": "number"
|
|
278
|
-
}
|
|
279
|
-
},
|
|
280
|
-
"required": ["byteLength"]
|
|
281
|
-
},
|
|
282
|
-
{}
|
|
283
|
-
]
|
|
284
|
-
},
|
|
285
|
-
"byteLength": {
|
|
286
|
-
"type": "number"
|
|
287
|
-
},
|
|
288
|
-
"byteOffset": {
|
|
289
|
-
"type": "number"
|
|
290
|
-
},
|
|
291
|
-
"length": {
|
|
292
|
-
"type": "number"
|
|
293
|
-
}
|
|
294
|
-
},
|
|
295
|
-
"required": ["BYTES_PER_ELEMENT", "buffer", "byteLength", "byteOffset", "length"],
|
|
296
|
-
"additionalProperties": {
|
|
297
|
-
"type": "number"
|
|
298
|
-
}
|
|
321
|
+
"$ref": "#/components/schemas/Uint8Array"
|
|
299
322
|
},
|
|
300
323
|
"signature": {
|
|
301
324
|
"type": "string"
|
|
302
325
|
}
|
|
303
326
|
},
|
|
304
|
-
"required": [
|
|
327
|
+
"required": [
|
|
328
|
+
"publicKeyHex",
|
|
329
|
+
"type",
|
|
330
|
+
"data",
|
|
331
|
+
"signature"
|
|
332
|
+
],
|
|
333
|
+
"additionalProperties": false
|
|
305
334
|
}
|
|
306
335
|
},
|
|
307
336
|
"methods": {
|
|
@@ -377,4 +406,4 @@
|
|
|
377
406
|
}
|
|
378
407
|
}
|
|
379
408
|
}
|
|
380
|
-
}
|
|
409
|
+
}
|
|
@@ -46,6 +46,64 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
46
46
|
methods.keyManagerListKeys = this.keyManagerListKeys.bind(this)
|
|
47
47
|
methods.keyManagerGetDefaultKeyManagementSystem = this.keyManagerGetDefaultKeyManagementSystem.bind(this)
|
|
48
48
|
this.kmsMethods = <ISphereonKeyManager>(<unknown>methods)
|
|
49
|
+
|
|
50
|
+
this.syncPreProvisionedKeys()
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
private syncPreProvisionedKeys() {
|
|
54
|
+
Object.keys(this.availableKmses).forEach((kmsId) => {
|
|
55
|
+
const kms = this.availableKmses[kmsId]
|
|
56
|
+
if (kms.constructor.name === 'RestKeyManagementSystem') {
|
|
57
|
+
this.syncPreProvisionedKeysForKms(kmsId, kms)
|
|
58
|
+
}
|
|
59
|
+
})
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
private syncPreProvisionedKeysForKms(kmsId: string, kms: AbstractKeyManagementSystem) {
|
|
63
|
+
kms
|
|
64
|
+
.listKeys()
|
|
65
|
+
.then(async (remoteKeys: ManagedKeyInfo[]) => {
|
|
66
|
+
try {
|
|
67
|
+
const storedKeys: ManagedKeyInfo[] = await this.keyManagerListKeys()
|
|
68
|
+
|
|
69
|
+
await Promise.all(
|
|
70
|
+
remoteKeys.map(async (remoteKey) => {
|
|
71
|
+
const storedKey = storedKeys.find((k) => k.kid === remoteKey.kid)
|
|
72
|
+
|
|
73
|
+
const needsUpdate =
|
|
74
|
+
!storedKey ||
|
|
75
|
+
storedKey.publicKeyHex !== remoteKey.publicKeyHex ||
|
|
76
|
+
storedKey.type !== remoteKey.type ||
|
|
77
|
+
storedKey.kms !== remoteKey.kms ||
|
|
78
|
+
(remoteKey.meta && 'alias' in remoteKey.meta && storedKey.meta && storedKey.meta.keyAlias !== remoteKey.meta.alias)
|
|
79
|
+
if (needsUpdate) {
|
|
80
|
+
try {
|
|
81
|
+
if (storedKey) {
|
|
82
|
+
await this.kmsStore.delete({ kid: remoteKey.kid })
|
|
83
|
+
}
|
|
84
|
+
const keyToImport: IKey = {
|
|
85
|
+
...remoteKey,
|
|
86
|
+
meta: remoteKey.meta && 'alias' in remoteKey.meta ? { ...remoteKey.meta, keyAlias: remoteKey.meta.alias } : remoteKey.meta,
|
|
87
|
+
} as IKey
|
|
88
|
+
|
|
89
|
+
if (keyToImport.meta && 'alias' in keyToImport.meta) {
|
|
90
|
+
delete keyToImport.meta.alias
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
await this.kmsStore.import(keyToImport)
|
|
94
|
+
} catch (error) {
|
|
95
|
+
console.error(`Failed to sync key ${remoteKey.kid} from kms ${kmsId}:`, error)
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
}),
|
|
99
|
+
)
|
|
100
|
+
} catch (error) {
|
|
101
|
+
console.error(`Failed to sync keys for kms ${kmsId}:`, error)
|
|
102
|
+
}
|
|
103
|
+
})
|
|
104
|
+
.catch((error) => {
|
|
105
|
+
console.error(`Failed to list remote keys for kms ${kmsId}:`, error)
|
|
106
|
+
})
|
|
49
107
|
}
|
|
50
108
|
|
|
51
109
|
keyManagerGetDefaultKeyManagementSystem(): Promise<string> {
|
|
@@ -142,7 +200,7 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
142
200
|
(key) =>
|
|
143
201
|
key.publicKeyHex === kid ||
|
|
144
202
|
key.meta?.jwkThumbprint === kid ||
|
|
145
|
-
(key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid)
|
|
203
|
+
(key.meta?.jwkThumbprint == null && calculateJwkThumbprintForKey({ key }) === kid),
|
|
146
204
|
)
|
|
147
205
|
if (foundKey) {
|
|
148
206
|
return foundKey as IKey
|
|
@@ -165,5 +223,9 @@ export class SphereonKeyManager extends VeramoKeyManager {
|
|
|
165
223
|
|
|
166
224
|
setKms(name: string, kms: AbstractKeyManagementSystem): void {
|
|
167
225
|
this.availableKmses[name] = kms
|
|
226
|
+
|
|
227
|
+
if (kms.constructor.name === 'RestKeyManagementSystem') {
|
|
228
|
+
this.syncPreProvisionedKeysForKms(name, kms)
|
|
229
|
+
}
|
|
168
230
|
}
|
|
169
231
|
}
|